jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Zod validation to all API endpoints and remove debug test route

Browse source 
Adds schema-based input validation across helcim, events, members,
series, admin, and updates API endpoints. Removes the peer-support
debug test endpoint. Adds validation test coverage.
This commit is contained in:
Jennie Robinson Faber 2026-03-01 17:04:26 +00:00
parent e4813075b7
commit 025c1a180f
38 changed files with 1132 additions and 309 deletions
Download patch file Download diff file Expand all files Collapse all files

12
server/api/admin/events/[id].put.js
View file

@ -7,15 +7,7 @@ export default defineEventHandler(async (event) => {
await requireAdmin(event)
const eventId = getRouterParam(event, 'id')
const body = await readBody(event)
// Validate required fields
if (!body.title || !body.description || !body.startDate || !body.endDate) {
throw createError({
statusCode: 400,
statusMessage: 'Missing required fields'
})
}
const body = await validateBody(event, adminEventUpdateSchema)
await connectDB()
@ -63,7 +55,7 @@ export default defineEventHandler(async (event) => {
console.error('Error updating event:', error)
throw createError({
statusCode: 500,
statusMessage: error.message || 'Failed to update event'
statusMessage: 'An unexpected error occurred'
})
}
})

10
server/api/admin/members.post.js
View file

@ -6,15 +6,7 @@ export default defineEventHandler(async (event) => {
try {
await requireAdmin(event)
const body = await readBody(event)
// Validate required fields
if (!body.name || !body.email || !body.circle || !body.contributionTier) {
throw createError({
statusCode: 400,
statusMessage: 'Missing required fields'
})
}
const body = await validateBody(event, adminMemberCreateSchema)
await connectDB()

13
server/api/admin/series.post.js
View file

@ -7,15 +7,7 @@ export default defineEventHandler(async (event) => {
const admin = await requireAdmin(event)
await connectDB()
const body = await readBody(event)
// Validate required fields
if (!body.id || !body.title || !body.description) {
throw createError({
statusCode: 400,
statusMessage: 'Series ID, title, and description are required'
})
}
const body = await validateBody(event, adminSeriesCreateSchema)
// Create new series
const newSeries = new Series({
@ -43,9 +35,10 @@ export default defineEventHandler(async (event) => {
})
}
if (error.statusCode) throw error
throw createError({
statusCode: 500,
statusMessage: error.message || 'Failed to create series'
statusMessage: 'An unexpected error occurred'
})
}
})

12
server/api/admin/series.put.js
View file

@ -8,16 +8,9 @@ export default defineEventHandler(async (event) => {
await requireAdmin(event)
await connectDB()
const body = await readBody(event)
const body = await validateBody(event, adminSeriesUpdateSchema)
const { id, title, description, type, totalEvents } = body
if (!id || !title) {
throw createError({
statusCode: 400,
statusMessage: 'Series ID and title are required'
})
}
// Update the series record
const updatedSeries = await Series.findOneAndUpdate(
{ id },
@ -55,10 +48,11 @@ export default defineEventHandler(async (event) => {
return updatedSeries
} catch (error) {
if (error.statusCode) throw error
console.error('Error updating series:', error)
throw createError({
statusCode: 500,
statusMessage: 'Failed to update series'
statusMessage: 'An unexpected error occurred'
})
}
})

5
server/api/admin/series/[id].put.js
View file

@ -9,7 +9,7 @@ export default defineEventHandler(async (event) => {
await connectDB()
const id = getRouterParam(event, 'id')
const body = await readBody(event)
const body = await validateBody(event, adminSeriesItemUpdateSchema)
if (!id) {
throw createError({
@ -55,10 +55,11 @@ export default defineEventHandler(async (event) => {
data: series
}
} catch (error) {
if (error.statusCode) throw error
console.error('Error updating series:', error)
throw createError({
statusCode: 500,
statusMessage: error.message || 'Failed to update series'
statusMessage: 'An unexpected error occurred'
})
}
})

16
server/api/admin/series/tickets.put.js
View file

@ -8,23 +8,9 @@ export default defineEventHandler(async (event) => {
await requireAdmin(event)
await connectDB()
const body = await readBody(event)
const body = await validateBody(event, adminSeriesTicketsSchema)
const { id, tickets } = body
if (!id) {
throw createError({
statusCode: 400,
statusMessage: 'Series ID is required'
})
}
if (!tickets) {
throw createError({
statusCode: 400,
statusMessage: 'Tickets configuration is required'
})
}
// Find the series
const series = await Series.findOne({ id })

