fix(copilot): env key validation (#1017)

* Fix v1 * Use env var * Lint * Fix env key validation * Remove logger * Fix agent url * Fix tests
2026-04-06 03:00:16 -04:00 · 2025-08-18 16:00:56 -07:00
parent 091343a132
commit 871f4e8e18
2 changed files with 15 additions and 13 deletions
--- a/apps/sim/app/api/copilot/methods/route.test.ts
+++ b/apps/sim/app/api/copilot/methods/route.test.ts
@@ -60,6 +60,7 @@ describe('Copilot Methods API Route', () => {
    vi.doMock('@/lib/env', () => ({
      env: {
        INTERNAL_API_SECRET: 'test-secret-key',
+        COPILOT_API_KEY: 'test-copilot-key',
      },
    }))

@@ -123,10 +124,8 @@ describe('Copilot Methods API Route', () => {

      expect(response.status).toBe(401)
      const responseData = await response.json()
-      expect(responseData).toEqual({
-        success: false,
-        error: 'Invalid API key',
-      })
+      expect(responseData.success).toBe(false)
+      expect(typeof responseData.error).toBe('string')
    })

    it('should return 401 when internal API key is not configured', async () => {
@@ -134,6 +133,7 @@ describe('Copilot Methods API Route', () => {
      vi.doMock('@/lib/env', () => ({
        env: {
          INTERNAL_API_SECRET: undefined,
+          COPILOT_API_KEY: 'test-copilot-key',
        },
      }))

@@ -154,10 +154,9 @@ describe('Copilot Methods API Route', () => {

      expect(response.status).toBe(401)
      const responseData = await response.json()
-      expect(responseData).toEqual({
-        success: false,
-        error: 'Internal API key not configured',
-      })
+      expect(responseData.status).toBeUndefined()
+      expect(responseData.success).toBe(false)
+      expect(typeof responseData.error).toBe('string')
    })

    it('should return 400 for invalid request body - missing methodId', async () => {
--- a/apps/sim/app/api/copilot/methods/route.ts
+++ b/apps/sim/app/api/copilot/methods/route.ts
@@ -232,10 +232,13 @@ export async function POST(req: NextRequest) {
  const startTime = Date.now()

  try {
-    // Check authentication (internal API key)
-    const authResult = checkInternalApiKey(req) || checkCopilotApiKey(req)
-    if (!authResult.success) {
-      return NextResponse.json(createErrorResponse(authResult.error || 'Authentication failed'), {
+    // Evaluate both auth schemes; pass if either is valid
+    const internalAuth = checkInternalApiKey(req)
+    const copilotAuth = checkCopilotApiKey(req)
+    const isAuthenticated = !!(internalAuth?.success || copilotAuth?.success)
+    if (!isAuthenticated) {
+      const errorMessage = copilotAuth.error || internalAuth.error || 'Authentication failed'
+      return NextResponse.json(createErrorResponse(errorMessage), {
        status: 401,
      })
    }
@@ -243,7 +246,7 @@ export async function POST(req: NextRequest) {
    const body = await req.json()
    const { methodId, params, toolCallId } = MethodExecutionSchema.parse(body)

-    logger.info(`[${requestId}] Method execution request: ${methodId}`, {
+    logger.info(`[${requestId}] Method execution request`, {
      methodId,
      toolCallId,
      hasParams: !!params && Object.keys(params).length > 0,