chore: import upstream snapshot with attribution
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
Publish CLI Package / publish-npm (push) Has been cancelled
Publish Python SDK / publish-pypi (push) Has been cancelled
Publish TypeScript SDK / publish-npm (push) Has been cancelled

This commit is contained in:
wehub-resource-sync
2026-07-13 13:20:55 +08:00
commit d25d482dc2
13754 changed files with 4996608 additions and 0 deletions
@@ -0,0 +1,195 @@
import { createLogger } from '@sim/logger'
import { type NextRequest, NextResponse } from 'next/server'
import {
batchPresignedUploadBodyContract,
uploadTypeSchema,
} from '@/lib/api/contracts/storage-transfer'
import { getValidationErrorMessage, parseRequest } from '@/lib/api/server'
import { getSession } from '@/lib/auth'
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
import type { StorageContext } from '@/lib/uploads/config'
import { USE_BLOB_STORAGE } from '@/lib/uploads/config'
import {
generateBatchPresignedUploadUrls,
hasCloudStorage,
} from '@/lib/uploads/core/storage-service'
import { recordKnowledgeBaseFileOwnershipMany } from '@/lib/uploads/server/metadata'
import { validateFileType } from '@/lib/uploads/utils/validation'
import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils'
import { createErrorResponse } from '@/app/api/files/utils'
const logger = createLogger('BatchPresignedUploadAPI')
const VALID_UPLOAD_TYPES = ['knowledge-base', 'chat', 'copilot', 'profile-pictures'] as const
export const POST = withRouteHandler(async (request: NextRequest) => {
try {
const session = await getSession()
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
const parsed = await parseRequest(
batchPresignedUploadBodyContract,
request,
{},
{
validationErrorResponse: (error) =>
NextResponse.json(
{ error: getValidationErrorMessage(error, 'Invalid request data') },
{ status: 400 }
),
invalidJsonResponse: () =>
NextResponse.json({ error: 'Invalid JSON in request body' }, { status: 400 }),
}
)
if (!parsed.success) return parsed.response
const { files } = parsed.data.body
const uploadTypeParam = request.nextUrl.searchParams.get('type')
if (!uploadTypeParam) {
return NextResponse.json({ error: 'type query parameter is required' }, { status: 400 })
}
const uploadTypeResult = uploadTypeSchema.safeParse(uploadTypeParam)
if (!uploadTypeResult.success) {
return NextResponse.json(
{ error: `Invalid type parameter. Must be one of: ${VALID_UPLOAD_TYPES.join(', ')}` },
{ status: 400 }
)
}
const uploadType = uploadTypeResult.data as StorageContext
const sessionUserId = session.user.id
let knowledgeBaseWorkspaceId: string | null = null
if (uploadType === 'knowledge-base') {
for (const file of files) {
const fileValidationError = validateFileType(file.fileName, file.contentType)
if (fileValidationError) {
return NextResponse.json(
{
error: fileValidationError.message,
code: fileValidationError.code,
supportedTypes: fileValidationError.supportedTypes,
},
{ status: 400 }
)
}
}
knowledgeBaseWorkspaceId = request.nextUrl.searchParams.get('workspaceId')
if (!knowledgeBaseWorkspaceId?.trim()) {
return NextResponse.json(
{ error: 'workspaceId query parameter is required for knowledge-base uploads' },
{ status: 400 }
)
}
const permission = await getUserEntityPermissions(
sessionUserId,
'workspace',
knowledgeBaseWorkspaceId
)
if (permission !== 'write' && permission !== 'admin') {
return NextResponse.json(
{ error: 'Write or Admin access required for knowledge-base uploads' },
{ status: 403 }
)
}
}
if (uploadType === 'copilot' && !sessionUserId?.trim()) {
return NextResponse.json(
{ error: 'Authenticated user session is required for copilot uploads' },
{ status: 400 }
)
}
if (!hasCloudStorage()) {
logger.info(
`Local storage detected - batch presigned URLs not available, client will use API fallback`
)
return NextResponse.json({
files: files.map((file) => ({
fileName: file.fileName,
presignedUrl: '', // Empty URL signals fallback to API upload
fileInfo: {
path: '',
key: '',
name: file.fileName,
size: file.fileSize,
type: file.contentType,
},
directUploadSupported: false,
})),
directUploadSupported: false,
})
}
logger.info(`Generating batch ${uploadType} presigned URLs for ${files.length} files`)
const startTime = Date.now()
const presignedUrls = await generateBatchPresignedUploadUrls(
files.map((file) => ({
fileName: file.fileName,
contentType: file.contentType,
fileSize: file.fileSize,
})),
uploadType,
sessionUserId,
3600 // 1 hour
)
const duration = Date.now() - startTime
logger.info(
`Generated ${files.length} presigned URLs in ${duration}ms (avg ${Math.round(duration / files.length)}ms per file)`
)
if (uploadType === 'knowledge-base' && knowledgeBaseWorkspaceId) {
