#!/bin/bash echo "======================================" echo " Backend Authentication Fix - COMPLETE" echo "======================================" echo "" echo "✅ CHANGES APPLIED:" echo " • Added authentication middleware import to lists.js" echo " • Protected all POST routes with authenticate middleware" echo " • Protected all PUT routes with authenticate middleware" echo " • Protected all DELETE routes with authenticate middleware" echo "" echo "📝 Routes Now Protected:" echo " ✓ POST /api/lists (create list)" echo " ✓ PUT /api/lists/:id (update list)" echo " ✓ DELETE /api/lists/:id (delete list)" echo " ✓ POST /api/lists/:id/songs/:songId (add song)" echo " ✓ DELETE /api/lists/:id/songs/:songId (remove song) ⭐ FIXES YOUR ISSUE" echo " ✓ PUT /api/lists/:id/reorder (reorder songs)" echo "" echo "🔧 TO ACTIVATE THE FIX:" echo " Run this command to restart the backend:" echo "" echo " sudo systemctl restart church-music-backend.service" echo "" echo " OR manually:" echo "" echo " cd /media/pts/Website/Church_HOP_MusicData/new-site/backend" echo " pkill -f 'node.*server.js'" echo " nohup node server.js > /tmp/backend.log 2>&1 &" echo "" echo "🧪 TESTING:" echo " 1. Make sure you're logged in to the frontend" echo " 2. Go to a worship list" echo " 3. Try to delete a song from the list" echo " 4. Expected: Song removes successfully (no 403 error)" echo "" echo "📊 VERIFY BACKEND IS RUNNING:" echo " sudo systemctl status church-music-backend.service" echo " curl http://localhost:8080/health" echo "" echo "📖 Documentation created:" echo " • AUTHENTICATION_FIX_APPLIED.md - Full technical details" echo " • This script - Quick reference" echo "" echo "======================================" echo " Why was this happening?" echo "======================================" echo "The worship list routes were not checking authentication." echo "The frontend WAS sending tokens correctly, but the backend" echo "wasn't configured to require or verify them for these routes." echo "" echo "Now all modification routes (POST/PUT/DELETE) require a valid" echo "JWT token, which fixes the 403 Forbidden error." echo "======================================"