fix: add custom endpoint for getVideoBySlug to bypass permissions

- Add GET /sexy/videos/:slug endpoint in bundle that bypasses Directus permissions
- Simplify getVideoBySlug to use the new custom endpoint instead of direct API call
- Fixes "Video not found" error on production for public video pages
- Custom endpoint uses database query like other public endpoints (/sexy/models, etc)
- Ensures videos are accessible to unauthenticated users while respecting upload_date

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

packages/bundle/src/endpoint/index.ts

@@ -204,6 +204,48 @@ export default {
 			}
 		});
 
+		// GET /sexy/videos/:slug - Get single video by slug
+		router.get("/videos/:slug", async (req, res) => {
+			try {
+				const { slug } = req.params;
+
+				const video = await database
+					.select("v.*")
+					.from("sexy_videos as v")
+					.where("v.slug", slug)
+					.where("v.upload_date", "<=", new Date().toISOString())
+					.first();
+
+				if (!video) {
+					return res.status(404).json({ error: "Video not found" });
+				}
+
+				// Fetch models
+				const models = await database
+					.select("u.*")
+					.from("sexy_videos_models as vm")
+					.leftJoin("directus_users as u", "vm.directus_users_id", "u.id")
+					.where("vm.sexy_videos_id", video.id);
+
+				video.models = models;
+
+				// Fetch movie file
+				if (video.movie) {
+					const movie = await database
+						.select("*")
+						.from("directus_files")
+						.where("id", video.movie)
+						.first();
+					video.movie = movie;
+				}
+
+				res.json(video);
+			} catch (error: any) {
+				console.error("Video by slug error:", error);
+				res.status(500).json({ error: error.message || "Failed to fetch video" });
+			}
+		});
+
 		// GET /sexy/articles - List articles
 		router.get("/articles", async (req, res) => {
 			try {