const ownerWorkspaceId = knowledgeBaseWorkspaceId
await recordKnowledgeBaseFileOwnershipMany(
presignedUrls.map((urlResponse, index) => ({
key: urlResponse.key,
userId: sessionUserId,
workspaceId: ownerWorkspaceId,
originalName: files[index].fileName,
contentType: files[index].contentType,
size: files[index].fileSize,
}))
)
}
const storagePrefix = USE_BLOB_STORAGE ? 'blob' : 's3'
return NextResponse.json({
files: presignedUrls.map((urlResponse, index) => {
const finalPath = `/api/files/serve/${storagePrefix}/${encodeURIComponent(urlResponse.key)}?context=${uploadType}`
const file = files[index]
return {
fileName: file.fileName,
presignedUrl: urlResponse.url,
fileInfo: {
path: finalPath,
key: urlResponse.key,
name: file.fileName,
size: file.fileSize,
type: file.contentType,
},
uploadHeaders: urlResponse.uploadHeaders,
directUploadSupported: true,
}
}),
directUploadSupported: true,
})
} catch (error) {
logger.error('Error generating batch presigned URLs:', error)
return createErrorResponse(
error instanceof Error ? error : new Error('Failed to generate batch presigned URLs')
)
}
})
@@ -0,0 +1,871 @@
/**
* Tests for file presigned API route
*
* @vitest-environment node
*/
import { authMockFns, storageServiceMock, storageServiceMockFns } from '@sim/testing'
import { NextRequest } from 'next/server'
import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
const {
mockVerifyFileAccess,
mockVerifyWorkspaceFileAccess,
mockUseBlobStorage,
mockUseS3Storage,
mockGetStorageConfig,
mockIsUsingCloudStorage,
mockGetStorageProvider,
mockValidateFileType,
mockValidateAttachmentFileType,
mockGenerateCopilotUploadUrl,
mockIsImageFileType,
mockGetStorageProviderUploads,
mockIsUsingCloudStorageUploads,
mockGetUserEntityPermissions,
mockGenerateWorkspaceFileKey,
mockGenerateExecutionFileKey,
mockInsertFileMetadata,
} = vi.hoisted(() => ({
mockVerifyFileAccess: vi.fn().mockResolvedValue(true),
mockVerifyWorkspaceFileAccess: vi.fn().mockResolvedValue(true),
mockUseBlobStorage: { value: false },
mockUseS3Storage: { value: true },
mockGetStorageConfig: vi.fn(),
mockIsUsingCloudStorage: vi.fn(),
mockGetStorageProvider: vi.fn(),
mockValidateFileType: vi.fn().mockReturnValue(null),
mockValidateAttachmentFileType: vi.fn().mockReturnValue(null),
mockGenerateCopilotUploadUrl: vi.fn().mockResolvedValue({
url: 'https://example.com/presigned-url',
key: 'copilot/test-key.txt',
}),
mockIsImageFileType: vi.fn().mockReturnValue(true),
mockGetStorageProviderUploads: vi.fn(),
mockIsUsingCloudStorageUploads: vi.fn(),
mockGetUserEntityPermissions: vi.fn().mockResolvedValue('admin'),
mockGenerateWorkspaceFileKey: vi.fn(
(workspaceId: string, fileName: string) => `workspace/${workspaceId}/${fileName}`
),
mockGenerateExecutionFileKey: vi.fn(
(ctx: { workspaceId: string; workflowId: string; executionId: string }, fileName: string) =>
`execution/${ctx.workspaceId}/${ctx.workflowId}/${ctx.executionId}/${fileName}`
),
mockInsertFileMetadata: vi.fn().mockResolvedValue({ id: 'wf_test' }),
}))
vi.mock('@/app/api/files/authorization', () => ({
verifyFileAccess: mockVerifyFileAccess,
verifyWorkspaceFileAccess: mockVerifyWorkspaceFileAccess,
}))
vi.mock('@/lib/uploads/config', () => ({
get USE_BLOB_STORAGE() {
return mockUseBlobStorage.value
},
get USE_S3_STORAGE() {
return mockUseS3Storage.value
},
UPLOAD_DIR: '/uploads',
getStorageConfig: mockGetStorageConfig,
isUsingCloudStorage: mockIsUsingCloudStorage,
getStorageProvider: mockGetStorageProvider,
}))
vi.mock('@/lib/uploads/core/storage-service', () => storageServiceMock)
vi.mock('@/lib/uploads/utils/validation', () => ({
validateFileType: mockValidateFileType,
validateAttachmentFileType: mockValidateAttachmentFileType,
}))
vi.mock('@/lib/workspaces/permissions/utils', () => ({
getUserEntityPermissions: mockGetUserEntityPermissions,
}))
vi.mock('@/lib/uploads/contexts/workspace/workspace-file-manager', () => ({
generateWorkspaceFileKey: mockGenerateWorkspaceFileKey,
}))
vi.mock('@/lib/uploads/contexts/execution/utils', () => ({
generateExecutionFileKey: mockGenerateExecutionFileKey,
}))
vi.mock('@/lib/uploads/server/metadata', () => ({
insertFileMetadata: mockInsertFileMetadata,
recordKnowledgeBaseFileOwnership: (ownership: Record<string, unknown>) =>
mockInsertFileMetadata({ ...ownership, context: 'knowledge-base' }),
}))
vi.mock('@/lib/uploads/utils/file-utils', () => ({
isImageFileType: mockIsImageFileType,
}))
vi.mock('@/lib/uploads', () => ({
CopilotFiles: {
generateCopilotUploadUrl: mockGenerateCopilotUploadUrl,
},
getStorageProvider: mockGetStorageProviderUploads,
isUsingCloudStorage: mockIsUsingCloudStorageUploads,
}))
import { POST } from '@/app/api/files/presigned/route'
