chore: import upstream snapshot with attribution
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
Publish CLI Package / publish-npm (push) Has been cancelled
Publish Python SDK / publish-pypi (push) Has been cancelled
Publish TypeScript SDK / publish-npm (push) Has been cancelled

This commit is contained in:
wehub-resource-sync
2026-07-13 13:20:55 +08:00
commit d25d482dc2
13754 changed files with 4996608 additions and 0 deletions
@@ -0,0 +1,100 @@
/**
* Tests for workflow chat status route auth and access.
*
* @vitest-environment node
*/
import {
dbChainMock,
dbChainMockFns,
hybridAuthMockFns,
resetDbChainMock,
workflowAuthzMockFns,
workflowsUtilsMock,
} from '@sim/testing'
import { NextRequest } from 'next/server'
import { beforeEach, describe, expect, it, vi } from 'vitest'
vi.mock('@sim/db', () => dbChainMock)
vi.mock('drizzle-orm', () => ({
and: vi.fn((...args: unknown[]) => ({ type: 'and', args })),
eq: vi.fn(),
isNull: vi.fn((field: unknown) => ({ type: 'isNull', field })),
}))
vi.mock('@/lib/workflows/utils', () => workflowsUtilsMock)
import { GET } from '@/app/api/workflows/[id]/chat/status/route'
describe('Workflow Chat Status Route', () => {
beforeEach(() => {
vi.clearAllMocks()
resetDbChainMock()
})
it('returns 401 when unauthenticated', async () => {
hybridAuthMockFns.mockCheckSessionOrInternalAuth.mockResolvedValueOnce({ success: false })
const req = new NextRequest('http://localhost:3000/api/workflows/wf-1/chat/status')
const response = await GET(req, { params: Promise.resolve({ id: 'wf-1' }) })
expect(response.status).toBe(401)
})
it('returns 403 when user lacks workspace access', async () => {
hybridAuthMockFns.mockCheckSessionOrInternalAuth.mockResolvedValueOnce({
success: true,
userId: 'user-1',
authType: 'session',
})
workflowAuthzMockFns.mockAuthorizeWorkflowByWorkspacePermission.mockResolvedValueOnce({
allowed: false,
status: 403,
message: 'Access denied',
workflow: { id: 'wf-1', workspaceId: 'ws-1' },
workspacePermission: null,
})
const req = new NextRequest('http://localhost:3000/api/workflows/wf-1/chat/status')
const response = await GET(req, { params: Promise.resolve({ id: 'wf-1' }) })
expect(response.status).toBe(403)
})
it('returns deployment details when authorized', async () => {
hybridAuthMockFns.mockCheckSessionOrInternalAuth.mockResolvedValueOnce({
success: true,
userId: 'user-1',
authType: 'session',
})
workflowAuthzMockFns.mockAuthorizeWorkflowByWorkspacePermission.mockResolvedValueOnce({
allowed: true,
status: 200,
workflow: { id: 'wf-1', workspaceId: 'ws-1' },
workspacePermission: 'read',
})
dbChainMockFns.limit.mockResolvedValueOnce([
{
id: 'chat-1',
identifier: 'assistant',
title: 'Support Bot',
description: 'desc',
customizations: { theme: 'dark' },
authType: 'public',
allowedEmails: [],
outputConfigs: [{ blockId: 'agent-1', path: 'content' }],
password: 'secret',
isActive: true,
},
])
const req = new NextRequest('http://localhost:3000/api/workflows/wf-1/chat/status')
const response = await GET(req, { params: Promise.resolve({ id: 'wf-1' }) })
expect(response.status).toBe(200)
const data = await response.json()
expect(data.isDeployed).toBe(true)
expect(data.deployment.id).toBe('chat-1')
expect(data.deployment.hasPassword).toBe(true)
expect(data.deployment.outputConfigs).toEqual([{ blockId: 'agent-1', path: 'content' }])
})
})
@@ -0,0 +1,87 @@
import { db } from '@sim/db'
import { chat } from '@sim/db/schema'
import { createLogger } from '@sim/logger'
import { authorizeWorkflowByWorkspacePermission } from '@sim/platform-authz/workflow'
import { and, eq, isNull } from 'drizzle-orm'
import type { NextRequest } from 'next/server'
import { getChatDeploymentStatusContract } from '@/lib/api/contracts/deployments'
import { parseRequest } from '@/lib/api/server'
import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
import { generateRequestId } from '@/lib/core/utils/request'
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
import { createErrorResponse, createSuccessResponse } from '@/app/api/workflows/utils'
const logger = createLogger('ChatStatusAPI')
/**
* GET endpoint to check if a workflow has an active chat deployment
*/
export const GET = withRouteHandler(
async (request: NextRequest, context: { params: Promise<{ id: string }> }) => {
const parsed = await parseRequest(getChatDeploymentStatusContract, request, context)
if (!parsed.success) return parsed.response
const { id } = parsed.data.params
const requestId = generateRequestId()
try {
const auth = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
if (!auth.success || !auth.userId) {
return createErrorResponse('Unauthorized', 401)
}
const authorization = await authorizeWorkflowByWorkspacePermission({
workflowId: id,
userId: auth.userId,
action: 'read',
})
if (!authorization.allowed) {
return createErrorResponse(
authorization.message || 'Access denied',
authorization.status || 403
)
}
// Find any active chat deployments for this workflow
const deploymentResults = await db
.select({
id: chat.id,
identifier: chat.identifier,
title: chat.title,
description: chat.description,
customizations: chat.customizations,
authType: chat.authType,
allowedEmails: chat.allowedEmails,
outputConfigs: chat.outputConfigs,
password: chat.password,
isActive: chat.isActive,
})
.from(chat)
.where(and(eq(chat.workflowId, id), isNull(chat.archivedAt)))
.limit(1)
const isDeployed = deploymentResults.length > 0 && deploymentResults[0].isActive
const deploymentInfo =
deploymentResults.length > 0
? {
id: deploymentResults[0].id,
identifier: deploymentResults[0].identifier,
title: deploymentResults[0].title,
description: deploymentResults[0].description,
customizations: deploymentResults[0].customizations,
authType: deploymentResults[0].authType,
allowedEmails: deploymentResults[0].allowedEmails,
outputConfigs: deploymentResults[0].outputConfigs,
hasPassword: Boolean(deploymentResults[0].password),
}
: null
return createSuccessResponse({
isDeployed,
deployment: deploymentInfo,
})
} catch (error: any) {
logger.error(`[${requestId}] Error checking chat deployment status:`, error)
return createErrorResponse(error.message || 'Failed to check chat deployment status', 500)
}
}
)