From ad5aceeec542d248ccd7a6bdf6059e200d566961 Mon Sep 17 00:00:00 2001
From: TheFlow <theflow@sydigital.com>
Date: Mon, 27 Oct 2025 11:13:05 +1300
Subject: [PATCH] fix(bi): use correct auth token key for cost-config API calls
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixed authentication issue where loadCostConfig() and saveCostConfig()
were using wrong localStorage key 'tractatus_token' instead of
'admin_token' (accessed via getAuthToken()).

This caused "jwt malformed" 401 errors because:
- audit-logs endpoint: uses admin_token (works ✓)
- cost-config endpoint: was using tractatus_token (broken ✗)

Changed both functions to use getAuthToken() for consistency.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 public/js/admin/audit-analytics.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/public/js/admin/audit-analytics.js b/public/js/admin/audit-analytics.js
index 8781807d..8e31b9ae 100644
--- a/public/js/admin/audit-analytics.js
+++ b/public/js/admin/audit-analytics.js
@@ -903,7 +903,7 @@ function showError(message) {
 // Cost Configuration
 async function loadCostConfig() {
   try {
-    const token = localStorage.getItem('tractatus_token');
+    const token = getAuthToken();
     const response = await fetch('/api/admin/cost-config', {
       headers: { 'Authorization': `Bearer ${token}` }
     });
@@ -922,7 +922,7 @@ async function loadCostConfig() {
 
 async function saveCostConfig(costFactors) {
   try {
-    const token = localStorage.getItem('tractatus_token');
+    const token = getAuthToken();
     const response = await fetch('/api/admin/cost-config', {
       method: 'POST',
       headers: {