const defaultMockUser = {
id: 'test-user-id',
name: 'Test User',
email: 'test@example.com',
}
function setupFileApiMocks(
options: {
authenticated?: boolean
storageProvider?: 's3' | 'blob' | 'local'
cloudEnabled?: boolean
} = {}
) {
const { authenticated = true, storageProvider = 's3', cloudEnabled = true } = options
if (authenticated) {
authMockFns.mockGetSession.mockResolvedValue({ user: defaultMockUser })
} else {
authMockFns.mockGetSession.mockResolvedValue(null)
}
const useBlobStorage = storageProvider === 'blob' && cloudEnabled
const useS3Storage = storageProvider === 's3' && cloudEnabled
mockUseBlobStorage.value = useBlobStorage
mockUseS3Storage.value = useS3Storage
mockGetStorageConfig.mockReturnValue(
useBlobStorage
? {
accountName: 'testaccount',
accountKey: 'testkey',
connectionString: 'testconnection',
containerName: 'testcontainer',
}
: {
bucket: 'test-bucket',
region: 'us-east-1',
}
)
mockIsUsingCloudStorage.mockReturnValue(cloudEnabled)
mockGetStorageProvider.mockReturnValue(
storageProvider === 'blob' ? 'Azure Blob' : storageProvider === 's3' ? 'S3' : 'Local'
)
storageServiceMockFns.mockHasCloudStorage.mockReturnValue(cloudEnabled)
storageServiceMockFns.mockGeneratePresignedUploadUrl.mockImplementation(
async (opts: { fileName: string; context: string; customKey?: string }) => {
const timestamp = Date.now()
const safeFileName = opts.fileName.replace(/[^a-zA-Z0-9.-]/g, '_')
const key = opts.customKey ?? `${opts.context}/${timestamp}-ik3a6w4-${safeFileName}`
return {
url: 'https://example.com/presigned-url',
key,
}
}
)
storageServiceMockFns.mockGeneratePresignedDownloadUrl.mockResolvedValue(
'https://example.com/presigned-url'
)
mockValidateFileType.mockReturnValue(null)
mockValidateAttachmentFileType.mockReturnValue(null)
mockGetUserEntityPermissions.mockResolvedValue('admin')
mockGetStorageProviderUploads.mockReturnValue(
storageProvider === 'blob' ? 'Azure Blob' : storageProvider === 's3' ? 'S3' : 'Local'
)
mockIsUsingCloudStorageUploads.mockReturnValue(cloudEnabled)
}
describe('/api/files/presigned', () => {
beforeEach(() => {
vi.clearAllMocks()
vi.useFakeTimers()
vi.setSystemTime(new Date('2024-01-01T00:00:00Z'))
vi.stubGlobal('crypto', {
randomUUID: vi.fn().mockReturnValue('mock-uuid-1234-5678'),
})
})
afterEach(() => {
vi.useRealTimers()
})
describe('POST', () => {
it('should return graceful fallback response when cloud storage is not enabled', async () => {
setupFileApiMocks({
cloudEnabled: false,
storageProvider: 's3',
})
const request = new NextRequest('http://localhost:3000/api/files/presigned?type=chat', {
method: 'POST',
body: JSON.stringify({
fileName: 'test.txt',
contentType: 'text/plain',
fileSize: 1024,
}),
})
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(200)
expect(data.directUploadSupported).toBe(false)
expect(data.presignedUrl).toBe('')
expect(data.fileName).toBe('test.txt')
expect(data.fileInfo).toBeDefined()
expect(data.fileInfo.name).toBe('test.txt')
expect(data.fileInfo.size).toBe(1024)
expect(data.fileInfo.type).toBe('text/plain')
})
it('should return error when fileName is missing', async () => {
setupFileApiMocks({
cloudEnabled: true,
storageProvider: 's3',
})
const request = new NextRequest('http://localhost:3000/api/files/presigned', {
method: 'POST',
body: JSON.stringify({
contentType: 'text/plain',
fileSize: 1024,
}),
})
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(400)
expect(data.error).toBe('fileName is required and cannot be empty')
expect(data.code).toBe('VALIDATION_ERROR')
})
it('should return error when contentType is missing', async () => {
setupFileApiMocks({
cloudEnabled: true,
storageProvider: 's3',
})
const request = new NextRequest('http://localhost:3000/api/files/presigned', {
method: 'POST',
body: JSON.stringify({
fileName: 'test.txt',
fileSize: 1024,
}),
})
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(400)
expect(data.error).toBe('contentType is required and cannot be empty')
expect(data.code).toBe('VALIDATION_ERROR')
})
it('should return error when fileSize is invalid', async () => {
setupFileApiMocks({
cloudEnabled: true,
storageProvider: 's3',
})
const request = new NextRequest('http://localhost:3000/api/files/presigned', {
method: 'POST',
body: JSON.stringify({
fileName: 'test.txt',
contentType: 'text/plain',
fileSize: 0,
}),
})
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(400)
expect(data.error).toBe('fileSize must be a positive number')
expect(data.code).toBe('VALIDATION_ERROR')
})
it('should return error when file size exceeds limit', async () => {
setupFileApiMocks({
cloudEnabled: true,
storageProvider: 's3',
})
const largeFileSize = 150 * 1024 * 1024 // 150MB (exceeds 100MB limit)
