Add authentication and validation to delete-interest API, refactor modal list item

- Add x-tag header authentication check to delete-interest endpoint - Add ID validation and improved error handling with proper typing - Refactor InterestDetailsModal v-select item template structure
2025-06-05 14:56:05 +02:00 · 2025-06-05 14:56:05 +02:00 · 94c5e3f140
parent ef091d7b29
commit 94c5e3f140
2 changed files with 27 additions and 11 deletions
--- a/components/InterestDetailsModal.vue
+++ b/components/InterestDetailsModal.vue
@ -389,15 +389,18 @@
                    <template v-slot:item="{ item, props }">
                      <v-list-item 
                        v-bind="props"
+                        :title="item.value"
                      >
                        <template v-slot:prepend>
                          <v-icon :color="getSalesLevelColor(item.value)">
                            mdi-circle
                          </v-icon>
                        </template>
-                        <v-list-item-title :style="{ color: getSalesLevelColor(item.value) }">
-                          {{ item.value }}
-                        </v-list-item-title>
+                        <template v-slot:title>
+                          <span :style="{ color: getSalesLevelColor(item.value) }">
+                            {{ item.value }}
+                          </span>
+                        </template>
                      </v-list-item>
                    </template>
                  </v-select>
--- a/server/api/delete-interest.ts
+++ b/server/api/delete-interest.ts
@ -1,11 +1,20 @@
 import { deleteInterest } from "~/server/utils/nocodb";

 export default defineEventHandler(async (event) => {
-  const body = await readBody(event);
-  const { id } = body;
-  const xTag = getHeader(event, "x-tag");
+  const xTagHeader = getRequestHeader(event, "x-tag");
+
+  if (!xTagHeader || xTagHeader !== "094ut234") {
+    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
+  }

  try {
+    const body = await readBody(event);
+    const { id } = body;
+
+    if (!id) {
+      throw createError({ statusCode: 400, statusMessage: "ID is required" });
+    }
+
    // Delete the interest from NocoDB
    await deleteInterest(id);
    
@ -13,10 +22,14 @@ export default defineEventHandler(async (event) => {
      success: true,
      message: "Interest deleted successfully",
    };
-  } catch (error: any) {
-    throw createError({
-      statusCode: 500,
-      statusMessage: error.message || "Failed to delete interest",
-    });
+  } catch (error) {
+    if (error instanceof Error) {
+      throw createError({ statusCode: 500, statusMessage: error.message });
+    } else {
+      throw createError({
+        statusCode: 500,
+        statusMessage: "An unexpected error occurred",
+      });
+    }
  }
 });