Accessibility fixes.

2026-04-05 19:27:25 +01:00 · 2026-04-05 19:27:25 +01:00 · dae983734a
commit dae983734a
parent 689548e389
7 changed files with 201 additions and 140 deletions
--- a/server/api/dev/test-login.get.js
+++ b/server/api/dev/test-login.get.js
@ -1,42 +1,45 @@
-import jwt from 'jsonwebtoken'
-import Member from '../../models/member.js'
-import { connectDB } from '../../utils/mongoose.js'
+import jwt from "jsonwebtoken";
+import Member from "../../models/member.js";
+import { connectDB } from "../../utils/mongoose.js";

 export default defineEventHandler(async (event) => {
-  // Only allow in development
-  if (process.env.NODE_ENV === 'production') {
-    throw createError({ statusCode: 404, statusMessage: 'Not found' })
+  // Only allow in development, unless explicitly enabled for Playwright preview runs
+  if (
+    process.env.NODE_ENV === "production" &&
+    process.env.ALLOW_DEV_TEST_ENDPOINTS !== "true"
+  ) {
+    throw createError({ statusCode: 404, statusMessage: "Not found" });
  }

-  await connectDB()
+  await connectDB();

  // Find or create a test admin user
-  let member = await Member.findOne({ email: 'test-admin@ghostguild.dev' })
+  let member = await Member.findOne({ email: "test-admin@ghostguild.dev" });

  if (!member) {
    member = await Member.create({
-      email: 'test-admin@ghostguild.dev',
-      name: 'Test Admin',
-      circle: 'founder',
-      contributionTier: '0',
-      role: 'admin',
-      status: 'active',
-    })
+      email: "test-admin@ghostguild.dev",
+      name: "Test Admin",
+      circle: "founder",
+      contributionTier: "0",
+      role: "admin",
+      status: "active",
+    });
  }

-  const config = useRuntimeConfig(event)
+  const config = useRuntimeConfig(event);
  const token = jwt.sign(
    { memberId: member._id, email: member.email, tv: member.tokenVersion },
    config.jwtSecret,
-    { expiresIn: '7d' }
-  )
+    { expiresIn: "7d" },
+  );

-  setCookie(event, 'auth-token', token, {
+  setCookie(event, "auth-token", token, {
    httpOnly: true,
    secure: false,
-    sameSite: 'lax',
+    sameSite: "lax",
    maxAge: 60 * 60 * 24 * 7,
-  })
+  });

-  await sendRedirect(event, '/admin', 302)
-})
+  await sendRedirect(event, "/admin", 302);
+});