fix(pulse): support Bearer token authentication

lib/pulse/validateGetPulseRequest.ts

@@ -1,42 +1,32 @@
 import type { NextRequest } from "next/server";
 import { NextResponse } from "next/server";
-import { getApiKeyAccountId } from "@/lib/auth/getApiKeyAccountId";
-import { validateOverrideAccountId } from "@/lib/accounts/validateOverrideAccountId";
+import { validateAuthContext } from "@/lib/auth/validateAuthContext";
 
 export type GetPulseRequestResult = {
   accountId: string;
 };
 
 /**
  * Validates GET /api/pulse request.
- * Handles authentication via x-api-key and optional account_id query parameter.
+ * Handles authentication via x-api-key or Authorization bearer token,
+ * and optional account_id query parameter.
  *
  * @param request - The NextRequest object
  * @returns A NextResponse with an error if validation fails, or the validated result
  */
 export async function validateGetPulseRequest(
   request: NextRequest,
 ): Promise<NextResponse | GetPulseRequestResult> {
-  const accountIdOrError = await getApiKeyAccountId(request);
-  if (accountIdOrError instanceof NextResponse) {
-    return accountIdOrError;
-  }
-  let accountId = accountIdOrError;
-
   const { searchParams } = new URL(request.url);
   const targetAccountId = searchParams.get("account_id");
 
-  if (targetAccountId) {
-    const apiKey = request.headers.get("x-api-key");
-    const overrideResult = await validateOverrideAccountId({
-      apiKey,
-      targetAccountId,
-    });
-    if (overrideResult instanceof NextResponse) {
-      return overrideResult;
-    }
-    accountId = overrideResult.accountId;
+  const authResult = await validateAuthContext(request, {
+    accountId: targetAccountId ?? undefined,
+  });
+
+  if (authResult instanceof NextResponse) {
+    return authResult;
   }
 
-  return { accountId };
+  return { accountId: authResult.accountId };
 }

lib/pulse/validateUpdatePulseRequest.ts

@@ -1,7 +1,6 @@
 import type { NextRequest } from "next/server";
 import { NextResponse } from "next/server";
-import { getApiKeyAccountId } from "@/lib/auth/getApiKeyAccountId";
-import { validateOverrideAccountId } from "@/lib/accounts/validateOverrideAccountId";
+import { validateAuthContext } from "@/lib/auth/validateAuthContext";
 import { safeParseJson } from "@/lib/networking/safeParseJson";
 import { validateUpdatePulseBody } from "./validateUpdatePulseBody";
 
@@ -12,38 +11,29 @@ export type UpdatePulseRequestResult = {
 
 /**
  * Validates PATCH /api/pulse request.
- * Handles authentication via x-api-key, body validation, and optional account_id override.
+ * Handles authentication via x-api-key or Authorization bearer token,
+ * body validation, and optional account_id override.
  *
  * @param request - The NextRequest object
  * @returns A NextResponse with an error if validation fails, or the validated result
  */
 export async function validateUpdatePulseRequest(
   request: NextRequest,
 ): Promise<NextResponse | UpdatePulseRequestResult> {
-  const accountIdOrError = await getApiKeyAccountId(request);
-  if (accountIdOrError instanceof NextResponse) {
-    return accountIdOrError;
-  }
-  let accountId = accountIdOrError;
-
   const body = await safeParseJson(request);
   const validated = validateUpdatePulseBody(body);
   if (validated instanceof NextResponse) {
     return validated;
   }
   const { active, account_id: targetAccountId } = validated;
 
-  if (targetAccountId) {
-    const apiKey = request.headers.get("x-api-key");
-    const overrideResult = await validateOverrideAccountId({
-      apiKey,
-      targetAccountId,
-    });
-    if (overrideResult instanceof NextResponse) {
-      return overrideResult;
-    }
-    accountId = overrideResult.accountId;
+  const authResult = await validateAuthContext(request, {
+    accountId: targetAccountId,
+  });
+
+  if (authResult instanceof NextResponse) {
+    return authResult;
   }
 
-  return { accountId, active };
+  return { accountId: authResult.accountId, active };
 }