chore: import upstream snapshot with attribution
Publish CLI Package / publish-npm (push) Waiting to run
Publish Python SDK / publish-pypi (push) Waiting to run
Publish TypeScript SDK / publish-npm (push) Waiting to run
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
Publish CLI Package / publish-npm (push) Waiting to run
Publish Python SDK / publish-pypi (push) Waiting to run
Publish TypeScript SDK / publish-npm (push) Waiting to run
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
This commit is contained in:
@@ -0,0 +1,35 @@
|
||||
import { NextResponse } from 'next/server'
|
||||
import { isFeatureEnabled } from '@/lib/core/config/feature-flags'
|
||||
import { getCustomBlockManageContext } from '@/lib/workflows/custom-blocks/operations'
|
||||
import { hasWorkspaceAdminAccess } from '@/lib/workspaces/permissions/utils'
|
||||
|
||||
export type ManageContext = NonNullable<Awaited<ReturnType<typeof getCustomBlockManageContext>>>
|
||||
|
||||
/**
|
||||
* Confirm the caller can manage (edit/delete) the block: admin of the block's
|
||||
* SOURCE workflow's workspace — matching who could publish it. Org admins/owners
|
||||
* hold admin on every org workspace, so they pass too; a workspace admin from a
|
||||
* different workspace does not, so they cannot alter another workspace's block or
|
||||
* its exposed outputs.
|
||||
*/
|
||||
export async function authorizeManage(
|
||||
userId: string,
|
||||
id: string
|
||||
): Promise<{ error: NextResponse; ctx: null } | { error: null; ctx: ManageContext }> {
|
||||
const ctx = await getCustomBlockManageContext(id)
|
||||
if (!ctx) return { error: NextResponse.json({ error: 'Not found' }, { status: 404 }), ctx: null }
|
||||
|
||||
if (!(await isFeatureEnabled('deploy-as-block', { userId, orgId: ctx.organizationId }))) {
|
||||
return {
|
||||
error: NextResponse.json({ error: 'Deploy as block is not enabled' }, { status: 403 }),
|
||||
ctx: null,
|
||||
}
|
||||
}
|
||||
if (!ctx.sourceWorkspaceId || !(await hasWorkspaceAdminAccess(userId, ctx.sourceWorkspaceId))) {
|
||||
return {
|
||||
error: NextResponse.json({ error: 'Admin permissions required' }, { status: 403 }),
|
||||
ctx: null,
|
||||
}
|
||||
}
|
||||
return { error: null, ctx }
|
||||
}
|
||||
@@ -0,0 +1,107 @@
|
||||
import { AuditAction, AuditResourceType, recordAudit } from '@sim/audit'
|
||||
import { createLogger } from '@sim/logger'
|
||||
import { getErrorMessage } from '@sim/utils/errors'
|
||||
import type { NextRequest } from 'next/server'
|
||||
import { NextResponse } from 'next/server'
|
||||
import {
|
||||
deleteCustomBlockContract,
|
||||
updateCustomBlockContract,
|
||||
} from '@/lib/api/contracts/custom-blocks'
|
||||
import { parseRequest } from '@/lib/api/server'
|
||||
import { getSession } from '@/lib/auth'
|
||||
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
|
||||
import {
|
||||
CustomBlockValidationError,
|
||||
deleteCustomBlock,
|
||||
getCustomBlockUsageCounts,
|
||||
updateCustomBlock,
|
||||
} from '@/lib/workflows/custom-blocks/operations'
|
||||
import { authorizeManage } from '@/app/api/custom-blocks/[id]/authorize-manage'
|
||||
|
||||
const logger = createLogger('CustomBlockAPI')
|
||||
|
||||
type RouteContext = { params: Promise<{ id: string }> }
|
||||
|
||||
