fix(mcp): verify workspace ownership before revoking OAuth tokens

- DELETE /api/mcp/servers: pre-fetch with workspace filter and 404 before
  calling revokeMcpOauthTokens so an attacker can't trigger revocation
  against a serverId from another workspace.
- PATCH /api/mcp/servers/[id]: early-return 404 immediately after
  currentServer lookup so shouldClearOauth/revoke logic never runs when
  the server doesn't belong to the caller's workspace.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Author: waleedlatif1

apps/sim/app/api/mcp/servers/[id]/route.ts

@@ -105,6 +105,14 @@ export const PATCH = withRouteHandler(
           )
           .limit(1)
 
+        if (!currentServer) {
+          return createMcpErrorResponse(
+            new Error('Server not found or access denied'),
+            'Server not found',
+            404
+          )
+        }
+
         // Adding OAuth client credentials to a non-OAuth server promotes it
         // to OAuth so the connect-with-OAuth UI becomes reachable.
         if (

apps/sim/app/api/mcp/servers/route.ts

@@ -356,6 +356,20 @@ export const DELETE = withRouteHandler(
           `[${requestId}] Deleting MCP server: ${serverId} from workspace: ${workspaceId}`
         )
 
+        const [ownedServer] = await db
+          .select({ id: mcpServers.id })
+          .from(mcpServers)
+          .where(and(eq(mcpServers.id, serverId), eq(mcpServers.workspaceId, workspaceId)))
+          .limit(1)
+
+        if (!ownedServer) {
+          return createMcpErrorResponse(
+            new Error('Server not found or access denied'),
+            'Server not found',
+            404
+          )
+        }
+
         await revokeMcpOauthTokens(serverId)
 
         const [deletedServer] = await db