MCPcopy Index your code
hub / github.com/simstudioai/sim / validateDeploymentAuth

Function validateDeploymentAuth

apps/sim/lib/core/security/deployment-auth.ts:59–202  ·  view source on GitHub ↗
(
  requestId: string,
  resource: DeploymentAuthResource,
  request: NextRequest,
  parsedBody: DeploymentAuthBody | null | undefined,
  cookiePrefix: DeploymentAuthKind
)

Source from the content-addressed store, hash-verified

57 * support all four modes: `'public'`, `'password'`, `'email'`, and `'sso'`.
58 */
59export async function validateDeploymentAuth(
60 requestId: string,
61 resource: DeploymentAuthResource,
62 request: NextRequest,
63 parsedBody: DeploymentAuthBody | null | undefined,
64 cookiePrefix: DeploymentAuthKind
65): Promise<DeploymentAuthResult> {
66 const authType = resource.authType || 'public'
67
68 if (authType === 'public') {
69 return { authorized: true }
70 }
71
72 if (authType !== 'sso') {
73 const authCookie = request.cookies.get(deploymentAuthCookieName(cookiePrefix, resource.id))
74
75 if (
76 authCookie &&
77 validateAuthToken(authCookie.value, resource.id, authType, resource.password)
78 ) {
79 return { authorized: true }
80 }
81 }
82
83 if (authType === 'password') {
84 if (request.method === 'GET') {
85 return { authorized: false, error: 'auth_required_password' }
86 }
87
88 try {
89 if (!parsedBody) {
90 return { authorized: false, error: 'Password is required' }
91 }
92
93 const { password, input } = parsedBody
94
95 if (input && !password) {
96 return { authorized: false, error: 'auth_required_password' }
97 }
98
99 if (!password) {
100 return { authorized: false, error: 'Password is required' }
101 }
102
103 if (!resource.password) {
104 logger.error(`[${requestId}] No password set for password-protected ${resource.id}`)
105 return { authorized: false, error: 'Authentication configuration error' }
106 }
107
108 const ip = getClientIp(request)
109 const ipRateLimit = await rateLimiter.checkRateLimitDirect(
110 `${cookiePrefix}-password:ip:${resource.id}:${ip}`,
111 PASSWORD_IP_RATE_LIMIT
112 )
113 if (!ipRateLimit.allowed) {
114 logger.warn(
115 `[${requestId}] Password attempt IP rate limit exceeded for ${resource.id} from ${ip}`
116 )

Callers 4

route.tsFile · 0.90
route.tsFile · 0.90
route.tsFile · 0.90
validateChatAuthFunction · 0.90

Calls 10

deploymentAuthCookieNameFunction · 0.90
validateAuthTokenFunction · 0.90
getClientIpFunction · 0.90
decryptSecretFunction · 0.90
safeCompareFunction · 0.90
isEmailAllowedFunction · 0.90
errorMethod · 0.80
checkRateLimitDirectMethod · 0.80
getMethod · 0.65
warnMethod · 0.65

Tested by

no test coverage detected