**UPDATED ENDPOINTS (7 final):**
- test-eoi-cleanup.ts (updated old auth)
- eoi/send-reminders.ts (updated old auth + fixed function calls)
- eoi/delete-generated-document.ts (updated old auth)
- eoi/delete-document.ts (updated old auth + fixed function calls)
- email/test-minio-bucket.ts (updated old auth)
- email/test-connection.ts (updated old auth)
- email/process-sales-eois.ts (updated old auth)
** TASK COMPLETE - ALL 47 API ENDPOINTS UPDATED:**
38 endpoints now use unified auth (requireAuth function)
9 endpoints correctly remain public (auth/debug/health/test)
Support dual auth: x-tag headers + Keycloak sessions
Fixed 8 endpoints with NO authentication (critical security fix)
Backward compatibility maintained for webhooks
Dashboard users can now access all endpoints securely
**SECURITY ACHIEVEMENT:**
- Eliminated all old x-tag authentication patterns
- Unified authentication system across entire API
- Critical security vulnerabilities patched
- Production-ready authentication implementation
**UPDATED ENDPOINTS (11 additional):**
- email/send.ts (CRITICAL: was using old auth)
- email/fetch-thread.ts (CRITICAL: was using old auth)
- email/fetch-thread-v2.ts (CRITICAL: was using old auth)
- email/generate-eoi-document.ts (CRITICAL: was using old auth)
- files/upload.ts (CRITICAL: was using old auth)
- files/list.ts (SECURITY ISSUE: had NO auth)
- files/download.ts (SECURITY ISSUE: had NO auth)
- files/delete.ts (SECURITY ISSUE: had NO auth)
- files/create-folder.ts (SECURITY ISSUE: had NO auth)
- files/preview.ts (SECURITY ISSUE: had NO auth)
- files/rename.ts (SECURITY ISSUE: had NO auth)
**AUTHENTICATION:** All now support dual auth:
- x-tag header (webhooks/external calls)
- Keycloak session (logged-in users)
**PROGRESS:** 28/47 endpoints completed (~60%)
**NEXT:** Continue with remaining proxy, test & debug endpoints
**CRITICAL SECURITY FIXES:** Found 6 file endpoints with NO authentication - major vulnerability patched!
- Switch from localStorage to sessionStorage for email sessions
- Add session validation on component mount
- Implement IMAP connection pool with folder search capabilities
- Add operation locking utility for concurrent request handling
- Refactor EOI section component structure
- Update API endpoints for better email thread management
- Add helper function to generate embedded signing URLs from Documenso links
- Store embedded signature links for all signers (Client, Developer, CC)
- Add webhook secret configuration for embedded signing
- Add documentation for embedded signing and website implementation
- Update Interest type with embedded signature link fields
- Removed limit on cached emails - now loads ALL cached emails from MinIO
- Kept IMAP limit at 50 for reasonable performance
- Added loading indicator showing when emails are being fetched
- Fixed ES module import issue in email-utils.ts
- Improved user experience with visual feedback during loading
This ensures all email threads load completely while maintaining reasonable performance
- Fixed refresh button icon not displaying (changed from icon prop to v-icon element)
- Reduced default email limit from 50 to 20 to improve loading speed
- Optimized cached email loading to only load most recent emails (up to limit)
- Fixed CommonJS require error in email-utils.ts (changed to ES module import)
- Added sorting to cached files to ensure newest emails are loaded first
This should significantly improve email loading performance from 578 cached files down to max 20
- Fixed delete interest button requiring multiple clicks by removing debounce
- Fixed Generate EOI button display on mobile devices
- Added horizontal scrolling with touch support for mobile interest list
- Removed Place of Residence field from interest creation form
- Enhanced EOI upload with better error handling and logging
- Fixed email attachment upload authentication issues
- Created EmailDetailsDialog component for viewing full email details
- Re-integrated email thread viewing with toggle between threads/all views
- Added reply functionality for individual emails and threads
- Optimized email loading performance by reducing fetch limit to 50
- Fixed visual bugs with thread expansion panels
- Added explicit save button for email signatures
- Improved file upload authentication and bucket creation for attachments
- Add file browser integration for selecting attachments
- Display attached files with remove functionality in composer
- Include attachments in email sending process
- Show attachment info in email thread display
- Update server endpoints to handle file attachments
- Minor UI improvements to EOI status badge layout
Extract EOI links and generation functionality from InterestDetailsModal
into a new reusable EOISection component. This improves code organization
and maintainability while adding debounce support for form submissions.
- Create new EOISection.vue component for EOI management
- Remove inline EOI links section from InterestDetailsModal
- Add debounce utility for form submission handling
- Update email generation and thread fetching logic
- Update related types and utilities
- Move logo to top of email signature for better formatting
- Enhance IMAP search to include CC/BCC fields and multiple folders
- Fix EOI document generation to properly send and extract signing URLs
- Update documentation with all email system fixes
- Make Address field optional in EOI document generation with "Not Provided" default
- Accept both x-tag headers ("094ut234" and "pjnvü1230") for interest updates
- Update required fields validation to exclude Address
- Improve error messages to guide users on updating missing fields
- Handle missing email sessions gracefully without throwing errors
- Clear partial session data when no valid session exists
- Return empty results instead of 401 errors for missing credentials
- Remove hardcoded Documenso API key and require env variables
- Reduce email fetch limit from 50 to 20 for performance
- Add documentation for email system fixes
- Add Documenso API configuration to environment variables
- Create endpoint to generate EOI documents with e-signature capability
- Update email composer to insert generated EOI document links
- Add UI indicators for EOI generation status in interest details
- Emit events to refresh interest data after EOI generation
- Add email components for composing, viewing threads, and credential setup
- Implement server API endpoints for sending emails and fetching threads
- Add encryption utilities for secure credential storage
- Configure email settings in environment variables
- Integrate email functionality into interest details modal
Matt