[bug] Repo images broken when anonymous access is not enabled

[brianphillips]

Describe the bug

When the "Enable anonymous access" setting is disabled, requests to URLs like /_next/image?url=%2Fapi%2F~%2Frepos%2F1%2Fimage&w=32&q=75 return a 400 error with a response body of The requested resource isn't a valid image.. It appears this is because it is proxying to an API route that expects to be made in the typical authenticated session but (presumably) the relevant incoming request headers are not proxied through to the upstream /api/repos/:repoId/image route.

To reproduce

1. Turn the "Enable anonymous access" setting off
2. Observe that requests like GET /api/~/repos/1/image require authentication (i.e. curl http://my-sourcebot-host/api/~/repos/1/image returns a 401)
3. Observe that requests to GET /_next/image?url=%2Fapi%2F~%2Frepos%2F1%2Fimage&w=32&q=75 return a 400 status, regardless of the authentication status of the incoming request

Sourcebot deployment information

Sourcebot version (e.g. v3.0.1): 4.9.0

Additional information

No response

[brendan-kellam]

@brianphillips This issue seems to only effect self-hosted instances. Quickly had cursor spin a fix, but not totally sure if it will fix the issue, so if you don't mind testing it out and re-opening if not fixed, that would be appreciated thx!