From b5c75e650bb4e154d6f6a32742339958930dc51b Mon Sep 17 00:00:00 2001
From: "Rodrigo Rodriguez (Pragmatismo)" <me@rodrigorodriguez.com>
Date: Sat, 10 Jan 2026 14:00:43 -0300
Subject: [PATCH] fix(htmx): add Authorization header to all HTMX requests

- Include gb-access-token in Authorization header for all HTMX requests
- Add X-Session-ID header for session tracking
- Fix 401 errors on all HTMX-powered API calls
---
 ui/suite/js/htmx-app.js | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/ui/suite/js/htmx-app.js b/ui/suite/js/htmx-app.js
index 2221b02..e805fc2 100644
--- a/ui/suite/js/htmx-app.js
+++ b/ui/suite/js/htmx-app.js
@@ -21,11 +21,27 @@
     htmx.config.defaultSettleDelay = 100;
     htmx.config.timeout = 10000;
 
-    // Add CSRF token to all requests if available
+    // Add CSRF token and Authorization header to all requests
     document.body.addEventListener("htmx:configRequest", (event) => {
-      const token = localStorage.getItem("csrf_token");
-      if (token) {
-        event.detail.headers["X-CSRF-Token"] = token;
+      const csrfToken = localStorage.getItem("csrf_token");
+      if (csrfToken) {
+        event.detail.headers["X-CSRF-Token"] = csrfToken;
+      }
+
+      // Add Authorization header with access token
+      const accessToken =
+        localStorage.getItem("gb-access-token") ||
+        sessionStorage.getItem("gb-access-token");
+      if (accessToken) {
+        event.detail.headers["Authorization"] = `Bearer ${accessToken}`;
+      }
+
+      // Add session ID if available
+      const sessionId =
+        localStorage.getItem("gb-session-id") ||
+        sessionStorage.getItem("gb-session-id");
+      if (sessionId) {
+        event.detail.headers["X-Session-ID"] = sessionId;
       }
     });