fix: align workflow audit metadata helpers

test · test · commit f2a4847b1c98 · 2026-03-13T11:51:31.000+03:00
Use the shared audit actor helper consistently so workflow deletion matches deploy behavior and remove the redundant deploy wrapper raised in review.
diff --git a/apps/sim/app/api/workflows/[id]/deploy/route.ts b/apps/sim/app/api/workflows/[id]/deploy/route.ts
@@ -2,9 +2,9 @@ import { db, workflow, workflowDeploymentVersion } from '@sim/db'
 import { createLogger } from '@sim/logger'
 import { and, desc, eq } from 'drizzle-orm'
 import type { NextRequest } from 'next/server'
-import type { AuthResult } from '@/lib/auth/hybrid'
 import { getAuditActorMetadata } from '@/lib/audit/actor-metadata'
 import { AuditAction, AuditResourceType, recordAudit } from '@/lib/audit/log'
+import type { AuthResult } from '@/lib/auth/hybrid'
 import { generateRequestId } from '@/lib/core/utils/request'
 import { removeMcpToolsForWorkflow, syncMcpToolsForWorkflow } from '@/lib/mcp/workflow-mcp-sync'
 import {
@@ -61,10 +61,6 @@ async function validateLifecycleAdminAccess(
   }
 }
 
-function getLifecycleAuditActor(auth: AuthResult | null | undefined) {
-  return getAuditActorMetadata(auth)
-}
-
 export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
   const requestId = generateRequestId()
   const { id } = await params
@@ -294,7 +290,7 @@ export async function POST(request: NextRequest, { params }: { params: Promise<{
     // Sync MCP tools with the latest parameter schema
     await syncMcpToolsForWorkflow({ workflowId: id, requestId, context: 'deploy' })
 
-    const { actorName, actorEmail } = getLifecycleAuditActor(auth)
+    const { actorName, actorEmail } = getAuditActorMetadata(auth)
 
     recordAudit({
       workspaceId: workflowData?.workspaceId || null,
@@ -420,7 +416,7 @@ export async function DELETE(
       // Silently fail
     }
 
-    const { actorName, actorEmail } = getLifecycleAuditActor(auth)
+    const { actorName, actorEmail } = getAuditActorMetadata(auth)
 
     recordAudit({
       workspaceId: workflowData?.workspaceId || null,
diff --git a/apps/sim/app/api/workflows/[id]/route.test.ts b/apps/sim/app/api/workflows/[id]/route.test.ts
@@ -380,7 +380,13 @@ describe('Workflow By ID API Route', () => {
 
       mockValidateWorkflowAccess.mockResolvedValue({
         workflow: mockWorkflow,
-        auth: { success: true, userId: 'api-user-1', authType: 'api_key' },
+        auth: {
+          success: true,
+          userId: 'api-user-1',
+          authType: 'api_key',
+          userName: 'API Key Actor',
+          userEmail: null,
+        },
       })
       mockGetWorkflowById.mockResolvedValue(mockWorkflow)
       mockAuthorizeWorkflowByWorkspacePermission.mockResolvedValue({
@@ -409,6 +415,13 @@ describe('Workflow By ID API Route', () => {
 
       expect(response.status).toBe(200)
       expect(mockAuthorizeWorkflowByWorkspacePermission).not.toHaveBeenCalled()
+      expect(auditMock.recordAudit).toHaveBeenCalledWith(
+        expect.objectContaining({
+          actorId: 'api-user-1',
+          actorName: undefined,
+          actorEmail: undefined,
+        })
+      )
     })
 
     it('should prevent deletion of the last workflow in workspace', async () => {
diff --git a/apps/sim/app/api/workflows/[id]/route.ts b/apps/sim/app/api/workflows/[id]/route.ts
@@ -4,6 +4,7 @@ import { createLogger } from '@sim/logger'
 import { and, eq, isNull, ne } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
+import { getAuditActorMetadata } from '@/lib/audit/actor-metadata'
 import { AuditAction, AuditResourceType, recordAudit } from '@/lib/audit/log'
 import { AuthType, checkHybridAuth } from '@/lib/auth/hybrid'
 import { env } from '@/lib/core/config/env'
@@ -153,7 +154,10 @@ export async function DELETE(
     })
     if (validation.error) {
       logger.warn(`[${requestId}] Unauthorized deletion attempt for workflow ${workflowId}`)
-      return NextResponse.json({ error: validation.error.message }, { status: validation.error.status })
+      return NextResponse.json(
+        { error: validation.error.message },
+        { status: validation.error.status }
+      )
     }
 
     const auth = validation.auth
@@ -323,11 +327,13 @@ export async function DELETE(
       // Don't fail the deletion if Socket.IO notification fails
     }
 
+    const { actorName, actorEmail } = getAuditActorMetadata(auth)
+
     recordAudit({
       workspaceId: workflowData.workspaceId || null,
       actorId: userId,
-      actorName: auth.userName,
-      actorEmail: auth.userEmail,
+      actorName,
+      actorEmail,
       action: AuditAction.WORKFLOW_DELETED,
       resourceType: AuditResourceType.WORKFLOW,
       resourceId: workflowId,
