ci: bump version to v0.4.2

fix: NCS-122 send WS token via first-message auth instead of query param (#13 )
Remove token from WebSocket URL query parameters in ChallengeWebSocketService and GameApiService. Instead, send {"type":"auth","token":"..."} as the first text frame after the connection opens, matching the new backend auth protocol. --------- Co-authored-by: LQ63 <lkhermann@web.de> Reviewed-on: #13
2026-06-17 09:19:46 +00:00 · 2026-06-17 10:50:16 +02:00 · 2026-06-17 07:20:31 +00:00 · 2026-06-17 09:08:55 +02:00
6 changed files with 121 additions and 105 deletions
@@ -66,3 +66,13 @@
 ### Features

 * NCWF-5/6/7/8/9 chess analysis page and engine integration ([#11](https://git.janis-eccarius.de/NowChess/NowChess-Frontend/issues/11)) ([f9420e5](https://git.janis-eccarius.de/NowChess/NowChess-Frontend/commit/f9420e5848d8724bcb0e9cf08f08b871c91cf4ba))
+## [0.0.0](https://git.janis-eccarius.de/NowChess/NowChess-Frontend/compare/0.4.0...0.0.0) (2026-06-17)
+
+### Bug Fixes
+
+* **auth:** attach Bearer token to /api/bots requests ([#12](https://git.janis-eccarius.de/NowChess/NowChess-Frontend/issues/12)) ([a54957a](https://git.janis-eccarius.de/NowChess/NowChess-Frontend/commit/a54957aa74ef15bf2dd439d386e221ac134c5c5c))
+## [0.0.0](https://git.janis-eccarius.de/NowChess/NowChess-Frontend/compare/0.4.1...0.0.0) (2026-06-17)
+
+### Bug Fixes
+
+* NCS-122 send WS token via first-message auth instead of query param ([#13](https://git.janis-eccarius.de/NowChess/NowChess-Frontend/issues/13)) ([1d2c217](https://git.janis-eccarius.de/NowChess/NowChess-Frontend/commit/1d2c217da8982d361e2eb7de26f6447171a1dd43))
@@ -9,7 +9,8 @@ export const authInterceptor: HttpInterceptorFn = (req, next) => {
    req.url.includes('/api/account/official-bots') ||
    req.url.includes('/api/board/game') ||
    req.url.includes('/api/challenge') ||
-    req.url.includes('/api/tournament');
+    req.url.includes('/api/tournament') ||
+    req.url.includes('/api/bots');

  if (token && isProtectedEndpoint && !req.headers.has('Authorization')) {
    req = req.clone({
@@ -22,7 +22,7 @@ export class ChallengeWebSocketService {
    const token = localStorage.getItem('token');
    if (!token) return;

-        const url = `${environment.userWsBaseUrl}/api/user/ws?token=${encodeURIComponent(token)}`;
+    const url = `${environment.userWsBaseUrl}/api/user/ws`;

    try {
      this.intentionalClose = false;
@@ -30,6 +30,7 @@ export class ChallengeWebSocketService {

      this.ws.onopen = () => {
        this.reconnectAttempts = 0;
+        this.ws?.send(JSON.stringify({ type: 'auth', token }));
      };

      this.ws.onmessage = (event) => {
@@ -76,8 +77,10 @@ export class ChallengeWebSocketService {
        const challengeId = message['challengeId'] as string | undefined;
        if (challengeId) {
          this.challengeService.getChallenge(challengeId).subscribe({
-                        next: challenge => this.challengeEventService.onChallengeReceived(challenge),
-                        error: () => { /* challenge may have already expired */ }
+            next: (challenge) => this.challengeEventService.onChallengeReceived(challenge),
+            error: () => {
+              /* challenge may have already expired */
+            },
          });
        }
        break;
@@ -110,6 +113,8 @@ export class ChallengeWebSocketService {
  private attemptReconnect(): void {
    if (this.intentionalClose || this.reconnectAttempts >= this.maxReconnectAttempts) return;
    this.reconnectAttempts++;
-        setTimeout(() => { this.connect(); }, this.reconnectDelay);
+    setTimeout(() => {
+      this.connect();
+    }, this.reconnectDelay);
  }
 }
@@ -7,7 +7,7 @@ import {
  GameState,
  GameStreamEvent,
  LegalMovesResponse,
-  PlayerInfo
+  PlayerInfo,
 } from '../models/game.models';
 import { AnalysisRequest, AnalysisResponse } from '../models/analysis.models';
 import { StreamHandlerService } from './stream-handler.service';
@@ -29,11 +29,11 @@ export class GameApiService {
    const playerColor = Math.random() > 0.5 ? 'white' : 'black';
    const playerInfo: PlayerInfo = {
      id: `player-${Date.now()}`,
-      displayName: 'You'
+      displayName: 'You',
    };
    const botInfo: PlayerInfo = {
      id: `bot-${difficulty}`,
-      displayName: `Bot (${difficulty})`
+      displayName: `Bot (${difficulty})`,
    };

