MCPcopy
hub / github.com/simstudioai/sim / checkSessionOrInternalAuth

Function checkSessionOrInternalAuth

apps/sim/lib/auth/hybrid.ts:118–166  ·  view source on GitHub ↗
(
  request: NextRequest,
  options: { requireWorkflowId?: boolean } = {}
)

Source from the content-addressed store, hash-verified

116 * @param options.requireWorkflowId - Whether workflowId/userId is required for JWT (default: true)
117 */
118export async function checkSessionOrInternalAuth(
119 request: NextRequest,
120 options: { requireWorkflowId?: boolean } = {}
121): Promise<AuthResult> {
122 try {
123 // 1. Reject API keys first
124 const apiKeyHeader = request.headers.get('x-api-key')
125 if (apiKeyHeader) {
126 return {
127 success: false,
128 error: 'API key access not allowed for this endpoint',
129 }
130 }
131
132 // 2. Check for internal JWT token
133 const authHeader = request.headers.get('authorization')
134 if (authHeader?.startsWith('Bearer ')) {
135 const token = authHeader.split(' ')[1]
136 const verification = await verifyInternalToken(token)
137
138 if (verification.valid) {
139 return resolveUserFromJwt(verification.userId || null, options)
140 }
141 }
142
143 // 3. Try session auth (for web UI)
144 const session = await getSession()
145 if (session?.user?.id) {
146 return {
147 success: true,
148 userId: session.user.id,
149 userName: session.user.name,
150 userEmail: session.user.email,
151 authType: AuthType.SESSION,
152 }
153 }
154
155 return {
156 success: false,
157 error: 'Unauthorized',
158 }
159 } catch (error) {
160 logger.error('Error in session/internal authentication:', error)
161 return {
162 success: false,
163 error: 'Authentication error',
164 }
165 }
166}
167
168/**
169 * Check for authentication using any of the 3 supported methods:

Callers 15

authorizeCredentialUseFunction · 0.90
validateMcpAuthFunction · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90

Calls 4

verifyInternalTokenFunction · 0.90
resolveUserFromJwtFunction · 0.85
errorMethod · 0.80
getMethod · 0.65

Tested by

no test coverage detected