🔧 Fix settings API: Use public endpoint for logged-in users

- Changed from /api/v1/private/update-player-settings to /api/v1/public/update-player-settings - Removed API key requirement for logged-in users - Added both public and private endpoints for flexibility - Fixed 401 Unauthorized error in settings modal
2025-09-08 19:16:57 +02:00
parent 70ceb2da25
commit fbd8677709
2 changed files with 567 additions and 524 deletions
--- a/public/js/dashboard.js
+++ b/public/js/dashboard.js
@@ -984,12 +984,11 @@ async function saveSettings() {
        
        const showInLeaderboard = document.getElementById('showInLeaderboard').checked;
        
-        // Update player settings
-        const response = await fetch(`/api/v1/private/update-player-settings`, {
+        // Update player settings using public endpoint (no API key needed)
+        const response = await fetch(`/api/v1/public/update-player-settings`, {
            method: 'POST',
            headers: {
-                'Content-Type': 'application/json',
-                'Authorization': `Bearer ${localStorage.getItem('apiKey')}`
+                'Content-Type': 'application/json'
            },
            body: JSON.stringify({
                player_id: currentPlayerId,
--- a/routes/api.js
+++ b/routes/api.js
@@ -2911,7 +2911,51 @@ router.get('/achievements/leaderboard', async (req, res) => {
    }
 });

-// Update player settings (privacy settings)
+// Update player settings (privacy settings) - Public endpoint for authenticated users
+router.post('/v1/public/update-player-settings', async (req, res) => {
+    try {
+        const { player_id, show_in_leaderboard } = req.body;
+        
+        if (!player_id) {
+            return res.status(400).json({
+                success: false,
+                message: 'Player ID ist erforderlich'
+            });
+        }
+        
+        // Update player settings
+        const updateQuery = `
+            UPDATE players 
+            SET show_in_leaderboard = $1, updated_at = NOW()
+            WHERE id = $2
+            RETURNING id, firstname, lastname, show_in_leaderboard
+        `;
+        
+        const result = await pool.query(updateQuery, [show_in_leaderboard || false, player_id]);
+        
+        if (result.rows.length === 0) {
+            return res.status(404).json({
+                success: false,
+                message: 'Spieler nicht gefunden'
+            });
+        }
+        
+        res.json({
+            success: true,
+            message: 'Einstellungen erfolgreich aktualisiert',
+            data: result.rows[0]
+        });
+        
+    } catch (error) {
+        console.error('Error updating player settings:', error);
+        res.status(500).json({
+            success: false,
+            message: 'Fehler beim Aktualisieren der Einstellungen'
+        });
+    }
+});
+
+// Update player settings (privacy settings) - Private endpoint with API key
 router.post('/v1/private/update-player-settings', requireApiKey, async (req, res) => {
    try {
        const { player_id, show_in_leaderboard } = req.body;