improvement(local-storage): remove use of local storage except for oauth and last active workspace id (#497)

* remove local storage usage

* remove migration for last active workspace id

* Update apps/sim/app/w/[id]/components/workflow-block/components/sub-block/components/file-selector/components/jira-issue-selector.tsx

Add fallback for required scopes

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>

* add url builder util

* fi

* fix lint

* lint

* modify pre commit hook

* fix oauth

* get last active workspace working again

* new workspace logic works

* fetch locks

* works now

* remove empty useEffect

* fix loading issue

* skip empty workflow syncs

* use isWorkspace in transition flag

* add logging

* add data initialized flag

* fix lint

* fix: build error by create a server-side utils

* remove migration snapshots

* reverse search for workspace based on workflow id

* fix lint

* improvement: loading check and animation

* remove unused utils

* remove console  logs

---------

Co-authored-by: Vikhyath Mondreti <vikhyathmondreti@Vikhyaths-Air.attlocal.net>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Emir Karabeg <emirkarabeg@berkeley.edu>
Co-authored-by: Vikhyath Mondreti <vikhyathmondreti@vikhyaths-air.lan>

Author: 5 people

.husky/pre-commit

@@ -1 +1 @@
-bunx lint-staged
+bun lint

apps/sim/app/api/chat/utils.ts

@@ -11,7 +11,7 @@ import { chat, environment as envTable, userStats, workflow } from '@/db/schema'
 import { Executor } from '@/executor'
 import type { BlockLog } from '@/executor/types'
 import { Serializer } from '@/serializer'
-import { mergeSubblockState } from '@/stores/workflows/utils'
+import { mergeSubblockState } from '@/stores/workflows/server-utils'
 import type { WorkflowState } from '@/stores/workflows/workflow/types'
 
 declare global {

apps/sim/app/api/schedules/execute/route.ts

@@ -19,7 +19,7 @@ import { db } from '@/db'
 import { environment, userStats, workflow, workflowSchedule } from '@/db/schema'
 import { Executor } from '@/executor'
 import { Serializer } from '@/serializer'
-import { mergeSubblockState } from '@/stores/workflows/utils'
+import { mergeSubblockState } from '@/stores/workflows/server-utils'
 import type { WorkflowState } from '@/stores/workflows/workflow/types'
 
 // Add dynamic export to prevent caching

apps/sim/app/api/workflows/[id]/execute/route.ts

@@ -12,7 +12,7 @@ import { db } from '@/db'
 import { environment, userStats } from '@/db/schema'
 import { Executor } from '@/executor'
 import { Serializer } from '@/serializer'
-import { mergeSubblockState } from '@/stores/workflows/utils'
+import { mergeSubblockState } from '@/stores/workflows/server-utils'
 import type { WorkflowState } from '@/stores/workflows/workflow/types'
 import { validateWorkflowAccess } from '../../middleware'
 import { createErrorResponse, createSuccessResponse } from '../../utils'

apps/sim/app/api/workflows/[id]/route.ts

@@ -1,31 +1,32 @@
 import { and, eq } from 'drizzle-orm'
-import { NextResponse } from 'next/server'
+import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { createLogger } from '@/lib/logs/console-logger'
 import { db } from '@/db'
 import { workflow, workspaceMember } from '@/db/schema'
 
-const logger = createLogger('WorkflowDetailAPI')
+const logger = createLogger('WorkflowByIdAPI')
 
-export async function GET(request: Request, { params }: { params: Promise<{ id: string }> }) {
+/**
+ * GET /api/workflows/[id]
+ * Fetch a single workflow by ID
+ */
+export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
   const requestId = crypto.randomUUID().slice(0, 8)
   const startTime = Date.now()
+  const { id: workflowId } = await params
 
   try {
     // Get the session
     const session = await getSession()
     if (!session?.user?.id) {
-      logger.warn(`[${requestId}] Unauthorized workflow access attempt`)
+      logger.warn(`[${requestId}] Unauthorized access attempt for workflow ${workflowId}`)
       return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
     }
 
