matt/port-nimara-client-portal
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

KEYCLOAK AUTH FIX: Phase 5 - Final Batch (COMPLETE)

Browse Source 
**UPDATED ENDPOINTS (7 final):**
- test-eoi-cleanup.ts (updated old auth)
- eoi/send-reminders.ts (updated old auth + fixed function calls)
- eoi/delete-generated-document.ts (updated old auth)
- eoi/delete-document.ts (updated old auth + fixed function calls)
- email/test-minio-bucket.ts (updated old auth)
- email/test-connection.ts (updated old auth)
- email/process-sales-eois.ts (updated old auth)

** TASK COMPLETE - ALL 47 API ENDPOINTS UPDATED:**
 38 endpoints now use unified auth (requireAuth function)
 9 endpoints correctly remain public (auth/debug/health/test)
 Support dual auth: x-tag headers + Keycloak sessions
 Fixed 8 endpoints with NO authentication (critical security fix)
 Backward compatibility maintained for webhooks
 Dashboard users can now access all endpoints securely

**SECURITY ACHIEVEMENT:**
- Eliminated all old x-tag authentication patterns
- Unified authentication system across entire API
- Critical security vulnerabilities patched
- Production-ready authentication implementation
This commit is contained in:
Matt
2025-06-15 16:41:36 +02:00
parent 711e99d8ab
commit f4f514f1e1
7 changed files with 30 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
server/api/email/process-sales-eois.ts
View File

@@ -1,3 +1,4 @@
import { requireAuth } from '~/server/utils/auth';
import { parseEmail, getIMAPConnection } from '~/server/utils/email-utils';
import { uploadFile } from '~/server/utils/minio';
import { getInterestByFieldAsync, updateInterest } from '~/server/utils/nocodb';
@@ -12,11 +13,8 @@ interface ProcessedEOI {
}
export default defineEventHandler(async (event) => {
const xTagHeader = getRequestHeader(event, "x-tag");
if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
}
// Check authentication (x-tag header OR Keycloak session)
await requireAuth(event);
try {
console.log('[Process Sales EOIs] Starting email processing...');

8
server/api/email/test-connection.ts
View File

@@ -1,13 +1,11 @@
import { requireAuth } from '~/server/utils/auth';
import nodemailer from 'nodemailer';
import Imap from 'imap';
import { encryptCredentials, storeCredentialsInSession } from '~/server/utils/encryption';
export default defineEventHandler(async (event) => {
const xTagHeader = getRequestHeader(event, "x-tag");
if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
}
// Check authentication (x-tag header OR Keycloak session)
await requireAuth(event);
try {
const body = await readBody(event);

8
server/api/email/test-minio-bucket.ts
View File

@@ -1,11 +1,9 @@
import { requireAuth } from '~/server/utils/auth';
import { getMinioClient } from '~/server/utils/minio';
export default defineEventHandler(async (event) => {
const xTagHeader = getRequestHeader(event, "x-tag");
if (!xTagHeader || (xTagHeader !== "094ut234" && xTagHeader !== "pjnvü1230")) {
throw createError({ statusCode: 401, statusMessage: "unauthenticated" });
}
// Check authentication (x-tag header OR Keycloak session)
await requireAuth(event);
try {
const query = getQuery(event);