jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Updates
Some checks failed
Test / vitest (push) Failing after 6m9s
Details
Test / visual (push) Has been skipped
Details
Test / playwright (push) Has been skipped
Details
Test / Notify on failure (push) Successful in 2s
Details

Browse source
This commit is contained in:
Jennie Robinson Faber 2026-04-15 17:45:09 +01:00
parent 28040f44f4
commit 2394248d53
13 changed files with 571 additions and 538 deletions
Download patch file Download diff file Expand all files Collapse all files

1
server/api/auth/member.get.js
View file

@ -25,7 +25,6 @@ export default defineEventHandler(async (event) => {
board: member.board,
showInDirectory: member.showInDirectory,
notifications: member.notifications,
privacy: member.privacy,
createdAt: member.createdAt,
onboarding: member.onboarding,
};

60
server/api/members/[id].get.js
View file

@ -1,25 +1,8 @@
import jwt from "jsonwebtoken";
import Member from "../../models/member.js";
import { connectDB } from "../../utils/mongoose.js";
import { requireAuth } from "../../utils/auth.js";
export default defineEventHandler(async (event) => {
await connectDB();
// Check if user is authenticated (optional — works for public and authenticated users)
const token = getCookie(event, "auth-token");
let isAuthenticated = false;
if (token) {
try {
const decoded = jwt.verify(token, useRuntimeConfig().jwtSecret);
if (decoded.memberId) {
isAuthenticated = true;
}
} catch {
// Invalid token, treat as public
isAuthenticated = false;
}
}
await requireAuth(event);
const id = event.context.params.id;
@ -30,7 +13,7 @@ export default defineEventHandler(async (event) => {
status: "active",
})
.select(
"name pronouns timeZone avatar studio bio location socialLinks privacy circle craftTags board createdAt memberNumber",
"name pronouns timeZone avatar studio bio location socialLinks circle craftTags board createdAt memberNumber",
)
.lean();
@ -41,42 +24,27 @@ export default defineEventHandler(async (event) => {
});
}
// Filter fields based on privacy settings
const privacy = member.privacy || {};
const filtered = {
_id: member._id,
name: member.name,
circle: member.circle,
createdAt: member.createdAt,
memberNumber: member.memberNumber,
};
// Helper function to check if field should be visible
const isVisible = (field) => {
const privacySetting = privacy[field] || "members";
if (privacySetting === "public") return true;
if (privacySetting === "members" && isAuthenticated) return true;
if (privacySetting === "private") return false;
return false;
};
// Add fields based on privacy settings
if (isVisible("avatar")) filtered.avatar = member.avatar;
if (isVisible("pronouns")) filtered.pronouns = member.pronouns;
if (isVisible("timeZone")) filtered.timeZone = member.timeZone;
if (isVisible("studio")) filtered.studio = member.studio;
if (isVisible("bio")) filtered.bio = member.bio;
if (isVisible("location")) filtered.location = member.location;
if (isVisible("socialLinks")) filtered.socialLinks = member.socialLinks;
if (isVisible("craftTags")) filtered.craftTags = member.craftTags;
filtered.board = {
slackHandle: member.board?.slackHandle,
avatar: member.avatar,
pronouns: member.pronouns,
timeZone: member.timeZone,
studio: member.studio,
bio: member.bio,
location: member.location,
socialLinks: member.socialLinks,
craftTags: member.craftTags,
board: {
slackHandle: member.board?.slackHandle,
},
};
return { member: filtered };
} catch (error) {
// Re-throw NuxtErrors (like the 404 above)
if (error.statusCode) {
throw error;
}