10
server/api/auth/verify.get.js
View file

@ -29,6 +29,13 @@ export default defineEventHandler(async (event) => {
statusMessage: 'Member not found'
})
}
if (member.status === 'suspended' || member.status === 'cancelled') {
throw createError({
statusCode: 403,
statusMessage: 'Account is ' + member.status
})
}
// Create a new session token for the authenticated user
const sessionToken = jwt.sign(
@ -49,6 +56,9 @@ export default defineEventHandler(async (event) => {
await sendRedirect(event, '/members', 302)
} catch (err) {
if (err.statusCode && err.statusCode !== 401) {
throw err
}
throw createError({
statusCode: 401,
statusMessage: 'Invalid or expired token'

9
server/api/events/[id]/cancel-registration.post.js
View file

@ -6,16 +6,9 @@ import {
export default defineEventHandler(async (event) => {
const id = getRouterParam(event, "id");
const body = await readBody(event);
const body = await validateBody(event, cancelRegistrationSchema);
const { email } = body;
if (!email) {
throw createError({
statusCode: 400,
statusMessage: "Email is required",
});
}
try {
// Check if id is a valid ObjectId or treat as slug
const isObjectId = /^[0-9a-fA-F]{24}$/.test(id);

9
server/api/events/[id]/check-registration.post.js
View file

@ -2,16 +2,9 @@ import Event from "../../../models/event";
export default defineEventHandler(async (event) => {
const id = getRouterParam(event, "id");
const body = await readBody(event);
const body = await validateBody(event, checkRegistrationSchema);
const { email } = body;
if (!email) {
throw createError({
statusCode: 400,
statusMessage: "Email is required",
});
}
try {
// Check if id is a valid ObjectId or treat as slug
const isObjectId = /^[0-9a-fA-F]{24}$/.test(id);

12
server/api/events/[id]/guest-register.post.js
View file

@ -6,8 +6,8 @@ export default defineEventHandler(async (event) => {
try {
await connectDB()
const identifier = getRouterParam(event, 'id')
const body = await readBody(event)
const body = await validateBody(event, guestRegisterSchema)
if (!identifier) {
throw createError({
statusCode: 400,
@ -15,14 +15,6 @@ export default defineEventHandler(async (event) => {
})
}
// Validate required fields for guest registration
if (!body.name || !body.email) {
throw createError({
statusCode: 400,
statusMessage: 'Name and email are required'
})
}
// Fetch the event
let eventData
if (mongoose.Types.ObjectId.isValid(identifier)) {

12
server/api/events/[id]/payment.post.js
View file

@ -8,8 +8,8 @@ export default defineEventHandler(async (event) => {
try {
await connectDB()
const identifier = getRouterParam(event, 'id')
const body = await readBody(event)
const body = await validateBody(event, eventPaymentSchema)
if (!identifier) {
throw createError({
statusCode: 400,
@ -17,14 +17,6 @@ export default defineEventHandler(async (event) => {
})
}
// Validate required payment fields
if (!body.name || !body.email || !body.paymentToken) {
throw createError({
statusCode: 400,
statusMessage: 'Name, email, and payment token are required'
})
}
// Fetch the event
let eventData
if (mongoose.Types.ObjectId.isValid(identifier)) {

9
server/api/events/[id]/tickets/check-eligibility.post.js
View file

@ -9,14 +9,7 @@ import { connectDB } from "../../../../utils/mongoose.js";
export default defineEventHandler(async (event) => {
try {
await connectDB();
const body = await readBody(event);
if (!body.email) {
throw createError({
statusCode: 400,
statusMessage: "Email is required",
});
}
const body = await validateBody(event, ticketEligibilitySchema);
// Check if user is a member
const member = await Member.findOne({

10
server/api/events/[id]/tickets/purchase.post.js
View file

@ -18,7 +18,7 @@ export default defineEventHandler(async (event) => {
try {
await connectDB();
const identifier = getRouterParam(event, "id");
const body = await readBody(event);
const body = await validateBody(event, ticketPurchaseSchema);
if (!identifier) {
throw createError({
@ -27,14 +27,6 @@ export default defineEventHandler(async (event) => {
});
}
// Validate required fields
if (!body.name || !body.email) {
throw createError({
statusCode: 400,
statusMessage: "Name and email are required",
});
}
// Fetch the event
let eventData;
if (mongoose.Types.ObjectId.isValid(identifier)) {

