rene/transceiver-db
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add missing auth header to blog generate fetches

Browse Source 
Both generateBlog() and generateBlogManual() were calling
POST /api/blog/generate without an Authorization: Bearer header.
The requireAuth middleware correctly returned 401, which appeared
as 'Unauthorized — please log in' toast in the dashboard.

Fix: read loadToken() before each fetch and include the token in
the Authorization header. Also add r.status===401 guard to redirect
to login page when token expires, instead of showing error toast.
This commit is contained in:
Rene Fichtmueller 2026-04-18 08:03:39 +02:00
parent 6a33a17bca
commit f8a1d27e79
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
packages/dashboard/index.html
View File

@ -4645,17 +4645,18 @@ function copyLinkedInPost(id) {
function generateBlog(topic, speed) {
var body = { topic: topic };
if (speed) body.speed = speed;
var token = window.loadToken ? window.loadToken() : '';
fetch(API + '/api/blog/generate', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
headers: { 'Content-Type': 'application/json', 'Authorization': 'Bearer ' + token },
body: JSON.stringify(body)
}).then(function(r) { return r.json(); }).then(function(data) {
}).then(function(r) { if (r.status === 401) { handleAuthError(401); throw new Error('Unauthorized'); } return r.json(); }).then(function(data) {
if (data.success) {
showToast('⚙️ Generating…', data.draft.title + ' — pipeline running (~10 min)');
loadBlogDrafts();
pollBlogLlm(data.draft.id, 0);
} else showToast('Failed', data.error || 'Unknown error', true);
}).catch(function(err) { showToast('Network error', err.message, true); });
}).catch(function(err) { if (err.message !== 'Unauthorized') showToast('Network error', err.message, true); });
}
function toggleBlogReviewed(id, starEl) {
@ -4701,12 +4702,13 @@ function generateBlogManual() {
if (customTitle) body.custom_title = customTitle;
if (additionalContext) body.additional_context = additionalContext;
var token = window.loadToken ? window.loadToken() : '';
showToast('⚙️ Gestartet', (customTitle || 'Artikel') + ' — Pipeline läuft (~10 min)');
fetch(API + '/api/blog/generate', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
headers: { 'Content-Type': 'application/json', 'Authorization': 'Bearer ' + token },
body: JSON.stringify(body)
}).then(function(r) { return r.json(); }).then(function(data) {
}).then(function(r) { if (r.status === 401) { handleAuthError(401); throw new Error('Unauthorized'); } return r.json(); }).then(function(data) {
if (data.success) {
showToast('✓ Pipeline gestartet', data.draft.title + ' — wird in ~10 min fertig');
document.getElementById('blog-custom-title').value = '';
@ -4714,7 +4716,7 @@ function generateBlogManual() {
loadBlogDrafts();
pollBlogLlm(data.draft.id, 0);
} else showToast('Fehler', data.error || 'Unbekannter Fehler', true);
}).catch(function(err) { showToast('Netzwerkfehler', err.message, true); });
}).catch(function(err) { if (err.message !== 'Unauthorized') showToast('Netzwerkfehler', err.message, true); });
}
function pollBlogLlm(id, attempt) {