diff --git a/server.ts b/server.ts index dd14003..345ed66 100644 --- a/server.ts +++ b/server.ts @@ -50,6 +50,13 @@ async function validatePbToken(token: string): Promise { await pb.collection(PB_AUTH_COLLECTION).authRefresh(); } +async function createValidatedPbClient(token: string): Promise { + const client = new PocketBase(PB_BASE_URL); + client.authStore.save(token, null); + await client.collection(PB_AUTH_COLLECTION).authRefresh(); + return client; +} + // --------------------------------------------------------------------------- // Shared helpers // --------------------------------------------------------------------------- @@ -439,20 +446,21 @@ app.get('/api/tasks/users', async (c) => { const pbToken = c.req.header('x-pb-token'); if (!pbToken) return c.json({ success: false, message: 'Missing x-pb-token' }, 401); + let taskPb: PocketBase; try { - await validatePbToken(pbToken); + taskPb = await createValidatedPbClient(pbToken); } catch { return c.json({ success: false, message: 'Invalid PocketBase token' }, 401); } try { - const me = pb.authStore.model; + const me = taskPb.authStore.model; let meRecord: any = me; let users: any[] = []; let warning = ''; if (me?.id) { try { - meRecord = await pb.collection(PB_AUTH_COLLECTION).getOne(String(me.id), { + meRecord = await taskPb.collection(PB_AUTH_COLLECTION).getOne(String(me.id), { fields: 'id,email,name,username', }); } catch { @@ -460,7 +468,7 @@ app.get('/api/tasks/users', async (c) => { } } try { - users = await pb.collection(PB_AUTH_COLLECTION).getFullList({ + users = await taskPb.collection(PB_AUTH_COLLECTION).getFullList({ sort: 'email', fields: 'id,email,name,username', }); @@ -487,8 +495,6 @@ app.get('/api/tasks/users', async (c) => { }); } catch (e) { return c.json({ success: false, message: (e as Error)?.message || 'Failed to load users' }, 500); - } finally { - clearPbToken(); } }); @@ -498,19 +504,20 @@ app.get('/api/tasks/list', async (c) => { const pbToken = c.req.header('x-pb-token'); if (!pbToken) return c.json({ success: false, message: 'Missing x-pb-token' }, 401); + let taskPb: PocketBase; try { - await validatePbToken(pbToken); + taskPb = await createValidatedPbClient(pbToken); } catch { return c.json({ success: false, message: 'Invalid PocketBase token' }, 401); } try { - const me = pb.authStore.model; + const me = taskPb.authStore.model; const meId = String(me?.id || '').trim(); let meRecord: any = me; if (meId) { try { - meRecord = await pb.collection(PB_AUTH_COLLECTION).getOne(meId, { + meRecord = await taskPb.collection(PB_AUTH_COLLECTION).getOne(meId, { fields: 'id,email,name,username', }); } catch { @@ -527,7 +534,7 @@ app.get('/api/tasks/list', async (c) => { const baseFields = 'id,user,title,startDate,dueDate,priority,completed,content,size,status,expand.user.id,expand.user.email,expand.user.name,expand.user.username'; const fetchTasksWithFilter = async (filter: string) => { - return pb.collection(PB_TASKS_COLLECTION).getFullList({ + return taskPb.collection(PB_TASKS_COLLECTION).getFullList({ filter, sort: '-startDate,-created', expand: 'user', @@ -536,7 +543,7 @@ app.get('/api/tasks/list', async (c) => { }; const fetchAllTasks = async () => { - return pb.collection(PB_TASKS_COLLECTION).getFullList({ + return taskPb.collection(PB_TASKS_COLLECTION).getFullList({ sort: '-startDate,-created', expand: 'user', fields: baseFields, @@ -637,8 +644,6 @@ app.get('/api/tasks/list', async (c) => { }); } catch (e) { return c.json({ success: false, message: (e as Error)?.message || 'Failed to load tasks' }, 500); - } finally { - clearPbToken(); } });