9
server/api/events/[id]/tickets/reserve.post.js
View file

@ -16,7 +16,7 @@ export default defineEventHandler(async (event) => {
try {
await connectDB();
const identifier = getRouterParam(event, "id");
const body = await readBody(event);
const body = await validateBody(event, ticketReserveSchema);
if (!identifier) {
throw createError({
@ -25,13 +25,6 @@ export default defineEventHandler(async (event) => {
});
}
if (!body.email) {
throw createError({
statusCode: 400,
statusMessage: "Email is required",
});
}
// Fetch the event
let eventData;
if (mongoose.Types.ObjectId.isValid(identifier)) {

9
server/api/events/[id]/waitlist.delete.js
View file

@ -2,17 +2,10 @@ import Event from "../../../models/event";
export default defineEventHandler(async (event) => {
const id = getRouterParam(event, "id");
const body = await readBody(event);
const body = await validateBody(event, waitlistDeleteSchema);
const { email } = body;
if (!email) {
throw createError({
statusCode: 400,
statusMessage: "Email is required",
});
}
try {
// Find event by ID or slug
const eventData = await Event.findOne({

9
server/api/events/[id]/waitlist.post.js
View file

@ -3,17 +3,10 @@ import Member from "../../../models/member";
export default defineEventHandler(async (event) => {
const id = getRouterParam(event, "id");
const body = await readBody(event);
const body = await validateBody(event, waitlistSchema);
const { name, email, membershipLevel } = body;
if (!email) {
throw createError({
statusCode: 400,
statusMessage: "Email is required",
});
}
try {
// Find event by ID or slug
const eventData = await Event.findOne({

18
server/api/helcim/create-plan.post.js
View file

@ -3,16 +3,9 @@ const HELCIM_API_BASE = 'https://api.helcim.com/v2'
export default defineEventHandler(async (event) => {
try {
await requireAdmin(event)
const config = useRuntimeConfig(event)
const body = await readBody(event)
// Validate required fields
if (!body.name || !body.amount || !body.frequency) {
throw createError({
statusCode: 400,
statusMessage: 'Name, amount, and frequency are required'
})
}
const body = await validateBody(event, helcimCreatePlanSchema)
const helcimToken = config.public.helcimToken || process.env.NUXT_PUBLIC_HELCIM_TOKEN
@ -38,7 +31,7 @@ export default defineEventHandler(async (event) => {
throw createError({
statusCode: response.status,
statusMessage: `Failed to create payment plan: ${errorText}`
statusMessage: 'Payment plan creation failed'
})
}
@ -50,10 +43,11 @@ export default defineEventHandler(async (event) => {
}
} catch (error) {
if (error.statusCode) throw error
console.error('Error creating Helcim payment plan:', error)
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || 'Failed to create payment plan'
statusCode: 500,
statusMessage: 'An unexpected error occurred'
})
}
})

7
server/api/helcim/customer-code.get.js
View file

@ -61,7 +61,7 @@ export default defineEventHandler(async (event) => {
const errorText = await response.text()
throw createError({
statusCode: response.status,
statusMessage: `Failed to get customer: ${errorText}`
statusMessage: 'Customer lookup failed'
})
}
@ -74,10 +74,11 @@ export default defineEventHandler(async (event) => {
}
} catch (error) {
if (error.statusCode) throw error
console.error('Error getting customer code:', error)
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || 'Failed to get customer code'
statusCode: 500,
statusMessage: 'An unexpected error occurred'
})
}
})

19
server/api/helcim/customer.post.js
View file

@ -9,15 +9,7 @@ export default defineEventHandler(async (event) => {
try {
await connectDB()
const config = useRuntimeConfig(event)
const body = await readBody(event)
// Validate required fields
if (!body.name || !body.email) {
throw createError({
statusCode: 400,
statusMessage: 'Name and email are required'
})
}
const body = await validateBody(event, helcimCustomerSchema)
// Check if member already exists
const existingMember = await Member.findOne({ email: body.email })
@ -58,7 +50,7 @@ export default defineEventHandler(async (event) => {
console.error('Connection test failed:', testError)
throw createError({
statusCode: 401,
statusMessage: `Helcim API connection failed: ${testError.message}`
statusMessage: 'Payment service unavailable'
})
}
@ -82,7 +74,7 @@ export default defineEventHandler(async (event) => {
console.error('Customer creation failed:', customerResponse.status, errorText)
throw createError({
statusCode: customerResponse.status,
statusMessage: `Failed to create customer: ${errorText}`
statusMessage: 'Customer creation failed'
})
}
@ -133,10 +125,11 @@ export default defineEventHandler(async (event) => {
}
}
} catch (error) {
if (error.statusCode) throw error
console.error('Error creating Helcim customer:', error)
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || 'Failed to create customer'
statusCode: 500,
statusMessage: 'An unexpected error occurred'
})
}
})

7
server/api/helcim/get-or-create-customer.post.js
View file

@ -100,7 +100,7 @@ export default defineEventHandler(async (event) => {
console.error('Failed to create Helcim customer:', createResponse.status, errorText)
throw createError({
statusCode: createResponse.status,
statusMessage: `Failed to create Helcim customer: ${errorText}`
statusMessage: 'Customer creation failed'
})
}
@ -118,10 +118,11 @@ export default defineEventHandler(async (event) => {
}
} catch (error) {
if (error.statusCode) throw error
console.error('Error in get-or-create-customer:', error)
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || 'Failed to get or create customer'
statusCode: 500,
statusMessage: 'An unexpected error occurred'
})
}
})

9
server/api/helcim/initialize-payment.post.js
View file

@ -7,7 +7,7 @@ export default defineEventHandler(async (event) => {
try {
await requireAuth(event);
const config = useRuntimeConfig(event);
const body = await readBody(event);
const body = await validateBody(event, helcimInitializePaymentSchema);
const helcimToken =
@ -64,7 +64,7 @@ export default defineEventHandler(async (event) => {
);
throw createError({
statusCode: response.status,
statusMessage: `Failed to initialize payment: ${errorText}`,
statusMessage: 'Payment initialization failed',
});
}
@ -76,10 +76,11 @@ export default defineEventHandler(async (event) => {
secretToken: paymentData.secretToken,
};
} catch (error) {
if (error.statusCode) throw error;
console.error("Error initializing HelcimPay:", error);
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || "Failed to initialize payment",
statusCode: 500,
statusMessage: "An unexpected error occurred",
});
}
});

6
server/api/helcim/plans.get.js
View file

@ -3,6 +3,7 @@ const HELCIM_API_BASE = 'https://api.helcim.com/v2'
export default defineEventHandler(async (event) => {
try {
await requireAdmin(event)
const config = useRuntimeConfig(event)
const helcimToken = config.public.helcimToken || process.env.NUXT_PUBLIC_HELCIM_TOKEN
@ -30,10 +31,11 @@ export default defineEventHandler(async (event) => {
}
} catch (error) {
if (error.statusCode) throw error
console.error('Error fetching Helcim payment plans:', error)
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || 'Failed to fetch payment plans'
statusCode: 500,
statusMessage: 'An unexpected error occurred'
})
}
})

