Fix broken Access Control

# Security report

## Describe the bug

No access control implemented, the user data update endpoint is not authenticated so anyone can change any user data

## To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

I found a lot of logic that does not implement access control, one of which is:
```typescript
const submission = parse(formData, { schema: schemaUserFullName })
    if (!submission.value) return json(submission, { status: 400 })
    await modelUser.updateFullName(submission.value)
    await timer.delay()
    return json(submission)
```
```curl
curl 'https://bandungdev.com/user/settings?_data=routes%2Fuser.settings' --data-raw 'id=userId&intent=user-change-fullname&fullname=Hacked by jeager'
```

![Screenshot from 2024-07-07 00-16-25](https://github.com/bandungdevcom/bandungdev.com/assets/61510810/ddef2a59-a9ae-45bb-97ea-28b2bba840de)



## Reference

[OWASP Broken Access Control](https://owasp.org/Top10/A01_2021-Broken_Access_Control/)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Fix broken Access Control #64

Security report

Describe the bug

To Reproduce

Reference

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Fix broken Access Control #64

Description

Security report

Describe the bug

To Reproduce

Reference

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions