diff options
| author | Fuwn <[email protected]> | 2026-03-27 09:30:36 +0000 |
|---|---|---|
| committer | Fuwn <[email protected]> | 2026-03-27 09:30:36 +0000 |
| commit | 7653144fe7b185260c5a1b647cf1b83e78069177 (patch) | |
| tree | bdc4c33ebbd5bce99c87f9c74e50f602662d9772 /src/routes/api/preferences | |
| parent | chore(pnpm): Update lockfile (diff) | |
| download | due.moe-7653144fe7b185260c5a1b647cf1b83e78069177.tar.xz due.moe-7653144fe7b185260c5a1b647cf1b83e78069177.zip | |
refactor(supabase): move app access to service role
Diffstat (limited to 'src/routes/api/preferences')
| -rw-r--r-- | src/routes/api/preferences/+server.ts | 40 |
1 files changed, 25 insertions, 15 deletions
diff --git a/src/routes/api/preferences/+server.ts b/src/routes/api/preferences/+server.ts index d6db364f..8e269028 100644 --- a/src/routes/api/preferences/+server.ts +++ b/src/routes/api/preferences/+server.ts @@ -1,24 +1,37 @@ +import { Schema } from "effect"; import { userIdentity } from "$lib/Data/AniList/identity"; -import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie"; -import { decodeRequestJsonOrThrow } from "$lib/Effect/requestBody"; import { getUserPreferences, - toggleHideMissingBadges, - setCSS, setBiography, + setCSS, + setPinnedBadgeWallCategories, toggleHideAWCBadges, + toggleHideMissingBadges, togglePinnedBadgeWallCategory, - setPinnedBadgeWallCategories, } from "$lib/Database/SB/User/preferences"; +import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie"; +import { decodeRequestJsonOrThrow } from "$lib/Effect/requestBody"; import { appOriginHeaders } from "$lib/Utility/appOrigin"; -import { Schema } from "effect"; const unauthorised = new Response("Unauthorised", { status: 401 }); -export const GET = async ({ url }) => { - const preferences = await getUserPreferences( - Number(url.searchParams.get("id") || 0), - ); +const authenticatedUserId = async (cookies: { + get: (name: string) => string | undefined; +}) => { + const userCookie = cookies.get("user"); + + if (!userCookie) return null; + + return (await userIdentity(decodeAuthCookieOrThrow(userCookie))).id; +}; + +export const GET = async ({ cookies, url }) => { + const userId = await authenticatedUserId(cookies); + const requestedUserId = Number(url.searchParams.get("id") || 0); + + if (!userId || requestedUserId !== userId) return unauthorised; + + const preferences = await getUserPreferences(requestedUserId); return Response.json(preferences ? preferences : {}, { headers: appOriginHeaders(), @@ -26,12 +39,9 @@ export const GET = async ({ url }) => { }; export const PUT = async ({ url, cookies, request }) => { - const userCookie = cookies.get("user"); - - if (!userCookie) return unauthorised; + const userId = await authenticatedUserId(cookies); - const user = decodeAuthCookieOrThrow(userCookie); - const userId = (await userIdentity(user)).id; + if (!userId) return unauthorised; if (url.searchParams.get("toggleHideMissingBadges") !== null) return Response.json(await toggleHideMissingBadges(userId), { |