fix(api): fix error not throwing on an illegal access of a full hidden story

server/api/story/[id]/full.get.ts

@@ -2,13 +2,22 @@ import storyQuerier from "~/lib/server/dbHelpers/storyQuerier";
 import chapterTransformer from "~/lib/server/dbHelpers/chapterTransformer";
 import storyCheck from "~/lib/server/middlewareButNotReally/storyCheck";
 import isLoggedIn from "~/lib/server/middlewareButNotReally/isLoggedIn";
+import { messages } from "~/lib/server/constants";
 
 export default eventHandler(async (ev) => {
 	isLoggedIn(ev);
 	const s = await storyQuerier(ev);
+	const hidden = s.chapters.some((a) => a.hidden);
+	if (hidden && ev.context.currentUser?._id !== s.author._id) {
+		throw createError({
+			statusCode: 403,
+			message: messages[403],
+		});
+	}
 	const story = s.toObject();
+
 	for (let i = 0; i < story.chapters.length; i++) {
-		story.chapters[i] = await chapterTransformer(s, ev, i);
+		story.chapters[i] = (await chapterTransformer(s, ev, i)).currentChapter;
 	}
 	return story;
 });