From f8758fd95b821ebf4a548a93b9ce80826e7c2044 Mon Sep 17 00:00:00 2001
From: TheFlow <theflow@sydigital.com>
Date: Fri, 24 Oct 2025 13:00:11 +1300
Subject: [PATCH] fix(blog): add missing auth headers to submission modal API
 calls
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixed 401 Unauthorized errors in blog validation/submission modal:
- Added Authorization Bearer token to /api/blog/admin/:id fetch (line 153)
- Added Authorization Bearer token to /api/submissions/by-blog-post/:id fetch (line 162)
- Added Authorization Bearer token to /api/submissions/:id/export fetch (line 818)

All admin API endpoints require authentication. The submission modal
was making unauthenticated requests, causing 401 errors when trying
to load article data or export submission packages.

The 404 error on by-blog-post is expected when no submission exists
for that blog post ID yet.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 public/admin/blog-curation.html              | 16 ++++++++--------
 public/js/admin/submission-modal-enhanced.js | 20 +++++++++++++++++---
 2 files changed, 25 insertions(+), 11 deletions(-)

diff --git a/public/admin/blog-curation.html b/public/admin/blog-curation.html
index ef0038fc..0345d6ab 100644
--- a/public/admin/blog-curation.html
+++ b/public/admin/blog-curation.html
@@ -4,9 +4,9 @@
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <title>External Communications Manager | Tractatus Admin</title>
-  <link rel="stylesheet" href="/css/tailwind.css?v=0.1.0.1761262254119">
-  <link rel="stylesheet" href="/css/tractatus-theme.min.css?v=0.1.0.1761262254119">
-  <script defer src="/js/admin/auth-check.js?v=0.1.0.1761262254119"></script>
+  <link rel="stylesheet" href="/css/tailwind.css?v=">
+  <link rel="stylesheet" href="/css/tractatus-theme.min.css?v=">
+  <script defer src="/js/admin/auth-check.js?v="></script>
   <style>
     .content-type-card input[type="radio"]:checked + div {
       border-color: #3b82f6;
@@ -18,7 +18,7 @@
 
   <!-- Navigation -->
   <div id="admin-navbar" data-page-title="External Communications" data-page-icon="blog"></div>
-  <script src="/js/components/navbar-admin.js?v=0.1.0.1761262254119"></script>
+  <script src="/js/components/navbar-admin.js?v="></script>
 
   <!-- Main Content -->
   <div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-8">
@@ -413,10 +413,10 @@
   <!-- Modals -->
   <div id="modal-container"></div>
 
-  <script src="/js/admin/blog-curation.js?v=0.1.0.1761262254119"></script>
-  <script src="/js/admin/blog-curation-enhanced.js?v=0.1.0.1761262254119"></script>
-  <script src="/js/admin/blog-validation.js?v=0.1.0.1761262254119"></script>
-  <script src="/js/admin/submission-modal-enhanced.js?v=0.1.0.1761262254119"></script>
+  <script src="/js/admin/blog-curation.js?v="></script>
+  <script src="/js/admin/blog-curation-enhanced.js?v="></script>
+  <script src="/js/admin/blog-validation.js?v="></script>
+  <script src="/js/admin/submission-modal-enhanced.js?v="></script>
 
 </body>
 </html>
diff --git a/public/js/admin/submission-modal-enhanced.js b/public/js/admin/submission-modal-enhanced.js
index 03b61199..27b913c4 100644
--- a/public/js/admin/submission-modal-enhanced.js
+++ b/public/js/admin/submission-modal-enhanced.js
@@ -149,12 +149,21 @@ async function openManageSubmissionModal(articleId, submissionId) {
 
   // Load article and submission data
   try {
-    const response = await fetch(`/api/blog/admin/${articleId}`);
+    const token = localStorage.getItem('admin_token');
+    const response = await fetch(`/api/blog/admin/${articleId}`, {
+      headers: {
+        'Authorization': `Bearer ${token}`
+      }
+    });
     if (!response.ok) throw new Error('Failed to load article');
     currentArticle = await response.json();
 
     // Try to load existing submission
-    const submissionResponse = await fetch(`/api/submissions/by-blog-post/${articleId}`);
+    const submissionResponse = await fetch(`/api/submissions/by-blog-post/${articleId}`, {
+      headers: {
+        'Authorization': `Bearer ${token}`
+      }
+    });
     if (submissionResponse.ok) {
       currentSubmission = await submissionResponse.json();
     } else {
@@ -805,7 +814,12 @@ async function exportPackage(format) {
   }
 
   try {
-    const response = await fetch(`/api/submissions/${currentSubmission._id}/export?format=${format}`);
+    const token = localStorage.getItem('admin_token');
+    const response = await fetch(`/api/submissions/${currentSubmission._id}/export?format=${format}`, {
+      headers: {
+        'Authorization': `Bearer ${token}`
+      }
+    });
     if (!response.ok) throw new Error('Export failed');
 
     if (format === 'json') {