v1.4: Segurança multi-tenant, file serving via API e UX humanizada

-  Validação cross-tenant no login e rotas protegidas
-  File serving via /api/files/{bucket}/{path} (eliminação DNS)
-  Mensagens de erro humanizadas inline (sem pop-ups)
-  Middleware tenant detection via headers customizados
-  Upload de logos retorna URLs via API
-  README atualizado com changelog v1.4 completo

front-end-agency/app/api/agency/logo/route.ts

@@ -4,19 +4,33 @@ const BACKEND_URL = process.env.API_INTERNAL_URL || 'http://aggios-backend:8080'
 
 export async function POST(request: NextRequest) {
     try {
+        console.log('🔵 [Next.js] Logo upload route called');
+
         const authorization = request.headers.get('authorization');
 
         if (!authorization) {
+            console.log('❌ [Next.js] No authorization header');
             return NextResponse.json(
                 { error: 'Unauthorized' },
                 { status: 401 }
             );
         }
 
+        console.log('✅ [Next.js] Authorization header present');
+
         // Get form data from request
         const formData = await request.formData();
+        const logo = formData.get('logo');
+        const type = formData.get('type');
 
-        console.log('Forwarding logo upload to backend:', BACKEND_URL);
+        console.log('📦 [Next.js] FormData received:', {
+            hasLogo: !!logo,
+            logoType: logo ? (logo as File).type : null,
+            logoSize: logo ? (logo as File).size : null,
+            type: type
+        });
+
+        console.log('🚀 [Next.js] Forwarding to backend:', BACKEND_URL);
 
         // Forward to backend
         const response = await fetch(`${BACKEND_URL}/api/agency/logo`, {
@@ -27,7 +41,7 @@ export async function POST(request: NextRequest) {
             body: formData,
         });
 
-        console.log('Backend response status:', response.status);
+        console.log('📡 [Next.js] Backend response status:', response.status);
 
         if (!response.ok) {
             const errorText = await response.text();

front-end-agency/app/api/tenant/public-config/route.ts

@@ -0,0 +1,51 @@
+import { NextRequest, NextResponse } from 'next/server';
+
+const API_BASE_URL = process.env.API_INTERNAL_URL || 'http://backend:8080';
+
+export async function GET(request: NextRequest) {
+    try {
+        const { searchParams } = new URL(request.url);
+        const subdomain = searchParams.get('subdomain');
+
+        if (!subdomain) {
+            return NextResponse.json(
+                { error: 'Subdomain is required' },
+                { status: 400 }
+            );
+        }
+
+        // Buscar configuração pública do tenant
+        const response = await fetch(
+            `${API_BASE_URL}/api/tenant/config?subdomain=${subdomain}`,
+            {
+                cache: 'no-store',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+            }
+        );
+
+        if (!response.ok) {
+            return NextResponse.json(
+                { error: 'Tenant not found' },
+                { status: 404 }
+            );
+        }
+
+        const data = await response.json();
+
+        // Retornar apenas dados públicos
+        return NextResponse.json({
+            name: data.name,
+            primary_color: data.primary_color,
+            secondary_color: data.secondary_color,
+            logo_url: data.logo_url,
+        });
+    } catch (error) {
+        console.error('Error fetching tenant config:', error);
+        return NextResponse.json(
+            { error: 'Internal server error' },
+            { status: 500 }
+        );
+    }
+}