3 changed files with 116 additions and 18 deletions
--- a/api.py
+++ b/api.py
@ -224,6 +224,7 @@ app.include_router(entreprises_router)
@app.get("/clients", response_model=List[ClientDetails], tags=["Clients"])
 async def obtenir_clients(
    query: Optional[str] = Query(None),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -237,6 +238,7 @@ async def obtenir_clients(
@app.get("/clients/{code}", response_model=ClientDetails, tags=["Clients"])
 async def lire_client_detail(
    code: str,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -259,6 +261,7 @@ async def modifier_client(
    code: str,
    client_update: ClientUpdate,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -284,6 +287,7 @@ async def modifier_client(
 async def ajouter_client(
    client: ClientCreate,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -308,6 +312,7 @@ async def ajouter_client(
@app.get("/articles", response_model=List[Article], tags=["Articles"])
 async def rechercher_articles(
    query: Optional[str] = Query(None),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -326,6 +331,7 @@ async def rechercher_articles(
 )
 async def creer_article(
    article: ArticleCreate,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -366,6 +372,7 @@ async def creer_article(
 async def modifier_article(
    reference: str = Path(..., description="Référence de l'article à modifier"),
    article: ArticleUpdate = Body(...),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -409,6 +416,7 @@ async def modifier_article(
@app.get("/articles/{reference}", response_model=Article, tags=["Articles"])
 async def lire_article(
    reference: str = Path(..., description="Référence de l'article"),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -438,6 +446,7 @@ async def lire_article(
@app.post("/devis", response_model=Devis, status_code=201, tags=["Devis"])
 async def creer_devis(
    devis: DevisRequest,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -477,6 +486,7 @@ async def modifier_devis(
    id: str,
    devis_update: DevisUpdate,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -522,6 +532,7 @@ async def modifier_devis(
 async def creer_commande(
    commande: CommandeCreate,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -571,6 +582,7 @@ async def modifier_commande(
    id: str,
    commande_update: CommandeUpdate,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -619,6 +631,7 @@ async def lister_devis(
    inclure_lignes: bool = Query(
        True, description="Inclure les lignes de chaque devis"
    ),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -635,6 +648,7 @@ async def lister_devis(
@app.get("/devis/{id}", tags=["Devis"])
 async def lire_devis(
    id: str,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -655,6 +669,7 @@ async def lire_devis(
@app.get("/devis/{id}/pdf", tags=["Devis"])
 async def telecharger_devis_pdf(
    id: str,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -677,6 +692,7 @@ async def telecharger_document_pdf(
        description="Type de document (0=Devis, 10=Commande, 30=Livraison, 60=Facture, 50=Avoir)",
    ),
    numero: str = Path(..., description="Numéro du document"),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -733,6 +749,7 @@ async def envoyer_devis_email(
    id: str,
    request: EmailEnvoi,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -788,6 +805,7 @@ async def changer_statut_document(
    nouveau_statut: int = Query(
        ..., ge=0, le=6, description="0=Saisi, 1=Confirmé, 2=Accepté"
    ),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    document_type_sql = None
@ -904,6 +922,7 @@ async def changer_statut_document(
@app.get("/commandes/{id}", tags=["Commandes"])
 async def lire_commande(
    id: str,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -922,6 +941,7 @@ async def lire_commande(
 async def lister_commandes(
    limit: int = Query(100, le=1000),
    statut: Optional[int] = Query(None),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -937,6 +957,7 @@ async def lister_commandes(
 async def devis_vers_commande(
    id: str,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -981,6 +1002,7 @@ async def devis_vers_commande(
 async def commande_vers_facture(
    id: str,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1082,6 +1104,7 @@ async def envoyer_emails_lot(
 async def valider_remise(
    client_id: str = Query(..., min_length=1),
