only show notes under request user's id

3 years ago · 970bea255f
parent 43c1978794
commit 970bea255f
2 changed files with 10 additions and 2 deletions
--- a/server/api/note.get.ts
+++ b/server/api/note.get.ts
@ -13,7 +13,14 @@ export default defineEventHandler(async (event) => {
 	const { data: note, error } = await supabase
 		.from('notes')
 		.select('*')
-		.eq('id', query.id);
+		.eq('id', query.id)
+		.eq('user_id', user.id)
+		.limit(1)
+		.single();

-	return { note: note ? note[0] : null, error: error };
+	if (!note) {
+		throw createError({ statusCode: 500, message: 'No note found' });
+	}
+
+	return { note: note, error: error };
 });
--- a/server/api/note/new.ts
+++ b/server/api/note/new.ts
@ -16,6 +16,7 @@ export default defineEventHandler(async (event) => {
 	const { data: note, error: fetchError } = await supabase
 		.from('notes')
 		.select('id')
+		.eq('user_id', user.id)
 		.order('created_at', { ascending: false })
 		.limit(1)
 		.single();