fix(elevenlabs): added internal auth helper for proxy routes #1732
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Greptile Overview
Greptile Summary
This PR adds authentication to proxy routes using the checkHybridAuth helper, which supports three authentication methods: internal JWT tokens, session cookies, and request headers. The authentication check was added to all proxy endpoints (/api/proxy, /api/proxy/image, /api/proxy/tts, /api/proxy/tts/stream) to prevent unauthorized access.
Key Changes:
- Added
checkHybridAuthcall at the start of each proxy route handler withrequireWorkflowId: falseoption - Improved error response consistency in TTS routes by using
NextResponse.jsonformat throughout - Added error handling in
elevenlabs/tts.tsto properly handle error responses from the proxy - Removed
.concurrentflag from all tests to run them sequentially (addressing test flakiness) - Cleaned up unnecessary comments in proxy route file
Confidence Score: 5/5
- This PR is safe to merge with minimal risk
- The changes are straightforward security improvements that add authentication to previously unprotected proxy routes. The
checkHybridAuthhelper is well-tested and already used elsewhere in the codebase. The implementation is consistent across all proxy endpoints, and the test changes address concurrency issues. No breaking changes or risky logic modifications. - No files require special attention
Important Files Changed
File Analysis
| Filename | Score | Overview |
|---|---|---|
| apps/sim/app/api/proxy/route.ts | 5/5 | Added checkHybridAuth call at the start of POST handler to authenticate requests; removed some comments |
| apps/sim/app/api/proxy/image/route.ts | 5/5 | Added checkHybridAuth call at the start of GET handler to authenticate image proxy requests |
| apps/sim/app/api/proxy/tts/route.ts | 5/5 | Added checkHybridAuth authentication; improved error responses by consistently using NextResponse.json format |
| apps/sim/app/api/proxy/tts/stream/route.ts | 5/5 | Added checkHybridAuth call at the start of POST handler to authenticate streaming TTS requests |
| apps/sim/tools/elevenlabs/tts.ts | 5/5 | Added error handling in transformResponse to check for errors in the response data and return appropriate error structure |
| apps/sim/tools/index.test.ts | 5/5 | Removed .concurrent flag from all test cases to run tests sequentially instead of concurrently |
Sequence Diagram
sequenceDiagram
participant Client
participant ProxyRoute as Proxy Route
participant HybridAuth as checkHybridAuth
participant AuthLayer as Authentication Layer
participant ToolExecution as Tool Execution
Client->>ProxyRoute: POST /api/proxy
ProxyRoute->>HybridAuth: Verify request
HybridAuth->>AuthLayer: Check internal token
alt Internal token present and validated
AuthLayer-->>HybridAuth: Returns user context from workflow
HybridAuth-->>ProxyRoute: Access granted
else Internal token not present or invalid
AuthLayer->>AuthLayer: Check session cookie
alt Session cookie found and verified
AuthLayer-->>HybridAuth: Returns user from session
HybridAuth-->>ProxyRoute: Access granted
else No session cookie
AuthLayer->>AuthLayer: Check request headers
alt Request headers verified
AuthLayer-->>HybridAuth: Returns user from headers
HybridAuth-->>ProxyRoute: Access granted
else No access method found
AuthLayer-->>HybridAuth: No authentication present
HybridAuth-->>ProxyRoute: Access denied
end
end
end
alt Access Denied
ProxyRoute-->>Client: 401 Unauthorized
else Access Granted
ProxyRoute->>ToolExecution: Execute tool with params
ToolExecution-->>ProxyRoute: Tool result
ProxyRoute-->>Client: 200 OK with result
end
8 files reviewed, no comments
waleedlatif1
added a commit
that referenced
this pull request
Oct 27, 2025
* fix(elevenlabs): added internal auth helper for proxy routes * remove concurrent tests * build fix
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Type of Change
Testing
Tested manually
Checklist