torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b69130c2b2ab342461f5f549290e55357d8a75a5
harheimertc/server/api/termine-manage.get.js
Torsten Schulz (local) e3cb7282bc
Some checks failed
Code Analysis and Production Deploy / analyze (push) Failing after 7m29s
Details
Code Analysis and Production Deploy / deploy-production (push) Has been skipped
Details
Code Analysis and Production Deploy / deploy-test (push) Has been skipped
Details
Android implementation of sportbetrieb, 401-fix
2026-06-13 00:30:06 +02:00

45 lines
1.1 KiB
JavaScript
Raw Blame History

import { verifyToken, getUserById, hasAnyRole } from '../utils/auth.js'
import { readTermine } from '../utils/termine.js'
export default defineEventHandler(async (event) => {
try {
const token = getCookie(event, 'auth_token') || getHeader(event, 'authorization')?.replace(/^Bearer\s+/i, '')
if (!token) {
throw createError({
statusCode: 401,
message: 'Nicht authentifiziert.'
})
}
const decoded = verifyToken(token)
if (!decoded) {
throw createError({
statusCode: 401,
message: 'Ungültiges Token.'
})
}
const user = await getUserById(decoded.id)
// Only admin and vorstand can manage termine
if (!user || !hasAnyRole(user, 'admin', 'vorstand')) {
throw createError({
statusCode: 403,
message: 'Keine Berechtigung zum Verwalten von Terminen.'
})
}
const termine = await readTermine()
return {
success: true,
termine
}
} catch (error) {
console.error('Fehler beim Abrufen der Termine:', error)
throw error
}
})
Reference in New Issue View Git Blame Copy Permalink