berrypod/lib/berrypod_web/controllers/order_lookup_controller.ex

defmodule BerrypodWeb.OrderLookupController do
  use BerrypodWeb, :controller

  alias Berrypod.Orders
  alias Berrypod.Orders.OrderNotifier

  @salt "order_lookup"
  @max_age 3_600

  @doc """
  Looks up orders by email and sends a verification link (no-JS fallback).
  """
  def lookup(conn, %{"email" => email}) when is_binary(email) and email != "" do
    orders = Orders.list_orders_by_email(email)

    if orders == [] do
      conn
      |> put_flash(
        :error,
        "No orders found for that address. Make sure you use the same email you checked out with."
      )
      |> redirect(to: R.contact())
    else
      token = generate_token(email)
      link = BerrypodWeb.Endpoint.url() <> ~p"/orders/verify/#{token}"
      OrderNotifier.deliver_order_lookup(email, link)

      conn
      |> put_flash(
        :info,
        "We've sent a link to your email address. It'll expire after an hour."
      )
      |> redirect(to: R.contact())
    end
  end

  def lookup(conn, _params) do
    conn
    |> put_flash(:error, "Please enter your email address.")
    |> redirect(to: R.contact())
  end

  def verify(conn, %{"token" => token}) do
    case Phoenix.Token.verify(BerrypodWeb.Endpoint, @salt, token, max_age: @max_age) do
      {:ok, email} ->
        conn
        |> put_session(:order_lookup_email, email)
        |> redirect(to: R.orders())

      {:error, :expired} ->
        conn
        |> put_flash(:error, "That link has expired. Please request a new one.")
        |> redirect(to: R.contact())

      {:error, _} ->
        conn
        |> put_flash(:error, "That link is invalid.")
        |> redirect(to: R.contact())
    end
  end

  @doc """
  Generates a signed, time-limited token for the given email address.
  """
  def generate_token(email) do
    Phoenix.Token.sign(BerrypodWeb.Endpoint, @salt, email)
  end
end
add order status lookup for customers Magic link flow on contact page: customer enters email, gets a time-limited signed link, clicks through to /orders showing all their paid orders and full detail pages with thumbnails and product links. - OrderLookupController generates/verifies Phoenix.Token signed links - Contact LiveView handles lookup_orders + reset_tracking events - Orders and OrderDetail LiveViews gated by session email - Order detail shows thumbnails, links to products still available - .themed-button gets base padding/font-weight so all usages are consistent - order-summary-card sticky scoped to .cart-grid (was leaking to orders list) - 27 new tests (1095 total) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-02-24 08:40:08 +00:00			`defmodule BerrypodWeb.OrderLookupController do`
			`use BerrypodWeb, :controller`

add no-JS fallback for contact page order tracking form Both order tracking forms now have action="/contact/lookup" so they POST to a new OrderLookupController.lookup action when JS is off. The controller mirrors the LiveView handler: checks for paid orders, sends the verification email, and redirects with a flash message. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-24 23:10:15 +00:00			`alias Berrypod.Orders`
			`alias Berrypod.Orders.OrderNotifier`

add order status lookup for customers Magic link flow on contact page: customer enters email, gets a time-limited signed link, clicks through to /orders showing all their paid orders and full detail pages with thumbnails and product links. - OrderLookupController generates/verifies Phoenix.Token signed links - Contact LiveView handles lookup_orders + reset_tracking events - Orders and OrderDetail LiveViews gated by session email - Order detail shows thumbnails, links to products still available - .themed-button gets base padding/font-weight so all usages are consistent - order-summary-card sticky scoped to .cart-grid (was leaking to orders list) - 27 new tests (1095 total) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-02-24 08:40:08 +00:00			`@salt "order_lookup"`
			`@max_age 3_600`

add no-JS fallback for contact page order tracking form Both order tracking forms now have action="/contact/lookup" so they POST to a new OrderLookupController.lookup action when JS is off. The controller mirrors the LiveView handler: checks for paid orders, sends the verification email, and redirects with a flash message. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-24 23:10:15 +00:00			`@doc """`
			`Looks up orders by email and sends a verification link (no-JS fallback).`
			`"""`
			`def lookup(conn, %{"email" => email}) when is_binary(email) and email != "" do`
			`orders = Orders.list_orders_by_email(email)`

