Updates

server/api/members/[id].get.js

@@ -1,25 +1,8 @@
-import jwt from "jsonwebtoken";
 import Member from "../../models/member.js";
-import { connectDB } from "../../utils/mongoose.js";
+import { requireAuth } from "../../utils/auth.js";
 
 export default defineEventHandler(async (event) => {
-  await connectDB();
-
-  // Check if user is authenticated (optional — works for public and authenticated users)
-  const token = getCookie(event, "auth-token");
-  let isAuthenticated = false;
-
-  if (token) {
-    try {
-      const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret);
-      if (decoded.memberId) {
-        isAuthenticated = true;
-      }
-    } catch {
-      // Invalid token, treat as public
-      isAuthenticated = false;
-    }
-  }
+  await requireAuth(event);
 
   const id = event.context.params.id;
 
@@ -30,7 +13,7 @@ export default defineEventHandler(async (event) => {
       status: "active",
     })
       .select(
-        "name pronouns timeZone avatar studio bio location socialLinks privacy circle craftTags board createdAt memberNumber",
+        "name pronouns timeZone avatar studio bio location socialLinks circle craftTags board createdAt memberNumber",
       )
       .lean();
 
@@ -41,42 +24,27 @@ export default defineEventHandler(async (event) => {
       });
     }
 
-    // Filter fields based on privacy settings
-    const privacy = member.privacy || {};
     const filtered = {
       _id: member._id,
       name: member.name,
       circle: member.circle,
       createdAt: member.createdAt,
       memberNumber: member.memberNumber,
-    };
-
-    // Helper function to check if field should be visible
-    const isVisible = (field) => {
-      const privacySetting = privacy[field] || "members";
-      if (privacySetting === "public") return true;
-      if (privacySetting === "members" && isAuthenticated) return true;
-      if (privacySetting === "private") return false;
-      return false;
-    };
-
-    // Add fields based on privacy settings
-    if (isVisible("avatar")) filtered.avatar = member.avatar;
-    if (isVisible("pronouns")) filtered.pronouns = member.pronouns;
-    if (isVisible("timeZone")) filtered.timeZone = member.timeZone;
-    if (isVisible("studio")) filtered.studio = member.studio;
-    if (isVisible("bio")) filtered.bio = member.bio;
-    if (isVisible("location")) filtered.location = member.location;
-    if (isVisible("socialLinks")) filtered.socialLinks = member.socialLinks;
-    if (isVisible("craftTags")) filtered.craftTags = member.craftTags;
-
-    filtered.board = {
-      slackHandle: member.board?.slackHandle,
+      avatar: member.avatar,
+      pronouns: member.pronouns,
+      timeZone: member.timeZone,
+      studio: member.studio,
+      bio: member.bio,
+      location: member.location,
+      socialLinks: member.socialLinks,
+      craftTags: member.craftTags,
+      board: {
+        slackHandle: member.board?.slackHandle,
+      },
     };
 
     return { member: filtered };
   } catch (error) {
-    // Re-throw NuxtErrors (like the 404 above)
     if (error.statusCode) {
       throw error;
     }