(
req,
res,
mode?: RateLimiterMode,
options?: { allowKeyless?: boolean },
)
| 680 | } |
| 681 | |
| 682 | async function supaAuthenticateUser( |
| 683 | req, |
| 684 | res, |
| 685 | mode?: RateLimiterMode, |
| 686 | options?: { allowKeyless?: boolean }, |
| 687 | ): Promise<AuthResponse> { |
| 688 | const authHeader = |
| 689 | req.headers.authorization ?? |
| 690 | (req.headers["sec-websocket-protocol"] |
| 691 | ? `Bearer ${req.headers["sec-websocket-protocol"]}` |
| 692 | : null); |
| 693 | if (!authHeader) { |
| 694 | return handleKeylessAuth(req, mode, options?.allowKeyless); |
| 695 | } |
| 696 | const token = authHeader.split(" ")[1]; // Extract the token from "Bearer <token>" |
| 697 | if (!token) { |
| 698 | return { |
| 699 | success: false, |
| 700 | error: "Unauthorized: Token missing", |
| 701 | status: 401, |
| 702 | }; |
| 703 | } |
| 704 | |
| 705 | const incomingIP = (req.headers["x-preview-ip"] || |
| 706 | req.headers["x-forwarded-for"] || |
| 707 | req.socket.remoteAddress) as string; |
| 708 | const iptoken = incomingIP + token; |
| 709 | |
| 710 | let rateLimiter: RateLimiterRedis; |
| 711 | let subscriptionData: { team_id: string } | null = null; |
| 712 | let normalizedApi: string; |
| 713 | |
| 714 | let teamId: string | null = null; |
| 715 | let priceId: string | null = null; |
| 716 | let chunk: AuthCreditUsageChunk | null = null; |
| 717 | if (token == "this_is_just_a_preview_token") { |
| 718 | throw new Error( |
| 719 | "Unauthenticated Playground calls are temporarily disabled due to abuse. Please sign up.", |
| 720 | ); |
| 721 | } |
| 722 | if (token == config.PREVIEW_TOKEN) { |
| 723 | if (mode == RateLimiterMode.CrawlStatus) { |
| 724 | rateLimiter = getRateLimiter(RateLimiterMode.CrawlStatus, token); |
| 725 | } else if (mode == RateLimiterMode.ExtractStatus) { |
| 726 | rateLimiter = getRateLimiter(RateLimiterMode.ExtractStatus, token); |
| 727 | } else { |
| 728 | rateLimiter = getRateLimiter(RateLimiterMode.Preview, token); |
| 729 | } |
| 730 | teamId = `preview_${iptoken}`; |
| 731 | } else if (token.startsWith("fco_")) { |
| 732 | // OAuth access token — resolve via introspection endpoint |
| 733 | const introspection = await resolveOAuthToken(token); |
| 734 | if (!introspection) { |
| 735 | return { |
| 736 | success: false, |
| 737 | error: "Unauthorized: Invalid or expired OAuth token", |
| 738 | status: 401, |
| 739 | }; |
nothing calls this directly
no test coverage detected
searching dependent graphs…