chore: import upstream snapshot with attribution
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
Publish CLI Package / publish-npm (push) Has been cancelled
Publish Python SDK / publish-pypi (push) Has been cancelled
Publish TypeScript SDK / publish-npm (push) Has been cancelled

This commit is contained in:
wehub-resource-sync
2026-07-13 13:20:55 +08:00
commit d25d482dc2
13754 changed files with 4996608 additions and 0 deletions
@@ -0,0 +1,178 @@
/**
* @vitest-environment node
*/
import {
createMockRequest,
hybridAuthMockFns,
inputValidationMock,
inputValidationMockFns,
} from '@sim/testing'
import { beforeEach, describe, expect, it, vi } from 'vitest'
import { MAX_FILE_SIZE } from '@/lib/uploads/utils/validation'
vi.mock('@/lib/core/security/input-validation.server', () => inputValidationMock)
import { PayloadSizeLimitError } from '@/lib/core/utils/stream-limits'
import { POST } from '@/app/api/tools/google_drive/download/route'
const { mockValidateUrlWithDNS, mockSecureFetchWithPinnedIP } = inputValidationMockFns
const PINNED_IP = '93.184.216.34'
const baseBody = {
accessToken: 'token-123',
fileId: 'file-abc',
}
function jsonResponse(body: unknown, ok = true) {
return {
ok,
status: ok ? 200 : 400,
statusText: '',
headers: new Headers(),
body: null,
text: async () => JSON.stringify(body),
json: async () => body,
arrayBuffer: async () => new ArrayBuffer(0),
}
}
function fileResponse(bytes: number, ok = true) {
return {
ok,
status: ok ? 200 : 400,
statusText: '',
headers: new Headers(),
body: null,
text: async () => '',
json: async () => ({}),
arrayBuffer: async () => new ArrayBuffer(bytes),
}
}
beforeEach(() => {
vi.clearAllMocks()
hybridAuthMockFns.mockCheckInternalAuth.mockResolvedValue({
success: true,
userId: 'user-1',
authType: 'internal_jwt',
})
mockValidateUrlWithDNS.mockResolvedValue({
isValid: true,
resolvedIP: PINNED_IP,
originalHostname: 'www.googleapis.com',
})
})
describe('POST /api/tools/google_drive/download', () => {
it('downloads a normal file under the size cap', async () => {
mockSecureFetchWithPinnedIP
.mockResolvedValueOnce(
jsonResponse({
id: 'file-abc',
name: 'report.pdf',
mimeType: 'application/pdf',
size: '1024',
capabilities: { canReadRevisions: false },
})
)
.mockResolvedValueOnce(fileResponse(1024))
const response = await POST(createMockRequest('POST', baseBody))
expect(response.status).toBe(200)
const data = (await response.json()) as { success: boolean; output: { file: { size: number } } }
expect(data.success).toBe(true)
expect(data.output.file.size).toBe(1024)
const downloadCall = mockSecureFetchWithPinnedIP.mock.calls[1]
expect(downloadCall[2]).toMatchObject({ maxResponseBytes: MAX_FILE_SIZE })
})
it('rejects the download before fetching content when metadata size exceeds the cap', async () => {
mockSecureFetchWithPinnedIP.mockResolvedValueOnce(
jsonResponse({
id: 'file-abc',
name: 'huge.bin',
mimeType: 'application/octet-stream',
size: String(MAX_FILE_SIZE + 1),
capabilities: { canReadRevisions: false },
})
)
const response = await POST(createMockRequest('POST', baseBody))
expect(response.status).toBe(413)
const data = (await response.json()) as { success: boolean; error: string }
expect(data.success).toBe(false)
expect(data.error).toContain('exceeds maximum size')
// Content download must never be initiated once metadata size trips the check.
