refactor: use requireAuth in updates routes (required-auth)

2026-04-04 12:36:25 +01:00 · 2026-04-04 12:36:25 +01:00 · cbb519449a
commit cbb519449a
parent 15fdf77be8
4 changed files with 8 additions and 92 deletions
--- a/server/api/updates/[id].patch.js
+++ b/server/api/updates/[id].patch.js
@ -1,29 +1,8 @@
-import jwt from "jsonwebtoken";
 import Update from "../../models/update.js";
-import { connectDB } from "../../utils/mongoose.js";

 export default defineEventHandler(async (event) => {
-  await connectDB();
-
-  const token = getCookie(event, "auth-token");
-
-  if (!token) {
-    throw createError({
-      statusCode: 401,
-      statusMessage: "Not authenticated",
-    });
-  }
-
-  let memberId;
-  try {
-    const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret);
-    memberId = decoded.memberId;
-  } catch (err) {
-    throw createError({
-      statusCode: 401,
-      statusMessage: "Invalid or expired token",
-    });
-  }
+  const member = await requireAuth(event);
+  const memberId = member._id.toString();

  const id = getRouterParam(event, "id");
  const body = await validateBody(event, updatePatchSchema);