frontend: attach auth credentials to all API requests

Add Authorization Bearer header to all fetch calls (apps, stream
start). Handle 401 responses by clearing token and redirecting to
login. Pass stream_token from the stream start response through to
the WebTransport URL as a query parameter for proxy authentication.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

frontend/src/routes/getStreamData.ts

@@ -1,8 +1,11 @@
+import { getToken, handleUnauthorized } from './stores/authStore.svelte';
+
 type StreamData = {
   Url: string,
   CertHash: Array<number>,
   Width: number,
   Height: number,
+  StreamToken: string,
 }
 
 export async function getStreamData(appId: number, server_name: string): Promise<StreamData> {
@@ -34,10 +37,16 @@ export async function getStreamData(appId: number, server_name: string): Promise
       method: 'POST',
       headers: {
         'Content-Type': 'application/json',
+        'Authorization': `Bearer ${getToken()}`,
       },
       body: JSON.stringify(payload)
     });
 
+    if (response.status === 401) {
+      handleUnauthorized();
+      throw new Error('Unauthorized');
+    }
+
     if (!response.ok) {
       throw new Error(`HTTP error! status: ${response.status}: ${await response.text()}`);
     }
@@ -45,15 +54,17 @@ export async function getStreamData(appId: number, server_name: string): Promise
     const streamDataResp = await response.json();
     console.log('Stream started:', streamDataResp);
 
-    let streamData: StreamData = { Url: streamDataResp.url, CertHash: streamDataResp.cert_hash, Width: width, Height: height };
+    let streamData: StreamData = {
+      Url: streamDataResp.url,
+      CertHash: streamDataResp.cert_hash,
+      Width: width,
+      Height: height,
+      StreamToken: streamDataResp.stream_token,
+    };
     return streamData;
 
-
   } catch (error) {
     console.error('Error getting stream data: ', error);
     throw new Error('Failed to start stream: ' + error);
   }
 }
-
-
-