			`if orders == [] do`
			`conn`
			`\|> put_flash(`
			`:error,`
			`"No orders found for that address. Make sure you use the same email you checked out with."`
			`)`
integrate R module and add url editor ui Replaces hardcoded paths with R module throughout: - Shop components: layout nav, cart, product links - Controllers: cart, checkout, contact, seo, order lookup - Shop pages: collection, product, search, checkout success, etc. - Site context: nav item url resolution Admin URL management: - Settings page: prefix editor with validation feedback - Page renderer: url_editor component for page URLs - CSS for url editor styling Test updates for cache isolation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-04-01 00:36:17 +01:00			`\|> redirect(to: R.contact())`
add no-JS fallback for contact page order tracking form Both order tracking forms now have action="/contact/lookup" so they POST to a new OrderLookupController.lookup action when JS is off. The controller mirrors the LiveView handler: checks for paid orders, sends the verification email, and redirects with a flash message. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-24 23:10:15 +00:00			`else`
			`token = generate_token(email)`
			`link = BerrypodWeb.Endpoint.url() <> ~p"/orders/verify/#{token}"`
			`OrderNotifier.deliver_order_lookup(email, link)`

			`conn`
			`\|> put_flash(`
			`:info,`
			`"We've sent a link to your email address. It'll expire after an hour."`
			`)`
integrate R module and add url editor ui Replaces hardcoded paths with R module throughout: - Shop components: layout nav, cart, product links - Controllers: cart, checkout, contact, seo, order lookup - Shop pages: collection, product, search, checkout success, etc. - Site context: nav item url resolution Admin URL management: - Settings page: prefix editor with validation feedback - Page renderer: url_editor component for page URLs - CSS for url editor styling Test updates for cache isolation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-04-01 00:36:17 +01:00			`\|> redirect(to: R.contact())`
add no-JS fallback for contact page order tracking form Both order tracking forms now have action="/contact/lookup" so they POST to a new OrderLookupController.lookup action when JS is off. The controller mirrors the LiveView handler: checks for paid orders, sends the verification email, and redirects with a flash message. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-24 23:10:15 +00:00			`end`
			`end`

			`def lookup(conn, _params) do`
			`conn`
			`\|> put_flash(:error, "Please enter your email address.")`
integrate R module and add url editor ui Replaces hardcoded paths with R module throughout: - Shop components: layout nav, cart, product links - Controllers: cart, checkout, contact, seo, order lookup - Shop pages: collection, product, search, checkout success, etc. - Site context: nav item url resolution Admin URL management: - Settings page: prefix editor with validation feedback - Page renderer: url_editor component for page URLs - CSS for url editor styling Test updates for cache isolation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-04-01 00:36:17 +01:00			`\|> redirect(to: R.contact())`
add no-JS fallback for contact page order tracking form Both order tracking forms now have action="/contact/lookup" so they POST to a new OrderLookupController.lookup action when JS is off. The controller mirrors the LiveView handler: checks for paid orders, sends the verification email, and redirects with a flash message. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-24 23:10:15 +00:00			`end`

