MCPcopy
hub / github.com/simstudioai/sim / checkInternalAuth

Function checkInternalAuth

apps/sim/lib/auth/hybrid.ts:70–107  ·  view source on GitHub ↗
(
  request: NextRequest,
  options: { requireWorkflowId?: boolean } = {}
)

Source from the content-addressed store, hash-verified

68 * @param options.requireWorkflowId - Whether workflowId/userId is required (default: true)
69 */
70export async function checkInternalAuth(
71 request: NextRequest,
72 options: { requireWorkflowId?: boolean } = {}
73): Promise<AuthResult> {
74 try {
75 const authHeader = request.headers.get('authorization')
76
77 const apiKeyHeader = request.headers.get('x-api-key')
78 if (apiKeyHeader) {
79 return {
80 success: false,
81 error: 'API key access not allowed for this endpoint. Use workflow execution instead.',
82 }
83 }
84
85 if (!authHeader?.startsWith('Bearer ')) {
86 return {
87 success: false,
88 error: 'Internal authentication required',
89 }
90 }
91
92 const token = authHeader.split(' ')[1]
93 const verification = await verifyInternalToken(token)
94
95 if (!verification.valid) {
96 return { success: false, error: 'Invalid internal token' }
97 }
98
99 return resolveUserFromJwt(verification.userId || null, options)
100 } catch (error) {
101 logger.error('Error in internal authentication:', error)
102 return {
103 success: false,
104 error: 'Authentication error',
105 }
106 }
107}
108
109/**
110 * Check for session or internal JWT authentication.

Callers 15

route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90

Calls 4

verifyInternalTokenFunction · 0.90
resolveUserFromJwtFunction · 0.85
errorMethod · 0.80
getMethod · 0.65

Tested by

no test coverage detected