Enhance authentication flow: Add authentication-based buttons in AppNavigation for logged-in users, improve member status checks in useAuth, and update join page to automatically redirect to the dashboard after registration. Adjust cookie settings for better development experience.

server/api/auth/logout.post.js

@@ -1,9 +1,9 @@
 export default defineEventHandler(async (event) => {
   // Clear the auth token cookie
   setCookie(event, 'auth-token', '', {
-    httpOnly: true,
-    secure: process.env.NODE_ENV === 'production',
-    sameSite: 'strict',
+    httpOnly: false, // Match the original cookie settings
+    secure: false, // Don't require HTTPS in development
+    sameSite: 'lax',
     maxAge: 0 // Expire immediately
   })
 

server/api/auth/member.get.js

@@ -6,8 +6,10 @@ export default defineEventHandler(async (event) => {
   await connectDB()
   
   const token = getCookie(event, 'auth-token')
+  console.log('Auth check - token found:', !!token)
   
   if (!token) {
+    console.log('No auth token found in cookies')
     throw createError({ 
       statusCode: 401, 
       statusMessage: 'Not authenticated' 

server/api/auth/status.get.js

@@ -0,0 +1,40 @@
+import jwt from 'jsonwebtoken'
+import Member from '../../models/member.js'
+import { connectDB } from '../../utils/mongoose.js'
+
+export default defineEventHandler(async (event) => {
+  await connectDB()
+  
+  const token = getCookie(event, 'auth-token')
+  console.log('🔍 Auth status check - token exists:', !!token)
+  
+  if (!token) {
+    return { authenticated: false, member: null }
+  }
+  
+  try {
+    const decoded = jwt.verify(token, process.env.JWT_SECRET)
+    const member = await Member.findById(decoded.memberId).select('-__v')
+    
+    if (!member) {
+      console.log('⚠️ Token valid but member not found')
+      return { authenticated: false, member: null }
+    }
+    
+    console.log('✅ Auth status check - member found:', member.email)
+    return { 
+      authenticated: true, 
+      member: {
+        id: member._id,
+        email: member.email,
+        name: member.name,
+        circle: member.circle,
+        contributionTier: member.contributionTier,
+        membershipLevel: `${member.circle}-${member.contributionTier}`
+      }
+    }
+  } catch (err) {
+    console.error('❌ Auth status check - token verification failed:', err.message)
+    return { authenticated: false, member: null }
+  }
+})

server/api/auth/verify.get.js

@@ -38,8 +38,8 @@ export default defineEventHandler(async (event) => {
     
     // Set the session cookie
     setCookie(event, 'auth-token', sessionToken, {
-      httpOnly: true,
-      secure: process.env.NODE_ENV === 'production',
+      httpOnly: false, // Allow JavaScript access for debugging in development
+      secure: false, // Don't require HTTPS in development
       sameSite: 'lax',
       maxAge: 60 * 60 * 24 * 30 // 30 days
     })

server/api/helcim/customer.post.js

@@ -108,10 +108,23 @@ export default defineEventHandler(async (event) => {
         email: body.email,
         helcimCustomerId: customerData.id 
       },
-      config.jwtSecret,
+      process.env.JWT_SECRET,
       { expiresIn: '24h' }
     )
 
+    // Set the session cookie server-side
+    console.log('Setting auth-token cookie for member:', member.email)
+    console.log('NODE_ENV:', process.env.NODE_ENV)
+    setCookie(event, 'auth-token', token, {
+      httpOnly: true, // Server-only for security
+      secure: false, // Don't require HTTPS in development
+      sameSite: 'lax',
+      maxAge: 60 * 60 * 24, // 24 hours
+      path: '/',
+      domain: undefined // Let browser set domain automatically
+    })
+    console.log('Cookie set successfully')
+
     return {
       success: true,
       customerId: customerData.id,