chore: import upstream snapshot with attribution
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
Publish CLI Package / publish-npm (push) Has been cancelled
Publish Python SDK / publish-pypi (push) Has been cancelled
Publish TypeScript SDK / publish-npm (push) Has been cancelled
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
Publish CLI Package / publish-npm (push) Has been cancelled
Publish Python SDK / publish-pypi (push) Has been cancelled
Publish TypeScript SDK / publish-npm (push) Has been cancelled
This commit is contained in:
@@ -0,0 +1,118 @@
|
||||
/**
|
||||
* @vitest-environment node
|
||||
*/
|
||||
import { hybridAuthMockFns } from '@sim/testing'
|
||||
import { NextRequest } from 'next/server'
|
||||
import { beforeEach, describe, expect, it, vi } from 'vitest'
|
||||
import type { EnrichmentRunDetail, TableDefinition } from '@/lib/table'
|
||||
|
||||
const { mockCheckAccess, mockLoadEnrichmentDetail } = vi.hoisted(() => ({
|
||||
mockCheckAccess: vi.fn(),
|
||||
mockLoadEnrichmentDetail: vi.fn(),
|
||||
}))
|
||||
|
||||
vi.mock('@/lib/table/rows/executions', () => ({
|
||||
loadEnrichmentDetail: mockLoadEnrichmentDetail,
|
||||
}))
|
||||
vi.mock('@/app/api/table/utils', async () => {
|
||||
const { NextResponse } = await import('next/server')
|
||||
return {
|
||||
checkAccess: mockCheckAccess,
|
||||
accessError: (result: { status: number }) =>
|
||||
NextResponse.json({ error: 'denied' }, { status: result.status }),
|
||||
}
|
||||
})
|
||||
|
||||
import { GET } from '@/app/api/table/[tableId]/rows/[rowId]/enrichment/[groupId]/route'
|
||||
|
||||
function buildTable(): TableDefinition {
|
||||
return {
|
||||
id: 'tbl_1',
|
||||
name: 'People',
|
||||
description: null,
|
||||
schema: { columns: [] },
|
||||
metadata: null,
|
||||
rowCount: 1,
|
||||
maxRows: 1_000_000,
|
||||
workspaceId: 'workspace-1',
|
||||
createdBy: 'user-1',
|
||||
archivedAt: null,
|
||||
createdAt: new Date(),
|
||||
updatedAt: new Date(),
|
||||
}
|
||||
}
|
||||
|
||||
function makeRequest(tableId = 'tbl_1', rowId = 'row_1', groupId = 'grp_1') {
|
||||
const req = new NextRequest(
|
||||
`http://localhost:3000/api/table/${tableId}/rows/${rowId}/enrichment/${groupId}`
|
||||
)
|
||||
return GET(req, { params: Promise.resolve({ tableId, rowId, groupId }) })
|
||||
}
|
||||
|
||||
const detail: EnrichmentRunDetail = {
|
||||
startedAt: '2026-06-18T00:00:00.000Z',
|
||||
completedAt: '2026-06-18T00:00:01.000Z',
|
||||
durationMs: 1000,
|
||||
totalCost: 0.05,
|
||||
matchedProvider: 'hunter',
|
||||
aborted: false,
|
||||
providers: [
|
||||
{
|
||||
id: 'hunter',
|
||||
label: 'Hunter',
|
||||
toolId: 'hunter_find_email',
|
||||
status: 'matched',
|
||||
cost: 0.05,
|
||||
durationMs: 1000,
|
||||
error: null,
|
||||
},
|
||||
],
|
||||
}
|
||||
|
||||
describe('GET /api/table/[tableId]/rows/[rowId]/enrichment/[groupId]', () => {
|
||||
beforeEach(() => {
|
||||
vi.clearAllMocks()
|
||||
hybridAuthMockFns.mockCheckSessionOrInternalAuth.mockResolvedValue({
|
||||
success: true,
|
||||
userId: 'user-1',
|
||||
authType: 'session',
|
||||
})
|
||||
mockCheckAccess.mockResolvedValue({ ok: true, table: buildTable() })
|
||||
})
|
||||
|
||||
it('returns the enrichment detail', async () => {
|
||||
mockLoadEnrichmentDetail.mockResolvedValue(detail)
|
||||
const res = await makeRequest()
|
||||
expect(res.status).toBe(200)
|
||||
const json = await res.json()
|
||||
expect(json).toEqual({ success: true, data: { detail } })
|
||||
expect(mockLoadEnrichmentDetail).toHaveBeenCalledWith(
|
||||
expect.anything(),
|
||||
'tbl_1',
|
||||
'row_1',
|
||||
'grp_1'
|
||||
)
|
||||
})
|
||||
|
||||
it('returns null when there is no recorded run', async () => {
|
||||
mockLoadEnrichmentDetail.mockResolvedValue(null)
|
||||
const res = await makeRequest()
|
||||
expect(res.status).toBe(200)
|
||||
const json = await res.json()
|
||||
expect(json).toEqual({ success: true, data: { detail: null } })
|
||||
})
|
||||
|
||||
it('401s when unauthenticated', async () => {
|
||||
hybridAuthMockFns.mockCheckSessionOrInternalAuth.mockResolvedValue({ success: false })
|
||||
const res = await makeRequest()
|
||||
expect(res.status).toBe(401)
|
||||
expect(mockLoadEnrichmentDetail).not.toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('denies when access check fails', async () => {
|
||||
mockCheckAccess.mockResolvedValue({ ok: false, status: 403 })
|
||||
const res = await makeRequest()
|
||||
expect(res.status).toBe(403)
|
||||
expect(mockLoadEnrichmentDetail).not.toHaveBeenCalled()
|
||||
})
|
||||
})
|
||||
@@ -0,0 +1,51 @@
|
||||
import { db } from '@sim/db'
|
||||
import { createLogger } from '@sim/logger'
|
||||
import { type NextRequest, NextResponse } from 'next/server'
|
||||
import { getEnrichmentDetailContract } from '@/lib/api/contracts/tables'
|
||||
import { parseRequest } from '@/lib/api/server'
|
||||
import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
|
||||
import { generateRequestId } from '@/lib/core/utils/request'
|
||||
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
|
||||
import { loadEnrichmentDetail } from '@/lib/table/rows/executions'
|
||||
import { accessError, checkAccess } from '@/app/api/table/utils'
|
||||
|
||||
const logger = createLogger('EnrichmentDetailAPI')
|
||||
|
||||
interface RouteParams {
|
||||
params: Promise<{ tableId: string; rowId: string; groupId: string }>
|
||||
}
|
||||
|
||||
/**
|
||||
* GET /api/table/[tableId]/rows/[rowId]/enrichment/[groupId]
|
||||
*
|
||||
* Returns the enrichment cascade breakdown (provider outcomes, cost, timing)
|
||||
* for one enrichment cell. Read on demand by the enrichment details panel —
|
||||
* this data is deliberately kept off the hot grid read. Returns `null` for
|
||||
* cells with no recorded run or runs that predate the feature.
