From 79d24a327e2bc5d918d790c42de7fb71e08597b5 Mon Sep 17 00:00:00 2001
From: Jeff Emmett <jeffemmett@gmail.com>
Date: Sun, 12 Apr 2026 22:06:22 -0400
Subject: [PATCH] =?UTF-8?q?fix(rnotes):=20fix=20vault=20upload=20=E2=80=94?=
 =?UTF-8?q?=20field=20name=20mismatch=20and=20missing=20auth=20header?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The upload form sent the file as "vault" but the server expected "file",
causing all uploads to fail with 400. Also added the encryptid JWT token
to the upload request so authenticated routes don't return 401.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 modules/rnotes/components/folk-notes-app.ts | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/modules/rnotes/components/folk-notes-app.ts b/modules/rnotes/components/folk-notes-app.ts
index 0e0f4ce7..6c65e0f5 100644
--- a/modules/rnotes/components/folk-notes-app.ts
+++ b/modules/rnotes/components/folk-notes-app.ts
@@ -268,7 +268,12 @@ export class FolkNotesApp extends HTMLElement {
 		this._render();
 		try {
 			const base = this._getApiBase();
-			const res = await fetch(`${base}/api/vault/upload`, { method: 'POST', body: fd });
+			const token = localStorage.getItem('encryptid-token');
+			const res = await fetch(`${base}/api/vault/upload`, {
+				method: 'POST',
+				body: fd,
+				headers: token ? { 'Authorization': `Bearer ${token}` } : {},
+			});
 			const data = await res.json();
 			if (res.ok) {
 				this._uploadStatus = `Vault uploaded: ${data.name ?? 'done'}`;
@@ -534,7 +539,7 @@ ${this._uploadOpen ? this._renderUploadDialog() : ''}
 			</div>
 			<div class="field">
 				<label>Vault ZIP File</label>
-				<input type="file" name="vault" accept=".zip" required>
+				<input type="file" name="file" accept=".zip" required>
 			</div>
 			<div class="status-msg" id="upload-status">${escHtml(this._uploadStatus)}</div>
 			<div class="dialog-actions">