diff options
Diffstat (limited to 'pages/api/user/profile.js')
| -rw-r--r-- | pages/api/user/profile.js | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/pages/api/user/profile.js b/pages/api/user/profile.js index dd22bd8..e20aaca 100644 --- a/pages/api/user/profile.js +++ b/pages/api/user/profile.js @@ -43,13 +43,21 @@ export default async function handler(req, res) { } case "DELETE": { const { name } = req.body; - const user = await deleteUser(name); - if (!user) { - return res.status(404).json({ message: "User not found" }); + // return res.status(200).json({ name }); + if (session.user.name !== name) { + return res.status(401).json({ message: "Unauthorized" }); } else { - return res.status(200).json(user); + const user = await deleteUser(name); + if (!user) { + return res.status(404).json({ message: "User not found" }); + } else { + return res.status(200).json(user); + } } } + default: { + return res.status(405).json({ message: "Method not allowed" }); + } } } catch (error) { console.log(error); |