github/sim
1
1
Fork 0
mirror of https://github.com/simstudioai/sim.git synced 2026-04-28 03:00:29 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
1c58c35bd825430ee4f5f5228070e89fc18bda7d
sim/apps/sim/app/api/tools/gmail/delete/route.ts
Waleed 48adaa00d8 fix(security): restrict API key access on internal-only routes (#2964) 
* fix(security): restrict API key access on internal-only routes

* test(security): update function execute tests for checkInternalAuth

* updated agent handler

* move session check higher in checkSessionOrInternalAuth

* extracted duplicate code into helper for resolving user from jwt
2026-01-24 10:15:52 -08:00

108 lines
3.0 KiB
TypeScript
Raw Blame History

import { createLogger } from '@sim/logger'
import { type NextRequest, NextResponse } from 'next/server'
import { z } from 'zod'
import { checkInternalAuth } from '@/lib/auth/hybrid'
import { generateRequestId } from '@/lib/core/utils/request'
export const dynamic = 'force-dynamic'
const logger = createLogger('GmailDeleteAPI')
const GMAIL_API_BASE = 'https://gmail.googleapis.com/gmail/v1/users/me'
const GmailDeleteSchema = z.object({
accessToken: z.string().min(1, 'Access token is required'),
messageId: z.string().min(1, 'Message ID is required'),
})
export async function POST(request: NextRequest) {
const requestId = generateRequestId()
try {
const authResult = await checkInternalAuth(request, { requireWorkflowId: false })
if (!authResult.success) {
logger.warn(`[${requestId}] Unauthorized Gmail delete attempt: ${authResult.error}`)
return NextResponse.json(
{
success: false,
error: authResult.error || 'Authentication required',
},
{ status: 401 }
)
}
logger.info(`[${requestId}] Authenticated Gmail delete request via ${authResult.authType}`, {
userId: authResult.userId,
})
const body = await request.json()
const validatedData = GmailDeleteSchema.parse(body)
logger.info(`[${requestId}] Deleting Gmail email`, {
messageId: validatedData.messageId,
})
const gmailResponse = await fetch(
`${GMAIL_API_BASE}/messages/${validatedData.messageId}/trash`,
{
method: 'POST',
headers: {
Authorization: `Bearer ${validatedData.accessToken}`,
'Content-Type': 'application/json',
},
}
)
if (!gmailResponse.ok) {
const errorText = await gmailResponse.text()
logger.error(`[${requestId}] Gmail API error:`, errorText)
return NextResponse.json(
{
success: false,
error: `Gmail API error: ${gmailResponse.statusText}`,
},
{ status: gmailResponse.status }
)
}
const data = await gmailResponse.json()
logger.info(`[${requestId}] Email deleted successfully`, { messageId: data.id })
return NextResponse.json({
success: true,
output: {
content: 'Email moved to trash successfully',
metadata: {
id: data.id,
threadId: data.threadId,
labelIds: data.labelIds,
},
},
})
} catch (error) {
if (error instanceof z.ZodError) {
logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
return NextResponse.json(
{
success: false,
error: 'Invalid request data',
details: error.errors,
},
{ status: 400 }
)
}
logger.error(`[${requestId}] Error deleting Gmail email:`, error)
return NextResponse.json(
{
success: false,
error: error instanceof Error ? error.message : 'Internal server error',
},
{ status: 500 }
)
}
}
Reference in New Issue View Git Blame Copy Permalink