Describe the bug
The app uses JWT authentication — login saves a token to localStorage.
But the history page fetches /api/history with no Authorization header:
const response = await fetch(`${apiUrl}/api/history`);This means either:
- All patient records are publicly accessible without login, or
- The request is silently rejected and the table shows empty
Both are broken — one is a security risk, one is a silent failure.
Where is it happening
src/app/history/page.tsx — fetchHistory function
Expected behavior
The JWT token from localStorage should be sent with every authenticated request.
I would like to work on this issue under GSSoC.
Thank you.
Describe the bug
The app uses JWT authentication — login saves a token to localStorage.
But the history page fetches
/api/historywith no Authorization header:This means either:
Both are broken — one is a security risk, one is a silent failure.
Where is it happening
src/app/history/page.tsx—fetchHistoryfunctionExpected behavior
The JWT token from localStorage should be sent with every authenticated request.
I would like to work on this issue under GSSoC.
Thank you.