Fix auth handler (#1706)

<!--
Ensure the title clearly reflects what was changed.
Provide a clear and concise description of the changes made. The PR
should only contain the changes related to the issue, and no other
unrelated changes.
-->

Fixes OPS-3125

Deployed to UX


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
  * Simplified authentication header handling in API requests
* Enhanced token retrieval to prioritize cookies alongside authorization
headers
  * Optimized internal authentication validation logic

<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Author: alexandrudanpop

packages/react-ui/src/app/interceptors/request-interceptor.ts

@@ -1,24 +1,9 @@
-import { API_URL, isUrlRelative } from '@/app/lib/api';
 import { authenticationSession } from '@/app/lib/authentication-session';
 import { InternalAxiosRequestConfig } from 'axios';
-
-const unauthenticatedRoutes = [
-  '/v1/authentication/sign-in',
-  '/v1/authentication/sign-up',
-  '/v1/authn/local/verify-email',
-  '/v1/flags',
-  '/v1/forms/',
-  '/v1/user-invitations/accept',
-];
+import { isUrlRelative } from '../lib/api';
 
 const needsAuthHeader = (url: string): boolean => {
-  const resolvedUrl = !isUrlRelative(url) ? url : `${API_URL}${url}`;
-  const isLocalUrl = resolvedUrl.includes(API_URL);
-  const isUnauthenticatedRoute = unauthenticatedRoutes.some((route) =>
-    url.startsWith(route),
-  );
-
-  return !isUnauthenticatedRoute && isLocalUrl;
+  return isUrlRelative(url);
 };
 
 export function createRequestInterceptor(): (

packages/server/api/src/app/core/security/authn/access-token-authn-handler.ts

@@ -1,4 +1,4 @@
-import { cacheWrapper, logger } from '@openops/server-shared';
+import { logger } from '@openops/server-shared';
 import {
   ApplicationError,
   ErrorCode,
@@ -11,15 +11,28 @@ import { userService } from '../../../user/user-service';
 import { BaseSecurityHandler } from '../security-handler';
 
 export class AccessTokenAuthnHandler extends BaseSecurityHandler {
+  private static readonly COOKIE_NAME = 'token';
   private static readonly HEADER_NAME = 'authorization';
   private static readonly HEADER_PREFIX = 'Bearer ';
 
   protected canHandle(request: FastifyRequest): Promise<boolean> {
-    const header = request.headers[AccessTokenAuthnHandler.HEADER_NAME];
-    const prefix = AccessTokenAuthnHandler.HEADER_PREFIX;
-    const routeMatches = header?.startsWith(prefix) ?? false;
+    const hasToken = this.getAccessToken(request) !== undefined;
     const skipAuth = request.routeOptions.config?.skipAuth ?? false;
-    return Promise.resolve(routeMatches && !skipAuth);
+    return Promise.resolve(hasToken && !skipAuth);
+  }
+
+  private getAccessToken(request: FastifyRequest): string | undefined {
+    const cookieToken = request.cookies?.[AccessTokenAuthnHandler.COOKIE_NAME];
+    if (!isNil(cookieToken)) {
+      return cookieToken;
+    }
+
+    const header = request.headers[AccessTokenAuthnHandler.HEADER_NAME];
+    if (header?.startsWith(AccessTokenAuthnHandler.HEADER_PREFIX)) {
+      return header.substring(AccessTokenAuthnHandler.HEADER_PREFIX.length);
+    }
+
+    return undefined;
   }
 
   protected async doHandle(request: FastifyRequest): Promise<void> {
@@ -50,9 +63,7 @@ export class AccessTokenAuthnHandler extends BaseSecurityHandler {
   }
 
   private extractAccessTokenOrThrow(request: FastifyRequest): string {
-    const header = request.headers[AccessTokenAuthnHandler.HEADER_NAME];
-    const prefix = AccessTokenAuthnHandler.HEADER_PREFIX;
-    const accessToken = header?.substring(prefix.length);
+    const accessToken = this.getAccessToken(request);
 
     if (isNil(accessToken)) {
       throw new ApplicationError({