expect(mockSecureFetchWithPinnedIP).toHaveBeenCalledTimes(1)
})
it('surfaces a clean 413 when the streamed content exceeds the cap', async () => {
mockSecureFetchWithPinnedIP
.mockResolvedValueOnce(
jsonResponse({
id: 'file-abc',
name: 'report.pdf',
mimeType: 'application/pdf',
capabilities: { canReadRevisions: false },
})
)
.mockRejectedValueOnce(
new PayloadSizeLimitError({
label: 'response body',
maxBytes: MAX_FILE_SIZE,
observedBytes: MAX_FILE_SIZE + 1,
})
)
const response = await POST(createMockRequest('POST', baseBody))
expect(response.status).toBe(413)
const data = (await response.json()) as { success: boolean }
expect(data.success).toBe(false)
})
it('proceeds to the streamed download when metadata size is malformed', async () => {
mockSecureFetchWithPinnedIP
.mockResolvedValueOnce(
jsonResponse({
id: 'file-abc',
name: 'report.pdf',
mimeType: 'application/pdf',
size: 'not-a-number',
capabilities: { canReadRevisions: false },
})
)
.mockResolvedValueOnce(fileResponse(1024))
const response = await POST(createMockRequest('POST', baseBody))
expect(response.status).toBe(200)
const data = (await response.json()) as { success: boolean; output: { file: { size: number } } }
expect(data.success).toBe(true)
expect(data.output.file.size).toBe(1024)
// The early size check should be skipped, but the streaming cap must still apply.
const downloadCall = mockSecureFetchWithPinnedIP.mock.calls[1]
expect(downloadCall[2]).toMatchObject({ maxResponseBytes: MAX_FILE_SIZE })
})
it('does not require a metadata size for Google Workspace exports', async () => {
mockSecureFetchWithPinnedIP
.mockResolvedValueOnce(
jsonResponse({
id: 'doc-1',
name: 'My Doc',
mimeType: 'application/vnd.google-apps.document',
capabilities: { canReadRevisions: false },
})
)
.mockResolvedValueOnce(fileResponse(2048))
const response = await POST(createMockRequest('POST', baseBody))
expect(response.status).toBe(200)
const exportCall = mockSecureFetchWithPinnedIP.mock.calls[1]
expect(exportCall[2]).toMatchObject({ maxResponseBytes: MAX_FILE_SIZE })
})
})
@@ -0,0 +1,289 @@
import { createLogger } from '@sim/logger'
import { getErrorMessage } from '@sim/utils/errors'
import { type NextRequest, NextResponse } from 'next/server'
import { googleDriveDownloadContract } from '@/lib/api/contracts/tools/google'
import { getValidationErrorMessage, parseRequest } from '@/lib/api/server'
import { checkInternalAuth } from '@/lib/auth/hybrid'
import {
secureFetchWithPinnedIP,
validateUrlWithDNS,
} from '@/lib/core/security/input-validation.server'
import { generateRequestId } from '@/lib/core/utils/request'
import { assertKnownSizeWithinLimit, isPayloadSizeLimitError } from '@/lib/core/utils/stream-limits'
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
import { MAX_FILE_SIZE } from '@/lib/uploads/utils/validation'
import type { GoogleDriveFile, GoogleDriveRevision } from '@/tools/google_drive/types'
import {
ALL_FILE_FIELDS,
ALL_REVISION_FIELDS,
DEFAULT_EXPORT_FORMATS,
GOOGLE_WORKSPACE_MIME_TYPES,
VALID_EXPORT_FORMATS,
} from '@/tools/google_drive/utils'
export const dynamic = 'force-dynamic'
const logger = createLogger('GoogleDriveDownloadAPI')
/** Google API error response structure */
interface GoogleApiErrorResponse {
error?: {
message?: string
code?: number
status?: string
}
}
/** Google Drive revisions list response */
interface GoogleDriveRevisionsResponse {
revisions?: GoogleDriveRevision[]
nextPageToken?: string
}
export const POST = withRouteHandler(async (request: NextRequest) => {
const requestId = generateRequestId()
try {
const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success) {
logger.warn(`[${requestId}] Unauthorized Google Drive download attempt: ${authResult.error}`)
return NextResponse.json(
{
success: false,
error: authResult.error || 'Authentication required',
},
{ status: 401 }
)
}
const parsed = await parseRequest(
googleDriveDownloadContract,
request,
{},
{
validationErrorResponse: (error) =>
NextResponse.json(
