From cbb519449a8ef3f108695bc504baa54cf1049a9e Mon Sep 17 00:00:00 2001 From: Jennie Robinson Faber Date: Sat, 4 Apr 2026 12:36:25 +0100 Subject: [PATCH] refactor: use requireAuth in updates routes (required-auth) --- server/api/updates/[id].delete.js | 25 ++----------------------- server/api/updates/[id].patch.js | 25 ++----------------------- server/api/updates/index.post.js | 25 ++----------------------- server/api/updates/my-updates.get.js | 25 ++----------------------- 4 files changed, 8 insertions(+), 92 deletions(-) diff --git a/server/api/updates/[id].delete.js b/server/api/updates/[id].delete.js index aeedd95..9b899ae 100644 --- a/server/api/updates/[id].delete.js +++ b/server/api/updates/[id].delete.js @@ -1,29 +1,8 @@ -import jwt from "jsonwebtoken"; import Update from "../../models/update.js"; -import { connectDB } from "../../utils/mongoose.js"; export default defineEventHandler(async (event) => { - await connectDB(); - - const token = getCookie(event, "auth-token"); - - if (!token) { - throw createError({ - statusCode: 401, - statusMessage: "Not authenticated", - }); - } - - let memberId; - try { - const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret); - memberId = decoded.memberId; - } catch (err) { - throw createError({ - statusCode: 401, - statusMessage: "Invalid or expired token", - }); - } + const member = await requireAuth(event); + const memberId = member._id.toString(); const id = getRouterParam(event, "id"); diff --git a/server/api/updates/[id].patch.js b/server/api/updates/[id].patch.js index d8871f8..d4bd824 100644 --- a/server/api/updates/[id].patch.js +++ b/server/api/updates/[id].patch.js @@ -1,29 +1,8 @@ -import jwt from "jsonwebtoken"; import Update from "../../models/update.js"; -import { connectDB } from "../../utils/mongoose.js"; export default defineEventHandler(async (event) => { - await connectDB(); - - const token = getCookie(event, "auth-token"); - - if (!token) { - throw createError({ - statusCode: 401, - statusMessage: "Not authenticated", - }); - } - - let memberId; - try { - const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret); - memberId = decoded.memberId; - } catch (err) { - throw createError({ - statusCode: 401, - statusMessage: "Invalid or expired token", - }); - } + const member = await requireAuth(event); + const memberId = member._id.toString(); const id = getRouterParam(event, "id"); const body = await validateBody(event, updatePatchSchema); diff --git a/server/api/updates/index.post.js b/server/api/updates/index.post.js index 8f1e330..29c3a84 100644 --- a/server/api/updates/index.post.js +++ b/server/api/updates/index.post.js @@ -1,31 +1,10 @@ -import jwt from "jsonwebtoken"; import Update from "../../models/update.js"; -import { connectDB } from "../../utils/mongoose.js"; import { validateBody } from "../../utils/validateBody.js"; import { updateCreateSchema } from "../../utils/schemas.js"; export default defineEventHandler(async (event) => { - await connectDB(); - - const token = getCookie(event, "auth-token"); - - if (!token) { - throw createError({ - statusCode: 401, - statusMessage: "Not authenticated", - }); - } - - let memberId; - try { - const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret); - memberId = decoded.memberId; - } catch (err) { - throw createError({ - statusCode: 401, - statusMessage: "Invalid or expired token", - }); - } + const member = await requireAuth(event); + const memberId = member._id.toString(); const body = await validateBody(event, updateCreateSchema); diff --git a/server/api/updates/my-updates.get.js b/server/api/updates/my-updates.get.js index 084d787..37a9b3d 100644 --- a/server/api/updates/my-updates.get.js +++ b/server/api/updates/my-updates.get.js @@ -1,29 +1,8 @@ -import jwt from "jsonwebtoken"; import Update from "../../models/update.js"; -import { connectDB } from "../../utils/mongoose.js"; export default defineEventHandler(async (event) => { - await connectDB(); - - const token = getCookie(event, "auth-token"); - - if (!token) { - throw createError({ - statusCode: 401, - statusMessage: "Not authenticated", - }); - } - - let memberId; - try { - const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret); - memberId = decoded.memberId; - } catch (err) { - throw createError({ - statusCode: 401, - statusMessage: "Invalid or expired token", - }); - } + const member = await requireAuth(event); + const memberId = member._id.toString(); const query = getQuery(event); const limit = parseInt(query.limit) || 20;