|
||||
*/
|
||||
export const GET = withRouteHandler(async (request: NextRequest, { params }: RouteParams) => {
|
||||
const requestId = generateRequestId()
|
||||
|
||||
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
|
||||
if (!authResult.success || !authResult.userId) {
|
||||
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
|
||||
}
|
||||
|
||||
const parsed = await parseRequest(getEnrichmentDetailContract, request, { params })
|
||||
if (!parsed.success) return parsed.response
|
||||
const { tableId, rowId, groupId } = parsed.data.params
|
||||
|
||||
const result = await checkAccess(tableId, authResult.userId, 'read')
|
||||
if (!result.ok) return accessError(result, requestId, tableId)
|
||||
|
||||
const detail = await loadEnrichmentDetail(db, tableId, rowId, groupId)
|
||||
|
||||
logger.info(`[${requestId}] Loaded enrichment detail`, {
|
||||
tableId,
|
||||
rowId,
|
||||
groupId,
|
||||
hasDetail: detail !== null,
|
||||
})
|
||||
|
||||
return NextResponse.json({ success: true, data: { detail } })
|
||||
})
|
||||
@@ -0,0 +1,233 @@
|
||||
import { db } from '@sim/db'
|
||||
import { userTableRows } from '@sim/db/schema'
|
||||
import { createLogger } from '@sim/logger'
|
||||
import { toError } from '@sim/utils/errors'
|
||||
import { and, eq } from 'drizzle-orm'
|
||||
import { type NextRequest, NextResponse } from 'next/server'
|
||||
import {
|
||||
deleteTableRowContract,
|
||||
getTableQuerySchema,
|
||||
updateTableRowContract,
|
||||
} from '@/lib/api/contracts/tables'
|
||||
import { isZodError, parseRequest, validationErrorResponse } from '@/lib/api/server/validation'
|
||||
import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
|
||||
import { generateRequestId } from '@/lib/core/utils/request'
|
||||
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
|
||||
import type { RowData, TableSchema } from '@/lib/table'
|
||||
import { deleteRow, updateRow } from '@/lib/table'
|
||||
import { rowWireTranslators } from '@/app/api/table/row-wire'
|
||||
import {
|
||||
accessError,
|
||||
checkAccess,
|
||||
rootErrorMessage,
|
||||
rowWriteErrorResponse,
|
||||
} from '@/app/api/table/utils'
|
||||
|
||||
const logger = createLogger('TableRowAPI')
|
||||
|
||||
interface RowRouteParams {
|
||||
params: Promise<{ tableId: string; rowId: string }>
|
||||
}
|
||||
|
||||
/** GET /api/table/[tableId]/rows/[rowId] - Retrieves a single row. */
|
||||
export const GET = withRouteHandler(async (request: NextRequest, { params }: RowRouteParams) => {
|
||||
const requestId = generateRequestId()
|
||||
const { tableId, rowId } = await params
|
||||
|
||||
try {
|
||||
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
|
||||
if (!authResult.success || !authResult.userId) {
|
||||
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
|
||||
}
|
||||
|
||||
const { searchParams } = new URL(request.url)
|
||||
const validated = getTableQuerySchema.parse({
|
||||
workspaceId: searchParams.get('workspaceId'),
|
||||
})
|
||||
|
||||
const result = await checkAccess(tableId, authResult.userId, 'read')
|
||||
if (!result.ok) return accessError(result, requestId, tableId)
|
||||
|
||||
const { table } = result
|
||||
|
||||
if (table.workspaceId !== validated.workspaceId) {
|
||||
return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
|
||||
}
|
||||
|
||||
const [row] = await db
|
||||
.select({
|
||||
id: userTableRows.id,
|
||||
data: userTableRows.data,
|
||||
position: userTableRows.position,
|
||||
createdAt: userTableRows.createdAt,
|
||||
updatedAt: userTableRows.updatedAt,
|
||||
})
|
||||
.from(userTableRows)
|
||||
.where(
|
||||
and(
|
||||
eq(userTableRows.id, rowId),
|
||||
eq(userTableRows.tableId, tableId),
|
||||
eq(userTableRows.workspaceId, validated.workspaceId)
|
||||
)
|
||||
)
|
||||
.limit(1)
|
||||
|
||||
if (!row) {
|
||||
return NextResponse.json({ error: 'Row not found' }, { status: 404 })
|
||||
}
|
||||
|
||||
logger.info(`[${requestId}] Retrieved row ${rowId} from table ${tableId}`)
|
||||
|
||||
const wire = rowWireTranslators(authResult.authType, table.schema as TableSchema)
|
||||
|
||||
return NextResponse.json({
|
||||
success: true,
|
||||
data: {
|
||||
row: {
|
||||
id: row.id,
|
||||
data: wire.dataOut(row.data as RowData),
|
||||
position: row.position,
|
||||
createdAt:
|
||||
row.createdAt instanceof Date ? row.createdAt.toISOString() : String(row.createdAt),
|
||||
updatedAt:
|
||||
row.updatedAt instanceof Date ? row.updatedAt.toISOString() : String(row.updatedAt),
|
||||
},
|
||||
},
|
||||
})
|
||||
} catch (error) {
|
||||
if (isZodError(error)) {
|
||||
return validationErrorResponse(error)
|
||||
}
|
||||
|
||||
logger.error(`[${requestId}] Error getting row:`, error)
|
||||
return NextResponse.json({ error: 'Failed to get row' }, { status: 500 })
|
||||
}
|
||||
})
|
||||
|
||||
/** PATCH /api/table/[tableId]/rows/[rowId] - Updates a single row (supports partial updates). */
|
||||
export const PATCH = withRouteHandler(async (request: NextRequest, context: RowRouteParams) => {
|
||||
const requestId = generateRequestId()
|
||||
|
||||
try {
|
||||
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
|
||||
if (!authResult.success || !authResult.userId) {
|
||||
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
|
||||
}
|
||||
|
||||
const parsed = await parseRequest(updateTableRowContract, request, context, {
|
||||
validationErrorResponse: (error) => validationErrorResponse(error),
|
||||
})
|
||||
if (!parsed.success) return parsed.response
|
||||
|
||||
const { tableId, rowId } = parsed.data.params
|
||||
const validated = parsed.data.body
|
||||
|
||||
const result = await checkAccess(tableId, authResult.userId, 'write')
|
||||
if (!result.ok) return accessError(result, requestId, tableId)
|
||||
|
||||
const { table } = result
|
||||
|
||||
if (table.workspaceId !== validated.workspaceId) {
|
||||
return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
|
||||
}
|
||||
|
||||
const wire = rowWireTranslators(authResult.authType, table.schema as TableSchema)
|
||||
const updatedRow = await updateRow(
|
||||
{
|
||||
tableId,
|
||||
rowId,
|
||||
data: wire.dataIn(validated.data as RowData),
|
||||
workspaceId: validated.workspaceId,
|
||||
actorUserId: authResult.userId,
|
||||
},
|
||||
table,
|
||||
requestId
|
||||
)
|
||||
// Only `null` when a `cancellationGuard` is supplied and the SQL guard
|
||||
// rejects the write — this route doesn't pass one, so reaching null is a bug.
|
||||
if (!updatedRow) throw new Error('updateRow returned null without a cancellationGuard')
|
||||
// Auto-dispatch for user edits is handled inside `updateRow` (mode: 'new').
|
||||
// Firing a second mode: 'incomplete' dispatch here would race with the
|
||||
// `mode: 'new'` one AND bulk-clear sibling-group outputs (the incomplete
|
||||
// bulk-clear wipes ALL targeted columns when any one column on the row
|
||||
// is empty).
