From 842371604b2e271dc5096ee1cd0a37251069c632 Mon Sep 17 00:00:00 2001 From: AdrianoDev Date: Sun, 5 Jul 2026 22:05:46 +0200 Subject: [PATCH] feat(showtags): endpoint cookie + toggle nel menu utente --- src/components/Header.astro | 18 ++++++++++++++++-- src/pages/api/admin/showtags.ts | 18 ++++++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 src/pages/api/admin/showtags.ts diff --git a/src/components/Header.astro b/src/components/Header.astro index eeb2cf3..bfcbcdc 100644 --- a/src/components/Header.astro +++ b/src/components/Header.astro @@ -6,7 +6,7 @@ interface Props { showTags: boolean; canTags: boolean; } -const { user, canTags } = Astro.props; +const { user, canTags, showTags } = Astro.props; const path = Astro.url.pathname; const loginHref = `/login?next=${encodeURIComponent(path)}`; const areaHref = user?.role === 'superuser' ? '/admin/content' : '/admin'; @@ -26,7 +26,7 @@ const areaHref = user?.role === 'superuser' ? '/admin/content' : '/admin';
Area riservata {canTags && ( - + )} Esci
@@ -76,4 +76,18 @@ const areaHref = user?.role === 'superuser' ? '/admin/content' : '/admin'; const open = nav.classList.toggle('is-open'); toggle.setAttribute('aria-expanded', String(open)); }); + + const tagsBtn = document.getElementById('toggle-tags'); + if (tagsBtn) { + const on = tagsBtn.dataset.on === '1'; + tagsBtn.addEventListener('click', async () => { + const res = await fetch('/api/admin/showtags', { + method: 'POST', + headers: { 'Content-Type': 'application/json' }, + body: JSON.stringify({ on: !on }), + }); + if (res.ok) location.reload(); + else alert('Operazione non riuscita.'); + }); + } diff --git a/src/pages/api/admin/showtags.ts b/src/pages/api/admin/showtags.ts new file mode 100644 index 0000000..9459624 --- /dev/null +++ b/src/pages/api/admin/showtags.ts @@ -0,0 +1,18 @@ +import type { APIRoute } from 'astro'; +export const prerender = false; + +const json = (status: number, body: object) => + new Response(JSON.stringify(body), { status, headers: { 'Content-Type': 'application/json' } }); + +export const POST: APIRoute = async ({ request, cookies, locals }) => { + const role = locals.user!.role; + if (role !== 'superuser' && role !== 'admin') return json(403, { error: 'Permessi insufficienti' }); + let data: { on?: unknown }; + try { data = await request.json(); } catch { return json(400, { error: 'Dati non validi.' }); } + if (data.on) { + cookies.set('showtags', '1', { httpOnly: true, sameSite: 'lax', path: '/', secure: import.meta.env.PROD }); + } else { + cookies.delete('showtags', { path: '/' }); + } + return json(200, { on: Boolean(data.on) }); +};