From 2fefdd16c9eca0603e9199149cb8034bc77bdd79 Mon Sep 17 00:00:00 2001
From: Sicherhaven <admin@bshtech.net>
Date: Mon, 6 Apr 2026 19:45:46 +0530
Subject: [PATCH] =?UTF-8?q?docs:=20changelog=20v1.8.1=20=E2=80=94=20Featur?=
 =?UTF-8?q?edEventsAPI=20token=20gate=20fix?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 32e8358..62f6dc2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,27 @@ Format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), version
 
 ---
 
+## [1.8.1] — 2026-04-06
+
+### Fixed
+- **`FeaturedEventsAPI` now works without authentication** — `POST /api/events/featured-events/` had `AllowAny` permission but still called `validate_token_and_get_user()`, causing the endpoint to return HTTP 200 + `{"status":"error","message":"token and username required"}` for unauthenticated requests (e.g. the desktop hero slider)
+  - Removed the `validate_token_and_get_user()` call entirely — the endpoint is public by design and requires no token
+  - Also tightened the queryset to `event_status='published'` (was `is_featured=True` only) to match `ConsumerFeaturedEventsView` behaviour and avoid returning draft/cancelled events
+  - Root cause: host Nginx routes `/api/` → `eventify-backend` container (port 3001), not `eventify-django` (port 8085); the `validate_token_and_get_user` gate in this container was silently blocking all hero slider requests
+
+---
+
+## [1.8.0] — 2026-04-04
+
+### Added
+- **`BulkUserPublicInfoView`** (`POST /api/user/bulk-public-info/`)
+  - Internal endpoint for the Node.js gamification server to resolve user details
+  - Accepts `{ emails: [...] }` (max 500), returns `{ users: { email: { display_name, district, eventify_id } } }`
+  - Used for leaderboard data bridge (syncing user names/districts into gamification DB)
+  - CSRF-exempt, returns only public-safe fields (no passwords, tokens, or sensitive PII)
+
+---
+
 ## [1.7.0] — 2026-04-04
 
 ### Added