diff --git a/server/api/eoi-send-to-sales.ts b/server/api/eoi-send-to-sales.ts index 6cfa971..67086b3 100644 --- a/server/api/eoi-send-to-sales.ts +++ b/server/api/eoi-send-to-sales.ts @@ -1,9 +1,11 @@ -export default defineEventHandler(async (event) => { - const xTagHeader = getRequestHeader(event, "x-tag"); +import { getInterestById, updateInterest, triggerWebhook } from "../utils/nocodb"; +import { requireAuth } from "../utils/auth"; - if (!xTagHeader || xTagHeader !== "094ut234") { - throw createError({ statusCode: 401, statusMessage: "unauthenticated" }); - } +export default defineEventHandler(async (event) => { + console.log('[eoi-send-to-sales] Request received'); + + // Check authentication (x-tag header OR Keycloak session) + await requireAuth(event); try { const body = await readBody(event); diff --git a/server/api/eoi/check-signature-status.ts b/server/api/eoi/check-signature-status.ts index 992748e..f47a903 100644 --- a/server/api/eoi/check-signature-status.ts +++ b/server/api/eoi/check-signature-status.ts @@ -1,13 +1,13 @@ import { getDocumesoDocumentByExternalId, checkDocumentSignatureStatus } from '~/server/utils/documeso'; import { getInterestById, updateInterest } from '~/server/utils/nocodb'; +import { requireAuth } from '~/server/utils/auth'; import type { InterestSalesProcessLevel, EOIStatus } from '~/utils/types'; export default defineEventHandler(async (event) => { - const xTagHeader = getRequestHeader(event, "x-tag"); + console.log('[check-signature-status] Request received'); - if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) { - throw createError({ statusCode: 401, statusMessage: "unauthenticated" }); - } + // Check authentication (x-tag header OR Keycloak session) + await requireAuth(event); try { const query = getQuery(event); diff --git a/server/api/eoi/upload-document.ts b/server/api/eoi/upload-document.ts index b1c4195..bbc3c4f 100644 --- a/server/api/eoi/upload-document.ts +++ b/server/api/eoi/upload-document.ts @@ -1,18 +1,15 @@ import { uploadFile, createBucketIfNotExists, getMinioClient } from '~/server/utils/minio'; import { updateInterestEOIDocument } from '~/server/utils/nocodb'; +import { requireAuth } from '~/server/utils/auth'; import formidable from 'formidable'; import { promises as fs } from 'fs'; import mime from 'mime-types'; export default defineEventHandler(async (event) => { - const xTagHeader = getRequestHeader(event, "x-tag"); + console.log('[EOI Upload] Request received'); - console.log('[EOI Upload] Request received with x-tag:', xTagHeader); - - if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) { - console.error('[EOI Upload] Authentication failed - invalid x-tag'); - throw createError({ statusCode: 401, statusMessage: "unauthenticated" }); - } + // Check authentication (x-tag header OR Keycloak session) + await requireAuth(event); try { // Get interestId from query params @@ -128,12 +125,9 @@ export default defineEventHandler(async (event) => { console.log('[EOI Upload] Status update data:', JSON.stringify(updateData, null, 2)); try { - // Update the interest + // Update the interest - using internal server call (no auth headers needed) await $fetch('/api/update-interest', { method: 'POST', - headers: { - 'x-tag': xTagHeader, - }, body: { id: interestId, data: updateData @@ -164,10 +158,8 @@ export default defineEventHandler(async (event) => { async function getCurrentSalesLevel(interestId: string): Promise { try { + // Using internal server call (no auth headers needed) const interest = await $fetch(`/api/get-interest-by-id`, { - headers: { - 'x-tag': '094ut234', - }, params: { id: interestId, }, diff --git a/server/api/eoi/validate-document.ts b/server/api/eoi/validate-document.ts index b71cc2f..c9205d7 100644 --- a/server/api/eoi/validate-document.ts +++ b/server/api/eoi/validate-document.ts @@ -1,16 +1,13 @@ import { getInterestById, updateInterest } from '~/server/utils/nocodb'; import { getDocumesoDocument } from '~/server/utils/documeso'; +import { requireAuth } from '~/server/utils/auth'; import type { InterestSalesProcessLevel, EOIStatus } from '~/utils/types'; export default defineEventHandler(async (event) => { - const xTagHeader = getRequestHeader(event, "x-tag"); + console.log('[Validate Document] Request received'); - console.log('[Validate Document] Request received with x-tag:', xTagHeader); - - if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) { - console.error('[Validate Document] Authentication failed - invalid x-tag'); - throw createError({ statusCode: 401, statusMessage: "unauthenticated" }); - } + // Check authentication (x-tag header OR Keycloak session) + await requireAuth(event); try { const query = getQuery(event); diff --git a/server/api/request-more-info-to-sales.ts b/server/api/request-more-info-to-sales.ts index 3058d20..80d28a3 100644 --- a/server/api/request-more-info-to-sales.ts +++ b/server/api/request-more-info-to-sales.ts @@ -1,9 +1,11 @@ -export default defineEventHandler(async (event) => { - const xTagHeader = getRequestHeader(event, "x-tag"); +import { getInterestById, updateInterest, triggerWebhook } from "../utils/nocodb"; +import { requireAuth } from "../utils/auth"; - if (!xTagHeader || xTagHeader !== "094ut234") { - throw createError({ statusCode: 401, statusMessage: "unauthenticated" }); - } +export default defineEventHandler(async (event) => { + console.log('[request-more-info-to-sales] Request received'); + + // Check authentication (x-tag header OR Keycloak session) + await requireAuth(event); try { const body = await readBody(event); diff --git a/server/api/request-more-information.ts b/server/api/request-more-information.ts index 840144d..c28a230 100644 --- a/server/api/request-more-information.ts +++ b/server/api/request-more-information.ts @@ -1,9 +1,11 @@ -export default defineEventHandler(async (event) => { - const xTagHeader = getRequestHeader(event, "x-tag"); +import { getInterestById, updateInterest, triggerWebhook } from "../utils/nocodb"; +import { requireAuth } from "../utils/auth"; - if (!xTagHeader || xTagHeader !== "094ut234") { - throw createError({ statusCode: 401, statusMessage: "unauthenticated" }); - } +export default defineEventHandler(async (event) => { + console.log('[request-more-information] Request received'); + + // Check authentication (x-tag header OR Keycloak session) + await requireAuth(event); try { const body = await readBody(event);