71
server/api/helcim/subscription.post.js
View file

@ -76,22 +76,7 @@ export default defineEventHandler(async (event) => {
await requireAuth(event)
await connectDB()
const config = useRuntimeConfig(event)
const body = await readBody(event)
// Validate required fields
if (!body.customerId || !body.contributionTier) {
throw createError({
statusCode: 400,
statusMessage: 'Customer ID and contribution tier are required'
})
}
if (!body.customerCode) {
throw createError({
statusCode: 400,
statusMessage: 'Customer code is required for subscription creation'
})
}
const body = await validateBody(event, helcimSubscriptionSchema)
// Check if payment is required
if (!requiresPayment(body.contributionTier)) {
@ -112,7 +97,14 @@ export default defineEventHandler(async (event) => {
return {
success: true,
subscription: null,
member
member: {
id: member._id,
email: member.email,
name: member.name,
circle: member.circle,
contributionTier: member.contributionTier,
status: member.status
}
}
}
@ -152,7 +144,14 @@ export default defineEventHandler(async (event) => {
status: 'needs_plan_setup',
nextBillingDate: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000)
},
member,
member: {
id: member._id,
email: member.email,
name: member.name,
circle: member.circle,
contributionTier: member.contributionTier,
status: member.status
},
warning: `Payment successful but recurring plan needs to be set up in Helcim for the ${body.contributionTier} tier`
}
}
@ -222,17 +221,23 @@ export default defineEventHandler(async (event) => {
subscription: {
subscriptionId: 'manual-' + Date.now(),
status: 'needs_setup',
error: errorText,
nextBillingDate: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000)
},
member,
member: {
id: member._id,
email: member.email,
name: member.name,
circle: member.circle,
contributionTier: member.contributionTier,
status: member.status
},
warning: 'Payment successful but recurring subscription needs manual setup'
}
}
throw createError({
statusCode: subscriptionResponse.status,
statusMessage: `Failed to create subscription: ${errorText}`
statusMessage: 'Subscription creation failed'
})
}
@ -267,7 +272,14 @@ export default defineEventHandler(async (event) => {
status: subscription.status,
nextBillingDate: subscription.nextBillingDate
},
member
member: {
id: member._id,
email: member.email,
name: member.name,
circle: member.circle,
contributionTier: member.contributionTier,
status: member.status
}
}
} catch (fetchError) {
console.error('Error during subscription creation:', fetchError)
@ -294,18 +306,25 @@ export default defineEventHandler(async (event) => {
subscription: {
subscriptionId: 'manual-' + Date.now(),
status: 'needs_setup',
error: fetchError.message,
nextBillingDate: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000)
},
member,
member: {
id: member._id,
email: member.email,
name: member.name,
circle: member.circle,
contributionTier: member.contributionTier,
status: member.status
},
warning: 'Payment successful but recurring subscription needs manual setup'
}
}
} catch (error) {
if (error.statusCode) throw error
console.error('Error creating Helcim subscription:', error)
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || 'Failed to create subscription'
statusCode: 500,
statusMessage: 'An unexpected error occurred'
})
}
})

6
server/api/helcim/subscriptions.get.js
View file

@ -3,6 +3,7 @@ const HELCIM_API_BASE = 'https://api.helcim.com/v2'
export default defineEventHandler(async (event) => {
try {
await requireAdmin(event)
const config = useRuntimeConfig(event)
const helcimToken = config.public.helcimToken || process.env.NUXT_PUBLIC_HELCIM_TOKEN
@ -30,10 +31,11 @@ export default defineEventHandler(async (event) => {
}
} catch (error) {
if (error.statusCode) throw error
console.error('Error fetching Helcim subscriptions:', error)
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || 'Failed to fetch subscriptions'
statusCode: 500,
statusMessage: 'An unexpected error occurred'
})
}
})

25
server/api/helcim/update-billing.post.js
View file

@ -7,25 +7,9 @@ export default defineEventHandler(async (event) => {
try {
await requireAuth(event)
const config = useRuntimeConfig(event)
const body = await readBody(event)
// Validate required fields
if (!body.customerId || !body.billingAddress) {
throw createError({
statusCode: 400,
statusMessage: 'Customer ID and billing address are required'
})
}
const body = await validateBody(event, helcimUpdateBillingSchema)
const { billingAddress } = body
// Validate billing address fields
if (!billingAddress.street || !billingAddress.city || !billingAddress.country || !billingAddress.postalCode) {
throw createError({
statusCode: 400,
statusMessage: 'Complete billing address is required'
})
}
const helcimToken = config.public.helcimToken || process.env.NUXT_PUBLIC_HELCIM_TOKEN
@ -54,7 +38,7 @@ export default defineEventHandler(async (event) => {
console.error('Billing address update failed:', response.status, errorText)
throw createError({
statusCode: response.status,
statusMessage: `Failed to update billing address: ${errorText}`
statusMessage: 'Billing update failed'
})
}
@ -65,10 +49,11 @@ export default defineEventHandler(async (event) => {
customer: customerData
}
} catch (error) {
if (error.statusCode) throw error
console.error('Error updating billing address:', error)
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || 'Failed to update billing address'
statusCode: 500,
statusMessage: 'An unexpected error occurred'
})
}
})

18
server/api/members/create.post.js
View file

@ -100,14 +100,24 @@ export default defineEventHandler(async (event) => {
// TODO: Send welcome email
return { success: true, member }
return {
success: true,
member: {
id: member._id,
email: member.email,
name: member.name,
circle: member.circle,
contributionTier: member.contributionTier,
status: member.status
}
}
} catch (error) {
if (error.statusCode) {
throw error
}
throw createError({
statusCode: 400,
statusMessage: error.message
throw createError({
statusCode: 400,
statusMessage: 'Member creation failed'
})
}
})

