fix(internal-req): add internal token to server side

[icecrasher321]

Summary

Internal Request function needs to add internal token since we moved to calling routes for some tools like slack send message and telegram

Type of Change

• Bug fix

Testing

Tested manually with @aadamgough

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
docs	Skipped			Oct 21, 2025 6:37pm

[greptile-apps]

Greptile Overview

Summary

Added internal JWT authentication for server-side tool execution to enable secure communication between workflow execution engine and internal API endpoints.

Key Changes:

• Modified handleInternalRequest to accept optional executionContext parameter
• Added workflowId as query parameter to internal requests when executing server-side
• Integrated generateInternalToken() to create signed JWT for server-side requests
• Set Authorization: Bearer header with internal JWT when typeof window === 'undefined'
• Updated OAuth token fetch logic to include internal JWT for server-side calls

Integration:
The authentication flow integrates with the existing checkHybridAuth() system in lib/auth/hybrid.ts, which verifies the JWT signature and extracts workflowId to determine the workflow owner's userId for proper authorization context.

Confidence Score: 4/5

• This PR is safe to merge with minor testing recommended
• The implementation correctly integrates internal JWT authentication for server-side tool requests, following established patterns in the codebase. The code properly checks for server-side execution, generates signed JWTs, and passes workflowId for user context resolution. Error handling is in place for token generation failures. However, the PR description is incomplete ('IN PROGRESS') and there's no indication of testing coverage for this authentication flow.
• No files require special attention. The changes are well-contained and follow existing authentication patterns.

Important Files Changed

File Analysis

Filename	Score	Overview
apps/sim/tools/index.ts	4/5	Added internal JWT token authentication for server-side tool requests via Authorization header and workflowId query parameter

Sequence Diagram

sequenceDiagram
    participant Tool as executeTool()
    participant Handler as handleInternalRequest()
    participant AuthSvc as generateInternalToken()
    participant API as Internal API Route
    participant HybridAuth as checkHybridAuth()
    
    Tool->>Tool: Check if server-side
    Tool->>Handler: Pass executionContext with workflowId
    Handler->>Handler: Build URL with workflowId query param
    Handler->>AuthSvc: Generate JWT
    AuthSvc-->>Handler: Return JWT
    Handler->>Handler: Add to headers
    Handler->>API: HTTP request
    API->>HybridAuth: Check headers
    HybridAuth->>HybridAuth: Verify JWT
    HybridAuth->>HybridAuth: Extract workflowId
    HybridAuth->>HybridAuth: Lookup userId
    HybridAuth-->>API: Auth success
    API-->>Handler: Response
    Handler-->>Tool: ToolResponse

Loading

_{1 file reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}