From e996213122445a1cde4b2db9518d6736813d718f Mon Sep 17 00:00:00 2001
From: Sag <guptazy@gmail.com>
Date: Thu, 2 May 2024 16:34:32 +0200
Subject: [PATCH] Moved POST /members/api/member behind alpha flag (#20124)

ref https://linear.app/tryghost/issue/SLO-78

- the `POST /members/api/member` endpoint is solely used by the alpha
feature `membersSpamPrevention` and should not be available otherwise
---
 ghost/core/core/server/web/members/app.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ghost/core/core/server/web/members/app.js b/ghost/core/core/server/web/members/app.js
index 723b361ab5..6cd24ff6d1 100644
--- a/ghost/core/core/server/web/members/app.js
+++ b/ghost/core/core/server/web/members/app.js
@@ -38,7 +38,11 @@ module.exports = function setupMembersApp() {
     // We don't want to add global bodyParser middleware as that interferes with stripe webhook requests on - `/webhooks`.
 
     // Double opt-in subscription handling
-    membersApp.post('/api/member', membersService.api.middleware.createMemberFromToken);
+    membersApp.post(
+        '/api/member',
+        labs.enabledMiddleware('membersSpamPrevention'),
+        membersService.api.middleware.createMemberFromToken
+    );
 
     // Manage newsletter subscription via unsubscribe link
     membersApp.get('/api/member/newsletters', middleware.getMemberNewsletters);