backend changes

services/api-gateway/src/server.js

@@ -222,9 +222,16 @@ app.use('/api/templates',
   createServiceLimiter(200),
   // Conditionally require auth: allow public GETs, require token for write ops
   (req, res, next) => {
+    // Allow unauthenticated read operations
     if (req.method === 'GET') {
       return next();
     }
+    // Allow unauthenticated POST to create a template at the root endpoint
+    // Mounted path is /api/templates, so req.path === '/' for the root
+    if (req.method === 'POST' && (req.path === '/' || req.originalUrl === '/api/templates')) {
+      return next();
+    }
+    // For other write operations, require authentication and forward user context
     return authMiddleware.verifyToken(req, res, () => authMiddleware.forwardUserContext(req, res, next));
   },
   (req, res, next) => {