justin/new-site
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Validate allowed_emails on discount code lookup

Browse source 
The /api/v1/discount/:code endpoint now checks allowed_emails when
an email is provided. If the email isn't in the allowed list, returns
valid:false so the frontend doesn't show a fake discount. The promo
field is cleared and unlocked if validation fails.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
justin 2026-05-22 01:08:51 -05:00
parent 7bb08f3493
commit b81e102d39
2 changed files with 20 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
site/public/order/fcc-compliance/index.html
View file

@ -195,7 +195,7 @@ var entityBar=document.getElementById("pw-entity-bar");
var bundleTip=document.getElementById("pw-bundle-tip");
// Fetch promo code info from API if present
if(promoFromUrl){fetch(API+"/api/v1/discount/"+encodeURIComponent(promoFromUrl)).then(function(r){return r.json()}).then(function(d){if(d.valid){window._promoInfo=d;var cb=document.querySelector(".svc-cb:checked");if(cb)cb.dispatchEvent(new Event("change",{bubbles:true}));}}).catch(function(){});}
if(promoFromUrl){var discUrl=API+"/api/v1/discount/"+encodeURIComponent(promoFromUrl)+(emailFromUrl?"?email="+encodeURIComponent(emailFromUrl):"");fetch(discUrl).then(function(r){return r.json()}).then(function(d){if(d.valid){window._promoInfo=d;var cb=document.querySelector(".svc-cb:checked");if(cb)cb.dispatchEvent(new Event("change",{bubbles:true}));}else{window._promoInfo=null;promoFromUrl="";var pe=document.getElementById("pw-promo");if(pe){pe.value="";pe.readOnly=false;pe.style.background="";pe.style.borderColor="";}}}).catch(function(){});}
if(frn){
fetch(API+"/api/v1/fcc/lookup?frn="+frn+"&quick=1").then(function(r){return r.json()}).then(function(d){