chore: import upstream snapshot with attribution
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
Publish CLI Package / publish-npm (push) Has been cancelled
Publish Python SDK / publish-pypi (push) Has been cancelled
Publish TypeScript SDK / publish-npm (push) Has been cancelled

This commit is contained in:
wehub-resource-sync
2026-07-13 13:20:55 +08:00
commit d25d482dc2
13754 changed files with 4996608 additions and 0 deletions
@@ -0,0 +1,209 @@
/**
* @vitest-environment node
*/
import { hybridAuthMockFns, workflowAuthzMockFns } from '@sim/testing'
import { NextRequest } from 'next/server'
import { beforeEach, describe, expect, it, vi } from 'vitest'
import type { TableDefinition } from '@/lib/table'
const { mockCheckAccess, mockAddWorkflowGroup, mockUpdateWorkflowGroup } = vi.hoisted(() => ({
mockCheckAccess: vi.fn(),
mockAddWorkflowGroup: vi.fn(),
mockUpdateWorkflowGroup: vi.fn(),
}))
vi.mock('@/app/api/table/utils', async () => {
const { NextResponse } = await import('next/server')
return {
accessError: (result: { status: number }) =>
NextResponse.json({ error: 'denied' }, { status: result.status }),
checkAccess: mockCheckAccess,
normalizeColumn: (column: unknown) => column,
}
})
vi.mock('@/lib/table/workflow-groups/service', () => ({
addWorkflowGroup: mockAddWorkflowGroup,
updateWorkflowGroup: mockUpdateWorkflowGroup,
deleteWorkflowGroup: vi.fn(),
}))
import { PATCH, POST } from '@/app/api/table/[tableId]/groups/route'
function buildTable(overrides: Partial<TableDefinition> = {}): TableDefinition {
return {
id: 'tbl_1',
name: 'People',
description: null,
schema: { columns: [] },
metadata: null,
rowCount: 0,
maxRows: 100,
workspaceId: 'workspace-1',
createdBy: 'user-1',
archivedAt: null,
createdAt: new Date('2024-01-01'),
updatedAt: new Date('2024-01-01'),
...overrides,
}
}
function callPost(body: Record<string, unknown>, tableId = 'tbl_1') {
const req = new NextRequest(`http://localhost:3000/api/table/${tableId}/groups`, {
method: 'POST',
body: JSON.stringify(body),
headers: { 'Content-Type': 'application/json' },
})
return POST(req, { params: Promise.resolve({ tableId }) })
}
function callPatch(body: Record<string, unknown>, tableId = 'tbl_1') {
const req = new NextRequest(`http://localhost:3000/api/table/${tableId}/groups`, {
method: 'PATCH',
body: JSON.stringify(body),
headers: { 'Content-Type': 'application/json' },
})
return PATCH(req, { params: Promise.resolve({ tableId }) })
}
const baseGroup = {
id: 'grp_1',
workflowId: 'wf_1',
outputs: [{ blockId: 'block_1', path: 'result', columnName: 'result' }],
}
const baseOutputColumns = [{ name: 'result', type: 'string', workflowGroupId: 'grp_1' }]
describe('POST /api/table/[tableId]/groups', () => {
beforeEach(() => {
vi.clearAllMocks()
hybridAuthMockFns.mockCheckSessionOrInternalAuth.mockResolvedValue({
success: true,
userId: 'user-1',
authType: 'session',
})
mockCheckAccess.mockResolvedValue({ ok: true, table: buildTable() })
workflowAuthzMockFns.mockGetActiveWorkflowContext.mockResolvedValue({
workflow: { id: 'wf_1' },
workspaceId: 'workspace-1',
workspaceOrganizationId: null,
})
mockAddWorkflowGroup.mockResolvedValue({
schema: { columns: baseOutputColumns, workflowGroups: [baseGroup] },
})
})
it('rejects a workflowId belonging to a different workspace', async () => {
workflowAuthzMockFns.mockGetActiveWorkflowContext.mockResolvedValue({
workflow: { id: 'wf_1' },
workspaceId: 'other-workspace',
workspaceOrganizationId: null,
})
const res = await callPost({
workspaceId: 'workspace-1',
group: baseGroup,
outputColumns: baseOutputColumns,
})
expect(res.status).toBe(400)
expect(mockAddWorkflowGroup).not.toHaveBeenCalled()
})
it('rejects a nonexistent workflowId', async () => {
workflowAuthzMockFns.mockGetActiveWorkflowContext.mockResolvedValue(null)
const res = await callPost({
workspaceId: 'workspace-1',
group: baseGroup,
outputColumns: baseOutputColumns,
})
expect(res.status).toBe(400)
expect(mockAddWorkflowGroup).not.toHaveBeenCalled()
})
it('succeeds when the workflow belongs to the same workspace', async () => {
const res = await callPost({
workspaceId: 'workspace-1',
group: baseGroup,
outputColumns: baseOutputColumns,
})
expect(res.status).toBe(200)
