Adding features

server/api/updates/[id].delete.js

@@ -0,0 +1,59 @@
+import jwt from "jsonwebtoken";
+import Update from "../../models/update.js";
+import { connectDB } from "../../utils/mongoose.js";
+
+export default defineEventHandler(async (event) => {
+  await connectDB();
+
+  const token = getCookie(event, "auth-token");
+
+  if (!token) {
+    throw createError({
+      statusCode: 401,
+      statusMessage: "Not authenticated",
+    });
+  }
+
+  let memberId;
+  try {
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+    memberId = decoded.memberId;
+  } catch (err) {
+    throw createError({
+      statusCode: 401,
+      statusMessage: "Invalid or expired token",
+    });
+  }
+
+  const id = getRouterParam(event, "id");
+
+  try {
+    const update = await Update.findById(id);
+
+    if (!update) {
+      throw createError({
+        statusCode: 404,
+        statusMessage: "Update not found",
+      });
+    }
+
+    // Check if user is the author
+    if (update.author.toString() !== memberId) {
+      throw createError({
+        statusCode: 403,
+        statusMessage: "You can only delete your own updates",
+      });
+    }
+
+    await Update.findByIdAndDelete(id);
+
+    return { success: true };
+  } catch (error) {
+    if (error.statusCode) throw error;
+    console.error("Delete update error:", error);
+    throw createError({
+      statusCode: 500,
+      statusMessage: "Failed to delete update",
+    });
+  }
+});