const request = new NextRequest('http://localhost:3000/api/files/presigned', {
method: 'POST',
body: JSON.stringify({
fileName: 'large-file.txt',
contentType: 'text/plain',
fileSize: largeFileSize,
}),
})
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(400)
expect(data.error).toContain('exceeds maximum allowed size')
expect(data.code).toBe('VALIDATION_ERROR')
})
it('should generate S3 presigned URL successfully', async () => {
setupFileApiMocks({
cloudEnabled: true,
storageProvider: 's3',
})
const request = new NextRequest('http://localhost:3000/api/files/presigned?type=chat', {
method: 'POST',
body: JSON.stringify({
fileName: 'test document.txt',
contentType: 'text/plain',
fileSize: 1024,
}),
})
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(200)
expect(data.presignedUrl).toBe('https://example.com/presigned-url')
expect(data.fileInfo).toMatchObject({
path: expect.stringMatching(/\/api\/files\/serve\/s3\/.+\?context=chat$/),
key: expect.stringMatching(/.*test.document\.txt$/),
name: 'test document.txt',
size: 1024,
type: 'text/plain',
})
expect(data.directUploadSupported).toBe(true)
})
it('should generate knowledge-base S3 presigned URL with kb prefix', async () => {
setupFileApiMocks({
cloudEnabled: true,
storageProvider: 's3',
})
const request = new NextRequest(
'http://localhost:3000/api/files/presigned?type=knowledge-base&workspaceId=ws-1',
{
method: 'POST',
body: JSON.stringify({
fileName: 'knowledge-doc.pdf',
contentType: 'application/pdf',
fileSize: 2048,
}),
}
)
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(200)
expect(data.fileInfo.key).toMatch(/^kb\/.*knowledge-doc\.pdf$/)
expect(data.directUploadSupported).toBe(true)
})
it('should generate chat S3 presigned URL with chat prefix and direct path', async () => {
setupFileApiMocks({
cloudEnabled: true,
storageProvider: 's3',
})
const request = new NextRequest('http://localhost:3000/api/files/presigned?type=chat', {
method: 'POST',
body: JSON.stringify({
fileName: 'chat-logo.png',
contentType: 'image/png',
fileSize: 4096,
}),
})
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(200)
expect(data.fileInfo.key).toMatch(/^chat\/.*chat-logo\.png$/)
expect(data.fileInfo.path).toMatch(/\/api\/files\/serve\/s3\/.+\?context=chat$/)
expect(data.presignedUrl).toBeTruthy()
expect(data.directUploadSupported).toBe(true)
})
it('should generate Azure Blob presigned URL successfully', async () => {
setupFileApiMocks({
cloudEnabled: true,
storageProvider: 'blob',
})
const request = new NextRequest('http://localhost:3000/api/files/presigned?type=chat', {
method: 'POST',
body: JSON.stringify({
fileName: 'test document.txt',
contentType: 'text/plain',
fileSize: 1024,
}),
})
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(200)
expect(data.presignedUrl).toBeTruthy()
expect(typeof data.presignedUrl).toBe('string')
expect(data.fileInfo).toMatchObject({
key: expect.stringMatching(/.*test.document\.txt$/),
name: 'test document.txt',
size: 1024,
type: 'text/plain',
})
expect(data.directUploadSupported).toBe(true)
})
it('should generate chat Azure Blob presigned URL with chat prefix and direct path', async () => {
setupFileApiMocks({
cloudEnabled: true,
storageProvider: 'blob',
})
const request = new NextRequest('http://localhost:3000/api/files/presigned?type=chat', {
method: 'POST',
body: JSON.stringify({
fileName: 'chat-logo.png',
contentType: 'image/png',
fileSize: 4096,
}),
})
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(200)
expect(data.fileInfo.key).toMatch(/^chat\/.*chat-logo\.png$/)
expect(data.fileInfo.path).toMatch(/\/api\/files\/serve\/blob\/.+\?context=chat$/)
expect(data.presignedUrl).toBeTruthy()
expect(data.directUploadSupported).toBe(true)
})
it('should return error for unknown storage provider', async () => {
setupFileApiMocks({
cloudEnabled: true,
storageProvider: 's3',
})
storageServiceMockFns.mockGeneratePresignedUploadUrl.mockRejectedValue(
new Error('Unknown storage provider: unknown')
)
const request = new NextRequest('http://localhost:3000/api/files/presigned?type=chat', {
method: 'POST',
body: JSON.stringify({
fileName: 'test.txt',
contentType: 'text/plain',
fileSize: 1024,
}),
})
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(500)
expect(data.error).toBeTruthy()
expect(typeof data.error).toBe('string')
})
it('should handle S3 errors gracefully', async () => {
setupFileApiMocks({
cloudEnabled: true,
storageProvider: 's3',
})
storageServiceMockFns.mockGeneratePresignedUploadUrl.mockRejectedValue(
new Error('S3 service unavailable')
)
const request = new NextRequest('http://localhost:3000/api/files/presigned?type=chat', {
method: 'POST',
body: JSON.stringify({
fileName: 'test.txt',