{ success: false, error: getValidationErrorMessage(error, 'Invalid request') },
{ status: 400 }
),
}
)
if (!parsed.success) return parsed.response
const validatedData = parsed.data.body
const {
accessToken,
fileId,
mimeType: rawExportMimeType,
fileName,
includeRevisions,
} = validatedData
const exportMimeType =
rawExportMimeType && rawExportMimeType !== 'auto' ? rawExportMimeType : null
const authHeader = `Bearer ${accessToken}`
logger.info(`[${requestId}] Getting file metadata from Google Drive`, { fileId })
const metadataUrl = `https://www.googleapis.com/drive/v3/files/${fileId}?fields=${ALL_FILE_FIELDS}&supportsAllDrives=true`
const metadataUrlValidation = await validateUrlWithDNS(metadataUrl, 'metadataUrl')
if (!metadataUrlValidation.isValid) {
return NextResponse.json(
{ success: false, error: metadataUrlValidation.error },
{ status: 400 }
)
}
const metadataResponse = await secureFetchWithPinnedIP(
metadataUrl,
metadataUrlValidation.resolvedIP!,
{
headers: { Authorization: authHeader },
}
)
if (!metadataResponse.ok) {
const errorDetails = (await metadataResponse
.json()
.catch(() => ({}))) as GoogleApiErrorResponse
logger.error(`[${requestId}] Failed to get file metadata`, {
status: metadataResponse.status,
error: errorDetails,
})
return NextResponse.json(
{ success: false, error: errorDetails.error?.message || 'Failed to get file metadata' },
{ status: 400 }
)
}
const metadata = (await metadataResponse.json()) as GoogleDriveFile
const fileMimeType = metadata.mimeType
let fileBuffer: Buffer
let finalMimeType = fileMimeType
if (GOOGLE_WORKSPACE_MIME_TYPES.includes(fileMimeType)) {
const exportFormat = exportMimeType || DEFAULT_EXPORT_FORMATS[fileMimeType] || 'text/plain'
const validFormats = VALID_EXPORT_FORMATS[fileMimeType]
if (validFormats && !validFormats.includes(exportFormat)) {
logger.warn(`[${requestId}] Unsupported export format requested`, {
fileId,
fileMimeType,
requestedFormat: exportFormat,
validFormats,
})
return NextResponse.json(
{
success: false,
error: `Export format "${exportFormat}" is not supported for this file type. Supported formats: ${validFormats.join(', ')}`,
},
{ status: 400 }
)
}
finalMimeType = exportFormat
logger.info(`[${requestId}] Exporting Google Workspace file`, {
fileId,
mimeType: fileMimeType,
exportFormat,
})
const exportUrl = `https://www.googleapis.com/drive/v3/files/${fileId}/export?mimeType=${encodeURIComponent(exportFormat)}&supportsAllDrives=true`
const exportUrlValidation = await validateUrlWithDNS(exportUrl, 'exportUrl')
if (!exportUrlValidation.isValid) {
return NextResponse.json(
{ success: false, error: exportUrlValidation.error },
{ status: 400 }
)
}
const exportResponse = await secureFetchWithPinnedIP(
exportUrl,
exportUrlValidation.resolvedIP!,
{ headers: { Authorization: authHeader }, maxResponseBytes: MAX_FILE_SIZE }
)
if (!exportResponse.ok) {
const exportError = (await exportResponse
.json()
.catch(() => ({}))) as GoogleApiErrorResponse
logger.error(`[${requestId}] Failed to export file`, {
status: exportResponse.status,
error: exportError,
})
return NextResponse.json(
{
success: false,
error: exportError.error?.message || 'Failed to export Google Workspace file',
},
{ status: 400 }
)
}
const arrayBuffer = await exportResponse.arrayBuffer()
fileBuffer = Buffer.from(arrayBuffer)
} else {
logger.info(`[${requestId}] Downloading regular file`, { fileId, mimeType: fileMimeType })
if (metadata.size) {
const parsedSize = Number.parseInt(metadata.size, 10)
if (Number.isFinite(parsedSize)) {
assertKnownSizeWithinLimit(parsedSize, MAX_FILE_SIZE, `Google Drive file ${fileId}`)
}
}
const downloadUrl = `https://www.googleapis.com/drive/v3/files/${fileId}?alt=media&supportsAllDrives=true`
const downloadUrlValidation = await validateUrlWithDNS(downloadUrl, 'downloadUrl')
if (!downloadUrlValidation.isValid) {
return NextResponse.json(
{ success: false, error: downloadUrlValidation.error },
{ status: 400 }
)
}
const downloadResponse = await secureFetchWithPinnedIP(
