From 09dd315c5ffbc8e7faf49e01cdf700cd9d7ae4f7 Mon Sep 17 00:00:00 2001
From: posimai <posimai.project@gmail.com>
Date: Sat, 11 Apr 2026 00:05:24 +0900
Subject: [PATCH] fix: move Atlas scan tokens from query params to
 Authorization header
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

github-scan / vercel-scan / tailscale-scan の3エンドポイントで
?token=... 方式を廃止し Authorization: Bearer <token> ヘッダーへ移行。
サーバーログ・ブラウザ履歴へのトークン露出を防ぐ。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 index.html | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/index.html b/index.html
index 88c43b4..5167881 100644
--- a/index.html
+++ b/index.html
@@ -2314,7 +2314,7 @@ async function runTailscaleScan() {
 
     try {
         const apiBase = 'https://api.soar-enrich.com/brain/api';
-        const res = await fetch(`${apiBase}/atlas/tailscale-scan?token=${encodeURIComponent(token)}`);
+        const res = await fetch(`${apiBase}/atlas/tailscale-scan`, { headers: { Authorization: `Bearer ${token}` } });
         if (!res.ok) {
             const err = await res.json().catch(() => ({ error: `HTTP ${res.status}` }));
             throw new Error(err.error || `HTTP ${res.status}`);
@@ -2380,8 +2380,8 @@ async function runGithubScan() {
 
     try {
         const apiBase = 'https://api.soar-enrich.com/brain/api';
-        const url = `${apiBase}/atlas/github-scan?token=${encodeURIComponent(token)}${org ? '&org=' + encodeURIComponent(org) : ''}`;
-        const res = await fetch(url);
+        const url = `${apiBase}/atlas/github-scan${org ? '?org=' + encodeURIComponent(org) : ''}`;
+        const res = await fetch(url, { headers: { Authorization: `Bearer ${token}` } });
         if (!res.ok) { const e = await res.json().catch(() => ({})); throw new Error(e.error || `HTTP ${res.status}`); }
         const raw = await res.json();
         const repos = Array.isArray(raw) ? raw : (raw.repos || []);
@@ -2442,7 +2442,7 @@ async function runVercelScan() {
 
     try {
         const apiBase = 'https://api.soar-enrich.com/brain/api';
-        const res = await fetch(`${apiBase}/atlas/vercel-scan?token=${encodeURIComponent(token)}`);
+        const res = await fetch(`${apiBase}/atlas/vercel-scan`, { headers: { Authorization: `Bearer ${token}` } });
         if (!res.ok) { const e = await res.json().catch(() => ({})); throw new Error(e.error || `HTTP ${res.status}`); }
         const data = await res.json();
         const projects = data.projects || [];