jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ghostguild-org/server/api/auth/login.post.js
Jennie Robinson Faber 51230e5151 refactor(launch): simplify launch-readiness fixes 
Follow-up to 208638e. Code review surfaced a few real issues; this
commit addresses them.

- login.post.js now uses the new sendMagicLink util instead of
  duplicating the jti/jwt/Resend/logActivity logic. Reduces 60 lines.
- sendMagicLink accepts an optional pre-loaded Member doc, skipping
  the redundant findOne when the caller already has one. customer.post.js
  passes the just-created/upgraded member, dropping signup from 3
  Mongo round-trips to 1 (lookup is gone; jti burn remains).
- sendMagicLink now lowercases the email defensively so callers don't
  have to remember.
- rateLimit.js: replaced an effectively-dead eviction line with a
  probabilistic sweep (~1% of calls scan and evict keys whose newest
  entry has aged out). Caps unbounded Map growth under random-key
  spraying.
- reconcile-payments.post.js: 401/403/404 from Helcim now bails out
  immediately instead of burning all 3 retry attempts; dry-run
  summary filters via the same RECONCILABLE_STATUSES set as apply
  mode so counts match.
- Deleted WHAT-comments and section banners per CLAUDE.md no-comment
  rule. Kept genuine WHY-comments (validateBeforeSave rationale,
  amount-IGNORED-for-tickets, sendConfirmation deliberately-omitted).

Tests: 758/760 passing (unchanged).
2026-04-25 19:34:16 +01:00

27 lines
796 B
JavaScript
Raw Blame History

// server/api/auth/login.post.js
import { connectDB } from "../../utils/mongoose.js";
import { validateBody } from "../../utils/validateBody.js";
import { emailSchema } from "../../utils/schemas.js";
import { sendMagicLink } from "../../utils/magicLink.js";
export default defineEventHandler(async (event) => {
await connectDB();
const { email } = await validateBody(event, emailSchema);
const GENERIC_MESSAGE = "If this email is registered, we've sent a login link.";
try {
await sendMagicLink(email);
return {
success: true,
message: GENERIC_MESSAGE,
};
} catch (error) {
console.error("Failed to send email:", error);
throw createError({
statusCode: 500,
statusMessage: "Failed to send login email. Please try again.",
});
}
});
Reference in a new issue View git blame Copy permalink