kbe/aperonight
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Move increment_payment_attempt to API namespace and update JavaScript

Browse Source 
- Add API route for increment_payment_attempt in config/routes.rb
- Update API OrdersController to handle increment_payment_attempt and skip API key authentication
- Update JavaScript code in checkout view to use API endpoint without CSRF tokens
- Remove CSRF token from API requests as it's not required for API endpoints
- Maintain backward compatibility by keeping original method in OrdersController
This commit is contained in:
kbe
2025-09-10 16:27:05 +02:00
parent 20ae3de7a3
commit 83e76f71bf
3 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/controllers/api/v1/orders_controller.rb
View File

@@ -8,6 +8,9 @@ module Api
before_action :set_order, only: [ :show, :checkout, :retry_payment, :increment_payment_attempt ] before_action :set_order, only: [ :show, :checkout, :retry_payment, :increment_payment_attempt ]
before_action :set_event, only: [ :new, :create ] before_action :set_event, only: [ :new, :create ]
# Skip API key authentication for increment_payment_attempt action (used by frontend forms)
skip_before_action :authenticate_api_key, only: [ :increment_payment_attempt ]
# GET /api/v1/orders/new # GET /api/v1/orders/new
# Returns data needed for new order form # Returns data needed for new order form
def new def new

5
app/views/orders/checkout.html.erb
View File

@@ -200,10 +200,9 @@
try { try {
// Increment payment attempt counter // Increment payment attempt counter
console.log('Incrementing payment attempt for order:', '<%= @order.id %>'); console.log('Incrementing payment attempt for order:', '<%= @order.id %>');
const response = await fetch('<%= increment_payment_attempt_order_path(@order) %>', { const response = await fetch('/api/v1/orders/<%= @order.id %>/increment_payment_attempt', {
method: 'POST', method: 'PATCH',
headers: { headers: {
'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content'),
'Content-Type': 'application/json' 'Content-Type': 'application/json'
} }
}); });

8
config/routes.rb
View File

@@ -97,6 +97,14 @@ Rails.application.routes.draw do
post :store_cart post :store_cart
end end
end end
# RESTful routes for order management
resources :orders, only: [] do
member do
patch :increment_payment_attempt
end
end
# resources :ticket_types, only: [ :index, :show, :create, :update, :destroy ] # resources :ticket_types, only: [ :index, :show, :create, :update, :destroy ]
end end
end end