KEYCLOAK AUTH FIX: Phase 4b - Additional File Endpoints

**UPDATED ENDPOINTS (3 additional):**
- files/list-with-attachments.ts (CRITICAL: was using old auth)
- files/proxy-preview.ts (SECURITY ISSUE: had NO auth)
- files/proxy-download.ts (SECURITY ISSUE: had NO auth)

**AUTHENTICATION:** All now support dual auth:
- x-tag header (webhooks/external calls)
- Keycloak session (logged-in users)

**PROGRESS:** 31/47 endpoints completed (~66%)
**TOTAL UPDATED TODAY:** 14 endpoints

**READY TO CONTINUE:** Remaining 16 endpoints need updating

server/api/files/list-with-attachments.ts

@@ -1,11 +1,9 @@
+import { requireAuth } from '~/server/utils/auth';
 import { Client } from 'minio';
 
 export default defineEventHandler(async (event) => {
-  const xTagHeader = getRequestHeader(event, "x-tag");
-  
-  if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
-    throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
-  }
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
   
   try {
     const query = getQuery(event);

server/api/files/proxy-download.ts

@@ -1,6 +1,10 @@
+import { requireAuth } from '~/server/utils/auth';
 import { getMinioClient } from '~/server/utils/minio';
 
 export default defineEventHandler(async (event) => {
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
+  
   try {
     const query = getQuery(event);
     const fileName = query.fileName as string;

server/api/files/proxy-preview.ts

@@ -1,7 +1,11 @@
+import { requireAuth } from '~/server/utils/auth';
 import { getMinioClient } from '~/server/utils/minio';
 import mime from 'mime-types';
 
 export default defineEventHandler(async (event) => {
+  // Check authentication (x-tag header OR Keycloak session)
+  await requireAuth(event);
+  
   try {
     const query = getQuery(event);
     const fileName = query.fileName as string;