github/sim
1
0
Fork 0
mirror of https://github.com/simstudioai/sim.git synced 2026-01-09 15:07:55 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix(cron): reject CRON requests when CRON secret is not set (#2343)

Browse Source
This commit is contained in:
Waleed
2025-12-12 17:08:48 -08:00
committed by GitHub
parent 0415eb47fe
commit e359dc2946
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/sim/app/api/workflows/middleware.ts
View File

@@ -42,7 +42,7 @@ export async function validateWorkflowAccess(
}
const internalSecret = request.headers.get('X-Internal-Secret')
if (internalSecret === env.INTERNAL_API_SECRET) {
if (env.INTERNAL_API_SECRET && internalSecret === env.INTERNAL_API_SECRET) {
return { workflow }
}

10
apps/sim/lib/auth/internal.ts
View File

@@ -69,6 +69,16 @@ export async function verifyInternalToken(
* Returns null if authorized, or a NextResponse with error if unauthorized
*/
export function verifyCronAuth(request: NextRequest, context?: string): NextResponse | null {
if (!env.CRON_SECRET) {
const contextInfo = context ? ` for ${context}` : ''
logger.warn(`CRON endpoint accessed but CRON_SECRET is not configured${contextInfo}`, {
ip: request.headers.get('x-forwarded-for') ?? request.headers.get('x-real-ip') ?? 'unknown',
userAgent: request.headers.get('user-agent') ?? 'unknown',
context,
})
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
const authHeader = request.headers.get('authorization')
const expectedAuth = `Bearer ${env.CRON_SECRET}`
if (authHeader !== expectedAuth) {