fix(webhooks): return 401 when requireAuth is true but no token configured

If a user explicitly sets requireAuth: true, they expect auth to be enforced.
Returning 401 when no token is configured is the correct behavior — this is
an intentional improvement over the original code which silently allowed
unauthenticated access in this case.

Author: waleedlatif1

apps/sim/lib/webhooks/providers/generic.ts

@@ -14,11 +14,15 @@ export const genericHandler: WebhookProviderHandler = {
   verifyAuth({ request, requestId, providerConfig }: AuthContext) {
     if (providerConfig.requireAuth) {
       const configToken = providerConfig.token as string | undefined
-      if (configToken) {
-        const secretHeaderName = providerConfig.secretHeaderName as string | undefined
-        if (!verifyTokenAuth(request, configToken, secretHeaderName)) {
-          return new NextResponse('Unauthorized - Invalid authentication token', { status: 401 })
-        }
+      if (!configToken) {
+        return new NextResponse('Unauthorized - Authentication required but no token configured', {
+          status: 401,
+        })
+      }
+
+      const secretHeaderName = providerConfig.secretHeaderName as string | undefined
+      if (!verifyTokenAuth(request, configToken, secretHeaderName)) {
+        return new NextResponse('Unauthorized - Invalid authentication token', { status: 401 })
       }
     }