fix: add custom endpoint for getVideoBySlug to bypass permissions

- Add GET /sexy/videos/:slug endpoint in bundle that bypasses Directus permissions
- Simplify getVideoBySlug to use the new custom endpoint instead of direct API call
- Fixes "Video not found" error on production for public video pages
- Custom endpoint uses database query like other public endpoints (/sexy/models, etc)
- Ensures videos are accessible to unauthenticated users while respecting upload_date

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

packages/frontend/src/lib/services.ts

@@ -242,41 +242,13 @@ export async function getVideoBySlug(
 	return loggedApiCall(
 		"getVideoBySlug",
 		async () => {
-			const fetchFn = fetch || globalThis.fetch;
-			return fetchFn(
-				`${directusApiUrl}/items/sexy_videos?${new URLSearchParams({
-					filter: JSON.stringify({ slug: { _eq: slug } }),
-					fields: JSON.stringify([
-						"*",
-						{
-							models: [
-								"*",
-								{
-									directus_users_id: ["*"],
-								},
-							],
-						},
-						"movie.*",
-					]),
-				})}`,
-			)
-				.then((res) => res.json())
-				.then((response) => {
-					const videos = response.data;
-					if (!videos || videos.length === 0) {
-						throw new Error("Video not found");
-					}
-					// Handle models array - filter out null/undefined and map to user objects
-					if (Array.isArray(videos[0].models)) {
-						videos[0].models = videos[0].models
-							.filter((u) => u && u.directus_users_id)
-							.map((u) => u.directus_users_id!);
-					} else {
-						videos[0].models = [];
-					}
-
-					return videos[0];
-				});
+			const directus = getDirectusInstance(fetch);
+			return directus.request<Video>(
+				customEndpoint({
+					method: "GET",
+					path: `/sexy/videos/${slug}`,
+				}),
+			);
 		},
 		{ slug },
 	);