fix(blog): add missing auth headers to submission modal API calls

Fixed 401 Unauthorized errors in blog validation/submission modal:
- Added Authorization Bearer token to /api/blog/admin/:id fetch (line 153)
- Added Authorization Bearer token to /api/submissions/by-blog-post/:id fetch (line 162)
- Added Authorization Bearer token to /api/submissions/:id/export fetch (line 818)

All admin API endpoints require authentication. The submission modal
was making unauthenticated requests, causing 401 errors when trying
to load article data or export submission packages.

The 404 error on by-blog-post is expected when no submission exists
for that blog post ID yet.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

public/admin/blog-curation.html

@@ -4,9 +4,9 @@
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <title>External Communications Manager | Tractatus Admin</title>
-  <link rel="stylesheet" href="/css/tailwind.css?v=0.1.0.1761262254119">
-  <link rel="stylesheet" href="/css/tractatus-theme.min.css?v=0.1.0.1761262254119">
-  <script defer src="/js/admin/auth-check.js?v=0.1.0.1761262254119"></script>
+  <link rel="stylesheet" href="/css/tailwind.css?v=">
+  <link rel="stylesheet" href="/css/tractatus-theme.min.css?v=">
+  <script defer src="/js/admin/auth-check.js?v="></script>
   <style>
     .content-type-card input[type="radio"]:checked + div {
       border-color: #3b82f6;
@@ -18,7 +18,7 @@
 
   <!-- Navigation -->
   <div id="admin-navbar" data-page-title="External Communications" data-page-icon="blog"></div>
-  <script src="/js/components/navbar-admin.js?v=0.1.0.1761262254119"></script>
+  <script src="/js/components/navbar-admin.js?v="></script>
 
   <!-- Main Content -->
   <div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-8">
@@ -413,10 +413,10 @@
   <!-- Modals -->
   <div id="modal-container"></div>
 
-  <script src="/js/admin/blog-curation.js?v=0.1.0.1761262254119"></script>
-  <script src="/js/admin/blog-curation-enhanced.js?v=0.1.0.1761262254119"></script>
-  <script src="/js/admin/blog-validation.js?v=0.1.0.1761262254119"></script>
-  <script src="/js/admin/submission-modal-enhanced.js?v=0.1.0.1761262254119"></script>
+  <script src="/js/admin/blog-curation.js?v="></script>
+  <script src="/js/admin/blog-curation-enhanced.js?v="></script>
+  <script src="/js/admin/blog-validation.js?v="></script>
+  <script src="/js/admin/submission-modal-enhanced.js?v="></script>
 
 </body>
 </html>

public/js/admin/submission-modal-enhanced.js

@@ -149,12 +149,21 @@ async function openManageSubmissionModal(articleId, submissionId) {
 
   // Load article and submission data
   try {
-    const response = await fetch(`/api/blog/admin/${articleId}`);
+    const token = localStorage.getItem('admin_token');
+    const response = await fetch(`/api/blog/admin/${articleId}`, {
+      headers: {
+        'Authorization': `Bearer ${token}`
+      }
+    });
     if (!response.ok) throw new Error('Failed to load article');
     currentArticle = await response.json();
 
     // Try to load existing submission
-    const submissionResponse = await fetch(`/api/submissions/by-blog-post/${articleId}`);
+    const submissionResponse = await fetch(`/api/submissions/by-blog-post/${articleId}`, {
+      headers: {
+        'Authorization': `Bearer ${token}`
+      }
+    });
     if (submissionResponse.ok) {
       currentSubmission = await submissionResponse.json();
     } else {
@@ -805,7 +814,12 @@ async function exportPackage(format) {
   }
 
   try {
-    const response = await fetch(`/api/submissions/${currentSubmission._id}/export?format=${format}`);
+    const token = localStorage.getItem('admin_token');
+    const response = await fetch(`/api/submissions/${currentSubmission._id}/export?format=${format}`, {
+      headers: {
+        'Authorization': `Bearer ${token}`
+      }
+    });
     if (!response.ok) throw new Error('Export failed');
 
     if (format === 'json') {