v0.4.21: more internal auth changes, supabase vector search tool

apps/sim/app/api/copilot/checkpoints/revert/route.test.ts

@@ -23,6 +23,13 @@ describe('Copilot Checkpoints Revert API Route', () => {
     setupCommonApiMocks()
     mockCryptoUuid()
 
+    // Mock getBaseUrl to return localhost for tests
+    vi.doMock('@/lib/urls/utils', () => ({
+      getBaseUrl: vi.fn(() => 'http://localhost:3000'),
+      getBaseDomain: vi.fn(() => 'localhost:3000'),
+      getEmailDomain: vi.fn(() => 'localhost:3000'),
+    }))
+
     mockSelect.mockReturnValue({ from: mockFrom })
     mockFrom.mockReturnValue({ where: mockWhere })
     mockWhere.mockReturnValue({ then: mockThen })

apps/sim/app/api/copilot/checkpoints/revert/route.ts

@@ -12,6 +12,7 @@ import {
 } from '@/lib/copilot/auth'
 import { createLogger } from '@/lib/logs/console/logger'
 import { validateUUID } from '@/lib/security/input-validation'
+import { getBaseUrl } from '@/lib/urls/utils'
 
 const logger = createLogger('CheckpointRevertAPI')
 
@@ -93,7 +94,7 @@ export async function POST(request: NextRequest) {
     }
 
     const stateResponse = await fetch(
-      `${request.nextUrl.origin}/api/workflows/${checkpoint.workflowId}/state`,
+      `${getBaseUrl()}/api/workflows/${checkpoint.workflowId}/state`,
       {
         method: 'PUT',
         headers: {

apps/sim/lib/knowledge/documents/document-processor.ts

@@ -417,11 +417,20 @@ async function parseWithMistralOCR(fileUrl: string, filename: string, mimeType:
           url = `${getBaseUrl()}${url}`
         }
 
-        const headers =
+        let headers =
           typeof mistralParserTool.request!.headers === 'function'
             ? mistralParserTool.request!.headers(params)
             : mistralParserTool.request!.headers
 
+        if (url.includes('/api/tools/mistral/parse')) {
+          const { generateInternalToken } = await import('@/lib/auth/internal')
+          const internalToken = await generateInternalToken()
+          headers = {
+            ...headers,
+            Authorization: `Bearer ${internalToken}`,
+          }
+        }
+
         const requestBody = mistralParserTool.request!.body!(params) as OCRRequestBody
         return makeOCRRequest(url, headers as Record<string, string>, requestBody)
       },

apps/sim/tools/index.ts

@@ -451,13 +451,18 @@ async function handleInternalRequest(
     }
 
     const headers = new Headers(requestParams.headers)
+    const isInternalRoute = endpointUrl.startsWith('/api/')
     if (typeof window === 'undefined') {
-      try {
-        const internalToken = await generateInternalToken()
-        headers.set('Authorization', `Bearer ${internalToken}`)
-        logger.info(`[${requestId}] Added internal auth token for ${toolId}`)
-      } catch (error) {
-        logger.error(`[${requestId}] Failed to generate internal token for ${toolId}:`, error)
+      if (isInternalRoute) {
+        try {
+          const internalToken = await generateInternalToken()
+          headers.set('Authorization', `Bearer ${internalToken}`)
+          logger.info(`[${requestId}] Added internal auth token for ${toolId}`)
+        } catch (error) {
+          logger.error(`[${requestId}] Failed to generate internal token for ${toolId}:`, error)
+        }
+      } else {
+        logger.info(`[${requestId}] Skipping internal auth token for external URL: ${endpointUrl}`)
       }
     }