neuron-technologies/neuron-web
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'Deploy dev to stage — Stripe dedup + attestation bypass fix' (#137) from dev into stage
Stage — Build, push & deploy to marketing-stage / deploy-stage (push) Successful in 7m17s
Details

Browse Source
This commit was merged in pull request #137.
This commit is contained in:
Will Anderson
2026-05-12 19:23:54 +00:00
parent b5285ccb74 bb98f76179
commit 3c19f4cf73
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/main.el
+6 -3
View File
@@ -686,7 +686,7 @@ fn handle_request_inner(method: String, path: String, headers: Map, body: String
if !str_eq(pi_email, "") {
let pi_email_enc: String = str_replace(str_replace(pi_email, "@", "%40"), "+", "%2B")
let pi_search_url: String = "https://api.stripe.com/v1/customers/search?query=email%3A%22" + pi_email_enc + "%22&limit=1"
let pi_search: String = http_get_auth(pi_search_url, auth_header)
let pi_search: String = http_get_auth(pi_search_url, stripe_key)
let pi_cus_id = json_get_string(pi_search, "id")
if str_eq(pi_cus_id, "") {
let pi_name_enc: String = str_replace(pi_name, " ", "%20")
@@ -784,7 +784,7 @@ fn handle_request_inner(method: String, path: String, headers: Map, body: String
// 1. Search existing customers by email
let lc_search_url: String = "https://api.stripe.com/v1/customers/search?query=email%3A%22" + lc_email_enc + "%22&limit=1"
let lc_search: String = http_get_auth(lc_search_url, lc_auth)
let lc_search: String = http_get_auth(lc_search_url, stripe_key)
let lc_cus_id: String = json_get_string(lc_search, "id")
// 2. If none, create one. We always include supabase_user_id so the
@@ -1116,13 +1116,16 @@ fn handle_request_inner(method: String, path: String, headers: Map, body: String
}
let attest_name: String = json_get(body, "name")
let attest_email: String = json_get(body, "email")
let attest_plan: String = json_get(body, "plan")
let attest_ts: String = json_get(body, "timestamp")
let attest_text: String = json_get(body, "attestation")
let attest_ua: String = json_get(body, "user_agent")
if str_eq(attest_email, "") {
return "{\"error\":\"email required\"}"
}
// Founding membership now requires $199 Stripe payment the attestation
// form is a waitlist-only path. Server enforces this regardless of what
// the client submits as plan to prevent bypassing payment.
let attest_plan: String = "waitlist"
let n_safe: String = str_replace(str_replace(attest_name, "\\", "\\\\"), "\"", "\\\"")
let e_safe: String = str_replace(str_replace(attest_email, "\\", "\\\\"), "\"", "\\\"")
let t_safe: String = str_replace(str_replace(attest_text, "\\", "\\\\"), "\"", "\\\"")