expect(mockAddWorkflowGroup).toHaveBeenCalled()
})
it('skips the workflow check for enrichment groups without a workflowId', async () => {
const res = await callPost({
workspaceId: 'workspace-1',
group: { ...baseGroup, workflowId: '', enrichmentId: 'enrich_1' },
outputColumns: baseOutputColumns,
})
expect(res.status).toBe(200)
expect(workflowAuthzMockFns.mockGetActiveWorkflowContext).not.toHaveBeenCalled()
expect(mockAddWorkflowGroup).toHaveBeenCalled()
})
})
describe('PATCH /api/table/[tableId]/groups', () => {
beforeEach(() => {
vi.clearAllMocks()
hybridAuthMockFns.mockCheckSessionOrInternalAuth.mockResolvedValue({
success: true,
userId: 'user-1',
authType: 'session',
})
mockCheckAccess.mockResolvedValue({ ok: true, table: buildTable() })
workflowAuthzMockFns.mockGetActiveWorkflowContext.mockResolvedValue({
workflow: { id: 'wf_1' },
workspaceId: 'workspace-1',
workspaceOrganizationId: null,
})
mockUpdateWorkflowGroup.mockResolvedValue({
schema: { columns: baseOutputColumns, workflowGroups: [baseGroup] },
})
})
it('rejects changing workflowId to one in a different workspace', async () => {
workflowAuthzMockFns.mockGetActiveWorkflowContext.mockResolvedValue({
workflow: { id: 'wf_2' },
workspaceId: 'other-workspace',
workspaceOrganizationId: null,
})
const res = await callPatch({
workspaceId: 'workspace-1',
groupId: 'grp_1',
workflowId: 'wf_2',
})
expect(res.status).toBe(400)
expect(mockUpdateWorkflowGroup).not.toHaveBeenCalled()
})
it('rejects a nonexistent workflowId', async () => {
workflowAuthzMockFns.mockGetActiveWorkflowContext.mockResolvedValue(null)
const res = await callPatch({
workspaceId: 'workspace-1',
groupId: 'grp_1',
workflowId: 'wf_missing',
})
expect(res.status).toBe(400)
expect(mockUpdateWorkflowGroup).not.toHaveBeenCalled()
})
it('succeeds when changing workflowId to one in the same workspace', async () => {
const res = await callPatch({
workspaceId: 'workspace-1',
groupId: 'grp_1',
workflowId: 'wf_1',
})
expect(res.status).toBe(200)
expect(mockUpdateWorkflowGroup).toHaveBeenCalled()
})
it('skips the workflow check when workflowId is not being changed', async () => {
const res = await callPatch({
workspaceId: 'workspace-1',
groupId: 'grp_1',
name: 'Renamed group',
})
expect(res.status).toBe(200)
expect(workflowAuthzMockFns.mockGetActiveWorkflowContext).not.toHaveBeenCalled()
expect(mockUpdateWorkflowGroup).toHaveBeenCalled()
})
})
@@ -0,0 +1,207 @@
import { createLogger } from '@sim/logger'
import { getActiveWorkflowContext } from '@sim/platform-authz/workflow'
import { type NextRequest, NextResponse } from 'next/server'
import {
addWorkflowGroupContract,
deleteWorkflowGroupContract,
updateWorkflowGroupContract,
} from '@/lib/api/contracts/tables'
import { parseRequest } from '@/lib/api/server'
import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
import { generateRequestId } from '@/lib/core/utils/request'
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
import {
addWorkflowGroup,
deleteWorkflowGroup,
updateWorkflowGroup,
} from '@/lib/table/workflow-groups/service'
import { accessError, checkAccess, normalizeColumn } from '@/app/api/table/utils'
const logger = createLogger('TableWorkflowGroupsAPI')
interface RouteParams {
params: Promise<{ tableId: string }>
}
/**
* Confirms `workflowId` resolves to an active workflow in `workspaceId` before it is
* persisted onto a table's workflow group. Returns a 400 response when the workflow
* doesn't exist or belongs to a different workspace, otherwise `null`.
*/
async function validateWorkflowInWorkspace(
workflowId: string,
workspaceId: string
): Promise<NextResponse | null> {
const context = await getActiveWorkflowContext(workflowId)
if (!context || context.workspaceId !== workspaceId) {
return NextResponse.json({ error: 'Invalid workflow ID' }, { status: 400 })
}
return null
}
/**
* Maps known service-layer error messages onto HTTP responses; falls through
* to a 500 with a generic message for anything unrecognized. The three
* group-route handlers all surface the same error shapes from
* `addWorkflowGroup` / `updateWorkflowGroup` / `deleteWorkflowGroup`, so they
* share this mapper instead of repeating the if-chain three times.
