@@ -4,93 +4,29 @@ import { NextResponse } from 'next/server'
44import { getSession } from '@/lib/auth'
55import { createLogger } from '@/lib/logs/console-logger'
66import { db } from '@/db'
7- import { workflow , workspace , workspaceMember } from '@/db/schema'
7+ import { workflow , workspace } from '@/db/schema'
8+ import { getUserEntityPermissions } from '@/lib/permissions/utils'
89
910const logger = createLogger ( 'WorkflowAPI' )
1011
11- // Cache for workspace membership to reduce DB queries
12- const workspaceMembershipCache = new Map < string , { role : string ; expires : number } > ( )
13- const CACHE_TTL = 60000 // 1 minute cache expiration
14- const MAX_CACHE_SIZE = 1000 // Maximum number of entries to prevent unbounded growth
15-
16- /**
17- * Cleans up expired entries from the workspace membership cache
18- */
19- function cleanupExpiredCacheEntries ( ) : void {
20- const now = Date . now ( )
21- let expiredCount = 0
22-
23- // Remove expired entries
24- for ( const [ key , value ] of workspaceMembershipCache . entries ( ) ) {
25- if ( value . expires <= now ) {
26- workspaceMembershipCache . delete ( key )
27- expiredCount ++
28- }
29- }
30-
31- // If we're still over the limit after removing expired entries,
32- // remove the oldest entries (those that will expire soonest)
33- if ( workspaceMembershipCache . size > MAX_CACHE_SIZE ) {
34- const entries = Array . from ( workspaceMembershipCache . entries ( ) ) . sort (
35- ( a , b ) => a [ 1 ] . expires - b [ 1 ] . expires
36- )
37-
38- const toRemove = entries . slice ( 0 , workspaceMembershipCache . size - MAX_CACHE_SIZE )
39- toRemove . forEach ( ( [ key ] ) => workspaceMembershipCache . delete ( key ) )
40-
41- logger . debug (
42- `Cache cleanup: removed ${ expiredCount } expired entries and ${ toRemove . length } additional entries due to size limit`
43- )
44- } else if ( expiredCount > 0 ) {
45- logger . debug ( `Cache cleanup: removed ${ expiredCount } expired entries` )
46- }
47- }
48-
4912/**
50- * Efficiently verifies user's membership and role in a workspace with caching
13+ * Verifies user's workspace permissions using the permissions table
5114 * @param userId User ID to check
5215 * @param workspaceId Workspace ID to check
53- * @returns Role if user is a member , null otherwise
16+ * @returns Permission type if user has access , null otherwise
5417 */
5518async function verifyWorkspaceMembership (
5619 userId : string ,
5720 workspaceId : string
5821) : Promise < string | null > {
59- // Opportunistic cleanup of expired cache entries
60- if ( workspaceMembershipCache . size > MAX_CACHE_SIZE / 2 ) {
61- cleanupExpiredCacheEntries ( )
62- }
63-
64- // Create cache key from userId and workspaceId
65- const cacheKey = `${ userId } :${ workspaceId } `
66-
67- // Check cache first
68- const cached = workspaceMembershipCache . get ( cacheKey )
69- if ( cached && cached . expires > Date . now ( ) ) {
70- return cached . role
71- }
72-
73- // If not in cache or expired, query the database
7422 try {
75- const membership = await db
76- . select ( { role : workspaceMember . role } )
77- . from ( workspaceMember )
78- . where ( and ( eq ( workspaceMember . workspaceId , workspaceId ) , eq ( workspaceMember . userId , userId ) ) )
79- . then ( ( rows ) => rows [ 0 ] )
80-
81- if ( ! membership ) {
82- return null
83- }
23+ const permission = await getUserEntityPermissions ( userId , 'workspace' , workspaceId )
24+
8425
85- // Cache the result
86- workspaceMembershipCache . set ( cacheKey , {
87- role : membership . role ,
88- expires : Date . now ( ) + CACHE_TTL ,
89- } )
9026
91- return membership . role
27+ return permission
9228 } catch ( error ) {
93- logger . error ( `Error verifying workspace membership for ${ userId } in ${ workspaceId } :` , error )
29+ logger . error ( `Error verifying workspace permissions for ${ userId } in ${ workspaceId } :` , error )
9430 return null
9531 }
9632}
0 commit comments