From afe838654ece7e3e2fdbd2df94589dc537f1ae07 Mon Sep 17 00:00:00 2001
From: orbisai0security <mediratta01.pally@gmail.com>
Date: Wed, 6 May 2026 12:31:16 +0000
Subject: [PATCH] fix: V-003 security vulnerability

Automated security fix generated by Orbis Security AI
---
 .../packages/rts/src/routes/git_routes.ts     | 20 ++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/app/client/packages/rts/src/routes/git_routes.ts b/app/client/packages/rts/src/routes/git_routes.ts
index 7a2428896dd8..bf4e6d5a6b29 100644
--- a/app/client/packages/rts/src/routes/git_routes.ts
+++ b/app/client/packages/rts/src/routes/git_routes.ts
@@ -1,11 +1,29 @@
 import express from "express";
+import type { Request, Response, NextFunction } from "express";
 import GitController from "@controllers/git";
 import { Validator } from "@middlewares/Validator";
+import { StatusCodes } from "http-status-codes";
 
 const router = express.Router();
 const gitController = new GitController();
 const validator = new Validator();
 
-router.post("/reset", validator.validateRequest, gitController.reset);
+function requireInternalAuth(req: Request, res: Response, next: NextFunction) {
+  const providedKey = req.headers["x-appsmith-internal-key"];
+  const expectedKey = process.env.APPSMITH_INTERNAL_KEY;
+
+  if (!expectedKey || !providedKey || providedKey !== expectedKey) {
+    return res.status(StatusCodes.FORBIDDEN).json({ error: "Forbidden" });
+  }
+
+  next();
+}
+
+router.post(
+  "/reset",
+  requireInternalAuth,
+  validator.validateRequest,
+  gitController.reset,
+);
 
 export default router;