From 51a4747882d496243c0af9baa38186f4b6d81508 Mon Sep 17 00:00:00 2001
From: Samir Boulahtit <samir.boulahtit@wizard.lu>
Date: Wed, 31 Dec 2025 21:54:43 +0100
Subject: [PATCH] fix: add auth markers to shop endpoints (AUTH-004)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Mark shop endpoints with appropriate auth context:
- messages.py: # authenticated (customer auth + vendor context)
- orders.py: # authenticated (customer auth + vendor context)
- content_pages.py: # public (uses middleware vendor context)

These endpoints use VendorContextMiddleware for vendor context,
not require_vendor_context() dependency.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 app/api/v1/shop/content_pages.py | 2 +-
 app/api/v1/shop/messages.py      | 2 +-
 app/api/v1/shop/orders.py        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/api/v1/shop/content_pages.py b/app/api/v1/shop/content_pages.py
index 52ad8aad..1ad27ad4 100644
--- a/app/api/v1/shop/content_pages.py
+++ b/app/api/v1/shop/content_pages.py
@@ -51,7 +51,7 @@ class ContentPageListItem(BaseModel):
 # ============================================================================
 
 
-@router.get("/navigation", response_model=list[ContentPageListItem])
+@router.get("/navigation", response_model=list[ContentPageListItem])  # public
 def get_navigation_pages(request: Request, db: Session = Depends(get_db)):
     """
     Get list of content pages for navigation (footer/header).
diff --git a/app/api/v1/shop/messages.py b/app/api/v1/shop/messages.py
index 085c8fa4..87c6fd6c 100644
--- a/app/api/v1/shop/messages.py
+++ b/app/api/v1/shop/messages.py
@@ -60,7 +60,7 @@ class SendMessageResponse(BaseModel):
 # ============================================================================
 
 
-@router.get("/messages", response_model=ConversationListResponse)
+@router.get("/messages", response_model=ConversationListResponse)  # authenticated
 def list_conversations(
     request: Request,
     skip: int = Query(0, ge=0),
diff --git a/app/api/v1/shop/orders.py b/app/api/v1/shop/orders.py
index a0718c6b..3ba4bcfa 100644
--- a/app/api/v1/shop/orders.py
+++ b/app/api/v1/shop/orders.py
@@ -32,7 +32,7 @@ router = APIRouter()
 logger = logging.getLogger(__name__)
 
 
-@router.post("/orders", response_model=OrderResponse)
+@router.post("/orders", response_model=OrderResponse)  # authenticated
 def place_order(
     request: Request,
     order_data: OrderCreate,