2
server/api/members/me/peer-support.patch.js
View file

@ -25,7 +25,7 @@ export default defineEventHandler(async (event) => {
});
}
const body = await readBody(event);
const body = await validateBody(event, peerSupportUpdateSchema);
// Build update object for peer support settings
const updateData = {

29
server/api/members/update-contribution.post.js
View file

@ -14,7 +14,7 @@ export default defineEventHandler(async (event) => {
try {
await connectDB();
const config = useRuntimeConfig(event);
const body = await readBody(event);
const body = await validateBody(event, updateContributionSchema);
const token = getCookie(event, "auth-token");
if (!token) {
@ -35,17 +35,6 @@ export default defineEventHandler(async (event) => {
});
}
// Validate contribution tier
if (
!body.contributionTier ||
!isValidContributionValue(body.contributionTier)
) {
throw createError({
statusCode: 400,
statusMessage: "Invalid contribution tier",
});
}
// Get member
const member = await Member.findById(decoded.memberId);
if (!member) {
@ -63,7 +52,6 @@ export default defineEventHandler(async (event) => {
return {
success: true,
message: "Already on this tier",
member,
};
}
@ -186,7 +174,7 @@ export default defineEventHandler(async (event) => {
if (!subscriptionResponse.ok) {
const errorText = await subscriptionResponse.text();
console.error("Failed to create subscription:", errorText);
throw new Error(`Failed to create subscription: ${errorText}`);
throw new Error('Subscription creation failed');
}
const subscriptionData = await subscriptionResponse.json();
@ -206,7 +194,6 @@ export default defineEventHandler(async (event) => {
return {
success: true,
message: "Successfully upgraded to paid tier",
member,
subscription: {
subscriptionId: subscription.id,
status: subscription.status,
@ -262,7 +249,6 @@ export default defineEventHandler(async (event) => {
return {
success: true,
message: "Successfully downgraded to free tier",
member,
};
}
@ -311,7 +297,7 @@ export default defineEventHandler(async (event) => {
response.status,
errorText,
);
throw new Error(`Failed to update subscription: ${errorText}`);
throw new Error('Subscription update failed');
}
const subscriptionData = await response.json();
@ -323,14 +309,13 @@ export default defineEventHandler(async (event) => {
return {
success: true,
message: "Successfully updated contribution level",
member,
subscription: subscriptionData,
};
} catch (error) {
console.error("Error updating Helcim subscription:", error);
throw createError({
statusCode: 500,
statusMessage: error.message || "Failed to update subscription",
statusMessage: "Subscription update failed",
});
}
}
@ -342,13 +327,13 @@ export default defineEventHandler(async (event) => {
return {
success: true,
message: "Successfully updated contribution level",
member,
};
} catch (error) {
if (error.statusCode) throw error;
console.error("Error updating contribution tier:", error);
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || "Failed to update contribution tier",
statusCode: 500,
statusMessage: "An unexpected error occurred",
});
}
});

11
server/api/series/[id]/tickets/check-eligibility.post.js
View file

@ -2,17 +2,10 @@ import Member from "../../../../models/member.js";
export default defineEventHandler(async (event) => {
try {
const body = await readBody(event);
const body = await validateBody(event, seriesTicketEligibilitySchema);
const { email } = body;
if (!email) {
return {
isMember: false,
message: "Email is required",
};
}
const member = await Member.findOne({ email: email.toLowerCase() });
const member = await Member.findOne({ email });
if (!member) {
return {

10
server/api/series/[id]/tickets/purchase.post.js
View file

@ -14,17 +14,9 @@ import { sendSeriesPassConfirmation } from "../../../../utils/resend.js";
export default defineEventHandler(async (event) => {
try {
const seriesId = getRouterParam(event, "id");
const body = await readBody(event);
const body = await validateBody(event, seriesTicketPurchaseSchema);
const { name, email, paymentId } = body;
// Validate input
if (!name || !email) {
throw createError({
statusCode: 400,
statusMessage: "Name and email are required",
});
}
// Fetch series
// Build query conditions based on whether seriesId looks like ObjectId or string
const isObjectId = /^[0-9a-fA-F]{24}$/.test(seriesId);

