From 622d0bee34312a229b7bd2cb5a88d0f86db40cf4 Mon Sep 17 00:00:00 2001
From: CTO <cto@paperclip.ing>
Date: Mon, 13 Apr 2026 21:58:02 +0000
Subject: [PATCH] fix: handle missing ENCRYPTION_KEY in API key save routes and
 fix openrouter provider type
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The encrypt() call threw an unhandled error when ENCRYPTION_KEY env var was missing,
causing a 500 that the frontend displayed as "Netzwerkfehler beim Speichern des Schlüssels".
Now returns a clear error message. Also fixed provider type cast that excluded 'openrouter'.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 src/app/api/settings/api-keys/[id]/route.ts |  9 ++++++++-
 src/app/api/settings/api-keys/route.ts      | 14 +++++++++++---
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/src/app/api/settings/api-keys/[id]/route.ts b/src/app/api/settings/api-keys/[id]/route.ts
index 5c9fdf6..88a7509 100644
--- a/src/app/api/settings/api-keys/[id]/route.ts
+++ b/src/app/api/settings/api-keys/[id]/route.ts
@@ -50,7 +50,14 @@ export async function PATCH(
     auditDetails.isActive = isActive;
   }
   if (apiKey && typeof apiKey === 'string' && apiKey.length >= 8) {
-    updates.encryptedKey = encrypt(apiKey);
+    try {
+      updates.encryptedKey = encrypt(apiKey);
+    } catch {
+      return Response.json(
+        { error: 'Serverkonfigurationsfehler: Verschlüsselung nicht verfügbar. Bitte ENCRYPTION_KEY prüfen.' },
+        { status: 500 },
+      );
+    }
     updates.keyHint = keyHint(apiKey);
     auditDetails.keyRotated = true;
   }
diff --git a/src/app/api/settings/api-keys/route.ts b/src/app/api/settings/api-keys/route.ts
index 9b80da1..3688093 100644
--- a/src/app/api/settings/api-keys/route.ts
+++ b/src/app/api/settings/api-keys/route.ts
@@ -60,7 +60,7 @@ export async function POST(request: Request) {
     .where(
       and(
         eq(tenantApiKeys.tenantId, ctx.tenantId),
-        eq(tenantApiKeys.provider, provider as 'anthropic' | 'openai' | 'ollama'),
+        eq(tenantApiKeys.provider, provider as AIProvider),
         label ? eq(tenantApiKeys.label, label) : undefined,
       ),
     )
@@ -73,14 +73,22 @@ export async function POST(request: Request) {
     );
   }
 
-  const encryptedKey = encrypt(apiKey);
+  let encryptedKey: string;
+  try {
+    encryptedKey = encrypt(apiKey);
+  } catch {
+    return Response.json(
+      { error: 'Serverkonfigurationsfehler: Verschlüsselung nicht verfügbar. Bitte ENCRYPTION_KEY prüfen.' },
+      { status: 500 },
+    );
+  }
   const hint = keyHint(apiKey);
 
   const [created] = await db
     .insert(tenantApiKeys)
     .values({
       tenantId: ctx.tenantId,
-      provider: provider as 'anthropic' | 'openai' | 'ollama',
+      provider: provider as AIProvider,
       encryptedKey,
       keyHint: hint,
       label: label || null,