Jennie Robinson Faber
b7279f57d1
- Add centralized Zod schemas (server/utils/schemas.js) and validateBody utility for all API endpoints - Fix critical mass assignment in member creation: raw body no longer passed to new Member(), only validated fields (email, name, circle, contributionTier) are accepted - Apply Zod validation to login, profile patch, event registration, updates, verify-payment, and admin event creation endpoints - Fix logout cookie flags to match login (httpOnly: true, secure conditional on NODE_ENV) - Delete unauthenticated test/debug endpoints (test-connection, test-subscription, test-bot) - Remove sensitive console.log statements from Helcim and member endpoints - Remove unused bcryptjs dependency - Add 10MB file size limit on image uploads - Use runtime config for JWT secret across all endpoints - Add 38 validation tests (117 total, all passing)
28 lines
787 B
JavaScript
28 lines
787 B
JavaScript
import jwt from "jsonwebtoken";
|
|
import Member from "../../models/member.js";
|
|
import { connectDB } from "../../utils/mongoose.js";
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
await connectDB();
|
|
|
|
const token = getCookie(event, "auth-token");
|
|
if (!token) {
|
|
throw createError({ statusCode: 401, statusMessage: "Not authenticated" });
|
|
}
|
|
|
|
let memberId;
|
|
try {
|
|
const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret);
|
|
memberId = decoded.memberId;
|
|
} catch (err) {
|
|
throw createError({ statusCode: 401, statusMessage: "Invalid token" });
|
|
}
|
|
|
|
const member = await Member.findById(memberId).select("name peerSupport slackUserId");
|
|
|
|
return {
|
|
name: member.name,
|
|
peerSupport: member.peerSupport,
|
|
slackUserId: member.slackUserId,
|
|
};
|
|
});
|