kuns/claudedo-online
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: scope every API endpoint to the token's sub; expose ownerId in DTOs

Browse Source 
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Claude
2026-06-11 08:27:26 +00:00
parent 0e16738624
commit 03fbe06a04
9 changed files with 36 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
server/api/lists.get.ts
View File

@@ -1,4 +1,5 @@
// GET /api/lists (web) — all lists.
export default defineEventHandler(async () => {
return getLists(getSql());
// GET /api/lists (web) — the caller's lists (plus legacy unowned).
export default defineEventHandler(async (event) => {
const rows = await getLists(getSql(), ownerOf(event));
return rows.map((r) => ({ id: r.id, name: r.name, ownerId: r.owner_id }));
});