FEAT: Implement authenticated internal API call utility to forward cookies and enhance authentication handling

server/api/email/generate-eoi-document.ts

@@ -174,13 +174,15 @@ export default defineEventHandler(async (event) => {
       });
     }
 
-    // Get linked berths - use the same auth as this request (either x-tag or session)
-    const xTagHeader = getRequestHeader(event, "x-tag");
+    // Get linked berths - forward the authentication cookies for internal API call
+    const cookies = getRequestHeader(event, "cookie");
     const requestHeaders: Record<string, string> = {};
-    if (xTagHeader) {
-      requestHeaders["x-tag"] = xTagHeader;
+    if (cookies) {
+      requestHeaders["cookie"] = cookies;
     }
     
+    console.log('[generate-eoi] Making internal API call to get-interest-berths with forwarded cookies');
+    
     const berthsResponse = await $fetch<{ list: Array<{ 'Mooring Number': string }> }>(
       "/api/get-interest-berths",
       {

server/api/eoi/upload-document.ts

@@ -125,9 +125,16 @@ export default defineEventHandler(async (event) => {
     console.log('[EOI Upload] Status update data:', JSON.stringify(updateData, null, 2));
     
     try {
-      // Update the interest - using internal server call (no auth headers needed)
+      // Update the interest - forward authentication cookies for internal API call
+      const cookies = getRequestHeader(event, "cookie");
+      const requestHeaders: Record<string, string> = {};
+      if (cookies) {
+        requestHeaders["cookie"] = cookies;
+      }
+      
       await $fetch('/api/update-interest', {
         method: 'POST',
+        headers: requestHeaders,
         body: {
           id: interestId,
           data: updateData
@@ -156,10 +163,17 @@ export default defineEventHandler(async (event) => {
   }
 });
 
-async function getCurrentSalesLevel(interestId: string): Promise<string> {
+async function getCurrentSalesLevel(interestId: string, event: any): Promise<string> {
   try {
-    // Using internal server call (no auth headers needed)
+    // Forward authentication cookies for internal API call
+    const cookies = getRequestHeader(event, "cookie");
+    const requestHeaders: Record<string, string> = {};
+    if (cookies) {
+      requestHeaders["cookie"] = cookies;
+    }
+    
     const interest = await $fetch(`/api/get-interest-by-id`, {
+      headers: requestHeaders,
       params: {
         id: interestId,
       },

server/utils/internal-api.ts

@@ -0,0 +1,71 @@
+/**
+ * Utility for making authenticated internal API calls
+ * Automatically forwards authentication cookies to prevent auth failures
+ */
+
+/**
+ * Make an internal API call with forwarded authentication
+ * @param event - The current event context
+ * @param url - The API endpoint URL
+ * @param options - Fetch options (method, body, etc.)
+ */
+export async function $internalFetch<T = any>(
+  event: any,
+  url: string,
+  options: {
+    method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
+    body?: any;
+    params?: Record<string, any>;
+    headers?: Record<string, string>;
+  } = {}
+): Promise<T> {
+  // Forward authentication cookies from the original request
+  const cookies = getRequestHeader(event, "cookie");
+  const requestHeaders: Record<string, string> = {
+    ...options.headers,
+  };
+  
+  if (cookies) {
+    requestHeaders["cookie"] = cookies;
+  }
+
+  console.log(`[INTERNAL_API] Making authenticated internal call to: ${url}`);
+
+  return await $fetch(url, {
+    ...options,
+    headers: requestHeaders,
+  }) as T;
+}
+
+/**
+ * Helper for internal API calls that require POST with JSON body
+ */
+export async function $internalPost<T = any>(
+  event: any,
+  url: string,
+  body: any,
+  additionalHeaders: Record<string, string> = {}
+): Promise<T> {
+  return $internalFetch<T>(event, url, {
+    method: 'POST',
+    body,
+    headers: {
+      'Content-Type': 'application/json',
+      ...additionalHeaders,
+    },
+  });
+}
+
+/**
+ * Helper for internal API calls that require GET with query params
+ */
+export async function $internalGet<T = any>(
+  event: any,
+  url: string,
+  params: Record<string, any> = {}
+): Promise<T> {
+  return $internalFetch<T>(event, url, {
+    method: 'GET',
+    params,
+  });
+}