security fixes

server/api/users/password/[id].put.ts

@@ -1,8 +1,8 @@
 import { resetUserPassword, getUserByUsername } from '~/server/utils/database'
-import { getAuthCookie } from '~/server/utils/auth'
+import { getSessionUsername } from '~/server/utils/auth'
 
 export default defineEventHandler(async (event) => {
-  const username = getAuthCookie(event)
+  const username = await getSessionUsername(event)
   
   if (!username) {
     throw createError({