minor: heavily simplify server and app content. unify styling (#4)

Co-authored-by: Madison Grubb <madison@elastiflow.com>
Reviewed-on: #4

server/utils/authHelpers.js

@@ -1,20 +1,10 @@
-/**
- * Require authenticated user. Optionally require role. Throws 401 if none, 403 if role insufficient.
- * @param {import('h3').H3Event} event
- * @param {{ role?: 'admin' | 'adminOrLeader' }} [opts] - role: 'admin' = admin only; 'adminOrLeader' = admin or leader
- * @returns {{ id: string, identifier: string, role: string }} The current user.
- */
+const ROLES_ADMIN_OR_LEADER = Object.freeze(['admin', 'leader'])
+
 export function requireAuth(event, opts = {}) {
   const user = event.context.user
-  if (!user) {
-    throw createError({ statusCode: 401, message: 'Unauthorized' })
-  }
+  if (!user) throw createError({ statusCode: 401, message: 'Unauthorized' })
   const { role } = opts
-  if (role === 'admin' && user.role !== 'admin') {
-    throw createError({ statusCode: 403, message: 'Forbidden' })
-  }
-  if (role === 'adminOrLeader' && user.role !== 'admin' && user.role !== 'leader') {
-    throw createError({ statusCode: 403, message: 'Forbidden' })
-  }
+  if (role === 'admin' && user.role !== 'admin') throw createError({ statusCode: 403, message: 'Forbidden' })
+  if (role === 'adminOrLeader' && !ROLES_ADMIN_OR_LEADER.includes(user.role)) throw createError({ statusCode: 403, message: 'Forbidden' })
   return user
 }