Prompt for Replit Agent – Secure VWFS upload (hide ingest token)

You’re in my FastAPI project “Audi Finance Renewal App”.

Goal:
Move the VWFS CSV upload so that the browser only talks to /upload-book and the secret ingest token + Edge Function URL are used server-side only (no secrets in dashboard.html).

Requirements

Secrets / config

In Replit Secrets, I already have (or please create) two entries:

INGEST_FUNCTION_URL = https://fqijuzeakirjqhqdrwbr.supabase.co/functions/v1/ingest-vwfs-book

INGEST_FUNCTION_TOKEN = lia-dev-ingest-2025-01

Expose them in app/config.py (or similar) so backend code can read them via os.getenv.

Backend: /upload-book route

Open the FastAPI route that handles POST /upload-book (it already exists).

Implement this logic:

Accept the uploaded CSV file (UploadFile).

Read the file content into memory.

Forward it to the Edge Function using httpx or requests:

URL: INGEST_FUNCTION_URL

Method: POST

Headers:

x-ingest-token: INGEST_FUNCTION_TOKEN

Body: multipart form with the same file field.

If the Edge Function returns 200–299, return JSON:

{ "message": "Upload complete — Book imported" }


with status 200.

If it fails, return a 400/500 with the error message from the Edge Function.

Frontend: dashboard.html

Find the <form id="upload-form"> handler in the <script> block.

Change the fetch call to POST to /upload-book (relative path), not directly to the Supabase URL.

Remove any hard-coded ingest URL/token from this file.

Keep the existing UI behaviour:

Show “Uploading…” while in progress.

On success: ✅ Upload complete — Book imported

On error: ❌ <error message>

Testing

Restart the FastAPI server if needed.

In the Replit shell, test with:

curl -F "file=@sample.csv" http://localhost:8000/upload-book


(Use any small CSV in the repo or create a dummy one.)

Confirm you get a success JSON message when the Edge Function returns OK.

Final check

Confirm that:

No Supabase URL or ingest token appears anywhere in app/templates/dashboard.html.

Upload still works from the dashboard Preview.

Please summarise the exact files and key code blocks you changed when you’re done.