contentType: 'text/plain',
fileSize: 1024,
}),
})
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(500)
expect(data.error).toBeTruthy()
expect(typeof data.error).toBe('string')
})
it('should handle Azure Blob errors gracefully', async () => {
setupFileApiMocks({
cloudEnabled: true,
storageProvider: 'blob',
})
storageServiceMockFns.mockGeneratePresignedUploadUrl.mockRejectedValue(
new Error('Azure service unavailable')
)
const request = new NextRequest('http://localhost:3000/api/files/presigned?type=chat', {
method: 'POST',
body: JSON.stringify({
fileName: 'test.txt',
contentType: 'text/plain',
fileSize: 1024,
}),
})
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(500)
expect(data.error).toBeTruthy()
expect(typeof data.error).toBe('string')
})
it('should handle malformed JSON gracefully', async () => {
setupFileApiMocks({
cloudEnabled: true,
storageProvider: 's3',
})
const request = new NextRequest('http://localhost:3000/api/files/presigned', {
method: 'POST',
body: 'invalid json',
})
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(400) // Changed from 500 to 400 (ValidationError)
expect(data.error).toBe('Invalid JSON in request body') // Updated error message
expect(data.code).toBe('VALIDATION_ERROR')
})
})
describe('mothership uploads', () => {
it('uses validateAttachmentFileType (not validateFileType) — accepts images', async () => {
setupFileApiMocks({ cloudEnabled: true, storageProvider: 's3' })
const request = new NextRequest(
'http://localhost:3000/api/files/presigned?type=mothership&workspaceId=ws-1',
{
method: 'POST',
body: JSON.stringify({
fileName: 'screenshot.png',
contentType: 'image/png',
fileSize: 4096,
}),
}
)
const response = await POST(request)
expect(response.status).toBe(200)
expect(mockValidateAttachmentFileType).toHaveBeenCalledWith('screenshot.png')
expect(mockValidateFileType).not.toHaveBeenCalled()
})
it('rejects unsupported types when validator returns an error', async () => {
setupFileApiMocks({ cloudEnabled: true, storageProvider: 's3' })
mockValidateAttachmentFileType.mockReturnValue({
code: 'UNSUPPORTED_FILE_TYPE',
message: 'Unsupported file type: exe.',
supportedTypes: [],
})
const request = new NextRequest(
'http://localhost:3000/api/files/presigned?type=mothership&workspaceId=ws-1',
{
method: 'POST',
body: JSON.stringify({
fileName: 'virus.exe',
contentType: 'application/octet-stream',
fileSize: 4096,
}),
}
)
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(400)
expect(data.code).toBe('VALIDATION_ERROR')
expect(data.error).toContain('exe')
})
it('returns 403 when user lacks workspace write permission', async () => {
setupFileApiMocks({ cloudEnabled: true, storageProvider: 's3' })
mockGetUserEntityPermissions.mockResolvedValue('read')
const request = new NextRequest(
'http://localhost:3000/api/files/presigned?type=mothership&workspaceId=ws-1',
{
method: 'POST',
body: JSON.stringify({
fileName: 'doc.pdf',
contentType: 'application/pdf',
fileSize: 4096,
}),
}
)
const response = await POST(request)
expect(response.status).toBe(403)
})
it('inserts a workspaceFiles row with context=mothership so previews authorize', async () => {
setupFileApiMocks({ cloudEnabled: true, storageProvider: 's3' })
const request = new NextRequest(
'http://localhost:3000/api/files/presigned?type=mothership&workspaceId=ws-1',
{
method: 'POST',
body: JSON.stringify({
fileName: 'screenshot.png',
contentType: 'image/png',
fileSize: 4096,
}),
}
)
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(200)
expect(mockInsertFileMetadata).toHaveBeenCalledTimes(1)
expect(mockInsertFileMetadata).toHaveBeenCalledWith({
key: data.fileInfo.key,
userId: 'test-user-id',
workspaceId: 'ws-1',
context: 'mothership',
originalName: 'screenshot.png',
contentType: 'image/png',
size: 4096,
})
})
it('returns 500 when insertFileMetadata fails so callers do not get an unauthorizable URL', async () => {
setupFileApiMocks({ cloudEnabled: true, storageProvider: 's3' })
mockInsertFileMetadata.mockRejectedValueOnce(new Error('DB connection lost'))
const request = new NextRequest(
'http://localhost:3000/api/files/presigned?type=mothership&workspaceId=ws-1',
{
method: 'POST',
body: JSON.stringify({
fileName: 'screenshot.png',
contentType: 'image/png',
fileSize: 4096,
}),
}
)
const response = await POST(request)
expect(response.status).toBe(500)
})
})
describe('execution uploads', () => {
it('uses validateAttachmentFileType — accepts video', async () => {
setupFileApiMocks({ cloudEnabled: true, storageProvider: 's3' })
const request = new NextRequest(
'http://localhost:3000/api/files/presigned?type=execution&workspaceId=ws-1&workflowId=wf-1&executionId=exec-1',
{
method: 'POST',
body: JSON.stringify({