downloadUrl,
downloadUrlValidation.resolvedIP!,
{ headers: { Authorization: authHeader }, maxResponseBytes: MAX_FILE_SIZE }
)
if (!downloadResponse.ok) {
const downloadError = (await downloadResponse
.json()
.catch(() => ({}))) as GoogleApiErrorResponse
logger.error(`[${requestId}] Failed to download file`, {
status: downloadResponse.status,
error: downloadError,
})
return NextResponse.json(
{ success: false, error: downloadError.error?.message || 'Failed to download file' },
{ status: 400 }
)
}
const arrayBuffer = await downloadResponse.arrayBuffer()
fileBuffer = Buffer.from(arrayBuffer)
}
const canReadRevisions = metadata.capabilities?.canReadRevisions === true
if (includeRevisions && canReadRevisions) {
try {
const revisionsUrl = `https://www.googleapis.com/drive/v3/files/${fileId}/revisions?fields=revisions(${ALL_REVISION_FIELDS})&pageSize=100`
const revisionsUrlValidation = await validateUrlWithDNS(revisionsUrl, 'revisionsUrl')
if (revisionsUrlValidation.isValid) {
const revisionsResponse = await secureFetchWithPinnedIP(
revisionsUrl,
revisionsUrlValidation.resolvedIP!,
{ headers: { Authorization: authHeader } }
)
if (revisionsResponse.ok) {
const revisionsData = (await revisionsResponse.json()) as GoogleDriveRevisionsResponse
metadata.revisions = revisionsData.revisions
logger.info(`[${requestId}] Fetched file revisions`, {
fileId,
revisionCount: metadata.revisions?.length || 0,
})
}
}
} catch (error) {
logger.warn(`[${requestId}] Error fetching revisions, continuing without them`, { error })
}
}
const resolvedName = fileName || metadata.name || 'download'
logger.info(`[${requestId}] File downloaded successfully`, {
fileId,
name: resolvedName,
size: fileBuffer.length,
mimeType: finalMimeType,
})
const base64Data = fileBuffer.toString('base64')
return NextResponse.json({
success: true,
output: {
file: {
name: resolvedName,
mimeType: finalMimeType,
data: base64Data,
size: fileBuffer.length,
},
metadata,
},
})
} catch (error) {
logger.error(`[${requestId}] Error downloading Google Drive file:`, error)
return NextResponse.json(
{
success: false,
error: getErrorMessage(error, 'Unknown error occurred'),
},
{ status: isPayloadSizeLimitError(error) ? 413 : 500 }
)
}
})
@@ -0,0 +1,209 @@
import { createLogger } from '@sim/logger'
import { getErrorMessage } from '@sim/utils/errors'
import { type NextRequest, NextResponse } from 'next/server'
import { googleDriveExportContract } from '@/lib/api/contracts/tools/google'
import { getValidationErrorMessage, parseRequest } from '@/lib/api/server'
import { checkInternalAuth } from '@/lib/auth/hybrid'
import {
secureFetchWithPinnedIP,
validateUrlWithDNS,
} from '@/lib/core/security/input-validation.server'
import { generateRequestId } from '@/lib/core/utils/request'
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
import type { GoogleDriveFile } from '@/tools/google_drive/types'
import {
ALL_FILE_FIELDS,
GOOGLE_WORKSPACE_MIME_TYPES,
MAX_EXPORT_BYTES,
VALID_EXPORT_FORMATS,
} from '@/tools/google_drive/utils'
export const dynamic = 'force-dynamic'
const logger = createLogger('GoogleDriveExportAPI')
/** Google API error response structure */
interface GoogleApiErrorResponse {
error?: {
message?: string
code?: number
status?: string
}
}
export const POST = withRouteHandler(async (request: NextRequest) => {
const requestId = generateRequestId()
try {
const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success) {
logger.warn(`[${requestId}] Unauthorized Google Drive export attempt: ${authResult.error}`)
return NextResponse.json(
{ success: false, error: authResult.error || 'Authentication required' },
{ status: 401 }
)
}
const parsed = await parseRequest(
googleDriveExportContract,
request,
{},
{
validationErrorResponse: (error) =>
NextResponse.json(
{ success: false, error: getValidationErrorMessage(error, 'Invalid request') },
{ status: 400 }
),
}
)
if (!parsed.success) return parsed.response
