jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: check JWT auth before email lookup in series purchase

Browse source
This commit is contained in:
Jennie Robinson Faber 2026-04-04 13:26:01 +01:00
parent bc887ca1d4
commit 44f3ee8c8c
1 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

9
server/api/series/[id]/tickets/purchase.post.js
View file

@ -33,9 +33,16 @@ export default defineEventHandler(async (event) => {
});
}
// Check membership
// Check membership — prefer JWT auth for accurate member pricing
let member = null;
try {
member = await requireAuth(event);
} catch {
// Not authenticated — fall through to email lookup
}
if (!member) {
member = await Member.findOne({ email: email.toLowerCase() });
}
// Validate purchase
const validation = validateSeriesTicketPurchase(series, {