rockfic/next
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(api): fix error not throwing on an illegal access of a full hidden story

Browse Source
This commit is contained in:
☙◦ The Tablet ❀ GamerGirlandCo ◦❧ 2023-12-09 16:56:57 -05:00
parent ee7ea24e4e
commit 37e9bcc17c
Signed by: tablet
GPG Key ID: 924A5F6AF051E87C
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
server/api/story/[id]/full.get.ts
View File

@ -2,13 +2,22 @@ import storyQuerier from "~/lib/server/dbHelpers/storyQuerier";
import chapterTransformer from "~/lib/server/dbHelpers/chapterTransformer"; import chapterTransformer from "~/lib/server/dbHelpers/chapterTransformer";
import storyCheck from "~/lib/server/middlewareButNotReally/storyCheck"; import storyCheck from "~/lib/server/middlewareButNotReally/storyCheck";
import isLoggedIn from "~/lib/server/middlewareButNotReally/isLoggedIn"; import isLoggedIn from "~/lib/server/middlewareButNotReally/isLoggedIn";
import { messages } from "~/lib/server/constants";
export default eventHandler(async (ev) => { export default eventHandler(async (ev) => {
isLoggedIn(ev); isLoggedIn(ev);
const s = await storyQuerier(ev); const s = await storyQuerier(ev);
const hidden = s.chapters.some((a) => a.hidden);
if (hidden && ev.context.currentUser?._id !== s.author._id) {
throw createError({
statusCode: 403,
message: messages[403],
});
}
const story = s.toObject(); const story = s.toObject();
for (let i = 0; i < story.chapters.length; i++) { for (let i = 0; i < story.chapters.length; i++) {
story.chapters[i] = await chapterTransformer(s, ev, i); story.chapters[i] = (await chapterTransformer(s, ev, i)).currentChapter;
} }
return story; return story;
}); });