* Validates MCP authentication and authorization
( request: NextRequest, permissionLevel: McpPermissionLevel )
| 110 | * Validates MCP authentication and authorization |
| 111 | */ |
| 112 | async function validateMcpAuth( |
| 113 | request: NextRequest, |
| 114 | permissionLevel: McpPermissionLevel |
| 115 | ): Promise<AuthValidationResult> { |
| 116 | const requestId = generateRequestId() |
| 117 | |
| 118 | try { |
| 119 | const auth = await checkSessionOrInternalAuth(request, { requireWorkflowId: false }) |
| 120 | if (!auth.success || !auth.userId) { |
| 121 | logger.warn(`[${requestId}] Authentication failed: ${auth.error}`) |
| 122 | return { |
| 123 | success: false, |
| 124 | errorResponse: createMcpErrorResponse( |
| 125 | new Error(auth.error || 'Authentication required'), |
| 126 | 'Authentication failed', |
| 127 | 401 |
| 128 | ), |
| 129 | } |
| 130 | } |
| 131 | |
| 132 | let workspaceId: string | null = null |
| 133 | |
| 134 | const { searchParams } = new URL(request.url) |
| 135 | workspaceId = searchParams.get('workspaceId') |
| 136 | |
| 137 | if (!workspaceId) { |
| 138 | try { |
| 139 | const contentType = request.headers.get('content-type') |
| 140 | if (contentType?.includes('application/json')) { |
| 141 | const body = await readMcpJsonBodyWithLimit(request) |
| 142 | const bodyWorkspaceId = |
| 143 | body && typeof body === 'object' && 'workspaceId' in body |
| 144 | ? (body as { workspaceId?: unknown }).workspaceId |
| 145 | : undefined |
| 146 | workspaceId = typeof bodyWorkspaceId === 'string' ? bodyWorkspaceId : null |
| 147 | } |
| 148 | } catch (error) { |
| 149 | const errorResponse = mcpBodyReadErrorResponse(error, request) |
| 150 | if (errorResponse) return { success: false, errorResponse } |
| 151 | } |
| 152 | } |
| 153 | |
| 154 | if (!workspaceId) { |
| 155 | return { |
| 156 | success: false, |
| 157 | errorResponse: createMcpErrorResponse( |
| 158 | new Error('workspaceId is required'), |
| 159 | 'Missing required parameter', |
| 160 | 400 |
| 161 | ), |
| 162 | } |
| 163 | } |
| 164 | |
| 165 | const userPermissions = await getUserEntityPermissions(auth.userId, 'workspace', workspaceId) |
| 166 | if (!userPermissions) { |
| 167 | return { |
| 168 | success: false, |
| 169 | errorResponse: createMcpErrorResponse( |
no test coverage detected