    remise_pourcentage: float = Query(0.0, ge=0, le=100),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1115,6 +1138,7 @@ async def relancer_devis_signature(
    id: str,
    relance: RelanceDevis,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1181,6 +1205,7 @@ class ContactClientResponse(BaseModel):
@app.get("/devis/{id}/contact", response_model=ContactClientResponse, tags=["Devis"])
 async def recuperer_contact_devis(
    id: str,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1208,6 +1233,7 @@ async def recuperer_contact_devis(
 async def lister_factures(
    limit: int = Query(100, le=1000),
    statut: Optional[int] = Query(None),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1222,6 +1248,7 @@ async def lister_factures(
@app.get("/factures/{numero}", tags=["Factures"])
 async def lire_facture_detail(
    numero: str,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1248,6 +1275,7 @@ class RelanceFacture(BaseModel):
 async def creer_facture(
    facture: FactureCreate,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1297,6 +1325,7 @@ async def modifier_facture(
    id: str,
    facture_update: FactureUpdate,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1366,6 +1395,7 @@ async def relancer_facture(
    id: str,
    relance: RelanceFacture,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1436,6 +1466,7 @@ async def journal_emails(
    destinataire: Optional[str] = Query(None),
    limit: int = Query(100, le=1000),
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    query = select(EmailLog)
@ -1471,6 +1502,7 @@ async def journal_emails(
 async def exporter_logs_csv(
    statut: Optional[StatutEmail] = Query(None),
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    query = select(EmailLog)
@ -1540,7 +1572,9 @@ class TemplatePreview(BaseModel):
@app.get("/templates/emails", response_model=List[TemplateEmail], tags=["Emails"])
-async def lister_templates():
+async def lister_templates(
    user: User = Depends(get_current_user),
 ):
    return [TemplateEmail(**template) for template in templates_email_db.values()]
@ -1549,6 +1583,7 @@ async def lister_templates():
 )
 async def lire_template(
    template_id: str,
    user: User = Depends(get_current_user),
 ):
    if template_id not in templates_email_db:
        raise HTTPException(404, f"Template {template_id} introuvable")
@ -1559,6 +1594,7 @@ async def lire_template(
@app.post("/templates/emails", response_model=TemplateEmail, tags=["Emails"])
 async def creer_template(
    template: TemplateEmail,
    user: User = Depends(get_current_user),
 ):
    template_id = str(uuid.uuid4())
@ -1581,6 +1617,7 @@ async def creer_template(
 async def modifier_template(
    template_id: str,
    template: TemplateEmail,
    user: User = Depends(get_current_user),
 ):
    if template_id not in templates_email_db:
        raise HTTPException(404, f"Template {template_id} introuvable")
@ -1604,6 +1641,7 @@ async def modifier_template(
@app.delete("/templates/emails/{template_id}", tags=["Emails"])
 async def supprimer_template(
    template_id: str,
    user: User = Depends(get_current_user),
 ):
    if template_id not in templates_email_db:
        raise HTTPException(404, f"Template {template_id} introuvable")
@ -1621,6 +1659,7 @@ async def supprimer_template(
@app.post("/templates/emails/preview", tags=["Emails"])
 async def previsualiser_email(
    preview: TemplatePreview,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    if preview.template_id not in templates_email_db:
@ -1659,6 +1698,7 @@ async def previsualiser_email(
@app.get("/prospects", tags=["Prospects"])
 async def rechercher_prospects(
    query: Optional[str] = Query(None),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1672,6 +1712,7 @@ async def rechercher_prospects(
@app.get("/prospects/{code}", tags=["Prospects"])
 async def lire_prospect(
    code: str,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1691,6 +1732,7 @@ async def lire_prospect(
 )
 async def rechercher_fournisseurs(
    query: Optional[str] = Query(None),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1712,6 +1754,7 @@ async def rechercher_fournisseurs(
 async def ajouter_fournisseur(
    fournisseur: FournisseurCreate,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1741,6 +1784,7 @@ async def modifier_fournisseur(
    code: str,
    fournisseur_update: FournisseurUpdate,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1763,6 +1807,7 @@ async def modifier_fournisseur(
