Updates

server/api/auth/member.get.js

@@ -25,7 +25,6 @@ export default defineEventHandler(async (event) => {
     board: member.board,
     showInDirectory: member.showInDirectory,
     notifications: member.notifications,
-    privacy: member.privacy,
     createdAt: member.createdAt,
     onboarding: member.onboarding,
   };

server/api/members/[id].get.js

@@ -1,25 +1,8 @@
-import jwt from "jsonwebtoken";
 import Member from "../../models/member.js";
-import { connectDB } from "../../utils/mongoose.js";
+import { requireAuth } from "../../utils/auth.js";
 
 export default defineEventHandler(async (event) => {
-  await connectDB();
-
-  // Check if user is authenticated (optional — works for public and authenticated users)
-  const token = getCookie(event, "auth-token");
-  let isAuthenticated = false;
-
-  if (token) {
-    try {
-      const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret);
-      if (decoded.memberId) {
-        isAuthenticated = true;
-      }
-    } catch {
-      // Invalid token, treat as public
-      isAuthenticated = false;
-    }
-  }
+  await requireAuth(event);
 
   const id = event.context.params.id;
 
@@ -30,7 +13,7 @@ export default defineEventHandler(async (event) => {
       status: "active",
     })
       .select(
-        "name pronouns timeZone avatar studio bio location socialLinks privacy circle craftTags board createdAt memberNumber",
+        "name pronouns timeZone avatar studio bio location socialLinks circle craftTags board createdAt memberNumber",
       )
       .lean();
 
@@ -41,42 +24,27 @@ export default defineEventHandler(async (event) => {
       });
     }
 
-    // Filter fields based on privacy settings
-    const privacy = member.privacy || {};
     const filtered = {
       _id: member._id,
       name: member.name,
       circle: member.circle,
       createdAt: member.createdAt,
       memberNumber: member.memberNumber,
-    };
-
-    // Helper function to check if field should be visible
-    const isVisible = (field) => {
-      const privacySetting = privacy[field] || "members";
-      if (privacySetting === "public") return true;
-      if (privacySetting === "members" && isAuthenticated) return true;
-      if (privacySetting === "private") return false;
-      return false;
-    };
-
-    // Add fields based on privacy settings
-    if (isVisible("avatar")) filtered.avatar = member.avatar;
-    if (isVisible("pronouns")) filtered.pronouns = member.pronouns;
-    if (isVisible("timeZone")) filtered.timeZone = member.timeZone;
-    if (isVisible("studio")) filtered.studio = member.studio;
-    if (isVisible("bio")) filtered.bio = member.bio;
-    if (isVisible("location")) filtered.location = member.location;
-    if (isVisible("socialLinks")) filtered.socialLinks = member.socialLinks;
-    if (isVisible("craftTags")) filtered.craftTags = member.craftTags;
-
-    filtered.board = {
-      slackHandle: member.board?.slackHandle,
+      avatar: member.avatar,
+      pronouns: member.pronouns,
+      timeZone: member.timeZone,
+      studio: member.studio,
+      bio: member.bio,
+      location: member.location,
+      socialLinks: member.socialLinks,
+      craftTags: member.craftTags,
+      board: {
+        slackHandle: member.board?.slackHandle,
+      },
     };
 
     return { member: filtered };
   } catch (error) {
-    // Re-throw NuxtErrors (like the 404 above)
     if (error.statusCode) {
       throw error;
     }

server/api/members/directory.get.js

@@ -1,23 +1,9 @@
-import jwt from "jsonwebtoken";
 import Member from "../../models/member.js";
 import Tag from "../../models/tag.js";
-import { connectDB } from "../../utils/mongoose.js";
+import { requireAuth } from "../../utils/auth.js";
 
 export default defineEventHandler(async (event) => {
-  await connectDB();
-
-  // Check if user is authenticated
-  const token = getCookie(event, "auth-token");
-  let isAuthenticated = false;
-
-  if (token) {
-    try {
-      jwt.verify(token, useRuntimeConfig().jwtSecret);
-      isAuthenticated = true;
-    } catch (err) {
-      isAuthenticated = false;
-    }
-  }
+  await requireAuth(event);
 
   const query = getQuery(event);
   const search = query.search || "";
@@ -56,42 +42,28 @@ export default defineEventHandler(async (event) => {
   try {
     const members = await Member.find(dbQuery)
       .select(
-        "name pronouns timeZone avatar studio bio location socialLinks privacy circle craftTags board createdAt",
+        "name pronouns timeZone avatar studio bio location socialLinks circle craftTags board createdAt",
       )
       .sort({ createdAt: -1 })
       .lean();
 
