aboutsummaryrefslogtreecommitdiff
path: root/src/routes/api
diff options
context:
space:
mode:
Diffstat (limited to 'src/routes/api')
-rw-r--r--src/routes/api/configuration/+server.ts56
-rw-r--r--src/routes/api/preferences/+server.ts40
2 files changed, 56 insertions, 40 deletions
diff --git a/src/routes/api/configuration/+server.ts b/src/routes/api/configuration/+server.ts
index aa1b0bcf..786e8333 100644
--- a/src/routes/api/configuration/+server.ts
+++ b/src/routes/api/configuration/+server.ts
@@ -1,33 +1,44 @@
+import { Schema } from "effect";
import { userIdentity } from "$lib/Data/AniList/identity";
-import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie";
-import { decodeRequestJsonOrThrow } from "$lib/Effect/requestBody";
import {
deleteUserConfiguration,
getUserConfiguration,
setUserConfiguration,
} from "$lib/Database/SB/User/configuration";
+import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie";
+import { decodeRequestJsonOrThrow } from "$lib/Effect/requestBody";
import { appOriginHeaders } from "$lib/Utility/appOrigin";
-import { Schema } from "effect";
const unauthorised = new Response("Unauthorised", { status: 401 });
-export const GET = async ({ url }) =>
- Response.json(
- await getUserConfiguration(Number(url.searchParams.get("id") || 0)),
- {
- headers: appOriginHeaders(),
- },
- );
-
-export const PUT = async ({ cookies, request }) => {
+const authenticatedUserId = async (cookies: {
+ get: (name: string) => string | undefined;
+}) => {
const userCookie = cookies.get("user");
- if (!userCookie) return unauthorised;
+ if (!userCookie) return null;
+
+ return (await userIdentity(decodeAuthCookieOrThrow(userCookie))).id;
+};
- const user = decodeAuthCookieOrThrow(userCookie);
+export const GET = async ({ cookies, url }) => {
+ const userId = await authenticatedUserId(cookies);
+ const requestedUserId = Number(url.searchParams.get("id") || 0);
+
+ if (!userId || requestedUserId !== userId) return unauthorised;
+
+ return Response.json(await getUserConfiguration(requestedUserId), {
+ headers: appOriginHeaders(),
+ });
+};
+
+export const PUT = async ({ cookies, request }) => {
+ const userId = await authenticatedUserId(cookies);
+
+ if (!userId) return unauthorised;
return Response.json(
- await setUserConfiguration((await userIdentity(user)).id, {
+ await setUserConfiguration(userId, {
configuration: await decodeRequestJsonOrThrow(
request,
Schema.Record(Schema.String, Schema.Unknown),
@@ -40,16 +51,11 @@ export const PUT = async ({ cookies, request }) => {
};
export const DELETE = async ({ cookies }) => {
- const userCookie = cookies.get("user");
+ const userId = await authenticatedUserId(cookies);
- if (!userCookie) return unauthorised;
+ if (!userId) return unauthorised;
- const user = decodeAuthCookieOrThrow(userCookie);
-
- return Response.json(
- await deleteUserConfiguration((await userIdentity(user)).id),
- {
- headers: appOriginHeaders(),
- },
- );
+ return Response.json(await deleteUserConfiguration(userId), {
+ headers: appOriginHeaders(),
+ });
};
diff --git a/src/routes/api/preferences/+server.ts b/src/routes/api/preferences/+server.ts
index d6db364f..8e269028 100644
--- a/src/routes/api/preferences/+server.ts
+++ b/src/routes/api/preferences/+server.ts
@@ -1,24 +1,37 @@
+import { Schema } from "effect";
import { userIdentity } from "$lib/Data/AniList/identity";
-import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie";
-import { decodeRequestJsonOrThrow } from "$lib/Effect/requestBody";
import {
getUserPreferences,
- toggleHideMissingBadges,
- setCSS,
setBiography,
+ setCSS,
+ setPinnedBadgeWallCategories,
toggleHideAWCBadges,
+ toggleHideMissingBadges,
togglePinnedBadgeWallCategory,
- setPinnedBadgeWallCategories,
} from "$lib/Database/SB/User/preferences";
+import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie";
+import { decodeRequestJsonOrThrow } from "$lib/Effect/requestBody";
import { appOriginHeaders } from "$lib/Utility/appOrigin";
-import { Schema } from "effect";
const unauthorised = new Response("Unauthorised", { status: 401 });
-export const GET = async ({ url }) => {
- const preferences = await getUserPreferences(
- Number(url.searchParams.get("id") || 0),
- );
+const authenticatedUserId = async (cookies: {
+ get: (name: string) => string | undefined;
+}) => {
+ const userCookie = cookies.get("user");
+
+ if (!userCookie) return null;
+
+ return (await userIdentity(decodeAuthCookieOrThrow(userCookie))).id;
+};
+
+export const GET = async ({ cookies, url }) => {
+ const userId = await authenticatedUserId(cookies);
+ const requestedUserId = Number(url.searchParams.get("id") || 0);
+
+ if (!userId || requestedUserId !== userId) return unauthorised;
+
+ const preferences = await getUserPreferences(requestedUserId);
return Response.json(preferences ? preferences : {}, {
headers: appOriginHeaders(),
@@ -26,12 +39,9 @@ export const GET = async ({ url }) => {
};
export const PUT = async ({ url, cookies, request }) => {
- const userCookie = cookies.get("user");
-
- if (!userCookie) return unauthorised;
+ const userId = await authenticatedUserId(cookies);
- const user = decodeAuthCookieOrThrow(userCookie);
- const userId = (await userIdentity(user)).id;
+ if (!userId) return unauthorised;
if (url.searchParams.get("toggleHideMissingBadges") !== null)
return Response.json(await toggleHideMissingBadges(userId), {
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-11 13:35:13 +0000