From 45f23f669fbf2af7621a74b0d0e040113ac3d35d Mon Sep 17 00:00:00 2001
From: Sweets Sweetman <sweetmantech@gmail.com>
Date: Mon, 26 Jan 2026 20:28:24 -0500
Subject: [PATCH] fix(pulse): support Bearer token authentication

Update pulse validation to use validateAuthContext which supports both
x-api-key and Authorization Bearer token authentication methods.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 lib/pulse/validateGetPulseRequest.ts    | 30 +++++++++----------------
 lib/pulse/validateUpdatePulseRequest.ts | 30 +++++++++----------------
 2 files changed, 20 insertions(+), 40 deletions(-)

diff --git a/lib/pulse/validateGetPulseRequest.ts b/lib/pulse/validateGetPulseRequest.ts
index b3aa1d3..1f6d23d 100644
--- a/lib/pulse/validateGetPulseRequest.ts
+++ b/lib/pulse/validateGetPulseRequest.ts
@@ -1,7 +1,6 @@
 import type { NextRequest } from "next/server";
 import { NextResponse } from "next/server";
-import { getApiKeyAccountId } from "@/lib/auth/getApiKeyAccountId";
-import { validateOverrideAccountId } from "@/lib/accounts/validateOverrideAccountId";
+import { validateAuthContext } from "@/lib/auth/validateAuthContext";
 
 export type GetPulseRequestResult = {
   accountId: string;
@@ -9,7 +8,8 @@ export type GetPulseRequestResult = {
 
 /**
  * Validates GET /api/pulse request.
- * Handles authentication via x-api-key and optional account_id query parameter.
+ * Handles authentication via x-api-key or Authorization bearer token,
+ * and optional account_id query parameter.
  *
  * @param request - The NextRequest object
  * @returns A NextResponse with an error if validation fails, or the validated result
@@ -17,26 +17,16 @@ export type GetPulseRequestResult = {
 export async function validateGetPulseRequest(
   request: NextRequest,
 ): Promise<NextResponse | GetPulseRequestResult> {
-  const accountIdOrError = await getApiKeyAccountId(request);
-  if (accountIdOrError instanceof NextResponse) {
-    return accountIdOrError;
-  }
-  let accountId = accountIdOrError;
-
   const { searchParams } = new URL(request.url);
   const targetAccountId = searchParams.get("account_id");
 
-  if (targetAccountId) {
-    const apiKey = request.headers.get("x-api-key");
-    const overrideResult = await validateOverrideAccountId({
-      apiKey,
-      targetAccountId,
-    });
-    if (overrideResult instanceof NextResponse) {
-      return overrideResult;
-    }
-    accountId = overrideResult.accountId;
+  const authResult = await validateAuthContext(request, {
+    accountId: targetAccountId ?? undefined,
+  });
+
+  if (authResult instanceof NextResponse) {
+    return authResult;
   }
 
-  return { accountId };
+  return { accountId: authResult.accountId };
 }
diff --git a/lib/pulse/validateUpdatePulseRequest.ts b/lib/pulse/validateUpdatePulseRequest.ts
index 466c6df..42ffe18 100644
--- a/lib/pulse/validateUpdatePulseRequest.ts
+++ b/lib/pulse/validateUpdatePulseRequest.ts
@@ -1,7 +1,6 @@
 import type { NextRequest } from "next/server";
 import { NextResponse } from "next/server";
-import { getApiKeyAccountId } from "@/lib/auth/getApiKeyAccountId";
-import { validateOverrideAccountId } from "@/lib/accounts/validateOverrideAccountId";
+import { validateAuthContext } from "@/lib/auth/validateAuthContext";
 import { safeParseJson } from "@/lib/networking/safeParseJson";
 import { validateUpdatePulseBody } from "./validateUpdatePulseBody";
 
@@ -12,7 +11,8 @@ export type UpdatePulseRequestResult = {
 
 /**
  * Validates PATCH /api/pulse request.
- * Handles authentication via x-api-key, body validation, and optional account_id override.
+ * Handles authentication via x-api-key or Authorization bearer token,
+ * body validation, and optional account_id override.
  *
  * @param request - The NextRequest object
  * @returns A NextResponse with an error if validation fails, or the validated result
@@ -20,12 +20,6 @@ export type UpdatePulseRequestResult = {
 export async function validateUpdatePulseRequest(
   request: NextRequest,
 ): Promise<NextResponse | UpdatePulseRequestResult> {
-  const accountIdOrError = await getApiKeyAccountId(request);
-  if (accountIdOrError instanceof NextResponse) {
-    return accountIdOrError;
-  }
-  let accountId = accountIdOrError;
-
   const body = await safeParseJson(request);
   const validated = validateUpdatePulseBody(body);
   if (validated instanceof NextResponse) {
@@ -33,17 +27,13 @@ export async function validateUpdatePulseRequest(
   }
   const { active, account_id: targetAccountId } = validated;
 
-  if (targetAccountId) {
-    const apiKey = request.headers.get("x-api-key");
-    const overrideResult = await validateOverrideAccountId({
-      apiKey,
-      targetAccountId,
-    });
-    if (overrideResult instanceof NextResponse) {
-      return overrideResult;
-    }
-    accountId = overrideResult.accountId;
+  const authResult = await validateAuthContext(request, {
+    accountId: targetAccountId,
+  });
+
+  if (authResult instanceof NextResponse) {
+    return authResult;
   }
 
-  return { accountId, active };
+  return { accountId: authResult.accountId, active };
 }