fix(api): keep preferences publicly readable

author: Fuwn <[email protected]> 2026-03-27 09:41:11 +0000
committer: Fuwn <[email protected]> 2026-03-27 09:41:11 +0000
commit: 7e0e70193185ac90a8fb22dd80c64713116a5f28 (patch)
tree: 7e02080d0ed1f42f287aad242276d047ce7b844d /src/routes
parent: fix(profile): restore owner controls for new accounts (diff)
download: due.moe-7e0e70193185ac90a8fb22dd80c64713116a5f28.tar.xz
due.moe-7e0e70193185ac90a8fb22dd80c64713116a5f28.zip
1 files changed, 1 insertions, 4 deletions
diff --git a/src/routes/api/preferences/+server.ts b/src/routes/api/preferences/+server.ts
index 8e269028..0537c9bc 100644
--- a/src/routes/api/preferences/+server.ts
+++ b/src/routes/api/preferences/+server.ts
@@ -25,12 +25,9 @@ const authenticatedUserId = async (cookies: {
 	return (await userIdentity(decodeAuthCookieOrThrow(userCookie))).id;
 };
 
-export const GET = async ({ cookies, url }) => {
-	const userId = await authenticatedUserId(cookies);
+export const GET = async ({ url }) => {
 	const requestedUserId = Number(url.searchParams.get("id") || 0);
 
-	if (!userId || requestedUserId !== userId) return unauthorised;
-
 	const preferences = await getUserPreferences(requestedUserId);
 
 	return Response.json(preferences ? preferences : {}, {
author	Fuwn <[email protected]>	2026-03-27 09:41:11 +0000
committer	Fuwn <[email protected]>	2026-03-27 09:41:11 +0000
commit	7e0e70193185ac90a8fb22dd80c64713116a5f28 (patch)
tree	7e02080d0ed1f42f287aad242276d047ce7b844d /src/routes
parent	fix(profile): restore owner controls for new accounts (diff)
download	due.moe-7e0e70193185ac90a8fb22dd80c64713116a5f28.tar.xz due.moe-7e0e70193185ac90a8fb22dd80c64713116a5f28.zip