t510599/ntu-awd-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: message deletion permission check

Browse Source
This commit is contained in:
Tony Yang
2025-04-15 10:50:42 +08:00
parent 08366b6f7f
commit 7d2facedf3
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
functions/api/messages.js
+12
View File
@@ -71,6 +71,18 @@ export async function onRequestDelete(context) {
});
}
// Check if the message exists
const { results } = await env.DB.prepare("SELECT * FROM messages WHERE id = ?").bind(messageId).all();
if (results.length === 0) {
return createErrorResponse("Message not found", 404);
}
// Check if the user is the owner of the message
const message = results[0];
if (message.userId !== context.user.userId) {
return createErrorResponse("Unauthorized", 403);
}
// Delete the message from D1
await env.DB.prepare("DELETE FROM messages WHERE id = ?").bind(messageId).run();