- Community connection happens in our Slack workspace, joined in monthly - onboarding waves — there may be a short wait after you join. -
- Slack workspace access is part of your membership. Invitations are - sent in monthly onboarding waves — we'll be in touch. + Slack workspace access is part of your membership. Your invitation + typically arrives within 2–3 weeks of joining.
diff --git a/docs/BACKLOG.md b/docs/BACKLOG.md deleted file mode 100644 index 90449ec..0000000 --- a/docs/BACKLOG.md +++ /dev/null @@ -1,100 +0,0 @@ -# Ghost Guild — Open Backlog - -_Last consolidated: 2026-04-30. Single source of truth for every open issue across the codebase. Pulls from `LAUNCH_READINESS.md`, `TODO.md`, the post-launch backlog memory, and a fresh sweep of in-code TODO/FIXME comments._ - -Cutover has not happened yet. Deploy steps live separately in [`LAUNCH_READINESS.md`](./LAUNCH_READINESS.md). - ---- - -## Pre-cutover (do once) - -Operational steps that have to run during cutover. Full details + env-var list in [`LAUNCH_READINESS.md`](./LAUNCH_READINESS.md). - -- [ ] Provision the Dokploy app, set env vars (full list in LAUNCH_READINESS.md), confirm `BASE_URL` exact-matches the public origin and `NODE_ENV=production`. -- [ ] Add the daily Dokploy Scheduled Task that POSTs to `/api/internal/reconcile-payments` with `X-Reconcile-Token`. -- [ ] **Run `node scripts/migrate-contribution-amount.cjs --apply` against prod Mongo BEFORE the new code serves traffic.** -- [ ] Set `NUXT_HELCIM_MONTHLY_PLAN_ID=50302` and `NUXT_HELCIM_ANNUAL_PLAN_ID=50303` in Dokploy. -- [ ] Set `NUXT_RECONCILE_TOKEN` to a 32+ char random string. -- [ ] Push local `main` to `origin/main`. -- [ ] Deploy. -- [ ] **Run `node scripts/reconcile-helcim-payments.mjs --apply` against prod Mongo AFTER the new code serves traffic.** -- [ ] Audit prod for pre-fix series-pass bypass registrations (registrations on pass-only series children with `registeredAt < 2026-04-20` from non-pass-holders). Decide per case. -- [ ] In Helcim dashboard: disable the default payment-confirmation email for plans 50302 + 50303 (we send our own CRA-safe version via Resend). -- [ ] Run one real test charge and verify (a) Payment doc in Mongo and (b) exactly one CRA-compliant confirmation email. -- [ ] Rotate `HELCIM_API_TOKEN` in the Helcim merchant portal and update the Dokploy env var. -- [ ] Trigger the daily reconcile task once manually in Dokploy to confirm it's wired correctly. - -## Pilot smoke walks (before first wave) - -Once cutover lands, before the first Slack onboarding wave goes out: - -- [ ] **Pilot smoke walk for Slack-invited workflow.** One admin manually clicks "Mark as Slack invited" against a real test member in production, confirms the row updates in place, and confirms the dashboard "Slack coming" note disappears for that member. Unit tests cover the pieces; nothing covers the live admin-to-member round-trip. - ---- - -## Bylaws-decoupling (waiting on amendment ratification) - -Membership status is being decoupled from payment status. Copy + UI gates already align; behavioral changes below remain. - -- [ ] **B1.** `server/api/members/cancel-subscription.post.js:31,48` flips status to `pending_payment` on cancel. Under the new bylaws, cancellation should keep status `active` (just zero contribution). Update the `findByIdAndUpdate` payload + response, the comment at line 26, and add coverage in `tests/server/api/cancel-subscription.test.js`. -- ~~B3 cancelled.~~ `pending_payment` stays. -- ~~B4 admin "Pending Payment" → "Payment setup incomplete"~~ shipped 2026-04-29 (`59d2be2`). - ---- - -## Known gotchas (post-launch) - -- **Admin edit does not sync Helcim `recurringAmount`.** `/admin/members/[id]` PUT writes `contributionAmount` direct to Mongo by design. Admins must PATCH Helcim manually. The admin form already shows an `--ember`-bordered notice (commit `e756170`); a real sync flow is a future enhancement. -- **Cadence switch rejected on active subscriptions.