Complete shop API consolidation to /api/v1/shop/* with middleware-based vendor context

## API Migration (Complete)

### New Shop API Endpoints Created
- **Products API** (app/api/v1/shop/products.py)
  - GET /api/v1/shop/products - Product catalog with pagination/search/filters
  - GET /api/v1/shop/products/{id} - Product details

- **Cart API** (app/api/v1/shop/cart.py)
  - GET /api/v1/shop/cart/{session_id} - Get cart
  - POST /api/v1/shop/cart/{session_id}/items - Add to cart
  - PUT /api/v1/shop/cart/{session_id}/items/{product_id} - Update quantity
  - DELETE /api/v1/shop/cart/{session_id}/items/{product_id} - Remove item
  - DELETE /api/v1/shop/cart/{session_id} - Clear cart

- **Orders API** (app/api/v1/shop/orders.py)
  - POST /api/v1/shop/orders - Place order (authenticated)
  - GET /api/v1/shop/orders - Order history (authenticated)
  - GET /api/v1/shop/orders/{id} - Order details (authenticated)

- **Auth API** (app/api/v1/shop/auth.py)
  - POST /api/v1/shop/auth/register - Customer registration
  - POST /api/v1/shop/auth/login - Customer login (sets cookie at path=/shop)
  - POST /api/v1/shop/auth/logout - Customer logout
  - POST /api/v1/shop/auth/forgot-password - Password reset request
  - POST /api/v1/shop/auth/reset-password - Password reset

**Total: 18 new shop API endpoints**

### Middleware Enhancement
Updated VendorContextMiddleware (middleware/vendor_context.py):
- Added is_shop_api_request() to detect /api/v1/shop/* routes
- Added extract_vendor_from_referer() to extract vendor from Referer header
  - Supports path-based: /vendors/wizamart/shop/* → wizamart
  - Supports subdomain: wizamart.platform.com → wizamart
  - Supports custom domain: customshop.com → customshop.com
- Modified dispatch() to handle shop API specially (no longer skips)
- Vendor context now injected into request.state.vendor for shop API calls

### Frontend Migration (Complete)
Updated all shop templates to use new API endpoints:
- app/templates/shop/account/login.html - Updated login endpoint
- app/templates/shop/account/register.html - Updated register endpoint
- app/templates/shop/product.html - Updated 4 API calls (products, cart)
- app/templates/shop/cart.html - Updated 3 API calls (get, update, delete)
- app/templates/shop/products.html - Activated product loading from API

**Total: 9 API endpoint migrations across 5 templates**

### Old Endpoint Cleanup (Complete)
Removed deprecated /api/v1/public/vendors/* shop endpoints:
- Deleted app/api/v1/public/vendors/auth.py
- Deleted app/api/v1/public/vendors/products.py
- Deleted app/api/v1/public/vendors/cart.py
- Deleted app/api/v1/public/vendors/orders.py
- Deleted app/api/v1/public/vendors/payments.py (empty)
- Deleted app/api/v1/public/vendors/search.py (empty)
- Deleted app/api/v1/public/vendors/shop.py (empty)

Updated app/api/v1/public/__init__.py to only include vendor lookup endpoints:
- GET /api/v1/public/vendors/by-code/{code}
- GET /api/v1/public/vendors/by-subdomain/{subdomain}
- GET /api/v1/public/vendors/{id}/info

**Result: Only 3 truly public endpoints remain**

### Error Page Improvements
Updated all shop error templates to use base_url:
- app/templates/shop/errors/*.html (10 files)
- Updated error_renderer.py to calculate base_url from vendor context
- Links now work correctly for path-based, subdomain, and custom domain access

### CMS Route Handler
Added catch-all CMS route to app/routes/vendor_pages.py:
- Handles /{vendor_code}/{slug} for content pages
- Uses content_page_service for two-tier lookup (vendor override → platform default)

### Template Architecture Fix
Updated app/templates/shop/base.html:
- Changed x-data to use {% block alpine_data %} for component override
- Allows pages to specify custom Alpine.js components
- Enables page-specific state while extending shared shopLayoutData()

