jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(launch): simplify launch-readiness fixes

Browse source 
Follow-up to 208638e. Code review surfaced a few real issues; this
commit addresses them.

- login.post.js now uses the new sendMagicLink util instead of
  duplicating the jti/jwt/Resend/logActivity logic. Reduces 60 lines.
- sendMagicLink accepts an optional pre-loaded Member doc, skipping
  the redundant findOne when the caller already has one. customer.post.js
  passes the just-created/upgraded member, dropping signup from 3
  Mongo round-trips to 1 (lookup is gone; jti burn remains).
- sendMagicLink now lowercases the email defensively so callers don't
  have to remember.
- rateLimit.js: replaced an effectively-dead eviction line with a
  probabilistic sweep (~1% of calls scan and evict keys whose newest
  entry has aged out). Caps unbounded Map growth under random-key
  spraying.
- reconcile-payments.post.js: 401/403/404 from Helcim now bails out
  immediately instead of burning all 3 retry attempts; dry-run
  summary filters via the same RECONCILABLE_STATUSES set as apply
  mode so counts match.
- Deleted WHAT-comments and section banners per CLAUDE.md no-comment
  rule. Kept genuine WHY-comments (validateBeforeSave rationale,
  amount-IGNORED-for-tickets, sendConfirmation deliberately-omitted).

Tests: 758/760 passing (unchanged).
This commit is contained in:
Jennie Robinson Faber 2026-04-25 19:34:16 +01:00
parent 208638e374
commit 51230e5151
7 changed files with 33 additions and 98 deletions
Download patch file Download diff file Expand all files Collapse all files

4
server/api/helcim/initialize-payment.post.js
View file

@ -1,4 +1,3 @@
// Initialize HelcimPay.js session
import Member from '../../models/member.js'
import Series from '../../models/series.js'
import { loadPublicEvent } from '../../utils/loadEvent.js'
@ -14,9 +13,6 @@ export default defineEventHandler(async (event) => {
const isEventTicket = metaType === 'event_ticket'
const isSeriesTicket = metaType === 'series_ticket'
const isTicket = isEventTicket || isSeriesTicket
// Membership signup uses a short-lived payment-bridge cookie (set by
// /api/helcim/customer) so the user can complete checkout before clicking
// their email-verification magic link.
const isMembershipSignup = metaType === 'membership_signup'
if (!isTicket) {