Usuniecie skryptów i zabezpieczenie tokenem api do aktualizacji danych z jambox

src/pages/api/jambox/import-jambox-channels.js

@@ -12,8 +12,14 @@ const FEEDS = [
 ];
 
 const DB_PATH =
-  process.env.FUZ_DB_PATH ||
-  path.join(process.cwd(), "src", "data", "ServicesRange.db");
+  process.env.FUZ_DB_PATH || path.join(process.cwd(), "src", "data", "ServicesRange.db");
+
+function isAuthorized(request) {
+  const expected = import.meta.env.JAMBOX_ADMIN_TOKEN;
+  if (!expected) return false; 
+  const token = request.headers.get("x-admin-token");
+  return token === expected;
+}
 
 function getDb() {
   const db = new Database(DB_PATH);
@@ -22,9 +28,7 @@ function getDb() {
 }
 
 async function fetchXml(url) {
-  const res = await fetch(url, {
-    headers: { accept: "application/xml,text/xml,*/*" },
-  });
+  const res = await fetch(url, { headers: { accept: "application/xml,text/xml,*/*" } });
   if (!res.ok) throw new Error(`XML HTTP ${res.status} for ${url}`);
   return await res.text();
 }
@@ -50,14 +54,8 @@ function decodeEntities(input) {
     .replace(/&/g, "&")
     .replace(/&lt;/g, "<")
     .replace(/&gt;/g, ">");
-
-  s = s.replace(/&#(\d+);/g, (_, d) =>
-    String.fromCodePoint(Number(d))
-  );
-  s = s.replace(/&#x([0-9a-fA-F]+);/g, (_, h) =>
-    String.fromCodePoint(parseInt(h, 16))
-  );
-
+  s = s.replace(/&#(\d+);/g, (_, d) => String.fromCodePoint(Number(d)));
+  s = s.replace(/&#x([0-9a-fA-F]+);/g, (_, h) => String.fromCodePoint(parseInt(h, 16)));
   return s;
 }
 
@@ -68,8 +66,7 @@ function htmlToMarkdown(input) {
   if (typeof input === "string") html = input;
   else if (input?.p) {
     if (typeof input.p === "string") html = `<p>${input.p}</p>`;
-    else if (Array.isArray(input.p))
-      html = input.p.map((p) => `<p>${p}</p>`).join("");
+    else if (Array.isArray(input.p)) html = input.p.map((p) => `<p>${p}</p>`).join("");
   } else html = String(input);
 
   let s = decodeEntities(html);
@@ -131,18 +128,23 @@ async function downloadLogoAsBase64(url) {
   try {
     const res = await fetch(url);
     if (!res.ok) return null;
-
     const ct = res.headers.get("content-type") || "image/png";
     const buf = Buffer.from(await res.arrayBuffer());
     if (!buf.length) return null;
-
     return `data:${ct};base64,${buf.toString("base64")}`;
   } catch {
     return null;
   }
 }
 
-export async function POST() {
+export async function POST({ request }) {
+  if (!isAuthorized(request)) {
+    return new Response(JSON.stringify({ ok: false, error: "Unauthorized" }), {
+      status: 401,
+      headers: { "content-type": "application/json; charset=utf-8" },
+    });
+  }
+
   const db = getDb();
 
   const upsert = db.prepare(`
@@ -153,7 +155,7 @@ export async function POST() {
       opis  = COALESCE(excluded.opis,  jambox_channels.opis)
   `);
 
-  const logoCache = new Map(); 
+  const logoCache = new Map();
   const rows = [];
 
   try {
@@ -190,20 +192,15 @@ export async function POST() {
 
     trx(rows);
 
-    return new Response(
-      JSON.stringify({
-        ok: true,
-        rows: rows.length,
-        db: DB_PATH,
-      }),
-      { headers: { "content-type": "application/json; charset=utf-8" } }
-    );
+    return new Response(JSON.stringify({ ok: true, rows: rows.length, db: DB_PATH }), {
+      headers: { "content-type": "application/json; charset=utf-8" },
+    });
   } catch (e) {
     console.error("import jambox_channels:", e);
-    return new Response(
-      JSON.stringify({ ok: false, error: String(e.message || e) }),
-      { status: 500 }
-    );
+    return new Response(JSON.stringify({ ok: false, error: String(e?.message || e) }), {
+      status: 500,
+      headers: { "content-type": "application/json; charset=utf-8" },
+    });
   } finally {
     try { db.close(); } catch {}
   }