-    const { id: workflowId } = await params
+    const userId = session.user.id
 
-    if (!workflowId) {
-      return NextResponse.json({ error: 'Workflow ID is required' }, { status: 400 })
-    }
-
-    // Fetch the workflow from database
+    // Fetch the workflow
     const workflowData = await db
       .select()
       .from(workflow)
@@ -38,42 +39,124 @@ export async function GET(request: Request, { params }: { params: Promise<{ id:
     }
 
     // Check if user has access to this workflow
-    // User can access if they own it OR if it's in a workspace they're part of
-    const canAccess = workflowData.userId === session.user.id
+    let hasAccess = false
+
+    // Case 1: User owns the workflow
+    if (workflowData.userId === userId) {
+      hasAccess = true
+    }
 
-    if (!canAccess && workflowData.workspaceId) {
-      // Check workspace membership
+    // Case 2: Workflow belongs to a workspace the user is a member of
+    if (!hasAccess && workflowData.workspaceId) {
       const membership = await db
-        .select()
+        .select({ id: workspaceMember.id })
         .from(workspaceMember)
         .where(
           and(
             eq(workspaceMember.workspaceId, workflowData.workspaceId),
-            eq(workspaceMember.userId, session.user.id)
+            eq(workspaceMember.userId, userId)
           )
         )
         .then((rows) => rows[0])
 
       if (membership) {
-        // User is a member of the workspace, allow access
-        const elapsed = Date.now() - startTime
-        logger.info(`[${requestId}] Workflow ${workflowId} fetched in ${elapsed}ms`)
-        return NextResponse.json({ data: workflowData }, { status: 200 })
+        hasAccess = true
+      }
+    }
+
+    if (!hasAccess) {
+      logger.warn(`[${requestId}] User ${userId} denied access to workflow ${workflowId}`)
+      return NextResponse.json({ error: 'Access denied' }, { status: 403 })
+    }
+
+    const elapsed = Date.now() - startTime
+    logger.info(`[${requestId}] Successfully fetched workflow ${workflowId} in ${elapsed}ms`)
+
+    return NextResponse.json({ data: workflowData }, { status: 200 })
+  } catch (error: any) {
+    const elapsed = Date.now() - startTime
+    logger.error(`[${requestId}] Error fetching workflow ${workflowId} after ${elapsed}ms`, error)
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}
+
+/**
+ * DELETE /api/workflows/[id]
+ * Delete a workflow by ID
+ */
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  const requestId = crypto.randomUUID().slice(0, 8)
+  const startTime = Date.now()
+  const { id: workflowId } = await params
+
+  try {
+    // Get the session
+    const session = await getSession()
+    if (!session?.user?.id) {
+      logger.warn(`[${requestId}] Unauthorized deletion attempt for workflow ${workflowId}`)
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const userId = session.user.id
+
+    // Fetch the workflow to check ownership/access
+    const workflowData = await db
+      .select()
+      .from(workflow)
+      .where(eq(workflow.id, workflowId))
+      .then((rows) => rows[0])
+
+    if (!workflowData) {
+      logger.warn(`[${requestId}] Workflow ${workflowId} not found for deletion`)
+      return NextResponse.json({ error: 'Workflow not found' }, { status: 404 })
+    }
+
+    // Check if user has permission to delete this workflow
+    let canDelete = false
+
+    // Case 1: User owns the workflow
+    if (workflowData.userId === userId) {
+      canDelete = true
+    }
+
+    // Case 2: Workflow belongs to a workspace and user has admin/owner role
+    if (!canDelete && workflowData.workspaceId) {
+      const membership = await db
+        .select({ role: workspaceMember.role })
+        .from(workspaceMember)
+        .where(
+          and(
+            eq(workspaceMember.workspaceId, workflowData.workspaceId),
+            eq(workspaceMember.userId, userId)
+          )
+        )
+        .then((rows) => rows[0])
+
+      if (membership && (membership.role === 'owner' || membership.role === 'admin')) {
+        canDelete = true
       }
-    } else if (canAccess) {
-      // User owns the workflow, allow access
-      const elapsed = Date.now() - startTime
-      logger.info(`[${requestId}] Workflow ${workflowId} fetched in ${elapsed}ms`)
-      return NextResponse.json({ data: workflowData }, { status: 200 })
     }
 
