jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: use requireAuth for member pricing to include revocation + status checks

Browse source
This commit is contained in:
Jennie Robinson Faber 2026-04-04 12:30:54 +01:00
parent cee67dc005
commit 3620dad03a
1 changed files with 6 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

16
server/api/series/[id]/tickets/available.get.js
View file

@ -1,5 +1,6 @@
import Series from "../../../../models/series.js"; import Series from "../../../../models/series.js";
import Member from "../../../../models/member.js"; import Member from "../../../../models/member.js";
import { requireAuth } from "../../utils/auth.js";
import { import {
calculateSeriesTicketPrice, calculateSeriesTicketPrice,
checkSeriesTicketAvailability, checkSeriesTicketAvailability,
@ -40,15 +41,10 @@ export default defineEventHandler(async (event) => {
let member = null; let member = null;
// Try auth cookie first for accurate member pricing // Try auth cookie first for accurate member pricing
const token = getCookie(event, 'auth-token') try {
if (token) { member = await requireAuth(event);
try { } catch {
const jwt = await import('jsonwebtoken') // Not authenticated — fall through to email lookup
const decoded = jwt.default.verify(token, useRuntimeConfig(event).jwtSecret)
member = await Member.findById(decoded.memberId)
} catch {
// Token invalid, fall through to email lookup
}
} }
if (!member && email) { if (!member && email) {
@ -56,7 +52,7 @@ export default defineEventHandler(async (event) => {
} }
// Check if user already has a series pass // Check if user already has a series pass
const { hasPass, registration } = checkUserSeriesPass(series, email || ""); const { hasPass, registration } = checkUserSeriesPass(series, member?.email || email || "");
if (hasPass) { if (hasPass) {
return { return {