File tree Expand file tree Collapse file tree
src/app/api/save-timetable Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -2,12 +2,18 @@ import { NextRequest, NextResponse } from 'next/server';
22import dbConnect from '@/lib/db' ;
33import Timetable from '@/models/timetable' ;
44import { generateShareId } from '@/lib/shareIDgenerate' ;
5+ import { getServerSession } from 'next-auth' ;
6+ import { authOptions } from '../auth/[...nextauth]/authOptions' ;
57
68export async function POST ( req : NextRequest ) {
79 await dbConnect ( ) ;
810 const body = await req . json ( ) ;
911
1012 const { title, slots, owner, isPublic } = body ;
13+ const session = await getServerSession ( authOptions ) ;
14+ if ( session ?. user ?. email !== owner ) {
15+ return NextResponse . json ( { error : 'Unauthorized' } , { status : 401 } ) ;
16+ }
1117
1218 if ( ! title || ! slots || ! owner ) {
1319 return NextResponse . json ( { error : 'Missing fields' } , { status : 400 } ) ;
You can’t perform that action at this time.
0 commit comments