[BUG] POST /api/cell/ allows unauthenticated cell creation

[aabhinavvvvvvv]

Describe the Bug

POST /api/cell/ has no authentication check. Any unauthenticated request with a valid user email can create a cell without being logged in.

• What happened? Sending a POST request to /api/cell/ with no Authorization header successfully reaches the cell creation logic.
• What was expected? The endpoint should return 401 Unauthorized immediately if no valid token is provided.

To Reproduce

1. Start the server
2. Run the following curl command (no token, no login):

curl -X POST http://localhost:3000/api/cell/ \
  -H "Content-Type: application/json" \
  -d '{"name":"test","location":"test","latitude":0,"longitude":0,"archive":false,"userEmail":"real@email.com"}'

3. Observe that the request is processed and a cell is created — no authentication required.

Expected Behavior

The endpoint should return 401 Unauthorized for any request missing a valid Authorization: Bearer <token> header.

Screenshots

{"message": "Successfully added cell", "id": 9, "name": "NEW CELL"}

bug1.mp4

Response above is returned with no auth token. A real user's email is all that is needed.

Environment

• OS: Windows
• Affected file: backend/api/resources/cell.py

Additional Context

Other endpoints like PUT /api/cell/<id> and DELETE /api/cell/<id> correctly use the @authenticate decorator. The POST handler is missing it. Adding @authenticate to the post() method should fix this.

If this Issue looks legit then I would like to work on it

[aabhinavvvvvvv]

@jmadden173 @aleclevy if this issue looks legit then I would like to work on it