Files
wehub-resource-sync d25d482dc2
Publish CLI Package / publish-npm (push) Waiting to run
Publish Python SDK / publish-pypi (push) Waiting to run
Publish TypeScript SDK / publish-npm (push) Waiting to run
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:20:55 +08:00

392 lines
14 KiB
TypeScript

import { AuditAction, AuditResourceType, recordAudit } from '@sim/audit'
import { db } from '@sim/db'
import { workflowSchedule } from '@sim/db/schema'
import { createLogger } from '@sim/logger'
import {
assertWorkflowMutable,
authorizeWorkflowByWorkspacePermission,
WorkflowLockedError,
} from '@sim/platform-authz/workflow'
import { and, eq, isNull } from 'drizzle-orm'
import { type NextRequest, NextResponse } from 'next/server'
import { getScheduleByIdContract, updateScheduleContract } from '@/lib/api/contracts/schedules'
import { parseRequest } from '@/lib/api/server'
import { getSession } from '@/lib/auth'
import { generateRequestId } from '@/lib/core/utils/request'
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
import { captureServerEvent } from '@/lib/posthog/server'
import {
performDeleteJob,
performExcludeOccurrence,
performUpdateJob,
} from '@/lib/workflows/schedules/orchestration'
import { validateCronExpression } from '@/lib/workflows/schedules/utils'
import { verifyWorkspaceMembership } from '@/app/api/workflows/utils'
const logger = createLogger('ScheduleAPI')
export const dynamic = 'force-dynamic'
type ScheduleRow = typeof workflowSchedule.$inferSelect
async function fetchAndAuthorize(
requestId: string,
scheduleId: string,
userId: string,
action: 'read' | 'write'
): Promise<{ schedule: ScheduleRow; workspaceId: string | null } | NextResponse> {
const [schedule] = await db
.select()
.from(workflowSchedule)
.where(and(eq(workflowSchedule.id, scheduleId), isNull(workflowSchedule.archivedAt)))
.limit(1)
if (!schedule) {
logger.warn(`[${requestId}] Schedule not found: ${scheduleId}`)
return NextResponse.json({ error: 'Schedule not found' }, { status: 404 })
}
if (schedule.sourceType === 'job') {
if (!schedule.sourceWorkspaceId) {
return NextResponse.json({ error: 'Job has no workspace' }, { status: 400 })
}
const permission = await verifyWorkspaceMembership(userId, schedule.sourceWorkspaceId)
const canWrite = permission === 'admin' || permission === 'write'
if (!permission || (action === 'write' && !canWrite)) {
return NextResponse.json({ error: 'Not authorized' }, { status: 403 })
}
return { schedule, workspaceId: schedule.sourceWorkspaceId }
}
if (!schedule.workflowId) {
logger.warn(`[${requestId}] Schedule has no workflow: ${scheduleId}`)
return NextResponse.json({ error: 'Schedule has no associated workflow' }, { status: 400 })
}
const authorization = await authorizeWorkflowByWorkspacePermission({
workflowId: schedule.workflowId,
userId,
action,
})
if (!authorization.workflow) {
logger.warn(`[${requestId}] Workflow not found for schedule: ${scheduleId}`)
return NextResponse.json({ error: 'Workflow not found' }, { status: 404 })
}
if (!authorization.allowed) {
logger.warn(`[${requestId}] User not authorized to modify schedule: ${scheduleId}`)
return NextResponse.json(
{ error: authorization.message || 'Not authorized to modify this schedule' },
{ status: authorization.status }
)
}
return { schedule, workspaceId: authorization.workflow.workspaceId ?? null }
}
export const GET = withRouteHandler(
async (request: NextRequest, context: { params: Promise<{ id: string }> }) => {
const requestId = generateRequestId()
try {
const session = await getSession()
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
const parsed = await parseRequest(getScheduleByIdContract, request, context, {
validationErrorResponse: () =>
NextResponse.json({ error: 'Invalid request' }, { status: 400 }),
})
if (!parsed.success) return parsed.response
const { id: scheduleId } = parsed.data.params
// fetchAndAuthorize already loads the full row (and 404s if missing), so
// return it directly — no second query.
