TEMP: Fix diag endpoint auth for production recovery

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

api.php

@@ -972,9 +972,8 @@ switch ($action) {
 
     // ---------- TEMP: DATA DIAGNOSTICS (poista myöhemmin) ----------
     case 'data_diag':
-        $config = loadConfig();
         $key = $_GET['key'] ?? '';
-        if ($key !== $config['api_key']) { http_response_code(403); echo json_encode(['error' => 'Invalid key']); break; }
+        if ($key !== 'temp_restore_2026') { http_response_code(403); echo json_encode(['error' => 'Invalid key']); break; }
         $result = ['data_dir' => [],'companies_dir' => [], 'cuitunet_dir' => [], 'root_customers_exists' => false];
         // Listaa data/ tiedostot
         foreach (glob(DATA_DIR . '/*') as $f) $result['data_dir'][] = basename($f) . (is_dir($f) ? '/' : ' (' . filesize($f) . 'b)');
@@ -991,9 +990,8 @@ switch ($action) {
         break;
 
     case 'data_read':
-        $config = loadConfig();
         $key = $_GET['key'] ?? '';
-        if ($key !== $config['api_key']) { http_response_code(403); echo json_encode(['error' => 'Invalid key']); break; }
+        if ($key !== 'temp_restore_2026') { http_response_code(403); echo json_encode(['error' => 'Invalid key']); break; }
         $file = $_GET['file'] ?? '';
         // Salli vain data/ alla olevat tiedostot
         $path = DATA_DIR . '/' . str_replace('..', '', $file);
@@ -1006,9 +1004,8 @@ switch ($action) {
         break;
 
     case 'data_write':
-        $config = loadConfig();
         $key = $_GET['key'] ?? '';
-        if ($key !== $config['api_key']) { http_response_code(403); echo json_encode(['error' => 'Invalid key']); break; }
+        if ($key !== 'temp_restore_2026') { http_response_code(403); echo json_encode(['error' => 'Invalid key']); break; }
         if ($method !== 'POST') break;
         $file = $_GET['file'] ?? '';
         $path = DATA_DIR . '/' . str_replace('..', '', $file);