diff options
Diffstat (limited to 'src/routes')
| -rw-r--r-- | src/routes/api/configuration/+server.ts | 56 | ||||
| -rw-r--r-- | src/routes/api/preferences/+server.ts | 40 |
2 files changed, 56 insertions, 40 deletions
diff --git a/src/routes/api/configuration/+server.ts b/src/routes/api/configuration/+server.ts index aa1b0bcf..786e8333 100644 --- a/src/routes/api/configuration/+server.ts +++ b/src/routes/api/configuration/+server.ts @@ -1,33 +1,44 @@ +import { Schema } from "effect"; import { userIdentity } from "$lib/Data/AniList/identity"; -import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie"; -import { decodeRequestJsonOrThrow } from "$lib/Effect/requestBody"; import { deleteUserConfiguration, getUserConfiguration, setUserConfiguration, } from "$lib/Database/SB/User/configuration"; +import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie"; +import { decodeRequestJsonOrThrow } from "$lib/Effect/requestBody"; import { appOriginHeaders } from "$lib/Utility/appOrigin"; -import { Schema } from "effect"; const unauthorised = new Response("Unauthorised", { status: 401 }); -export const GET = async ({ url }) => - Response.json( - await getUserConfiguration(Number(url.searchParams.get("id") || 0)), - { - headers: appOriginHeaders(), - }, - ); - -export const PUT = async ({ cookies, request }) => { +const authenticatedUserId = async (cookies: { + get: (name: string) => string | undefined; +}) => { const userCookie = cookies.get("user"); - if (!userCookie) return unauthorised; + if (!userCookie) return null; + + return (await userIdentity(decodeAuthCookieOrThrow(userCookie))).id; +}; - const user = decodeAuthCookieOrThrow(userCookie); +export const GET = async ({ cookies, url }) => { + const userId = await authenticatedUserId(cookies); + const requestedUserId = Number(url.searchParams.get("id") || 0); + + if (!userId || requestedUserId !== userId) return unauthorised; + + return Response.json(await getUserConfiguration(requestedUserId), { + headers: appOriginHeaders(), + }); +}; + +export const PUT = async ({ cookies, request }) => { + const userId = await authenticatedUserId(cookies); + + if (!userId) return unauthorised; return Response.json( - await setUserConfiguration((await userIdentity(user)).id, { + await setUserConfiguration(userId, { configuration: await decodeRequestJsonOrThrow( request, Schema.Record(Schema.String, Schema.Unknown), @@ -40,16 +51,11 @@ export const PUT = async ({ cookies, request }) => { }; export const DELETE = async ({ cookies }) => { - const userCookie = cookies.get("user"); + const userId = await authenticatedUserId(cookies); - if (!userCookie) return unauthorised; + if (!userId) return unauthorised; - const user = decodeAuthCookieOrThrow(userCookie); - - return Response.json( - await deleteUserConfiguration((await userIdentity(user)).id), - { - headers: appOriginHeaders(), - }, - ); + return Response.json(await deleteUserConfiguration(userId), { + headers: appOriginHeaders(), + }); }; diff --git a/src/routes/api/preferences/+server.ts b/src/routes/api/preferences/+server.ts index d6db364f..8e269028 100644 --- a/src/routes/api/preferences/+server.ts +++ b/src/routes/api/preferences/+server.ts @@ -1,24 +1,37 @@ +import { Schema } from "effect"; import { userIdentity } from "$lib/Data/AniList/identity"; -import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie"; -import { decodeRequestJsonOrThrow } from "$lib/Effect/requestBody"; import { getUserPreferences, - toggleHideMissingBadges, - setCSS, setBiography, + setCSS, + setPinnedBadgeWallCategories, toggleHideAWCBadges, + toggleHideMissingBadges, togglePinnedBadgeWallCategory, - setPinnedBadgeWallCategories, } from "$lib/Database/SB/User/preferences"; +import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie"; +import { decodeRequestJsonOrThrow } from "$lib/Effect/requestBody"; import { appOriginHeaders } from "$lib/Utility/appOrigin"; -import { Schema } from "effect"; const unauthorised = new Response("Unauthorised", { status: 401 }); -export const GET = async ({ url }) => { - const preferences = await getUserPreferences( - Number(url.searchParams.get("id") || 0), - ); +const authenticatedUserId = async (cookies: { + get: (name: string) => string | undefined; +}) => { + const userCookie = cookies.get("user"); + + if (!userCookie) return null; + + return (await userIdentity(decodeAuthCookieOrThrow(userCookie))).id; +}; + +export const GET = async ({ cookies, url }) => { + const userId = await authenticatedUserId(cookies); + const requestedUserId = Number(url.searchParams.get("id") || 0); + + if (!userId || requestedUserId !== userId) return unauthorised; + + const preferences = await getUserPreferences(requestedUserId); return Response.json(preferences ? preferences : {}, { headers: appOriginHeaders(), @@ -26,12 +39,9 @@ export const GET = async ({ url }) => { }; export const PUT = async ({ url, cookies, request }) => { - const userCookie = cookies.get("user"); - - if (!userCookie) return unauthorised; + const userId = await authenticatedUserId(cookies); - const user = decodeAuthCookieOrThrow(userCookie); - const userId = (await userIdentity(user)).id; + if (!userId) return unauthorised; if (url.searchParams.get("toggleHideMissingBadges") !== null) return Response.json(await toggleHideMissingBadges(userId), { |