diff --git a/docs/LAUNCH_READINESS.md b/docs/LAUNCH_READINESS.md index 9313462..4a7854d 100644 --- a/docs/LAUNCH_READINESS.md +++ b/docs/LAUNCH_READINESS.md @@ -49,6 +49,8 @@ Rough scope: 1 day if Helcim's email template is editable; +0.5 day if we have t Pre-deploy migrations have all been run. What's left: - [ ] Merge `feature/helcim-plan-consolidation` into `main`. +- [ ] Merge `feature/contribution-amount-redesign` into `main` (forked from `feature/helcim-plan-consolidation`; renames `contributionTier` → `contributionAmount` with arbitrary whole-dollar amounts, annual = amount × 12, no discount framing). +- [ ] Run `node scripts/migrate-contribution-amount.cjs --apply` against prod Mongo AFTER contribution-amount merge and BEFORE Netlify deploy of that change. Idempotent; dry-run against local counted 34 members. - [ ] Set `NUXT_HELCIM_MONTHLY_PLAN_ID=50302` in Netlify production env. - [ ] Set `NUXT_HELCIM_ANNUAL_PLAN_ID=50303` in Netlify production env. @@ -71,7 +73,8 @@ Pre-deploy migrations have all been run. What's left: Cannot be verified by Vitest. All require a real browser + real Helcim test card + real email. - [x] **Event ticket purchase with payment** (HelcimPay.js iframe; use cloudflared tunnel or ngrok HTTPS). *(Verified 2026-04-19 via tunnel: guest purchase on "Cooperative Game Dev Masterclass" succeeded — registration recorded with `paymentStatus: completed`, `paymentId: 47230660`, `tickets.public.sold` incremented, guest Member created. Member-ticket path not exercised because this event's member price is $0; no paid-member-ticket event currently seeded.)* -- [ ] **Pre-registrant invite → accept flow** with paid tier (exercises Helcim customer creation during acceptance). *(Deferred 2026-04-19 — no-tiers refactor landing on a parallel worktree will replace the accept-invite payment flow; retest once that lands.)* +- [ ] **Pre-registrant invite → accept flow** with a paid contribution amount (exercises Helcim customer creation during acceptance). *(Refactor to arbitrary contribution amounts landed on `feature/contribution-amount-redesign` 2026-04-19; retest once that branch merges.)* +- [ ] **Contribution-amount redesign end-to-end** on `feature/contribution-amount-redesign` with Helcim sandbox: `/join` with arbitrary amount (incl. $0 and a non-preset like $17) for both Monthly and Annual cadence; `/member/account` edit contribution amount up and down; admin edit of a member's `contributionAmount` via `/admin/members/[id]`. Verify ×12 annual math on UI and on Helcim `subscription.recurringAmount`, guidance chips match via `findLast`, no "save $X" / "2 months free" copy anywhere. Run `node scripts/migrate-contribution-amount.cjs --apply` against local Mongo first so the test members have the new field. - [x] **Magic-link login** including 15-min expiry and jti burn on reuse. *(Verified 2026-04-19 against local dev + local Mongo. Target: `alex.rivera@pixelcollective.coop` (active, member role). Happy path: `POST /api/auth/login` → 200, `magicLinkJti` set, `magicLinkJtiUsed:false`; reconstructed token from stored jti + `NUXT_JWT_SECRET` and `POST /api/auth/verify` → 200 with `redirectUrl:/member/dashboard`, `auth-token` cookie set (httpOnly, Max-Age=604800, SameSite=Lax), `magicLinkJtiUsed:true`, `lastLogin` updated. Replay: same token re-POSTed → 401 at `verify.post.js:53` (jti-burn branch), Mongo state unchanged. Expiry: `jwt.sign({...},{expiresIn:'-1s'})` with fresh unburned jti on the member → 401 at `verify.post.js:22` (jwt.verify catch, before jti check), no mutation.)* - [x] **Guest event signup** — four branches: new email + consent, new email without consent, existing guest, existing active member. Confirms cookie only sets for new/guest, and confirmation email appends `/login` link for real members. *(Verified 2026-04-19 via tunnel with throwaway event + timestamped test emails; cleanup done.)* - [x] **Mobile responsive layout** — main chrome sidebar hides ≤768px (not ≤1024px as previously noted); in-page two-column layouts collapse at ≤1024px. Mobile header/drawer works on phone widths. *(Verified 2026-04-19.)* @@ -113,3 +116,10 @@ See `docs/TODO.md` for: - Members table NAME column clipping. - OWASP ASVS L1 Phase 4 (file-upload validation pipeline, granular RBAC, credential encryption). - `tickets/available.get.js:115` `memberSavings` block reports `$0 saved` for inactive members — cosmetic; suppress comparison block when `!hasMemberAccess(member)` if it ever surfaces in UI. + +### Contribution-amount redesign — cosmetic cleanup (cosmetic, ship post-launch if not caught in the PR) +- Rename admin members column header "Tier" → "Contribution" (`app/pages/admin/members/index.vue:265`). +- Delete dead `app/components/TierPicker.vue`. +- Update stale tier comment in `app/composables/useMemberPayment.js:59`. +- Update error log message referencing "tier" in `server/api/members/update-contribution.post.js:221`. +- Rename `handleUpdateTier` handler in `app/pages/member/account.vue`.