|
||||
|
||||
return NextResponse.json({
|
||||
success: true,
|
||||
data: {
|
||||
row: {
|
||||
id: updatedRow.id,
|
||||
data: wire.dataOut(updatedRow.data),
|
||||
position: updatedRow.position,
|
||||
createdAt:
|
||||
updatedRow.createdAt instanceof Date
|
||||
? updatedRow.createdAt.toISOString()
|
||||
: updatedRow.createdAt,
|
||||
updatedAt:
|
||||
updatedRow.updatedAt instanceof Date
|
||||
? updatedRow.updatedAt.toISOString()
|
||||
: updatedRow.updatedAt,
|
||||
},
|
||||
message: 'Row updated successfully',
|
||||
},
|
||||
})
|
||||
} catch (error) {
|
||||
if (rootErrorMessage(error) === 'Row not found') {
|
||||
return NextResponse.json({ error: 'Row not found' }, { status: 404 })
|
||||
}
|
||||
|
||||
const response = rowWriteErrorResponse(error)
|
||||
if (response) return response
|
||||
|
||||
logger.error(`[${requestId}] Error updating row:`, error)
|
||||
return NextResponse.json({ error: 'Failed to update row' }, { status: 500 })
|
||||
}
|
||||
})
|
||||
|
||||
/** DELETE /api/table/[tableId]/rows/[rowId] - Deletes a single row. */
|
||||
export const DELETE = withRouteHandler(async (request: NextRequest, context: RowRouteParams) => {
|
||||
const requestId = generateRequestId()
|
||||
|
||||
try {
|
||||
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
|
||||
if (!authResult.success || !authResult.userId) {
|
||||
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
|
||||
}
|
||||
|
||||
const parsed = await parseRequest(deleteTableRowContract, request, context, {
|
||||
validationErrorResponse: (error) => validationErrorResponse(error),
|
||||
})
|
||||
if (!parsed.success) return parsed.response
|
||||
|
||||
const { tableId, rowId } = parsed.data.params
|
||||
const validated = parsed.data.body
|
||||
|
||||
const result = await checkAccess(tableId, authResult.userId, 'write')
|
||||
if (!result.ok) return accessError(result, requestId, tableId)
|
||||
|
||||
const { table } = result
|
||||
|
||||
if (table.workspaceId !== validated.workspaceId) {
|
||||
return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
|
||||
}
|
||||
|
||||
await deleteRow(tableId, rowId, validated.workspaceId, requestId)
|
||||
|
||||
return NextResponse.json({
|
||||
success: true,
|
||||
data: {
|
||||
message: 'Row deleted successfully',
|
||||
deletedCount: 1,
|
||||
},
|
||||
})
|
||||
} catch (error) {
|
||||
const errorMessage = toError(error).message
|
||||
|
||||
if (errorMessage === 'Row not found') {
|
||||
return NextResponse.json({ error: errorMessage }, { status: 404 })
|
||||
}
|
||||
|
||||
logger.error(`[${requestId}] Error deleting row:`, error)
|
||||
return NextResponse.json({ error: 'Failed to delete row' }, { status: 500 })
|
||||
}
|
||||
})
|
||||
@@ -0,0 +1,137 @@
|
||||
/**
|
||||
* @vitest-environment node
|
||||
*/
|
||||
import { hybridAuthMockFns } from '@sim/testing'
|
||||
import { NextRequest } from 'next/server'
|
||||
import { beforeEach, describe, expect, it, vi } from 'vitest'
|
||||
import type { TableDefinition } from '@/lib/table'
|
||||
|
||||
const { mockCheckAccess, mockFindRowMatches } = vi.hoisted(() => ({
|
||||
mockCheckAccess: vi.fn(),
|
||||
mockFindRowMatches: vi.fn(),
|
||||
}))
|
||||
|
||||
vi.mock('@/app/api/table/utils', async () => {
|
||||
const { NextResponse } = await import('next/server')
|
||||
return {
|
||||
checkAccess: mockCheckAccess,
|
||||
accessError: (result: { status: number }) =>
|
||||
NextResponse.json(
|
||||
{ error: result.status === 404 ? 'Table not found' : 'Access denied' },
|
||||
{ status: result.status }
|
||||
),
|
||||
}
|
||||
})
|
||||
|
||||
vi.mock('@/lib/table/rows/service', () => ({
|
||||
findRowMatches: mockFindRowMatches,
|
||||
}))
|
||||
|
||||
import { GET } from '@/app/api/table/[tableId]/rows/find/route'
|
||||
|
||||
function buildTable(overrides: Partial<TableDefinition> = {}): TableDefinition {
|
||||
return {
|
||||
id: 'tbl_1',
|
||||
name: 'People',
|
||||
description: null,
|
||||
schema: { columns: [{ name: 'name', type: 'string' }] },
|
||||
metadata: null,
|
||||
rowCount: 0,
|
||||
maxRows: 100,
|
||||
workspaceId: 'workspace-1',
|
||||
createdBy: 'user-1',
|
||||
archivedAt: null,
|
||||
createdAt: new Date('2024-01-01'),
|
||||
updatedAt: new Date('2024-01-01'),
|
||||
...overrides,
|
||||
}
|
||||
}
|
||||
|
||||
function callGet(
|
||||
query: Record<string, string>,
|
||||
{ tableId }: { tableId: string } = { tableId: 'tbl_1' }
|
||||
) {
|
||||
const params = new URLSearchParams(query)
|
||||
const req = new NextRequest(`http://localhost:3000/api/table/${tableId}/rows/find?${params}`, {
|
||||
method: 'GET',
|
||||
})
|
||||
return GET(req, { params: Promise.resolve({ tableId }) })
|
||||
}
|
||||
|
||||
describe('GET /api/table/[tableId]/rows/find', () => {
|
||||
beforeEach(() => {
|
||||
vi.clearAllMocks()
|
||||
hybridAuthMockFns.mockCheckSessionOrInternalAuth.mockResolvedValue({
|
||||
success: true,
|
||||
userId: 'user-1',
|
||||
authType: 'session',
|
||||
})
|
||||
mockCheckAccess.mockResolvedValue({ ok: true, table: buildTable() })
|
||||
mockFindRowMatches.mockResolvedValue({
|
||||
matches: [{ ordinal: 4, rowId: 'row_4', column: 'name' }],
|
||||
truncated: false,
|
||||
})
|
||||
})
|
||||
|
||||
it('returns 401 when unauthenticated', async () => {
|
||||
hybridAuthMockFns.mockCheckSessionOrInternalAuth.mockResolvedValueOnce({
|
||||
success: false,
|
||||
error: 'Authentication required',
|
||||
})
|
||||
const res = await callGet({ workspaceId: 'workspace-1', q: 'foo' })
|
||||
expect(res.status).toBe(401)
|
||||
expect(mockFindRowMatches).not.toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('returns 400 when q is missing', async () => {
|
||||
const res = await callGet({ workspaceId: 'workspace-1' })
|
||||
expect(res.status).toBe(400)
|
||||
expect(mockFindRowMatches).not.toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('returns 400 on a workspace mismatch', async () => {
|
||||
const res = await callGet({ workspaceId: 'other-ws', q: 'foo' })
|
||||
expect(res.status).toBe(400)
|
||||
expect(mockFindRowMatches).not.toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('returns 400 on invalid filter JSON', async () => {
|
||||
const res = await callGet({ workspaceId: 'workspace-1', q: 'foo', filter: '{not json' })
|
||||
expect(res.status).toBe(400)
|
||||
})
|
||||
|
||||
it('returns matches and forwards q/filter/sort to the service', async () => {
|
||||
const res = await callGet({
|
||||
workspaceId: 'workspace-1',
|
||||
q: 'alice',
|
||||
filter: JSON.stringify({ name: { $contains: 'a' } }),
|
||||
sort: JSON.stringify({ name: 'asc' }),
|
||||
})
|
||||
expect(res.status).toBe(200)
|
||||
const body = await res.json()
|
||||
expect(body).toEqual({
|
||||
success: true,
|
||||
data: { matches: [{ ordinal: 4, rowId: 'row_4', column: 'name' }], truncated: false },
|
||||
})
|
||||
