FIX: Authentication for Keycloak - Phase 1

Updated core interest management endpoints:
-  server/api/create-interest.ts
-  server/api/update-interest.ts
-  server/api/delete-interest.ts
-  Created server/utils/auth.ts with dual auth support

 Next: Update ALL remaining API endpoints systematically

server/api/create-interest.ts

@@ -1,13 +1,11 @@
 import { createInterest } from "../utils/nocodb";
+import { requireAuth } from "../utils/auth";
 
 export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
-  console.log('[create-interest] Request received with x-tag:', xTagHeader);
+  console.log('[create-interest] Request received');
 
-  if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
-    console.error('[create-interest] Authentication failed - invalid x-tag:', xTagHeader);
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
 
   try {
     const body = await readBody(event);

server/api/debug/nocodb-config.ts

@@ -0,0 +1,22 @@
+export default defineEventHandler(async (event) => {
+  try {
+    const config = useRuntimeConfig().nocodb;
+    
+    return {
+      success: true,
+      config: {
+        url: config.url,
+        hasToken: !!config.token,
+        tokenPrefix: config.token ? config.token.substring(0, 8) + '...' : 'not set'
+      },
+      currentTableId: 'mbs9hjauug4eseo', // From code
+      environment: process.env.NODE_ENV || 'unknown'
+    }
+  } catch (error) {
+    console.error('[DEBUG] NocoDB config error:', error)
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : 'Unknown error'
+    }
+  }
+})

server/api/delete-interest.ts

@@ -1,17 +1,13 @@
 import { deleteInterest, getInterestById } from '~/server/utils/nocodb';
+import { requireAuth } from '~/server/utils/auth';
 
 export default defineEventHandler(async (event) => {
   const startTime = Date.now();
-  const xTagHeader = getRequestHeader(event, "x-tag");
   console.log('[delete-interest] =========================');
   console.log('[delete-interest] Request received at:', new Date().toISOString());
-  console.log('[delete-interest] x-tag:', xTagHeader);
 
-  if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
-    console.error('[delete-interest] Authentication failed - invalid x-tag:', xTagHeader);
-    console.log('[delete-interest] Duration:', Date.now() - startTime, 'ms');
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
 
   try {
     const body = await readBody(event);

server/api/update-interest.ts

@@ -1,13 +1,11 @@
 import { updateInterest } from '~/server/utils/nocodb';
+import { requireAuth } from '~/server/utils/auth';
 
 export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
-  console.log('[update-interest] Request received with x-tag:', xTagHeader);
+  console.log('[update-interest] Request received');
 
-  if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
-    console.error('[update-interest] Authentication failed - invalid x-tag:', xTagHeader);
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
 
   try {
     const body = await readBody(event);