fix: restrict access to the notes for unauthorized users

src/lib/notes.ts

@@ -1,4 +1,4 @@
-import { desc, eq } from "drizzle-orm";
+import { desc, eq, and } from "drizzle-orm";
 import { validate as uuidValidate } from "uuid";
 import { notesTable } from "./db/schema";
 import { getAuth } from "./auth";
@@ -16,9 +16,14 @@ export async function getNote(noteId: string) {
     return null;
   }
 
+  const auth = await getAuth();
+  if (!auth) {
+    return null;
+  }
+
   const notes = await db.select()
     .from(notesTable)
-    .where(eq(notesTable.id, noteId));
+    .where(and(eq(notesTable.id, noteId), eq(notesTable.authorId, auth.id)));
   
   if (notes.length === 0) {
     return null;