export const PATCH = withRouteHandler(async (request: NextRequest, context: RouteContext) => {
|
||||
const session = await getSession()
|
||||
if (!session?.user?.id) {
|
||||
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
||||
}
|
||||
|
||||
const parsed = await parseRequest(updateCustomBlockContract, request, context)
|
||||
if (!parsed.success) return parsed.response
|
||||
|
||||
const { id } = parsed.data.params
|
||||
const authz = await authorizeManage(session.user.id, id)
|
||||
if (authz.error) return authz.error
|
||||
const { ctx } = authz
|
||||
|
||||
const { name, description, enabled, iconUrl, inputs, exposedOutputs } = parsed.data.body
|
||||
try {
|
||||
await updateCustomBlock(id, {
|
||||
name,
|
||||
description,
|
||||
enabled,
|
||||
inputs,
|
||||
iconUrl,
|
||||
exposedOutputs,
|
||||
})
|
||||
recordAudit({
|
||||
workspaceId: ctx.sourceWorkspaceId,
|
||||
actorId: session.user.id,
|
||||
actorName: session.user.name,
|
||||
actorEmail: session.user.email,
|
||||
action: AuditAction.CUSTOM_BLOCK_UPDATED,
|
||||
resourceType: AuditResourceType.CUSTOM_BLOCK,
|
||||
resourceId: id,
|
||||
resourceName: name ?? ctx.name,
|
||||
description: `Updated custom block "${name ?? ctx.name}"`,
|
||||
metadata: { organizationId: ctx.organizationId, type: ctx.type },
|
||||
request,
|
||||
})
|
||||
return NextResponse.json({ success: true as const })
|
||||
} catch (error) {
|
||||
if (error instanceof CustomBlockValidationError) {
|
||||
return NextResponse.json({ error: error.message }, { status: 400 })
|
||||
}
|
||||
logger.error('Failed to update custom block', { id, error: getErrorMessage(error) })
|
||||
throw error
|
||||
}
|
||||
})
|
||||
|
||||
export const DELETE = withRouteHandler(async (request: NextRequest, context: RouteContext) => {
|
||||
const session = await getSession()
|
||||
if (!session?.user?.id) {
|
||||
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
||||
}
|
||||
|
||||
const parsed = await parseRequest(deleteCustomBlockContract, request, context)
|
||||
if (!parsed.success) return parsed.response
|
||||
|
||||
const { id } = parsed.data.params
|
||||
const authz = await authorizeManage(session.user.id, id)
|
||||
if (authz.error) return authz.error
|
||||
const { ctx } = authz
|
||||
|
||||
const usageCounts = await getCustomBlockUsageCounts(ctx.organizationId, ctx.type)
|
||||
await deleteCustomBlock(id)
|
||||
recordAudit({
|
||||
workspaceId: ctx.sourceWorkspaceId,
|
||||
actorId: session.user.id,
|
||||
actorName: session.user.name,
|
||||
actorEmail: session.user.email,
|
||||
action: AuditAction.CUSTOM_BLOCK_DELETED,
|
||||
resourceType: AuditResourceType.CUSTOM_BLOCK,
|
||||
resourceId: id,
|
||||
resourceName: ctx.name,
|
||||
description: `Unpublished custom block "${ctx.name}"`,
|
||||
metadata: {
|
||||
organizationId: ctx.organizationId,
|
||||
type: ctx.type,
|
||||
usageCount: usageCounts.usageCount,
|
||||
deployedUsageCount: usageCounts.deployedUsageCount,
|
||||
},
|
||||
request,
|
||||
})
|
||||
return NextResponse.json({ success: true as const })
|
||||
})
|
||||
@@ -0,0 +1,91 @@
|
||||
/**
|
||||
* @vitest-environment node
|
||||
*/
|
||||
import { createMockRequest } from '@sim/testing'
|
||||
import { beforeEach, describe, expect, it, vi } from 'vitest'
|
||||
|
||||
