76 lines
2.1 KiB
JavaScript
76 lines
2.1 KiB
JavaScript
import jwt from "jsonwebtoken";
|
|
import Update from "../../../models/update.js";
|
|
import Member from "../../../models/member.js";
|
|
import { connectDB } from "../../../utils/mongoose.js";
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
await connectDB();
|
|
|
|
const userId = getRouterParam(event, "id");
|
|
const token = getCookie(event, "auth-token");
|
|
let currentMemberId = null;
|
|
|
|
// Check if user is authenticated
|
|
if (token) {
|
|
try {
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
|
currentMemberId = decoded.memberId;
|
|
} catch (err) {
|
|
// Token invalid, continue as non-member
|
|
}
|
|
}
|
|
|
|
const query = getQuery(event);
|
|
const limit = parseInt(query.limit) || 20;
|
|
const skip = parseInt(query.skip) || 0;
|
|
|
|
try {
|
|
// Verify the user exists
|
|
const user = await Member.findById(userId);
|
|
if (!user) {
|
|
throw createError({
|
|
statusCode: 404,
|
|
statusMessage: "User not found",
|
|
});
|
|
}
|
|
|
|
// Build privacy filter
|
|
let privacyFilter;
|
|
if (!currentMemberId) {
|
|
// Not authenticated - only show public updates
|
|
privacyFilter = { author: userId, privacy: "public" };
|
|
} else if (currentMemberId === userId) {
|
|
// Viewing own updates - show all
|
|
privacyFilter = { author: userId };
|
|
} else {
|
|
// Authenticated member viewing another's updates - show public and members-only
|
|
privacyFilter = { author: userId, privacy: { $in: ["public", "members"] } };
|
|
}
|
|
|
|
const updates = await Update.find(privacyFilter)
|
|
.populate("author", "name avatar")
|
|
.sort({ createdAt: -1 })
|
|
.limit(limit)
|
|
.skip(skip);
|
|
|
|
const total = await Update.countDocuments(privacyFilter);
|
|
|
|
return {
|
|
updates,
|
|
total,
|
|
hasMore: skip + limit < total,
|
|
user: {
|
|
_id: user._id,
|
|
name: user.name,
|
|
avatar: user.avatar,
|
|
},
|
|
};
|
|
} catch (error) {
|
|
if (error.statusCode) throw error;
|
|
console.error("Get user updates error:", error);
|
|
throw createError({
|
|
statusCode: 500,
|
|
statusMessage: "Failed to fetch user updates",
|
|
});
|
|
}
|
|
});
|