-    logger.warn(
-      `[${requestId}] User ${session.user.id} attempted to access workflow ${workflowId} without permission`
-    )
-    return NextResponse.json({ error: 'Access denied' }, { status: 403 })
+    if (!canDelete) {
+      logger.warn(
+        `[${requestId}] User ${userId} denied permission to delete workflow ${workflowId}`
+      )
+      return NextResponse.json({ error: 'Access denied' }, { status: 403 })
+    }
+
+    // Delete the workflow
+    await db.delete(workflow).where(eq(workflow.id, workflowId))
+
+    const elapsed = Date.now() - startTime
+    logger.info(`[${requestId}] Successfully deleted workflow ${workflowId} in ${elapsed}ms`)
+
+    return NextResponse.json({ success: true }, { status: 200 })
   } catch (error: any) {
     const elapsed = Date.now() - startTime
-    logger.error(`[${requestId}] Error fetching workflow after ${elapsed}ms:`, error)
-    return NextResponse.json({ error: 'Failed to fetch workflow' }, { status: 500 })
+    logger.error(`[${requestId}] Error deleting workflow ${workflowId} after ${elapsed}ms`, error)
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
   }
 }

apps/sim/app/api/workflows/sync/route.ts

@@ -377,17 +377,17 @@ export async function POST(req: NextRequest) {
         processedIds.add(id)
         const dbWorkflow = dbWorkflowMap.get(id)
 
-        // Handle legacy published workflows migration
+        // Handle legacy published workflows migration (only if state is provided)
         // If client workflow has isPublished but no marketplaceData, create marketplaceData with owner status
-        if (clientWorkflow.state.isPublished && !clientWorkflow.marketplaceData) {
+        if (clientWorkflow.state?.isPublished && !clientWorkflow.marketplaceData) {
           clientWorkflow.marketplaceData = { id: clientWorkflow.id, status: 'owner' }
         }
 
         // Ensure the workflow has the correct workspaceId
         const effectiveWorkspaceId = clientWorkflow.workspaceId || workspaceId
 
         if (!dbWorkflow) {
-          // New workflow - create
+          // New workflow - create (state is required by schema)
           operations.push(
             db.insert(workflow).values({
               id: clientWorkflow.id,
@@ -417,61 +417,57 @@ export async function POST(req: NextRequest) {
             continue // Skip this workflow update and move to the next one
           }
 
-          // Existing workflow - update if needed
-          const needsUpdate =
-            JSON.stringify(dbWorkflow.state) !== JSON.stringify(clientWorkflow.state) ||
-            dbWorkflow.name !== clientWorkflow.name ||
-            dbWorkflow.description !== clientWorkflow.description ||
-            dbWorkflow.color !== clientWorkflow.color ||
-            dbWorkflow.workspaceId !== effectiveWorkspaceId ||
-            dbWorkflow.folderId !== (clientWorkflow.folderId || null) ||
+          // For existing workflows, determine what needs updating
+          let needsUpdate = false
+          const updateData: any = {}
+
+          // Check metadata changes
+          if (dbWorkflow.name !== clientWorkflow.name) {
+            updateData.name = clientWorkflow.name
+            needsUpdate = true
+          }
+          if (dbWorkflow.description !== clientWorkflow.description) {
+            updateData.description = clientWorkflow.description
+            needsUpdate = true
+          }
+          if (dbWorkflow.color !== clientWorkflow.color) {
+            updateData.color = clientWorkflow.color
+            needsUpdate = true
+          }
+          if (dbWorkflow.workspaceId !== effectiveWorkspaceId) {
+            updateData.workspaceId = effectiveWorkspaceId
+            needsUpdate = true
+          }
+          if (dbWorkflow.folderId !== (clientWorkflow.folderId || null)) {
+            updateData.folderId = clientWorkflow.folderId || null
+            needsUpdate = true
+          }
+          if (
             JSON.stringify(dbWorkflow.marketplaceData) !==
-              JSON.stringify(clientWorkflow.marketplaceData)
+            JSON.stringify(clientWorkflow.marketplaceData)
+          ) {
+            updateData.marketplaceData = clientWorkflow.marketplaceData || null
+            needsUpdate = true
+          }
 
