MCPcopy
hub / github.com/simstudioai/sim / validateMcpAuth

Function validateMcpAuth

apps/sim/lib/mcp/middleware.ts:112–211  ·  view source on GitHub ↗

* Validates MCP authentication and authorization

(
  request: NextRequest,
  permissionLevel: McpPermissionLevel
)

Source from the content-addressed store, hash-verified

110 * Validates MCP authentication and authorization
111 */
112async function validateMcpAuth(
113 request: NextRequest,
114 permissionLevel: McpPermissionLevel
115): Promise<AuthValidationResult> {
116 const requestId = generateRequestId()
117
118 try {
119 const auth = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
120 if (!auth.success || !auth.userId) {
121 logger.warn(`[${requestId}] Authentication failed: ${auth.error}`)
122 return {
123 success: false,
124 errorResponse: createMcpErrorResponse(
125 new Error(auth.error || 'Authentication required'),
126 'Authentication failed',
127 401
128 ),
129 }
130 }
131
132 let workspaceId: string | null = null
133
134 const { searchParams } = new URL(request.url)
135 workspaceId = searchParams.get('workspaceId')
136
137 if (!workspaceId) {
138 try {
139 const contentType = request.headers.get('content-type')
140 if (contentType?.includes('application/json')) {
141 const body = await readMcpJsonBodyWithLimit(request)
142 const bodyWorkspaceId =
143 body && typeof body === 'object' && 'workspaceId' in body
144 ? (body as { workspaceId?: unknown }).workspaceId
145 : undefined
146 workspaceId = typeof bodyWorkspaceId === 'string' ? bodyWorkspaceId : null
147 }
148 } catch (error) {
149 const errorResponse = mcpBodyReadErrorResponse(error, request)
150 if (errorResponse) return { success: false, errorResponse }
151 }
152 }
153
154 if (!workspaceId) {
155 return {
156 success: false,
157 errorResponse: createMcpErrorResponse(
158 new Error('workspaceId is required'),
159 'Missing required parameter',
160 400
161 ),
162 }
163 }
164
165 const userPermissions = await getUserEntityPermissions(auth.userId, 'workspace', workspaceId)
166 if (!userPermissions) {
167 return {
168 success: false,
169 errorResponse: createMcpErrorResponse(

Callers 1

withMcpAuthFunction · 0.85

Calls 12

generateRequestIdFunction · 0.90
createMcpErrorResponseFunction · 0.90
getUserEntityPermissionsFunction · 0.90
toErrorFunction · 0.90
readMcpJsonBodyWithLimitFunction · 0.85
mcpBodyReadErrorResponseFunction · 0.85
checkPermissionLevelFunction · 0.85
errorMethod · 0.80
warnMethod · 0.65
getMethod · 0.65

Tested by

no test coverage detected