Add X-User-ID header to all FastAPI ML service proxy routes

- Add X-User-ID header containing user.id to all fetch calls from proxy routes - Updated routes: /api/predict, /api/predict/batch, /api/model/info, /api/model/load, /api/patterns/detect, /api/patterns/available, /api/training/start, /api/training/runs - Enables user scoping on the FastAPI ML service side Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-20 13:12:25 +01:00 · 2026-02-20 13:12:25 +01:00 · bd668589b6
commit bd668589b6
parent 685639a0d3
10 changed files with 10 additions and 7 deletions
--- a/openspec/changes/user-accounts/tasks.md
+++ b/openspec/changes/user-accounts/tasks.md
@ -40,7 +40,7 @@
 - [x] 7.1 `[sonnet]` Add `getAuthUser()` check to all data API routes: `/api/upload`, `/api/candles`, `/api/charts`, `/api/annotations`, `/api/annotation-types`, `/api/span-annotations`, `/api/span-label-types`, `/api/export`
 - [x] 7.2 `[opus]` Update all Drizzle queries to filter by `user_id` from authenticated session (SELECT, INSERT, DELETE)
 - [x] 7.3 `[sonnet]` Add `getAuthUser()` check to all proxy API routes: `/api/predict`, `/api/predict/batch`, `/api/model/info`, `/api/model/load`, `/api/patterns/detect`, `/api/patterns/available`, `/api/training/start`, `/api/training/runs`
- [ ] 7.4 `[haiku]` Add `X-User-ID` header to all fetch calls from proxy routes to the FastAPI ML service
+- [x] 7.4 `[haiku]` Add `X-User-ID` header to all fetch calls from proxy routes to the FastAPI ML service

 ## 8. Frontend Routing Restructure

--- a/src/app/api/model/info/route.ts
+++ b/src/app/api/model/info/route.ts
@ -21,6 +21,7 @@ export async function GET(request: NextRequest) {
        headers: {
          'Content-Type': 'application/json',
          'X-API-Key': process.env.API_KEY || '',
+          'X-User-ID': user.id,
        },
        signal: controller.signal,
      });
--- a/src/app/api/model/load/route.ts
+++ b/src/app/api/model/load/route.ts
@ -34,7 +34,7 @@ export async function POST(request: NextRequest) {

    const response = await fetch(`${INFERENCE_API_URL}/model/load`, {
      method: 'POST',
-      headers: { 'Content-Type': 'application/json', 'X-API-Key': process.env.API_KEY || '' },
+      headers: { 'Content-Type': 'application/json', 'X-API-Key': process.env.API_KEY || '', 'X-User-ID': user.id },
      body: JSON.stringify(validatedBody),
      signal: controller.signal,
    });
--- a/src/app/api/patterns/available/route.ts
+++ b/src/app/api/patterns/available/route.ts
@ -16,7 +16,7 @@ export async function GET(_request: NextRequest) {
  try {
    const response = await fetch(`${INFERENCE_API_URL}/patterns/available`, {
      method: 'GET',
-      headers: { 'Content-Type': 'application/json', 'X-API-Key': process.env.API_KEY || '' },
+      headers: { 'Content-Type': 'application/json', 'X-API-Key': process.env.API_KEY || '', 'X-User-ID': user.id },
      signal: controller.signal,
    });
    clearTimeout(timeoutId);
--- a/src/app/api/patterns/detect/route.ts
+++ b/src/app/api/patterns/detect/route.ts
@ -45,7 +45,7 @@ export async function POST(request: NextRequest) {

    const response = await fetch(`${INFERENCE_API_URL}/patterns/detect`, {
      method: 'POST',
-      headers: { 'Content-Type': 'application/json', 'X-API-Key': process.env.API_KEY || '' },
+      headers: { 'Content-Type': 'application/json', 'X-API-Key': process.env.API_KEY || '', 'X-User-ID': user.id },
      body: JSON.stringify(validatedBody),
      signal: controller.signal,
    });
--- a/src/app/api/predict/batch/route.ts
+++ b/src/app/api/predict/batch/route.ts
@ -41,6 +41,7 @@ export async function POST(request: NextRequest) {
        headers: {
          'Content-Type': 'application/json',
          'X-API-Key': process.env.API_KEY || '',
+          'X-User-ID': user.id,
        },
        body: JSON.stringify(validatedBody),
        signal: controller.signal,
--- a/src/app/api/predict/route.ts
+++ b/src/app/api/predict/route.ts
@ -49,6 +49,7 @@ export async function POST(request: NextRequest) {
        headers: {
          'Content-Type': 'application/json',
          'X-API-Key': process.env.API_KEY || '',
+          'X-User-ID': user.id,
        },
        body: JSON.stringify(validatedBody),
        signal: controller.signal,
--- a/src/app/api/training/runs/route.ts
+++ b/src/app/api/training/runs/route.ts
@ -16,7 +16,7 @@ export async function GET(_request: NextRequest) {
  try {
    const response = await fetch(`${INFERENCE_API_URL}/training/runs`, {
      method: 'GET',
-      headers: { 'Content-Type': 'application/json', 'X-API-Key': process.env.API_KEY || '' },
+      headers: { 'Content-Type': 'application/json', 'X-API-Key': process.env.API_KEY || '', 'X-User-ID': user.id },
      signal: controller.signal,
    });
    clearTimeout(timeoutId);
--- a/src/app/api/training/start/route.ts
+++ b/src/app/api/training/start/route.ts
@ -35,7 +35,7 @@ export async function POST(request: NextRequest) {

    const response = await fetch(`${INFERENCE_API_URL}/training/start`, {
      method: 'POST',
-      headers: { 'Content-Type': 'application/json', 'X-API-Key': process.env.API_KEY || '' },
+      headers: { 'Content-Type': 'application/json', 'X-API-Key': process.env.API_KEY || '', 'X-User-ID': user.id },
      body: JSON.stringify(validatedBody),
      signal: controller.signal,
    });
--- a/tsconfig.tsbuildinfo
+++ b/tsconfig.tsbuildinfo