const authResult = await fetchAndAuthorize(requestId, scheduleId, session.user.id, 'read')
if (authResult instanceof NextResponse) return authResult
return NextResponse.json({ schedule: authResult.schedule })
} catch (error) {
logger.error(`[${requestId}] Failed to get schedule`, { error })
return NextResponse.json({ error: 'Failed to get schedule' }, { status: 500 })
}
}
)
export const PUT = withRouteHandler(
async (request: NextRequest, context: { params: Promise<{ id: string }> }) => {
const requestId = generateRequestId()
try {
const session = await getSession()
if (!session?.user?.id) {
logger.warn(`[${requestId}] Unauthorized schedule update attempt`)
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
const parsed = await parseRequest(updateScheduleContract, request, context, {
validationErrorResponse: () =>
NextResponse.json({ error: 'Invalid request body' }, { status: 400 }),
})
if (!parsed.success) return parsed.response
const { id: scheduleId } = parsed.data.params
const validatedBody = parsed.data.body
const result = await fetchAndAuthorize(requestId, scheduleId, session.user.id, 'write')
if (result instanceof NextResponse) return result
const { schedule, workspaceId } = result
if (schedule.workflowId) {
await assertWorkflowMutable(schedule.workflowId)
}
const { action } = validatedBody
if (action === 'disable') {
if (schedule.status === 'disabled') {
return NextResponse.json({ message: 'Schedule is already disabled' })
}
await db
.update(workflowSchedule)
.set({ status: 'disabled', nextRunAt: null, lastQueuedAt: null, updatedAt: new Date() })
.where(and(eq(workflowSchedule.id, scheduleId), isNull(workflowSchedule.archivedAt)))
logger.info(`[${requestId}] Disabled schedule: ${scheduleId}`)
recordAudit({
workspaceId,
actorId: session.user.id,
actorName: session.user.name,
actorEmail: session.user.email,
action: AuditAction.SCHEDULE_UPDATED,
resourceType: AuditResourceType.SCHEDULE,
resourceId: scheduleId,
resourceName: schedule.jobTitle ?? undefined,
description: `Disabled schedule "${schedule.jobTitle ?? scheduleId}"`,
metadata: {
operation: 'disable',
sourceType: schedule.sourceType,
previousStatus: schedule.status,
},
request,
})
return NextResponse.json({ message: 'Schedule disabled successfully' })
}
if (action === 'update') {
if (schedule.sourceType !== 'job') {
return NextResponse.json(
{ error: 'Only standalone job schedules can be edited' },
{ status: 400 }
)
}
if (!workspaceId) {
return NextResponse.json({ error: 'Job has no workspace' }, { status: 400 })
}
const updateResult = await performUpdateJob({
jobId: scheduleId,
workspaceId,
userId: session.user.id,
actorName: session.user.name,
actorEmail: session.user.email,
title: validatedBody.title,
prompt: validatedBody.prompt,
timezone: validatedBody.timezone,
lifecycle: validatedBody.lifecycle,
maxRuns: validatedBody.maxRuns,
cronExpression: validatedBody.cronExpression,
time: validatedBody.time,
endsAt: validatedBody.endsAt,
contexts: validatedBody.contexts,
request,
})
if (!updateResult.success) {
return NextResponse.json(
{ error: updateResult.error || 'Failed to update schedule' },
{ status: updateResult.errorCode === 'validation' ? 400 : 500 }
)
}
logger.info(`[${requestId}] Updated job schedule: ${scheduleId}`)
return NextResponse.json({ message: 'Schedule updated successfully' })
}
if (action === 'exclude_occurrence') {
if (schedule.sourceType !== 'job') {
return NextResponse.json(
{ error: 'Only standalone job schedules have occurrences' },
{ status: 400 }
)
}
if (!workspaceId) {
return NextResponse.json({ error: 'Job has no workspace' }, { status: 400 })
}
const excludeResult = await performExcludeOccurrence({
jobId: scheduleId,
workspaceId,
userId: session.user.id,
actorName: session.user.name,
actorEmail: session.user.email,
occurrence: validatedBody.occurrence,
request,
})
if (!excludeResult.success) {
return NextResponse.json(
{ error: excludeResult.error || 'Failed to delete occurrence' },
{
status:
excludeResult.errorCode === 'not_found'
? 404
: excludeResult.errorCode === 'validation'
? 400
: 500,
}
)
}
logger.info(`[${requestId}] Excluded occurrence on job schedule: ${scheduleId}`)
