Accessibility fixes.

server/api/dev/member-login.get.js

@@ -1,41 +1,50 @@
-import jwt from 'jsonwebtoken'
-import Member from '../../models/member.js'
-import { connectDB } from '../../utils/mongoose.js'
+import jwt from "jsonwebtoken";
+import Member from "../../models/member.js";
+import { connectDB } from "../../utils/mongoose.js";
 
 export default defineEventHandler(async (event) => {
-  // Only allow in development
-  if (process.env.NODE_ENV === 'production') {
-    throw createError({ statusCode: 404, statusMessage: 'Not found' })
+  // Only allow in development, unless explicitly enabled for Playwright preview runs
+  if (
+    process.env.NODE_ENV === "production" &&
+    process.env.ALLOW_DEV_TEST_ENDPOINTS !== "true"
+  ) {
+    throw createError({ statusCode: 404, statusMessage: "Not found" });
   }
 
-  const query = getQuery(event)
-  const email = query.email
+  const query = getQuery(event);
+  const email = query.email;
 
   if (!email) {
-    throw createError({ statusCode: 400, statusMessage: 'email query param required' })
+    throw createError({
+      statusCode: 400,
+      statusMessage: "email query param required",
+    });
   }
 
-  await connectDB()
+  await connectDB();
 
-  const member = await Member.findOne({ email: email.toLowerCase() })
+  const member = await Member.findOne({ email: email.toLowerCase() });
 
   if (!member) {
-    throw createError({ statusCode: 404, statusMessage: `No member found with email: ${email}` })
+    throw createError({
+      statusCode: 404,
+      statusMessage: `No member found with email: ${email}`,
+    });
   }
 
-  const config = useRuntimeConfig(event)
+  const config = useRuntimeConfig(event);
   const token = jwt.sign(
     { memberId: member._id, email: member.email, tv: member.tokenVersion },
     config.jwtSecret,
-    { expiresIn: '7d' }
-  )
+    { expiresIn: "7d" },
+  );
 
-  setCookie(event, 'auth-token', token, {
+  setCookie(event, "auth-token", token, {
     httpOnly: true,
     secure: false,
-    sameSite: 'lax',
+    sameSite: "lax",
     maxAge: 60 * 60 * 24 * 7,
-  })
+  });
 
-  await sendRedirect(event, '/member/account', 302)
-})
+  await sendRedirect(event, "/member/account", 302);
+});

server/api/dev/members.get.js

@@ -1,19 +1,24 @@
-import Member from '../../models/member.js'
-import { connectDB } from '../../utils/mongoose.js'
+import Member from "../../models/member.js";
+import { connectDB } from "../../utils/mongoose.js";
 
 export default defineEventHandler(async () => {
-  if (process.env.NODE_ENV === 'production') {
-    throw createError({ statusCode: 404, statusMessage: 'Not found' })
+  if (
+    process.env.NODE_ENV === "production" &&
+    process.env.ALLOW_DEV_TEST_ENDPOINTS !== "true"
+  ) {
+    throw createError({ statusCode: 404, statusMessage: "Not found" });
   }
 
-  await connectDB()
+  await connectDB();
 
-  const members = await Member.find({}, 'name email circle role status').sort({ name: 1 }).lean()
+  const members = await Member.find({}, "name email circle role status")
+    .sort({ name: 1 })
+    .lean();
 
   return members.map((m) => ({
     label: `${m.name} (${m.email})`,
     value: m.email,
     circle: m.circle,
-    role: m.role
-  }))
-})
+    role: m.role,
+  }));
+});

server/api/dev/test-login.get.js

@@ -1,42 +1,45 @@
-import jwt from 'jsonwebtoken'
-import Member from '../../models/member.js'
-import { connectDB } from '../../utils/mongoose.js'
+import jwt from "jsonwebtoken";
+import Member from "../../models/member.js";
+import { connectDB } from "../../utils/mongoose.js";
 
 export default defineEventHandler(async (event) => {
-  // Only allow in development
-  if (process.env.NODE_ENV === 'production') {
-    throw createError({ statusCode: 404, statusMessage: 'Not found' })
+  // Only allow in development, unless explicitly enabled for Playwright preview runs
+  if (
+    process.env.NODE_ENV === "production" &&
+    process.env.ALLOW_DEV_TEST_ENDPOINTS !== "true"
+  ) {
+    throw createError({ statusCode: 404, statusMessage: "Not found" });
   }
 
-  await connectDB()
+  await connectDB();
 
   // Find or create a test admin user
-  let member = await Member.findOne({ email: 'test-admin@ghostguild.dev' })
+  let member = await Member.findOne({ email: "test-admin@ghostguild.dev" });
 
   if (!member) {
     member = await Member.create({
-      email: 'test-admin@ghostguild.dev',
-      name: 'Test Admin',
-      circle: 'founder',
-      contributionTier: '0',
-      role: 'admin',
-      status: 'active',
-    })
+      email: "test-admin@ghostguild.dev",
+      name: "Test Admin",
+      circle: "founder",
+      contributionTier: "0",
+      role: "admin",
+      status: "active",
+    });
   }
 
-  const config = useRuntimeConfig(event)
+  const config = useRuntimeConfig(event);
   const token = jwt.sign(
     { memberId: member._id, email: member.email, tv: member.tokenVersion },
     config.jwtSecret,
-    { expiresIn: '7d' }
-  )
+    { expiresIn: "7d" },
+  );
 
-  setCookie(event, 'auth-token', token, {
+  setCookie(event, "auth-token", token, {
     httpOnly: true,
     secure: false,
-    sameSite: 'lax',
+    sameSite: "lax",
     maxAge: 60 * 60 * 24 * 7,
-  })
+  });
 
-  await sendRedirect(event, '/admin', 302)
-})
+  await sendRedirect(event, "/admin", 302);
+});