fileName: 'output.mp4',
contentType: 'video/mp4',
fileSize: 4096,
}),
}
)
const response = await POST(request)
expect(response.status).toBe(200)
expect(mockValidateAttachmentFileType).toHaveBeenCalledWith('output.mp4')
expect(mockValidateFileType).not.toHaveBeenCalled()
})
it('rejects when validator returns an error', async () => {
setupFileApiMocks({ cloudEnabled: true, storageProvider: 's3' })
mockValidateAttachmentFileType.mockReturnValue({
code: 'UNSUPPORTED_FILE_TYPE',
message: 'Unsupported file type: bin.',
supportedTypes: [],
})
const request = new NextRequest(
'http://localhost:3000/api/files/presigned?type=execution&workspaceId=ws-1&workflowId=wf-1&executionId=exec-1',
{
method: 'POST',
body: JSON.stringify({
fileName: 'blob.bin',
contentType: 'application/octet-stream',
fileSize: 4096,
}),
}
)
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(400)
expect(data.code).toBe('VALIDATION_ERROR')
})
it('returns 400 when missing workflowId/executionId', async () => {
setupFileApiMocks({ cloudEnabled: true, storageProvider: 's3' })
const request = new NextRequest(
'http://localhost:3000/api/files/presigned?type=execution&workspaceId=ws-1',
{
method: 'POST',
body: JSON.stringify({
fileName: 'output.mp4',
contentType: 'video/mp4',
fileSize: 4096,
}),
}
)
const response = await POST(request)
expect(response.status).toBe(400)
})
it('inserts a workspaceFiles row with context=execution so previews authorize', async () => {
setupFileApiMocks({ cloudEnabled: true, storageProvider: 's3' })
const request = new NextRequest(
'http://localhost:3000/api/files/presigned?type=execution&workspaceId=ws-1&workflowId=wf-1&executionId=exec-1',
{
method: 'POST',
body: JSON.stringify({
fileName: 'output.mp4',
contentType: 'video/mp4',
fileSize: 4096,
}),
}
)
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(200)
expect(mockInsertFileMetadata).toHaveBeenCalledTimes(1)
expect(mockInsertFileMetadata).toHaveBeenCalledWith({
key: data.fileInfo.key,
userId: 'test-user-id',
workspaceId: 'ws-1',
context: 'execution',
originalName: 'output.mp4',
contentType: 'video/mp4',
size: 4096,
})
})
})
describe('workspace-logos uploads', () => {
it('inserts a workspaceFiles row with context=workspace-logos so logos authorize', async () => {
setupFileApiMocks({ cloudEnabled: true, storageProvider: 's3' })
const request = new NextRequest(
'http://localhost:3000/api/files/presigned?type=workspace-logos&workspaceId=ws-1',
{
method: 'POST',
body: JSON.stringify({
fileName: 'logo.png',
contentType: 'image/png',
fileSize: 4096,
}),
}
)
const response = await POST(request)
const data = await response.json()
expect(response.status).toBe(200)
expect(mockInsertFileMetadata).toHaveBeenCalledTimes(1)
expect(mockInsertFileMetadata).toHaveBeenCalledWith({
key: data.fileInfo.key,
userId: 'test-user-id',
workspaceId: 'ws-1',
context: 'workspace-logos',
originalName: 'logo.png',
contentType: 'image/png',
size: 4096,
})
})
})
describe('knowledge-base uploads', () => {
it('uses validateFileType (docs-only), not validateAttachmentFileType', async () => {
setupFileApiMocks({ cloudEnabled: true, storageProvider: 's3' })
const request = new NextRequest(
'http://localhost:3000/api/files/presigned?type=knowledge-base&workspaceId=ws-1',
{
method: 'POST',
body: JSON.stringify({
fileName: 'doc.pdf',
contentType: 'application/pdf',
fileSize: 4096,
}),
}
)
const response = await POST(request)
expect(response.status).toBe(200)
expect(mockValidateFileType).toHaveBeenCalledWith('doc.pdf', 'application/pdf')
expect(mockValidateAttachmentFileType).not.toHaveBeenCalled()
})
it('requires workspaceId for knowledge-base uploads', async () => {
setupFileApiMocks({ cloudEnabled: true, storageProvider: 's3' })
const request = new NextRequest(
'http://localhost:3000/api/files/presigned?type=knowledge-base',
{
method: 'POST',
body: JSON.stringify({
fileName: 'doc.pdf',
contentType: 'application/pdf',
fileSize: 4096,
}),
}
)
const response = await POST(request)
expect(response.status).toBe(400)
})
it('returns 403 when the user lacks write access to the workspace', async () => {
setupFileApiMocks({ cloudEnabled: true, storageProvider: 's3' })
mockGetUserEntityPermissions.mockResolvedValue('read')
const request = new NextRequest(
'http://localhost:3000/api/files/presigned?type=knowledge-base&workspaceId=ws-1',
{
method: 'POST',
body: JSON.stringify({
fileName: 'doc.pdf',
contentType: 'application/pdf',
fileSize: 4096,
}),
}
)
const response = await POST(request)
expect(response.status).toBe(403)
})
})
})
+349
View File
@@ -0,0 +1,349 @@
import { createLogger } from '@sim/logger'
import { getErrorMessage } from '@sim/utils/errors'
import { type NextRequest, NextResponse } from 'next/server'
