chore: import upstream snapshot with attribution
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
Publish CLI Package / publish-npm (push) Has been cancelled
Publish Python SDK / publish-pypi (push) Has been cancelled
Publish TypeScript SDK / publish-npm (push) Has been cancelled

This commit is contained in:
wehub-resource-sync
2026-07-13 13:20:55 +08:00
commit d25d482dc2
13754 changed files with 4996608 additions and 0 deletions
+72
View File
@@ -0,0 +1,72 @@
import { createLogger } from '@sim/logger'
import type { NextRequest } from 'next/server'
import { NextResponse } from 'next/server'
import { fileViewContract } from '@/lib/api/contracts/storage-transfer'
import { parseRequest } from '@/lib/api/server'
import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
import { type StorageContext, USE_BLOB_STORAGE } from '@/lib/uploads/config'
import { getFileMetadataById } from '@/lib/uploads/server/metadata'
import { verifyFileAccess } from '@/app/api/files/authorization'
const logger = createLogger('FilesViewAPI')
export const GET = withRouteHandler(
async (request: NextRequest, context: { params: Promise<{ id: string }> }) => {
const parsed = await parseRequest(fileViewContract, request, context)
if (!parsed.success) return parsed.response
const { id } = parsed.data.params
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success || !authResult.userId) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
const record = await getFileMetadataById(id)
if (!record) {
logger.warn('File not found by ID', { id })
return NextResponse.json({ error: 'Not found' }, { status: 404 })
}
// Authorize before disclosing anything about the file. Pass the record's own context so access is
// resolved from the DB row (workspace and mothership both map to workspace membership) rather than
// re-inferred from the key, and deny with 404 so a caller without access cannot distinguish a
// file's existence or context from a missing id.
const hasAccess = await verifyFileAccess(
record.key,
authResult.userId,
undefined,
record.context as StorageContext | 'general'
)
if (!hasAccess) {
logger.warn('Unauthorized file view attempt', { id, userId: authResult.userId })
return NextResponse.json({ error: 'Not found' }, { status: 404 })
}
// Only workspace-scoped files are embeddable/viewable here. Other contexts (e.g. chat-scoped
// `mothership` uploads) are not durable workspace artifacts; now that the caller is known to have
// access, reject with a legible 422 so the embed fails cleanly and the file agent can self-correct.
if (record.context !== 'workspace') {
logger.warn('Rejected non-workspace file view', { id, context: record.context })
return NextResponse.json(
{
error: `File ${id} has context "${record.context}" and is not embeddable. Only workspace files can be viewed via /api/files/view. Save it into the workspace and reference the workspace copy.`,
},
{ status: 422 }
)
}
const storagePrefix = USE_BLOB_STORAGE ? 'blob' : 's3'
const servePath = `/api/files/serve/${storagePrefix}/${encodeURIComponent(record.key)}`
logger.info('Redirecting file view to serve path', { id, servePath })
// Emit a relative Location so the browser resolves it against the public origin it requested.
// `NextResponse.redirect(new URL(servePath, request.url))` bakes in the host from `request.url`,
// which behind the load balancer is the internal pod host (e.g. ip-10-0-x.ec2.internal:3000) —
// unreachable from the browser, so embedded <img src="/api/files/view/<id>"> loads fail. A
// relative Location resolves against the original public URL (matching how the Files tab fetches
// serve URLs directly).
return new NextResponse(null, { status: 302, headers: { Location: servePath } })
}
)