** `server/api/members/update-contribution.post.js:206` refuses cadence changes mid-subscription with a TODO comment pointing here. No UI toggle exists on `/member/account`. Adding cadence switch requires a Helcim subscription replacement flow, not a plain update. -- **S2 test fixture id/slug mismatch (local dev only).** Seeded S2 series has `id: 'test-s2-drop-in-allowed'` but `slug: 'test-s2-drop-in-allowed-series'`. Doesn't affect prod — fix the seed script if anyone re-runs fixtures. - ---- - -## Accessibility / a11y - -- [ ] **Button minimum target size.** Site-wide `.btn` renders ~35px tall. WCAG AA 2.5.8 (24×24) passes; AAA 2.5.5 (44×44) fails. Bumping padding affects every button — design call, not a drop-in fix. Flagged 2026-04-11. - ---- - -## Deferred features (own session each) - -- [ ] **Email automation system.** Patterned after Tranzac's implementation (separate project, already built). HTML email bodies with template management and drip sequences. Deferred 2026-04-20 — ruled wasted work given the larger system is designed elsewhere. Current transactional email lives in `server/utils/resend.js` + inline in `server/api/auth/login.post.js`, `server/routes/oidc/interaction/login.post.ts`, `server/api/admin/{members,pre-registrants}/invite.post.js`. Copy dump at `docs/email-copy-dump.md`. See memory: `project_email_automation_future`. -- [ ] **Receipts for event ticket purchases (Phase 2).** Phase 1 receipts only cover membership payments. Event tickets — especially guest purchases without member accounts — need a receipt flow. Likely an emailed PDF/HTML receipt at purchase time. Build target: June–Oct 2026, live Jan 2027. See memory: `project_receipts`. -- [ ] **Series/event waitlist.** Admin can configure `tickets.waitlist.enabled` and `maxSize`; `server/utils/tickets.js` returns `waitlistAvailable: true` when full; `app/components/SeriesPassPurchase.vue:341` and `EventTicketPurchase.vue` have stub `handleJoinWaitlist` that toasts "Waitlist Coming Soon." No server endpoint, no confirmation email, no `event_waitlisted` activity hook. Either implement end-to-end or hide the button by removing the `v-if="availability?.waitlistAvailable"` branches in `EventSeriesTicketCard.vue:175` and `EventTicketCard.vue:73`. -- [ ] **ASVS Phase 4.** File-upload validation pipeline, granular RBAC, credential encryption. - ---- - -## Wave-Slack pilot follow-ups - -- [ ] **E2E coverage for `e2e/wave-slack-onboarding.spec.js`.** 16 scaffolded tests, all `.skip`ed with TODOs. Filling them in needs fixture work the spec didn't scope. Test 7.8 (final copy match) and 6.9 (sortable column / "no Slack yet" filter) gated on Open Questions in the test plan. Defer until pilot wraps unless a regression surfaces. -- [ ] **Pilot exit decision (~8 weeks post-launch).** Either restore `server/_archive/utils/checkSlackJoins.js` + its plugin if polling is needed, or delete the archive permanently. Driven by whether the manual-invite cadence is sustainable post-pilot. -- [ ] **`slack_invite_failed` enum slug cleanup.** Detector and alert removed in `d15458b`, but the slug remains in `server/models/adminAlertDismissal.js` enum so historical dismissal rows continue to validate. Full removal needs a one-shot cleanup of stale dismissal rows in the DB. Roll into a future schema-tidy pass. - ---- - -## Simplify-pass follow-ups (still open) - -Items surfaced during the 2026-04-29 /simplify review. The 2026-04-30 small-wins batch shipped 3 items (STATUS_LABELS dedup, ImageUpload focus, signupBridge rename). Remaining: - -- [ ] **Extract `.tint-candle` / `.tint-ember` utility classes.** The `color-mix(in srgb, var(--candle) 15%, transparent)` + matching border pattern is now inlined as `style=""` in ~9 sites across `EventSeriesTicketCard.vue`, `SeriesPassPurchase.vue`, `NaturalDateInput.vue`, `ImageUpload.vue`. Promote to utility classes in `app/assets/css/main.css` so future tints don't keep multiplying inline styles (and so `:hover` / `:focus` variants are reachable). -- [ ] **Audit `member &&` truthy checks in sibling ticket/subscription routes.