From 44f3ee8c8c5a3fc11001135b8af58022e3c018dc Mon Sep 17 00:00:00 2001
From: Jennie Robinson Faber <jennie@jenniefaber.com>
Date: Sat, 4 Apr 2026 13:26:01 +0100
Subject: [PATCH] fix: check JWT auth before email lookup in series purchase

---
 server/api/series/[id]/tickets/purchase.post.js | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/server/api/series/[id]/tickets/purchase.post.js b/server/api/series/[id]/tickets/purchase.post.js
index e8343a0..bcf1ba9 100644
--- a/server/api/series/[id]/tickets/purchase.post.js
+++ b/server/api/series/[id]/tickets/purchase.post.js
@@ -33,9 +33,16 @@ export default defineEventHandler(async (event) => {
       });
     }
 
-    // Check membership
+    // Check membership — prefer JWT auth for accurate member pricing
     let member = null;
-    member = await Member.findOne({ email: email.toLowerCase() });
+    try {
+      member = await requireAuth(event);
+    } catch {
+      // Not authenticated — fall through to email lookup
+    }
+    if (!member) {
+      member = await Member.findOne({ email: email.toLowerCase() });
+    }
 
     // Validate purchase
     const validation = validateSeriesTicketPurchase(series, {