MCPcopy
hub / github.com/garrytan/gstack / checkInternalAuth

Function checkInternalAuth

browse/src/terminal-agent.ts:383–393  ·  view source on GitHub ↗

* Validate a loopback /internal/* request. Returns null when the request * is allowed; otherwise returns the Response to send back. Centralizes * bearer auth + the v1.44 X-Browse-Gen generation check so adding a new * /internal/* route is a one-liner.

(req: Request)

Source from the content-addressed store, hash-verified

381 * /internal/* route is a one-liner.
382 */
383function checkInternalAuth(req: Request): Response | null {
384 const auth = req.headers.get('authorization');
385 if (auth !== `Bearer ${INTERNAL_TOKEN}`) {
386 return new Response('forbidden', { status: 403 });
387 }
388 const headerGen = req.headers.get('x-browse-gen');
389 if (headerGen && headerGen !== CURRENT_GEN) {
390 return new Response('stale generation', { status: 409 });
391 }
392 return null;
393}
394
395/**
396 * Wrap a JSON-bodied /internal/* handler with the standard bearer-auth +

Callers 2

internalHandlerFunction · 0.85
fetchFunction · 0.85

Calls 1

getMethod · 0.45

Tested by

no test coverage detected