diff options
| author | Fuwn <[email protected]> | 2026-03-27 09:30:36 +0000 |
|---|---|---|
| committer | Fuwn <[email protected]> | 2026-03-27 09:30:36 +0000 |
| commit | 7653144fe7b185260c5a1b647cf1b83e78069177 (patch) | |
| tree | bdc4c33ebbd5bce99c87f9c74e50f602662d9772 /src/routes/api/configuration/+server.ts | |
| parent | chore(pnpm): Update lockfile (diff) | |
| download | due.moe-7653144fe7b185260c5a1b647cf1b83e78069177.tar.xz due.moe-7653144fe7b185260c5a1b647cf1b83e78069177.zip | |
refactor(supabase): move app access to service role
Diffstat (limited to 'src/routes/api/configuration/+server.ts')
| -rw-r--r-- | src/routes/api/configuration/+server.ts | 56 |
1 files changed, 31 insertions, 25 deletions
diff --git a/src/routes/api/configuration/+server.ts b/src/routes/api/configuration/+server.ts index aa1b0bcf..786e8333 100644 --- a/src/routes/api/configuration/+server.ts +++ b/src/routes/api/configuration/+server.ts @@ -1,33 +1,44 @@ +import { Schema } from "effect"; import { userIdentity } from "$lib/Data/AniList/identity"; -import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie"; -import { decodeRequestJsonOrThrow } from "$lib/Effect/requestBody"; import { deleteUserConfiguration, getUserConfiguration, setUserConfiguration, } from "$lib/Database/SB/User/configuration"; +import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie"; +import { decodeRequestJsonOrThrow } from "$lib/Effect/requestBody"; import { appOriginHeaders } from "$lib/Utility/appOrigin"; -import { Schema } from "effect"; const unauthorised = new Response("Unauthorised", { status: 401 }); -export const GET = async ({ url }) => - Response.json( - await getUserConfiguration(Number(url.searchParams.get("id") || 0)), - { - headers: appOriginHeaders(), - }, - ); - -export const PUT = async ({ cookies, request }) => { +const authenticatedUserId = async (cookies: { + get: (name: string) => string | undefined; +}) => { const userCookie = cookies.get("user"); - if (!userCookie) return unauthorised; + if (!userCookie) return null; + + return (await userIdentity(decodeAuthCookieOrThrow(userCookie))).id; +}; - const user = decodeAuthCookieOrThrow(userCookie); +export const GET = async ({ cookies, url }) => { + const userId = await authenticatedUserId(cookies); + const requestedUserId = Number(url.searchParams.get("id") || 0); + + if (!userId || requestedUserId !== userId) return unauthorised; + + return Response.json(await getUserConfiguration(requestedUserId), { + headers: appOriginHeaders(), + }); +}; + +export const PUT = async ({ cookies, request }) => { + const userId = await authenticatedUserId(cookies); + + if (!userId) return unauthorised; return Response.json( - await setUserConfiguration((await userIdentity(user)).id, { + await setUserConfiguration(userId, { configuration: await decodeRequestJsonOrThrow( request, Schema.Record(Schema.String, Schema.Unknown), @@ -40,16 +51,11 @@ export const PUT = async ({ cookies, request }) => { }; export const DELETE = async ({ cookies }) => { - const userCookie = cookies.get("user"); + const userId = await authenticatedUserId(cookies); - if (!userCookie) return unauthorised; + if (!userId) return unauthorised; - const user = decodeAuthCookieOrThrow(userCookie); - - return Response.json( - await deleteUserConfiguration((await userIdentity(user)).id), - { - headers: appOriginHeaders(), - }, - ); + return Response.json(await deleteUserConfiguration(userId), { + headers: appOriginHeaders(), + }); }; |