expect(mockFindRowMatches).toHaveBeenCalledWith(
|
||||
expect.objectContaining({ id: 'tbl_1' }),
|
||||
{ q: 'alice', filter: { name: { $contains: 'a' } }, sort: { name: 'asc' } },
|
||||
expect.any(String)
|
||||
)
|
||||
})
|
||||
|
||||
it('maps a TableQueryValidationError to 400', async () => {
|
||||
const { TableQueryValidationError } = await import('@/lib/table/sql')
|
||||
mockFindRowMatches.mockRejectedValueOnce(new TableQueryValidationError('Invalid field name'))
|
||||
const res = await callGet({ workspaceId: 'workspace-1', q: 'foo' })
|
||||
expect(res.status).toBe(400)
|
||||
const body = await res.json()
|
||||
expect(body.error).toBe('Invalid field name')
|
||||
})
|
||||
|
||||
it('returns 404 when the table is not accessible', async () => {
|
||||
mockCheckAccess.mockResolvedValueOnce({ ok: false, status: 404 })
|
||||
const res = await callGet({ workspaceId: 'workspace-1', q: 'foo' })
|
||||
expect(res.status).toBe(404)
|
||||
})
|
||||
})
|
||||
@@ -0,0 +1,81 @@
|
||||
import { createLogger } from '@sim/logger'
|
||||
import { type NextRequest, NextResponse } from 'next/server'
|
||||
import { findTableRowsQuerySchema } from '@/lib/api/contracts/tables'
|
||||
import { isZodError, validationErrorResponse } from '@/lib/api/server/validation'
|
||||
import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
|
||||
import { generateRequestId } from '@/lib/core/utils/request'
|
||||
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
|
||||
import type { Sort } from '@/lib/table'
|
||||
import { findRowMatches } from '@/lib/table/rows/service'
|
||||
import { TableQueryValidationError } from '@/lib/table/sql'
|
||||
import { accessError, checkAccess } from '@/app/api/table/utils'
|
||||
|
||||
const logger = createLogger('TableRowsFindAPI')
|
||||
|
||||
interface TableRowsFindRouteParams {
|
||||
params: Promise<{ tableId: string }>
|
||||
}
|
||||
|
||||
/** GET /api/table/[tableId]/rows/find - Case-insensitive substring search across all cells. */
|
||||
export const GET = withRouteHandler(
|
||||
async (request: NextRequest, { params }: TableRowsFindRouteParams) => {
|
||||
const requestId = generateRequestId()
|
||||
const { tableId } = await params
|
||||
|
||||
try {
|
||||
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
|
||||
if (!authResult.success || !authResult.userId) {
|
||||
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
|
||||
}
|
||||
|
||||
const { searchParams } = new URL(request.url)
|
||||
const workspaceId = searchParams.get('workspaceId')
|
||||
const q = searchParams.get('q')
|
||||
const filterParam = searchParams.get('filter')
|
||||
const sortParam = searchParams.get('sort')
|
||||
|
||||
let filter: Record<string, unknown> | undefined
|
||||
let sort: Sort | undefined
|
||||
|
||||
try {
|
||||
if (filterParam) filter = JSON.parse(filterParam) as Record<string, unknown>
|
||||
if (sortParam) sort = JSON.parse(sortParam) as Sort
|
||||
} catch {
|
||||
return NextResponse.json({ error: 'Invalid filter or sort JSON' }, { status: 400 })
|
||||
}
|
||||
|
||||
const validated = findTableRowsQuerySchema.parse({ workspaceId, q, filter, sort })
|
||||
|
||||
const accessResult = await checkAccess(tableId, authResult.userId, 'read')
|
||||
if (!accessResult.ok) return accessError(accessResult, requestId, tableId)
|
||||
|
||||
const { table } = accessResult
|
||||
|
||||
if (validated.workspaceId !== table.workspaceId) {
|
||||
logger.warn(
|
||||
`[${requestId}] Workspace ID mismatch for table ${tableId}. Provided: ${validated.workspaceId}, Actual: ${table.workspaceId}`
|
||||
)
|
||||
return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
|
||||
}
|
||||
|
||||
const { matches, truncated } = await findRowMatches(
|
||||
table,
|
||||
{ q: validated.q, filter: validated.filter, sort: validated.sort },
|
||||
requestId
|
||||
)
|
||||
|
||||
return NextResponse.json({ success: true, data: { matches, truncated } })
|
||||
} catch (error) {
|
||||
if (isZodError(error)) {
|
||||
return validationErrorResponse(error)
|
||||
}
|
||||
|
||||
if (error instanceof TableQueryValidationError) {
|
||||
return NextResponse.json({ error: error.message }, { status: 400 })
|
||||
}
|
||||
|
||||
logger.error(`[${requestId}] Error finding rows:`, error)
|
||||
return NextResponse.json({ error: 'Failed to find rows' }, { status: 500 })
|
||||
}
|
||||
}
|
||||
)
|
||||
@@ -0,0 +1,220 @@
|
||||
/**
|
||||
* @vitest-environment node
|
||||
*/
|
||||
import { hybridAuthMockFns } from '@sim/testing'
|
||||
import { NextRequest } from 'next/server'
|
||||
import { beforeEach, describe, expect, it, vi } from 'vitest'
|
||||
import type { TableDefinition } from '@/lib/table'
|
||||
|
||||
const { mockCheckAccess, mockInsertRow, mockValidateRowData, mockQueryRows } = vi.hoisted(() => ({
|
||||
mockCheckAccess: vi.fn(),
|
||||
mockInsertRow: vi.fn(),
|
||||
mockValidateRowData: vi.fn(),
|
||||
mockQueryRows: vi.fn(),
|
||||
}))
|
||||
|
||||
vi.mock('@/app/api/table/utils', async () => {
|
||||
const { NextResponse } = await import('next/server')
|
||||
return {
|
||||
checkAccess: mockCheckAccess,
|
||||
accessError: (result: { status: number }) =>
|
||||
NextResponse.json({ error: 'Access denied' }, { status: result.status }),
|
||||
}
|
||||
})
|
||||
|
||||
vi.mock('@/lib/table', async () => {
|
||||
// Real column-keys translation functions; the row-wire helper under test
|
||||
// imports them from this barrel.
|
||||
const columnKeys = await import('@/lib/table/column-keys')
|
||||
return {
|
||||
...columnKeys,
|
||||
insertRow: mockInsertRow,
|
||||
batchInsertRows: vi.fn(),
|
||||
batchUpdateRows: vi.fn(),
|
||||
deleteRowsByFilter: vi.fn(),
|
||||
deleteRowsByIds: vi.fn(),
|
||||
updateRowsByFilter: vi.fn(),
|
||||
validateBatchRows: vi.fn(),
|
||||
validateRowData: mockValidateRowData,
|
||||
validateRowSize: vi.fn(() => ({ valid: true })),
|
||||
}
|
||||
})
|
||||
|
||||
vi.mock('@/lib/table/rows/service', () => ({
|
||||
queryRows: mockQueryRows,
|
||||
}))
|
||||
|
||||
vi.mock('@/lib/table/sql', () => ({
|
||||
TableQueryValidationError: class TableQueryValidationError extends Error {},
|
||||
}))
|
||||
|
||||
import { GET, POST } from '@/app/api/table/[tableId]/rows/route'
|
||||
|
||||
function buildTable(): TableDefinition {
|
||||
return {
|
||||
id: 'tbl_1',
|
||||
name: 'People',
|
||||
description: null,
|
||||
schema: {
|
||||
columns: [
|
||||
{ id: 'col_aaa', name: 'Name', type: 'string' },
|
||||
{ id: 'col_bbb', name: 'Age', type: 'number' },
|
||||
],
|
||||
},
|
||||
metadata: null,
|
||||
rowCount: 0,
|
||||
maxRows: 100,
|
||||
workspaceId: 'workspace-1',
|
||||
createdBy: 'user-1',
|
||||
archivedAt: null,
|
||||
createdAt: new Date('2024-01-01'),
|
||||
updatedAt: new Date('2024-01-01'),
|
||||
}
|
||||
}
|
||||
|
||||
function authAs(authType: 'session' | 'internal_jwt') {
|
||||
hybridAuthMockFns.mockCheckSessionOrInternalAuth.mockResolvedValue({
