From 3620dad03a6ef0bff249b5d839fb04ea33d02317 Mon Sep 17 00:00:00 2001
From: Jennie Robinson Faber <jennie@jenniefaber.com>
Date: Sat, 4 Apr 2026 12:30:54 +0100
Subject: [PATCH] fix: use requireAuth for member pricing to include revocation
 + status checks

---
 server/api/series/[id]/tickets/available.get.js | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/server/api/series/[id]/tickets/available.get.js b/server/api/series/[id]/tickets/available.get.js
index 4688dd8..84a438f 100644
--- a/server/api/series/[id]/tickets/available.get.js
+++ b/server/api/series/[id]/tickets/available.get.js
@@ -1,5 +1,6 @@
 import Series from "../../../../models/series.js";
 import Member from "../../../../models/member.js";
+import { requireAuth } from "../../utils/auth.js";
 import {
   calculateSeriesTicketPrice,
   checkSeriesTicketAvailability,
@@ -40,15 +41,10 @@ export default defineEventHandler(async (event) => {
     let member = null;
 
     // Try auth cookie first for accurate member pricing
-    const token = getCookie(event, 'auth-token')
-    if (token) {
-      try {
-        const jwt = await import('jsonwebtoken')
-        const decoded = jwt.default.verify(token, useRuntimeConfig(event).jwtSecret)
-        member = await Member.findById(decoded.memberId)
-      } catch {
-        // Token invalid, fall through to email lookup
-      }
+    try {
+      member = await requireAuth(event);
+    } catch {
+      // Not authenticated — fall through to email lookup
     }
 
     if (!member && email) {
@@ -56,7 +52,7 @@ export default defineEventHandler(async (event) => {
     }
 
     // Check if user already has a series pass
-    const { hasPass, registration } = checkUserSeriesPass(series, email || "");
+    const { hasPass, registration } = checkUserSeriesPass(series, member?.email || email || "");
 
     if (hasPass) {
       return {