const { accessToken, fileId, mimeType: exportMimeType, fileName } = parsed.data.body
const authHeader = `Bearer ${accessToken}`
logger.info(`[${requestId}] Getting file metadata from Google Drive`, { fileId })
const metadataUrl = `https://www.googleapis.com/drive/v3/files/${encodeURIComponent(fileId)}?fields=${ALL_FILE_FIELDS}&supportsAllDrives=true`
const metadataUrlValidation = await validateUrlWithDNS(metadataUrl, 'metadataUrl')
if (!metadataUrlValidation.isValid) {
return NextResponse.json(
{ success: false, error: metadataUrlValidation.error },
{ status: 400 }
)
}
const metadataResponse = await secureFetchWithPinnedIP(
metadataUrl,
metadataUrlValidation.resolvedIP!,
{ headers: { Authorization: authHeader } }
)
if (!metadataResponse.ok) {
const errorDetails = (await metadataResponse
.json()
.catch(() => ({}))) as GoogleApiErrorResponse
logger.error(`[${requestId}] Failed to get file metadata`, {
status: metadataResponse.status,
error: errorDetails,
})
return NextResponse.json(
{ success: false, error: errorDetails.error?.message || 'Failed to get file metadata' },
{ status: 400 }
)
}
const metadata = (await metadataResponse.json()) as GoogleDriveFile
const fileMimeType = metadata.mimeType
if (!GOOGLE_WORKSPACE_MIME_TYPES.includes(fileMimeType)) {
return NextResponse.json(
{
success: false,
error: `Export only supports Google Workspace files (Docs, Sheets, Slides, Drawings). This file is "${fileMimeType}" — use the Download operation instead.`,
},
{ status: 400 }
)
}
const validFormats = VALID_EXPORT_FORMATS[fileMimeType]
if (validFormats && !validFormats.includes(exportMimeType)) {
return NextResponse.json(
{
success: false,
error: `Export format "${exportMimeType}" is not supported for this file type. Supported formats: ${validFormats.join(', ')}`,
},
{ status: 400 }
)
}
logger.info(`[${requestId}] Exporting Google Workspace file`, {
fileId,
mimeType: fileMimeType,
exportFormat: exportMimeType,
})
const exportUrl = `https://www.googleapis.com/drive/v3/files/${encodeURIComponent(fileId)}/export?mimeType=${encodeURIComponent(exportMimeType)}`
const exportUrlValidation = await validateUrlWithDNS(exportUrl, 'exportUrl')
if (!exportUrlValidation.isValid) {
return NextResponse.json(
{ success: false, error: exportUrlValidation.error },
{ status: 400 }
)
}
const exportResponse = await secureFetchWithPinnedIP(
exportUrl,
exportUrlValidation.resolvedIP!,
{
headers: { Authorization: authHeader },
}
)
if (!exportResponse.ok) {
const exportError = (await exportResponse.json().catch(() => ({}))) as GoogleApiErrorResponse
logger.error(`[${requestId}] Failed to export file`, {
status: exportResponse.status,
error: exportError,
})
return NextResponse.json(
{
success: false,
error: exportError.error?.message || 'Failed to export Google Workspace file',
},
{ status: 400 }
)
}
const declaredSize = Number(exportResponse.headers.get('content-length'))
if (Number.isFinite(declaredSize) && declaredSize > MAX_EXPORT_BYTES) {
return NextResponse.json(
{
success: false,
error: `Exported content (${declaredSize} bytes) exceeds the ${MAX_EXPORT_BYTES}-byte export limit.`,
},
{ status: 400 }
)
}
const arrayBuffer = await exportResponse.arrayBuffer()
if (arrayBuffer.byteLength > MAX_EXPORT_BYTES) {
return NextResponse.json(
{
success: false,
error: `Exported content (${arrayBuffer.byteLength} bytes) exceeds the ${MAX_EXPORT_BYTES}-byte export limit.`,
},
{ status: 400 }
)
}
const fileBuffer = Buffer.from(arrayBuffer)
const resolvedName = fileName || metadata.name || 'export'
logger.info(`[${requestId}] File exported successfully`, {
fileId,
name: resolvedName,
size: fileBuffer.length,
mimeType: exportMimeType,
})
return NextResponse.json({
success: true,
output: {
file: {
name: resolvedName,
mimeType: exportMimeType,
data: fileBuffer.toString('base64'),
size: fileBuffer.length,
},
exportedMimeType: exportMimeType,
},
})
} catch (error) {
logger.error(`[${requestId}] Error exporting Google Drive file:`, error)
return NextResponse.json(
