import { json, error } from '@sveltejs/kit'; import type { RequestHandler } from './$types.js'; import { withBypassRLS } from '$lib/server/rls.js'; import { requireAuth } from '$lib/server/guards.js'; export const PATCH: RequestHandler = async ({ params, request, locals }) => { requireAuth(locals.user); const body = await request.json(); const notification = await withBypassRLS(async (tx) => { const existing = await tx.notification.findUnique({ where: { id: params.notificationId } }); if (!existing) throw error(404, 'Notification not found'); if (existing.userId !== locals.user!.id) throw error(403, 'Access denied'); return tx.notification.update({ where: { id: params.notificationId }, data: { read: body.read === true } }); }); return json({ notification }); };