Merge branch 'staging' into improvement/queries

Author: icecrasher321

apps/sim/app/api/auth/sso/register/route.ts

@@ -2,6 +2,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { auth } from '@/lib/auth'
 import { env } from '@/lib/core/config/env'
+import { REDACTED_MARKER } from '@/lib/core/security/redaction'
 import { createLogger } from '@/lib/logs/console/logger'
 
 const logger = createLogger('SSO-Register')
@@ -236,13 +237,13 @@ export async function POST(request: NextRequest) {
           oidcConfig: providerConfig.oidcConfig
             ? {
                 ...providerConfig.oidcConfig,
-                clientSecret: '[REDACTED]',
+                clientSecret: REDACTED_MARKER,
               }
             : undefined,
           samlConfig: providerConfig.samlConfig
             ? {
                 ...providerConfig.samlConfig,
-                cert: '[REDACTED]',
+                cert: REDACTED_MARKER,
               }
             : undefined,
         },

apps/sim/app/api/folders/[id]/route.ts

@@ -141,6 +141,23 @@ export async function DELETE(
       )
     }
 
+    // Check if deleting this folder would delete the last workflow(s) in the workspace
+    const workflowsInFolder = await countWorkflowsInFolderRecursively(
+      id,
+      existingFolder.workspaceId
+    )
+    const totalWorkflowsInWorkspace = await db
+      .select({ id: workflow.id })
+      .from(workflow)
+      .where(eq(workflow.workspaceId, existingFolder.workspaceId))
+
+    if (workflowsInFolder > 0 && workflowsInFolder >= totalWorkflowsInWorkspace.length) {
+      return NextResponse.json(
+        { error: 'Cannot delete folder containing the only workflow(s) in the workspace' },
+        { status: 400 }
+      )
+    }
+
     // Recursively delete folder and all its contents
     const deletionStats = await deleteFolderRecursively(id, existingFolder.workspaceId)
 
@@ -202,6 +219,34 @@ async function deleteFolderRecursively(
   return stats
 }
 
+/**
+ * Counts the number of workflows in a folder and all its subfolders recursively.
+ */
+async function countWorkflowsInFolderRecursively(
+  folderId: string,
+  workspaceId: string
+): Promise<number> {
+  let count = 0
+
+  const workflowsInFolder = await db
+    .select({ id: workflow.id })
+    .from(workflow)
+    .where(and(eq(workflow.folderId, folderId), eq(workflow.workspaceId, workspaceId)))
+
+  count += workflowsInFolder.length
+
+  const childFolders = await db
+    .select({ id: workflowFolder.id })
+    .from(workflowFolder)
+    .where(and(eq(workflowFolder.parentId, folderId), eq(workflowFolder.workspaceId, workspaceId)))
+
+  for (const childFolder of childFolders) {
+    count += await countWorkflowsInFolderRecursively(childFolder.id, workspaceId)
+  }
+
+  return count
+}
+
 // Helper function to check for circular references
 async function checkForCircularReference(folderId: string, parentId: string): Promise<boolean> {
   let currentParentId: string | null = parentId

apps/sim/app/api/jobs/[jobId]/route.ts

@@ -1,7 +1,6 @@
 import { runs } from '@trigger.dev/sdk'
 import { type NextRequest, NextResponse } from 'next/server'
-import { authenticateApiKeyFromHeader, updateApiKeyLastUsed } from '@/lib/api-key/service'
-import { getSession } from '@/lib/auth'
+import { checkHybridAuth } from '@/lib/auth/hybrid'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { createLogger } from '@/lib/logs/console/logger'
 import { createErrorResponse } from '@/app/api/workflows/utils'
@@ -18,38 +17,44 @@ export async function GET(
   try {
     logger.debug(`[${requestId}] Getting status for task: ${taskId}`)
 
-    // Try session auth first (for web UI)
-    const session = await getSession()
-    let authenticatedUserId: string | null = session?.user?.id || null
-
-    if (!authenticatedUserId) {
-      const apiKeyHeader = request.headers.get('x-api-key')
-      if (apiKeyHeader) {
-        const authResult = await authenticateApiKeyFromHeader(apiKeyHeader)
-        if (authResult.success && authResult.userId) {
-          authenticatedUserId = authResult.userId
-          if (authResult.keyId) {
-            await updateApiKeyLastUsed(authResult.keyId).catch((error) => {
-              logger.warn(`[${requestId}] Failed to update API key last used timestamp:`, {
-                keyId: authResult.keyId,
-                error,
-              })
-            })
-          }
-        }
-      }
+    const authResult = await checkHybridAuth(request, { requireWorkflowId: false })
+    if (!authResult.success || !authResult.userId) {
+      logger.warn(`[${requestId}] Unauthorized task status request`)
+      return createErrorResponse(authResult.error || 'Authentication required', 401)
     }
 
-    if (!authenticatedUserId) {
-      return createErrorResponse('Authentication required', 401)
-    }
+    const authenticatedUserId = authResult.userId
 
-    // Fetch task status from Trigger.dev
     const run = await runs.retrieve(taskId)
 
     logger.debug(`[${requestId}] Task ${taskId} status: ${run.status}`)
 
