jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: use requireAuth in updates routes (optional-auth)

Browse source
This commit is contained in:
Jennie Robinson Faber 2026-04-04 12:39:09 +01:00
parent cbb519449a
commit 8b7f124f15
3 changed files with 18 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

21
server/api/updates/[id].get.js
View file

@ -1,22 +1,13 @@
import jwt from "jsonwebtoken";
import Update from "../../models/update.js"; import Update from "../../models/update.js";
import { connectDB } from "../../utils/mongoose.js";
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
await connectDB();
const id = getRouterParam(event, "id"); const id = getRouterParam(event, "id");
const token = getCookie(event, "auth-token"); let memberId = null
let memberId = null; try {
const member = await requireAuth(event)
// Check if user is authenticated memberId = member._id.toString()
if (token) { } catch {
try { // Not authenticated — continue with public-only access
const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret);
memberId = decoded.memberId;
} catch (err) {
// Token invalid, continue as non-member
}
} }
try { try {

21
server/api/updates/index.get.js
View file

@ -1,21 +1,12 @@
import jwt from "jsonwebtoken";
import Update from "../../models/update.js"; import Update from "../../models/update.js";
import { connectDB } from "../../utils/mongoose.js";
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
await connectDB(); let memberId = null
try {
const token = getCookie(event, "auth-token"); const member = await requireAuth(event)
let memberId = null; memberId = member._id.toString()
} catch {
// Check if user is authenticated // Not authenticated — continue with public-only access
if (token) {
try {
const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret);
memberId = decoded.memberId;
} catch (err) {
// Token invalid, continue as non-member
}
} }
const query = getQuery(event); const query = getQuery(event);

21
server/api/updates/user/[id].get.js
View file

@ -1,23 +1,14 @@
import jwt from "jsonwebtoken";
import Update from "../../../models/update.js"; import Update from "../../../models/update.js";
import Member from "../../../models/member.js"; import Member from "../../../models/member.js";
import { connectDB } from "../../../utils/mongoose.js";
export default defineEventHandler(async (event) => { export default defineEventHandler(async (event) => {
await connectDB();
const userId = getRouterParam(event, "id"); const userId = getRouterParam(event, "id");
const token = getCookie(event, "auth-token"); let currentMemberId = null
let currentMemberId = null; try {
const member = await requireAuth(event)
// Check if user is authenticated currentMemberId = member._id.toString()
if (token) { } catch {
try { // Not authenticated — continue with public-only access
const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret);
currentMemberId = decoded.memberId;
} catch (err) {
// Token invalid, continue as non-member
}
} }
const query = getQuery(event); const query = getQuery(event);