jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(auth): rename paymentBridge → signupBridge

Browse source 
After commit 90acc35 issued the cookie for $0 signups too, the "payment"
framing was wrong — there's no payment in a $0 signup. The cookie is
about bridging the gap between signup-form submit and email verify, not
about payment specifically.

Changes:
- setPaymentBridgeCookie  → setSignupBridgeCookie
- getPaymentBridgeMember  → getSignupBridgeMember
- Cookie wire name        payment-bridge → signup-bridge
- JWT scope               payment_bridge → signup_bridge

Touches both /api/helcim/subscription (signup activation) and
/api/helcim/initialize-payment (paid Helcim checkout) which both consume
the cookie. In-flight signup sessions started before this lands will
need to re-submit the form (cookie name mismatch); cutover hasn't
happened yet, so the only impact is local dev sessions.
This commit is contained in:
Jennie Robinson Faber 2026-04-30 15:31:54 +01:00
parent c6a5e25d06
commit 9b79ae6bf4
8 changed files with 36 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

6
server/api/helcim/subscription.post.js
View file

@ -3,7 +3,7 @@ import { getHelcimPlanId, requiresPayment } from '../../config/contributions.js'
import Member from '../../models/member.js'
import { connectDB } from '../../utils/mongoose.js'
import { getSlackService } from '../../utils/slack.ts'
import { requireAuth, getPaymentBridgeMember } from '../../utils/auth.js'
import { requireAuth, getSignupBridgeMember } from '../../utils/auth.js'
import { createHelcimSubscription, generateIdempotencyKey, listHelcimCustomerTransactions } from '../../utils/helcim.js'
import { sendWelcomeEmail } from '../../utils/resend.js'
import { upsertPaymentFromHelcim } from '../../utils/payments.js'
@ -11,8 +11,8 @@ import { upsertPaymentFromHelcim } from '../../utils/payments.js'
export default defineEventHandler(async (event) => {
try {
// Membership signup completes subscription before email verify; allow the
// payment-bridge cookie set by /api/helcim/customer to satisfy auth here.
const bridgeMember = await getPaymentBridgeMember(event)
// signup-bridge cookie set by /api/helcim/customer to satisfy auth here.
const bridgeMember = await getSignupBridgeMember(event)
if (!bridgeMember) {
await requireAuth(event)
}