return NextResponse.json({ message: 'Occurrence deleted successfully' })
}
// reactivate
if (schedule.status === 'active') {
return NextResponse.json({ message: 'Schedule is already active' })
}
if (!schedule.cronExpression) {
logger.error(`[${requestId}] Schedule has no cron expression: ${scheduleId}`)
return NextResponse.json({ error: 'Schedule has no cron expression' }, { status: 400 })
}
const cronResult = validateCronExpression(schedule.cronExpression, schedule.timezone || 'UTC')
if (!cronResult.isValid || !cronResult.nextRun) {
logger.error(`[${requestId}] Invalid cron expression for schedule: ${scheduleId}`)
return NextResponse.json({ error: 'Schedule has invalid cron expression' }, { status: 400 })
}
const now = new Date()
const nextRunAt = cronResult.nextRun
await db
.update(workflowSchedule)
.set({ status: 'active', failedCount: 0, infraRetryCount: 0, updatedAt: now, nextRunAt })
.where(and(eq(workflowSchedule.id, scheduleId), isNull(workflowSchedule.archivedAt)))
logger.info(`[${requestId}] Reactivated schedule: ${scheduleId}`)
recordAudit({
workspaceId,
actorId: session.user.id,
actorName: session.user.name,
actorEmail: session.user.email,
action: AuditAction.SCHEDULE_UPDATED,
resourceType: AuditResourceType.SCHEDULE,
resourceId: scheduleId,
resourceName: schedule.jobTitle ?? undefined,
description: `Reactivated schedule "${schedule.jobTitle ?? scheduleId}"`,
metadata: {
operation: 'reactivate',
sourceType: schedule.sourceType,
cronExpression: schedule.cronExpression,
timezone: schedule.timezone,
},
request,
})
return NextResponse.json({ message: 'Schedule activated successfully', nextRunAt })
} catch (error) {
if (error instanceof WorkflowLockedError) {
return NextResponse.json({ error: error.message }, { status: error.status })
}
logger.error(`[${requestId}] Error updating schedule`, error)
return NextResponse.json({ error: 'Failed to update schedule' }, { status: 500 })
}
}
)
export const DELETE = withRouteHandler(
async (request: NextRequest, { params }: { params: Promise<{ id: string }> }) => {
const requestId = generateRequestId()
try {
const { id: scheduleId } = await params
const session = await getSession()
if (!session?.user?.id) {
logger.warn(`[${requestId}] Unauthorized schedule delete attempt`)
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
const result = await fetchAndAuthorize(requestId, scheduleId, session.user.id, 'write')
if (result instanceof NextResponse) return result
const { schedule, workspaceId } = result
if (schedule.sourceType === 'job') {
if (!workspaceId) {
return NextResponse.json({ error: 'Job has no workspace' }, { status: 400 })
}
const deleteResult = await performDeleteJob({
jobId: scheduleId,
workspaceId,
userId: session.user.id,
actorName: session.user.name,
actorEmail: session.user.email,
request,
})
if (!deleteResult.success) {
return NextResponse.json(
{ error: deleteResult.error || 'Failed to delete schedule' },
{ status: deleteResult.errorCode === 'not_found' ? 404 : 500 }
)
}
return NextResponse.json({ message: 'Schedule deleted successfully' })
}
await db.delete(workflowSchedule).where(eq(workflowSchedule.id, scheduleId))
logger.info(`[${requestId}] Deleted schedule: ${scheduleId}`)
recordAudit({
workspaceId,
actorId: session.user.id,
actorName: session.user.name,
actorEmail: session.user.email,
action: AuditAction.SCHEDULE_DELETED,
resourceType: AuditResourceType.SCHEDULE,
resourceId: scheduleId,
resourceName: schedule.jobTitle ?? undefined,
description: `Deleted ${schedule.sourceType === 'job' ? 'job' : 'schedule'} "${schedule.jobTitle ?? scheduleId}"`,
metadata: {
sourceType: schedule.sourceType,
cronExpression: schedule.cronExpression,
timezone: schedule.timezone,
},
request,
})
captureServerEvent(
session.user.id,
'scheduled_task_deleted',
{ workspace_id: workspaceId ?? '' },
workspaceId ? { groups: { workspace: workspaceId } } : undefined
)
return NextResponse.json({ message: 'Schedule deleted successfully' })
} catch (error) {
logger.error(`[${requestId}] Error deleting schedule`, error)
return NextResponse.json({ error: 'Failed to delete schedule' }, { status: 500 })
}
}
)