|
||||
success: true,
|
||||
userId: 'user-1',
|
||||
authType,
|
||||
})
|
||||
}
|
||||
|
||||
function callPost(body: Record<string, unknown>) {
|
||||
const req = new NextRequest('http://localhost:3000/api/table/tbl_1/rows', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify(body),
|
||||
})
|
||||
return POST(req, { params: Promise.resolve({ tableId: 'tbl_1' }) })
|
||||
}
|
||||
|
||||
function callGet(query: Record<string, string>) {
|
||||
const params = new URLSearchParams(query)
|
||||
const req = new NextRequest(`http://localhost:3000/api/table/tbl_1/rows?${params}`, {
|
||||
method: 'GET',
|
||||
})
|
||||
return GET(req, { params: Promise.resolve({ tableId: 'tbl_1' }) })
|
||||
}
|
||||
|
||||
describe('POST /api/table/[tableId]/rows', () => {
|
||||
beforeEach(() => {
|
||||
vi.clearAllMocks()
|
||||
mockCheckAccess.mockResolvedValue({ ok: true, table: buildTable() })
|
||||
mockValidateRowData.mockResolvedValue({ valid: true })
|
||||
mockInsertRow.mockResolvedValue({
|
||||
id: 'row_1',
|
||||
data: { col_aaa: 'Ada', col_bbb: 36 },
|
||||
position: 1,
|
||||
orderKey: 'a0',
|
||||
createdAt: new Date('2024-01-01'),
|
||||
updatedAt: new Date('2024-01-01'),
|
||||
})
|
||||
})
|
||||
|
||||
it('translates name-keyed data to column ids for internal-JWT (workflow tool) callers', async () => {
|
||||
authAs('internal_jwt')
|
||||
|
||||
const res = await callPost({
|
||||
workspaceId: 'workspace-1',
|
||||
data: { Name: 'Ada', Age: 36 },
|
||||
})
|
||||
|
||||
expect(res.status).toBe(200)
|
||||
expect(mockValidateRowData).toHaveBeenCalledWith(
|
||||
expect.objectContaining({ rowData: { col_aaa: 'Ada', col_bbb: 36 } })
|
||||
)
|
||||
expect(mockInsertRow).toHaveBeenCalledWith(
|
||||
expect.objectContaining({ data: { col_aaa: 'Ada', col_bbb: 36 } }),
|
||||
expect.anything(),
|
||||
expect.any(String)
|
||||
)
|
||||
|
||||
const body = await res.json()
|
||||
expect(body.data.row.data).toEqual({ Name: 'Ada', Age: 36 })
|
||||
})
|
||||
|
||||
it('passes id-keyed data through untouched for session (UI) callers', async () => {
|
||||
authAs('session')
|
||||
|
||||
const res = await callPost({
|
||||
workspaceId: 'workspace-1',
|
||||
data: { col_aaa: 'Ada', col_bbb: 36 },
|
||||
})
|
||||
|
||||
expect(res.status).toBe(200)
|
||||
expect(mockInsertRow).toHaveBeenCalledWith(
|
||||
expect.objectContaining({ data: { col_aaa: 'Ada', col_bbb: 36 } }),
|
||||
expect.anything(),
|
||||
expect.any(String)
|
||||
)
|
||||
|
||||
const body = await res.json()
|
||||
expect(body.data.row.data).toEqual({ col_aaa: 'Ada', col_bbb: 36 })
|
||||
})
|
||||
})
|
||||
|
||||
describe('GET /api/table/[tableId]/rows', () => {
|
||||
beforeEach(() => {
|
||||
vi.clearAllMocks()
|
||||
mockCheckAccess.mockResolvedValue({ ok: true, table: buildTable() })
|
||||
mockQueryRows.mockResolvedValue({
|
||||
rows: [
|
||||
{
|
||||
id: 'row_1',
|
||||
data: { col_aaa: 'Ada', col_bbb: 36 },
|
||||
position: 1,
|
||||
orderKey: 'a0',
|
||||
createdAt: new Date('2024-01-01'),
|
||||
updatedAt: new Date('2024-01-01'),
|
||||
},
|
||||
],
|
||||
rowCount: 1,
|
||||
totalCount: 1,
|
||||
limit: 100,
|
||||
offset: 0,
|
||||
})
|
||||
})
|
||||
|
||||
it('translates name-keyed filter/sort and returns name-keyed rows for internal-JWT callers', async () => {
|
||||
authAs('internal_jwt')
|
||||
|
||||
const res = await callGet({
|
||||
workspaceId: 'workspace-1',
|
||||
filter: JSON.stringify({ Name: { $eq: 'Ada' } }),
|
||||
sort: JSON.stringify({ Age: 'desc' }),
|
||||
})
|
||||
|
||||
expect(res.status).toBe(200)
|
||||
expect(mockQueryRows).toHaveBeenCalledWith(
|
||||
expect.objectContaining({ id: 'tbl_1' }),
|
||||
expect.objectContaining({
|
||||
filter: { col_aaa: { $eq: 'Ada' } },
|
||||
sort: { col_bbb: 'desc' },
|
||||
}),
|
||||
expect.any(String)
|
||||
)
|
||||
|
||||
const body = await res.json()
|
||||
expect(body.data.rows[0].data).toEqual({ Name: 'Ada', Age: 36 })
|
||||
})
|
||||
|
||||
it('passes id-keyed filter and rows through untouched for session callers', async () => {
|
||||
authAs('session')
|
||||
|
||||
const res = await callGet({
|
||||
workspaceId: 'workspace-1',
|
||||
filter: JSON.stringify({ col_aaa: { $eq: 'Ada' } }),
|
||||
})
|
||||
|
||||
expect(res.status).toBe(200)
|
||||
expect(mockQueryRows).toHaveBeenCalledWith(
|
||||
expect.objectContaining({ id: 'tbl_1' }),
|
||||
expect.objectContaining({ filter: { col_aaa: { $eq: 'Ada' } } }),
|
||||
expect.any(String)
|
||||
)
|
||||
|
||||
const body = await res.json()
|
||||
expect(body.data.rows[0].data).toEqual({ col_aaa: 'Ada', col_bbb: 36 })
|
||||
})
|
||||
})
|
||||
@@ -0,0 +1,558 @@
|
||||
import { createLogger } from '@sim/logger'
|
||||
import { type NextRequest, NextResponse } from 'next/server'
|
||||
import {
|
||||
type BatchInsertTableRowsBodyInput,
|
||||
batchUpdateTableRowsBodySchema,
|
||||
deleteTableRowsBodySchema,
|
||||
insertTableRowsContract,
|
||||
tableRowsQuerySchema,
|
||||
updateRowsByFilterBodySchema,
|
||||
} from '@/lib/api/contracts/tables'
|
||||
import { parseRequest } from '@/lib/api/server'
|
||||
import { isZodError, validationErrorResponse } from '@/lib/api/server/validation'
|
||||
import { type AuthTypeValue, checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
|
||||
import { generateRequestId } from '@/lib/core/utils/request'
|
||||
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
|
||||
import type { Filter, RowData, Sort, TableRowsCursor, TableSchema } from '@/lib/table'
|
||||
import {
|
||||
batchInsertRows,
|
||||
batchUpdateRows,
|
||||
deleteRowsByFilter,
|
||||
deleteRowsByIds,
|
||||
insertRow,
|
||||
updateRowsByFilter,
|
||||
validateBatchRows,
|
||||
validateRowData,
|
||||
validateRowSize,
|
||||
} from '@/lib/table'
|
||||
import { queryRows } from '@/lib/table/rows/service'
|
||||
import { TableQueryValidationError } from '@/lib/table/sql'
|
||||
import { rowWireTranslators } from '@/app/api/table/row-wire'
|
||||
import { accessError, checkAccess, rowWriteErrorResponse } from '@/app/api/table/utils'
|
||||
|
||||
const logger = createLogger('TableRowsAPI')
|
||||
|
||||
interface TableRowsRouteParams {
|
||||
params: Promise<{ tableId: string }>
|
||||
}
|
||||
|
||||
async function handleBatchInsert(
|
||||
requestId: string,
|
||||
tableId: string,
|
||||
validated: BatchInsertTableRowsBodyInput,
|
||||
userId: string,
|
||||
authType: AuthTypeValue | undefined
|
||||
): Promise<NextResponse> {
|
||||
const accessResult = await checkAccess(tableId, userId, 'write')
|
||||
if (!accessResult.ok) return accessError(accessResult, requestId, tableId)
|
||||
|
||||
const { table } = accessResult
|
||||
|
||||
if (validated.workspaceId !== table.workspaceId) {
|
||||
logger.warn(
|
||||
`[${requestId}] Workspace ID mismatch for table ${tableId}. Provided: ${validated.workspaceId}, Actual: ${table.workspaceId}`
