From 82f0fab1f5d832c68e9bb4f7286ea2fe4aaa3d15 Mon Sep 17 00:00:00 2001
From: kbe <kevin@kev1.net>
Date: Mon, 15 Sep 2025 17:15:49 +0200
Subject: [PATCH] Disable authentication for API

---
 BACKLOG.md                                  | 2 ++
 app/controllers/api/v1/orders_controller.rb | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/BACKLOG.md b/BACKLOG.md
index b18ad6d..abe8eab 100755
--- a/BACKLOG.md
+++ b/BACKLOG.md
@@ -43,6 +43,8 @@
 - [ ] feat: Fraud prevention and bot protection
 - [ ] feat: Social login options
 - [ ] feat: Event recommendations system
+- [ ] feat: Invitation link. As organizer or promoter, you can invite people
+
 
 ### Design & Infrastructure
 
diff --git a/app/controllers/api/v1/orders_controller.rb b/app/controllers/api/v1/orders_controller.rb
index 5ebd30a..c7494de 100644
--- a/app/controllers/api/v1/orders_controller.rb
+++ b/app/controllers/api/v1/orders_controller.rb
@@ -4,7 +4,9 @@
 module Api
   module V1
     class OrdersController < ApiController
-      before_action :authenticate_user!
+      # Skip API key authentication for store_cart action (used by frontend forms)
+      skip_before_action :authenticate_api_key, only: [ :store_cart ]
+
       before_action :set_order, only: [ :show, :checkout, :retry_payment, :increment_payment_attempt ]
       before_action :set_event, only: [ :new, :create ]