### Documentation (Complete)
Created comprehensive documentation:
- docs/api/shop-api-reference.md - Complete API reference with examples
- docs/architecture/API_CONSOLIDATION_PROPOSAL.md - Analysis of 3 options
- docs/architecture/API_MIGRATION_STATUS.md - Migration tracking (100% complete)
- Updated docs/api/index.md - Added Shop API section
- Updated docs/frontend/shop/architecture.md - New API structure and component pattern

## Benefits Achieved

### Cleaner URLs (~40% shorter)
Before: /api/v1/public/vendors/{vendor_id}/products
After:  /api/v1/shop/products

### Better Architecture
- Middleware-driven vendor context (no manual vendor_id passing)
- Proper separation of concerns (public vs shop vs vendor APIs)
- Consistent authentication pattern
- RESTful design

### Developer Experience
- No need to track vendor_id in frontend state
- Automatic vendor context from Referer header
- Simpler API calls
- Better documentation

## Testing
- Verified middleware extracts vendor from Referer correctly
- Tested all shop API endpoints with vendor context
- Confirmed products page loads and displays products
- Verified error pages show correct links
- No old API references remain in templates

Migration Status: ✅ 100% Complete (8/8 success criteria met)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

app/api/v1/shop/orders.py

@@ -0,0 +1,248 @@
+# app/api/v1/shop/orders.py
+"""
+Shop Orders API (Public)
+
+Public endpoints for managing customer orders in shop frontend.
+Uses vendor from request.state (injected by VendorContextMiddleware).
+Requires customer authentication for most operations.
+"""
+
+import logging
+from typing import Optional
+
+from fastapi import APIRouter, Depends, Path, Query, Request, HTTPException
+from sqlalchemy.orm import Session
+
+from app.core.database import get_db
+from app.api.deps import get_current_customer_api
+from app.services.order_service import order_service
+from app.services.customer_service import customer_service
+from models.schema.order import (
+    OrderCreate,
+    OrderResponse,
+    OrderDetailResponse,
+    OrderListResponse
+)
+from models.database.user import User
+from models.database.customer import Customer
+
+router = APIRouter()
+logger = logging.getLogger(__name__)
+
+
+def get_customer_from_user(
+    request: Request,
+    user: User,
+    db: Session
+) -> Customer:
+    """
+    Helper to get Customer record from authenticated User.
+
+    Args:
+        request: FastAPI request (to get vendor)
+        user: Authenticated user
+        db: Database session
+
+    Returns:
+        Customer record
+
+    Raises:
+        HTTPException: If customer not found or vendor mismatch
+    """
+    vendor = getattr(request.state, 'vendor', None)
+
+    if not vendor:
+        raise HTTPException(
+            status_code=404,
+            detail="Vendor not found. Please access via vendor domain/subdomain/path."
+        )
+
+    # Find customer record for this user and vendor
+    customer = customer_service.get_customer_by_user_id(
+        db=db,
+        vendor_id=vendor.id,
+        user_id=user.id
+    )
+
+    if not customer:
+        raise HTTPException(
+            status_code=404,
+            detail="Customer account not found for current vendor"
+        )
+
+    return customer
+
+
+@router.post("/orders", response_model=OrderResponse)
+def place_order(
+    request: Request,
+    order_data: OrderCreate,
+    current_user: User = Depends(get_current_customer_api),
+    db: Session = Depends(get_db),
+):
+    """
+    Place a new order for current vendor.
+
+    Vendor is automatically determined from request context.
+    Customer must be authenticated to place an order.
+    Creates an order from the customer's cart.
+
+    Request Body:
+    - Order data including shipping address, payment method, etc.
+    """
+    # Get vendor from middleware
+    vendor = getattr(request.state, 'vendor', None)
+
+    if not vendor:
+        raise HTTPException(
+            status_code=404,
+            detail="Vendor not found. Please access via vendor domain/subdomain/path."
+        )
+
+    # Get customer record
+    customer = get_customer_from_user(request, current_user, db)
