Nautilus/ledgerdock
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

frontend: apply bearer token to centralized API requests

Browse Source
This commit is contained in:
Beda Schmid
2026-02-21 15:03:13 -03:00
parent b25e508a00
commit c1a7011d71
4 changed files with 59 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
doc/operations-and-configuration.md
View File

@@ -101,6 +101,11 @@ Selected defaults from `Settings` (`backend/app/core/config.py`):
Frontend runtime API target:
- `VITE_API_BASE` in `docker-compose.yml` frontend service
- `VITE_API_TOKEN` in `docker-compose.yml` frontend service (defaults to `USER_API_TOKEN` in compose, override to `ADMIN_API_TOKEN` when admin-only routes are needed)
Frontend API authentication behavior:
- `frontend/src/lib/api.ts` adds `Authorization: Bearer <VITE_API_TOKEN>` for all API requests only when `VITE_API_TOKEN` is non-empty
- requests are still sent without authorization when `VITE_API_TOKEN` is unset, which keeps unauthenticated endpoints such as `/api/v1/health` backward-compatible
Frontend container runtime behavior:
- the container runs as non-root `node`