Fix auth hook so it returns forbidden if the user is authenticated but not allowed to hit an endpoint.

src/lib/server/getRequestBody.ts

@@ -0,0 +1,16 @@
+export async function getRequestBody<T = unknown>(
+	req: Request,
+	validation?: (target: unknown) => target is T,
+): Promise<T> {
+	if (req.body === null) {
+		throw new Error("no body is present on the request");
+	}
+
+	const body = await req.json();
+
+	if (validation && !validation(body)) {
+		throw new Error("body validation failed");
+	}
+
+	return body;
+}