Fix: Use content script for authenticated transaction sync

- Add steamledgerContentScript.js to handle API calls with session cookies
- Content scripts on localhost:3000 can access Better Auth session
- Background script sends message to content script when possible
- Fallback to direct fetch if no SteamLedger tab is open
- Add localhost:3000 to host_permissions and content_scripts
- Fixes: 'Please login to sync transactions' auth error

Author: rainerstudios

background.js

@@ -1058,6 +1058,31 @@ chrome.runtime.onMessage.addListener((request, sender, sendResponse) => {
     return true; // Keep message channel open
   }
 
+  /**
+   * Helper function to fetch transaction import directly (without content script)
+   * May fail if session cookies aren't accessible
+   */
+  async function fetchTransactionImportDirect(marketData) {
+    const importResponse = await fetch(`${API_BASE_URL}/api/transactions/import`, {
+      method: 'POST',
+      credentials: 'include',
+      headers: {
+        'Content-Type': 'application/json'
+      },
+      body: JSON.stringify(marketData)
+    });
+
+    if (!importResponse.ok) {
+      const errorData = await importResponse.json().catch(() => ({}));
+      return {
+        success: false,
+        error: errorData.message || `Backend returned ${importResponse.status}`
+      };
+    }
+
+    return await importResponse.json();
+  }
+
   // Handle manual transaction sync from popup
   if (request.type === 'SYNC_TRANSACTIONS_MANUAL') {
     (async () => {
@@ -1119,22 +1144,35 @@ chrome.runtime.onMessage.addListener((request, sender, sendResponse) => {
           return;
         }
 
-        // Send to SteamLedger backend
-        const importResponse = await fetch(`${API_BASE_URL}/api/transactions/import`, {
-          method: 'POST',
-          credentials: 'include',
-          headers: {
-            'Content-Type': 'application/json'
-          },
-          body: JSON.stringify(marketData)
-        });
+        // Send to SteamLedger backend via content script
+        // Content scripts on localhost:3000 can access session cookies
+        const tabs = await chrome.tabs.query({ url: `${API_BASE_URL}/*` });
+
+        let result;
+        if (tabs.length > 0) {
+          // Website tab is open - use content script for authenticated request
+          console.log('[Background] Found SteamLedger tab, using content script for auth');
+
+          try {
+            result = await chrome.tabs.sendMessage(tabs[0].id, {
+              type: 'IMPORT_TRANSACTIONS',
+              marketData: marketData
+            });
+          } catch (error) {
+            console.warn('[Background] Content script not responding, trying direct fetch');
+            // Fallback to direct fetch
+            result = await fetchTransactionImportDirect(marketData);
+          }
+        } else {
+          // No website tab open - try direct fetch (may fail if not authenticated)
+          console.log('[Background] No SteamLedger tab open, trying direct fetch');
+          result = await fetchTransactionImportDirect(marketData);
+        }
 
-        if (!importResponse.ok) {
-          const errorData = await importResponse.json().catch(() => ({}));
-          throw new Error(errorData.message || `Backend returned ${importResponse.status}`);
+        if (!result.success) {
+          throw new Error(result.error || result.message || 'Failed to import transactions');
         }
 
-        const result = await importResponse.json();
         console.log('[Background] Import result:', result);
 
         // Store synced transactions count

manifest.json

@@ -20,7 +20,8 @@
     "https://cs2floatchecker.com/*",
     "https://api.cs2floatchecker.com/*",
     "https://steamledger.com/*",
-    "https://api.steamledger.com/*"
+    "https://api.steamledger.com/*",
+    "http://localhost:3000/*"
   ],
   "externally_connectable": {
     "matches": [
@@ -47,6 +48,14 @@
       "js": ["lib/marketIntelligence.js", "lib/inventoryEnhancer.js", "src/infiniteScroll.js", "src/buff163Integration.js", "src/item3DPreview.js", "src/tradeProtectionDisplay.js", "src/floatRarityDisplay.js", "src/multiMarketPricing.js", "src/watchlistButton.js", "src/transactionMonitor.js", "content.js"],
       "css": ["styles/main.css", "styles/inventory.css"],
       "run_at": "document_idle"
+    },
+    {
+      "matches": [
+        "http://localhost:3000/*",
+        "https://steamledger.com/*"
+      ],
+      "js": ["src/steamledgerContentScript.js"],
+      "run_at": "document_idle"
     }
   ],
   "action": {

src/steamledgerContentScript.js

@@ -0,0 +1,50 @@
+/**
+ * Content script for SteamLedger website (localhost:3000)
+ * Handles transaction import with proper session cookie access
+ */
+
+console.log('[SteamLedger Content Script] Loaded');
+
+// Listen for messages from background script
+chrome.runtime.onMessage.addListener((request, sender, sendResponse) => {
+  if (request.type === 'IMPORT_TRANSACTIONS') {
+    console.log('[SteamLedger Content Script] Received IMPORT_TRANSACTIONS request');
+
+    // Make authenticated API call with session cookies
+    (async () => {
+      try {
+        const response = await fetch('/api/transactions/import', {
+          method: 'POST',
+          credentials: 'include', // Include session cookies
+          headers: {
+            'Content-Type': 'application/json'
+          },
+          body: JSON.stringify(request.marketData)
+        });
+
+        if (!response.ok) {
+          const errorData = await response.json().catch(() => ({}));
+          console.error('[SteamLedger Content Script] Import failed:', errorData);
+          sendResponse({
+            success: false,
+            error: errorData.message || `API returned ${response.status}`
+          });
+          return;
+        }
+
+        const result = await response.json();
+        console.log('[SteamLedger Content Script] Import successful:', result);
+        sendResponse(result);
+
+      } catch (error) {
+        console.error('[SteamLedger Content Script] Error:', error);
+        sendResponse({
+          success: false,
+          error: error.message
+        });
+      }
+    })();
+
+    return true; // Keep message channel open for async response
+  }
+});