28
server/api/test/peer-support-debug.get.js
View file

@ -1,28 +0,0 @@
import jwt from "jsonwebtoken";
import Member from "../../models/member.js";
import { connectDB } from "../../utils/mongoose.js";
export default defineEventHandler(async (event) => {
await connectDB();
const token = getCookie(event, "auth-token");
if (!token) {
throw createError({ statusCode: 401, statusMessage: "Not authenticated" });
}
let memberId;
try {
const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret);
memberId = decoded.memberId;
} catch (err) {
throw createError({ statusCode: 401, statusMessage: "Invalid token" });
}
const member = await Member.findById(memberId).select("name peerSupport slackUserId");
return {
name: member.name,
peerSupport: member.peerSupport,
slackUserId: member.slackUserId,
};
});

2
server/api/updates/[id].patch.js
View file

@ -26,7 +26,7 @@ export default defineEventHandler(async (event) => {
}
const id = getRouterParam(event, "id");
const body = await readBody(event);
const body = await validateBody(event, updatePatchSchema);
try {
const update = await Update.findById(id);

232
server/utils/schemas.js
View file

@ -64,6 +64,135 @@ export const paymentVerifySchema = z.object({
customerId: z.string().min(1)
})
// --- Helcim schemas ---
export const helcimCreatePlanSchema = z.object({
name: z.string().min(1).max(200),
amount: z.union([z.string().min(1), z.number().positive()]),
frequency: z.string().min(1).max(50),
currency: z.string().max(10).optional()
})
export const helcimCustomerSchema = z.object({
name: z.string().min(1).max(200),
email: z.string().trim().toLowerCase().email(),
circle: z.enum(['community', 'founder', 'practitioner']).optional(),
contributionTier: z.enum(['0', '5', '15', '30', '50']).optional()
})
export const helcimInitializePaymentSchema = z.object({
amount: z.number().min(0).optional(),
customerCode: z.string().max(200).optional(),
metadata: z.object({
type: z.string().max(100).optional(),
eventTitle: z.string().max(500).optional(),
eventId: z.string().max(200).optional()
}).optional()
})
export const helcimSubscriptionSchema = z.object({
customerId: z.union([z.string().min(1), z.number()]),
contributionTier: z.enum(['0', '5', '15', '30', '50']),
customerCode: z.string().min(1).max(200),
cardToken: z.string().max(500).optional()
})
export const helcimUpdateBillingSchema = z.object({
customerId: z.union([z.string().min(1), z.number()]),
billingAddress: z.object({
name: z.string().max(200).optional(),
street: z.string().min(1).max(500),
city: z.string().min(1).max(200),
province: z.string().max(200).optional(),
state: z.string().max(200).optional(),
country: z.string().min(1).max(100),
postalCode: z.string().min(1).max(20)
})
})
// --- Event ticket/registration schemas ---
export const ticketPurchaseSchema = z.object({
name: z.string().min(1).max(200),
email: z.string().trim().toLowerCase().email(),
transactionId: z.string().max(500).optional()
})
export const ticketReserveSchema = z.object({
email: z.string().trim().toLowerCase().email()
})
export const ticketEligibilitySchema = z.object({
email: z.string().trim().toLowerCase().email()
})
export const waitlistSchema = z.object({
name: z.string().max(200).optional(),
email: z.string().trim().toLowerCase().email(),
membershipLevel: z.string().max(100).optional()
})
export const waitlistDeleteSchema = z.object({
email: z.string().trim().toLowerCase().email()
})
export const cancelRegistrationSchema = z.object({
email: z.string().trim().toLowerCase().email()
})
export const checkRegistrationSchema = z.object({
email: z.string().trim().toLowerCase().email()
})
export const guestRegisterSchema = z.object({
name: z.string().min(1).max(200),
email: z.string().trim().toLowerCase().email()
})
export const eventPaymentSchema = z.object({
name: z.string().min(1).max(200),
email: z.string().trim().toLowerCase().email(),
paymentToken: z.string().min(1).max(500)
})
// --- Member schemas ---
export const updateContributionSchema = z.object({
contributionTier: z.enum(['0', '5', '15', '30', '50'])
})
export const peerSupportUpdateSchema = z.object({
enabled: z.boolean().optional(),
skillTopics: z.array(z.string().max(200)).max(20).optional(),
supportTopics: z.array(z.string().max(200)).max(20).optional(),
availability: z.string().max(500).optional(),
personalMessage: z.string().max(2000).optional(),
slackUsername: z.string().max(200).optional()
})
// --- Update schemas ---
export const updatePatchSchema = z.object({