const { mockGetSession, mockIsFeatureEnabled, mockHasWorkspaceAdminAccess, mockOperations } =
|
||||
vi.hoisted(() => ({
|
||||
mockGetSession: vi.fn(),
|
||||
mockIsFeatureEnabled: vi.fn(),
|
||||
mockHasWorkspaceAdminAccess: vi.fn(),
|
||||
mockOperations: {
|
||||
getCustomBlockManageContext: vi.fn(),
|
||||
getCustomBlockUsageCounts: vi.fn(),
|
||||
},
|
||||
}))
|
||||
|
||||
vi.mock('@/lib/auth', () => ({
|
||||
getSession: mockGetSession,
|
||||
}))
|
||||
|
||||
vi.mock('@/lib/core/config/feature-flags', () => ({
|
||||
isFeatureEnabled: mockIsFeatureEnabled,
|
||||
}))
|
||||
|
||||
vi.mock('@/lib/workspaces/permissions/utils', () => ({
|
||||
hasWorkspaceAdminAccess: mockHasWorkspaceAdminAccess,
|
||||
}))
|
||||
|
||||
vi.mock('@/lib/workflows/custom-blocks/operations', () => mockOperations)
|
||||
|
||||
import { GET } from '@/app/api/custom-blocks/[id]/usages/route'
|
||||
|
||||
const MANAGE_CONTEXT = {
|
||||
organizationId: 'org-1',
|
||||
sourceWorkspaceId: 'ws-1',
|
||||
type: 'custom_block_abc123',
|
||||
name: 'Invoice Parser',
|
||||
}
|
||||
|
||||
const USAGE_COUNTS = { usageCount: 3, deployedUsageCount: 2 }
|
||||
|
||||
function callRoute(id = 'cb-1') {
|
||||
return GET(createMockRequest('GET'), { params: Promise.resolve({ id }) })
|
||||
}
|
||||
|
||||
describe('GET /api/custom-blocks/[id]/usages', () => {
|
||||
beforeEach(() => {
|
||||
vi.clearAllMocks()
|
||||
mockGetSession.mockResolvedValue({ user: { id: 'user-1' } })
|
||||
mockIsFeatureEnabled.mockResolvedValue(true)
|
||||
mockHasWorkspaceAdminAccess.mockResolvedValue(true)
|
||||
mockOperations.getCustomBlockManageContext.mockResolvedValue(MANAGE_CONTEXT)
|
||||
mockOperations.getCustomBlockUsageCounts.mockResolvedValue(USAGE_COUNTS)
|
||||
})
|
||||
|
||||
it('returns 401 without a session', async () => {
|
||||
mockGetSession.mockResolvedValue(null)
|
||||
const response = await callRoute()
|
||||
expect(response.status).toBe(401)
|
||||
})
|
||||
|
||||
it('returns 404 for an unknown block', async () => {
|
||||
mockOperations.getCustomBlockManageContext.mockResolvedValue(null)
|
||||
const response = await callRoute()
|
||||
expect(response.status).toBe(404)
|
||||
})
|
||||
|
||||
it('returns 403 when the feature flag is off', async () => {
|
||||
mockIsFeatureEnabled.mockResolvedValue(false)
|
||||
const response = await callRoute()
|
||||
expect(response.status).toBe(403)
|
||||
})
|
||||
|
||||
it('returns 403 for a non-admin of the source workspace', async () => {
|
||||
mockHasWorkspaceAdminAccess.mockResolvedValue(false)
|
||||
const response = await callRoute()
|
||||
expect(response.status).toBe(403)
|
||||
expect(mockOperations.getCustomBlockUsageCounts).not.toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('returns the org-scoped usage counts for the block type', async () => {
|
||||
const response = await callRoute()
|
||||
expect(response.status).toBe(200)
|
||||
expect(await response.json()).toEqual(USAGE_COUNTS)
|
||||
expect(mockOperations.getCustomBlockUsageCounts).toHaveBeenCalledWith(
|
||||
'org-1',
|
||||
'custom_block_abc123'
|
||||
)
|
||||
})
|
||||
})
|
||||
@@ -0,0 +1,26 @@
|
||||
import type { NextRequest } from 'next/server'
|
||||
import { NextResponse } from 'next/server'
|
||||
import { getCustomBlockUsageCountsContract } from '@/lib/api/contracts/custom-blocks'
|
||||