-    // Map Trigger.dev status to our format
+    const payload = run.payload as any
+    if (payload?.workflowId) {
+      const { verifyWorkflowAccess } = await import('@/socket-server/middleware/permissions')
+      const accessCheck = await verifyWorkflowAccess(authenticatedUserId, payload.workflowId)
+      if (!accessCheck.hasAccess) {
+        logger.warn(`[${requestId}] User ${authenticatedUserId} denied access to task ${taskId}`, {
+          workflowId: payload.workflowId,
+        })
+        return createErrorResponse('Access denied', 403)
+      }
+      logger.debug(`[${requestId}] User ${authenticatedUserId} has access to task ${taskId}`)
+    } else {
+      if (payload?.userId && payload.userId !== authenticatedUserId) {
+        logger.warn(
+          `[${requestId}] User ${authenticatedUserId} attempted to access task ${taskId} owned by ${payload.userId}`
+        )
+        return createErrorResponse('Access denied', 403)
+      }
+      if (!payload?.userId) {
+        logger.warn(
+          `[${requestId}] Task ${taskId} has no ownership information in payload. Denying access for security.`
+        )
+        return createErrorResponse('Access denied', 403)
+      }
+    }
+
     const statusMap = {
       QUEUED: 'queued',
       WAITING_FOR_DEPLOY: 'queued',
@@ -67,7 +72,6 @@ export async function GET(
 
     const mappedStatus = statusMap[run.status as keyof typeof statusMap] || 'unknown'
 
-    // Build response based on status
     const response: any = {
       success: true,
       taskId,
@@ -77,21 +81,18 @@ export async function GET(
       },
     }
 
-    // Add completion details if finished
     if (mappedStatus === 'completed') {
       response.output = run.output // This contains the workflow execution results
       response.metadata.completedAt = run.finishedAt
       response.metadata.duration = run.durationMs
     }
 
-    // Add error details if failed
     if (mappedStatus === 'failed') {
       response.error = run.error
       response.metadata.completedAt = run.finishedAt
       response.metadata.duration = run.durationMs
     }
 
-    // Add progress info if still processing
     if (mappedStatus === 'processing' || mappedStatus === 'queued') {
       response.estimatedDuration = 180000 // 3 minutes max from our config
     }
@@ -107,6 +108,3 @@ export async function GET(
     return createErrorResponse('Failed to fetch task status', 500)
   }
 }
-
-// TODO: Implement task cancellation via Trigger.dev API if needed
-// export async function DELETE() { ... }

apps/sim/app/api/knowledge/[id]/documents/[documentId]/chunks/route.ts

@@ -156,13 +156,27 @@ export async function POST(
       const validatedData = CreateChunkSchema.parse(searchParams)
 
       const docTags = {
+        // Text tags (7 slots)
         tag1: doc.tag1 ?? null,
         tag2: doc.tag2 ?? null,
         tag3: doc.tag3 ?? null,
         tag4: doc.tag4 ?? null,
         tag5: doc.tag5 ?? null,
         tag6: doc.tag6 ?? null,
         tag7: doc.tag7 ?? null,
+        // Number tags (5 slots)
+        number1: doc.number1 ?? null,
+        number2: doc.number2 ?? null,
+        number3: doc.number3 ?? null,
+        number4: doc.number4 ?? null,
+        number5: doc.number5 ?? null,
+        // Date tags (2 slots)
+        date1: doc.date1 ?? null,
+        date2: doc.date2 ?? null,
+        // Boolean tags (3 slots)
+        boolean1: doc.boolean1 ?? null,
+        boolean2: doc.boolean2 ?? null,
+        boolean3: doc.boolean3 ?? null,
       }
 
       const newChunk = await createChunk(

apps/sim/app/api/knowledge/[id]/documents/[documentId]/route.test.ts

@@ -72,6 +72,16 @@ describe('Document By ID API Route', () => {
     tag5: null,
     tag6: null,
     tag7: null,
+    number1: null,
+    number2: null,
+    number3: null,
+    number4: null,
+    number5: null,
+    date1: null,
+    date2: null,
+    boolean1: null,
+    boolean2: null,
+    boolean3: null,
     deletedAt: null,
   }
 

apps/sim/app/api/knowledge/[id]/documents/[documentId]/route.ts

@@ -23,14 +23,27 @@ const UpdateDocumentSchema = z.object({
   processingError: z.string().optional(),
   markFailedDueToTimeout: z.boolean().optional(),
   retryProcessing: z.boolean().optional(),
-  // Tag fields
+  // Text tag fields
   tag1: z.string().optional(),
   tag2: z.string().optional(),
   tag3: z.string().optional(),
   tag4: z.string().optional(),
   tag5: z.string().optional(),
   tag6: z.string().optional(),
   tag7: z.string().optional(),
+  // Number tag fields
+  number1: z.string().optional(),
+  number2: z.string().optional(),
+  number3: z.string().optional(),
+  number4: z.string().optional(),
+  number5: z.string().optional(),
+  // Date tag fields
+  date1: z.string().optional(),
+  date2: z.string().optional(),
+  // Boolean tag fields
+  boolean1: z.string().optional(),
+  boolean2: z.string().optional(),
+  boolean3: z.string().optional(),
 })
 
 export async function GET(

apps/sim/app/api/knowledge/[id]/documents/route.test.ts

@@ -80,6 +80,16 @@ describe('Knowledge Base Documents API Route', () => {
     tag5: null,
     tag6: null,
     tag7: null,
+    number1: null,
+    number2: null,
+    number3: null,
+    number4: null,
+    number5: null,
+    date1: null,
+    date2: null,
+    boolean1: null,
+    boolean2: null,
+    boolean3: null,
     deletedAt: null,
   }