|
||||
)
|
||||
return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
|
||||
}
|
||||
|
||||
const wire = rowWireTranslators(authType, table.schema as TableSchema)
|
||||
const rows = (validated.rows as RowData[]).map((row) => wire.dataIn(row))
|
||||
|
||||
// Validate rows before calling service (service also validates, but route-level
|
||||
// validation returns structured HTTP responses)
|
||||
const validation = await validateBatchRows({
|
||||
rows,
|
||||
schema: table.schema as TableSchema,
|
||||
tableId,
|
||||
})
|
||||
if (!validation.valid) return validation.response
|
||||
|
||||
try {
|
||||
const insertedRows = await batchInsertRows(
|
||||
{
|
||||
tableId,
|
||||
rows,
|
||||
workspaceId: validated.workspaceId,
|
||||
userId,
|
||||
orderKeys: validated.orderKeys,
|
||||
},
|
||||
table,
|
||||
requestId
|
||||
)
|
||||
|
||||
return NextResponse.json({
|
||||
success: true,
|
||||
data: {
|
||||
rows: insertedRows.map((r) => ({
|
||||
id: r.id,
|
||||
data: wire.dataOut(r.data),
|
||||
position: r.position,
|
||||
orderKey: r.orderKey ?? undefined,
|
||||
createdAt: r.createdAt instanceof Date ? r.createdAt.toISOString() : r.createdAt,
|
||||
updatedAt: r.updatedAt instanceof Date ? r.updatedAt.toISOString() : r.updatedAt,
|
||||
})),
|
||||
insertedCount: insertedRows.length,
|
||||
message: `Successfully inserted ${insertedRows.length} rows`,
|
||||
},
|
||||
})
|
||||
} catch (error) {
|
||||
const response = rowWriteErrorResponse(error)
|
||||
if (response) return response
|
||||
|
||||
logger.error(`[${requestId}] Error batch inserting rows:`, error)
|
||||
return NextResponse.json({ error: 'Failed to insert rows' }, { status: 500 })
|
||||
}
|
||||
}
|
||||
|
||||
/** POST /api/table/[tableId]/rows - Inserts row(s). Supports single or batch insert. */
|
||||
export const POST = withRouteHandler(
|
||||
async (request: NextRequest, context: TableRowsRouteParams) => {
|
||||
const requestId = generateRequestId()
|
||||
|
||||
try {
|
||||
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
|
||||
if (!authResult.success || !authResult.userId) {
|
||||
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
|
||||
}
|
||||
|
||||
const parsed = await parseRequest(insertTableRowsContract, request, context)
|
||||
if (!parsed.success) return parsed.response
|
||||
|
||||
const { tableId } = parsed.data.params
|
||||
const body = parsed.data.body
|
||||
|
||||
if ('rows' in body) {
|
||||
return handleBatchInsert(requestId, tableId, body, authResult.userId, authResult.authType)
|
||||
}
|
||||
|
||||
const validated = body
|
||||
|
||||
const accessResult = await checkAccess(tableId, authResult.userId, 'write')
|
||||
if (!accessResult.ok) return accessError(accessResult, requestId, tableId)
|
||||
|
||||
const { table } = accessResult
|
||||
|
||||
if (validated.workspaceId !== table.workspaceId) {
|
||||
logger.warn(
|
||||
`[${requestId}] Workspace ID mismatch for table ${tableId}. Provided: ${validated.workspaceId}, Actual: ${table.workspaceId}`
|
||||
)
|
||||
return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
|
||||
}
|
||||
|
||||
const wire = rowWireTranslators(authResult.authType, table.schema as TableSchema)
|
||||
const rowData = wire.dataIn(validated.data as RowData)
|
||||
|
||||
// Validate at route level for structured HTTP error responses
|
||||
const validation = await validateRowData({
|
||||
rowData,
|
||||
schema: table.schema as TableSchema,
|
||||
tableId,
|
||||
})
|
||||
if (!validation.valid) return validation.response
|
||||
|
||||
// Service handles atomic capacity check + insert in a transaction
|
||||
const row = await insertRow(
|
||||
{
|
||||
tableId,
|
||||
data: rowData,
|
||||
workspaceId: validated.workspaceId,
|
||||
userId: authResult.userId,
|
||||
position: validated.position,
|
||||
afterRowId: validated.afterRowId,
|
||||
beforeRowId: validated.beforeRowId,
|
||||
},
|
||||
table,
|
||||
requestId
|
||||
)
|
||||
|
||||
return NextResponse.json({
|
||||
success: true,
|
||||
data: {
|
||||
row: {
|
||||
id: row.id,
|
||||
data: wire.dataOut(row.data),
|
||||
position: row.position,
|
||||
orderKey: row.orderKey ?? undefined,
|
||||
createdAt: row.createdAt instanceof Date ? row.createdAt.toISOString() : row.createdAt,
|
||||
updatedAt: row.updatedAt instanceof Date ? row.updatedAt.toISOString() : row.updatedAt,
|
||||
},
|
||||
|
||||
message: 'Row inserted successfully',
|
||||
},
|
||||
})
|
||||
} catch (error) {
|
||||
if (isZodError(error)) {
|
||||
return validationErrorResponse(error)
|
||||
}
|
||||
|
||||
const response = rowWriteErrorResponse(error)
|
||||
if (response) return response
|
||||
|
||||
logger.error(`[${requestId}] Error inserting row:`, error)
|
||||
return NextResponse.json({ error: 'Failed to insert row' }, { status: 500 })
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
/** GET /api/table/[tableId]/rows - Queries rows with filtering, sorting, and pagination. */
|
||||
export const GET = withRouteHandler(
|
||||
async (request: NextRequest, { params }: TableRowsRouteParams) => {
|
||||
const requestId = generateRequestId()
|
||||
const { tableId } = await params
|
||||
|
||||
try {
|
||||
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
|
||||
if (!authResult.success || !authResult.userId) {
|
||||
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
|
||||
}
|
||||
|
||||
const { searchParams } = new URL(request.url)
|
||||
const workspaceId = searchParams.get('workspaceId')
|
||||
const filterParam = searchParams.get('filter')
|
||||
const sortParam = searchParams.get('sort')
|
||||
const afterParam = searchParams.get('after')
|
||||
const limit = searchParams.get('limit')
|
||||
const offset = searchParams.get('offset')
|
||||
const includeTotalParam = searchParams.get('includeTotal')
|
||||
|
||||
let filter: Record<string, unknown> | undefined
|
||||
let sort: Sort | undefined
|
||||
let after: TableRowsCursor | undefined
|
||||
|
||||
try {
|
||||
if (filterParam) {
|
||||
filter = JSON.parse(filterParam) as Record<string, unknown>
|
||||
}
|
||||
if (sortParam) {
|
||||
sort = JSON.parse(sortParam) as Sort
|
||||
}
|
||||
if (afterParam) {
|
||||
after = JSON.parse(afterParam) as TableRowsCursor
|
||||
}
|
||||
} catch {
|
||||
return NextResponse.json({ error: 'Invalid filter, sort, or after JSON' }, { status: 400 })
|
||||
}
|
||||
|
||||
const validated = tableRowsQuerySchema.parse({
|
||||
workspaceId,
|
||||
filter,
|
||||
sort,
|
||||
after,
|
||||
limit,
|
||||
offset,
|
||||
includeTotal: includeTotalParam,
|
||||
})
|
||||
|
||||
const accessResult = await checkAccess(tableId, authResult.userId, 'read')
|
||||
if (!accessResult.ok) return accessError(accessResult, requestId, tableId)
|
||||
|
||||
const { table } = accessResult
|
||||
|
||||
if (validated.workspaceId !== table.workspaceId) {
|
||||
logger.warn(
|
||||
