fix(knowledge-wh): fixed authentication error on webhook trigger

aadamgough · web-flow · commit 3d9c9936ec8a · 2025-06-10T16:24:16.000-07:00
diff --git a/apps/sim/app/api/knowledge/[id]/documents/[documentId]/chunks/route.ts b/apps/sim/app/api/knowledge/[id]/documents/[documentId]/chunks/route.ts
@@ -4,6 +4,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console-logger'
+import { getUserId } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { document, embedding } from '@/db/schema'
 import { checkDocumentAccess, generateEmbeddings } from '../../../../utils'
@@ -158,13 +159,19 @@ export async function POST(
   const { id: knowledgeBaseId, documentId } = await params
 
   try {
-    const session = await getSession()
-    if (!session?.user?.id) {
-      logger.warn(`[${requestId}] Unauthorized chunk creation attempt`)
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    const body = await req.json()
+    const { workflowId, ...searchParams } = body
+
+    const userId = await getUserId(requestId, workflowId)
+
+    if (!userId) {
+      const errorMessage = workflowId ? 'Workflow not found' : 'Unauthorized'
+      const statusCode = workflowId ? 404 : 401
+      logger.warn(`[${requestId}] Authentication failed: ${errorMessage}`)
+      return NextResponse.json({ error: errorMessage }, { status: statusCode })
     }
 
-    const accessCheck = await checkDocumentAccess(knowledgeBaseId, documentId, session.user.id)
+    const accessCheck = await checkDocumentAccess(knowledgeBaseId, documentId, userId)
 
     if (!accessCheck.hasAccess) {
       if (accessCheck.notFound) {
@@ -174,7 +181,7 @@ export async function POST(
         return NextResponse.json({ error: accessCheck.reason }, { status: 404 })
       }
       logger.warn(
-        `[${requestId}] User ${session.user.id} attempted unauthorized chunk creation: ${accessCheck.reason}`
+        `[${requestId}] User ${userId} attempted unauthorized chunk creation: ${accessCheck.reason}`
       )
       return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
     }
@@ -194,10 +201,8 @@ export async function POST(
       return NextResponse.json({ error: 'Cannot add chunks to failed document' }, { status: 400 })
     }
 
-    const body = await req.json()
-
     try {
-      const validatedData = CreateChunkSchema.parse(body)
+      const validatedData = CreateChunkSchema.parse(searchParams)
 
       // Generate embedding for the content first (outside transaction for performance)
       logger.info(`[${requestId}] Generating embedding for manual chunk`)
diff --git a/apps/sim/app/api/knowledge/search/route.ts b/apps/sim/app/api/knowledge/search/route.ts
@@ -1,10 +1,10 @@
 import { and, eq, isNull, sql } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
-import { getSession } from '@/lib/auth'
 import { retryWithExponentialBackoff } from '@/lib/documents/utils'
 import { env } from '@/lib/env'
 import { createLogger } from '@/lib/logs/console-logger'
+import { getUserId } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { embedding, knowledgeBase } from '@/db/schema'
 
@@ -87,16 +87,20 @@ export async function POST(request: NextRequest) {
   try {
     logger.info(`[${requestId}] Processing vector search request`)
 
-    const session = await getSession()
-    if (!session?.user?.id) {
-      logger.warn(`[${requestId}] Unauthorized vector search attempt`)
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-    }
-
     const body = await request.json()
+    const { workflowId, ...searchParams } = body
+
+    const userId = await getUserId(requestId, workflowId)
+
+    if (!userId) {
+      const errorMessage = workflowId ? 'Workflow not found' : 'Unauthorized'
+      const statusCode = workflowId ? 404 : 401
+      logger.warn(`[${requestId}] Authentication failed: ${errorMessage}`)
+      return NextResponse.json({ error: errorMessage }, { status: statusCode })
+    }
 
     try {
-      const validatedData = VectorSearchSchema.parse(body)
+      const validatedData = VectorSearchSchema.parse(searchParams)
 
       // Verify the knowledge base exists and user has access
       const kb = await db
@@ -105,7 +109,7 @@ export async function POST(request: NextRequest) {
         .where(
           and(
             eq(knowledgeBase.id, validatedData.knowledgeBaseId),
-            eq(knowledgeBase.userId, session.user.id),
+            eq(knowledgeBase.userId, userId),
             isNull(knowledgeBase.deletedAt)
           )
         )
diff --git a/apps/sim/lib/webhooks/utils.ts b/apps/sim/lib/webhooks/utils.ts
@@ -674,7 +674,7 @@ export async function executeWorkflowFromPayload(
       serializedWorkflow,
       processedBlockStates,
       decryptedEnvVars,
-      input, // Use the provided input (might be single event or batch)
+      input,
       workflowVariables
     )
 
diff --git a/apps/sim/tools/knowledge/search.ts b/apps/sim/tools/knowledge/search.ts
@@ -29,11 +29,18 @@ export const knowledgeSearchTool: ToolConfig<any, KnowledgeSearchResponse> = {
     headers: () => ({
       'Content-Type': 'application/json',
     }),
-    body: (params) => ({
-      knowledgeBaseId: params.knowledgeBaseId,
-      query: params.query,
-      topK: params.topK ? Number.parseInt(params.topK.toString()) : 10,
-    }),
+    body: (params) => {
+      const workflowId = params._context?.workflowId
+
+      const requestBody = {
+        knowledgeBaseId: params.knowledgeBaseId,
+        query: params.query,
+        topK: params.topK ? Number.parseInt(params.topK.toString()) : 10,
+        ...(workflowId && { workflowId }),
+      }
+
+      return requestBody
+    },
     isInternalRoute: true,
   },
   transformResponse: async (response): Promise<KnowledgeSearchResponse> => {
diff --git a/apps/sim/tools/knowledge/upload_chunk.ts b/apps/sim/tools/knowledge/upload_chunk.ts
@@ -30,10 +30,17 @@ export const knowledgeUploadChunkTool: ToolConfig<any, KnowledgeUploadChunkRespo
     headers: () => ({
       'Content-Type': 'application/json',
     }),
-    body: (params) => ({
-      content: params.content,
-      enabled: true,
-    }),
+    body: (params) => {
+      const workflowId = params._context?.workflowId
+
+      const requestBody = {
+        content: params.content,
+        enabled: true,
+        ...(workflowId && { workflowId }),
+      }
+
+      return requestBody
+    },
     isInternalRoute: true,
   },
   transformResponse: async (response): Promise<KnowledgeUploadChunkResponse> => {

Original file line number	Diff line number	Diff line change
`@@ -674,7 +674,7 @@ export async function executeWorkflowFromPayload(`
`674`	`674`	`serializedWorkflow,`
`675`	`675`	`processedBlockStates,`
`676`	`676`	`decryptedEnvVars,`
`677`		`- input, // Use the provided input (might be single event or batch)`
	`677`	`+ input,`
`678`	`678`	`workflowVariables`
`679`	`679`	`)`
`680`	`680`