From 4917242dcabe469fb4064ad018d23f26f175d5b4 Mon Sep 17 00:00:00 2001 From: ekko Date: Wed, 15 Apr 2026 19:29:44 +0800 Subject: [PATCH] fix: add auth to /upload endpoint to resolve 401 on file attachment Fixes #10 Co-Authored-By: Claude Opus 4.6 --- server/src/services/auth.ts | 2 +- src/stores/chat.ts | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/server/src/services/auth.ts b/server/src/services/auth.ts index 779b3f5..4db4b2f 100644 --- a/server/src/services/auth.ts +++ b/server/src/services/auth.ts @@ -51,7 +51,7 @@ export async function authMiddleware(token: string | null) { const path = ctx.path if ( path === '/health' || - (!path.startsWith('/api') && !path.startsWith('/v1') && path !== '/upload' && path !== '/webhook') + (!path.startsWith('/api') && !path.startsWith('/v1') && path !== '/webhook') ) { await next() return diff --git a/src/stores/chat.ts b/src/stores/chat.ts index 03377d2..a880908 100644 --- a/src/stores/chat.ts +++ b/src/stores/chat.ts @@ -51,7 +51,12 @@ async function uploadFiles(attachments: Attachment[]): Promise<{ name: string; p for (const att of attachments) { if (att.file) formData.append('file', att.file, att.name) } - const res = await fetch('/upload', { method: 'POST', body: formData }) + const token = localStorage.getItem('hermes_api_key') || '' + const res = await fetch('/upload', { + method: 'POST', + body: formData, + headers: token ? { Authorization: `Bearer ${token}` } : {}, + }) if (!res.ok) throw new Error(`Upload failed: ${res.status}`) const data = await res.json() as { files: { name: string; path: string }[] } return data.files