1 files changed, 28 insertions, 28 deletions

diff --git a/src/routes/api/preferences/pin/+server.ts b/src/routes/api/preferences/pin/+server.ts
index 28398cf0..b69a8142 100644
--- a/src/routes/api/preferences/pin/+server.ts
+++ b/src/routes/api/preferences/pin/+server.ts
@@ -1,32 +1,32 @@
-import { userIdentity } from '$lib/Data/AniList/identity';
-import { toggleHololiveStreamPinning } from '$lib/Database/SB/User/preferences';
+import { safeUserIdentity } from "$lib/Data/AniList/identity";
+import { decodeAuthCookieOrNull } from "$lib/Effect/authCookie";
+import { toggleHololiveStreamPinning } from "$lib/Database/SB/User/preferences";
+import { appOriginHeaders } from "$lib/Utility/appOrigin";
 
-const unauthorised = new Response('Unauthorised', { status: 401 });
+const unauthorised = new Response("Unauthorised", { status: 401 });
 
 export const PUT = async ({ cookies, url }) => {
-  const userCookie = cookies.get('user');
-
-  if (!userCookie) return unauthorised;
-
-  const user = JSON.parse(userCookie);
-
-  return Response.json(
-    await toggleHololiveStreamPinning(
-      (
-        await userIdentity({
-          tokenType: user['token_type'],
-          expiresIn: user['expires_in'],
-          accessToken: user['access_token'],
-          refreshToken: user['refresh_token']
-        })
-      ).id,
-      url.searchParams.get('stream') || ''
-    ),
-    {
-      headers: {
-        method: 'PUT',
-        'Access-Control-Allow-Origin': 'https://due.moe'
-      }
-    }
-  );
+	const userCookie = cookies.get("user");
+
+	if (!userCookie) return unauthorised;
+
+	const user = decodeAuthCookieOrNull(userCookie);
+
+	if (!user) return unauthorised;
+
+	const identity = await safeUserIdentity(user);
+
+	if (!identity) return unauthorised;
+
+	return Response.json(
+		await toggleHololiveStreamPinning(
+			identity.id,
+			url.searchParams.get("stream") || "",
+		),
+		{
+			headers: appOriginHeaders({
+				method: "PUT",
+			}),
+		},
+	);
 };