fix: replace member.save() with atomic update in cancel-subscription

2026-04-04 12:26:56 +01:00 · 2026-04-04 12:26:56 +01:00 · bbe94f0efb
commit bbe94f0efb
parent d4d9629d83
1 changed files with 20 additions and 39 deletions
--- a/server/api/members/cancel-subscription.post.js
+++ b/server/api/members/cancel-subscription.post.js
@ -1,49 +1,22 @@
 // Cancel member subscription
-import jwt from "jsonwebtoken";
-import Member from "../../models/member.js";
 import { connectDB } from "../../utils/mongoose.js";
+import Member from "../../models/member.js";

 const HELCIM_API_BASE = "https://api.helcim.com/v2";

 export default defineEventHandler(async (event) => {
  try {
+    const member = await requireAuth(event);
    await connectDB();
    const config = useRuntimeConfig(event);
-    const token = getCookie(event, "auth-token");
-
-    if (!token) {
-      throw createError({
-        statusCode: 401,
-        statusMessage: "Not authenticated",
-      });
-    }
-
-    // Decode JWT token
-    let decoded;
-    try {
-      decoded = jwt.verify(token, config.jwtSecret);
-    } catch (err) {
-      throw createError({
-        statusCode: 401,
-        statusMessage: "Invalid or expired token",
-      });
-    }
-
-    // Get member
-    const member = await Member.findById(decoded.memberId);
-    if (!member) {
-      throw createError({
-        statusCode: 404,
-        statusMessage: "Member not found",
-      });
-    }

    // If already on free tier, nothing to cancel
    if (member.contributionTier === "0" || !member.helcimSubscriptionId) {
      return {
        success: true,
        message: "No active subscription to cancel",
-        member,
+        status: member.status,
+        contributionTier: member.contributionTier,
      };
    }

@ -77,18 +50,26 @@ export default defineEventHandler(async (event) => {
      // Continue anyway - we'll update the member record
    }

-    // Update member status
-    member.status = "cancelled";
-    member.contributionTier = "0";
-    member.helcimSubscriptionId = null;
-    member.paymentMethod = "none";
-    member.subscriptionEndDate = new Date();
-    await member.save();
+    // Update member status — pending_payment (not cancelled) so member can re-subscribe
+    await Member.findByIdAndUpdate(
+      member._id,
+      {
+        $set: {
+          status: 'pending_payment',
+          contributionTier: '0',
+          helcimSubscriptionId: null,
+          paymentMethod: 'none',
+          subscriptionEndDate: new Date(),
+        },
+      },
+      { runValidators: false }
+    );

    return {
      success: true,
      message: "Subscription cancelled successfully",
-      member,
+      status: 'pending_payment',
+      contributionTier: '0',
    };
  } catch (error) {
    console.error("Error cancelling subscription:", error);