Fix account page SIGSEGV: el_img extern signature mismatch

account.el declared el_img with 1 arg (attrs only) while the runtime implementation and all other files use 3 args (src, alt, attrs). The arity mismatch caused the server to crash with signal 11 on every request — TCP probe passed (bind was fine) but first HTTP hit segfaulted.
Fix free plan checkout: use SetupIntent instead of $0 PaymentIntent
2026-05-13 12:19:43 -05:00 · 2026-05-13 12:12:10 -05:00
2 changed files with 16 additions and 13 deletions
@@ -13,7 +13,7 @@ extern fn el_script_inline(code: String) -> String
 extern fn el_nav(attrs: String, children: String) -> String
 extern fn el_div(attrs: String, children: String) -> String
 extern fn el_a(href: String, attrs: String, children: String) -> String
-extern fn el_img(attrs: String) -> String
+extern fn el_img(src: String, alt: String, attrs: String) -> String
 extern fn el_p(attrs: String, children: String) -> String
 extern fn el_h1(attrs: String, text: String) -> String
 extern fn el_button(attrs: String, label: String) -> String
@@ -520,7 +520,7 @@ fn account_css() -> String {
 }

 fn account_nav() -> String {
-    let logo_img: String = el_img("src=\"/assets/brand/neuron-wordmark-on-light.png\" srcset=\"/assets/brand/neuron-wordmark-on-light@2x.png 2x\" alt=\"Neuron\" height=\"28\"")
+    let logo_img: String = el_img("/assets/brand/neuron-wordmark-on-light.png", "Neuron", "srcset=\"/assets/brand/neuron-wordmark-on-light@2x.png 2x\" height=\"28\"")
    el_nav(
        "id=\"nav\"",
        el_div(
@@ -699,21 +699,24 @@ fn handle_request_inner(method: String, path: String, headers: Map, body: String
            }
        }

-        // Free tier: $0 PaymentIntent for age verification (18+ requirement).
-        // Verifies card is valid. No charge, no capture.
-        // Note: setup_future_usage cannot be used with amount=0.
+        // Free tier: SetupIntent for age verification (18+ requirement).
+        // Verifies card is valid and saves it. No charge, no capture.
+        // $0 PaymentIntents are rejected by Stripe; SetupIntent is the correct tool.
        if str_eq(plan, "free") {
-            let free_pi_body: String = "amount=0"
-                + "&currency=usd"
-                + "&payment_method_types[]=card"
+            let si_body: String = "automatic_payment_methods[enabled]=true"
+                + "&usage=off_session"
                + "&metadata[plan]=free"
                + "&metadata[purpose]=age_verification"
-            let free_pi_body = if !str_eq(pi_cus_id, "") { free_pi_body + "&customer=" + pi_cus_id } else { free_pi_body }
-            let free_pi_resp: String = http_post_form_auth(
-                "https://api.stripe.com/v1/payment_intents",
-                free_pi_body,
+            let si_body = if !str_eq(pi_cus_id, "") { si_body + "&customer=" + pi_cus_id } else { si_body }
+            let si_resp: String = http_post_form_auth(
+                "https://api.stripe.com/v1/setup_intents",
+                si_body,
                auth_header)
-            return free_pi_resp
+            if str_starts_with(si_resp, "{") {
+                let inner: String = str_slice(si_resp, 1, str_len(si_resp))
+                return "{\"setup_mode\":true,\"plan\":\"free\"," + inner
+            }
+            return si_resp
        }

        // Setup-mode path: save payment method, do not charge. Only valid