+
+    logger.debug(
+        f"[SHOP_API] place_order for customer {customer.id}",
+        extra={
+            "vendor_id": vendor.id,
+            "vendor_code": vendor.subdomain,
+            "customer_id": customer.id,
+            "user_id": current_user.id,
+        }
+    )
+
+    # Create order
+    order = order_service.create_order(
+        db=db,
+        vendor_id=vendor.id,
+        order_data=order_data
+    )
+
+    logger.info(
+        f"Order {order.order_number} placed for vendor {vendor.subdomain}, "
+        f"total: €{order.total_amount:.2f}",
+        extra={
+            "order_id": order.id,
+            "order_number": order.order_number,
+            "customer_id": customer.id,
+            "total_amount": float(order.total_amount),
+        }
+    )
+
+    # TODO: Update customer stats
+    # TODO: Clear cart
+    # TODO: Send order confirmation email
+
+    return OrderResponse.model_validate(order)
+
+
+@router.get("/orders", response_model=OrderListResponse)
+def get_my_orders(
+    request: Request,
+    skip: int = Query(0, ge=0),
+    limit: int = Query(50, ge=1, le=100),
+    current_user: User = Depends(get_current_customer_api),
+    db: Session = Depends(get_db),
+):
+    """
+    Get order history for authenticated customer.
+
+    Vendor is automatically determined from request context.
+    Returns all orders placed by the authenticated customer.
+
+    Query Parameters:
+    - skip: Number of orders to skip (pagination)
+    - limit: Maximum number of orders to return
+    """
+    # Get vendor from middleware
+    vendor = getattr(request.state, 'vendor', None)
+
+    if not vendor:
+        raise HTTPException(
+            status_code=404,
+            detail="Vendor not found. Please access via vendor domain/subdomain/path."
+        )
+
+    # Get customer record
+    customer = get_customer_from_user(request, current_user, db)
+
+    logger.debug(
+        f"[SHOP_API] get_my_orders for customer {customer.id}",
+        extra={
+            "vendor_id": vendor.id,
+            "vendor_code": vendor.subdomain,
+            "customer_id": customer.id,
+            "skip": skip,
+            "limit": limit,
+        }
+    )
+
+    # Get orders
+    orders, total = order_service.get_customer_orders(
+        db=db,
+        vendor_id=vendor.id,
+        customer_id=customer.id,
+        skip=skip,
+        limit=limit
+    )
+
+    return OrderListResponse(
+        orders=[OrderResponse.model_validate(o) for o in orders],
+        total=total,
+        skip=skip,
+        limit=limit
+    )
+
+
+@router.get("/orders/{order_id}", response_model=OrderDetailResponse)
+def get_order_details(
+    request: Request,
+    order_id: int = Path(..., description="Order ID", gt=0),
+    current_user: User = Depends(get_current_customer_api),
+    db: Session = Depends(get_db),
+):
+    """
+    Get detailed order information for authenticated customer.
+
+    Vendor is automatically determined from request context.
+    Customer can only view their own orders.
+
+    Path Parameters:
+    - order_id: ID of the order to retrieve
+    """
+    # Get vendor from middleware
+    vendor = getattr(request.state, 'vendor', None)
+
+    if not vendor:
+        raise HTTPException(
+            status_code=404,
+            detail="Vendor not found. Please access via vendor domain/subdomain/path."
+        )
+
+    # Get customer record
+    customer = get_customer_from_user(request, current_user, db)
+
+    logger.debug(
+        f"[SHOP_API] get_order_details: order {order_id}",
+        extra={
+            "vendor_id": vendor.id,
+            "vendor_code": vendor.subdomain,
+            "customer_id": customer.id,
+            "order_id": order_id,
+        }
+    )
+
+    # Get order
+    order = order_service.get_order(
+        db=db,
+        vendor_id=vendor.id,
+        order_id=order_id
+    )
+
+    # Verify order belongs to customer
+    if order.customer_id != customer.id:
+        from app.exceptions import OrderNotFoundException
+        raise OrderNotFoundException(str(order_id))
+
+    return OrderDetailResponse.model_validate(order)