MCPcopy
hub / github.com/firecrawl/firecrawl / supaAuthenticateUser

Function supaAuthenticateUser

apps/api/src/controllers/auth.ts:682–884  ·  view source on GitHub ↗
(
  req,
  res,
  mode?: RateLimiterMode,
  options?: { allowKeyless?: boolean },
)

Source from the content-addressed store, hash-verified

680}
681
682async function supaAuthenticateUser(
683 req,
684 res,
685 mode?: RateLimiterMode,
686 options?: { allowKeyless?: boolean },
687): Promise<AuthResponse> {
688 const authHeader =
689 req.headers.authorization ??
690 (req.headers["sec-websocket-protocol"]
691 ? `Bearer ${req.headers["sec-websocket-protocol"]}`
692 : null);
693 if (!authHeader) {
694 return handleKeylessAuth(req, mode, options?.allowKeyless);
695 }
696 const token = authHeader.split(" ")[1]; // Extract the token from "Bearer <token>"
697 if (!token) {
698 return {
699 success: false,
700 error: "Unauthorized: Token missing",
701 status: 401,
702 };
703 }
704
705 const incomingIP = (req.headers["x-preview-ip"] ||
706 req.headers["x-forwarded-for"] ||
707 req.socket.remoteAddress) as string;
708 const iptoken = incomingIP + token;
709
710 let rateLimiter: RateLimiterRedis;
711 let subscriptionData: { team_id: string } | null = null;
712 let normalizedApi: string;
713
714 let teamId: string | null = null;
715 let priceId: string | null = null;
716 let chunk: AuthCreditUsageChunk | null = null;
717 if (token == "this_is_just_a_preview_token") {
718 throw new Error(
719 "Unauthenticated Playground calls are temporarily disabled due to abuse. Please sign up.",
720 );
721 }
722 if (token == config.PREVIEW_TOKEN) {
723 if (mode == RateLimiterMode.CrawlStatus) {
724 rateLimiter = getRateLimiter(RateLimiterMode.CrawlStatus, token);
725 } else if (mode == RateLimiterMode.ExtractStatus) {
726 rateLimiter = getRateLimiter(RateLimiterMode.ExtractStatus, token);
727 } else {
728 rateLimiter = getRateLimiter(RateLimiterMode.Preview, token);
729 }
730 teamId = `preview_${iptoken}`;
731 } else if (token.startsWith("fco_")) {
732 // OAuth access token — resolve via introspection endpoint
733 const introspection = await resolveOAuthToken(token);
734 if (!introspection) {
735 return {
736 success: false,
737 error: "Unauthorized: Invalid or expired OAuth token",
738 status: 401,
739 };

Callers

nothing calls this directly

Calls 8

getRateLimiterFunction · 0.90
parseApiFunction · 0.90
getAgentSponsorStatusFunction · 0.90
handleKeylessAuthFunction · 0.85
resolveOAuthTokenFunction · 0.85
getACUCFunction · 0.85
ensureChunkOrgIdFunction · 0.85
normalizedApiIsUuidFunction · 0.85

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…