KEYCLOAK AUTH FIX: Phase 3 - Webhook & EOI Endpoints

**UPDATED ENDPOINTS (17/41 total):**
9. eoi-send-to-sales.ts
10. request-more-info-to-sales.ts
11. request-more-information.ts
12. eoi/upload-document.ts
13. eoi/validate-document.ts
14. eoi/check-signature-status.ts

 **AUTHENTICATION:** All support dual auth:
-  x-tag header (webhooks/external calls)
-  Keycloak session (logged-in users)

 **PROGRESS:** 17/41 endpoints completed (41%)
 **NEXT:** Continue with remaining EOI, Email, Files endpoints

 **CRITICAL:** This should RESOLVE the 400 Bad Request errors
when using webhooks after Keycloak authentication!

server/api/eoi-send-to-sales.ts

@@ -1,9 +1,11 @@
-export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
+import { getInterestById, updateInterest, triggerWebhook } from "../utils/nocodb";
+import { requireAuth } from "../utils/auth";
 
-  if (!xTagHeader || xTagHeader !== "094ut234") {
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
+export default defineEventHandler(async (event) => {
+  console.log('[eoi-send-to-sales] Request received');
+
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
 
   try {
     const body = await readBody(event);

server/api/eoi/check-signature-status.ts

@@ -1,13 +1,13 @@
 import { getDocumesoDocumentByExternalId, checkDocumentSignatureStatus } from '~/server/utils/documeso';
 import { getInterestById, updateInterest } from '~/server/utils/nocodb';
+import { requireAuth } from '~/server/utils/auth';
 import type { InterestSalesProcessLevel, EOIStatus } from '~/utils/types';
 
 export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
+  console.log('[check-signature-status] Request received');
 
-  if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
 
   try {
     const query = getQuery(event);

server/api/eoi/upload-document.ts

@@ -1,18 +1,15 @@
 import { uploadFile, createBucketIfNotExists, getMinioClient } from '~/server/utils/minio';
 import { updateInterestEOIDocument } from '~/server/utils/nocodb';
+import { requireAuth } from '~/server/utils/auth';
 import formidable from 'formidable';
 import { promises as fs } from 'fs';
 import mime from 'mime-types';
 
 export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
+  console.log('[EOI Upload] Request received');
 
-  console.log('[EOI Upload] Request received with x-tag:', xTagHeader);
-
-  if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
-    console.error('[EOI Upload] Authentication failed - invalid x-tag');
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
 
   try {
     // Get interestId from query params
@@ -128,12 +125,9 @@ export default defineEventHandler(async (event) => {
     console.log('[EOI Upload] Status update data:', JSON.stringify(updateData, null, 2));
     
     try {
-      // Update the interest
+      // Update the interest - using internal server call (no auth headers needed)
       await $fetch('/api/update-interest', {
         method: 'POST',
-        headers: {
-          'x-tag': xTagHeader,
-        },
         body: {
           id: interestId,
           data: updateData
@@ -164,10 +158,8 @@ export default defineEventHandler(async (event) => {
 
 async function getCurrentSalesLevel(interestId: string): Promise<string> {
   try {
+    // Using internal server call (no auth headers needed)
     const interest = await $fetch(`/api/get-interest-by-id`, {
-      headers: {
-        'x-tag': '094ut234',
-      },
       params: {
         id: interestId,
       },

server/api/eoi/validate-document.ts

@@ -1,16 +1,13 @@
 import { getInterestById, updateInterest } from '~/server/utils/nocodb';
 import { getDocumesoDocument } from '~/server/utils/documeso';
+import { requireAuth } from '~/server/utils/auth';
 import type { InterestSalesProcessLevel, EOIStatus } from '~/utils/types';
 
 export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
+  console.log('[Validate Document] Request received');
 
-  console.log('[Validate Document] Request received with x-tag:', xTagHeader);
-
-  if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
-    console.error('[Validate Document] Authentication failed - invalid x-tag');
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
 
   try {
     const query = getQuery(event);

server/api/request-more-info-to-sales.ts

@@ -1,9 +1,11 @@
-export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
+import { getInterestById, updateInterest, triggerWebhook } from "../utils/nocodb";
+import { requireAuth } from "../utils/auth";
 
-  if (!xTagHeader || xTagHeader !== "094ut234") {
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
+export default defineEventHandler(async (event) => {
+  console.log('[request-more-info-to-sales] Request received');
+
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
 
   try {
     const body = await readBody(event);

server/api/request-more-information.ts

@@ -1,9 +1,11 @@
-export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
+import { getInterestById, updateInterest, triggerWebhook } from "../utils/nocodb";
+import { requireAuth } from "../utils/auth";
 
-  if (!xTagHeader || xTagHeader !== "094ut234") {
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
+export default defineEventHandler(async (event) => {
+  console.log('[request-more-information] Request received');
+
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
 
   try {
     const body = await readBody(event);