From e2b09c7a8b4a4332be01382d8546845298148751 Mon Sep 17 00:00:00 2001
From: Tracewebstudio Dev <dev@tracewebstudio.com>
Date: Sun, 12 Apr 2026 17:59:50 +0200
Subject: [PATCH] fix(frontend): preserve leading slash in gatewayUrl path
 reconstruction

---
 src/lib/server/gateway.ts | 37 +++++++++++++++++++++++--------------
 1 file changed, 23 insertions(+), 14 deletions(-)

diff --git a/src/lib/server/gateway.ts b/src/lib/server/gateway.ts
index 9da5ece..3bb474f 100644
--- a/src/lib/server/gateway.ts
+++ b/src/lib/server/gateway.ts
@@ -1,11 +1,15 @@
-const gatewayBase = (process.env.NEXT_PUBLIC_API_URL || process.env.PUBLIC_API_URL || 'http://localhost:8080/api').replace(/\/+$/, '');
+const gatewayBase = (
+  process.env.NEXT_PUBLIC_API_URL ||
+  process.env.PUBLIC_API_URL ||
+  "http://localhost:8080/api"
+).replace(/\/+$/, "");
 
 export function gatewayUrl(path: string) {
-  const normalized = path.startsWith('/') ? path : `/${path}`;
-  if (gatewayBase.endsWith('/api')) {
-    if (normalized === '/api') return gatewayBase;
-    if (normalized.startsWith('/api/')) {
-      return `${gatewayBase}${normalized.slice(4)}`;
+  const normalized = path.startsWith("/") ? path : `/${path}`;
+  if (gatewayBase.endsWith("/api")) {
+    if (normalized === "/api") return gatewayBase;
+    if (normalized.startsWith("/api/")) {
+      return `${gatewayBase}${normalized.slice(3)}`;
     }
   }
   return `${gatewayBase}${normalized}`;
@@ -13,21 +17,26 @@ export function gatewayUrl(path: string) {
 
 export function readAccessTokenFromRequest(request: Request): string | null {
   // 1. Prefer Authorization header forwarded by the client-side fetch
-  const authHeader = request.headers.get('authorization') || request.headers.get('Authorization') || '';
-  if (authHeader.startsWith('Bearer ')) {
+  const authHeader =
+    request.headers.get("authorization") || request.headers.get("Authorization") || "";
+  if (authHeader.startsWith("Bearer ")) {
     const token = authHeader.slice(7).trim();
     if (token) return token;
   }
 
   // 2. Fall back to legacy cookie (nxtgauge_access_token) if set
-  const cookie = request.headers.get('cookie') || '';
+  const cookie = request.headers.get("cookie") || "";
   if (cookie) {
-    const parts = cookie.split(';').map((part) => part.trim());
-    const pair = parts.find((part) => part.startsWith('nxtgauge_access_token='));
+    const parts = cookie.split(";").map((part) => part.trim());
+    const pair = parts.find((part) => part.startsWith("nxtgauge_access_token="));
     if (pair) {
-      const token = pair.split('=').slice(1).join('=').trim();
+      const token = pair.split("=").slice(1).join("=").trim();
       if (token) {
-        try { return decodeURIComponent(token); } catch { return token; }
+        try {
+          return decodeURIComponent(token);
+        } catch {
+          return token;
+        }
       }
     }
   }
@@ -47,7 +56,7 @@ export const forwardAuth = withAuthHeaders;
 
 // Forward cookies from request
 export function forwardCookies(request: Request): Record<string, string> {
-  const cookie = request.headers.get('cookie');
+  const cookie = request.headers.get("cookie");
   if (!cookie) return {};
   return { cookie };
 }