freezone/portal/AUTHENTICATION_FIX.md

Portal Authentication Fix Summary

Problem

The portal client was getting 401 errors when calling portal-server endpoints because the HTTP requests were missing the required x-api-key authentication header.

Root Cause

The HTTP requests were being made from Rust code in multi_step_resident_wizard.rs, not from JavaScript as initially assumed. The Rust code was missing the API key header and using an incorrect endpoint URL.

Solution Implemented

1. Fixed Rust HTTP Request Code

File: src/components/entities/resident_registration/multi_step_resident_wizard.rs

Changes:

• Added x-api-key header to the HTTP request
• Fixed endpoint URL from /resident/create-payment-intent to /api/resident/create-payment-intent
• Integrated with new configuration system

2. Created Configuration Module

File: src/config.rs

Features:

• Centralized API key management
• Configurable API base URL
• Development fallback with dev_key_123 key
• Helper methods for endpoint URL construction

3. Updated Application Initialization

File: src/lib.rs

Changes:

• Added config module import
• Initialize configuration on app startup
• Added logging for configuration status

4. Cleaned Up JavaScript Code

File: index.html

Changes:

• Removed unused createPaymentIntent function (now handled in Rust)
• Removed unused API key configuration variables
• Kept only Stripe Elements initialization functions

5. Updated Documentation

Files:

• TROUBLESHOOTING.md - Updated for Rust-based authentication
• test-env.sh - Environment testing script (now less relevant)

API Key Configuration

Development

• Client: Hardcoded dev_key_123 in src/config.rs
• Server: Must include dev_key_123 in API_KEYS environment variable

Production

To change the API key for production:

1. Edit src/config.rs and update the get_api_key() function
2. Rebuild the client: trunk build --release
3. Update server's .env file to include the new key in API_KEYS

Testing

Manual Test with curl

curl -X POST http://127.0.0.1:3001/api/resident/create-payment-intent \
  -H "Content-Type: application/json" \
  -H "x-api-key: dev_key_123" \
  -d '{"type":"resident_registration","amount":5000}'

Browser Console Logs

When the portal starts, you should see:

✅ Portal configuration initialized
🔧 Portal config loaded - API key: Present
🔑 Using API key: dev_key_123

When making payment requests:

🔧 Creating payment intent...
🔧 Setting up Stripe payment for resident registration

Files Modified

1. src/components/entities/resident_registration/multi_step_resident_wizard.rs - Fixed HTTP request
2. src/config.rs - New configuration module
3. src/lib.rs - Added config initialization
4. index.html - Cleaned up unused JavaScript
5. TROUBLESHOOTING.md - Updated documentation

Result

The portal client now properly authenticates with the portal-server using the x-api-key header, resolving the 401 authentication errors.