import { ApiAuthService } from "@/src/features/public-api/server/apiAuth"; import { cors, runMiddleware } from "@/src/features/public-api/server/cors"; import { prisma } from "@langfuse/shared/src/db"; import { logger, redis } from "@langfuse/shared/src/server"; import { type NextApiRequest, type NextApiResponse } from "next"; export default async function handler( req: NextApiRequest, res: NextApiResponse, ) { await runMiddleware(req, res, cors); if (req.method !== "GET") { logger.error( `Method not allowed for ${req.method} on /api/public/scim/ServiceProviderConfig`, ); return res.status(405).json({ schemas: ["urn:ietf:params:scim:api:messages:2.0:Error"], detail: "Method not allowed", status: 405, }); } // CHECK AUTH const authCheck = await new ApiAuthService( prisma, redis, ).verifyAuthHeaderAndReturnScope(req.headers.authorization); if (!authCheck.validKey) { return res.status(401).json({ schemas: ["urn:ietf:params:scim:api:messages:2.0:Error"], detail: authCheck.error, status: 401, }); } // END CHECK AUTH // Check if using an organization API key if ( authCheck.scope.accessLevel !== "organization" || !authCheck.scope.orgId ) { return res.status(403).json({ schemas: ["urn:ietf:params:scim:api:messages:2.0:Error"], detail: "Invalid API key. Organization-scoped API key required for this operation.", status: 403, }); } // Return the service provider configuration return res.status(200).json({ schemas: ["urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"], documentationUri: "https://docs.langfuse.com/scim", patch: { supported: false, }, bulk: { supported: false, maxOperations: 0, maxPayloadSize: 0, }, filter: { supported: true, maxResults: 100, }, changePassword: { supported: false, }, sort: { supported: false, }, etag: { supported: false, }, authenticationSchemes: [ { name: "Basic Authentication", description: "Authentication via HTTP Basic Auth", specUri: "https://tools.ietf.org/html/rfc2617", type: "httpbasic", primary: true, }, ], meta: { resourceType: "ServiceProviderConfig", location: "/api/public/scim/ServiceProviderConfig", }, }); }