** Commit `f66455e` fixed `server/api/events/[id]/tickets/available.get.js:115` to use `hasMemberAccess(member)`. Same anti-pattern likely exists in adjacent routes (`tickets/purchase.post.js`, subscription endpoints). Guests/suspended/cancelled members would currently look like full members for any feature gated on truthiness alone. - ---- - -## Optional / low-priority - -- [ ] **Welcome-email Slack-timing mention.** Currently the welcome email doesn't mention Slack timing — the dashboard carries that note. Could add a one-line "Slack invitation comes in monthly waves — there may be a short wait" if the dashboard turns out not to be enough signal. - ---- - -## Deeplink memories - -- `project_post_launch_backlog.md` — high-level digest of this file -- `project_launch_readiness.md` — cutover status (NOT YET happened) -- `project_launch_flow_map.md` — onboarding flow + Slack wave model -- `project_pre_registrants.md` — invitation system + pre-reg lifecycle -- `project_helcim_plan_model.md` — cadence-keyed plan model -- `project_contribution_amount_redesign.md` — arbitrary $ amount + guidance presets -- `project_receipts.md` — Phase 1 done, Phase 2 pending -- `project_email_automation_future.md` — Tranzac reference for full system diff --git a/docs/LAUNCH_READINESS.md b/docs/LAUNCH_READINESS.md index 410e4b1..2fdacdf 100644 --- a/docs/LAUNCH_READINESS.md +++ b/docs/LAUNCH_READINESS.md @@ -1,8 +1,8 @@ # Launch Readiness -**Status as of 2026-04-30. Cutover has not happened yet.** Code is on local `main`; deploy steps below still need to execute. +**Status as of 2026-04-20.** Target launch: before 2026-05-01. -Pre-cutover deploy checklist is the live content on this page. Everything else (post-launch work, bylaws decoupling, deferred features, simplify follow-ups, a11y) lives in [`BACKLOG.md`](./BACKLOG.md). Completed launch-blocker items are archived — see `~/.claude/projects/-Users-jennie-Sites-ghostguild-org/memory/project_launch_readiness_archive.md`. +Single source of truth for work remaining before cutover. P0 blocks launch; P1 is strongly preferred but survivable. Completed items are archived — see `~/.claude/projects/-Users-jennie-Sites-ghostguild-org/memory/project_launch_readiness_archive.md`. Post-launch backlog lives in `docs/TODO.md`. --- @@ -106,7 +106,60 @@ None outstanding. All launch-blocking flows verified via local dev or cloudflare --- -## Post-launch & deferred work +## Bylaws decoupling — follow-ups (added 2026-04-18) -Bylaws decoupling, post-launch a11y, ASVS Phase 4, deferred features, simplify-pass follow-ups, known gotchas, wave-Slack pilot follow-ups — **everything that isn't a deploy step has moved to [`BACKLOG.md`](./BACKLOG.md).** +Context: bylaws are being amended to remove automatic termination for nonpayment. Membership status will be fully decoupled from payment status; failed payments trigger committee outreach, not status change. Copy + UI access gates already aligned in `useMemberStatus.js` and `account.vue` (2026-04-18). Server-side status gating shipped as B2 (see archive). The behavioral changes below remain. + +Not blocking launch — the amendment hasn't passed yet, and the user-visible copy/UI is already consistent. Pick up once the amendment is ratified. + +### B1. `cancel-subscription` flips status to `pending_payment` +- `server/api/members/cancel-subscription.post.js:31,48` +- When a member cancels their paid subscription, status is set to `pending_payment` and contribution amount to `0`. Under the new model, cancelling a payment plan moves the member to the $0 contribution — status should stay `active`. +- **Fix:** change `status: 'pending_payment'` → `status: 'active'` in both the `findByIdAndUpdate` payload (line 31) and the response (line 48). Comment at line 26 also needs updating ("(not cancelled) so member can re-subscribe" → reflect new framing). +- Add coverage in `tests/server/api/cancel-subscription.test.js` if it doesn't already exist. + +### B3. Vestigial `pending_payment` status +- Once payment is fully decoupled, `pending_payment` no longer gates anything and is functionally equivalent to `active`. Consider removing it from the enum (`server/models/member.js:38`, `server/utils/schemas.js:299`) and