From 6a9a99d10d037dc64ddfbb13739d67c71cb1977b Mon Sep 17 00:00:00 2001
From: Jan Gregor Emge-Triebel <emge.triebel@lotum.de>
Date: Tue, 24 Mar 2026 17:16:30 +0100
Subject: [PATCH] harmonized admin token for backend and frontend

---
 directus-cms/utils/setup-local.mjs | 47 ++++++++++++++++++++----------
 nuxt-app/.env.example              |  2 ++
 2 files changed, 34 insertions(+), 15 deletions(-)

diff --git a/directus-cms/utils/setup-local.mjs b/directus-cms/utils/setup-local.mjs
index 2334e3e..022512a 100644
--- a/directus-cms/utils/setup-local.mjs
+++ b/directus-cms/utils/setup-local.mjs
@@ -11,6 +11,7 @@ const ADMIN_EMAIL = process.env.ADMIN_EMAIL || 'admin@programmier.bar';
 const ADMIN_PASSWORD = process.env.ADMIN_PASSWORD || '123456';
 const PROD_URL = 'https://admin.programmier.bar';
 const PROD_API_TOKEN = process.env.PROD_API_TOKEN || '';
+const DIRECTUS_LOCAL_ADMIN_TOKEN = 'random_SECRET_t0ken!';
 
 // Collections that need public read access
 const PUBLIC_COLLECTIONS = [
@@ -65,26 +66,42 @@ const PUBLIC_COLLECTIONS = [
     'home_page_podcasts',
 ];
 
-// Token management — Directus access tokens expire after 15 minutes by default.
-// Long-running imports (especially file downloads) can exceed this, so we
-// re-authenticate when the token is older than 10 minutes.
-let _cachedToken = null;
-let _tokenObtainedAt = 0;
-const TOKEN_MAX_AGE_MS = 10 * 60 * 1000;
-
+let _isTokenSet = false;
 async function getToken() {
-    if (_cachedToken && (Date.now() - _tokenObtainedAt) < TOKEN_MAX_AGE_MS) {
-        return _cachedToken;
-    }
-    const res = await fetch(`${DIRECTUS_URL}/auth/login`, {
+    if (_isTokenSet) return DIRECTUS_LOCAL_ADMIN_TOKEN;
+
+    let res = await fetch(`${DIRECTUS_URL}/auth/login`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({ email: ADMIN_EMAIL, password: ADMIN_PASSWORD }),
     });
-    const data = await res.json();
-    _cachedToken = data.data?.access_token;
-    _tokenObtainedAt = Date.now();
-    return _cachedToken;
+    let data = await res.json();
+    let tmpToken = data.data?.access_token;
+    res = await fetch(`${DIRECTUS_URL}/users/me`, {
+        method: 'GET',
+        headers: {
+            'Content-Type': 'application/json',
+            'Authorization': `Bearer ${tmpToken}`,
+        }
+    });
+    data = await res.json();
+    let id = data.data?.id;
+    res = await fetch(`${DIRECTUS_URL}/users/${id}`, {
+        method: 'PATCH',
+        headers: {
+            'Content-Type': 'application/json',
+            'Authorization': `Bearer ${tmpToken}`,
+        },
+        body: JSON.stringify({ token: DIRECTUS_LOCAL_ADMIN_TOKEN }),
+    });
+
+    if (!res.ok) {
+        throw new Error('Could not set admin user token.');
+    }
+
+    _isTokenSet = true;
+
+    return DIRECTUS_LOCAL_ADMIN_TOKEN
 }
 
 async function getOrCreatePublicPolicy(token) {
diff --git a/nuxt-app/.env.example b/nuxt-app/.env.example
index 1c7bd65..394aa0c 100644
--- a/nuxt-app/.env.example
+++ b/nuxt-app/.env.example
@@ -11,6 +11,8 @@ DIRECTUS_CMS_URL=http://localhost:8055
 WEBSITE_URL=http://localhost:3000
 NUXT_ENV=development
 
+NUXT_DIRECTUS_API_TOKEN=random_SECRET_t0ken!
+
 # Stripe (for ticket purchase testing)
 # Get test keys from https://dashboard.stripe.com/test/apikeys
 NUXT_STRIPE_SECRET_KEY=sk_test_...