From dce8c2cc42a248b1cce0342404d1619149a6d0cf Mon Sep 17 00:00:00 2001
From: Janis <janis-e@gmx.de>
Date: Wed, 17 Jun 2026 09:08:38 +0200
Subject: [PATCH] fix(auth): attach Bearer token to /api/bots requests

OfficialBotService posts to /api/bots/official/join-tournament, but
the auth interceptor's protected-endpoint whitelist omitted /api/bots,
so no Authorization header was sent and the request hit the official-
bots service anonymously -> 401.

Add /api/bots to the whitelist.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 src/app/services/auth.interceptor.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/app/services/auth.interceptor.ts b/src/app/services/auth.interceptor.ts
index 4759842..8786877 100644
--- a/src/app/services/auth.interceptor.ts
+++ b/src/app/services/auth.interceptor.ts
@@ -9,7 +9,8 @@ export const authInterceptor: HttpInterceptorFn = (req, next) => {
     req.url.includes('/api/account/official-bots') ||
     req.url.includes('/api/board/game') ||
     req.url.includes('/api/challenge') ||
-    req.url.includes('/api/tournament');
+    req.url.includes('/api/tournament') ||
+    req.url.includes('/api/bots');
 
   if (token && isProtectedEndpoint && !req.headers.has('Authorization')) {
     req = req.clone({