import { presignedUploadBodyContract, uploadTypeSchema } from '@/lib/api/contracts/storage-transfer'
import { getValidationErrorMessage, parseRequest } from '@/lib/api/server'
import { getSession } from '@/lib/auth'
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
import { CopilotFiles } from '@/lib/uploads'
import type { StorageContext } from '@/lib/uploads/config'
import { USE_BLOB_STORAGE } from '@/lib/uploads/config'
import { generateExecutionFileKey } from '@/lib/uploads/contexts/execution/utils'
import { generateKnowledgeBaseFileKey } from '@/lib/uploads/contexts/knowledge-base/knowledge-base-file-manager'
import { generateWorkspaceFileKey } from '@/lib/uploads/contexts/workspace/workspace-file-manager'
import { generatePresignedUploadUrl, hasCloudStorage } from '@/lib/uploads/core/storage-service'
import { insertFileMetadata, recordKnowledgeBaseFileOwnership } from '@/lib/uploads/server/metadata'
import { isImageFileType } from '@/lib/uploads/utils/file-utils'
import { validateAttachmentFileType, validateFileType } from '@/lib/uploads/utils/validation'
import { getUserEntityPermissions } from '@/lib/workspaces/permissions/utils'
import { createErrorResponse } from '@/app/api/files/utils'
const logger = createLogger('PresignedUploadAPI')
const VALID_UPLOAD_TYPES = [
'knowledge-base',
'chat',
'copilot',
'profile-pictures',
'mothership',
'workspace-logos',
'execution',
] as const
class PresignedUrlError extends Error {
constructor(
message: string,
public code: string,
public statusCode = 400
) {
super(message)
this.name = 'PresignedUrlError'
}
}
class ValidationError extends PresignedUrlError {
constructor(message: string) {
super(message, 'VALIDATION_ERROR', 400)
}
}
export const POST = withRouteHandler(async (request: NextRequest) => {
try {
const session = await getSession()
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
const parsed = await parseRequest(
presignedUploadBodyContract,
request,
{},
{
validationErrorResponse: (error) => {
throw new ValidationError(getValidationErrorMessage(error, 'Invalid request data'))
},
invalidJsonResponse: () => {
throw new ValidationError('Invalid JSON in request body')
},
}
)
if (!parsed.success) return parsed.response
const { fileName, contentType, fileSize } = parsed.data.body
const uploadTypeParam = request.nextUrl.searchParams.get('type')
if (!uploadTypeParam) {
throw new ValidationError('type query parameter is required')
}
const uploadTypeResult = uploadTypeSchema.safeParse(uploadTypeParam)
if (!uploadTypeResult.success) {
throw new ValidationError(
`Invalid type parameter. Must be one of: ${VALID_UPLOAD_TYPES.join(', ')}`
)
}
const uploadType = uploadTypeResult.data as StorageContext
if (uploadType === 'knowledge-base') {
const fileValidationError = validateFileType(fileName, contentType)
if (fileValidationError) {
throw new ValidationError(`${fileValidationError.message}`)
}
}
const sessionUserId = session.user.id
if (!hasCloudStorage()) {
logger.info(
`Local storage detected - presigned URL not available for ${fileName}, client will use API fallback`
)
return NextResponse.json({
fileName,
presignedUrl: '', // Empty URL signals fallback to API upload
fileInfo: {
path: '',
key: '',
name: fileName,
size: fileSize,
type: contentType,
},
directUploadSupported: false,
})
}
logger.info(`Generating ${uploadType} presigned URL for ${fileName}`)
let presignedUrlResponse
if (uploadType === 'copilot') {
try {
presignedUrlResponse = await CopilotFiles.generateCopilotUploadUrl({
fileName,
contentType,
fileSize,
userId: sessionUserId,
expirationSeconds: 3600,
})
} catch (error) {
throw new ValidationError(getErrorMessage(error, 'Chat validation failed'))
}
} else if (uploadType === 'mothership') {
const workspaceId = request.nextUrl.searchParams.get('workspaceId')
if (!workspaceId?.trim()) {
throw new ValidationError('workspaceId query parameter is required for chat uploads')
}
const permission = await getUserEntityPermissions(sessionUserId, 'workspace', workspaceId)
if (permission !== 'write' && permission !== 'admin') {
return NextResponse.json(
{ error: 'Write or Admin access required for chat uploads' },
{ status: 403 }
)
}
const fileValidationError = validateAttachmentFileType(fileName)
if (fileValidationError) {
throw new ValidationError(fileValidationError.message)
}
const customKey = generateWorkspaceFileKey(workspaceId, fileName)
presignedUrlResponse = await generatePresignedUploadUrl({
fileName,
contentType,
fileSize,
context: 'mothership',
userId: sessionUserId,
customKey,
expirationSeconds: 3600,
metadata: { workspaceId },
})
await insertFileMetadata({
key: presignedUrlResponse.key,
userId: sessionUserId,
