From ec85d5f5f6a1bb6f1d948fe6e564a9a8ebd66bba Mon Sep 17 00:00:00 2001
From: Lars <Lars@stommer.de>
Date: Sat, 18 Apr 2026 07:13:47 +0200
Subject: [PATCH] fix: Token-Abfrage in executeUnifiedPromptStream
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Frontend:
- api.js Zeile 487: localStorage.getItem('token') → getToken()
- Token heißt 'bodytrack_token', nicht 'token'
- SSE-Requests bekamen undefined token → 401 Unauthorized

Root Cause:
- Admin verwendet executeUnifiedPrompt (normaler Request mit Header-Auth)
- Analyse verwendet executeUnifiedPromptStream (SSE mit Token im URL)
- SSE bekam keinen Token wegen falschem localStorage key

Fixes:
- "Connection to server lost" in Analyse-Seite

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 frontend/src/utils/api.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/src/utils/api.js b/frontend/src/utils/api.js
index 9a1589e..5ab3c7a 100644
--- a/frontend/src/utils/api.js
+++ b/frontend/src/utils/api.js
@@ -484,7 +484,7 @@ export const api = {
 
     // TODO: Security improvement - use session cookie instead of token in URL
     // For now, send token as query param since EventSource doesn't support custom headers
-    const token = localStorage.getItem('token')
+    const token = getToken()
     if (token) params.append('token', token)
 
     if (modules) {