refactor: extract cart storage to dedicated API controller with dynamic frontend URLs

- Added dedicated CartsController for session-based cart storage - Refactored routes to use POST /api/v1/carts/store - Updated ticket selection JS to use dynamic data attributes for URLs - Fixed CSRF protection in API and checkout payment increment - Made checkout button URLs dynamic via data attributes - Updated tests for new cart storage endpoint - Removed obsolete store_cart from EventsController
2025-09-15 19:52:01 +02:00
parent 4cde466f9a
commit d6184b6c84
8 changed files with 63 additions and 33 deletions
--- a/app/javascript/controllers/ticket_selection_controller.js
+++ b/app/javascript/controllers/ticket_selection_controller.js
@@ -10,7 +10,7 @@ export default class extends Controller {
    "checkoutButton",
    "form",
  ];
-  static values = { eventSlug: String, eventId: String };
+  static values = { eventSlug: String, eventId: String, orderNewUrl: String, storeCartUrl: String };

  // Initialize the controller and update the cart summary
  connect() {
@@ -117,9 +117,9 @@ export default class extends Controller {
      // Store cart data in session
      await this.storeCartInSession(cartData);

-      // Redirect to event-scoped orders/new page
-      const OrderNewUrl = `/orders/new/events/${this.eventSlugValue}.${this.eventIdValue}`;
-      window.location.href = OrderNewUrl;
+  // Redirect to event-scoped orders/new page
+  const orderNewUrl = this.orderNewUrlValue;
+  window.location.href = orderNewUrl;
    } catch (error) {
      console.error("Error storing cart:", error);
      alert("Une erreur est survenue. Veuillez réessayer.");
@@ -145,7 +145,7 @@ export default class extends Controller {

  // Store cart data in session via AJAX
  async storeCartInSession(cartData) {
-    const storeCartUrl = `/api/v1/events/${this.eventIdValue}/store_cart`;
+    const storeCartUrl = this.storeCartUrlValue;

    const response = await fetch(storeCartUrl, {
      method: "POST",
@@ -155,7 +155,7 @@ export default class extends Controller {
          .querySelector('meta[name="csrf-token"]')
          .getAttribute("content"),
      },
-      body: JSON.stringify({ cart: cartData }),
+      body: JSON.stringify({ cart: cartData, event_id: this.eventIdValue }),
    });

    if (!response.ok) {