treating new signups as `active` from the moment of account creation. +- Touches: signup flow (`helcim/customer.post.js:34`, `invite/accept.post.js:48`), admin filter UI (`app/pages/admin/members/index.vue:45,382,499,1145`, `[id].vue:69,286`), admin alerts (`server/utils/adminAlerts.js:22,100-116`, `server/models/adminAlertDismissal.js:6`), and a data migration to flip existing `pending_payment` rows to `active`. +- Larger refactor — break out into its own ticket once B1 lands. + +### B4. Admin "Pending Payment" filter label (cosmetic) +- `app/pages/admin/members/index.vue:45,499`, `[id].vue:69` show `pending_payment` as "Pending Payment". If B3 removes the status entirely, this disappears too. If we keep `pending_payment` for now, rename in admin UI to "Payment setup incomplete" so admins also stop conflating it with membership state. + +--- + +## Post-launch backlog + +See `docs/TODO.md` for: +- Button minimum target size (WCAG AAA 2.5.5). +- ~~`/oidc/interaction/[uid]` routing quirk~~ — fixed 2026-04-29 (commit `23154ff`); root cause was `oidc-provider`'s `devInteractions` overriding our custom `interactions.url`. +- ~~Admin layout migration from `guild-*` tokens to zine spec~~ — verified clean 2026-04-29; grep for `guild-[0-9]|candlelight-[0-9]|ember-[0-9]` across `app/layouts/`, `app/pages/admin/`, `app/components/admin/` returns zero matches. All tokens already converted. +- ~~Admin dashboard quick-action button contrast~~ — verified stale 2026-04-29. +- ~~Members table NAME column clipping~~ — verified stale 2026-04-29. +- OWASP ASVS L1 Phase 4 (file-upload validation pipeline, granular RBAC, credential encryption). +- ~~`tickets/available.get.js:115` `memberSavings` block reports `$0 saved` for inactive members~~ — fixed 2026-04-29 (commit `f66455e`); `memberSavings` now gated on `hasMemberAccess(member)`. +- Simplify-pass follow-ups (2026-04-25): SHIPPED 2026-04-27 on branch `chore/simplify-pass-follow-ups` (pending merge). See `~/.claude/projects/-Users-jennie-Sites-ghostguild-org/memory/project_simplify_pass_2026_04_25.md`. +- ~~Reconcile `customerCode` bug~~ — fixed on `main` in commit `3c38333` ("pass customerCode (not helcimCustomerId) to Helcim transactions API"). Verified in `server/api/internal/reconcile-payments.post.js:97`. +- ~~Drive-by from 2026-04-29 phantom-Tailwind sweep: `app/components/EventSeriesBadge.vue` has zero usages~~ — deleted 2026-04-29 (commit `f85f284`); 81 lines removed. +- Simplify-pass follow-ups (2026-04-29): smallest wins shipped in commit `26791cc`; deferred items (rename `setPaymentBridgeCookie`, dedup admin `STATUS_LABELS`, extract `.tint-candle`/`.tint-ember` utilities, audit `member &&` truthy checks in sibling routes, restore `ImageUpload` alt-text input focus styling) tracked in `docs/TODO.md` § _Simplify-pass follow-ups — 2026-04-29_. + +### Known gotchas worth addressing post-launch + +- **Admin edit does not sync Helcim `recurringAmount`.** `/admin/members/[id]` PUT writes `contributionAmount` direct to Mongo by design. Admins must PATCH Helcim manually. Worth surfacing in admin UI or docs. +- **Cadence switch rejected on active subscriptions.** `update-contribution.post.js:184-189` refuses cadence changes mid-subscription; no UI toggle exists on `/member/account`. Adding cadence switch would require a Helcim subscription replacement flow, not a plain update. +- **S2 test fixture `id`/`slug` inconsistency.** (Local dev only.) Seeded S2 series has `id: 'test-s2-drop-in-allowed'` but `slug: 'test-s2-drop-in-allowed-series'`. Doesn't affect prod — fix the seed script if anyone re-runs fixtures and is confused why `id`-based Mongo queries return empty. + +### Events-surface visual audit — deferred items (2026-04-21) + +Context: Phase 4 audit against `docs/specs/events-visual-audit-findings.md` fixed all critical phantom-palette, rounded-corner, CTA-mismatch, and input-styling issues across `EventTicketCard`, `EventTicketPurchase`, `EventSeriesTicketCard`, `SeriesPassPurchase`. Items below were explicitly deferred or out of reach. + +- ~~**Success-state color convention (4 instances).