refactor(auth): rename paymentBridge → signupBridge
After commit 90acc35 issued the cookie for $0 signups too, the "payment"
framing was wrong — there's no payment in a $0 signup. The cookie is
about bridging the gap between signup-form submit and email verify, not
about payment specifically.
Changes:
- setPaymentBridgeCookie → setSignupBridgeCookie
- getPaymentBridgeMember → getSignupBridgeMember
- Cookie wire name payment-bridge → signup-bridge
- JWT scope payment_bridge → signup_bridge
Touches both /api/helcim/subscription (signup activation) and
/api/helcim/initialize-payment (paid Helcim checkout) which both consume
the cookie. In-flight signup sessions started before this lands will
need to re-submit the form (cookie name mismatch); cutover hasn't
happened yet, so the only impact is local dev sessions.
This commit is contained in:
parent
c6a5e25d06
commit
9b79ae6bf4
8 changed files with 36 additions and 35 deletions
|
|
@ -23,26 +23,27 @@ export function setAuthCookie(event, member) {
|
|||
}
|
||||
|
||||
/**
|
||||
* Issue a 30-minute payment-bridge cookie scoped to membership-signup checkout.
|
||||
* Issue a 30-minute signup-bridge cookie scoped to membership-signup flow.
|
||||
*
|
||||
* The signup flow (POST /api/helcim/customer) defers the full session cookie
|
||||
* to email-verify (magic link). For paid tiers the user still needs to complete
|
||||
* Helcim checkout in the same browser tab — this short-lived, payment-only
|
||||
* token lets `/api/helcim/initialize-payment` accept the call without a full
|
||||
* session. The cookie is NOT honored by requireAuth and grants nothing else.
|
||||
* to email-verify (magic link). The bridge cookie lets the in-progress signup
|
||||
* complete its activation step (free or paid) before that magic link is
|
||||
* clicked: /api/helcim/subscription accepts it for $0 activation, and
|
||||
* /api/helcim/initialize-payment accepts it for paid Helcim checkout.
|
||||
* The cookie is NOT honored by requireAuth and grants nothing else.
|
||||
*/
|
||||
export function setPaymentBridgeCookie(event, member) {
|
||||
export function setSignupBridgeCookie(event, member) {
|
||||
const token = jwt.sign(
|
||||
{
|
||||
memberId: member._id.toString(),
|
||||
email: member.email,
|
||||
scope: 'payment_bridge'
|
||||
scope: 'signup_bridge'
|
||||
},
|
||||
useRuntimeConfig(event).jwtSecret,
|
||||
{ expiresIn: '30m' }
|
||||
)
|
||||
|
||||
setCookie(event, 'payment-bridge', token, {
|
||||
setCookie(event, 'signup-bridge', token, {
|
||||
httpOnly: true,
|
||||
secure: process.env.NODE_ENV === 'production',
|
||||
sameSite: 'lax',
|
||||
|
|
@ -52,12 +53,12 @@ export function setPaymentBridgeCookie(event, member) {
|
|||
}
|
||||
|
||||
/**
|
||||
* Verify a payment-bridge cookie and return the associated Member, or null.
|
||||
* Used by /api/helcim/initialize-payment to allow the membership-signup
|
||||
* checkout to proceed before email verification.
|
||||
* Verify a signup-bridge cookie and return the associated Member, or null.
|
||||
* Used by /api/helcim/subscription and /api/helcim/initialize-payment to
|
||||
* let the in-progress signup complete activation before email verification.
|
||||
*/
|
||||
export async function getPaymentBridgeMember(event) {
|
||||
const token = getCookie(event, 'payment-bridge')
|
||||
export async function getSignupBridgeMember(event) {
|
||||
const token = getCookie(event, 'signup-bridge')
|
||||
if (!token) return null
|
||||
|
||||
let decoded
|
||||
|
|
@ -67,7 +68,7 @@ export async function getPaymentBridgeMember(event) {
|
|||
return null
|
||||
}
|
||||
|
||||
if (decoded.scope !== 'payment_bridge') return null
|
||||
if (decoded.scope !== 'signup_bridge') return null
|
||||
|
||||
await connectDB()
|
||||
const member = await Member.findById(decoded.memberId)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue