fix: remove the prevalidation check for the burn route

The reason is that everyone should be able to delete their secret even though they do not have an account.
HemmeligOrg · Oct 31, 2023 · fb9bffd · fb9bffd
1 parent c8630da
commit fb9bffd
Showing 1 changed file with 11 additions and 17 deletions.
diff --git a/src/server/controllers/secret.js b/src/server/controllers/secret.js
@@ -176,27 +176,21 @@ async function secret(fastify) {
     );
 
     // This will burn the secret 🔥
-    fastify.post(
-        '/:id/burn',
-        {
-            preValidation: [fastify.authenticate],
-        },
-        async (request, reply) => {
-            const { id } = request.params;
+    fastify.post('/:id/burn', async (request, reply) => {
+        const { id } = request.params;
 
-            if (!isValidSecretId.test(id)) {
-                return reply.code(403).send({ error: 'Not a valid secret id' });
-            }
+        if (!isValidSecretId.test(id)) {
+            return reply.code(403).send({ error: 'Not a valid secret id' });
+        }
 
-            const response = await prisma.secret.delete({ where: { id } });
+        const response = await prisma.secret.delete({ where: { id } });
 
-            if (!response) {
-                return { error: 'Secret can not be burned before the expiration date' };
-            } else {
-                return { success: 'Secret is burned' };
-            }
+        if (!response) {
+            return { error: 'Secret can not be burned before the expiration date' };
+        } else {
+            return { success: 'Secret is burned' };
         }
-    );
+    });
 
     fastify.get('/:id/exist', async (request, reply) => {
         const { id } = request.params;