**~~ Resolved 2026-04-29: gold (`--candle`) chosen as zine-consistent. Phantom-Tailwind cleanup shipped in `dc2becf` (`EventSeriesTicketCard.vue` + `SeriesPassPurchase.vue` member-benefit notice). +- ~~**Sidebar breakpoint unverified.**~~ Verified clean 2026-04-29 — `.events-mini` hides at ≤1024px cleanly across 1023/1024/1025/1100. Actual rule lives in `EventsMiniSidebar.vue:129` + `ColumnsLayout.vue:83` (audit doc cited the wrong line). +- ~~**`EventTicketPurchase.vue:469` magic padding.**~~ Fixed 2026-04-29 (commit `7e44809`); consent block now uses a grid approach. +- ~~**`.section-label` extraction candidate.**~~ Verified 2026-04-29 — utility already exists at `main.css:128` and is used in 30+ places. Two scoped overrides intentionally diverge. +- ~~**Past-events toggle component.**~~ Audited 2026-04-29 — consistent with the design system (dashed-border button, gold active state, valid `aria-pressed` toggle). Added missing `:focus-visible` outline in commit `dadec1a`; no other changes warranted. + +### Contribution-amount redesign — cosmetic cleanup (naming only, not behavior) + +SHIPPED 2026-04-29 in commit `955217a` (admin column header, dropdown labels, handler rename, log message). diff --git a/server/api/helcim/customer.post.js b/server/api/helcim/customer.post.js index 28ceda3..d0fc95d 100644 --- a/server/api/helcim/customer.post.js +++ b/server/api/helcim/customer.post.js @@ -2,9 +2,8 @@ import { getRequestHeader, getRequestIP } from 'h3' import Member from '../../models/member.js' import { connectDB } from '../../utils/mongoose.js' import { createHelcimCustomer } from '../../utils/helcim.js' -import PreRegistration from '../../models/preRegistration.js' import { sendMagicLink } from '../../utils/magicLink.js' -import { setSignupBridgeCookie } from '../../utils/auth.js' +import { setPaymentBridgeCookie } from '../../utils/auth.js' import { rateLimit } from '../../utils/rateLimit.js' export default defineEventHandler(async (event) => { @@ -83,32 +82,6 @@ export default defineEventHandler(async (event) => { }) } - // If this email matches a pending pre-registrant, mark the PreRegistration - // as accepted and link it to the new Member. Silent — keeps /join and - // /admin/pre-registrants from showing the same person twice. - try { - const preReg = await PreRegistration.findOne({ email: normalizedEmail }) - if ( - preReg && - !preReg.memberId && - ['pending', 'selected', 'invited'].includes(preReg.status) - ) { - await PreRegistration.findByIdAndUpdate( - preReg._id, - { - $set: { - status: 'accepted', - acceptedAt: new Date(), - memberId: member._id, - }, - }, - { runValidators: false } - ) - } - } catch (linkError) { - console.error('Failed to link PreRegistration to new member:', linkError) - } - await sendMagicLink(normalizedEmail, { subject: 'Verify your Ghost Guild signup', intro: 'Verify your email to finish your Ghost Guild signup:', @@ -116,10 +89,10 @@ export default defineEventHandler(async (event) => { }) // Signup completes (paid checkout or free activation) before the magic - // link is clicked, so issue a short-lived signup-bridge cookie that lets - // /api/helcim/initialize-payment and /api/helcim/subscription identify - // the member without a verified auth session. - setSignupBridgeCookie(event, member) + // link is clicked, so issue a short-lived, payment-only bridge cookie + // that lets /api/helcim/initialize-payment and /api/helcim/subscription + // identify the member without a verified auth session. + setPaymentBridgeCookie(event, member) return { success: true, diff --git a/server/api/helcim/initialize-payment.post.js b/server/api/helcim/initialize-payment.post.js index 3826b08..a01b8d0 100644 --- a/server/api/helcim/initialize-payment.post.js +++ b/server/api/helcim/initialize-payment.post.js @@ -2,7 +2,7 @@ import Member from '../../models/member.js' import { loadPublicEvent } from '../../utils/loadEvent.js' import { loadPublicSeries } from '../../utils/loadSeries.js' import { calculateTicketPrice, calculateSeriesTicketPrice, hasMemberAccess } from '../../utils/tickets.js' -import { requireAuth, getOptionalMember, getSignupBridgeMember } from '../../utils/auth.js' +import { requireAuth, getOptionalMember, getPaymentBridgeMember } from '../../utils/auth.js' import { initializeHelcimPaySession } from '../../utils/helcim.js' export default defineEventHandler(async (event) => { @@ -17,7 +17,7 @@ export default defineEventHandler(async (event) => { if (!isTicket) { if (isMembershipSignup) { - const bridgeMember = await getSignupBridgeMember(event) + const bridgeMember = await getPaymentBridgeMember(event) if (!bridgeMember) { await requireAuth(event) } diff --git a/server/api/helcim/subscription.post.js b/server/api/helcim/subscription.post.js index d02846f..577e264 100644 --- a/server/api/helcim/subscription.post.js +++ b/server/api/helcim/subscription.post.js @@ -3,7 +3,7 @@ import { getHelcimPlanId, requiresPayment } from '../../config/contributions.js' import Member from '../../models/member.js' import { connectDB } from '../../utils/mongoose.js' import { getSlackService } from '../../utils/slack.ts' -import { requireAuth, getSignupBridgeMember } from '../../utils/auth.js' +import { requireAuth, getPaymentBridgeMember } from '../../utils/auth.js' import { createHelcimSubscription, generateIdempotencyKey, listHelcimCustomerTransactions } from '../../utils/helcim.js' import { sendWelcomeEmail } from '../../utils/resend.js' import { upsertPaymentFromHelcim } from '../../utils/payments.js' @@ -11,8 +11,8 @@ import { upsertPaymentFromHelcim } from '../../utils/payments.js' export default defineEventHandler(async (event) => { try { // Membership signup completes subscription before email verify; allow the - // signup-bridge cookie set by /api/helcim/customer to satisfy auth here. - const bridgeMember = await getSignupBridgeMember(event) + // payment-bridge cookie set by /api/helcim/customer to satisfy auth here. + const bridgeMember = await getPaymentBridgeMember(event) if (!bridgeMember) { await requireAuth(event) } diff --git a/server/api/invite/accept.post.js b/server/api/invite/accept.post.js index 27e5109..84d5db6 100644 --- a/server/api/invite/accept.post.js +++ b/server/api/invite/accept.post.js @@ -5,7 +5,6 @@ import { connectDB } from '../../utils/mongoose.js' import { setAuthCookie } from '../../utils/auth.js' import { assignMemberNumber } from '../../utils/memberNumber.js' import { createHelcimCustomer } from '../../utils/helcim.js' -import { sendWelcomeEmail } from '../../utils/resend.js' export default defineEventHandler(async (event) => { const body = await validateBody(event, inviteAcceptSchema) @@ -89,15 +88,6 @@ export default defineEventHandler(async (event) => { // For free tier, redirect to welcome if (body.contributionAmount === 0) { await autoFlagPreExistingSlackAccess(member) - try { - await sendWelcomeEmail(member) - logActivity(member._id, 'email_sent', { - emailType: 'welcome', - subject: 'Welcome to Ghost Guild' - }) - } catch (emailError) { - console.error('Failed to send welcome email:', emailError) - } return { success: true, requiresPayment: false, diff --git a/server/utils/auth.js b/server/utils/auth.js index 6603d6d..1876636 100644 --- a/server/utils/auth.js +++ b/server/utils/auth.js @@ -23,27 +23,26 @@ export function setAuthCookie(event, member) { } /** - * Issue a 30-minute signup-bridge cookie scoped to membership-signup flow. + * Issue a 30-minute payment-bridge cookie scoped to membership-signup checkout. * * The signup flow (POST /api/helcim/customer) defers the full session cookie - * to email-verify (magic link). The bridge cookie lets the in-progress signup - * complete its activation step (free or paid) before that magic link is - * clicked: /api/helcim/subscription accepts it for $0 activation, and - * /api/helcim/initialize-payment accepts it for paid Helcim checkout. - * The cookie is NOT honored by requireAuth and grants nothing else. + * to email-verify (magic link). For paid tiers the user still needs to complete + * Helcim checkout in the same browser tab — this short-lived, payment-only + * token lets `/api/helcim/initialize-payment` accept the call without a full + * session. The cookie is NOT honored by requireAuth and grants nothing else. */ -export function setSignupBridgeCookie(event, member) { +export function setPaymentBridgeCookie(event, member) { const token = jwt.sign( { memberId: member._id.toString(), email: member.email, - scope: 'signup_bridge' + scope: 'payment_bridge' }, useRuntimeConfig(event).jwtSecret, { expiresIn: '30m' } ) - setCookie(event, 'signup-bridge', token, { + setCookie(event, 'payment-bridge', token, { httpOnly: true, secure: process.env.NODE_ENV === 'production', sameSite: 'lax', @@ -53,12 +52,12 @@ export function setSignupBridgeCookie(event, member) { } /** - * Verify a signup-bridge cookie and return the associated Member, or null. - * Used by /api/helcim/subscription and /api/helcim/initialize-payment to - * let the in-progress signup complete activation before email verification. + * Verify a payment-bridge cookie and return the associated Member, or null. + * Used by /api/helcim/initialize-payment to allow the membership-signup + * checkout to proceed before email verification. */ -export async function getSignupBridgeMember(event) { - const token = getCookie(event, 'signup-bridge') +export async function getPaymentBridgeMember(event) { + const token = getCookie(event, 'payment-bridge') if (!token) return null let decoded @@ -68,7 +67,7 @@ export async function getSignupBridgeMember(event) { return null } - if (decoded.scope !== 'signup_bridge') return null + if (decoded.scope !== 'payment_bridge') return null await connectDB() const member = await Member.findById(decoded.memberId) diff --git a/server/utils/resend.js b/server/utils/resend.js index ce79e94..e3cada2 100644 --- a/server/utils/resend.js +++ b/server/utils/resend.js @@ -282,7 +282,7 @@ Welcome to Ghost Guild! You're now part of the ${member.circle} circle. Sign in to your dashboard to get started: ${baseUrl}/member/dashboard -If you have questions, just reply to this email.`, +If you have questions, reach out to jennie + eileen on Slack or reply to this email.`, }); if (error) { diff --git a/tests/server/api/activation-auto-flag.test.js b/tests/server/api/activation-auto-flag.test.js index 2895506..bcf7493 100644 --- a/tests/server/api/activation-auto-flag.test.js +++ b/tests/server/api/activation-auto-flag.test.js @@ -45,7 +45,7 @@ vi.mock('../../../server/models/preRegistration.js', () => ({ vi.mock('../../../server/utils/mongoose.js', () => ({ connectDB: vi.fn() })) vi.mock('../../../server/utils/auth.js', () => ({ requireAuth: vi.fn(), - getSignupBridgeMember: vi.fn().mockResolvedValue(null), + getPaymentBridgeMember: vi.fn().mockResolvedValue(null), setAuthCookie: vi.fn() })) vi.mock('../../../server/utils/slack.ts', () => ({ diff --git a/tests/server/api/free-signup-flow.test.js b/tests/server/api/free-signup-flow.test.js index b95b752..521c0b2 100644 --- a/tests/server/api/free-signup-flow.test.js +++ b/tests/server/api/free-signup-flow.test.js @@ -20,9 +20,6 @@ vi.mock('../../../server/models/member.js', () => ({ findOneAndUpdate: vi.fn() } })) -vi.mock('../../../server/models/preRegistration.js', () => ({ - default: { findOne: vi.fn().mockResolvedValue(null), findByIdAndUpdate: vi.fn() } -})) vi.mock('../../../server/utils/mongoose.js', () => ({ connectDB: vi.fn() })) vi.mock('../../../server/utils/helcim.js', () => ({ createHelcimCustomer: vi.fn(), @@ -60,9 +57,9 @@ const SUBSCRIPTION_BODY = { function extractBridgeCookie(event) { const setCookie = event.node.res.getHeader('set-cookie') const cookies = Array.isArray(setCookie) ? setCookie : [setCookie].filter(Boolean) - const match = cookies.find(c => typeof c === 'string' && c.startsWith('signup-bridge=')) + const match = cookies.find(c => typeof c === 'string' && c.startsWith('payment-bridge=')) if (!match) return null - return match.match(/signup-bridge=([^;]+)/)[1] + return match.match(/payment-bridge=([^;]+)/)[1] } describe('signup → subscription bridge-cookie hand-off', () => { @@ -104,7 +101,7 @@ describe('signup → subscription bridge-cookie