feat: add access control to channels with various modes

- Introduced AccessMode enum to define channel access levels: Public, PasswordProtected, AccountRequired, and OwnerOnly.
- Updated Channel and ProgrammingBlock entities to include access_mode and access_password_hash fields.
- Enhanced create and update channel functionality to handle access mode and password.
- Implemented access checks in channel routes based on the defined access modes.
- Modified frontend components to support channel creation and editing with access control options.
- Added ChannelPasswordModal for handling password input when accessing restricted channels.
- Updated API calls to include channel and block passwords as needed.
- Created database migrations to add access_mode and access_password_hash columns to channels table.

k-tv-frontend/lib/api.ts

@@ -152,24 +152,31 @@ export const api = {
     getActive: (channelId: string, token: string) =>
       request<ScheduleResponse>(`/channels/${channelId}/schedule`, { token }),
 
-    getCurrentBroadcast: (channelId: string, token: string) =>
-      request<CurrentBroadcastResponse | null>(`/channels/${channelId}/now`, {
+    getCurrentBroadcast: (channelId: string, token: string, channelPassword?: string) => {
+      const headers: Record<string, string> = {};
+      if (channelPassword) headers["X-Channel-Password"] = channelPassword;
+      return request<CurrentBroadcastResponse | null>(`/channels/${channelId}/now`, {
         token,
-      }),
+        headers,
+      });
+    },
 
     getEpg: (
       channelId: string,
       token: string,
       from?: string,
       until?: string,
+      channelPassword?: string,
     ) => {
       const params = new URLSearchParams();
       if (from) params.set("from", from);
       if (until) params.set("until", until);
       const qs = params.toString();
+      const headers: Record<string, string> = {};
+      if (channelPassword) headers["X-Channel-Password"] = channelPassword;
       return request<ScheduledSlotResponse[]>(
         `/channels/${channelId}/epg${qs ? `?${qs}` : ""}`,
-        { token },
+        { token, headers },
       );
     },
   },

k-tv-frontend/lib/types.ts

@@ -2,6 +2,8 @@
 
 export type ContentType = "movie" | "episode" | "short";
 
+export type AccessMode = "public" | "password_protected" | "account_required" | "owner_only";
+
 export type FillStrategy = "best_fit" | "sequential" | "random";
 
 export interface MediaFilter {
@@ -67,6 +69,9 @@ export interface ProgrammingBlock {
   loop_on_finish?: boolean;
   /** When true, skip the channel-level recycle policy for this block. Default false on backend. */
   ignore_recycle_policy?: boolean;
+  access_mode?: AccessMode;
+  /** Plain-text password sent to API; hashed server-side. Only set on write operations. */
+  access_password?: string;
 }
 
 export interface ScheduleConfig {
@@ -104,6 +109,7 @@ export interface ChannelResponse {
   schedule_config: ScheduleConfig;
   recycle_policy: RecyclePolicy;
   auto_schedule: boolean;
+  access_mode: AccessMode;
   created_at: string;
   updated_at: string;
 }
@@ -112,6 +118,8 @@ export interface CreateChannelRequest {
   name: string;
   timezone: string;
   description?: string;
+  access_mode?: AccessMode;
+  access_password?: string;
 }
 
 export interface UpdateChannelRequest {
@@ -121,6 +129,9 @@ export interface UpdateChannelRequest {
   schedule_config?: ScheduleConfig;
   recycle_policy?: RecyclePolicy;
   auto_schedule?: boolean;
+  access_mode?: AccessMode;
+  /** Empty string clears the password. */
+  access_password?: string;
 }
 
 // Media & Schedule
@@ -150,6 +161,7 @@ export interface ScheduledSlotResponse {
   start_at: string;
   /** RFC3339 */
   end_at: string;
+  block_access_mode: AccessMode;
 }
 
 export interface ScheduleResponse {
@@ -165,4 +177,5 @@ export interface ScheduleResponse {
 export interface CurrentBroadcastResponse {
   slot: ScheduledSlotResponse;
   offset_secs: number;
+  block_access_mode: AccessMode;
 }