diff --git a/app/controllers/api/v1/orders_controller.rb b/app/controllers/api/v1/orders_controller.rb index 171d52d..5ebd30a 100644 --- a/app/controllers/api/v1/orders_controller.rb +++ b/app/controllers/api/v1/orders_controller.rb @@ -8,6 +8,9 @@ module Api before_action :set_order, only: [ :show, :checkout, :retry_payment, :increment_payment_attempt ] before_action :set_event, only: [ :new, :create ] + # Skip API key authentication for increment_payment_attempt action (used by frontend forms) + skip_before_action :authenticate_api_key, only: [ :increment_payment_attempt ] + # GET /api/v1/orders/new # Returns data needed for new order form def new diff --git a/app/views/orders/checkout.html.erb b/app/views/orders/checkout.html.erb index 9271821..4b2b16b 100644 --- a/app/views/orders/checkout.html.erb +++ b/app/views/orders/checkout.html.erb @@ -200,10 +200,9 @@ try { // Increment payment attempt counter console.log('Incrementing payment attempt for order:', '<%= @order.id %>'); - const response = await fetch('<%= increment_payment_attempt_order_path(@order) %>', { - method: 'POST', + const response = await fetch('/api/v1/orders/<%= @order.id %>/increment_payment_attempt', { + method: 'PATCH', headers: { - 'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content'), 'Content-Type': 'application/json' } }); diff --git a/config/routes.rb b/config/routes.rb index 1c30bf5..fb4ac14 100755 --- a/config/routes.rb +++ b/config/routes.rb @@ -97,6 +97,14 @@ Rails.application.routes.draw do post :store_cart end end + + # RESTful routes for order management + resources :orders, only: [] do + member do + patch :increment_payment_attempt + end + end + # resources :ticket_types, only: [ :index, :show, :create, :update, :destroy ] end end