import { parseRequest } from '@/lib/api/server'
|
||||
import { getSession } from '@/lib/auth'
|
||||
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
|
||||
import { getCustomBlockUsageCounts } from '@/lib/workflows/custom-blocks/operations'
|
||||
import { authorizeManage } from '@/app/api/custom-blocks/[id]/authorize-manage'
|
||||
|
||||
type RouteContext = { params: Promise<{ id: string }> }
|
||||
|
||||
export const GET = withRouteHandler(async (request: NextRequest, context: RouteContext) => {
|
||||
const session = await getSession()
|
||||
if (!session?.user?.id) {
|
||||
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
||||
}
|
||||
|
||||
const parsed = await parseRequest(getCustomBlockUsageCountsContract, request, context)
|
||||
if (!parsed.success) return parsed.response
|
||||
|
||||
const authz = await authorizeManage(session.user.id, parsed.data.params.id)
|
||||
if (authz.error) return authz.error
|
||||
|
||||
const counts = await getCustomBlockUsageCounts(authz.ctx.organizationId, authz.ctx.type)
|
||||
return NextResponse.json(counts)
|
||||
})
|
||||
@@ -0,0 +1,145 @@
|
||||
import { AuditAction, AuditResourceType, recordAudit } from '@sim/audit'
|
||||
import { createLogger } from '@sim/logger'
|
||||
import { getErrorMessage } from '@sim/utils/errors'
|
||||
import type { NextRequest } from 'next/server'
|
||||
import { NextResponse } from 'next/server'
|
||||
import {
|
||||
listCustomBlocksContract,
|
||||
publishCustomBlockContract,
|
||||
} from '@/lib/api/contracts/custom-blocks'
|
||||
import { parseRequest } from '@/lib/api/server'
|
||||
import { getSession } from '@/lib/auth'
|
||||
import { isOrganizationOnEnterprisePlan } from '@/lib/billing'
|
||||
import { isFeatureEnabled } from '@/lib/core/config/feature-flags'
|
||||
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
|
||||
import {
|
||||
CustomBlockValidationError,
|
||||
type CustomBlockWithInputs,
|
||||
listCustomBlocksWithInputs,
|
||||
publishCustomBlock,
|
||||
} from '@/lib/workflows/custom-blocks/operations'
|
||||
import { checkWorkspaceAccess } from '@/lib/workspaces/permissions/utils'
|
||||
|
||||
const logger = createLogger('CustomBlocksAPI')
|
||||
|
||||
/** Wire shape for a custom block. Keeps the icon field name explicit for the client. */
|
||||
function toWire(block: CustomBlockWithInputs) {
|
||||
return {
|
||||
id: block.id,
|
||||
organizationId: block.organizationId,
|
||||
workflowId: block.workflowId,
|
||||
workflowName: block.workflowName,
|
||||
workspaceId: block.workspaceId,
|
||||
workspaceName: block.workspaceName,
|
||||
type: block.type,
|
||||
name: block.name,
|
||||
description: block.description,
|
||||
iconUrl: block.iconUrl,
|
||||
enabled: block.enabled,
|
||||
inputFields: block.inputFields,
|
||||
exposedOutputs: block.exposedOutputs,
|
||||
}
|
||||
}
|
||||
|
||||
export const GET = withRouteHandler(async (request: NextRequest) => {
|
||||
const session = await getSession()
|
||||
if (!session?.user?.id) {
|
||||
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
||||
}
|
||||
|
||||
const parsed = await parseRequest(listCustomBlocksContract, request, {})
|
||||
if (!parsed.success) return parsed.response
|
||||
|
||||
const userId = session.user.id
|
||||
const { workspaceId } = parsed.data.query
|
||||
|
||||