-    const filteredMembers = members.map((member) => {
-      const privacy = member.privacy || {};
-      const filtered = {
-        _id: member._id,
-        name: member.name,
-        circle: member.circle,
-        createdAt: member.createdAt,
-      };
-
-      const isVisible = (field) => {
-        const privacySetting = privacy[field] || "members";
-        if (privacySetting === "public") return true;
-        if (privacySetting === "members" && isAuthenticated) return true;
-        return false;
-      };
-
-      if (isVisible("avatar")) filtered.avatar = member.avatar;
-      if (isVisible("pronouns")) filtered.pronouns = member.pronouns;
-      if (isVisible("timeZone")) filtered.timeZone = member.timeZone;
-      if (isVisible("studio")) filtered.studio = member.studio;
-      if (isVisible("bio")) filtered.bio = member.bio;
-      if (isVisible("location")) filtered.location = member.location;
-      if (isVisible("socialLinks")) filtered.socialLinks = member.socialLinks;
-      if (isVisible("craftTags")) filtered.craftTags = member.craftTags;
-
-      filtered.board = {
+    const filteredMembers = members.map((member) => ({
+      _id: member._id,
+      name: member.name,
+      circle: member.circle,
+      createdAt: member.createdAt,
+      avatar: member.avatar,
+      pronouns: member.pronouns,
+      timeZone: member.timeZone,
+      studio: member.studio,
+      bio: member.bio,
+      location: member.location,
+      socialLinks: member.socialLinks,
+      craftTags: member.craftTags,
+      board: {
         slackHandle: member.board?.slackHandle,
-      };
-
-      return filtered;
-    });
+      },
+    }));
 
     const [craftTags, cooperativeTags] = await Promise.all([
       Tag.find({ pool: "craft", active: true }).sort({ label: 1 }).lean(),
@@ -110,6 +82,7 @@ export default defineEventHandler(async (event) => {
       },
     };
   } catch (error) {
+    if (error.statusCode) throw error;
     console.error("Directory fetch error:", error);
     throw createError({
       statusCode: 500,

server/api/members/profile.patch.js

@@ -22,18 +22,6 @@ export default defineEventHandler(async (event) => {
     "notifications",
   ];
 
-  // Privacy fields from validated body
-  const privacyFields = [
-    "pronounsPrivacy",
-    "timeZonePrivacy",
-    "avatarPrivacy",
-    "studioPrivacy",
-    "bioPrivacy",
-    "locationPrivacy",
-    "socialLinksPrivacy",
-    "craftTagsPrivacy",
-  ];
-
   // Build update object from validated data
   const updateData = {};
 
@@ -53,14 +41,6 @@ export default defineEventHandler(async (event) => {
     updateData["board.slackHandle"] = body.boardSlackHandle;
   }
 
-  // Handle privacy settings
-  privacyFields.forEach((privacyField) => {
-    if (body[privacyField] !== undefined) {
-      const baseField = privacyField.replace("Privacy", "");
-      updateData[`privacy.${baseField}`] = body[privacyField];
-    }
-  });
-
   try {
     const member = await Member.findByIdAndUpdate(
       memberId,
@@ -76,7 +56,7 @@ export default defineEventHandler(async (event) => {
     }
 
     // Log which fields were updated
-    const changedFields = Object.keys(body).filter(k => body[k] !== undefined && !k.endsWith('Privacy'))
+    const changedFields = Object.keys(body).filter(k => body[k] !== undefined)
     if (changedFields.length) {
       logActivity(memberId, 'profile_updated', { fields: changedFields })
     }