Enforce authentication on all endpoints

getFolderList.php

@@ -2,6 +2,13 @@
 require 'config.php';
 header('Content-Type: application/json');
 
+// Ensure user is authenticated
+if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
+    echo json_encode(["error" => "Unauthorized"]);
+    http_response_code(401);
+    exit;
+}
+
 $folderList = [];
 $dir = rtrim(UPLOAD_DIR, '/\\');
 if (is_dir($dir)) {