59 lines
1.3 KiB
JavaScript
59 lines
1.3 KiB
JavaScript
import jwt from "jsonwebtoken";
|
|
import Update from "../../models/update.js";
|
|
import { connectDB } from "../../utils/mongoose.js";
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
await connectDB();
|
|
|
|
const token = getCookie(event, "auth-token");
|
|
|
|
if (!token) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
statusMessage: "Not authenticated",
|
|
});
|
|
}
|
|
|
|
let memberId;
|
|
try {
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
|
memberId = decoded.memberId;
|
|
} catch (err) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
statusMessage: "Invalid or expired token",
|
|
});
|
|
}
|
|
|
|
const id = getRouterParam(event, "id");
|
|
|
|
try {
|
|
const update = await Update.findById(id);
|
|
|
|
if (!update) {
|
|
throw createError({
|
|
statusCode: 404,
|
|
statusMessage: "Update not found",
|
|
});
|
|
}
|
|
|
|
// Check if user is the author
|
|
if (update.author.toString() !== memberId) {
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: "You can only delete your own updates",
|
|
});
|
|
}
|
|
|
|
await Update.findByIdAndDelete(id);
|
|
|
|
return { success: true };
|
|
} catch (error) {
|
|
if (error.statusCode) throw error;
|
|
console.error("Delete update error:", error);
|
|
throw createError({
|
|
statusCode: 500,
|
|
statusMessage: "Failed to delete update",
|
|
});
|
|
}
|
|
});
|