content: z.string().min(1).max(50000).optional(),
images: z.array(z.string().url()).max(20).optional(),
privacy: z.enum(['public', 'members', 'private']).optional(),
commentsEnabled: z.boolean().optional()
})
// --- Series ticket schemas ---
export const seriesTicketPurchaseSchema = z.object({
name: z.string().min(1).max(200),
email: z.string().trim().toLowerCase().email(),
paymentId: z.string().max(500).optional()
})
export const seriesTicketEligibilitySchema = z.object({
email: z.string().trim().toLowerCase().email()
})
// --- Admin schemas ---
export const adminEventCreateSchema = z.object({
title: z.string().min(1).max(500),
description: z.string().min(1).max(50000),
@ -94,3 +223,106 @@ export const adminEventCreateSchema = z.object({
tags: z.array(z.string().max(100)).max(20).optional(),
series: z.string().optional()
})
export const adminEventUpdateSchema = z.object({
title: z.string().min(1).max(500),
description: z.string().min(1).max(50000),
startDate: z.string().min(1),
endDate: z.string().min(1),
location: z.string().max(500).optional(),
maxAttendees: z.number().int().positive().optional().nullable(),
membersOnly: z.boolean().optional(),
registrationDeadline: z.string().optional().nullable(),
pricing: z.object({
paymentRequired: z.boolean().optional(),
isFree: z.boolean().optional(),
publicPrice: z.number().min(0).optional()
}).optional(),
tickets: z.object({
enabled: z.boolean().optional(),
public: z.object({
available: z.boolean().optional(),
name: z.string().max(200).optional(),
description: z.string().max(2000).optional(),
price: z.number().min(0).optional(),
quantity: z.number().int().positive().optional().nullable(),
sold: z.number().int().min(0).optional(),
earlyBirdPrice: z.number().min(0).optional().nullable(),
earlyBirdDeadline: z.string().optional().nullable()
}).optional()
}).optional(),
image: z.string().url().optional().nullable(),
category: z.string().max(100).optional(),
tags: z.array(z.string().max(100)).max(20).optional(),
series: z.any().optional(),
slug: z.string().max(500).optional()
}).passthrough()
export const adminSeriesCreateSchema = z.object({
id: z.string().min(1).max(200),
title: z.string().min(1).max(500),
description: z.string().min(1).max(50000),
type: z.string().max(100).optional(),
totalEvents: z.number().int().positive().optional().nullable()
})
export const adminSeriesUpdateSchema = z.object({
id: z.string().min(1).max(200),
title: z.string().min(1).max(500),
description: z.string().max(50000).optional(),
type: z.string().max(100).optional(),
totalEvents: z.number().int().positive().optional().nullable()
})
export const adminSeriesItemUpdateSchema = z.object({
title: z.string().min(1).max(500).optional(),
description: z.string().max(50000).optional(),
type: z.string().max(100).optional(),
totalEvents: z.number().int().positive().optional().nullable(),
isActive: z.boolean().optional()
})
export const adminSeriesTicketsSchema = z.object({
id: z.string().min(1).max(200),
tickets: z.object({
enabled: z.boolean().optional(),
requiresSeriesTicket: z.boolean().optional(),
allowIndividualEventTickets: z.boolean().optional(),
currency: z.string().max(10).optional(),
member: z.object({
available: z.boolean().optional(),
isFree: z.boolean().optional(),
price: z.number().min(0).optional(),
name: z.string().max(200).optional(),
description: z.string().max(2000).optional(),
circleOverrides: z.record(z.any()).optional()
}).optional(),
public: z.object({
available: z.boolean().optional(),
name: z.string().max(200).optional(),
description: z.string().max(2000).optional(),
price: z.number().min(0).optional(),
quantity: z.number().int().positive().optional().nullable(),
sold: z.number().int().min(0).optional(),
reserved: z.number().int().min(0).optional(),
earlyBirdPrice: z.number().min(0).optional().nullable(),
earlyBirdDeadline: z.string().optional().nullable()
}).optional(),
capacity: z.object({
total: z.number().int().positive().optional().nullable(),
reserved: z.number().int().min(0).optional()
}).optional(),
waitlist: z.object({
enabled: z.boolean().optional(),
maxSize: z.number().int().positive().optional().nullable(),
entries: z.array(z.any()).optional()
}).optional()
})
})
export const adminMemberCreateSchema = z.object({
name: z.string().min(1).max(200),
email: z.string().trim().toLowerCase().email(),
circle: z.enum(['community', 'founder', 'practitioner']),
contributionTier: z.enum(['0', '5', '15', '30', '50'])
})