feat(api): Use hybrid auth for workflows list route

Lutherwaves · Lutherwaves · commit 9e8b0b37d59c · 2025-09-24T22:20:33.000+03:00
diff --git a/apps/sim/app/api/workflows/route.ts b/apps/sim/app/api/workflows/route.ts
@@ -1,9 +1,9 @@
 import { db } from '@sim/db'
-import { workflow, workspace } from '@sim/db/schema'
+import { session, workflow, workspace } from '@sim/db/schema'
 import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
-import { getSession } from '@/lib/auth'
+import { checkHybridAuth } from '@/lib/auth/hybrid'
 import { createLogger } from '@/lib/logs/console/logger'
 import { generateRequestId } from '@/lib/utils'
 import { verifyWorkspaceMembership } from './utils'
@@ -19,20 +19,20 @@ const CreateWorkflowSchema = z.object({
 })
 
 // GET /api/workflows - Get workflows for user (optionally filtered by workspaceId)
-export async function GET(request: Request) {
+export async function GET(request: NextRequest) {
   const requestId = generateRequestId()
   const startTime = Date.now()
   const url = new URL(request.url)
   const workspaceId = url.searchParams.get('workspaceId')
 
   try {
-    const session = await getSession()
-    if (!session?.user?.id) {
+    const authResult = await checkHybridAuth(request)
+    if (!authResult.success || !authResult.userId) {
       logger.warn(`[${requestId}] Unauthorized workflow access attempt`)
       return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
     }
 
-    const userId = session.user.id
+    const userId = authResult.userId
 
     if (workspaceId) {
       const workspaceExists = await db
@@ -83,9 +83,9 @@ export async function GET(request: Request) {
 // POST /api/workflows - Create a new workflow
 export async function POST(req: NextRequest) {
   const requestId = generateRequestId()
-  const session = await getSession()
+  const authResult = await checkHybridAuth(req)
 
-  if (!session?.user?.id) {
+  if (!authResult.success || !authResult.userId) {
     logger.warn(`[${requestId}] Unauthorized workflow creation attempt`)
     return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
   }
@@ -97,11 +97,11 @@ export async function POST(req: NextRequest) {
     const workflowId = crypto.randomUUID()
     const now = new Date()
 
-    logger.info(`[${requestId}] Creating workflow ${workflowId} for user ${session.user.id}`)
+    logger.info(`[${requestId}] Creating workflow ${workflowId} for user ${authResult.userId}`)
 
     await db.insert(workflow).values({
       id: workflowId,
-      userId: session.user.id,
+      userId: authResult.userId,
       workspaceId: workspaceId || null,
       folderId: folderId || null,
       name,
