fix: prevent auth bypass via user-controlled context query param in file serve

The /api/files/serve endpoint trusted a user-supplied `context` query
parameter to skip authentication. An attacker could append
`?context=profile-pictures` to any file URL and download files without
auth. Now the public access gate checks the key prefix instead of the
query param, and `og-images/` is added to `inferContextFromKey`.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: waleedlatif1

apps/sim/app/api/files/serve/[...path]/route.ts

@@ -97,9 +97,11 @@ export async function GET(
     const contextParam = request.nextUrl.searchParams.get('context')
     const raw = request.nextUrl.searchParams.get('raw') === '1'
 
-    const context = contextParam || (isCloudPath ? inferContextFromKey(cloudKey) : undefined)
+    const isPublicByKeyPrefix =
+      cloudKey.startsWith('profile-pictures/') || cloudKey.startsWith('og-images/')
 
-    if (context === 'profile-pictures' || context === 'og-images') {
+    if (isPublicByKeyPrefix) {
+      const context = inferContextFromKey(cloudKey)
       logger.info(`Serving public ${context}:`, { cloudKey })
       if (isUsingCloudStorage() || isCloudPath) {
         return await handleCloudProxyPublic(cloudKey, context)

apps/sim/lib/uploads/utils/file-utils.ts

@@ -419,10 +419,11 @@ export function inferContextFromKey(key: string): StorageContext {
   if (key.startsWith('execution/')) return 'execution'
   if (key.startsWith('workspace/')) return 'workspace'
   if (key.startsWith('profile-pictures/')) return 'profile-pictures'
+  if (key.startsWith('og-images/')) return 'og-images'
   if (key.startsWith('logs/')) return 'logs'
 
   throw new Error(
-    `File key must start with a context prefix (kb/, chat/, copilot/, execution/, workspace/, profile-pictures/, or logs/). Got: ${key}`
+    `File key must start with a context prefix (kb/, chat/, copilot/, execution/, workspace/, profile-pictures/, og-images/, or logs/). Got: ${key}`
   )
 }