kuns/claudedo-online
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: scope every API endpoint to the token's sub; expose ownerId in DTOs

Browse Source 
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Claude
2026-06-11 08:27:26 +00:00
parent 0e16738624
commit 03fbe06a04
9 changed files with 36 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
server/api/tasks.get.ts
View File

@@ -1,11 +1,12 @@
// GET /api/tasks?consumed=false (desktop) — web-created tasks not yet imported.
export default defineEventHandler(async () => {
const rows = await getUnconsumed(getSql());
// GET /api/tasks?consumed=false (desktop) — the caller's web-created tasks not yet imported.
export default defineEventHandler(async (event) => {
const rows = await getUnconsumed(getSql(), ownerOf(event));
return rows.map((r) => ({
id: r.id,
listId: r.list_id,
title: r.title,
description: r.description,
ownerId: r.owner_id,
createdAt: new Date(r.created_at).toISOString(),
}));
});