ghostguild-org/server/api/updates/index.get.js

import jwt from "jsonwebtoken";
import Update from "../../models/update.js";
import { connectDB } from "../../utils/mongoose.js";

export default defineEventHandler(async (event) => {
  await connectDB();

  const token = getCookie(event, "auth-token");
  let memberId = null;

  // Check if user is authenticated
  if (token) {
    try {
      const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret);
      memberId = decoded.memberId;
    } catch (err) {
      // Token invalid, continue as non-member
    }
  }

  const query = getQuery(event);
  const limit = parseInt(query.limit) || 20;
  const skip = parseInt(query.skip) || 0;

  try {
    // Build privacy filter
    let privacyFilter;
    if (!memberId) {
      // Not authenticated - only show public updates
      privacyFilter = { privacy: "public" };
    } else {
      // Authenticated member - show public and members-only updates
      privacyFilter = { privacy: { $in: ["public", "members"] } };
    }

    const updates = await Update.find(privacyFilter)
      .populate("author", "name avatar")
      .sort({ createdAt: -1 })
      .limit(limit)
      .skip(skip);

    const total = await Update.countDocuments(privacyFilter);

    return {
      updates,
      total,
      hasMore: skip + limit < total,
    };
  } catch (error) {
    console.error("Get updates error:", error);
    throw createError({
      statusCode: 500,
      statusMessage: "Failed to fetch updates",
    });
  }
});