@app.get("/fournisseurs/{code}", tags=["Fournisseurs"])
 async def lire_fournisseur(
    code: str,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1781,6 +1826,7 @@ async def lire_fournisseur(
 async def lister_avoirs(
    limit: int = Query(100, le=1000),
    statut: Optional[int] = Query(None),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1794,6 +1840,7 @@ async def lister_avoirs(
@app.get("/avoirs/{numero}", tags=["Avoirs"])
 async def lire_avoir(
    numero: str,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1812,6 +1859,7 @@ async def lire_avoir(
 async def creer_avoir(
    avoir: AvoirCreate,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1859,6 +1907,7 @@ async def modifier_avoir(
    id: str,
    avoir_update: AvoirUpdate,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1904,6 +1953,7 @@ async def modifier_avoir(
 async def lister_livraisons(
    limit: int = Query(100, le=1000),
    statut: Optional[int] = Query(None),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1917,6 +1967,7 @@ async def lister_livraisons(
@app.get("/livraisons/{numero}", tags=["Livraisons"])
 async def lire_livraison(
    numero: str,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1935,6 +1986,7 @@ async def lire_livraison(
 async def creer_livraison(
    livraison: LivraisonCreate,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -1988,6 +2040,7 @@ async def modifier_livraison(
    id: str,
    livraison_update: LivraisonUpdate,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2033,6 +2086,7 @@ async def modifier_livraison(
 async def livraison_vers_facture(
    id: str,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2076,6 +2130,7 @@ async def livraison_vers_facture(
 async def devis_vers_facture_direct(
    id: str,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2136,6 +2191,7 @@ async def devis_vers_facture_direct(
 async def commande_vers_livraison(
    id: str,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2207,6 +2263,7 @@ async def commande_vers_livraison(
 )
 async def lister_familles(
    filtre: Optional[str] = Query(None, description="Filtre sur code ou intitulé"),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2232,6 +2289,7 @@ async def lister_familles(
 )
 async def lire_famille(
    code: str = Path(..., description="Code de la famille (ex: ZDIVERS)"),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2267,6 +2325,7 @@ async def lire_famille(
 )
 async def creer_famille(
    famille: FamilleCreate,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2310,6 +2369,7 @@ async def creer_famille(
 )
 async def creer_entree_stock(
    entree: EntreeStock,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2346,6 +2406,7 @@ async def creer_entree_stock(
 )
 async def creer_sortie_stock(
    sortie: SortieStock,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2381,6 +2442,7 @@ async def creer_sortie_stock(
 )
 async def lire_mouvement_stock(
    numero: str = Path(..., description="Numéro du mouvement (ex: ME00123 ou MS00124)"),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2413,6 +2475,7 @@ async def lire_mouvement_stock(
    summary="Statistiques sur les familles",
 )
 async def statistiques_familles(
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2434,6 +2497,7 @@ async def lister_utilisateurs_debug(
    limit: int = Query(100, le=1000),
    role: Optional[str] = Query(None),
    verified_only: bool = Query(False),
    user: User = Depends(get_current_user),
 ):
    from database import User
    from sqlalchemy import select
@ -2520,6 +2584,7 @@ async def statistiques_utilisateurs(session: AsyncSession = Depends(get_session)
 async def creer_contact(
    numero: str,
    contact: ContactCreate,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2552,6 +2617,7 @@ async def creer_contact(
@app.get("/tiers/{numero}/contacts", response_model=List[Contact], tags=["Contacts"])
 async def lister_contacts(
    numero: str,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2570,6 +2636,7 @@ async def lister_contacts(
 async def obtenir_contact(
    numero: str,
    contact_numero: int,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2595,6 +2662,7 @@ async def modifier_contact(
    numero: str,
    contact_numero: int,
    contact: ContactUpdate,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2626,6 +2694,7 @@ async def modifier_contact(
 async def supprimer_contact(