const access = await checkWorkspaceAccess(workspaceId, userId)
|
||||
if (!access.hasAccess) {
|
||||
return NextResponse.json({ error: 'Access denied' }, { status: 403 })
|
||||
}
|
||||
|
||||
const organizationId = access.workspace?.organizationId
|
||||
if (!organizationId) {
|
||||
return NextResponse.json({ enabled: false, customBlocks: [] })
|
||||
}
|
||||
|
||||
if (!(await isFeatureEnabled('deploy-as-block', { userId, orgId: organizationId }))) {
|
||||
return NextResponse.json({ enabled: false, customBlocks: [] })
|
||||
}
|
||||
|
||||
const enabled = await isOrganizationOnEnterprisePlan(organizationId)
|
||||
const blocks = enabled ? await listCustomBlocksWithInputs(organizationId) : []
|
||||
return NextResponse.json({ enabled, customBlocks: blocks.map(toWire) })
|
||||
})
|
||||
|
||||
export const POST = withRouteHandler(async (request: NextRequest) => {
|
||||
const session = await getSession()
|
||||
if (!session?.user?.id) {
|
||||
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
||||
}
|
||||
|
||||
const parsed = await parseRequest(publishCustomBlockContract, request, {})
|
||||
if (!parsed.success) return parsed.response
|
||||
|
||||
const userId = session.user.id
|
||||
const { workspaceId, workflowId, name, description, iconUrl, inputs, exposedOutputs } =
|
||||
parsed.data.body
|
||||
|
||||
const access = await checkWorkspaceAccess(workspaceId, userId)
|
||||
if (!access.canAdmin) {
|
||||
return NextResponse.json({ error: 'Admin permissions required' }, { status: 403 })
|
||||
}
|
||||
|
||||
const organizationId = access.workspace?.organizationId
|
||||
if (!organizationId) {
|
||||
return NextResponse.json(
|
||||
{ error: 'Publishing a block requires the workspace to belong to an organization' },
|
||||
{ status: 400 }
|
||||
)
|
||||
}
|
||||
|
||||
if (!(await isFeatureEnabled('deploy-as-block', { userId, orgId: organizationId }))) {
|
||||
return NextResponse.json({ error: 'Deploy as block is not enabled' }, { status: 403 })
|
||||
}
|
||||
|
||||
if (!(await isOrganizationOnEnterprisePlan(organizationId))) {
|
||||
return NextResponse.json(
|
||||
{ error: 'Deploy as block requires an enterprise plan' },
|
||||
{ status: 403 }
|
||||
)
|
||||
}
|
||||
|
||||
try {
|
||||
const block = await publishCustomBlock({
|
||||
organizationId,
|
||||
workspaceId,
|
||||
workflowId,
|
||||
userId,
|
||||
name,
|
||||
description,
|
||||
iconUrl,
|
||||
inputs,
|
||||
exposedOutputs,
|
||||
})
|
||||
recordAudit({
|
||||
workspaceId,
|
||||
actorId: userId,
|
||||
actorName: session.user.name,
|
||||
actorEmail: session.user.email,
|
||||
action: AuditAction.CUSTOM_BLOCK_PUBLISHED,
|
||||
resourceType: AuditResourceType.CUSTOM_BLOCK,
|
||||
resourceId: block.id,
|
||||
resourceName: block.name,
|
||||
description: `Published custom block "${block.name}"`,
|
||||
metadata: { organizationId, type: block.type, workflowId },
|
||||
request,
|
||||
})
|
||||
return NextResponse.json({ customBlock: toWire(block) })
|
||||
} catch (error) {
|
||||
if (error instanceof CustomBlockValidationError) {
|
||||
return NextResponse.json({ error: error.message }, { status: 400 })
|
||||
}
|
||||
logger.error('Failed to publish custom block', { error: getErrorMessage(error) })
|
||||
throw error
|
||||
}
|
||||
})
|
||||
Reference in New Issue
Block a user