{ success: false, error: getErrorMessage(error, 'Unknown error occurred') },
{ status: 500 }
)
}
})
@@ -0,0 +1,296 @@
import { createLogger } from '@sim/logger'
import { getErrorMessage } from '@sim/utils/errors'
import { generateShortId } from '@sim/utils/id'
import { type NextRequest, NextResponse } from 'next/server'
import { googleDriveUploadContract } from '@/lib/api/contracts/tools/google'
import { parseRequest } from '@/lib/api/server'
import { checkInternalAuth } from '@/lib/auth/hybrid'
import { generateRequestId } from '@/lib/core/utils/request'
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
import { processSingleFileToUserFile } from '@/lib/uploads/utils/file-utils'
import { downloadServableFileFromStorage } from '@/lib/uploads/utils/file-utils.server'
import { docNotReadyResponse } from '@/lib/uploads/utils/servable-file-response'
import { assertToolFileAccess } from '@/app/api/files/authorization'
import {
GOOGLE_WORKSPACE_MIME_TYPES,
handleSheetsFormat,
SOURCE_MIME_TYPES,
} from '@/tools/google_drive/utils'
export const dynamic = 'force-dynamic'
const logger = createLogger('GoogleDriveUploadAPI')
const GOOGLE_DRIVE_API_BASE = 'https://www.googleapis.com/upload/drive/v3/files'
/**
* Build multipart upload body for Google Drive API
*/
function buildMultipartBody(
metadata: Record<string, any>,
fileBuffer: Buffer,
mimeType: string,
boundary: string
): string {
const parts: string[] = []
parts.push(`--${boundary}`)
parts.push('Content-Type: application/json; charset=UTF-8')
parts.push('')
parts.push(JSON.stringify(metadata))
parts.push(`--${boundary}`)
parts.push(`Content-Type: ${mimeType}`)
parts.push('Content-Transfer-Encoding: base64')
parts.push('')
parts.push(fileBuffer.toString('base64'))
parts.push(`--${boundary}--`)
return parts.join('\r\n')
}
export const POST = withRouteHandler(async (request: NextRequest) => {
const requestId = generateRequestId()
try {
const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success || !authResult.userId) {
logger.warn(`[${requestId}] Unauthorized Google Drive upload attempt: ${authResult.error}`)
return NextResponse.json(
{
success: false,
error: authResult.error || 'Authentication required',
},
{ status: 401 }
)
}
logger.info(
`[${requestId}] Authenticated Google Drive upload request via ${authResult.authType}`,
{
userId: authResult.userId,
}
)
const parsed = await parseRequest(googleDriveUploadContract, request, {})
if (!parsed.success) return parsed.response
const validatedData = parsed.data.body
logger.info(`[${requestId}] Uploading file to Google Drive`, {
fileName: validatedData.fileName,
mimeType: validatedData.mimeType,
folderId: validatedData.folderId,
hasFile: !!validatedData.file,
})
if (!validatedData.file) {
return NextResponse.json(
{
success: false,
error: 'No file provided. Use the text content field for text-only uploads.',
},
{ status: 400 }
)
}
// Process file - convert to UserFile format if needed
const fileData = validatedData.file
let userFile
try {
userFile = processSingleFileToUserFile(fileData, requestId, logger)
} catch (error) {
return NextResponse.json(
{
success: false,
error: getErrorMessage(error, 'Failed to process file'),
},
{ status: 400 }
)
}
logger.info(`[${requestId}] Downloading file from storage`, {
fileName: userFile.name,
key: userFile.key,
size: userFile.size,
})
const denied = await assertToolFileAccess(userFile.key, authResult.userId, requestId, logger)
if (denied) return denied
let fileBuffer: Buffer
let downloadedContentType = ''
try {
const result = await downloadServableFileFromStorage(userFile, requestId, logger)
fileBuffer = result.buffer
downloadedContentType = result.contentType
} catch (error) {
const notReady = docNotReadyResponse(error)
if (notReady) return notReady
logger.error(`[${requestId}] Failed to download file:`, error)
return NextResponse.json(
{
success: false,
error: `Failed to download file: ${getErrorMessage(error, 'Unknown error')}`,
},
{ status: 500 }
)
}
let uploadMimeType =