    numero: str,
    contact_numero: int,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2640,6 +2709,7 @@ async def supprimer_contact(
 async def definir_contact_defaut(
    numero: str,
    contact_numero: int,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2661,6 +2731,7 @@ async def obtenir_tiers(
        description="Filtre par type: 0/client, 1/fournisseur, 2/prospect, 3/all ou strings",
    ),
    query: Optional[str] = Query(None, description="Recherche sur code ou intitulé"),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2675,6 +2746,7 @@ async def obtenir_tiers(
@app.get("/tiers/{code}", response_model=TiersDetails, tags=["Tiers"])
 async def lire_tiers_detail(
    code: str,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2712,6 +2784,7 @@ async def lister_collaborateurs(
    actifs_seulement: bool = Query(
        True, description="Exclure les collaborateurs en sommeil"
    ),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    """Liste tous les collaborateurs"""
@ -2730,6 +2803,7 @@ async def lister_collaborateurs(
 )
 async def lire_collaborateur_detail(
    numero: int,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    """Lit un collaborateur par son numéro"""
@ -2756,6 +2830,7 @@ async def lire_collaborateur_detail(
 )
 async def creer_collaborateur(
    collaborateur: CollaborateurCreate,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    """Crée un nouveau collaborateur"""
@ -2782,6 +2857,7 @@ async def creer_collaborateur(
 async def modifier_collaborateur(
    numero: int,
    collaborateur: CollaborateurUpdate,
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    """Modifie un collaborateur existant"""
@ -2804,6 +2880,7 @@ async def modifier_collaborateur(
@app.get("/societe/info", response_model=SocieteInfo, tags=["Société"])
 async def obtenir_informations_societe(
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2823,6 +2900,7 @@ async def obtenir_informations_societe(
@app.get("/societe/logo", tags=["Société"])
 async def obtenir_logo_societe(
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    """Retourne le logo en tant qu'image directe"""
@ -2847,6 +2925,7 @@ async def obtenir_logo_societe(
@app.get("/societe/preview", response_class=HTMLResponse, tags=["Société"])
 async def preview_societe(
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    """Page HTML pour visualiser les infos société avec logo"""
@ -2920,6 +2999,7 @@ async def preview_societe(
 async def valider_facture(
    numero_facture: str,
    _: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2943,6 +3023,7 @@ async def valider_facture(
 async def devalider_facture(
    numero_facture: str,
    _: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2966,6 +3047,7 @@ async def devalider_facture(
 async def get_statut_validation_facture(
    numero_facture: str,
    _: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -2986,6 +3068,7 @@ async def regler_facture(
    numero_facture: str,
    reglement: ReglementFactureCreate,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -3029,6 +3112,7 @@ async def regler_facture(
 async def regler_factures_multiple(
    reglement: ReglementMultipleCreate,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -3067,6 +3151,7 @@ async def regler_factures_multiple(
 async def get_reglements_facture(
    numero_facture: str,
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -3091,6 +3176,7 @@ async def get_reglements_client(
    date_fin: Optional[datetime] = Query(None, description="Date fin"),
    inclure_soldees: bool = Query(True, description="Inclure les factures soldées"),
    session: AsyncSession = Depends(get_session),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -3115,6 +3201,7 @@ async def get_reglements_client(
@app.get("/journaux/banque", tags=["Règlements"])
 async def get_journaux_banque(
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    try:
@ -3127,6 +3214,7 @@ async def get_journaux_banque(
@app.get("/reglements/modes", tags=["Référentiels"])
 async def get_modes_reglement(
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    """Liste des modes de règlement disponibles dans Sage"""
@ -3140,6 +3228,7 @@ async def get_modes_reglement(
@app.get("/devises", tags=["Référentiels"])
 async def get_devises(
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    """Liste des devises disponibles dans Sage"""
@ -3153,6 +3242,7 @@ async def get_devises(
