jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

merge: catch up with feature/helcim-plan-consolidation base

Browse source 
# Conflicts:
#	server/api/auth/member.get.js
#	server/api/members/update-contribution.post.js
#	tests/server/api/update-contribution.test.js
This commit is contained in:
Jennie Robinson Faber 2026-04-19 21:33:40 +01:00
commit 7704557f16
10 changed files with 160 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

62
app/pages/member/account.vue
View file

@ -59,6 +59,10 @@
<span class="membership-k">Contribution</span>
<span class="membership-v">{{ currentContributionLabel }}</span>
</div>
<div v-if="nextPaymentDate" class="membership-row">
<span class="membership-k">Next payment</span>
<span class="membership-v">{{ formatNextPaymentDate(nextPaymentDate) }}</span>
</div>
<div class="membership-row">
<span class="membership-k">Member since</span>
<span class="membership-v">{{
@ -333,6 +337,18 @@ const paymentHistoryLoading = ref(false);
const paymentHistoryError = ref(false);
const paymentHistoryLoaded = ref(false);
// Next payment (refreshed lazily from Helcim when cached date is stale)
const refreshedNextBillingDate = ref(null);
const nextBillingRefreshed = ref(false);
const nextPaymentDate = computed(() => {
const m = memberData.value;
if (!m) return null;
if (m.status !== 'active') return null;
if (!Number(m.contributionAmount)) return null;
return refreshedNextBillingDate.value || m.nextBillingDate || null;
});
// Change-card state
const isChangingCard = ref(false);
const changeCardButtonLabel = ref("Change card");
@ -403,6 +419,44 @@ const formatMemberSince = (dateStr) => {
});
};
const formatNextPaymentDate = (dateStr) => {
if (!dateStr) return "";
const d = new Date(dateStr);
if (Number.isNaN(d.getTime())) return "";
return d.toLocaleDateString("en-US", {
month: "long",
day: "numeric",
year: "numeric",
});
};
const STALE_WINDOW_MS = 24 * 60 * 60 * 1000;
const isNextBillingStale = (dateStr) => {
if (!dateStr) return true;
const d = new Date(dateStr);
if (Number.isNaN(d.getTime())) return true;
return d.getTime() - Date.now() < STALE_WINDOW_MS;
};
const refreshNextBillingIfStale = async () => {
if (nextBillingRefreshed.value) return;
const m = memberData.value;
if (!m) return;
if (m.status !== 'active') return;
if (!Number(m.contributionAmount)) return;
if (!isNextBillingStale(m.nextBillingDate)) return;
nextBillingRefreshed.value = true;
try {
const response = await $fetch("/api/helcim/subscription");
const fresh = response?.subscription?.nextBillingDate;
if (fresh) refreshedNextBillingDate.value = fresh;
} catch (err) {
// Silent fall back to cached value (if any)
}
};
const handleUpdateTier = async () => {
isUpdating.value = true;
try {
@ -514,6 +568,7 @@ onMounted(() => {
if (memberData.value?.helcimCustomerId) {
loadPaymentHistory();
}
refreshNextBillingIfStale();
});
watch(
@ -525,6 +580,13 @@ watch(
},
);
watch(
() => memberData.value?.status,
() => {
refreshNextBillingIfStale();
},
);
const formatTxnDate = (iso) => {
if (!iso) return "—";
const d = new Date(iso);

