From 10dc27a2c4c5afbbcd17a5df6e7808bd058ad54b Mon Sep 17 00:00:00 2001
From: MayaTheShy <MayaTheShy@gmail.com>
Date: Sun, 22 Mar 2026 02:14:15 -0400
Subject: [PATCH] Enhance API request handling with authentication headers and
 API key support

---
 web/client/src/store/inventoryStore.js | 34 +++++++++++++++++---------
 1 file changed, 23 insertions(+), 11 deletions(-)

diff --git a/web/client/src/store/inventoryStore.js b/web/client/src/store/inventoryStore.js
index 95508d6..5b32a9d 100644
--- a/web/client/src/store/inventoryStore.js
+++ b/web/client/src/store/inventoryStore.js
@@ -1,12 +1,24 @@
 import { create } from 'zustand';
 
-const WS_URL = import.meta.env.VITE_WS_URL ||
+const _baseWsUrl = import.meta.env.VITE_WS_URL ||
   `${window.location.protocol === 'https:' ? 'wss:' : 'ws:'}//${window.location.host}/ws`;
 const API_URL = import.meta.env.VITE_API_URL ||
   `${window.location.protocol}//${window.location.host}/api`;
+const API_KEY = import.meta.env.VITE_API_KEY || '';
 
-console.log('🔌 WebSocket URL:', WS_URL);
+// Append API key to WebSocket URL as query param
+const WS_URL = API_KEY ? `${_baseWsUrl}?key=${encodeURIComponent(API_KEY)}` : _baseWsUrl;
+
+// Build common headers for authenticated requests
+function authHeaders(extra = {}) {
+  const headers = { 'Content-Type': 'application/json', ...extra };
+  if (API_KEY) headers['Authorization'] = `Bearer ${API_KEY}`;
+  return headers;
+}
+
+console.log('🔌 WebSocket URL:', _baseWsUrl);
 console.log('📡 API URL:', API_URL);
+if (API_KEY) console.log('🔒 API key configured');
 
 // Generate a unique command ID for idempotent requests
 function newCommandId() {
@@ -187,7 +199,7 @@ export const useInventoryStore = create((set, get) => ({
     try {
       const response = await fetch(`${API_URL}/order`, {
         method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
+        headers: authHeaders(),
         body: JSON.stringify({ itemName, amount, dropperName, commandId: newCommandId() }),
       });
       return await response.json();
@@ -201,7 +213,7 @@ export const useInventoryStore = create((set, get) => ({
     try {
       const response = await fetch(`${API_URL}/scan`, {
         method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
+        headers: authHeaders(),
         body: JSON.stringify({ commandId: newCommandId() }),
       });
       return await response.json();
@@ -215,7 +227,7 @@ export const useInventoryStore = create((set, get) => ({
     try {
       const response = await fetch(`${API_URL}/smelting/toggle`, {
         method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
+        headers: authHeaders(),
         body: JSON.stringify({ commandId: newCommandId() }),
       });
       return await response.json();
@@ -229,7 +241,7 @@ export const useInventoryStore = create((set, get) => ({
     try {
       const response = await fetch(`${API_URL}/recipes/toggle`, {
         method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
+        headers: authHeaders(),
         body: JSON.stringify({ recipe, commandId: newCommandId() }),
       });
       return await response.json();
@@ -243,7 +255,7 @@ export const useInventoryStore = create((set, get) => ({
     try {
       await fetch(`${API_URL}/recipes/enable-all`, {
         method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
+        headers: authHeaders(),
         body: JSON.stringify({ commandId: newCommandId() }),
       });
     } catch (error) {
@@ -255,7 +267,7 @@ export const useInventoryStore = create((set, get) => ({
     try {
       await fetch(`${API_URL}/recipes/disable-all`, {
         method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
+        headers: authHeaders(),
         body: JSON.stringify({ commandId: newCommandId() }),
       });
     } catch (error) {
@@ -267,7 +279,7 @@ export const useInventoryStore = create((set, get) => ({
     try {
       const response = await fetch(`${API_URL}/craft`, {
         method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
+        headers: authHeaders(),
         body: JSON.stringify({ recipeIdx, commandId: newCommandId() }),
       });
       return await response.json();
@@ -281,7 +293,7 @@ export const useInventoryStore = create((set, get) => ({
     try {
       const response = await fetch(`${API_URL}/sort-barrel`, {
         method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
+        headers: authHeaders(),
         body: JSON.stringify({ barrelName, commandId: newCommandId() }),
       });
       return await response.json();
@@ -296,7 +308,7 @@ export const useInventoryStore = create((set, get) => ({
     try {
       const response = await fetch(`${API_URL}/dropper-nicknames`, {
         method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
+        headers: authHeaders(),
         body: JSON.stringify({ dropperName, nickname }),
       });
       const result = await response.json();