add order status lookup for customers Magic link flow on contact page: customer enters email, gets a time-limited signed link, clicks through to /orders showing all their paid orders and full detail pages with thumbnails and product links. - OrderLookupController generates/verifies Phoenix.Token signed links - Contact LiveView handles lookup_orders + reset_tracking events - Orders and OrderDetail LiveViews gated by session email - Order detail shows thumbnails, links to products still available - .themed-button gets base padding/font-weight so all usages are consistent - order-summary-card sticky scoped to .cart-grid (was leaking to orders list) - 27 new tests (1095 total) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-02-24 08:40:08 +00:00			`def verify(conn, %{"token" => token}) do`
			`case Phoenix.Token.verify(BerrypodWeb.Endpoint, @salt, token, max_age: @max_age) do`
			`{:ok, email} ->`
			`conn`
			`\|> put_session(:order_lookup_email, email)`
integrate R module and add url editor ui Replaces hardcoded paths with R module throughout: - Shop components: layout nav, cart, product links - Controllers: cart, checkout, contact, seo, order lookup - Shop pages: collection, product, search, checkout success, etc. - Site context: nav item url resolution Admin URL management: - Settings page: prefix editor with validation feedback - Page renderer: url_editor component for page URLs - CSS for url editor styling Test updates for cache isolation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-04-01 00:36:17 +01:00			`\|> redirect(to: R.orders())`
add order status lookup for customers Magic link flow on contact page: customer enters email, gets a time-limited signed link, clicks through to /orders showing all their paid orders and full detail pages with thumbnails and product links. - OrderLookupController generates/verifies Phoenix.Token signed links - Contact LiveView handles lookup_orders + reset_tracking events - Orders and OrderDetail LiveViews gated by session email - Order detail shows thumbnails, links to products still available - .themed-button gets base padding/font-weight so all usages are consistent - order-summary-card sticky scoped to .cart-grid (was leaking to orders list) - 27 new tests (1095 total) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-02-24 08:40:08 +00:00
			`{:error, :expired} ->`
			`conn`
			`\|> put_flash(:error, "That link has expired. Please request a new one.")`
integrate R module and add url editor ui Replaces hardcoded paths with R module throughout: - Shop components: layout nav, cart, product links - Controllers: cart, checkout, contact, seo, order lookup - Shop pages: collection, product, search, checkout success, etc. - Site context: nav item url resolution Admin URL management: - Settings page: prefix editor with validation feedback - Page renderer: url_editor component for page URLs - CSS for url editor styling Test updates for cache isolation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-04-01 00:36:17 +01:00			`\|> redirect(to: R.contact())`
add order status lookup for customers Magic link flow on contact page: customer enters email, gets a time-limited signed link, clicks through to /orders showing all their paid orders and full detail pages with thumbnails and product links. - OrderLookupController generates/verifies Phoenix.Token signed links - Contact LiveView handles lookup_orders + reset_tracking events - Orders and OrderDetail LiveViews gated by session email - Order detail shows thumbnails, links to products still available - .themed-button gets base padding/font-weight so all usages are consistent - order-summary-card sticky scoped to .cart-grid (was leaking to orders list) - 27 new tests (1095 total) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-02-24 08:40:08 +00:00
			`{:error, _} ->`
			`conn`
			`\|> put_flash(:error, "That link is invalid.")`
integrate R module and add url editor ui Replaces hardcoded paths with R module throughout: - Shop components: layout nav, cart, product links - Controllers: cart, checkout, contact, seo, order lookup - Shop pages: collection, product, search, checkout success, etc. - Site context: nav item url resolution Admin URL management: - Settings page: prefix editor with validation feedback - Page renderer: url_editor component for page URLs - CSS for url editor styling Test updates for cache isolation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-04-01 00:36:17 +01:00			`\|> redirect(to: R.contact())`
add order status lookup for customers Magic link flow on contact page: customer enters email, gets a time-limited signed link, clicks through to /orders showing all their paid orders and full detail pages with thumbnails and product links. - OrderLookupController generates/verifies Phoenix.Token signed links - Contact LiveView handles lookup_orders + reset_tracking events - Orders and OrderDetail LiveViews gated by session email - Order detail shows thumbnails, links to products still available - .themed-button gets base padding/font-weight so all usages are consistent - order-summary-card sticky scoped to .cart-grid (was leaking to orders list) - 27 new tests (1095 total) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-02-24 08:40:08 +00:00			`end`
			`end`

			`@doc """`
			`Generates a signed, time-limited token for the given email address.`
			`"""`
			`def generate_token(email) do`
			`Phoenix.Token.sign(BerrypodWeb.Endpoint, @salt, email)`
			`end`
			`end`