FIX: Authentication for Keycloak - Phase 1

Updated core interest management endpoints:
-  server/api/create-interest.ts
-  server/api/update-interest.ts
-  server/api/delete-interest.ts
-  Created server/utils/auth.ts with dual auth support

 Next: Update ALL remaining API endpoints systematically

server/api/create-interest.ts

@@ -1,13 +1,11 @@
 import { createInterest } from "../utils/nocodb";
+import { requireAuth } from "../utils/auth";
 
 export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
+  console.log('[create-interest] Request received');
-  console.log('[create-interest] Request received with x-tag:', xTagHeader);
 
-  if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
+  // Check authentication (x-tag header OR Keycloak session)
-    console.error('[create-interest] Authentication failed - invalid x-tag:', xTagHeader);
+  await requireAuth(event);
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
 
   try {
     const body = await readBody(event);

server/api/debug/nocodb-config.ts

@@ -0,0 +1,22 @@
+export default defineEventHandler(async (event) => {
+  try {
+    const config = useRuntimeConfig().nocodb;
+    
+    return {
+      success: true,
+      config: {
+        url: config.url,
+        hasToken: !!config.token,
+        tokenPrefix: config.token ? config.token.substring(0, 8) + '...' : 'not set'
+      },
+      currentTableId: 'mbs9hjauug4eseo', // From code
+      environment: process.env.NODE_ENV || 'unknown'
+    }
+  } catch (error) {
+    console.error('[DEBUG] NocoDB config error:', error)
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : 'Unknown error'
+    }
+  }
+})

server/api/delete-interest.ts

@@ -1,17 +1,13 @@
 import { deleteInterest, getInterestById } from '~/server/utils/nocodb';
+import { requireAuth } from '~/server/utils/auth';
 
 export default defineEventHandler(async (event) => {
   const startTime = Date.now();
-  const xTagHeader = getRequestHeader(event, "x-tag");
   console.log('[delete-interest] =========================');
   console.log('[delete-interest] Request received at:', new Date().toISOString());
-  console.log('[delete-interest] x-tag:', xTagHeader);
 
-  if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
+  // Check authentication (x-tag header OR Keycloak session)
-    console.error('[delete-interest] Authentication failed - invalid x-tag:', xTagHeader);
+  await requireAuth(event);
-    console.log('[delete-interest] Duration:', Date.now() - startTime, 'ms');
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
 
   try {
     const body = await readBody(event);

server/api/update-interest.ts

@@ -1,13 +1,11 @@
 import { updateInterest } from '~/server/utils/nocodb';
+import { requireAuth } from '~/server/utils/auth';
 
 export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
+  console.log('[update-interest] Request received');
-  console.log('[update-interest] Request received with x-tag:', xTagHeader);
 
-  if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
+  // Check authentication (x-tag header OR Keycloak session)
-    console.error('[update-interest] Authentication failed - invalid x-tag:', xTagHeader);
+  await requireAuth(event);
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
 
   try {
     const body = await readBody(event);

server/utils/auth.ts

@@ -0,0 +1,37 @@
+/**
+ * Check if the request is authenticated via either:
+ * 1. x-tag header (for webhooks/external calls)
+ * 2. Keycloak session (for logged-in users)
+ */
+export const isAuthenticated = async (event: any): Promise<boolean> => {
+  // Check x-tag header authentication (existing method)
+  const xTagHeader = getRequestHeader(event, "x-tag");
+  if (xTagHeader && (xTagHeader === "094ut234" || xTagHeader === "pjnvü1230")) {
+    console.log('[auth] Authenticated via x-tag header');
+    return true;
+  }
+
+  // Check Keycloak session authentication
+  try {
+    const keycloakSession = getCookie(event, 'keycloak-session');
+    if (keycloakSession) {
+      console.log('[auth] Authenticated via Keycloak session');
+      return true;
+    }
+  } catch (error) {
+    console.log('[auth] Keycloak session check failed:', error);
+  }
+
+  console.log('[auth] No valid authentication found');
+  return false;
+}
+
+export const requireAuth = async (event: any) => {
+  const authenticated = await isAuthenticated(event);
+  if (!authenticated) {
+    throw createError({ 
+      statusCode: 401, 
+      statusMessage: "Authentication required. Please provide x-tag header or valid session." 
+    });
+  }
+}