From a54957aa74ef15bf2dd439d386e221ac134c5c5c Mon Sep 17 00:00:00 2001
From: Janis <janis-e@gmx.de>
Date: Wed, 17 Jun 2026 09:08:55 +0200
Subject: [PATCH] fix(auth): attach Bearer token to /api/bots requests (#12)

OfficialBotService posts to /api/bots/official/join-tournament, but
the auth interceptor's protected-endpoint whitelist omitted /api/bots,
so no Authorization header was sent and the request hit the official-
bots service anonymously -> 401.

Add /api/bots to the whitelist.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Reviewed-on: https://git.janis-eccarius.de/NowChess/NowChess-Frontend/pulls/12
---
 src/app/services/auth.interceptor.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/app/services/auth.interceptor.ts b/src/app/services/auth.interceptor.ts
index 4759842..8786877 100644
--- a/src/app/services/auth.interceptor.ts
+++ b/src/app/services/auth.interceptor.ts
@@ -9,7 +9,8 @@ export const authInterceptor: HttpInterceptorFn = (req, next) => {
     req.url.includes('/api/account/official-bots') ||
     req.url.includes('/api/board/game') ||
     req.url.includes('/api/challenge') ||
-    req.url.includes('/api/tournament');
+    req.url.includes('/api/tournament') ||
+    req.url.includes('/api/bots');
 
   if (token && isProtectedEndpoint && !req.headers.has('Authorization')) {
     req = req.clone({