From 6f5be86a02473d220d5dac017ddfb22162a2517b Mon Sep 17 00:00:00 2001
From: anonpenguin23 <rimrh1o0@tuta.com>
Date: Wed, 29 Oct 2025 14:17:26 +0200
Subject: [PATCH] Update HttpClient to support API key usage for both database
 and pubsub operations; enhance request header logging to include pubsub paths
 for better debugging.

---
 src/core/http.ts | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/core/http.ts b/src/core/http.ts
index d153824..08a14c3 100644
--- a/src/core/http.ts
+++ b/src/core/http.ts
@@ -54,12 +54,13 @@ export class HttpClient {
   private getAuthHeaders(path: string): Record<string, string> {
     const headers: Record<string, string> = {};
 
-    // For database operations, ONLY use API key to avoid JWT user context
+    // For database and pubsub operations, ONLY use API key to avoid JWT user context
     // interfering with namespace-level authorization
     const isDbOperation = path.includes("/v1/rqlite/");
+    const isPubSubOperation = path.includes("/v1/pubsub/");
 
-    if (isDbOperation) {
-      // For database operations: use only API key (preferred for namespace operations)
+    if (isDbOperation || isPubSubOperation) {
+      // For database/pubsub operations: use only API key (preferred for namespace operations)
       if (this.apiKey) {
         headers["X-API-Key"] = this.apiKey;
       } else if (this.jwt) {
@@ -114,7 +115,8 @@ export class HttpClient {
       typeof console !== "undefined" &&
       (path.includes("/db/") ||
         path.includes("/query") ||
-        path.includes("/auth/"))
+        path.includes("/auth/") ||
+        path.includes("/pubsub/"))
     ) {
       console.log("[HttpClient] Request headers for", path, {
         hasAuth: !!headers["Authorization"],