From 7e0e70193185ac90a8fb22dd80c64713116a5f28 Mon Sep 17 00:00:00 2001
From: Fuwn <contact@fuwn.net>
Date: Fri, 27 Mar 2026 09:41:11 +0000
Subject: fix(api): keep preferences publicly readable

---
 src/routes/api/preferences/+server.ts | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'src/routes/api')

diff --git a/src/routes/api/preferences/+server.ts b/src/routes/api/preferences/+server.ts
index 8e269028..0537c9bc 100644
--- a/src/routes/api/preferences/+server.ts
+++ b/src/routes/api/preferences/+server.ts
@@ -25,12 +25,9 @@ const authenticatedUserId = async (cookies: {
 	return (await userIdentity(decodeAuthCookieOrThrow(userCookie))).id;
 };
 
-export const GET = async ({ cookies, url }) => {
-	const userId = await authenticatedUserId(cookies);
+export const GET = async ({ url }) => {
 	const requestedUserId = Number(url.searchParams.get("id") || 0);
 
-	if (!userId || requestedUserId !== userId) return unauthorised;
-
 	const preferences = await getUserPreferences(requestedUserId);
 
 	return Response.json(preferences ? preferences : {}, {
-- 
cgit v1.2.3