Add sender authentication check to EnvelopeSenderPage

Added an authentication check in `EnvelopeSenderPage.razor` to verify sender access before loading envelopes. Redirects unauthorized users to the sender login page.

Introduced `CheckSenderAsync` in `AuthService` to validate sender tokens via the `/api/auth/check` endpoint. Updated `OnInitializedAsync` to use this method, enhancing security by ensuring only authorized users can access envelope-related functionality.

EnvelopeGenerator.ReceiverUI/Pages/EnvelopeSenderPage.razor

@@ -322,6 +322,13 @@
 
     protected override async Task OnInitializedAsync()
     {
+        var hasAccess = await AuthService.CheckSenderAsync();
+        if (!hasAccess)
+        {
+            Navigation.NavigateTo($"/sender/login");
+            return;
+        }
+
         await LoadEnvelopesAsync();
     }
 

EnvelopeGenerator.ReceiverUI/Services/AuthService.cs

@@ -58,6 +58,16 @@ public class AuthService(HttpClient http, IOptions<ApiOptions> apiOptions)
         return response.IsSuccessStatusCode;
     }
 
+    /// <summary>
+    /// Checks whether the current user holds a valid receiver token for the given envelope key.
+    /// Calls GET /api/auth/check/envelope/{envelopeKey}.
+    /// </summary>
+    public async Task<bool> CheckSenderAsync(CancellationToken cancel = default)
+    {
+        var response = await http.GetAsync($"{_api.BaseUrl}/api/auth/check", cancel);
+        return response.StatusCode == HttpStatusCode.OK;
+    }
+
     /// <summary>
     /// Authenticates a sender user with username and password.
     /// Calls POST /api/auth?cookie=true with JSON body.