Made the user collection locked down so unauthorized people cant acce…

…ss it

src/hooks.server.ts

@@ -6,6 +6,7 @@ config();
 
 export async function handle ({ event, resolve }) {
     event.locals.pb = new PocketBase(process.env.VITE_PB_URL);
+    // event.locals.pb.authStore.save(process.env.POCKETBASE_TOKEN!, null);
     event.locals.pb.authStore.clear();
 
     const authCookie = event.cookies.get("pb_auth");

src/routes/+layout.server.ts

@@ -7,7 +7,11 @@ config();
 export async function load({ locals }) {
     if (locals.user) {
         try {
-            const user = await locals.pb.collection("users").getOne(locals.user.id);
+            const user = await locals.pb.collection("users").getOne(locals.user.id, {
+                headers: {
+                    "Authorization": "Bearer " + process.env.POCKETBASE_TOKEN!
+                }
+            });
 
             const records = await locals.pb.collection('calendar').getFullList({
                 filter: `owner = "${locals.user?.id}"`,

src/routes/oath/+server.ts

@@ -52,9 +52,10 @@ export async function GET({ locals, url, cookies }) {
     }
 
     try {
-        await locals.pb.collection("users").authWithOAuth2Code(provider.name, code, expectedVerifier, redirectURL, {
+        const res = await locals.pb.collection("users").authWithOAuth2Code(provider.name, code, expectedVerifier, redirectURL, {
             name: "New User",
         });
+        console.log({res});
         cookies.set("pb_auth", locals.pb.authStore.exportToCookie().split(";")[0], {
             path: "/"
         })

src/routes/settings/account/+page.server.ts

@@ -1,5 +1,7 @@
-import { error } from '@sveltejs/kit';
 import type { Actions } from './$types';
+import { config } from "dotenv";
+
+config();
 
 export async function load({ parent }) {
     await parent();
@@ -18,12 +20,20 @@ export const actions = {
         }
 
         try {
-            await locals.pb.collection("users").getFirstListItem(`username="${data.username}"`);
+            await locals.pb.collection("users").getFirstListItem(`username="${data.username}"`, {
+                headers: {
+                    "Authorization": "Bearer " + process.env.POCKETBASE_TOKEN!
+                }
+            });
         } catch (err) {
             //@ts-ignore
             if (err.status === 404) {
                 try {
-                    const { username } = await locals.pb.collection("users").update(locals.user.id, { username: data.username });
+                    const { username } = await locals.pb.collection("users").update(locals.user.id, { username: data.username }, {
+                        headers: {
+                            "Authorization": "Bearer " + process.env.POCKETBASE_TOKEN!
+                        }
+                    });
                     locals.user.username = username;
                     return {
                         success: true,

src/routes/settings/profile/+page.server.ts

@@ -1,4 +1,7 @@
 import type { Actions } from './$types';
+import { config } from "dotenv";
+
+config();
 
 export async function load({ parent }) {
     await parent();
@@ -21,7 +24,11 @@ export const actions = {
             } else {
                 data.delete("avatar");
             }
-            const { name, avatar } = await locals.pb.collection("users").update(locals.user?.id, data);
+            const { name, avatar } = await locals.pb.collection("users").update(locals.user?.id, data, {
+                headers: {
+                    "Authorization": "Bearer " + process.env.POCKETBASE_TOKEN!
+                }
+            });
 
             locals.user.name = name;
             locals.user.avatar = avatar;