github/sim
1
1
Fork 0
mirror of https://github.com/simstudioai/sim.git synced 2026-04-06 03:00:16 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix(webhooks): return 401 when requireAuth is true but no token configured

Browse Source 
If a user explicitly sets requireAuth: true, they expect auth to be enforced.
Returning 401 when no token is configured is the correct behavior — this is
an intentional improvement over the original code which silently allowed
unauthenticated access in this case.
This commit is contained in:
Waleed Latif
2026-04-05 09:45:53 -07:00
parent 403e32ff33
commit 5d9b95a904
1 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
apps/sim/lib/webhooks/providers/generic.ts
View File

@@ -14,11 +14,15 @@ export const genericHandler: WebhookProviderHandler = {
verifyAuth({ request, requestId, providerConfig }: AuthContext) {
if (providerConfig.requireAuth) {
const configToken = providerConfig.token as string | undefined
if (configToken) {
const secretHeaderName = providerConfig.secretHeaderName as string | undefined
if (!verifyTokenAuth(request, configToken, secretHeaderName)) {
return new NextResponse('Unauthorized - Invalid authentication token', { status: 401 })
}
if (!configToken) {
return new NextResponse('Unauthorized - Authentication required but no token configured', {
status: 401,
})
}
const secretHeaderName = providerConfig.secretHeaderName as string | undefined
if (!verifyTokenAuth(request, configToken, secretHeaderName)) {
return new NextResponse('Unauthorized - Invalid authentication token', { status: 401 })
}
}