validatedData.mimeType || downloadedContentType || userFile.type || 'application/octet-stream'
const requestedMimeType =
validatedData.mimeType || downloadedContentType || userFile.type || 'application/octet-stream'
if (GOOGLE_WORKSPACE_MIME_TYPES.includes(requestedMimeType)) {
uploadMimeType = SOURCE_MIME_TYPES[requestedMimeType] || 'text/plain'
logger.info(`[${requestId}] Converting to Google Workspace type`, {
requestedMimeType,
uploadMimeType,
})
}
if (requestedMimeType === 'application/vnd.google-apps.spreadsheet') {
try {
const textContent = fileBuffer.toString('utf-8')
const { csv } = handleSheetsFormat(textContent)
if (csv !== undefined) {
fileBuffer = Buffer.from(csv, 'utf-8')
uploadMimeType = 'text/csv'
logger.info(`[${requestId}] Converted to CSV for Google Sheets upload`)
}
} catch (error) {
logger.warn(`[${requestId}] Could not convert to CSV, uploading as-is:`, error)
}
}
const metadata: {
name: string
mimeType: string
parents?: string[]
} = {
name: validatedData.fileName,
mimeType: requestedMimeType,
}
if (validatedData.folderId && validatedData.folderId.trim() !== '') {
metadata.parents = [validatedData.folderId.trim()]
}
const boundary = `boundary_${Date.now()}_${generateShortId(7)}`
const multipartBody = buildMultipartBody(metadata, fileBuffer, uploadMimeType, boundary)
logger.info(`[${requestId}] Uploading to Google Drive via multipart upload`, {
fileName: validatedData.fileName,
size: fileBuffer.length,
uploadMimeType,
requestedMimeType,
})
const uploadResponse = await fetch(
`${GOOGLE_DRIVE_API_BASE}?uploadType=multipart&supportsAllDrives=true`,
{
method: 'POST',
headers: {
Authorization: `Bearer ${validatedData.accessToken}`,
'Content-Type': `multipart/related; boundary=${boundary}`,
'Content-Length': Buffer.byteLength(multipartBody, 'utf-8').toString(),
},
body: multipartBody,
}
)
if (!uploadResponse.ok) {
const errorText = await uploadResponse.text()
logger.error(`[${requestId}] Google Drive API error:`, {
status: uploadResponse.status,
statusText: uploadResponse.statusText,
error: errorText,
})
return NextResponse.json(
{
success: false,
error: `Google Drive API error: ${uploadResponse.statusText}`,
},
{ status: uploadResponse.status }
)
}
const uploadData = await uploadResponse.json()
const fileId = uploadData.id
logger.info(`[${requestId}] File uploaded successfully`, { fileId })
if (GOOGLE_WORKSPACE_MIME_TYPES.includes(requestedMimeType)) {
logger.info(`[${requestId}] Updating file name to ensure it persists after conversion`)
const updateNameResponse = await fetch(
`https://www.googleapis.com/drive/v3/files/${fileId}?supportsAllDrives=true`,
{
method: 'PATCH',
headers: {
Authorization: `Bearer ${validatedData.accessToken}`,
'Content-Type': 'application/json',
},
body: JSON.stringify({
name: validatedData.fileName,
}),
}
)
if (!updateNameResponse.ok) {
logger.warn(
`[${requestId}] Failed to update filename after conversion, but content was uploaded`
)
}
}
const finalFileResponse = await fetch(
`https://www.googleapis.com/drive/v3/files/${fileId}?supportsAllDrives=true&fields=id,name,mimeType,webViewLink,webContentLink,size,createdTime,modifiedTime,parents`,
{
headers: {
Authorization: `Bearer ${validatedData.accessToken}`,
},
}
)
const finalFile = await finalFileResponse.json()
logger.info(`[${requestId}] Upload complete`, {
fileId: finalFile.id,
fileName: finalFile.name,
webViewLink: finalFile.webViewLink,
})
return NextResponse.json({
success: true,
output: {
file: {
id: finalFile.id,
name: finalFile.name,
mimeType: finalFile.mimeType,
webViewLink: finalFile.webViewLink,
webContentLink: finalFile.webContentLink,
size: finalFile.size,
createdTime: finalFile.createdTime,
modifiedTime: finalFile.modifiedTime,
parents: finalFile.parents,
},
},
})
} catch (error) {
logger.error(`[${requestId}] Error uploading file to Google Drive:`, error)
return NextResponse.json(
{
success: false,
error: getErrorMessage(error, 'Internal server error'),
},
{ status: 500 }
)
}
})