From dfdb3e0840a6d6ff372c0df7fa3e6bd7dfc84969 Mon Sep 17 00:00:00 2001 From: Joshua Ryder Date: Sun, 12 Oct 2025 00:24:27 -0400 Subject: [PATCH] security fixes --- server/api/notes/[sermonId].get.ts | 4 ++-- server/api/notes/[sermonId].post.ts | 4 ++-- server/api/notes/download/[sermonId].get.ts | 4 ++-- server/api/notes/email/[sermonId].post.ts | 4 ++-- server/api/users/delete/[id].delete.ts | 4 ++-- server/api/users/password/[id].put.ts | 4 ++-- server/api/users/role/[id].put.ts | 4 ++-- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/server/api/notes/[sermonId].get.ts b/server/api/notes/[sermonId].get.ts index cecce4e..f7670aa 100644 --- a/server/api/notes/[sermonId].get.ts +++ b/server/api/notes/[sermonId].get.ts @@ -1,8 +1,8 @@ import { getSermonNote, getUserByUsername } from '~/server/utils/database' -import { getAuthCookie } from '~/server/utils/auth' +import { getSessionUsername } from '~/server/utils/auth' export default defineEventHandler(async (event) => { - const username = getAuthCookie(event) + const username = await getSessionUsername(event) if (!username) { throw createError({ diff --git a/server/api/notes/[sermonId].post.ts b/server/api/notes/[sermonId].post.ts index 6f1008e..39a6d9c 100644 --- a/server/api/notes/[sermonId].post.ts +++ b/server/api/notes/[sermonId].post.ts @@ -1,8 +1,8 @@ import { saveSermonNote, getUserByUsername } from '~/server/utils/database' -import { getAuthCookie } from '~/server/utils/auth' +import { getSessionUsername } from '~/server/utils/auth' export default defineEventHandler(async (event) => { - const username = getAuthCookie(event) + const username = await getSessionUsername(event) if (!username) { throw createError({ diff --git a/server/api/notes/download/[sermonId].get.ts b/server/api/notes/download/[sermonId].get.ts index e0f3e11..aa1bcb0 100644 --- a/server/api/notes/download/[sermonId].get.ts +++ b/server/api/notes/download/[sermonId].get.ts @@ -1,8 +1,8 @@ import { getSermonNote, getUserByUsername, getDatabase } from '~/server/utils/database' -import { getAuthCookie } from '~/server/utils/auth' +import { getSessionUsername } from '~/server/utils/auth' export default defineEventHandler(async (event) => { - const username = getAuthCookie(event) + const username = await getSessionUsername(event) if (!username) { throw createError({ diff --git a/server/api/notes/email/[sermonId].post.ts b/server/api/notes/email/[sermonId].post.ts index 2d696e9..2541adc 100644 --- a/server/api/notes/email/[sermonId].post.ts +++ b/server/api/notes/email/[sermonId].post.ts @@ -1,9 +1,9 @@ import { getSermonNote, getSermonBySlug, getUserByUsername, getDatabase } from '~/server/utils/database' -import { getAuthCookie } from '~/server/utils/auth' +import { getSessionUsername } from '~/server/utils/auth' import { sendSermonNotesEmail } from '~/server/utils/email' export default defineEventHandler(async (event) => { - const username = getAuthCookie(event) + const username = await getSessionUsername(event) if (!username) { throw createError({ diff --git a/server/api/users/delete/[id].delete.ts b/server/api/users/delete/[id].delete.ts index 38fbdd1..826ab5b 100644 --- a/server/api/users/delete/[id].delete.ts +++ b/server/api/users/delete/[id].delete.ts @@ -1,8 +1,8 @@ import { deleteUser, getUserByUsername } from '~/server/utils/database' -import { getAuthCookie } from '~/server/utils/auth' +import { getSessionUsername } from '~/server/utils/auth' export default defineEventHandler(async (event) => { - const username = getAuthCookie(event) + const username = await getSessionUsername(event) if (!username) { throw createError({ diff --git a/server/api/users/password/[id].put.ts b/server/api/users/password/[id].put.ts index 6d0d1de..23ac3ec 100644 --- a/server/api/users/password/[id].put.ts +++ b/server/api/users/password/[id].put.ts @@ -1,8 +1,8 @@ import { resetUserPassword, getUserByUsername } from '~/server/utils/database' -import { getAuthCookie } from '~/server/utils/auth' +import { getSessionUsername } from '~/server/utils/auth' export default defineEventHandler(async (event) => { - const username = getAuthCookie(event) + const username = await getSessionUsername(event) if (!username) { throw createError({ diff --git a/server/api/users/role/[id].put.ts b/server/api/users/role/[id].put.ts index 38d76c5..3cf253d 100644 --- a/server/api/users/role/[id].put.ts +++ b/server/api/users/role/[id].put.ts @@ -1,8 +1,8 @@ import { updateUserRole, getUserByUsername } from '~/server/utils/database' -import { getAuthCookie } from '~/server/utils/auth' +import { getSessionUsername } from '~/server/utils/auth' export default defineEventHandler(async (event) => { - const username = getAuthCookie(event) + const username = await getSessionUsername(event) if (!username) { throw createError({