-          if (needsUpdate) {
-            operations.push(
-              db
-                .update(workflow)
-                .set({
-                  name: clientWorkflow.name,
-                  description: clientWorkflow.description,
-                  color: clientWorkflow.color,
-                  workspaceId: effectiveWorkspaceId,
-                  folderId: clientWorkflow.folderId || null,
-                  state: clientWorkflow.state,
-                  marketplaceData: clientWorkflow.marketplaceData || null,
-                  lastSynced: now,
-                  updatedAt: now,
-                })
-                .where(eq(workflow.id, id))
-            )
+          // Always update state since we only sync the active workflow with valid state
+          if (JSON.stringify(dbWorkflow.state) !== JSON.stringify(clientWorkflow.state)) {
+            updateData.state = clientWorkflow.state
+            needsUpdate = true
           }
-        }
-      }
 
-      // Handle deletions - workflows in DB but not in client
-      // Only delete workflows for the current workspace and only those the user can modify
-      for (const dbWorkflow of dbWorkflows) {
-        if (
-          !processedIds.has(dbWorkflow.id) &&
-          (!workspaceId || dbWorkflow.workspaceId === workspaceId)
-        ) {
-          // Check if the user has permission to delete this workflow
-          // Users can delete their own workflows, or any workflow if they're a workspace owner/admin
-          const canDelete =
-            dbWorkflow.userId === session.user.id ||
-            (workspaceId && (userRole === 'owner' || userRole === 'admin' || userRole === 'member'))
+          if (needsUpdate) {
+            updateData.lastSynced = now
+            updateData.updatedAt = now
 
-          if (canDelete) {
-            operations.push(db.delete(workflow).where(eq(workflow.id, dbWorkflow.id)))
-          } else {
-            logger.warn(
-              `[${requestId}] User ${session.user.id} attempted to delete workflow ${dbWorkflow.id} without permission`
-            )
+            operations.push(db.update(workflow).set(updateData).where(eq(workflow.id, id)))
           }
         }
       }
 
+      // NOTE: We don't delete workflows here since we're only syncing the active workflow
+      // Other workflows remain untouched in the database
+
       // Execute all operations in parallel
       await Promise.all(operations)
 

apps/sim/app/w/[id]/components/control-bar/control-bar.tsx

@@ -409,21 +409,25 @@ export function ControlBar() {
   /**
    * Workflow deletion handler
    */
-  const handleDeleteWorkflow = () => {
+  const handleDeleteWorkflow = async () => {
     if (!activeWorkflowId) return
 
-    // Get remaining workflow IDs
+    // Navigate to another workflow first
     const remainingIds = Object.keys(workflows).filter((id) => id !== activeWorkflowId)
 
-    // Navigate before removing the workflow to avoid any state inconsistencies
     if (remainingIds.length > 0) {
       router.push(`/w/${remainingIds[0]}`)
     } else {
       router.push('/')
     }
 
-    // Remove the workflow from the registry
-    removeWorkflow(activeWorkflowId)
+    // Remove the workflow from the registry (now async)
+    try {
+      await removeWorkflow(activeWorkflowId)
+    } catch (error) {
+      // Handle error gracefully - could show user notification instead
+      logger.error('Failed to delete workflow:', error)
+    }
   }
 
   // /**