fix: address code review findings for analytics and security

web/src/hooks/use-activity-stats.ts

@@ -25,7 +25,12 @@ export function useActivityStats(): UseActivityStatsResult {
     const fetchActivity = async () => {
         setLoading(true);
         try {
-            const response = await fetch("/api/stats/activity");
+            const token = (window as any).AURORA_ENV?.ADMIN_TOKEN;
+            const response = await fetch("/api/stats/activity", {
+                headers: {
+                    "Authorization": `Bearer ${token}`
+                }
+            });
             if (!response.ok) throw new Error(`HTTP error! status: ${response.status}`);
             const jsonData = await response.json();
             setData(jsonData);