`[${requestId}] Workspace ID mismatch for table ${tableId}. Provided: ${validated.workspaceId}, Actual: ${table.workspaceId}`
|
||||
)
|
||||
return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
|
||||
}
|
||||
|
||||
const wire = rowWireTranslators(authResult.authType, table.schema as TableSchema)
|
||||
const result = await queryRows(
|
||||
table,
|
||||
{
|
||||
filter: validated.filter ? wire.filterIn(validated.filter as Filter) : undefined,
|
||||
sort: validated.sort ? wire.sortIn(validated.sort) : undefined,
|
||||
limit: validated.limit,
|
||||
offset: validated.offset,
|
||||
after: validated.after,
|
||||
includeTotal: validated.includeTotal,
|
||||
},
|
||||
requestId
|
||||
)
|
||||
|
||||
return NextResponse.json({
|
||||
success: true,
|
||||
data: {
|
||||
rows: result.rows.map((r) => ({
|
||||
id: r.id,
|
||||
data: wire.dataOut(r.data),
|
||||
executions: r.executions,
|
||||
position: r.position,
|
||||
orderKey: r.orderKey ?? undefined,
|
||||
createdAt:
|
||||
r.createdAt instanceof Date ? r.createdAt.toISOString() : String(r.createdAt),
|
||||
updatedAt:
|
||||
r.updatedAt instanceof Date ? r.updatedAt.toISOString() : String(r.updatedAt),
|
||||
})),
|
||||
rowCount: result.rowCount,
|
||||
totalCount: result.totalCount,
|
||||
limit: result.limit,
|
||||
offset: result.offset,
|
||||
},
|
||||
})
|
||||
} catch (error) {
|
||||
if (isZodError(error)) {
|
||||
return validationErrorResponse(error)
|
||||
}
|
||||
|
||||
if (error instanceof TableQueryValidationError) {
|
||||
return NextResponse.json({ error: error.message }, { status: 400 })
|
||||
}
|
||||
|
||||
logger.error(`[${requestId}] Error querying rows:`, error)
|
||||
return NextResponse.json({ error: 'Failed to query rows' }, { status: 500 })
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
/** PUT /api/table/[tableId]/rows - Updates rows matching filter criteria. */
|
||||
export const PUT = withRouteHandler(
|
||||
async (request: NextRequest, { params }: TableRowsRouteParams) => {
|
||||
const requestId = generateRequestId()
|
||||
const { tableId } = await params
|
||||
|
||||
try {
|
||||
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
|
||||
if (!authResult.success || !authResult.userId) {
|
||||
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
|
||||
}
|
||||
|
||||
let body: unknown
|
||||
try {
|
||||
body = await request.json()
|
||||
} catch {
|
||||
return NextResponse.json({ error: 'Request body must be valid JSON' }, { status: 400 })
|
||||
}
|
||||
|
||||
const validated = updateRowsByFilterBodySchema.parse(body)
|
||||
|
||||
const accessResult = await checkAccess(tableId, authResult.userId, 'write')
|
||||
if (!accessResult.ok) return accessError(accessResult, requestId, tableId)
|
||||
|
||||
const { table } = accessResult
|
||||
|
||||
if (validated.workspaceId !== table.workspaceId) {
|
||||
logger.warn(
|
||||
`[${requestId}] Workspace ID mismatch for table ${tableId}. Provided: ${validated.workspaceId}, Actual: ${table.workspaceId}`
|
||||
)
|
||||
return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
|
||||
}
|
||||
|
||||
const wire = rowWireTranslators(authResult.authType, table.schema as TableSchema)
|
||||
const patchData = wire.dataIn(validated.data as RowData)
|
||||
|
||||
const sizeValidation = validateRowSize(patchData)
|
||||
if (!sizeValidation.valid) {
|
||||
return NextResponse.json(
|
||||
{ error: 'Invalid row data', details: sizeValidation.errors },
|
||||
{ status: 400 }
|
||||
)
|
||||
}
|
||||
|
||||
const result = await updateRowsByFilter(
|
||||
table,
|
||||
{
|
||||
filter: wire.filterIn(validated.filter as Filter),
|
||||
data: patchData,
|
||||
limit: validated.limit,
|
||||
actorUserId: authResult.userId,
|
||||
},
|
||||
requestId
|
||||
)
|
||||
|
||||
if (result.affectedCount === 0) {
|
||||
return NextResponse.json(
|
||||
{
|
||||
success: true,
|
||||
data: {
|
||||
message: 'No rows matched the filter criteria',
|
||||
updatedCount: 0,
|
||||
},
|
||||
},
|
||||
{ status: 200 }
|
||||
)
|
||||
}
|
||||
|
||||
return NextResponse.json({
|
||||
success: true,
|
||||
data: {
|
||||
message: 'Rows updated successfully',
|
||||
updatedCount: result.affectedCount,
|
||||
updatedRowIds: result.affectedRowIds,
|
||||
},
|
||||
})
|
||||
} catch (error) {
|
||||
if (isZodError(error)) {
|
||||
return validationErrorResponse(error)
|
||||
}
|
||||
|
||||
if (error instanceof TableQueryValidationError) {
|
||||
return NextResponse.json({ error: error.message }, { status: 400 })
|
||||
}
|
||||
|
||||
const response = rowWriteErrorResponse(error)
|
||||
if (response) return response
|
||||
|
||||
logger.error(`[${requestId}] Error updating rows by filter:`, error)
|
||||
return NextResponse.json({ error: 'Failed to update rows' }, { status: 500 })
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
/** DELETE /api/table/[tableId]/rows - Deletes rows matching filter criteria or by IDs. */
|
||||
export const DELETE = withRouteHandler(
|
||||
async (request: NextRequest, { params }: TableRowsRouteParams) => {
|
||||
const requestId = generateRequestId()
|
||||
const { tableId } = await params
|
||||
|
||||
try {
|
||||
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
|
||||
if (!authResult.success || !authResult.userId) {
|
||||
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
|
||||
}
|
||||
|
||||
let body: unknown
|
||||
try {
|
||||
body = await request.json()
|
||||
} catch {
|
||||
return NextResponse.json({ error: 'Request body must be valid JSON' }, { status: 400 })
|
||||
}
|
||||
|
||||
const validated = deleteTableRowsBodySchema.parse(body)
|
||||
|
||||
const accessResult = await checkAccess(tableId, authResult.userId, 'write')
|
||||
if (!accessResult.ok) return accessError(accessResult, requestId, tableId)
|
||||
|
||||
const { table } = accessResult
|
||||
|
||||
if (validated.workspaceId !== table.workspaceId) {
|
||||
logger.warn(
|
||||
`[${requestId}] Workspace ID mismatch for table ${tableId}. Provided: ${validated.workspaceId}, Actual: ${table.workspaceId}`
|
||||
)
|
||||
return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
|
||||
}
|
||||
|
||||
if (validated.rowIds) {
|
||||
const result = await deleteRowsByIds(
|
||||
{ tableId, rowIds: validated.rowIds, workspaceId: validated.workspaceId },
|
||||
requestId
|
||||
)
|
||||
|
||||
return NextResponse.json({
|
||||
success: true,
|
||||
data: {
|
||||
message:
|
||||
result.deletedCount === 0
|
||||
? 'No matching rows found for the provided IDs'
|
||||
: 'Rows deleted successfully',
|
||||
deletedCount: result.deletedCount,
|
||||
deletedRowIds: result.deletedRowIds,
|
||||
requestedCount: result.requestedCount,
|
||||
...(result.missingRowIds.length > 0 ? { missingRowIds: result.missingRowIds } : {}),
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
const wire = rowWireTranslators(authResult.authType, table.schema as TableSchema)
