fix(webhooks): validate auth token is set when requireAuth is enabled at deploy time

Rejects deployment with a clear error message if a generic webhook trigger
has requireAuth enabled but no authentication token configured, rather than
letting requests fail with 401 at runtime.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: waleedlatif1

apps/sim/lib/webhooks/deploy.ts

@@ -447,6 +447,18 @@ export async function saveTriggerWebhooksForDeploy({
       }
     }
 
+    if (providerConfig.requireAuth && !providerConfig.token) {
+      await restorePreviousSubscriptions()
+      return {
+        success: false,
+        error: {
+          message:
+            'Authentication is enabled but no token is configured. Please set an authentication token or disable authentication.',
+          status: 400,
+        },
+      }
+    }
+
     webhookConfigs.set(block.id, { provider, providerConfig, triggerPath, triggerDef })
 
     if (providerConfig.credentialSetId) {