Enhance security by adding role-checking functions in ESLint configuration and updating Vue components to improve content sanitization comments, while refining error handling in API endpoints for better clarity.

server/api/membership/generate-pdf.post.js

@@ -313,7 +313,7 @@ function getDataPath(filename) {
   // In der Produktion: process.cwd() ist .output, daher ein Verzeichnis zurück
   const isDev = process.env.NODE_ENV === 'development'
   const projectRoot = isDev ? process.cwd() : path.resolve(process.cwd(), '..')
-    // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
+  // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
   return path.join(projectRoot, 'server', 'data', filename)
 }
 

server/api/membership/update-status.put.js

@@ -39,8 +39,10 @@ export default defineEventHandler(async (event) => {
       })
     }
     
-    const dataDir = path.join(process.cwd(), 'server/data/membership-applications') // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
-    const filePath = path.join(dataDir, `${id}.json`) // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
+    // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
+    const dataDir = path.join(process.cwd(), 'server/data/membership-applications')
+    // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
+    const filePath = path.join(dataDir, `${id}.json`)
     
     // Antrag laden
     const fileContent = await fs.readFile(filePath, 'utf8')