misterkirill/Notra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: restrict access to the notes for unauthorized users

Browse Source
This commit is contained in:
Kirill Siukhin 2025-07-10 20:02:17 +05:00
parent 8540258576
commit 3b51161203
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/lib/notes.ts
View File

@ -1,4 +1,4 @@
import { desc, eq } from "drizzle-orm"; import { desc, eq, and } from "drizzle-orm";
import { validate as uuidValidate } from "uuid"; import { validate as uuidValidate } from "uuid";
import { notesTable } from "./db/schema"; import { notesTable } from "./db/schema";
import { getAuth } from "./auth"; import { getAuth } from "./auth";
@ -16,9 +16,14 @@ export async function getNote(noteId: string) {
return null; return null;
} }
const auth = await getAuth();
if (!auth) {
return null;
}
const notes = await db.select() const notes = await db.select()
.from(notesTable) .from(notesTable)
.where(eq(notesTable.id, noteId)); .where(and(eq(notesTable.id, noteId), eq(notesTable.authorId, auth.id)));
if (notes.length === 0) { if (notes.length === 0) {
return null; return null;