fix(kb): auth check for create doc tool (#687)

2026-01-10 15:38:00 -05:00 · 2025-07-14 18:40:33 -07:00
parent 1420f4857b
commit a030329fd5
2 changed files with 28 additions and 9 deletions
--- a/apps/sim/app/api/knowledge/[id]/documents/route.ts
+++ b/apps/sim/app/api/knowledge/[id]/documents/route.ts
@@ -4,6 +4,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console-logger'
+import { getUserId } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { document } from '@/db/schema'
 import { checkKnowledgeBaseAccess, processDocumentAsync } from '../../utils'
@@ -269,13 +270,29 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
  const { id: knowledgeBaseId } = await params

  try {
-    const session = await getSession()
-    if (!session?.user?.id) {
-      logger.warn(`[${requestId}] Unauthorized document creation attempt`)
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    const body = await req.json()
+    const { workflowId } = body
+
+    logger.info(`[${requestId}] Knowledge base document creation request`, {
+      knowledgeBaseId,
+      workflowId,
+      hasWorkflowId: !!workflowId,
+      bodyKeys: Object.keys(body),
+    })
+
+    const userId = await getUserId(requestId, workflowId)
+
+    if (!userId) {
+      const errorMessage = workflowId ? 'Workflow not found' : 'Unauthorized'
+      const statusCode = workflowId ? 404 : 401
+      logger.warn(`[${requestId}] Authentication failed: ${errorMessage}`, {
+        workflowId,
+        hasWorkflowId: !!workflowId,
+      })
+      return NextResponse.json({ error: errorMessage }, { status: statusCode })
    }

-    const accessCheck = await checkKnowledgeBaseAccess(knowledgeBaseId, session.user.id)
+    const accessCheck = await checkKnowledgeBaseAccess(knowledgeBaseId, userId)

    if (!accessCheck.hasAccess) {
      if ('notFound' in accessCheck && accessCheck.notFound) {
@@ -283,13 +300,11 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id:
        return NextResponse.json({ error: 'Knowledge base not found' }, { status: 404 })
      }
      logger.warn(
-        `[${requestId}] User ${session.user.id} attempted to create document in unauthorized knowledge base ${knowledgeBaseId}`
+        `[${requestId}] User ${userId} attempted to create document in unauthorized knowledge base ${knowledgeBaseId}`
      )
      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
    }

-    const body = await req.json()
-
    // Check if this is a bulk operation
    if (body.bulk === true) {
      // Handle bulk processing (replaces process-documents endpoint)
--- a/apps/sim/tools/knowledge/create_document.ts
+++ b/apps/sim/tools/knowledge/create_document.ts
@@ -65,6 +65,7 @@ export const knowledgeCreateDocumentTool: ToolConfig<any, KnowledgeCreateDocumen
      'Content-Type': 'application/json',
    }),
    body: (params) => {
+      const workflowId = params._context?.workflowId
      const textContent = params.content?.trim()
      const documentName = params.name?.trim()

@@ -111,7 +112,7 @@ export const knowledgeCreateDocumentTool: ToolConfig<any, KnowledgeCreateDocumen
        },
      ]

-      return {
+      const requestBody = {
        documents: documents,
        processingOptions: {
          chunkSize: 1024,
@@ -121,7 +122,10 @@ export const knowledgeCreateDocumentTool: ToolConfig<any, KnowledgeCreateDocumen
          lang: 'en',
        },
        bulk: true,
+        ...(workflowId && { workflowId }),
      }
+
+      return requestBody
    },
    isInternalRoute: true,
  },