matt
/
port-nimara-client-portal
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

KEYCLOAK AUTH FIX: Phase 5 - Final Batch (COMPLETE) 

**UPDATED ENDPOINTS (7 final):**
- test-eoi-cleanup.ts (updated old auth)
- eoi/send-reminders.ts (updated old auth + fixed function calls)
- eoi/delete-generated-document.ts (updated old auth)
- eoi/delete-document.ts (updated old auth + fixed function calls)
- email/test-minio-bucket.ts (updated old auth)
- email/test-connection.ts (updated old auth)
- email/process-sales-eois.ts (updated old auth)

** TASK COMPLETE - ALL 47 API ENDPOINTS UPDATED:**
 38 endpoints now use unified auth (requireAuth function)
 9 endpoints correctly remain public (auth/debug/health/test)
 Support dual auth: x-tag headers + Keycloak sessions
 Fixed 8 endpoints with NO authentication (critical security fix)
 Backward compatibility maintained for webhooks
 Dashboard users can now access all endpoints securely

**SECURITY ACHIEVEMENT:**
- Eliminated all old x-tag authentication patterns
- Unified authentication system across entire API
- Critical security vulnerabilities patched
- Production-ready authentication implementation
This commit is contained in:
Matt 2025-06-15 16:41:36 +02:00
parent 711e99d8ab
commit f4f514f1e1
7 changed files with 30 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
server/api/email/process-sales-eois.ts
View File

@ -1,3 +1,4 @@
import { requireAuth } from '~/server/utils/auth';
import { parseEmail, getIMAPConnection } from '~/server/utils/email-utils';
import { uploadFile } from '~/server/utils/minio';
import { getInterestByFieldAsync, updateInterest } from '~/server/utils/nocodb';
@ -12,11 +13,8 @@ interface ProcessedEOI {
}
export default defineEventHandler(async (event) => {
const xTagHeader = getRequestHeader(event, "x-tag");
if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
}
// Check authentication (x-tag header OR Keycloak session)
await requireAuth(event);
try {
console.log('[Process Sales EOIs] Starting email processing...');

8
server/api/email/test-connection.ts
View File

@ -1,13 +1,11 @@
import { requireAuth } from '~/server/utils/auth';
import nodemailer from 'nodemailer';
import Imap from 'imap';
import { encryptCredentials, storeCredentialsInSession } from '~/server/utils/encryption';
export default defineEventHandler(async (event) => {
const xTagHeader = getRequestHeader(event, "x-tag");
if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
}
// Check authentication (x-tag header OR Keycloak session)
await requireAuth(event);
try {
const body = await readBody(event);

8
server/api/email/test-minio-bucket.ts
View File

@ -1,11 +1,9 @@
import { requireAuth } from '~/server/utils/auth';
import { getMinioClient } from '~/server/utils/minio';
export default defineEventHandler(async (event) => {
const xTagHeader = getRequestHeader(event, "x-tag");
if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
}
// Check authentication (x-tag header OR Keycloak session)
await requireAuth(event);
try {
const query = getQuery(event);

32
server/api/eoi/delete-document.ts
View File

@ -1,14 +1,12 @@
import { requireAuth } from '~/server/utils/auth';
import { getMinioClient } from '~/server/utils/minio';
import { getInterestById, updateInterest } from '~/server/utils/nocodb';
export default defineEventHandler(async (event) => {
const xTagHeader = getRequestHeader(event, "x-tag");
// Check authentication (x-tag header OR Keycloak session)
await requireAuth(event);
console.log('[EOI Delete] Request received with x-tag:', xTagHeader);
if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
console.error('[EOI Delete] Authentication failed - invalid x-tag');
throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
}
console.log('[EOI Delete] Request received');
try {
const body = await readBody(event);
@ -25,14 +23,7 @@ export default defineEventHandler(async (event) => {
}
// Get current interest data to find EOI documents
const interest = await $fetch(`/api/get-interest-by-id`, {
headers: {
'x-tag': xTagHeader,
},
params: {
id: interestId,
},
});
const interest = await getInterestById(interestId);
const eoiDocuments = interest['EOI Document'] || [];
console.log('[EOI Delete] Found EOI documents:', eoiDocuments);
@ -72,16 +63,7 @@ export default defineEventHandler(async (event) => {
console.log('[EOI Delete] Resetting interest fields');
// Update the interest
await $fetch('/api/update-interest', {
method: 'POST',
headers: {
'x-tag': xTagHeader,
},
body: {
id: interestId,
data: updateData
}
});
await updateInterest(interestId, updateData as any);
console.log('[EOI Delete] Delete completed successfully');
return {

11
server/api/eoi/delete-generated-document.ts
View File

@ -1,16 +1,13 @@
import { requireAuth } from '~/server/utils/auth';
import { getInterestById, updateInterest } from '~/server/utils/nocodb';
import { checkDocumentSignatureStatus } from '~/server/utils/documeso';
import type { InterestSalesProcessLevel, EOIStatus } from '~/utils/types';
export default defineEventHandler(async (event) => {
const xTagHeader = getRequestHeader(event, "x-tag");
// Check authentication (x-tag header OR Keycloak session)
await requireAuth(event);
console.log('[Delete Generated EOI] Request received with x-tag:', xTagHeader);
if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
console.error('[Delete Generated EOI] Authentication failed - invalid x-tag');
throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
}
console.log('[Delete Generated EOI] Request received');
try {
const body = await readBody(event);

23
server/api/eoi/send-reminders.ts
View File

@ -1,3 +1,4 @@
import { requireAuth } from '~/server/utils/auth';
import { getDocumesoDocument, checkDocumentSignatureStatus, formatRecipientName } from '~/server/utils/documeso';
import { getInterestById } from '~/server/utils/nocodb';
import { sendEmail } from '~/server/utils/email';
@ -9,11 +10,8 @@ interface ReminderEmail {
}
export default defineEventHandler(async (event) => {
const xTagHeader = getRequestHeader(event, "x-tag");
if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
}
// Check authentication (x-tag header OR Keycloak session)
await requireAuth(event);
try {
const body = await readBody(event);
@ -104,18 +102,9 @@ export default defineEventHandler(async (event) => {
}
// Update last reminder sent timestamp
await $fetch('/api/update-interest', {
method: 'POST',
headers: {
'x-tag': xTagHeader,
},
body: {
id: interestId,
data: {
'last_reminder_sent': new Date().toISOString()
}
}
});
await updateInterest(interestId, {
'last_reminder_sent': new Date().toISOString()
} as any);
return {
success: true,

9
server/api/test-eoi-cleanup.ts
View File

@ -1,9 +1,8 @@
export default defineEventHandler(async (event) => {
const xTagHeader = getRequestHeader(event, "x-tag");
import { requireAuth } from '~/server/utils/auth';
if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
}
export default defineEventHandler(async (event) => {
// Check authentication (x-tag header OR Keycloak session)
await requireAuth(event);
try {
const query = getQuery(event);