Switch to signed cookie auth and stop leaking player IDs

wwwroot/js/data.js

@@ -85,7 +85,6 @@ export function signatureSuggestions(list) {
     return JSON.stringify(
         list.map((s) => [
             s.id,
-            s.playerId,
             s.name,
             s.genre,
             s.description,
@@ -95,6 +94,7 @@ export function signatureSuggestions(list) {
             s.minPlayers,
             s.maxPlayers,
             s.parentSuggestionId,
+            s.isOwner,
         ]),
     );
 }

wwwroot/js/ui.js

@@ -147,7 +147,7 @@ export function renderVotes() {
         state.myVotes.map((v) => [v.suggestionId, v.score]),
     );
     sortByName(state.allSuggestions).forEach((s) => {
-        const canEdit = !!state.me?.isAdmin || s.playerId === state.me?.id;
+        const canEdit = !!state.me?.isAdmin || s.isOwner;
         const lockTitle = state.phase !== "Suggest" && !state.me?.isAdmin;
         const li = buildCard(s, {
             showAuthor: true,