refactor: use requireAuth in updates routes (optional-auth)

server/api/updates/user/[id].get.js

@@ -1,23 +1,14 @@
-import jwt from "jsonwebtoken";
 import Update from "../../../models/update.js";
 import Member from "../../../models/member.js";
-import { connectDB } from "../../../utils/mongoose.js";
 
 export default defineEventHandler(async (event) => {
-  await connectDB();
-
   const userId = getRouterParam(event, "id");
-  const token = getCookie(event, "auth-token");
-  let currentMemberId = null;
-
-  // Check if user is authenticated
-  if (token) {
-    try {
-      const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret);
-      currentMemberId = decoded.memberId;
-    } catch (err) {
-      // Token invalid, continue as non-member
-    }
+  let currentMemberId = null
+  try {
+    const member = await requireAuth(event)
+    currentMemberId = member._id.toString()
+  } catch {
+    // Not authenticated — continue with public-only access
   }
 
   const query = getQuery(event);