Use token authentication for API requests.

2026-02-11 16:17:13 +01:00 · 2020-09-17 22:52:20 -07:00 · 2020-09-17 22:52:20 -07:00 · 96bd7e5b47
commit 96bd7e5b47
parent bff8806b61
34 changed files with 198 additions and 153 deletions
--- a/pages/api/websites.js
+++ b/pages/api/websites.js
@ -7,13 +7,14 @@ export default async (req, res) => {

  const { user_id: current_user_id, is_admin } = req.auth;
  const { user_id } = req.query;
+  const userId = +user_id;

  if (req.method === 'GET') {
-    if (user_id && !is_admin) {
+    if (userId !== current_user_id && !is_admin) {
      return unauthorized(res);
    }

-    const websites = await getUserWebsites(+user_id || current_user_id);
+    const websites = await getUserWebsites(userId || current_user_id);

    return ok(res, websites);
  }