jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ghostguild-org/server/api/admin/events.post.js
Jennie Robinson Faber b7279f57d1 Add Zod validation, fix mass assignment, remove test endpoints and dead code 
- Add centralized Zod schemas (server/utils/schemas.js) and validateBody
  utility for all API endpoints
- Fix critical mass assignment in member creation: raw body no longer
  passed to new Member(), only validated fields (email, name, circle,
  contributionTier) are accepted
- Apply Zod validation to login, profile patch, event registration,
  updates, verify-payment, and admin event creation endpoints
- Fix logout cookie flags to match login (httpOnly: true, secure
  conditional on NODE_ENV)
- Delete unauthenticated test/debug endpoints (test-connection,
  test-subscription, test-bot)
- Remove sensitive console.log statements from Helcim and member
  endpoints
- Remove unused bcryptjs dependency
- Add 10MB file size limit on image uploads
- Use runtime config for JWT secret across all endpoints
- Add 38 validation tests (117 total, all passing)
2026-03-01 14:02:46 +00:00

60 lines
1.9 KiB
JavaScript
Raw Blame History

import Event from "../../models/event.js";
import { connectDB } from "../../utils/mongoose.js";
import { requireAdmin } from "../../utils/auth.js";
import { validateBody } from "../../utils/validateBody.js";
import { adminEventCreateSchema } from "../../utils/schemas.js";
export default defineEventHandler(async (event) => {
try {
const admin = await requireAdmin(event);
const body = await validateBody(event, adminEventCreateSchema);
await connectDB();
const eventData = {
...body,
createdBy: admin.email,
startDate: new Date(body.startDate),
endDate: new Date(body.endDate),
registrationDeadline: body.registrationDeadline
? new Date(body.registrationDeadline)
: null,
};
// Ensure slug is not included in eventData (let the model generate it)
delete eventData.slug;
// Handle ticket data
if (body.tickets) {
eventData.tickets = {
enabled: body.tickets.enabled || false,
public: {
available: body.tickets.public?.available || false,
name: body.tickets.public?.name || "Public Ticket",
description: body.tickets.public?.description || "",
price: body.tickets.public?.price || 0,
quantity: body.tickets.public?.quantity || null,
sold: 0, // Initialize sold count
earlyBirdPrice: body.tickets.public?.earlyBirdPrice || null,
earlyBirdDeadline: body.tickets.public?.earlyBirdDeadline
? new Date(body.tickets.public.earlyBirdDeadline)
: null,
},
};
}
const newEvent = new Event(eventData);
const savedEvent = await newEvent.save();
return savedEvent;
} catch (error) {
if (error.statusCode) throw error;
console.error("Error creating event:", error);
throw createError({
statusCode: 500,
statusMessage: error.message || "Failed to create event",
});
}
});
Reference in a new issue View git blame Copy permalink