*/
function mapWorkflowGroupError(error: unknown, fallbackMessage: string): NextResponse {
if (error instanceof Error) {
const msg = error.message
if (msg === 'Table not found' || msg.includes('not found')) {
return NextResponse.json({ error: msg }, { status: 404 })
}
if (
msg.includes('Schema validation') ||
msg.includes('Missing column definition') ||
msg.includes('already exists') ||
msg.includes('exceed')
) {
return NextResponse.json({ error: msg }, { status: 400 })
}
}
logger.error(fallbackMessage, error)
return NextResponse.json({ error: fallbackMessage }, { status: 500 })
}
/** POST /api/table/[tableId]/groups — create a workflow group + its output columns. */
export const POST = withRouteHandler(async (request: NextRequest, { params }: RouteParams) => {
const requestId = generateRequestId()
try {
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success || !authResult.userId) {
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
}
const parsed = await parseRequest(addWorkflowGroupContract, request, { params })
if (!parsed.success) return parsed.response
const { tableId } = parsed.data.params
const validated = parsed.data.body
const result = await checkAccess(tableId, authResult.userId, 'write')
if (!result.ok) return accessError(result, requestId, tableId)
if (result.table.workspaceId !== validated.workspaceId) {
return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
}
if (validated.group.workflowId) {
const workflowError = await validateWorkflowInWorkspace(
validated.group.workflowId,
result.table.workspaceId
)
if (workflowError) return workflowError
}
const updatedTable = await addWorkflowGroup(
{
tableId,
group: validated.group,
outputColumns: validated.outputColumns,
autoRun: validated.autoRun,
actorUserId: authResult.userId,
},
requestId
)
return NextResponse.json({
success: true,
data: {
columns: updatedTable.schema.columns.map(normalizeColumn),
workflowGroups: updatedTable.schema.workflowGroups ?? [],
},
})
} catch (error) {
return mapWorkflowGroupError(error, 'Failed to add workflow group')
}
})
/** PATCH /api/table/[tableId]/groups — update a workflow group (deps / outputs). */
export const PATCH = withRouteHandler(async (request: NextRequest, { params }: RouteParams) => {
const requestId = generateRequestId()
try {
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success || !authResult.userId) {
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
}
const parsed = await parseRequest(updateWorkflowGroupContract, request, { params })
if (!parsed.success) return parsed.response
const { tableId } = parsed.data.params
const validated = parsed.data.body
const result = await checkAccess(tableId, authResult.userId, 'write')
if (!result.ok) return accessError(result, requestId, tableId)
if (result.table.workspaceId !== validated.workspaceId) {
return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
}
if (validated.workflowId !== undefined) {
const workflowError = await validateWorkflowInWorkspace(
validated.workflowId,
result.table.workspaceId
)
if (workflowError) return workflowError
}
const updatedTable = await updateWorkflowGroup(
{
tableId,
groupId: validated.groupId,
actorUserId: authResult.userId,
...(validated.workflowId !== undefined ? { workflowId: validated.workflowId } : {}),
...(validated.name !== undefined ? { name: validated.name } : {}),
...(validated.dependencies !== undefined ? { dependencies: validated.dependencies } : {}),
...(validated.outputs !== undefined ? { outputs: validated.outputs } : {}),
...(validated.newOutputColumns !== undefined
? { newOutputColumns: validated.newOutputColumns }
: {}),
...(validated.mappingUpdates !== undefined
? { mappingUpdates: validated.mappingUpdates }
: {}),
...(validated.inputMappings !== undefined
? { inputMappings: validated.inputMappings }
: {}),
...(validated.deploymentMode !== undefined
? { deploymentMode: validated.deploymentMode }
: {}),
...(validated.type !== undefined ? { type: validated.type } : {}),
...(validated.autoRun !== undefined ? { autoRun: validated.autoRun } : {}),
},
requestId
)
return NextResponse.json({
success: true,
data: {
columns: updatedTable.schema.columns.map(normalizeColumn),
workflowGroups: updatedTable.schema.workflowGroups ?? [],
},
})
} catch (error) {
return mapWorkflowGroupError(error, 'Failed to update workflow group')
}
})
/** DELETE /api/table/[tableId]/groups — remove a workflow group + its columns. */
export const DELETE = withRouteHandler(async (request: NextRequest, { params }: RouteParams) => {
const requestId = generateRequestId()
try {
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success || !authResult.userId) {
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
}
const parsed = await parseRequest(deleteWorkflowGroupContract, request, { params })
if (!parsed.success) return parsed.response
const { tableId } = parsed.data.params
const validated = parsed.data.body
const result = await checkAccess(tableId, authResult.userId, 'write')
if (!result.ok) return accessError(result, requestId, tableId)
if (result.table.workspaceId !== validated.workspaceId) {
return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
}
const updatedTable = await deleteWorkflowGroup(
{ tableId, groupId: validated.groupId },
requestId
)
return NextResponse.json({
success: true,
data: {
columns: updatedTable.schema.columns.map(normalizeColumn),
workflowGroups: updatedTable.schema.workflowGroups ?? [],
},
})
} catch (error) {
return mapWorkflowGroupError(error, 'Failed to delete workflow group')
}
})