Let's say that on the client I call a function:
);```
and then on the server I have this:
export default async ({ req, res, log, error }) => {
if (req.path === "/")
{
const userId = req.headers['x-appwrite-user-id'];
log(userId);
}
...
}
Is it guaranteed that the userId on the server is the user who triggered the function or can it be spoofed? Does it need to be validated with x-appwrite-user-jwt? I am making it so that only users can execute the function also...