Abuse / identity limits on free ticket claims #29

New issue

Open

opened 2026-06-20 06:57:44 +00:00 by padreug · 0 comments

padreug commented

2026-06-20 06:57:44 +00:00

Owner

Follow-up from the free-ticket work.

Free tickets remove the Lightning-payment barrier that currently rate-limits ticket issuance implicitly. Without it, one user (or one script) can claim arbitrarily many seats and exhaust a free event's capacity.

Shape

Require an identity on free claims: user_id or nostr_identifier (don't allow fully anonymous free issuance).
Optional per-event cap: one (or N) ticket(s) per identity per event, configurable by the organizer.
Enforce at api_ticket_create for the free path (and ideally the paid path too, as a general cap).

The caps must apply to any ticket that takes the free path — i.e. a 100%-off promo on an otherwise-paid event (which #31 routes through the same no-invoice issuance), not only events with price_per_ticket == 0. Otherwise a comp code becomes an uncapped free-mint on a paying event. Pairs with #32 (promo redemption limits) — that bounds redemptions per code, this bounds claims per identity; both are needed.

Note also: comped/free tickets increment sold and count toward min_tickets, so they can push a conditional event over its threshold without real revenue and suppress the min-not-met refund to genuine payers — worth deciding whether free/comped seats should count toward min_tickets at all.

Notes

Pairs with the forfeit issue (#28): a per-identity cap is only meaningful if a forfeited/released seat also frees the identity's slot.
Depends on the free-ticket issuance landing first.

Follow-up from the free-ticket work. Free tickets remove the Lightning-payment barrier that currently rate-limits ticket issuance implicitly. Without it, one user (or one script) can claim arbitrarily many seats and exhaust a free event's capacity. ## Shape - Require an identity on free claims: `user_id` or `nostr_identifier` (don't allow fully anonymous free issuance). - Optional per-event cap: one (or N) ticket(s) per identity per event, configurable by the organizer. - Enforce at `api_ticket_create` for the free path (and ideally the paid path too, as a general cap). ## Scope: covers promo-derived-free, not just free events The caps must apply to **any** ticket that takes the free path — i.e. a 100%-off promo on an otherwise-paid event (which #31 routes through the same no-invoice issuance), not only events with `price_per_ticket == 0`. Otherwise a comp code becomes an uncapped free-mint on a paying event. Pairs with #32 (promo redemption limits) — that bounds redemptions *per code*, this bounds claims *per identity*; both are needed. Note also: comped/free tickets increment `sold` and count toward `min_tickets`, so they can push a conditional event over its threshold without real revenue and suppress the min-not-met refund to genuine payers — worth deciding whether free/comped seats should count toward `min_tickets` at all. ## Notes - Pairs with the forfeit issue (#28): a per-identity cap is only meaningful if a forfeited/released seat also frees the identity's slot. - Depends on the free-ticket issuance landing first.

padreug referenced this issue from a commit

2026-06-20 07:04:06 +00:00

feat: issue free tickets without minting an invoice

padreug referenced this issue

2026-06-20 07:04:25 +00:00

feat: issue free tickets without minting an invoice #31

padreug referenced this issue

2026-06-20 08:58:59 +00:00

Promo codes need redemption limits (max_uses / single-use) #32