fix(security): collapse 403 to 404 on v1 detail-by-ID routes

Author: waleedlatif1

apps/sim/app/api/v1/logs/[id]/route.ts

@@ -73,7 +73,9 @@ export const GET = withRouteHandler(
       }
 
       const accessError = await validateWorkspaceAccess(rateLimit, userId, log.workspaceId)
-      if (accessError) return accessError
+      if (accessError) {
+        return NextResponse.json({ error: 'Log not found' }, { status: 404 })
+      }
 
       const workflowSummary = {
         id: log.workflowId,

apps/sim/app/api/v1/logs/executions/[executionId]/route.ts

@@ -47,7 +47,9 @@ export const GET = withRouteHandler(
       const workflowLog = rows[0]
 
       const accessError = await validateWorkspaceAccess(rateLimit, userId, workflowLog.workspaceId)
-      if (accessError) return accessError
+      if (accessError) {
+        return NextResponse.json({ error: 'Workflow execution not found' }, { status: 404 })
+      }
 
       const [snapshot] = await db
         .select()

apps/sim/app/api/v1/workflows/[id]/route.ts

@@ -51,7 +51,9 @@ export const GET = withRouteHandler(
         userId,
         workflowData.workspaceId!
       )
-      if (accessError) return accessError
+      if (accessError) {
+        return NextResponse.json({ error: 'Workflow not found' }, { status: 404 })
+      }
 
       const blockRows = await db
         .select({