8
docs/LAUNCH_READINESS.md
View file

@ -70,14 +70,14 @@ Pre-deploy migrations have all been run. What's left:
Cannot be verified by Vitest. All require a real browser + real Helcim test card + real email.
- [ ] **Event ticket purchase with payment** (HelcimPay.js iframe; use cloudflared tunnel or ngrok HTTPS).
- [ ] **Pre-registrant invite → accept flow** with paid tier (exercises Helcim customer creation during acceptance).
- [ ] **Magic-link login** including 15-min expiry and jti burn on reuse.
- [x] **Event ticket purchase with payment** (HelcimPay.js iframe; use cloudflared tunnel or ngrok HTTPS). *(Verified 2026-04-19 via tunnel: guest purchase on "Cooperative Game Dev Masterclass" succeeded — registration recorded with `paymentStatus: completed`, `paymentId: 47230660`, `tickets.public.sold` incremented, guest Member created. Member-ticket path not exercised because this event's member price is $0; no paid-member-ticket event currently seeded.)*
- [ ] **Pre-registrant invite → accept flow** with paid tier (exercises Helcim customer creation during acceptance). *(Deferred 2026-04-19 — no-tiers refactor landing on a parallel worktree will replace the accept-invite payment flow; retest once that lands.)*
- [x] **Magic-link login** including 15-min expiry and jti burn on reuse. *(Verified 2026-04-19 against local dev + local Mongo. Target: `alex.rivera@pixelcollective.coop` (active, member role). Happy path: `POST /api/auth/login` → 200, `magicLinkJti` set, `magicLinkJtiUsed:false`; reconstructed token from stored jti + `NUXT_JWT_SECRET` and `POST /api/auth/verify` → 200 with `redirectUrl:/member/dashboard`, `auth-token` cookie set (httpOnly, Max-Age=604800, SameSite=Lax), `magicLinkJtiUsed:true`, `lastLogin` updated. Replay: same token re-POSTed → 401 at `verify.post.js:53` (jti-burn branch), Mongo state unchanged. Expiry: `jwt.sign({...},{expiresIn:'-1s'})` with fresh unburned jti on the member → 401 at `verify.post.js:22` (jwt.verify catch, before jti check), no mutation.)*
- [x] **Guest event signup** — four branches: new email + consent, new email without consent, existing guest, existing active member. Confirms cookie only sets for new/guest, and confirmation email appends `/login` link for real members. *(Verified 2026-04-19 via tunnel with throwaway event + timestamped test emails; cleanup done.)*
- [x] **Mobile responsive layout** — main chrome sidebar hides ≤768px (not ≤1024px as previously noted); in-page two-column layouts collapse at ≤1024px. Mobile header/drawer works on phone widths. *(Verified 2026-04-19.)*
- [x] **`--text-dim` / `--text-faint` WCAG AA contrast check.** *(Verified 2026-04-19; only live failure was `.circle-desc` on selected/hover tiles — fixed in `e7ad076` by promoting from `--text-faint` to `--text-dim`.)*
- [x] **In-app payment history** (`/member/account` → Past payments section). Verified: active monthly subscriber sees past charges with dates/amounts; annual subscriber sees their single upfront charge; member with no payments shows empty state; cancelled member still sees historical charges. **Per-row download/view link NOT implemented** — Helcim's `/card-transactions/` API doesn't expose per-transaction receipt URLs. Accepted as satisfied by the existing "Advanced billing in Helcim →" escape hatch, which lands members in the Helcim portal where receipts are downloadable. *(Verified 2026-04-19.)*
- [ ] **In-app change card** (`/member/account` → Change card). Verify: HelcimPay.js modal opens, new card tokenizes, customer's default payment method updates in Helcim dashboard, active subscription's payment method updates, and `billing_card_updated` activity log entry is written. Force a failure path (e.g. invalid card or Helcim 4xx after default updates) to confirm the rollback in `server/api/helcim/update-card.post.js` actually restores the prior default.
- [x] **In-app change card** (`/member/account` → Change card). Verify: HelcimPay.js modal opens, new card tokenizes, customer's default payment method updates in Helcim dashboard, active subscription's payment method updates, and `billing_card_updated` activity log entry is written. Force a failure path (e.g. invalid card or Helcim 4xx after default updates) to confirm the rollback in `server/api/helcim/update-card.post.js` actually restores the prior default. *(Verified 2026-04-19.)*
---

1
server/api/auth/member.get.js
View file

@ -14,6 +14,7 @@ export default defineEventHandler(async (event) => {
contributionAmount: member.contributionAmount,
billingCadence: member.billingCadence,
helcimCustomerId: member.helcimCustomerId,
nextBillingDate: member.nextBillingDate,
membershipLevel: `${member.circle}-${member.contributionAmount}`,
// Profile fields
pronouns: member.pronouns,

56
server/api/helcim/subscription.get.js Normal file
View file

@ -0,0 +1,56 @@
// Refresh the authenticated member's cached nextBillingDate from Helcim.
// The account page calls this only when the stored date is stale (missing,
// past, or within ~24h). On success, writes the fresh date back to the member
// record so subsequent loads can render instantly from /api/auth/member.
//
// On Helcim errors, returns { subscription: null, error: 'unavailable' } (HTTP 200)
// so the client can fall back to the cached value (if any) without crashing.
import { requireAuth } from '../../utils/auth.js'
import { getHelcimSubscription } from '../../utils/helcim.js'
import Member from '../../models/member.js'
import { connectDB } from '../../utils/mongoose.js'
export default defineEventHandler(async (event) => {
const member = await requireAuth(event)
if (!member.helcimSubscriptionId) {
return { subscription: null }
}
try {
const response = await getHelcimSubscription(member.helcimSubscriptionId)
const subscription = Array.isArray(response)
? response[0]
: (response?.data?.[0] || response)
const nextBillingDate = subscription?.nextBillingDate || null
if (nextBillingDate) {
const parsed = new Date(nextBillingDate)
if (!Number.isNaN(parsed.getTime())) {
await connectDB()
await Member.findByIdAndUpdate(
member._id,
{ $set: { nextBillingDate: parsed } },
{ runValidators: false }
)
}
}
return {
subscription: subscription
? {
id: String(subscription.id ?? ''),
status: subscription.status || '',
nextBillingDate: nextBillingDate || '',
}
: null,
}
} catch (error) {
console.error('[subscription.get] Helcim lookup failed', {
helcimSubscriptionId: member.helcimSubscriptionId,
error: error?.message || error,
})
return { subscription: null, error: 'unavailable' }
}
})

