jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
344 commits 9 branches 0 tags 28 MiB
Find a file
Jennie Robinson Faber f34b062f2a fix(events): enforce series-pass, hidden, and deadline gates 
Pre-launch P0 fixes surfaced by docs/specs/events-functional-test-matrix.md
(Findings 1, 2, 3).

1. Series-pass bypass (Finding 1 / matrix S1 P3): register.post.js now
   loads the linked Series when tickets.requiresSeriesTicket is set and
   rejects drop-in registration unless series.allowIndividualEventTickets
   is true or the user has a valid pass. Data-integrity 500 if the
   referenced series is missing.

2. Hidden-event leak (Finding 2 / matrix E11): extract loadPublicEvent
   into server/utils/loadEvent.js. All five public event endpoints
   ([id].get, register, tickets/available, tickets/reserve,
   tickets/purchase) now go through the helper, which 404s when
   isVisible === false and the requester is not an admin. Admin detection
   uses a new non-throwing getOptionalMember() in server/utils/auth.js
   (extracted from the pattern already inlined in api/auth/status.get.js).

3. Deadline enforcement + legacy pricing retirement (Finding 3 / matrix
   E8): register.post.js and tickets/reserve.post.js delegate gating to
   validateTicketPurchase (which already covers deadline, cancelled,
   started, members-only, sold-out, and already-registered);
   tickets/available.get.js gets an explicit registrationDeadline check.
   Legacy pricing.paymentRequired 402 branch removed from register.post.js.
2026-04-20 19:03:34 +01:00
.claude Readying for design 2026-03-04 18:24:20 +00:00
.forgejo/workflows Huge bunch of UI/UX improvements and tweaks! 2026-04-06 16:17:12 +01:00
.husky feat: add testing infrastructure — Vitest, Playwright, CI, git hooks 2026-04-04 16:07:21 +01:00
.serena fix: use private helcimApiToken for all server-side Helcim API calls 2026-04-04 13:37:34 +01:00
app feat(emails): warmer copy across invite, welcome, and event emails 2026-04-20 13:48:38 +01:00
assets/css Redesign interface across member dashboard and events pages 2025-10-09 16:25:57 +01:00
docs docs(launch): mark receipts Phase 1 complete, add branch-merge checkbox 2026-04-20 13:51:20 +01:00
e2e Copy and layout improvements. 2026-04-16 21:11:05 +01:00
plugins Enhance application structure: Add runtime configuration for environment variables, integrate new dependencies for Cloudinary and UI components, and refactor member management features including improved forms and member dashboard. Update styles and layout for better user experience. 2025-08-27 16:49:51 +01:00
public feat: cleanup deprecated components and background texture 2026-04-02 21:38:50 +01:00
scripts feat(payments): add reconcile-helcim-payments script for backfill + ongoing sync 2026-04-20 13:21:56 +01:00
server fix(events): enforce series-pass, hidden, and deadline gates 2026-04-20 19:03:34 +01:00
tests fix(events): enforce series-pass, hidden, and deadline gates 2026-04-20 19:03:34 +01:00
.cursorignore Updates! 2026-03-31 18:18:24 +01:00
.cursorindexingignore Updates! 2026-03-31 18:18:24 +01:00
.dockerignore feat: add .dockerignore and document BASE_URL in .env.example 2026-04-04 12:41:00 +01:00
.env.example feat(helcim): add cadence-keyed plan id runtime config 2026-04-18 17:10:50 +01:00
.gitignore feat(scripts): helcim plan consolidation migration (dry-run default) 2026-04-18 18:12:43 +01:00
debug-token.js Implement multi-step registration process: Add step indicators, error handling, and payment processing for membership registration. Enhance form validation and user feedback with success and error messages. Refactor state management for improved clarity and maintainability. 2025-09-03 14:47:13 +01:00
Dockerfile fix: multi-stage Dockerfile and guard husky for Docker builds 2026-04-04 16:44:55 +01:00
eslint.config.mjs Initial commit 2025-08-26 14:17:16 +01:00
nuxt.config.ts feat(helcim): add cadence-keyed plan id runtime config 2026-04-18 17:10:50 +01:00
package-lock.json merge: worktree-a11y-fixes into main 2026-04-05 22:05:00 +01:00
package.json merge: worktree-a11y-fixes into main 2026-04-05 22:05:00 +01:00
playwright.config.js test(visual): allow playwright port override and rebaseline connections-mobile 2026-04-08 16:03:48 +01:00
slack-app-manifest.yaml Adding features 2025-10-05 16:15:09 +01:00
test-helcim-direct.js Implement multi-step registration process: Add step indicators, error handling, and payment processing for membership registration. Enhance form validation and user feedback with success and error messages. Refactor state management for improved clarity and maintainability. 2025-09-03 14:47:13 +01:00
TESTING.md feat: add testing infrastructure — Vitest, Playwright, CI, git hooks 2026-04-04 16:07:21 +01:00
tsconfig.json Initial commit 2025-08-26 14:17:16 +01:00
vitest.config.js Add Vitest security test suite and update security evaluation doc 2026-03-01 12:30:06 +00:00