From d7dbe7fee362d587dfc334135d9581b6216a4295 Mon Sep 17 00:00:00 2001
From: Jake Vanderwerf <get@jakevanderwerf.ca>
Date: Sun, 23 Nov 2025 04:13:56 +0000
Subject: [PATCH] =Timeline block, and feed block updated. DataStore.js refactored to not block rendering

---
 inc/rest/routes/MagicLinkRoutes.php |   22 ++++++++++++++++------
 1 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/inc/rest/routes/MagicLinkRoutes.php b/inc/rest/routes/MagicLinkRoutes.php
index fc12edc..a422c6f 100644
--- a/inc/rest/routes/MagicLinkRoutes.php
+++ b/inc/rest/routes/MagicLinkRoutes.php
@@ -104,8 +104,14 @@
 	 */
 	public function sendMagicLink(WP_REST_Request $request): WP_REST_Response
 	{
+		$data = $request->get_json_params();
+
+		// Verify Turnstile
+		if (!$this->verifyTurnstile($data['cf-turnstile-response'] ?? '')) {
+			return $this->error('Security verification failed', 'turnstile_failed', 403);
+		}
 		$email = sanitize_email($request->get_param('email')??$request->get_param('user_email')??'');
-		$type = sanitize_text_field($request->get_param('type'));
+		$type = sanitize_text_field($request->get_param('type')) ?? MagicLinkManager::TYPE_LOGIN;
 		$context = $request->get_param('context') ?? [];
 
 		error_log('SendMagicLink request: '.print_r($email, true));
@@ -122,12 +128,16 @@
 
 		// Check if email exists
 		$exists = email_exists($email);
-		if (!$exists) {
-
+		if ($type === MagicLinkManager::TYPE_LOGIN && !$exists) {
 			return new WP_REST_Response([
-				'success' => false,
-				'message' => 'User account not found'
-			], 400);
+				'success' => true,
+				'message' => 'Invalid email address'
+			]);
+		}
+
+		if ($type === MagicLinkManager::TYPE_SIGNUP && $exists) {
+			// Redirect to login instead
+			$type = MagicLinkManager::TYPE_LOGIN;
 		}
 
 		// Send the magic link

--
Gitblit v1.10.0