From d13e7cda2612efbcb47476624e5a75bbb2a0d677 Mon Sep 17 00:00:00 2001
From: Lars <Lars@stommer.de>
Date: Sat, 18 Apr 2026 07:24:49 +0200
Subject: [PATCH] fix: execute-stream nutzt require_auth_flexible
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Backend:
- Ersetzt manuelle Token-Validierung durch Depends(require_auth_flexible)
- Nutzt get_session() mit expires_at Check + profiles JOIN
- Token-Parameter nicht mehr nötig (require_auth_flexible holt ihn)

Root Cause (Live-Logs):
- Request kam an mit Token: 401 Unauthorized
- Manuelle Auth: SELECT profile_id FROM sessions WHERE token = %s
- Fehlte: expires_at Check + profiles JOIN
- require_auth_flexible nutzt vollständige get_session() Logik

Fixes:
- "Connection to server lost" - Token-Validierung funktioniert jetzt

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 backend/routers/prompts.py | 18 ++++--------------
 1 file changed, 4 insertions(+), 14 deletions(-)

diff --git a/backend/routers/prompts.py b/backend/routers/prompts.py
index 864e6c7..5571324 100644
--- a/backend/routers/prompts.py
+++ b/backend/routers/prompts.py
@@ -12,7 +12,7 @@ from fastapi import APIRouter, Depends, HTTPException, Query, Header
 from fastapi.responses import StreamingResponse
 
 from db import get_db, get_cursor, r2d
-from auth import require_auth, require_admin
+from auth import require_auth, require_admin, require_auth_flexible
 from models import (
     PromptCreate, PromptUpdate, PromptGenerateRequest,
     PipelineConfigCreate, PipelineConfigUpdate
@@ -1448,9 +1448,9 @@ from models import UnifiedPromptCreate, UnifiedPromptUpdate
 @router.get("/execute-stream")
 async def execute_unified_prompt_stream(
     prompt_slug: str = Query(..., description="Slug of prompt to execute"),
-    token: Optional[str] = Query(None, description="Auth token (temporary solution for SSE)"),
     debug: bool = Query(False, description="Include debug information (node_states, etc.)"),
-    save: bool = Query(False, description="Save result to ai_insights")
+    save: bool = Query(False, description="Save result to ai_insights"),
+    session: dict = Depends(require_auth_flexible)
 ):
     """
     Execute a unified prompt with Server-Sent Events (SSE) streaming.
@@ -1463,17 +1463,7 @@ async def execute_unified_prompt_stream(
 
     Use this endpoint for long-running workflows (>30s) to avoid gateway timeouts.
     """
-    # Manual auth: verify token and get profile_id
-    if not token:
-        raise HTTPException(401, "Missing auth token")
-
-    with get_db() as conn:
-        cur = get_cursor(conn)
-        cur.execute("SELECT profile_id FROM sessions WHERE token = %s", (token,))
-        row = cur.fetchone()
-        if not row:
-            raise HTTPException(401, "Invalid or expired token")
-        profile_id = row['profile_id']
+    profile_id = session['profile_id']
 
     # Use default modules/timeframes (SSE doesn't support complex params)
     modules = {