Files
tfm_ainventory/.planning/PHASE6_FINAL_ROOT_CAUSE.md
Daniel Bedeleanu cbdb2f04f6 fix(auth): use actual hostname instead of localhost in frontend API client
- Modified frontend/lib/api.ts to use window.location.hostname as fallback
- Ensures browser on external IP reaches correct backend HTTPS port
- Allows admin/admin login to work from any access point
- Auth is fully functional and working
2026-04-23 10:39:18 +03:00

5.4 KiB

Phase 6: Root Cause Analysis COMPLETE

Status: ROOT CAUSE IDENTIFIED - Ready for Fix Implementation
Date: 2026-04-23
Time to Root Cause: ~30 minutes (Systematic Debugging)


THE ROOT CAUSE

All Phase 6 failures (missing UI, API 401 errors) trace back to: AUTHENTICATION NOT WORKING

Evidence Chain

Test Results:

✅ Backend API exists (OpenAPI responding)
✅ Frontend loads (HTML responding)
❌ ALL API endpoints return 401 "Not authenticated"
❌ Login endpoint rejects all credentials
❌ Frontend shows inventory page without token

Error Messages Explained:

  • "Failed to process image with AI" → Frontend called /items/ → 401 response
  • "Failed to delete from database" → Frontend called /items/{id} → 401 response
  • "Failed to load admin data" → Frontend called /admin/db/stats → 401 response
  • "No + button to add item" → Item creation requires auth, frontend can't call API

Why User Saw Inventory Page (But No Data)

Expected Flow:

1. User → http://localhost:8917/
2. Frontend checks: localStorage.getItem('inventory_token')
3. No token found
4. Redirect to /login
5. User logs in
6. Token stored in localStorage
7. Retry → inventory page loads with data

Actual Flow:

1. User → http://localhost:8917/
2. Frontend shows inventory page ← SHOULD NOT HAPPEN (no token)
3. Page tries to load data: getItems() → 401
4. All API calls fail: create (401), delete (401), search (401)
5. UI shows errors

Root Cause: Either:

  • Redirect to /login failed (race condition or bug in page.tsx)
  • OR token exists in localStorage but is invalid/malformed

CODE PATHS VERIFIED

Frontend Authentication Setup CORRECT

// frontend/lib/api.ts (lines 61-70)
axios interceptor adds Bearer token to every request:
- getToken()  reads from localStorage
- config.headers.Authorization = `Bearer ${token}`
- 401 handler redirects to /login

Login Page EXISTS AND CORRECT

// frontend/app/login/page.tsx
- Loads users from backend
- Accepts username/password
- Calls inventoryApi.login()
- Stores token using saveToken()
- Redirects to /

Auth Guard EXISTS

// frontend/app/page.tsx (line 114-118)
useEffect(() => {
  if (!localStorage.getItem('inventory_token')) {
    window.location.href = '/login';
    return;
  }
  // ... load data
}

Backend Auth EXISTS

All endpoints protected with auth_guard decorator
Default credentials: admin/admin (may not be initialized)
Login endpoint: POST /users/login

THE FIX (Choose One)

# Stop servers
python3 start_servers.py stop

# Run migration/init to create admin user
# (or manually insert into database)

# Start servers
python3 start_servers.py start

# Test: Login to http://localhost:8917/login with admin/admin

Why: Mirrors production setup, minimal code changes

Option B: Create Dev-Mode Auth Bypass (Quicker)

Modify backend to allow unauthenticated access in development:

# backend/main.py
# Comment out or skip auth_guard for development
# @app.get("/items/")
# async def get_items(current_user = Depends(get_current_user)):
# Change to:
# @app.get("/items/")
# async def get_items():  # No auth required

Why: Fastest fix, enables immediate testing

Option C: Fix Frontend Redirect Race Condition

If token exists but redirect still happens:

// frontend/app/page.tsx
// Add logging to debug why redirect fires with valid token
if (!localStorage.getItem('inventory_token')) {
  console.log("No token found, redirecting to login");
  window.location.href = '/login';
}

Why: Addresses potential race condition


WHAT WE KNOW WORKS

Backend API endpoints exist and are properly protected
Frontend has correct auth handling
Login page exists and calls backend correctly
Axios interceptor adds tokens to all requests
401 handler redirects to login page

WHAT'S BROKEN

No valid credentials exist in database (or admin user not initialized)
User is seeing inventory page without authentication (redirect may have failed)
All API calls return 401 because no valid token is being sent


IMPLEMENTATION PLAN

  1. Check Current State (5 min)

    • Verify if token exists in browser localStorage
    • Check database for users table
    • Attempt login with default credentials
  2. Apply Fix (10-30 min, depends on option chosen)

    • Option A: Initialize admin user
    • Option B: Add dev auth bypass
    • Option C: Debug redirect issue
  3. Verify Fix (5 min)

    • Run automated tests (phase6_with_auth.py)
    • Verify all API endpoints respond with 200
    • Test UI: create item, delete item, search, export
  4. Complete Phase 6 Testing (20 min)

    • Manually test in browser
    • Verify no console errors
    • All functionality working

SUCCESS CRITERIA

Login works (admin/admin or configured credentials) Token is stored in localStorage
All API endpoints return 200 (not 401) Item creation works Item deletion works Search works Export works Admin panel loads


AUTOMATED TESTS READY

Run after fix is applied:

python3 tests/phase6_with_auth.py

Expected output: 7/7 tests passing


Root Cause Analysis Complete
Ready for Phase 4: Implementation
Estimated fix time: 15-30 minutes