From c0dcfac1736ad9d2056c7b3963b63d6e5ee55048 Mon Sep 17 00:00:00 2001
From: Jennie Robinson Faber <jennie@jenniefaber.com>
Date: Thu, 19 Mar 2026 10:48:00 +0000
Subject: [PATCH] Redirect invite logins to wiki, regular logins to /members

Invite tokens now include a redirect claim so the verify endpoint
can distinguish them from regular login tokens. Only invite links
redirect to wiki.ghostguild.org; normal logins go to /members.
---
 server/api/admin/members/invite.post.js | 2 +-
 server/api/auth/verify.get.js           | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/server/api/admin/members/invite.post.js b/server/api/admin/members/invite.post.js
index e4685bf..6993f7a 100644
--- a/server/api/admin/members/invite.post.js
+++ b/server/api/admin/members/invite.post.js
@@ -31,7 +31,7 @@ export default defineEventHandler(async (event) => {
     try {
       // Generate 48-hour magic login token (same format as login.post.js)
       const token = jwt.sign(
-        { memberId: member._id },
+        { memberId: member._id, redirect: 'wiki' },
         config.jwtSecret,
         { expiresIn: '48h' }
       )
diff --git a/server/api/auth/verify.get.js b/server/api/auth/verify.get.js
index 57dda9a..db316d9 100644
--- a/server/api/auth/verify.get.js
+++ b/server/api/auth/verify.get.js
@@ -52,8 +52,11 @@ export default defineEventHandler(async (event) => {
       maxAge: 60 * 60 * 24 * 7 // 7 days
     })
     
-    // Redirect to the wiki
-    await sendRedirect(event, 'https://wiki.ghostguild.org', 302)
+    // Redirect to wiki for invite links, /members for regular logins
+    const redirectUrl = decoded.redirect === 'wiki'
+      ? 'https://wiki.ghostguild.org'
+      : '/members'
+    await sendRedirect(event, redirectUrl, 302)
     
   } catch (err) {
     if (err.statusCode && err.statusCode !== 401) {