github/sim
1
1
Fork 0
mirror of https://github.com/simstudioai/sim.git synced 2026-04-06 03:00:16 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix permissive auth

Browse Source
This commit is contained in:
Vikhyath Mondreti
2026-02-11 00:59:25 -08:00
parent ca70280ba1
commit 8bf3370481
5 changed files with 17 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/sim/app/api/table/[tableId]/route.ts
View File

@@ -1,7 +1,7 @@
import { createLogger } from '@sim/logger'
import { type NextRequest, NextResponse } from 'next/server'
import { z } from 'zod'
import { checkHybridAuth } from '@/lib/auth/hybrid'
import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
import { generateRequestId } from '@/lib/core/utils/request'
import { deleteTable, type TableSchema } from '@/lib/table'
import { accessError, checkAccess, normalizeColumn, verifyTableWorkspace } from '../utils'
@@ -22,7 +22,7 @@ export async function GET(request: NextRequest, { params }: TableRouteParams) {
const { tableId } = await params
try {
const authResult = await checkHybridAuth(request)
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success || !authResult.userId) {
logger.warn(`[${requestId}] Unauthorized table access attempt`)
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
@@ -92,7 +92,7 @@ export async function DELETE(request: NextRequest, { params }: TableRouteParams)
const { tableId } = await params
try {
const authResult = await checkHybridAuth(request)
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success || !authResult.userId) {
logger.warn(`[${requestId}] Unauthorized table delete attempt`)
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })

8
apps/sim/app/api/table/[tableId]/rows/[rowId]/route.ts
View File

@@ -4,7 +4,7 @@ import { createLogger } from '@sim/logger'
import { and, eq } from 'drizzle-orm'
import { type NextRequest, NextResponse } from 'next/server'
import { z } from 'zod'
import { checkHybridAuth } from '@/lib/auth/hybrid'
import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
import { generateRequestId } from '@/lib/core/utils/request'
import type { RowData, TableSchema } from '@/lib/table'
import { validateRowData } from '@/lib/table'
@@ -35,7 +35,7 @@ export async function GET(request: NextRequest, { params }: RowRouteParams) {
const { tableId, rowId } = await params
try {
const authResult = await checkHybridAuth(request)
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success || !authResult.userId) {
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
}
@@ -111,7 +111,7 @@ export async function PATCH(request: NextRequest, { params }: RowRouteParams) {
const { tableId, rowId } = await params
try {
const authResult = await checkHybridAuth(request)
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success || !authResult.userId) {
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
}
@@ -217,7 +217,7 @@ export async function DELETE(request: NextRequest, { params }: RowRouteParams) {
const { tableId, rowId } = await params
try {
const authResult = await checkHybridAuth(request)
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success || !authResult.userId) {
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
}

10
apps/sim/app/api/table/[tableId]/rows/route.ts
View File

@@ -4,7 +4,7 @@ import { createLogger } from '@sim/logger'
import { and, eq, sql } from 'drizzle-orm'
import { type NextRequest, NextResponse } from 'next/server'
import { z } from 'zod'
import { checkHybridAuth } from '@/lib/auth/hybrid'
import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
import { generateRequestId } from '@/lib/core/utils/request'
import type { Filter, RowData, Sort, TableSchema } from '@/lib/table'
import {
@@ -156,7 +156,7 @@ export async function POST(request: NextRequest, { params }: TableRowsRouteParam
const { tableId } = await params
try {
const authResult = await checkHybridAuth(request)
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success || !authResult.userId) {
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
}
@@ -257,7 +257,7 @@ export async function GET(request: NextRequest, { params }: TableRowsRouteParams
const { tableId } = await params
try {
const authResult = await checkHybridAuth(request)
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success || !authResult.userId) {
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
}
@@ -382,7 +382,7 @@ export async function PUT(request: NextRequest, { params }: TableRowsRouteParams
const { tableId } = await params
try {
const authResult = await checkHybridAuth(request)
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success || !authResult.userId) {
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
}
@@ -571,7 +571,7 @@ export async function DELETE(request: NextRequest, { params }: TableRowsRoutePar
const { tableId } = await params
try {
const authResult = await checkHybridAuth(request)
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success || !authResult.userId) {
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
}

4
apps/sim/app/api/table/[tableId]/rows/upsert/route.ts
View File

@@ -4,7 +4,7 @@ import { createLogger } from '@sim/logger'
import { and, eq, or, sql } from 'drizzle-orm'
import { type NextRequest, NextResponse } from 'next/server'
import { z } from 'zod'
import { checkHybridAuth } from '@/lib/auth/hybrid'
import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
import { generateRequestId } from '@/lib/core/utils/request'
import type { RowData, TableSchema } from '@/lib/table'
import { getUniqueColumns, validateRowData } from '@/lib/table'
@@ -27,7 +27,7 @@ export async function POST(request: NextRequest, { params }: UpsertRouteParams)
const { tableId } = await params
try {
const authResult = await checkHybridAuth(request)
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success || !authResult.userId) {
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
}

6
apps/sim/app/api/table/route.ts
View File

@@ -1,7 +1,7 @@
import { createLogger } from '@sim/logger'
import { type NextRequest, NextResponse } from 'next/server'
import { z } from 'zod'
import { checkHybridAuth } from '@/lib/auth/hybrid'
import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
import { generateRequestId } from '@/lib/core/utils/request'
import {
canCreateTable,
@@ -96,7 +96,7 @@ export async function POST(request: NextRequest) {
const requestId = generateRequestId()
try {
const authResult = await checkHybridAuth(request)
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success || !authResult.userId) {
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
}
@@ -197,7 +197,7 @@ export async function GET(request: NextRequest) {
const requestId = generateRequestId()
try {
const authResult = await checkHybridAuth(request)
const authResult = await checkSessionOrInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success || !authResult.userId) {
return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
}