|
||||
const result = await deleteRowsByFilter(
|
||||
table,
|
||||
{
|
||||
filter: wire.filterIn(validated.filter as Filter),
|
||||
limit: validated.limit,
|
||||
},
|
||||
requestId
|
||||
)
|
||||
|
||||
return NextResponse.json({
|
||||
success: true,
|
||||
data: {
|
||||
message:
|
||||
result.affectedCount === 0
|
||||
? 'No rows matched the filter criteria'
|
||||
: 'Rows deleted successfully',
|
||||
deletedCount: result.affectedCount,
|
||||
deletedRowIds: result.affectedRowIds,
|
||||
},
|
||||
})
|
||||
} catch (error) {
|
||||
if (isZodError(error)) {
|
||||
return validationErrorResponse(error)
|
||||
}
|
||||
|
||||
if (error instanceof TableQueryValidationError) {
|
||||
return NextResponse.json({ error: error.message }, { status: 400 })
|
||||
}
|
||||
|
||||
const response = rowWriteErrorResponse(error)
|
||||
if (response) return response
|
||||
|
||||
logger.error(`[${requestId}] Error deleting rows:`, error)
|
||||
return NextResponse.json({ error: 'Failed to delete rows' }, { status: 500 })
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
/** PATCH /api/table/[tableId]/rows - Batch updates rows by ID. */
|
||||
export const PATCH = withRouteHandler(
|
||||
async (request: NextRequest, { params }: TableRowsRouteParams) => {
|
||||
const requestId = generateRequestId()
|
||||
const { tableId } = await params
|
||||
|
||||
try {
|
||||
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
|
||||
if (!authResult.success || !authResult.userId) {
|
||||
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
|
||||
}
|
||||
|
||||
let body: unknown
|
||||
try {
|
||||
body = await request.json()
|
||||
} catch {
|
||||
return NextResponse.json({ error: 'Request body must be valid JSON' }, { status: 400 })
|
||||
}
|
||||
|
||||
const validated = batchUpdateTableRowsBodySchema.parse(body)
|
||||
|
||||
const accessResult = await checkAccess(tableId, authResult.userId, 'write')
|
||||
if (!accessResult.ok) return accessError(accessResult, requestId, tableId)
|
||||
|
||||
const { table } = accessResult
|
||||
|
||||
if (validated.workspaceId !== table.workspaceId) {
|
||||
logger.warn(
|
||||
`[${requestId}] Workspace ID mismatch for table ${tableId}. Provided: ${validated.workspaceId}, Actual: ${table.workspaceId}`
|
||||
)
|
||||
return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
|
||||
}
|
||||
|
||||
const result = await batchUpdateRows(
|
||||
{
|
||||
tableId,
|
||||
updates: validated.updates as Array<{ rowId: string; data: RowData }>,
|
||||
workspaceId: validated.workspaceId,
|
||||
actorUserId: authResult.userId,
|
||||
},
|
||||
table,
|
||||
requestId
|
||||
)
|
||||
|
||||
return NextResponse.json({
|
||||
success: true,
|
||||
data: {
|
||||
message: 'Rows updated successfully',
|
||||
updatedCount: result.affectedCount,
|
||||
updatedRowIds: result.affectedRowIds,
|
||||
},
|
||||
})
|
||||
} catch (error) {
|
||||
if (isZodError(error)) {
|
||||
return validationErrorResponse(error)
|
||||
}
|
||||
|
||||
const response = rowWriteErrorResponse(error)
|
||||
if (response) return response
|
||||
|
||||
logger.error(`[${requestId}] Error batch updating rows:`, error)
|
||||
return NextResponse.json({ error: 'Failed to update rows' }, { status: 500 })
|
||||
}
|
||||
}
|
||||
)
|
||||
@@ -0,0 +1,88 @@
|
||||
import { createLogger } from '@sim/logger'
|
||||
import { type NextRequest, NextResponse } from 'next/server'
|
||||
import { upsertTableRowContract } from '@/lib/api/contracts/tables'
|
||||
import { parseRequest } from '@/lib/api/server'
|
||||
import { isZodError, validationErrorResponse } from '@/lib/api/server/validation'
|
||||
import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
|
||||
import { generateRequestId } from '@/lib/core/utils/request'
|
||||
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
|
||||
import type { RowData, TableSchema } from '@/lib/table'
|
||||
import { upsertRow } from '@/lib/table'
|
||||
import { rowWireTranslators } from '@/app/api/table/row-wire'
|
||||
import { accessError, checkAccess, rowWriteErrorResponse } from '@/app/api/table/utils'
|
||||
|
||||
const logger = createLogger('TableUpsertAPI')
|
||||
|
||||
interface UpsertRouteParams {
|
||||
params: Promise<{ tableId: string }>
|
||||
}
|
||||
|
||||
/** POST /api/table/[tableId]/rows/upsert - Inserts or updates based on unique columns. */
|
||||
export const POST = withRouteHandler(async (request: NextRequest, context: UpsertRouteParams) => {
|
||||
const requestId = generateRequestId()
|
||||
const { tableId } = await context.params
|
||||
|
||||
try {
|
||||
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
|
||||
if (!authResult.success || !authResult.userId) {
|
||||
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
|
||||
}
|
||||
|
||||
const validation = await parseRequest(upsertTableRowContract, request, context)
|
||||
if (!validation.success) return validation.response
|
||||
const validated = validation.data.body
|
||||
|
||||
const result = await checkAccess(tableId, authResult.userId, 'write')
|
||||
if (!result.ok) return accessError(result, requestId, tableId)
|
||||
|
||||
const { table } = result
|
||||
|
||||
if (table.workspaceId !== validated.workspaceId) {
|
||||
return NextResponse.json({ error: 'Invalid workspace ID' }, { status: 400 })
|
||||
}
|
||||
|
||||
const wire = rowWireTranslators(authResult.authType, table.schema as TableSchema)
|
||||
// conflictTarget passes through untranslated — upsertRow resolves it id-or-name.
|
||||
const upsertResult = await upsertRow(
|
||||
{
|
||||
tableId,
|
||||
workspaceId: validated.workspaceId,
|
||||
data: wire.dataIn(validated.data as RowData),
|
||||
userId: authResult.userId,
|
||||
conflictTarget: validated.conflictTarget,
|
||||
},
|
||||
table,
|
||||
requestId
|
||||
)
|
||||
|
||||
return NextResponse.json({
|
||||
success: true,
|
||||
data: {
|
||||
row: {
|
||||
id: upsertResult.row.id,
|
||||
data: wire.dataOut(upsertResult.row.data),
|
||||
createdAt:
|
||||
upsertResult.row.createdAt instanceof Date
|
||||
? upsertResult.row.createdAt.toISOString()
|
||||
: upsertResult.row.createdAt,
|
||||
updatedAt:
|
||||
upsertResult.row.updatedAt instanceof Date
|
||||
? upsertResult.row.updatedAt.toISOString()
|
||||
: upsertResult.row.updatedAt,
|
||||
},
|
||||
operation: upsertResult.operation,
|
||||
message: `Row ${upsertResult.operation === 'update' ? 'updated' : 'inserted'} successfully`,
|
||||
},
|
||||
})
|
||||
} catch (error) {
|
||||
if (isZodError(error)) {
|
||||
return validationErrorResponse(error)
|
||||
}
|
||||
|
||||
const response = rowWriteErrorResponse(error)
|
||||
if (response) return response
|
||||
|
||||
logger.error(`[${requestId}] Error upserting row:`, error)
|
||||
return NextResponse.json({ error: 'Failed to upsert row' }, { status: 500 })
|
||||
}
|
||||
})
|
||||
Reference in New Issue
Block a user