@app.get("/journaux/tresorerie", tags=["Référentiels"])
 async def get_journaux_tresorerie(
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    """Liste des journaux de trésorerie (banque + caisse)"""
@ -3171,6 +3261,7 @@ async def get_comptes_generaux(
        None,
        description="client | fournisseur | banque | caisse | tva | produit | charge",
    ),
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    """Liste des comptes généraux"""
@ -3184,6 +3275,7 @@ async def get_comptes_generaux(
@app.get("/tva/taux", tags=["Référentiels"])
 async def get_tva_taux(
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    """Liste des taux de TVA"""
@ -3197,6 +3289,7 @@ async def get_tva_taux(
@app.get("/parametres/encaissement", tags=["Référentiels"])
 async def get_parametres_encaissement(
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    """Paramètres TVA sur encaissement"""
@ -3243,6 +3336,7 @@ async def get_reglement_detail(rg_no):
@app.get("/health", tags=["System"])
 async def health_check(
    user: User = Depends(get_current_user),
    sage: SageGatewayClient = Depends(get_sage_client_for_user),
 ):
    gateway_health = sage.health()
--- a/middleware/security.py
+++ b/middleware/security.py
@ -112,7 +112,6 @@ class ApiKeyMiddlewareHTTP(BaseHTTPMiddleware):
        "/health",
        "/auth",
        "/api-keys/verify",
        "/universign/webhook",
    ]
    def _is_excluded_path(self, path: str) -> bool:
@ -138,12 +137,6 @@ class ApiKeyMiddlewareHTTP(BaseHTTPMiddleware):
        auth_header = request.headers.get("Authorization")
        api_key_header = request.headers.get("X-API-Key")
        if api_key_header:
            logger.debug(f"🔑 API Key détectée pour {method} {path}")
            return await self._handle_api_key_auth(
                request, api_key_header, path, method, call_next
            )
        if auth_header and auth_header.startswith("Bearer "):
            token = auth_header.split(" ")[1]
@ -151,16 +144,27 @@ class ApiKeyMiddlewareHTTP(BaseHTTPMiddleware):
                logger.warning(
                    " API Key envoyée dans Authorization au lieu de X-API-Key"
                )
-                return await self._handle_api_key_auth(
+                api_key_header = token
-                    request, token, path, method, call_next
+            else:
-                )
+                logger.debug(f" JWT détecté pour {method} {path}")
                return await call_next(request)
-            logger.debug(f"🎫 JWT détecté pour {method} {path} → délégation à FastAPI")
+        if api_key_header:
-            request.state.authenticated_via = "jwt"
+            logger.debug(f" API Key détectée pour {method} {path}")
-            return await call_next(request)
+            return await self._handle_api_key_auth(
                request, api_key_header, path, method, call_next
            )
-        logger.debug(f" Aucune auth pour {method} {path} → délégation à FastAPI")
+        logger.warning(f" Aucune authentification: {method} {path}")
-        return await call_next(request)
+        return JSONResponse(
            status_code=status.HTTP_401_UNAUTHORIZED,
            content={
                "detail": "Authentification requise",
                "hint": "Utilisez 'X-API-Key: sdk_live_xxx' ou 'Authorization: Bearer <jwt>'",
                "path": path,
            },
            headers={"WWW-Authenticate": 'Bearer realm="API", charset="UTF-8"'},
        )
    async def _handle_api_key_auth(
        self,
@ -192,7 +196,7 @@ class ApiKeyMiddlewareHTTP(BaseHTTPMiddleware):
                is_allowed, rate_info = await service.check_rate_limit(api_key_obj)
                if not is_allowed:
-                    logger.warning(f" Rate limit: {api_key_obj.name}")
+                    logger.warning(f"⚠️ Rate limit: {api_key_obj.name}")
                    return JSONResponse(
                        status_code=status.HTTP_429_TOO_MANY_REQUESTS,
                        content={"detail": "Rate limit dépassé"},
--- a/scripts/manage_security.py
+++ b/scripts/manage_security.py
@ -162,7 +162,7 @@ async def create_api_key(
            logger.info("   Endpoints: Tous (aucune restriction)")
        logger.info("=" * 70)
-        logger.info("  SAUVEGARDEZ CETTE CLÉ - Elle ne sera plus affichée !")
+        logger.info("⚠️  SAUVEGARDEZ CETTE CLÉ - Elle ne sera plus affichée !")
        logger.info("=" * 70)