Fix auth/me returning nulls — auth endpoint was in public list

The auth endpoint was added to the public (no-auth) list so $currentUser
was never set. The me action now calls Auth::check() itself so it
validates the session cookie and returns the real user data.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-06-07 15:59:54 +00:00
parent 1e5a0a0210
commit 3af01ab614
+9 -6
View File
@@ -31,13 +31,16 @@ match ($action) {
Response::success(null, 'Logged out'); Response::success(null, 'Logged out');
})(), })(),
'me' => (function() use ($currentUser) { 'me' => (function() {
$auth = Auth::getInstance();
if (!$auth->check()) Response::error('Unauthorized', 401);
$u = $auth->user();
Response::success([ Response::success([
'id' => $currentUser['uid'], 'id' => $u['uid'] ?? $u['id'],
'username' => $currentUser['username'], 'username' => $u['username'],
'email' => $currentUser['email'], 'email' => $u['email'],
'role' => $currentUser['role'], 'role' => $u['role'],
'theme' => $currentUser['theme'], 'theme' => $u['theme'],
]); ]);
})(), })(),