    const payload =
@@ -57,7 +57,9 @@ export class GameApiService {
    if (square) {
      params = params.set('square', square);
    }
-    return this.http.get<LegalMovesResponse>(`${this.apiBase}${this.apiPath}/${gameId}/moves`, { params });
+    return this.http.get<LegalMovesResponse>(`${this.apiBase}${this.apiPath}/${gameId}/moves`, {
+      params,
+    });
  }

  importFen(fen: string): Observable<GameFull> {
@@ -90,11 +92,8 @@ export class GameApiService {
  }

  streamGame(gameId: string): Observable<GameStreamEvent> {
-    const token = localStorage.getItem('token');
-    let wsUrl = `${this.resolveWsBase()}${this.apiPath}/${gameId}/ws`;
-    if (token) {
-      wsUrl += `?token=${encodeURIComponent(token)}`;
-    }
-    return this.streamHandler.createGameStream(wsUrl, gameId);
+    const wsUrl = `${this.resolveWsBase()}${this.apiPath}/${gameId}/ws`;
+    const token = localStorage.getItem('token') ?? '';
+    return this.streamHandler.createGameStream(wsUrl, gameId, token);
  }
 }
@@ -6,7 +6,7 @@ const WS_CONNECT_TIMEOUT_MS = 3000;

@Injectable({ providedIn: 'root' })
 export class StreamHandlerService {
-  createGameStream(wsUrl: string, gameId: string): Observable<GameStreamEvent> {
+  createGameStream(wsUrl: string, gameId: string, token: string): Observable<GameStreamEvent> {
    return new Observable<GameStreamEvent>((observer) => {
      const ws = new WebSocket(wsUrl);
      let connected = false;
@@ -14,7 +14,7 @@ export class StreamHandlerService {
      const emitErrorEvent = (message: string): void => {
        const errorEvent: ErrorEvent = {
          type: 'error',
-          error: { code: 'STREAM_ERROR', message }
+          error: { code: 'STREAM_ERROR', message },
        };
        observer.next(errorEvent);
      };
@@ -36,6 +36,7 @@ export class StreamHandlerService {
        connected = true;
        clearTimeout(connectionTimeoutId);
        console.log(`[StreamHandler] WebSocket connected for ${gameId}`);
+        ws.send(JSON.stringify({ type: 'auth', token }));
      };

      ws.onmessage = (message) => {
@@ -1,3 +1,3 @@
 MAJOR=0
 MINOR=4
-PATCH=0
+PATCH=2
Author	SHA1	Message	Date
TeamCity	74f82bc0ba	ci: bump version to v0.4.2	2026-06-17 09:19:46 +00:00
lq64	1d2c217da8	fix: NCS-122 send WS token via first-message auth instead of query param (#13 ) Remove token from WebSocket URL query parameters in ChallengeWebSocketService and GameApiService. Instead, send {"type":"auth","token":"..."} as the first text frame after the connection opens, matching the new backend auth protocol. --------- Co-authored-by: LQ63 <lkhermann@web.de> Reviewed-on: #13	2026-06-17 10:50:16 +02:00
TeamCity	3d1b330396	ci: bump version to v0.4.1	2026-06-17 07:20:31 +00:00
Janis	a54957aa74	fix(auth): attach Bearer token to /api/bots requests (#12 ) OfficialBotService posts to /api/bots/official/join-tournament, but the auth interceptor's protected-endpoint whitelist omitted /api/bots, so no Authorization header was sent and the request hit the official- bots service anonymously -> 401. Add /api/bots to the whitelist. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Reviewed-on: #12	2026-06-17 09:08:55 +02:00