fix: issues

backend_v1/app/http/posts.go

@@ -186,15 +186,20 @@ func (ctl *posts) Play(ctx fiber.Ctx, post *models.Post, user *models.User) (*Pl
 	// return &PlayUrl{
 	// 	Url: "https://github.com/mediaelement/mediaelement-files/raw/refs/heads/master/big_buck_bunny.mp4",
 	// }, nil
-
+	if post.Status != fields.PostStatusPublished {
-	preview := true
+		return nil, fiber.ErrNotFound
-	bought, err := services.Users.HasBought(ctx, user.ID, post.ID)
-	if err != nil {
-		preview = false
 	}
 
-	if bought {
+	preview := true
-		preview = false
+	if user != nil {
+		bought, err := services.Users.HasBought(ctx, user.ID, post.ID)
+		if err != nil {
+			preview = false
+		}
+
+		if bought {
+			preview = false
+		}
 	}
 
 	log.Infof("Fetching play URL for post ID: %d", post.ID)

backend_v1/app/middlewares/mid_auth_frontend.go

@@ -22,7 +22,9 @@ func (f *Middlewares) AuthFrontend(ctx fiber.Ctx) error {
 	if strings.HasPrefix(ctx.Path(), "/v1/posts/") && strings.HasSuffix(ctx.Path(), "show") {
 		return ctx.Next()
 	}
-	if strings.HasPrefix(ctx.Path(), "/v1/posts/") && strings.HasSuffix(ctx.Path(), "play") {
+
+	token := ctx.Get("Authorization")
+	if token == "" && strings.HasPrefix(ctx.Path(), "/v1/posts/") && strings.HasSuffix(ctx.Path(), "play") {
 		return ctx.Next()
 	}
 
@@ -47,7 +49,6 @@ func (f *Middlewares) AuthFrontend(ctx fiber.Ctx) error {
 	fullUrl = u.String()
 
 	// 仅使用 Header 的 Bearer Token（前端 localStorage 存储，随请求透传）。
-	token := ctx.Get("Authorization")
 	if token == "" {
 		log.Infof("auth redirect_uri: %s", fullUrl)
 		if ctx.XHR() {
@@ -73,6 +74,7 @@ func (f *Middlewares) AuthFrontend(ctx fiber.Ctx) error {
 	}
 
 	ctx.Locals("user", user)
+	log.Infof("jwt login user id: %d", user.ID)
 
 	return ctx.Next()
 }