jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ghostguild-org/server/api/board/posts/[id].delete.js
Jennie Robinson Faber 28040f44f4
Some checks failed
Test / vitest (push) Failing after 7m17s
Details
Test / playwright (push) Has been skipped
Details
Test / visual (push) Has been skipped
Details
Test / Notify on failure (push) Successful in 1s
Details
refactor(board): atomic delete + query limit + composable cleanup 
Delete uses findOneAndDelete with author match (no TOCTOU window);
existence check only runs on miss to distinguish 403 vs 404. Posts
list capped at 200. Drop unused resolveTagChannel and refreshParams;
route slack URL building through the composable's slackUrl helper.
2026-04-15 12:47:53 +01:00

19 lines
593 B
JavaScript
Raw Blame History

import BoardPost from '../../../models/boardPost.js'
import { requireAuth } from '../../../utils/auth.js'
export default defineEventHandler(async (event) => {
const member = await requireAuth(event)
const id = getRouterParam(event, 'id')
const deleted = await BoardPost.findOneAndDelete({ _id: id, author: member._id })
if (!deleted) {
const exists = await BoardPost.exists({ _id: id })
throw createError({
statusCode: exists ? 403 : 404,
statusMessage: exists ? 'Not authorized to delete this post' : 'Post not found',
})
}
return { success: true }
})
Reference in a new issue View git blame Copy permalink