Root Cause:
- FastAPI cannot use same parameter name in endpoint and dependency
- Query param 'token' conflicted between endpoint and require_auth_flexible
- FastAPI cached dependency signatures at startup
Solution:
- Renamed to 'ssetoken' in require_auth_flexible (backend/auth.py)
- Updated frontend to use ssetoken (frontend/src/utils/api.js)
- Removed debug logging
- Added test endpoint /test-ssetoken
Testing:
✅ Header auth: X-Auth-Token works
✅ Query auth: ?ssetoken=XXX works
✅ SSE streaming: Ready for testing
Note: Required full rebuild, not just restart
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Root Cause Analysis:
- FastAPI cannot distinguish between endpoint Query params and Dependency Query params
- When endpoint has Query(...), dependency Query(default=None, name='token') is ignored
- Token went to endpoint, not to require_auth_flexible
Solution:
- Renamed internal parameter to auth_token with alias='token'
- Now FastAPI correctly routes ?token=XXX to the dependency
- Uses Query(default=None, alias='token') to maintain API compatibility
Testing:
- Header auth: Works (X-Auth-Token)
- Query auth: Now works (?token=XXX)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Behebt IndentationError in Zeile 204 der _check_impl() Funktion.
Die Funktion wurde beim Connection-Pool-Fix erstellt, hatte aber
inkonsistente Einrückungen (8 statt 4 Spaces nach der ersten Zeile).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Reverts all feature enforcement changes (commits 3745ebd, cbad50a, cd4d912, 8415509)
to restore original working functionality.
Issues caused by feature enforcement implementation:
- Export buttons disappeared and never reappeared
- KI analysis counter not incrementing
- New analyses not saving
- Pipeline appearing twice
- Many core features broken
Restored files to working state before enforcement implementation (commit 0210844):
- Backend: auth.py, insights.py, exportdata.py, importdata.py, nutrition.py, activity.py
- Frontend: Analysis.jsx, SettingsPage.jsx, api.js
- Removed: FeatureGate.jsx, useFeatureAccess.js
The original simple AI limit system (ai_enabled, ai_limit_day) is now active again.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Critical bug: usage limits were never resetting after first month because
reset_at timestamp was not updated during ON CONFLICT UPDATE.
This caused users to stay permanently blocked after reaching monthly limit once.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
