From 6cfdb2b1c0af822376d57cc49b525d5641dfdbac Mon Sep 17 00:00:00 2001
From: YurenHao0426 <blackhao0426@gmail.com>
Date: Fri, 13 Feb 2026 19:01:53 +0000
Subject: Add username fallback for API key resolution when JWT token expires

When the JWT token is expired or missing, endpoints could not resolve
user API keys and fell back to environment variables (which are unset).
Added resolve_user() helper that falls back to DB lookup by username
query param, and added ?user= to all frontend API calls as a belt-and-
suspenders approach alongside auth tokens.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 frontend/src/components/Sidebar.tsx | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'frontend/src/components')

diff --git a/frontend/src/components/Sidebar.tsx b/frontend/src/components/Sidebar.tsx
index f3a0679..13cf3e9 100644
--- a/frontend/src/components/Sidebar.tsx
+++ b/frontend/src/components/Sidebar.tsx
@@ -329,7 +329,7 @@ const Sidebar: React.FC<SidebarProps> = ({ isOpen, onToggle, onInteract }) => {
         : '';
 
     try {
-      const response = await fetch('/api/run_node_stream', {
+      const response = await fetch(`/api/run_node_stream?user=${encodeURIComponent(user?.username || 'test')}`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json', ...getAuthHeader() },
         body: JSON.stringify({
@@ -424,7 +424,7 @@ const Sidebar: React.FC<SidebarProps> = ({ isOpen, onToggle, onInteract }) => {
     setShowSummaryModal(false);
     
     try {
-      const res = await fetch('/api/summarize', {
+      const res = await fetch(`/api/summarize?user=${encodeURIComponent(user?.username || 'test')}`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json', ...getAuthHeader() },
         body: JSON.stringify({
@@ -450,7 +450,7 @@ const Sidebar: React.FC<SidebarProps> = ({ isOpen, onToggle, onInteract }) => {
   // Auto-generate title using gpt-5-nano
   const generateTitle = async (nodeId: string, userPrompt: string, response: string) => {
     try {
-      const res = await fetch('/api/generate_title', {
+      const res = await fetch(`/api/generate_title?user=${encodeURIComponent(user?.username || 'test')}`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json', ...getAuthHeader() },
         body: JSON.stringify({ user_prompt: userPrompt, response })
@@ -527,7 +527,7 @@ const Sidebar: React.FC<SidebarProps> = ({ isOpen, onToggle, onInteract }) => {
         const messages = computeMergedMessages(selectedNode.id, orderedSelectedIds, 'trace_order');
         const content = messages.map(m => `${m.role}: ${m.content}`).join('\n\n');
         
-        const res = await fetch('/api/summarize', {
+        const res = await fetch(`/api/summarize?user=${encodeURIComponent(user?.username || 'test')}`, {
           method: 'POST',
           headers: { 'Content-Type': 'application/json', ...getAuthHeader() },
           body: JSON.stringify({
@@ -1043,7 +1043,7 @@ const Sidebar: React.FC<SidebarProps> = ({ isOpen, onToggle, onInteract }) => {
       const scopes = [`${projectPath}/quick_chat_temp`];
 
       // Call LLM API with current messages as context
-      const response = await fetch('/api/run_node_stream', {
+      const response = await fetch(`/api/run_node_stream?user=${encodeURIComponent(user?.username || 'test')}`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json', ...getAuthHeader() },
         body: JSON.stringify({
-- 
cgit v1.2.3