FIX: Authentication for Keycloak - Phase 1

Updated core interest management endpoints:
-  server/api/create-interest.ts
-  server/api/update-interest.ts
-  server/api/delete-interest.ts
-  Created server/utils/auth.ts with dual auth support

 Next: Update ALL remaining API endpoints systematically

server/utils/auth.ts

@@ -0,0 +1,37 @@
+/**
+ * Check if the request is authenticated via either:
+ * 1. x-tag header (for webhooks/external calls)
+ * 2. Keycloak session (for logged-in users)
+ */
+export const isAuthenticated = async (event: any): Promise<boolean> => {
+  // Check x-tag header authentication (existing method)
+  const xTagHeader = getRequestHeader(event, "x-tag");
+  if (xTagHeader && (xTagHeader === "094ut234" || xTagHeader === "pjnvü1230")) {
+    console.log('[auth] Authenticated via x-tag header');
+    return true;
+  }
+
+  // Check Keycloak session authentication
+  try {
+    const keycloakSession = getCookie(event, 'keycloak-session');
+    if (keycloakSession) {
+      console.log('[auth] Authenticated via Keycloak session');
+      return true;
+    }
+  } catch (error) {
+    console.log('[auth] Keycloak session check failed:', error);
+  }
+
+  console.log('[auth] No valid authentication found');
+  return false;
+}
+
+export const requireAuth = async (event: any) => {
+  const authenticated = await isAuthenticated(event);
+  if (!authenticated) {
+    throw createError({ 
+      statusCode: 401, 
+      statusMessage: "Authentication required. Please provide x-tag header or valid session." 
+    });
+  }
+}