67
server/api/members/directory.get.js
View file

@ -1,23 +1,9 @@
import jwt from "jsonwebtoken";
import Member from "../../models/member.js";
import Tag from "../../models/tag.js";
import { connectDB } from "../../utils/mongoose.js";
import { requireAuth } from "../../utils/auth.js";
export default defineEventHandler(async (event) => {
await connectDB();
// Check if user is authenticated
const token = getCookie(event, "auth-token");
let isAuthenticated = false;
if (token) {
try {
jwt.verify(token, useRuntimeConfig().jwtSecret);
isAuthenticated = true;
} catch (err) {
isAuthenticated = false;
}
}
await requireAuth(event);
const query = getQuery(event);
const search = query.search || "";
@ -56,42 +42,28 @@ export default defineEventHandler(async (event) => {
try {
const members = await Member.find(dbQuery)
.select(
"name pronouns timeZone avatar studio bio location socialLinks privacy circle craftTags board createdAt",
"name pronouns timeZone avatar studio bio location socialLinks circle craftTags board createdAt",
)
.sort({ createdAt: -1 })
.lean();
const filteredMembers = members.map((member) => {
const privacy = member.privacy || {};
const filtered = {
_id: member._id,
name: member.name,
circle: member.circle,
createdAt: member.createdAt,
};
const isVisible = (field) => {
const privacySetting = privacy[field] || "members";
if (privacySetting === "public") return true;
if (privacySetting === "members" && isAuthenticated) return true;
return false;
};
if (isVisible("avatar")) filtered.avatar = member.avatar;
if (isVisible("pronouns")) filtered.pronouns = member.pronouns;
if (isVisible("timeZone")) filtered.timeZone = member.timeZone;
if (isVisible("studio")) filtered.studio = member.studio;
if (isVisible("bio")) filtered.bio = member.bio;
if (isVisible("location")) filtered.location = member.location;
if (isVisible("socialLinks")) filtered.socialLinks = member.socialLinks;
if (isVisible("craftTags")) filtered.craftTags = member.craftTags;
filtered.board = {
const filteredMembers = members.map((member) => ({
_id: member._id,
name: member.name,
circle: member.circle,
createdAt: member.createdAt,
avatar: member.avatar,
pronouns: member.pronouns,
timeZone: member.timeZone,
studio: member.studio,
bio: member.bio,
location: member.location,
socialLinks: member.socialLinks,
craftTags: member.craftTags,
board: {
slackHandle: member.board?.slackHandle,
};
return filtered;
});
},
}));
const [craftTags, cooperativeTags] = await Promise.all([
Tag.find({ pool: "craft", active: true }).sort({ label: 1 }).lean(),
@ -110,6 +82,7 @@ export default defineEventHandler(async (event) => {
},
};
} catch (error) {
if (error.statusCode) throw error;
console.error("Directory fetch error:", error);
throw createError({
statusCode: 500,

22
server/api/members/profile.patch.js
View file

@ -22,18 +22,6 @@ export default defineEventHandler(async (event) => {
"notifications",
];
// Privacy fields from validated body
const privacyFields = [
"pronounsPrivacy",
"timeZonePrivacy",
"avatarPrivacy",
"studioPrivacy",
"bioPrivacy",
"locationPrivacy",
"socialLinksPrivacy",
"craftTagsPrivacy",
];
// Build update object from validated data
const updateData = {};
@ -53,14 +41,6 @@ export default defineEventHandler(async (event) => {
updateData["board.slackHandle"] = body.boardSlackHandle;
}
// Handle privacy settings
privacyFields.forEach((privacyField) => {
if (body[privacyField] !== undefined) {
const baseField = privacyField.replace("Privacy", "");
updateData[`privacy.${baseField}`] = body[privacyField];
}
});
try {
const member = await Member.findByIdAndUpdate(
memberId,
@ -76,7 +56,7 @@ export default defineEventHandler(async (event) => {
}
// Log which fields were updated
const changedFields = Object.keys(body).filter(k => body[k] !== undefined && !k.endsWith('Privacy'))
const changedFields = Object.keys(body).filter(k => body[k] !== undefined)
if (changedFields.length) {
logActivity(memberId, 'profile_updated', { fields: changedFields })
}

44
server/models/member.js
View file

@ -76,50 +76,6 @@ const memberSchema = new mongoose.Schema({
slackHandle: String,
},
// Privacy settings for profile fields
privacy: {
pronouns: {
type: String,
enum: ["members", "private"],
default: "members",
},
timeZone: {
type: String,
enum: ["members", "private"],
default: "members",
},
avatar: {
type: String,
enum: ["members", "private"],
default: "members",
},
studio: {
type: String,
enum: ["members", "private"],
default: "members",
},
bio: {
type: String,
enum: ["members", "private"],
default: "members",
},
location: {
type: String,
enum: ["members", "private"],
default: "members",
},
socialLinks: {
type: String,
enum: ["members", "private"],
default: "members",
},
craftTags: {
type: String,
enum: ["members", "private"],
default: "members",
},
},
notifications: {
events: { type: Boolean, default: true },
updates: { type: Boolean, default: true },

15
server/utils/schemas.js
View file

@ -1,13 +1,6 @@
import * as z from 'zod'
import { ADMIN_ALERT_TYPES } from '../models/adminAlertDismissal.js'
// Binary privacy: 'members' = visible to signed-in members, 'private' = hidden.
// Legacy 'public' is accepted from old clients and coerced to 'members'.
const privacyEnum = z.preprocess(
(v) => (v === 'public' ? 'members' : v),
z.enum(['members', 'private'])
)
export const emailSchema = z.object({
email: z.string().trim().toLowerCase().email()
})
@ -37,15 +30,7 @@ export const memberProfileUpdateSchema = z.object({
events: z.boolean().optional(),
updates: z.boolean().optional()
}).optional(),
pronounsPrivacy: privacyEnum.optional(),
timeZonePrivacy: privacyEnum.optional(),
avatarPrivacy: privacyEnum.optional(),
studioPrivacy: privacyEnum.optional(),
bioPrivacy: privacyEnum.optional(),
locationPrivacy: privacyEnum.optional(),
socialLinksPrivacy: privacyEnum.optional(),
craftTags: z.array(z.string().max(100)).max(16).optional(),
craftTagsPrivacy: privacyEnum.optional(),
boardSlackHandle: z.string().max(200).optional()
})