(
request: NextRequest,
options: { requireWorkflowId?: boolean } = {}
)
| 68 | * @param options.requireWorkflowId - Whether workflowId/userId is required (default: true) |
| 69 | */ |
| 70 | export async function checkInternalAuth( |
| 71 | request: NextRequest, |
| 72 | options: { requireWorkflowId?: boolean } = {} |
| 73 | ): Promise<AuthResult> { |
| 74 | try { |
| 75 | const authHeader = request.headers.get('authorization') |
| 76 | |
| 77 | const apiKeyHeader = request.headers.get('x-api-key') |
| 78 | if (apiKeyHeader) { |
| 79 | return { |
| 80 | success: false, |
| 81 | error: 'API key access not allowed for this endpoint. Use workflow execution instead.', |
| 82 | } |
| 83 | } |
| 84 | |
| 85 | if (!authHeader?.startsWith('Bearer ')) { |
| 86 | return { |
| 87 | success: false, |
| 88 | error: 'Internal authentication required', |
| 89 | } |
| 90 | } |
| 91 | |
| 92 | const token = authHeader.split(' ')[1] |
| 93 | const verification = await verifyInternalToken(token) |
| 94 | |
| 95 | if (!verification.valid) { |
| 96 | return { success: false, error: 'Invalid internal token' } |
| 97 | } |
| 98 | |
| 99 | return resolveUserFromJwt(verification.userId || null, options) |
| 100 | } catch (error) { |
| 101 | logger.error('Error in internal authentication:', error) |
| 102 | return { |
| 103 | success: false, |
| 104 | error: 'Authentication error', |
| 105 | } |
| 106 | } |
| 107 | } |
| 108 | |
| 109 | /** |
| 110 | * Check for session or internal JWT authentication. |
no test coverage detected