jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: use requireAuth in updates routes (optional-auth)

Browse source
This commit is contained in:
Jennie Robinson Faber 2026-04-04 12:39:09 +01:00
parent cbb519449a
commit 8b7f124f15
3 changed files with 18 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

19
server/api/updates/[id].get.js
View file

@ -1,22 +1,13 @@
import jwt from "jsonwebtoken";
import Update from "../../models/update.js"; import Update from "../../models/update.js";
import { connectDB } from "../../utils/mongoose.js";
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
await connectDB();
const id = getRouterParam(event, "id"); const id = getRouterParam(event, "id");
const token = getCookie(event, "auth-token"); let memberId = null
let memberId = null;
// Check if user is authenticated
if (token) {
try { try {
const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret); const member = await requireAuth(event)
memberId = decoded.memberId; memberId = member._id.toString()
} catch (err) { } catch {
// Token invalid, continue as non-member // Not authenticated — continue with public-only access
}
} }
try { try {

19
server/api/updates/index.get.js
View file

@ -1,21 +1,12 @@
import jwt from "jsonwebtoken";
import Update from "../../models/update.js"; import Update from "../../models/update.js";
import { connectDB } from "../../utils/mongoose.js";
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
await connectDB(); let memberId = null
const token = getCookie(event, "auth-token");
let memberId = null;
// Check if user is authenticated
if (token) {
try { try {
const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret); const member = await requireAuth(event)
memberId = decoded.memberId; memberId = member._id.toString()
} catch (err) { } catch {
// Token invalid, continue as non-member // Not authenticated — continue with public-only access
}
} }
const query = getQuery(event); const query = getQuery(event);

19
server/api/updates/user/[id].get.js
View file

@ -1,23 +1,14 @@
import jwt from "jsonwebtoken";
import Update from "../../../models/update.js"; import Update from "../../../models/update.js";
import Member from "../../../models/member.js"; import Member from "../../../models/member.js";
import { connectDB } from "../../../utils/mongoose.js";
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
await connectDB();
const userId = getRouterParam(event, "id"); const userId = getRouterParam(event, "id");
const token = getCookie(event, "auth-token"); let currentMemberId = null
let currentMemberId = null;
// Check if user is authenticated
if (token) {
try { try {
const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret); const member = await requireAuth(event)
currentMemberId = decoded.memberId; currentMemberId = member._id.toString()
} catch (err) { } catch {
// Token invalid, continue as non-member // Not authenticated — continue with public-only access
}
} }
const query = getQuery(event); const query = getQuery(event);