fix(audit-log): credential-set org IDs, workspace deletion FK, actorId fallback, string literal action

2026-02-19 02:34:37 -05:00 · 2026-02-17 23:52:16 -08:00
parent 7e394ad616
commit 4eb4fe76b6
7 changed files with 13 additions and 10 deletions
--- a/apps/sim/app/api/credential-sets/[id]/invite/route.ts
+++ b/apps/sim/app/api/credential-sets/[id]/invite/route.ts
@@ -177,7 +177,7 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
    })

    recordAudit({
-      workspaceId: result.set.organizationId,
+      workspaceId: null,
      actorId: session.user.id,
      action: AuditAction.CREDENTIAL_SET_INVITATION_CREATED,
      resourceType: AuditResourceType.CREDENTIAL_SET,
@@ -250,7 +250,7 @@ export async function DELETE(req: NextRequest, { params }: { params: Promise<{ i
      )

    recordAudit({
-      workspaceId: result.set.organizationId,
+      workspaceId: null,
      actorId: session.user.id,
      action: AuditAction.CREDENTIAL_SET_INVITATION_REVOKED,
      resourceType: AuditResourceType.CREDENTIAL_SET,
--- a/apps/sim/app/api/credential-sets/[id]/members/route.ts
+++ b/apps/sim/app/api/credential-sets/[id]/members/route.ts
@@ -179,7 +179,7 @@ export async function DELETE(req: NextRequest, { params }: { params: Promise<{ i
    })

    recordAudit({
-      workspaceId: result.set.organizationId,
+      workspaceId: null,
      actorId: session.user.id,
      action: AuditAction.CREDENTIAL_SET_MEMBER_REMOVED,
      resourceType: AuditResourceType.CREDENTIAL_SET,
--- a/apps/sim/app/api/credential-sets/[id]/route.ts
+++ b/apps/sim/app/api/credential-sets/[id]/route.ts
@@ -133,7 +133,7 @@ export async function PUT(req: NextRequest, { params }: { params: Promise<{ id:
    const [updated] = await db.select().from(credentialSet).where(eq(credentialSet.id, id)).limit(1)

    recordAudit({
-      workspaceId: result.set.organizationId,
+      workspaceId: null,
      actorId: session.user.id,
      action: AuditAction.CREDENTIAL_SET_UPDATED,
      resourceType: AuditResourceType.CREDENTIAL_SET,
@@ -190,7 +190,7 @@ export async function DELETE(req: NextRequest, { params }: { params: Promise<{ i
    logger.info('Deleted credential set', { credentialSetId: id, userId: session.user.id })

    recordAudit({
-      workspaceId: result.set.organizationId,
+      workspaceId: null,
      actorId: session.user.id,
      action: AuditAction.CREDENTIAL_SET_DELETED,
      resourceType: AuditResourceType.CREDENTIAL_SET,
--- a/apps/sim/app/api/credential-sets/route.ts
+++ b/apps/sim/app/api/credential-sets/route.ts
@@ -167,7 +167,7 @@ export async function POST(req: Request) {
    })

    recordAudit({
-      workspaceId: organizationId,
+      workspaceId: null,
      actorId: session.user.id,
      action: AuditAction.CREDENTIAL_SET_CREATED,
      resourceType: AuditResourceType.CREDENTIAL_SET,
--- a/apps/sim/app/api/organizations/[id]/invitations/[invitationId]/route.ts
+++ b/apps/sim/app/api/organizations/[id]/invitations/[invitationId]/route.ts
@@ -18,7 +18,7 @@ import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getEmailSubject, renderInvitationEmail } from '@/components/emails'
-import { AuditResourceType, recordAudit } from '@/lib/audit/log'
+import { AuditAction, AuditResourceType, recordAudit } from '@/lib/audit/log'
 import { getSession } from '@/lib/auth'
 import { hasAccessControlAccess } from '@/lib/billing'
 import { syncUsageLimitsFromSubscription } from '@/lib/billing/core/usage'
@@ -556,7 +556,10 @@ export async function PUT(
    recordAudit({
      workspaceId: null,
      actorId: session.user.id,
-      action: status === 'accepted' ? 'org_invitation.accepted' : 'org_invitation.updated',
+      action:
+        status === 'accepted'
+          ? AuditAction.ORG_INVITATION_ACCEPTED
+          : AuditAction.ORG_INVITATION_UPDATED,
      resourceType: AuditResourceType.ORGANIZATION,
      resourceId: organizationId,
      actorName: session.user.name ?? undefined,
--- a/apps/sim/app/api/workflows/[id]/deploy/route.ts
+++ b/apps/sim/app/api/workflows/[id]/deploy/route.ts
@@ -341,7 +341,7 @@ export async function DELETE(

    recordAudit({
      workspaceId: workflowData?.workspaceId || null,
-      actorId: session?.user?.id || '',
+      actorId: session!.user.id,
      actorName: session?.user?.name,
      actorEmail: session?.user?.email,
      action: AuditAction.WORKFLOW_UNDEPLOYED,
--- a/apps/sim/app/api/workspaces/[id]/route.ts
+++ b/apps/sim/app/api/workspaces/[id]/route.ts
@@ -283,7 +283,7 @@ export async function DELETE(
    })

    recordAudit({
-      workspaceId,
+      workspaceId: null,
      actorId: session.user.id,
      actorName: session.user.name,
      actorEmail: session.user.email,