Title: Gmail & Outlook integrations fail internally due to missing JWT token forwarding to ML API
Description: The Flask endpoints /gmail/callback, /gmail/emails, /outlook/callback, /outlook/emails, and /scan-emails are protected by the @jwt_required() decorator. However, the Node.js Express Gateway calls these endpoints using axios without forwarding the JWT token in the Authorization header, sending only X-User-Username.
Steps to Reproduce:
Connect Gmail/Outlook account through the frontend dashboard.
Trigger an email scan request.
The Express gateway logs 401 Unauthorized returned by the Flask API because the Flask app expects a JWT token that was never sent.
Proposed Fix: Since the Flask app is an internal service protected by the Express Gateway, remove the @jwt_required() decorator from internal endpoints in
backend/api.py
and read the username directly from the X-User-Username header:
python
In backend/api.py
username = request.headers.get("X-User-Username")
Title: Gmail & Outlook integrations fail internally due to missing JWT token forwarding to ML API
Description: The Flask endpoints /gmail/callback, /gmail/emails, /outlook/callback, /outlook/emails, and /scan-emails are protected by the @jwt_required() decorator. However, the Node.js Express Gateway calls these endpoints using axios without forwarding the JWT token in the Authorization header, sending only X-User-Username.
Steps to Reproduce:
Connect Gmail/Outlook account through the frontend dashboard.
Trigger an email scan request.
The Express gateway logs 401 Unauthorized returned by the Flask API because the Flask app expects a JWT token that was never sent.
Proposed Fix: Since the Flask app is an internal service protected by the Express Gateway, remove the @jwt_required() decorator from internal endpoints in
backend/api.py
and read the username directly from the X-User-Username header:
python
In backend/api.py
username = request.headers.get("X-User-Username")