All APIs must check user - Githubissues

Computing-For-All / nextjs-issue-tracker

Repository created to manage the UAT (User Acceptance Testing) workflow for the Next.js website. This repo will serve as a central hub for tracking issues, feedback, and improvements identified during testing phases, ensuring a smooth and efficient UAT process.

0 stars 0 forks source link

All APIs must check user #50

Open rorosaurus opened 4 days ago

rorosaurus commented 4 days ago

Duplicate Check

[x] I have searched for and didn't find any pre existing issue tracking this

Issue Type

Enhancement

Issue Description

APIs need to verify which user is calling them

For example, instead of sending a userID to update, the API not accept a userID and should identify the user from the session.

This prevents a user from updating details for a different user.

(Role guarding API routes will be handled by middleware)

URL of the Page

/api

Steps to Reproduce

Check every API and remove any params we can infer from session instead

Expected Behavior

No response

Additional Context

No response

Recommended Priority Level

High