7
server/api/helcim/subscription.post.js
View file

@ -165,6 +165,10 @@ export default defineEventHandler(async (event) => {
throw createError({ statusCode: 500, statusMessage: 'Subscription creation failed' })
}
const nextBillingDate = subscription.nextBillingDate
? new Date(subscription.nextBillingDate)
: null
// Update member in database
const member = await Member.findOneAndUpdate(
{ helcimCustomerId: body.customerId },
@ -176,6 +180,9 @@ export default defineEventHandler(async (event) => {
billingCadence: cadence,
subscriptionStartDate: new Date(),
status: 'active',
...(nextBillingDate && !Number.isNaN(nextBillingDate.getTime())
? { nextBillingDate }
: {}),
} },
{ new: true, runValidators: false }
)

1
server/api/members/cancel-subscription.post.js
View file

@ -34,6 +34,7 @@ export default defineEventHandler(async (event) => {
paymentMethod: 'none',
subscriptionEndDate: new Date(),
},
$unset: { nextBillingDate: 1 },
},
{ runValidators: false }
);

12
server/api/members/update-contribution.post.js
View file

@ -98,6 +98,10 @@ export default defineEventHandler(async (event) => {
throw new Error("No subscription returned in response");
}
const nextBillingDate = subscription.nextBillingDate
? new Date(subscription.nextBillingDate)
: null;
// Update member record
await Member.findByIdAndUpdate(
member._id,
@ -107,6 +111,9 @@ export default defineEventHandler(async (event) => {
paymentMethod: "card",
status: "active",
billingCadence: cadence,
...(nextBillingDate && !Number.isNaN(nextBillingDate.getTime())
? { nextBillingDate }
: {}),
} },
{ runValidators: false }
);
@ -148,7 +155,10 @@ export default defineEventHandler(async (event) => {
// Update member to free tier
await Member.findByIdAndUpdate(
member._id,
{ $set: { contributionAmount: newAmount, helcimSubscriptionId: null, paymentMethod: "none", billingCadence: "monthly" } },
{
$set: { contributionAmount: newAmount, helcimSubscriptionId: null, paymentMethod: "none", billingCadence: "monthly" },
$unset: { nextBillingDate: 1 },
},
{ runValidators: false }
);

4
server/models/activityLog.js
View file

@ -21,7 +21,9 @@ const ACTIVITY_TYPES = [
'connection_requested',
'connection_confirmed',
'tag_suggested',
'billing_card_updated'
'billing_card_updated',
'member_onboarding_goal_completed',
'member_onboarding_completed'
]
const activityLogSchema = new mongoose.Schema({

11
server/utils/helcim.js
View file

@ -134,6 +134,9 @@ export const createHelcimSubscription = (subscription, idempotencyKey) =>
errorMessage: 'Subscription creation failed'
})
export const getHelcimSubscription = (id) =>
helcimFetch(`/subscriptions/${id}`, { errorMessage: 'Subscription lookup failed' })
export const cancelHelcimSubscription = (id) =>
helcimFetch(`/subscriptions/${id}`, { method: 'DELETE', errorMessage: 'Subscription cancellation failed' })
@ -188,7 +191,13 @@ export async function listHelcimCustomerTransactions(customerCode) {
? response
: (response?.transactions || response?.data || [])
const sorted = [...rows].sort((a, b) => {
const filtered = rows.filter((t) => {
const type = String(t?.type || '').toLowerCase()
const amount = typeof t?.amount === 'number' ? t.amount : Number(t?.amount) || 0
return type !== 'verify' && amount > 0
})
const sorted = [...filtered].sort((a, b) => {
const da = Date.parse(a?.dateCreated || '') || 0
const db = Date.parse(b?.dateCreated || '') || 0
return db - da

7
tests/server/api/update-contribution.test.js
View file

@ -327,12 +327,15 @@ describe('update-contribution endpoint — Case 2 (paid→free)', () => {
expect(cancelHelcimSubscription).toHaveBeenCalledWith('sub-1')
expect(Member.findByIdAndUpdate).toHaveBeenCalledWith(
'member-c2',
{ $set: expect.objectContaining({
expect.objectContaining({
$set: expect.objectContaining({
contributionAmount: 0,
helcimSubscriptionId: null,
paymentMethod: 'none',
billingCadence: 'monthly',
}) },
}),
$unset: expect.objectContaining({ nextBillingDate: 1 }),
}),
{ runValidators: false }
)
expect(result.success).toBe(true)