From 69d41f2ed4cd807237b8f1d44ce094298556d35a Mon Sep 17 00:00:00 2001
From: jokob-sk <jokob-sk@gmail.com>
Date: Mon, 18 Nov 2024 12:16:49 +1100
Subject: [PATCH] GraphQl 0.11.18.1 - better api_token initialization + menu
 fixes

---
 front/php/templates/header.php                | 14 +++++++-------
 server/graphql_server/graphql_server_start.py |  8 +++++---
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/front/php/templates/header.php b/front/php/templates/header.php
index f4a5791c..8e305449 100755
--- a/front/php/templates/header.php
+++ b/front/php/templates/header.php
@@ -255,25 +255,25 @@
           </a>
           <ul class="treeview-menu" style="display: <?php if (in_array (basename($_SERVER['SCRIPT_NAME']), array('devices.php', 'deviceDetails.php') ) ){ echo 'block'; } else {echo 'none';} ?>;">
             <li>
-              <a href="#" onclick="forceLoadUrl('/devices.php#my_devices')" >  <?= lang("Device_Shortcut_AllDevices");?> </a>
+              <a href="/devices.php#my_devices" onclick="forceLoadUrl('/devices.php#my_devices')" >  <?= lang("Device_Shortcut_AllDevices");?> </a>
             </li>
             <li>
-              <a href="#" onclick="forceLoadUrl('/devices.php#connected')" >  <?= lang("Device_Shortcut_Connected");?> </a>
+              <a href="/devices.php#connected" onclick="forceLoadUrl('/devices.php#connected')" >  <?= lang("Device_Shortcut_Connected");?> </a>
             </li>
             <li>
-              <a href="#" onclick="forceLoadUrl('/devices.php#favorites')" > <?= lang("Device_Shortcut_Favorites");?> </a>
+              <a href="/devices.php#favorites" onclick="forceLoadUrl('/devices.php#favorites')" > <?= lang("Device_Shortcut_Favorites");?> </a>
             </li>
             <li>
-              <a href="#" onclick="forceLoadUrl('/devices.php#new')" >  <?= lang("Device_Shortcut_NewDevices");?> </a>
+              <a href="/devices.php#new" onclick="forceLoadUrl('/devices.php#new')" >  <?= lang("Device_Shortcut_NewDevices");?> </a>
             </li>
             <li>
-              <a href="#" onclick="forceLoadUrl('/devices.php#down')" >  <?= lang("Device_Shortcut_DownOnly");?> </a>
+              <a href="/devices.php#down" onclick="forceLoadUrl('/devices.php#down')" >  <?= lang("Device_Shortcut_DownOnly");?> </a>
             </li>
             <li>
-              <a href="#" onclick="forceLoadUrl('/devices.php#offline')" > <?= lang("Gen_Offline");?> </a>
+              <a href="/devices.php#offline" onclick="forceLoadUrl('/devices.php#offline')" > <?= lang("Gen_Offline");?> </a>
             </li>
             <li>
-              <a href="#" onclick="forceLoadUrl('/devices.php#archived')" >  <?= lang("Device_Shortcut_Archived");?> </a>
+              <a href="/devices.php#archived" onclick="forceLoadUrl('/devices.php#archived')" >  <?= lang("Device_Shortcut_Archived");?> </a>
             </li>
           </ul>
 
diff --git a/server/graphql_server/graphql_server_start.py b/server/graphql_server/graphql_server_start.py
index a55b64a6..1ad89563 100755
--- a/server/graphql_server/graphql_server_start.py
+++ b/server/graphql_server/graphql_server_start.py
@@ -17,14 +17,16 @@ app = Flask(__name__)
 
 # Retrieve API token and port
 graphql_port_value = get_setting_value("GRAPHQL_PORT")
-api_token_value = get_setting_value("API_TOKEN")
+
 
 # Endpoint for GraphQL queries
 @app.route("/graphql", methods=["POST"])
 def graphql_endpoint():
     # Check for API token in headers
-    token = request.headers.get("Authorization")
-    if token != f"Bearer {api_token_value}":
+    incoming_header_token = request.headers.get("Authorization")            
+    api_token_value = get_setting_value("API_TOKEN")
+
+    if incoming_header_token != f"Bearer {api_token_value}":
         mylog('verbose', [f'[graphql_server] Unauthorized access attempt'])
         return jsonify({"error": "Unauthorized"}), 401