refactor: use requireAuth in updates routes (required-auth)

2026-04-04 12:36:25 +01:00 · 2026-04-04 12:36:25 +01:00 · cbb519449a
commit cbb519449a
parent 15fdf77be8
4 changed files with 8 additions and 92 deletions
--- a/server/api/updates/[id].delete.js
+++ b/server/api/updates/[id].delete.js
@ -1,29 +1,8 @@
 import jwt from "jsonwebtoken";
 import Update from "../../models/update.js";
 import { connectDB } from "../../utils/mongoose.js";
 export default defineEventHandler(async (event) => {
-  await connectDB();
+  const member = await requireAuth(event);
-
+  const memberId = member._id.toString();
  const token = getCookie(event, "auth-token");
  if (!token) {
    throw createError({
      statusCode: 401,
      statusMessage: "Not authenticated",
    });
  }
  let memberId;
  try {
    const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret);
    memberId = decoded.memberId;
  } catch (err) {
    throw createError({
      statusCode: 401,
      statusMessage: "Invalid or expired token",
    });
  }
  const id = getRouterParam(event, "id");
--- a/server/api/updates/[id].patch.js
+++ b/server/api/updates/[id].patch.js
@ -1,29 +1,8 @@
 import jwt from "jsonwebtoken";
 import Update from "../../models/update.js";
 import { connectDB } from "../../utils/mongoose.js";
 export default defineEventHandler(async (event) => {
-  await connectDB();
+  const member = await requireAuth(event);
-
+  const memberId = member._id.toString();
  const token = getCookie(event, "auth-token");
  if (!token) {
    throw createError({
      statusCode: 401,
      statusMessage: "Not authenticated",
    });
  }
  let memberId;
  try {
    const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret);
    memberId = decoded.memberId;
  } catch (err) {
    throw createError({
      statusCode: 401,
      statusMessage: "Invalid or expired token",
    });
  }
  const id = getRouterParam(event, "id");
  const body = await validateBody(event, updatePatchSchema);
--- a/server/api/updates/index.post.js
+++ b/server/api/updates/index.post.js
@ -1,31 +1,10 @@
 import jwt from "jsonwebtoken";
 import Update from "../../models/update.js";
 import { connectDB } from "../../utils/mongoose.js";
 import { validateBody } from "../../utils/validateBody.js";
 import { updateCreateSchema } from "../../utils/schemas.js";
 export default defineEventHandler(async (event) => {
-  await connectDB();
+  const member = await requireAuth(event);
-
+  const memberId = member._id.toString();
  const token = getCookie(event, "auth-token");
  if (!token) {
    throw createError({
      statusCode: 401,
      statusMessage: "Not authenticated",
    });
  }
  let memberId;
  try {
    const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret);
    memberId = decoded.memberId;
  } catch (err) {
    throw createError({
      statusCode: 401,
      statusMessage: "Invalid or expired token",
    });
  }
  const body = await validateBody(event, updateCreateSchema);
--- a/server/api/updates/my-updates.get.js
+++ b/server/api/updates/my-updates.get.js
@ -1,29 +1,8 @@
 import jwt from "jsonwebtoken";
 import Update from "../../models/update.js";
 import { connectDB } from "../../utils/mongoose.js";
 export default defineEventHandler(async (event) => {
-  await connectDB();
+  const member = await requireAuth(event);
-
+  const memberId = member._id.toString();
  const token = getCookie(event, "auth-token");
  if (!token) {
    throw createError({
      statusCode: 401,
      statusMessage: "Not authenticated",
    });
  }
  let memberId;
  try {
    const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret);
    memberId = decoded.memberId;
  } catch (err) {
    throw createError({
      statusCode: 401,
      statusMessage: "Invalid or expired token",
    });
  }
  const query = getQuery(event);
  const limit = parseInt(query.limit) || 20;