From 0f9232ea3396aa120352a1eacebcaf722c153753 Mon Sep 17 00:00:00 2001
From: Shirone <kacperlachowiczwp.pl@wp.pl>
Date: Thu, 8 Jan 2026 21:00:22 +0100
Subject: [PATCH] fix: add API key header to verifySession for Electron auth
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The verifySession() function was not including the X-API-Key header
when making requests to /api/settings/status, causing Electron mode
to fail authentication on app startup despite having a valid API key.

This resulted in users seeing "You've been logged out" screen
immediately after launching the Electron app.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 apps/ui/src/lib/http-api-client.ts | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/apps/ui/src/lib/http-api-client.ts b/apps/ui/src/lib/http-api-client.ts
index 12172ee9..f41a02ea 100644
--- a/apps/ui/src/lib/http-api-client.ts
+++ b/apps/ui/src/lib/http-api-client.ts
@@ -374,7 +374,13 @@ export const verifySession = async (): Promise<boolean> => {
     'Content-Type': 'application/json',
   };
 
-  // Add session token header if available
+  // Electron mode: use API key header
+  const apiKey = getApiKey();
+  if (apiKey) {
+    headers['X-API-Key'] = apiKey;
+  }
+
+  // Add session token header if available (web mode)
   const sessionToken = getSessionToken();
   if (sessionToken) {
     headers['X-Session-Token'] = sessionToken;