kuns/claudedo-online
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: scope every API endpoint to the token's sub; expose ownerId in DTOs

Browse Source 
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Claude
2026-06-11 08:27:26 +00:00
parent 0e16738624
commit 03fbe06a04
9 changed files with 36 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/api/tasks/[id]/consume.post.ts
View File

@@ -1,6 +1,6 @@
// POST /api/tasks/:id/consume (desktop) — mark a web task imported. Idempotent.
// POST /api/tasks/:id/consume (desktop) — mark the caller's web task imported. Idempotent.
export default defineEventHandler(async (event) => {
const ok = await consume(getSql(), getRouterParam(event, "id")!);
const ok = await consume(getSql(), ownerOf(event), getRouterParam(event, "id")!);
if (!ok) {
throw createError({ statusCode: 404, statusMessage: "task not found" });
}