hand-off', () => { expect(result1.member.status).toBe('pending_payment') const bridgeToken = extractBridgeCookie(customerEvent) - expect(bridgeToken, 'signup-bridge cookie missing on $0 signup').toBeTruthy() + expect(bridgeToken, 'payment-bridge cookie missing on $0 signup').toBeTruthy() Member.findOneAndUpdate.mockResolvedValue({ _id: MEMBER_ID, status: 'pending_payment' }) Member.findById.mockResolvedValue({ @@ -120,7 +117,7 @@ describe('signup → subscription bridge-cookie hand-off', () => { method: 'POST', path: '/api/helcim/subscription', headers: { origin: ALLOWED_ORIGIN }, - cookies: { 'signup-bridge': bridgeToken }, + cookies: { 'payment-bridge': bridgeToken }, body: SUBSCRIPTION_BODY }) diff --git a/tests/server/api/helcim-customer.test.js b/tests/server/api/helcim-customer.test.js index 2aa6ae3..cba7df5 100644 --- a/tests/server/api/helcim-customer.test.js +++ b/tests/server/api/helcim-customer.test.js @@ -3,7 +3,7 @@ import { describe, it, expect, vi, beforeEach } from 'vitest' import Member from '../../../server/models/member.js' import { createHelcimCustomer } from '../../../server/utils/helcim.js' import { sendMagicLink } from '../../../server/utils/magicLink.js' -import { setAuthCookie, setSignupBridgeCookie } from '../../../server/utils/auth.js' +import { setAuthCookie, setPaymentBridgeCookie } from '../../../server/utils/auth.js' import customerHandler from '../../../server/api/helcim/customer.post.js' import { resetRateLimit } from '../../../server/utils/rateLimit.js' import { createMockEvent } from '../helpers/createMockEvent.js' @@ -12,9 +12,6 @@ import { createMockEvent } from '../helpers/createMockEvent.js' vi.mock('../../../server/models/member.js', () => ({ default: { findOne: vi.fn(), create: vi.fn(), findByIdAndUpdate: vi.fn() } })) -vi.mock('../../../server/models/preRegistration.js', () => ({ - default: { findOne: vi.fn().mockResolvedValue(null), findByIdAndUpdate: vi.fn() } -})) vi.mock('../../../server/utils/mongoose.js', () => ({ connectDB: vi.fn() })) vi.mock('../../../server/utils/helcim.js', () => ({ createHelcimCustomer: vi.fn() @@ -24,7 +21,7 @@ vi.mock('../../../server/utils/magicLink.js', () => ({ })) vi.mock('../../../server/utils/auth.js', () => ({ setAuthCookie: vi.fn(), - setSignupBridgeCookie: vi.fn() + setPaymentBridgeCookie: vi.fn() })) // helcimCustomerSchema is auto-imported in the handler — stub it to a passthrough @@ -303,7 +300,7 @@ describe('POST /api/helcim/customer', () => { 'guest@example.com', expect.objectContaining({ subject: 'Verify your Ghost Guild signup' }) ) - expect(setSignupBridgeCookie).toHaveBeenCalled() + expect(setPaymentBridgeCookie).toHaveBeenCalled() expect(setAuthCookie).not.toHaveBeenCalled() // Response shape mirrors new-signup case AND surfaces the preserved _id. @@ -365,7 +362,7 @@ describe('POST /api/helcim/customer', () => { ) }) - it('sets a signup-bridge cookie on paid-tier signup so checkout can proceed', async () => { + it('sets a payment-bridge cookie on paid-tier signup so checkout can proceed', async () => { const event = build({ body: { name: 'Paid User', @@ -376,7 +373,7 @@ describe('POST /api/helcim/customer', () => { } }) await customerHandler(event) - expect(setSignupBridgeCookie).toHaveBeenCalled() + expect(setPaymentBridgeCookie).toHaveBeenCalled() expect(sendMagicLink).toHaveBeenCalledWith( 'paid@example.com', expect.objectContaining({ subject: 'Verify your Ghost Guild signup' }) diff --git a/tests/server/api/helcim-subscription.test.js b/tests/server/api/helcim-subscription.test.js index 6845cd4..8e6bc77 100644 --- a/tests/server/api/helcim-subscription.test.js +++ b/tests/server/api/helcim-subscription.test.js @@ -15,7 +15,7 @@ vi.mock('../../../server/models/member.js', () => ({ vi.mock('../../../server/utils/mongoose.js', () => ({ connectDB: vi.fn() })) vi.mock('../../../server/utils/auth.js', () => ({ requireAuth: vi.fn(), - getSignupBridgeMember: vi.fn().mockResolvedValue(null) + getPaymentBridgeMember: vi.fn().mockResolvedValue(null) })) vi.mock('../../../server/utils/slack.ts', () => ({ getSlackService: vi.fn().mockReturnValue(null)