fix(auth): revert lint autofix on hasExternalApiCredentials return type

waleedlatif1 · waleedlatif1 · commit 98e42d3fe8d0 · 2026-03-27T17:29:34.000-07:00
Also pin SFTP/SSH connections to validated resolved IP to prevent DNS rebinding.
diff --git a/apps/sim/app/api/tools/sftp/utils.ts b/apps/sim/app/api/tools/sftp/utils.ts
@@ -104,6 +104,8 @@ export async function createSftpConnection(config: SftpConnectionConfig): Promis
     throw new Error(hostValidation.error)
   }
 
+  const resolvedHost = hostValidation.resolvedIP ?? host.trim()
+
   return new Promise((resolve, reject) => {
     const client = new Client()
     const port = config.port || 22
@@ -117,7 +119,7 @@ export async function createSftpConnection(config: SftpConnectionConfig): Promis
     }
 
     const connectConfig: ConnectConfig = {
-      host: host.trim(),
+      host: resolvedHost,
       port,
       username: config.username,
     }
diff --git a/apps/sim/app/api/tools/ssh/utils.ts b/apps/sim/app/api/tools/ssh/utils.ts
@@ -121,6 +121,8 @@ export async function createSSHConnection(config: SSHConnectionConfig): Promise<
     throw new Error(hostValidation.error)
   }
 
+  const resolvedHost = hostValidation.resolvedIP ?? host.trim()
+
   return new Promise((resolve, reject) => {
     const client = new Client()
     const port = config.port || 22
@@ -134,7 +136,7 @@ export async function createSSHConnection(config: SSHConnectionConfig): Promise<
     }
 
     const connectConfig: ConnectConfig = {
-      host: host.trim(),
+      host: resolvedHost,
       port,
       username: config.username,
     }
diff --git a/apps/sim/lib/auth/hybrid.ts b/apps/sim/lib/auth/hybrid.ts
@@ -25,7 +25,7 @@ const BEARER_PREFIX = 'Bearer '
 export function hasExternalApiCredentials(headers: Headers): boolean {
   if (headers.has(API_KEY_HEADER)) return true
   const auth = headers.get('authorization')
-  return auth?.startsWith(BEARER_PREFIX)
+  return auth !== null && auth.startsWith(BEARER_PREFIX)
 }
 
 export interface AuthResult {

Original file line number	Diff line number	Diff line change
`@@ -104,6 +104,8 @@ export async function createSftpConnection(config: SftpConnectionConfig): Promis`
`104`	`104`	`throw new Error(hostValidation.error)`
`105`	`105`	`}`
`106`	`106`
	`107`	`+ const resolvedHost = hostValidation.resolvedIP ?? host.trim()`
	`108`	`+`
`107`	`109`	`return new Promise((resolve, reject) => {`
`108`	`110`	`const client = new Client()`
`109`	`111`	`const port = config.port \|\| 22`
`@@ -117,7 +119,7 @@ export async function createSftpConnection(config: SftpConnectionConfig): Promis`
`117`	`119`	`}`
`118`	`120`
`119`	`121`	`const connectConfig: ConnectConfig = {`
`120`		`- host: host.trim(),`
	`122`	`+ host: resolvedHost,`
`121`	`123`	`port,`
`122`	`124`	`username: config.username,`
`123`	`125`	`}`
Original file line number	Diff line number	Diff line change
`@@ -121,6 +121,8 @@ export async function createSSHConnection(config: SSHConnectionConfig): Promise<`
`121`	`121`	`throw new Error(hostValidation.error)`
`122`	`122`	`}`
`123`	`123`
	`124`	`+ const resolvedHost = hostValidation.resolvedIP ?? host.trim()`
	`125`	`+`
`124`	`126`	`return new Promise((resolve, reject) => {`
`125`	`127`	`const client = new Client()`
`126`	`128`	`const port = config.port \|\| 22`
`@@ -134,7 +136,7 @@ export async function createSSHConnection(config: SSHConnectionConfig): Promise<`
`134`	`136`	`}`
`135`	`137`
`136`	`138`	`const connectConfig: ConnectConfig = {`
`137`		`- host: host.trim(),`
	`139`	`+ host: resolvedHost,`
`138`	`140`	`port,`
`139`	`141`	`username: config.username,`
`140`	`142`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ const BEARER_PREFIX = 'Bearer '`
`25`	`25`	`export function hasExternalApiCredentials(headers: Headers): boolean {`
`26`	`26`	`if (headers.has(API_KEY_HEADER)) return true`
`27`	`27`	`const auth = headers.get('authorization')`
`28`		`- return auth?.startsWith(BEARER_PREFIX)`
	`28`	`+ return auth !== null && auth.startsWith(BEARER_PREFIX)`
`29`	`29`	`}`
`30`	`30`
`31`	`31`	`export interface AuthResult {`