From 94c5e3f140c5d3ed2cd371577c598ad96826923f Mon Sep 17 00:00:00 2001
From: Matt <matt@letsbe.solutions>
Date: Thu, 5 Jun 2025 14:56:05 +0200
Subject: [PATCH] Add authentication and validation to delete-interest API,
 refactor modal list item

- Add x-tag header authentication check to delete-interest endpoint
- Add ID validation and improved error handling with proper typing
- Refactor InterestDetailsModal v-select item template structure
---
 components/InterestDetailsModal.vue |  9 ++++++---
 server/api/delete-interest.ts       | 29 +++++++++++++++++++++--------
 2 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/components/InterestDetailsModal.vue b/components/InterestDetailsModal.vue
index 2d9df19..37b45e5 100644
--- a/components/InterestDetailsModal.vue
+++ b/components/InterestDetailsModal.vue
@@ -389,15 +389,18 @@
                     <template v-slot:item="{ item, props }">
                       <v-list-item 
                         v-bind="props"
+                        :title="item.value"
                       >
                         <template v-slot:prepend>
                           <v-icon :color="getSalesLevelColor(item.value)">
                             mdi-circle
                           </v-icon>
                         </template>
-                        <v-list-item-title :style="{ color: getSalesLevelColor(item.value) }">
-                          {{ item.value }}
-                        </v-list-item-title>
+                        <template v-slot:title>
+                          <span :style="{ color: getSalesLevelColor(item.value) }">
+                            {{ item.value }}
+                          </span>
+                        </template>
                       </v-list-item>
                     </template>
                   </v-select>
diff --git a/server/api/delete-interest.ts b/server/api/delete-interest.ts
index df48366..e948e0f 100644
--- a/server/api/delete-interest.ts
+++ b/server/api/delete-interest.ts
@@ -1,11 +1,20 @@
 import { deleteInterest } from "~/server/utils/nocodb";
 
 export default defineEventHandler(async (event) => {
-  const body = await readBody(event);
-  const { id } = body;
-  const xTag = getHeader(event, "x-tag");
+  const xTagHeader = getRequestHeader(event, "x-tag");
+
+  if (!xTagHeader || xTagHeader !== "094ut234") {
+    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
+  }
 
   try {
+    const body = await readBody(event);
+    const { id } = body;
+
+    if (!id) {
+      throw createError({ statusCode: 400, statusMessage: "ID is required" });
+    }
+
     // Delete the interest from NocoDB
     await deleteInterest(id);
     
@@ -13,10 +22,14 @@ export default defineEventHandler(async (event) => {
       success: true,
       message: "Interest deleted successfully",
     };
-  } catch (error: any) {
-    throw createError({
-      statusCode: 500,
-      statusMessage: error.message || "Failed to delete interest",
-    });
+  } catch (error) {
+    if (error instanceof Error) {
+      throw createError({ statusCode: 500, statusMessage: error.message });
+    } else {
+      throw createError({
+        statusCode: 500,
+        statusMessage: "An unexpected error occurred",
+      });
+    }
   }
 });