workspaceId,
context: 'mothership',
originalName: fileName,
contentType,
size: fileSize,
})
} else if (uploadType === 'execution') {
const workflowId = request.nextUrl.searchParams.get('workflowId')
const executionId = request.nextUrl.searchParams.get('executionId')
const workspaceId = request.nextUrl.searchParams.get('workspaceId')
if (!workflowId?.trim() || !executionId?.trim() || !workspaceId?.trim()) {
throw new ValidationError(
'workflowId, executionId, and workspaceId query parameters are required for execution uploads'
)
}
const permission = await getUserEntityPermissions(sessionUserId, 'workspace', workspaceId)
if (permission !== 'write' && permission !== 'admin') {
return NextResponse.json(
{ error: 'Write or Admin access required for execution uploads' },
{ status: 403 }
)
}
const fileValidationError = validateAttachmentFileType(fileName)
if (fileValidationError) {
throw new ValidationError(fileValidationError.message)
}
const customKey = generateExecutionFileKey({ workspaceId, workflowId, executionId }, fileName)
presignedUrlResponse = await generatePresignedUploadUrl({
fileName,
contentType,
fileSize,
context: 'execution',
userId: sessionUserId,
customKey,
expirationSeconds: 3600,
metadata: { workspaceId, workflowId, executionId },
})
await insertFileMetadata({
key: presignedUrlResponse.key,
userId: sessionUserId,
workspaceId,
context: 'execution',
originalName: fileName,
contentType,
size: fileSize,
})
} else if (uploadType === 'workspace-logos') {
const workspaceId = request.nextUrl.searchParams.get('workspaceId')
if (!workspaceId?.trim()) {
throw new ValidationError(
'workspaceId query parameter is required for workspace-logos uploads'
)
}
const permission = await getUserEntityPermissions(sessionUserId, 'workspace', workspaceId)
if (permission !== 'admin') {
return NextResponse.json(
{ error: 'Admin access required for workspace logo uploads' },
{ status: 403 }
)
}
if (!isImageFileType(contentType)) {
throw new ValidationError(
'Only image files (JPEG, PNG, GIF, WebP, SVG) are allowed for workspace logo uploads'
)
}
presignedUrlResponse = await generatePresignedUploadUrl({
fileName,
contentType,
fileSize,
context: 'workspace-logos',
userId: sessionUserId,
expirationSeconds: 3600,
metadata: { workspaceId },
})
await insertFileMetadata({
key: presignedUrlResponse.key,
userId: sessionUserId,
workspaceId,
context: 'workspace-logos',
originalName: fileName,
contentType,
size: fileSize,
})
} else if (uploadType === 'knowledge-base') {
const workspaceId = request.nextUrl.searchParams.get('workspaceId')
if (!workspaceId?.trim()) {
throw new ValidationError(
'workspaceId query parameter is required for knowledge-base uploads'
)
}
const permission = await getUserEntityPermissions(sessionUserId, 'workspace', workspaceId)
if (permission !== 'write' && permission !== 'admin') {
return NextResponse.json(
{ error: 'Write or Admin access required for knowledge-base uploads' },
{ status: 403 }
)
}
const customKey = generateKnowledgeBaseFileKey(fileName)
presignedUrlResponse = await generatePresignedUploadUrl({
fileName,
contentType,
fileSize,
context: 'knowledge-base',
userId: sessionUserId,
customKey,
expirationSeconds: 3600,
metadata: { workspaceId },
})
await recordKnowledgeBaseFileOwnership({
key: presignedUrlResponse.key,
userId: sessionUserId,
workspaceId,
originalName: fileName,
contentType,
size: fileSize,
})
} else {
if (uploadType === 'profile-pictures') {
if (!sessionUserId?.trim()) {
throw new ValidationError(
'Authenticated user session is required for profile picture uploads'
)
}
if (!isImageFileType(contentType)) {
throw new ValidationError(
'Only image files (JPEG, PNG, GIF, WebP, SVG) are allowed for profile picture uploads'
)
}
}
presignedUrlResponse = await generatePresignedUploadUrl({
fileName,
contentType,
fileSize,
context: uploadType,
userId: sessionUserId,
expirationSeconds: 3600, // 1 hour
})
}
const finalPath = `/api/files/serve/${USE_BLOB_STORAGE ? 'blob' : 's3'}/${encodeURIComponent(presignedUrlResponse.key)}?context=${uploadType}`
return NextResponse.json({
fileName,
presignedUrl: presignedUrlResponse.url,
fileInfo: {
path: finalPath,
key: presignedUrlResponse.key,
name: fileName,
size: fileSize,
type: contentType,
},
uploadHeaders: presignedUrlResponse.uploadHeaders,
directUploadSupported: true,
})
} catch (error) {
logger.error('Error generating presigned URL:', error)
if (error instanceof PresignedUrlError) {
return NextResponse.json(
{
error: error.message,
code: error.code,
directUploadSupported: false,
},
{ status: error.statusCode }
)
}
return createErrorResponse(
error instanceof Error ? error : new Error('Failed to generate presigned URL')
)
}
})