( request: NextRequest, workflowId: string, requireDeployment = true )
| 18 | } |
| 19 | |
| 20 | export async function validateWorkflowAccess( |
| 21 | request: NextRequest, |
| 22 | workflowId: string, |
| 23 | requireDeployment = true |
| 24 | ): Promise<ValidationResult> { |
| 25 | try { |
| 26 | const workflow = await getWorkflowById(workflowId) |
| 27 | if (!workflow) { |
| 28 | return { |
| 29 | error: { |
| 30 | message: 'Workflow not found', |
| 31 | status: 404, |
| 32 | }, |
| 33 | } |
| 34 | } |
| 35 | |
| 36 | if (!workflow.workspaceId) { |
| 37 | return { |
| 38 | error: { |
| 39 | message: |
| 40 | 'This workflow is not attached to a workspace. Personal workflows are deprecated and cannot be accessed.', |
| 41 | status: 403, |
| 42 | }, |
| 43 | } |
| 44 | } |
| 45 | |
| 46 | if (!requireDeployment) { |
| 47 | const auth = await checkHybridAuth(request, { requireWorkflowId: false }) |
| 48 | if (!auth.success || !auth.userId) { |
| 49 | return { |
| 50 | error: { |
| 51 | message: auth.error || 'Unauthorized', |
| 52 | status: 401, |
| 53 | }, |
| 54 | } |
| 55 | } |
| 56 | |
| 57 | if (auth.apiKeyType === 'workspace' && auth.workspaceId !== workflow.workspaceId) { |
| 58 | return { |
| 59 | error: { |
| 60 | message: 'API key is not authorized for this workspace', |
| 61 | status: 403, |
| 62 | }, |
| 63 | } |
| 64 | } |
| 65 | |
| 66 | const authorization = await authorizeWorkflowByWorkspacePermission({ |
| 67 | workflowId, |
| 68 | userId: auth.userId, |
| 69 | action: 'read', |
| 70 | }) |
| 71 | if (!authorization.allowed) { |
| 72 | return { |
| 73 | error: { |
| 74 | message: authorization.message || 'Access denied', |
| 75 | status: authorization.status, |
| 76 | }, |
| 77 | } |
no test coverage detected