security fixes

server/api/notes/[sermonId].get.ts

@@ -1,8 +1,8 @@
 import { getSermonNote, getUserByUsername } from '~/server/utils/database'
-import { getAuthCookie } from '~/server/utils/auth'
+import { getSessionUsername } from '~/server/utils/auth'
 
 export default defineEventHandler(async (event) => {
-  const username = getAuthCookie(event)
+  const username = await getSessionUsername(event)
   
   if (!username) {
     throw createError({

server/api/notes/[sermonId].post.ts

@@ -1,8 +1,8 @@
 import { saveSermonNote, getUserByUsername } from '~/server/utils/database'
-import { getAuthCookie } from '~/server/utils/auth'
+import { getSessionUsername } from '~/server/utils/auth'
 
 export default defineEventHandler(async (event) => {
-  const username = getAuthCookie(event)
+  const username = await getSessionUsername(event)
   
   if (!username) {
     throw createError({

server/api/notes/download/[sermonId].get.ts

@@ -1,8 +1,8 @@
 import { getSermonNote, getUserByUsername, getDatabase } from '~/server/utils/database'
-import { getAuthCookie } from '~/server/utils/auth'
+import { getSessionUsername } from '~/server/utils/auth'
 
 export default defineEventHandler(async (event) => {
-  const username = getAuthCookie(event)
+  const username = await getSessionUsername(event)
   
   if (!username) {
     throw createError({

server/api/notes/email/[sermonId].post.ts

@@ -1,9 +1,9 @@
 import { getSermonNote, getSermonBySlug, getUserByUsername, getDatabase } from '~/server/utils/database'
-import { getAuthCookie } from '~/server/utils/auth'
+import { getSessionUsername } from '~/server/utils/auth'
 import { sendSermonNotesEmail } from '~/server/utils/email'
 
 export default defineEventHandler(async (event) => {
-  const username = getAuthCookie(event)
+  const username = await getSessionUsername(event)
   
   if (!username) {
     throw createError({