fix: use private helcimApiToken for all server-side Helcim API calls

server/api/events/[id]/register.post.js

@@ -76,8 +76,8 @@ export default defineEventHandler(async (event) => {
 
     // If event requires payment and user is not a member, redirect to payment flow
     if (
-      eventData.pricing.paymentRequired &&
-      !eventData.pricing.isFree &&
+      eventData.pricing?.paymentRequired &&
+      !eventData.pricing?.isFree &&
       !member
     ) {
       throw createError({
@@ -109,10 +109,13 @@ export default defineEventHandler(async (event) => {
       registeredAt: new Date(),
     };
 
-    eventData.registrations.push(registration);
-
-    // Save the updated event
-    await eventData.save();
+    // Use $push to avoid re-validating the whole document (e.g. legacy location formats)
+    const result = await Event.findByIdAndUpdate(
+      eventData._id,
+      { $push: { registrations: registration } },
+      { new: true, runValidators: false }
+    );
+    const newRegistration = result.registrations[result.registrations.length - 1];
 
     // Send confirmation email using Resend
     try {
@@ -125,8 +128,7 @@ export default defineEventHandler(async (event) => {
     return {
       success: true,
       message: "Successfully registered for the event",
-      registrationId:
-        eventData.registrations[eventData.registrations.length - 1]._id,
+      registrationId: newRegistration._id,
     };
   } catch (error) {
     console.error("Error registering for event:", error);