fix(webhooks): validate auth token is set when requireAuth is enabled at deploy time

Rejects deployment with a clear error message if a generic webhook trigger has requireAuth enabled but no authentication token configured, rather than letting requests fail with 401 at runtime. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-06 03:00:16 -04:00 · 2026-04-05 12:09:01 -07:00
parent 60610b7351
commit 1478de1332
1 changed files with 12 additions and 0 deletions
--- a/apps/sim/lib/webhooks/deploy.ts
+++ b/apps/sim/lib/webhooks/deploy.ts
@@ -447,6 +447,18 @@ export async function saveTriggerWebhooksForDeploy({
      }
    }

+    if (providerConfig.requireAuth && !providerConfig.token) {
+      await restorePreviousSubscriptions()
+      return {
+        success: false,
+        error: {
+          message:
+            'Authentication is enabled but no token is configured. Please set an authentication token or disable authentication.',
+          status: 400,
+        },
+      }
+    }
+
    webhookConfigs.set(block.id, { provider, providerConfig, triggerPath, triggerDef })

    if (providerConfig.credentialSetId) {