jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(auth): rename paymentBridge → signupBridge

Browse source 
After commit 90acc35 issued the cookie for $0 signups too, the "payment"
framing was wrong — there's no payment in a $0 signup. The cookie is
about bridging the gap between signup-form submit and email verify, not
about payment specifically.

Changes:
- setPaymentBridgeCookie  → setSignupBridgeCookie
- getPaymentBridgeMember  → getSignupBridgeMember
- Cookie wire name        payment-bridge → signup-bridge
- JWT scope               payment_bridge → signup_bridge

Touches both /api/helcim/subscription (signup activation) and
/api/helcim/initialize-payment (paid Helcim checkout) which both consume
the cookie. In-flight signup sessions started before this lands will
need to re-submit the form (cookie name mismatch); cutover hasn't
happened yet, so the only impact is local dev sessions.
This commit is contained in:
Jennie Robinson Faber 2026-04-30 15:31:54 +01:00
parent c6a5e25d06
commit 9b79ae6bf4
8 changed files with 36 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

10
server/api/helcim/customer.post.js
View file

@ -4,7 +4,7 @@ import { connectDB } from '../../utils/mongoose.js'
import { createHelcimCustomer } from '../../utils/helcim.js'
import PreRegistration from '../../models/preRegistration.js'
import { sendMagicLink } from '../../utils/magicLink.js'
import { setPaymentBridgeCookie } from '../../utils/auth.js'
import { setSignupBridgeCookie } from '../../utils/auth.js'
import { rateLimit } from '../../utils/rateLimit.js'
export default defineEventHandler(async (event) => {
@ -116,10 +116,10 @@ export default defineEventHandler(async (event) => {
})
// Signup completes (paid checkout or free activation) before the magic
// link is clicked, so issue a short-lived, payment-only bridge cookie
// that lets /api/helcim/initialize-payment and /api/helcim/subscription
// identify the member without a verified auth session.
setPaymentBridgeCookie(event, member)
// link is clicked, so issue a short-lived signup-bridge cookie that lets
// /api/helcim/initialize-payment and /api/helcim/subscription identify
// the member without a verified auth session.
setSignupBridgeCookie(event, member)
return {
success: true,