From 58aada3d572747e2363449cfc5f920b3f07992f0 Mon Sep 17 00:00:00 2001
From: Chandini <chandini.pachigunta@tech4biz.org>
Date: Wed, 10 Sep 2025 07:57:43 +0530
Subject: [PATCH] backend changes

---
 services/api-gateway/src/server.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/services/api-gateway/src/server.js b/services/api-gateway/src/server.js
index 7f64eeb..bcf2f14 100644
--- a/services/api-gateway/src/server.js
+++ b/services/api-gateway/src/server.js
@@ -222,9 +222,16 @@ app.use('/api/templates',
   createServiceLimiter(200),
   // Conditionally require auth: allow public GETs, require token for write ops
   (req, res, next) => {
+    // Allow unauthenticated read operations
     if (req.method === 'GET') {
       return next();
     }
+    // Allow unauthenticated POST to create a template at the root endpoint
+    // Mounted path is /api/templates, so req.path === '/' for the root
+    if (req.method === 'POST' && (req.path === '/' || req.originalUrl === '/api/templates')) {
+      return next();
+    }
+    // For other write operations, require authentication and forward user context
     return authMiddleware.verifyToken(req, res, () => authMiddleware.forwardUserContext(req, res, next));
   },
   (req, res, next) => {