From 102a562f9d5861743e63bc8c33704454eb0ca063 Mon Sep 17 00:00:00 2001
From: Sergei <sergei@Sergeis-MacBook-Pro.local>
Date: Mon, 19 Jan 2026 23:04:45 -0800
Subject: [PATCH] Fix sensors list API: add missing auth headers and
 credentials method
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Add baseUrl and legacyApiUrl as class properties in ApiService
- Add getLegacyCredentials() method for device operations
- Add Authorization header to getDevicesForBeneficiary()
- Add Authorization header to attachDeviceToBeneficiary()

These changes fix the sensors list functionality allowing users
to view sensors for any beneficiary.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 services/api.ts | 36 ++++++++++++++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/services/api.ts b/services/api.ts
index edaaa58..3b932f2 100644
--- a/services/api.ts
+++ b/services/api.ts
@@ -48,6 +48,10 @@ function formatTimeAgo(date: Date): string {
 }
 
 class ApiService {
+  // API URLs as instance properties for consistency
+  private readonly baseUrl = WELLNUO_API_URL;
+  private readonly legacyApiUrl = API_BASE_URL;
+
   // Public method to get the access token (used by AuthContext)
   async getToken(): Promise<string | null> {
     try {
@@ -1535,6 +1539,16 @@ class ApiService {
     return this.DEMO_DEPLOYMENT_ID;
   }
 
+  /**
+   * Get Legacy API credentials for device operations
+   * Uses the same credentials as getLegacyWebViewCredentials but returns only what's needed
+   */
+  async getLegacyCredentials(): Promise<{ userName: string; token: string } | null> {
+    const creds = await this.getLegacyWebViewCredentials();
+    if (!creds) return null;
+    return { userName: creds.userName, token: creds.token };
+  }
+
   // ============================================================================
   // WP SENSORS / DEVICES MANAGEMENT
   // ============================================================================
@@ -1545,8 +1559,17 @@ class ApiService {
    */
   async getDevicesForBeneficiary(beneficiaryId: string) {
     try {
+      // Get auth token for WellNuo API
+      const token = await this.getToken();
+      if (!token) return { ok: false, error: 'Not authenticated' };
+
       // Get beneficiary's deployment_id from PostgreSQL
-      const response = await fetch(`${this.baseUrl}/me/beneficiaries/${beneficiaryId}`);
+      const response = await fetch(`${this.baseUrl}/me/beneficiaries/${beneficiaryId}`, {
+        method: 'GET',
+        headers: {
+          'Authorization': `Bearer ${token}`,
+        },
+      });
       if (!response.ok) throw new Error('Failed to get beneficiary');
 
       const beneficiary = await response.json();
@@ -1679,8 +1702,17 @@ class ApiService {
     password: string
   ) {
     try {
+      // Get auth token for WellNuo API
+      const token = await this.getToken();
+      if (!token) throw new Error('Not authenticated');
+
       // Get beneficiary details
-      const response = await fetch(`${this.baseUrl}/me/beneficiaries/${beneficiaryId}`);
+      const response = await fetch(`${this.baseUrl}/me/beneficiaries/${beneficiaryId}`, {
+        method: 'GET',
+        headers: {
+          'Authorization': `Bearer ${token}`,
+        },
+      });
       if (!response.ok) throw new Error('Failed to get beneficiary');
 
       const beneficiary = await response.json();