fix: use requireAuth for member pricing to include revocation + status checks

server/api/series/[id]/tickets/available.get.js

@@ -1,5 +1,6 @@
 import Series from "../../../../models/series.js";
 import Member from "../../../../models/member.js";
+import { requireAuth } from "../../utils/auth.js";
 import {
   calculateSeriesTicketPrice,
   checkSeriesTicketAvailability,
@@ -40,15 +41,10 @@ export default defineEventHandler(async (event) => {
     let member = null;
 
     // Try auth cookie first for accurate member pricing
-    const token = getCookie(event, 'auth-token')
-    if (token) {
     try {
-        const jwt = await import('jsonwebtoken')
-        const decoded = jwt.default.verify(token, useRuntimeConfig(event).jwtSecret)
-        member = await Member.findById(decoded.memberId)
+      member = await requireAuth(event);
     } catch {
-        // Token invalid, fall through to email lookup
-      }
+      // Not authenticated — fall through to email lookup
     }
 
     if (!member && email) {
@@ -56,7 +52,7 @@ export default defineEventHandler(async (event) => {
     }
 
     // Check if user already has a series pass
-    const { hasPass, registration } = checkUserSeriesPass(series, email || "");
+    const { hasPass, registration } = checkUserSeriesPass(series, member?.email || email || "");
 
     if (hasPass) {
       return {