Optimize metadata queries (#7013)

In this PR: 1. Refactor guards to avoid duplicated queries: WorkspaceAuthGuard and UserAuthGuard only check for existence of workspace and user in the request without querying the database
2024-09-13 19:11:32 +02:00
parent cf8b1161cc
commit 523df5398a
132 changed files with 818 additions and 6372 deletions
--- a/packages/twenty-server/src/engine/core-modules/ai-sql-query/ai-sql-query.resolver.ts
+++ b/packages/twenty-server/src/engine/core-modules/ai-sql-query/ai-sql-query.resolver.ts
@ -12,7 +12,8 @@ import { User } from 'src/engine/core-modules/user/user.entity';
 import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
 import { AuthUser } from 'src/engine/decorators/auth/auth-user.decorator';
 import { AuthWorkspace } from 'src/engine/decorators/auth/auth-workspace.decorator';
-import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
+import { UserAuthGuard } from 'src/engine/guards/user-auth.guard';
+import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';

@ArgsType()
 class GetAISQLQueryArgs {
@ -20,7 +21,7 @@ class GetAISQLQueryArgs {
  text: string;
 }

-@UseGuards(JwtAuthGuard)
+@UseGuards(WorkspaceAuthGuard, UserAuthGuard)
@Resolver(() => AISQLQueryResult)
 export class AISQLQueryResolver {
  constructor(
--- a/packages/twenty-server/src/engine/core-modules/analytics/analytics.resolver.ts
+++ b/packages/twenty-server/src/engine/core-modules/analytics/analytics.resolver.ts
@ -1,21 +1,18 @@
-import { Resolver, Mutation, Args, Context } from '@nestjs/graphql';
-import { UseGuards } from '@nestjs/common';
+import { Args, Context, Mutation, Resolver } from '@nestjs/graphql';

 import { Request } from 'express';

-import { OptionalJwtAuthGuard } from 'src/engine/guards/optional-jwt.auth.guard';
-import { AuthWorkspace } from 'src/engine/decorators/auth/auth-workspace.decorator';
-import { AuthUser } from 'src/engine/decorators/auth/auth-user.decorator';
-import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
-import { User } from 'src/engine/core-modules/user/user.entity';
 import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
+import { User } from 'src/engine/core-modules/user/user.entity';
+import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
+import { AuthUser } from 'src/engine/decorators/auth/auth-user.decorator';
+import { AuthWorkspace } from 'src/engine/decorators/auth/auth-workspace.decorator';

-import { AnalyticsService } from './analytics.service';
 import { Analytics } from './analytics.entity';
+import { AnalyticsService } from './analytics.service';

 import { CreateAnalyticsInput } from './dtos/create-analytics.input';

-@UseGuards(OptionalJwtAuthGuard)
@Resolver(() => Analytics)
 export class AnalyticsResolver {
  constructor(
--- a/packages/twenty-server/src/engine/core-modules/app-token/app-token.auto-resolver-opts.ts
+++ b/packages/twenty-server/src/engine/core-modules/app-token/app-token.auto-resolver-opts.ts
@ -6,7 +6,7 @@ import {

 import { AppToken } from 'src/engine/core-modules/app-token/app-token.entity';
 import { CreateAppTokenInput } from 'src/engine/core-modules/app-token/dtos/create-app-token.input';
-import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
+import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';

 export const appTokenAutoResolverOpts: AutoResolverOpts<
  any,
@ -34,6 +34,6 @@ export const appTokenAutoResolverOpts: AutoResolverOpts<
      one: { disabled: true },
    },
    delete: { many: { disabled: true }, one: { disabled: true } },
-    guards: [JwtAuthGuard],
+    guards: [WorkspaceAuthGuard],
  },
 ];
--- a/packages/twenty-server/src/engine/core-modules/app-token/hooks/before-create-one-app-token.hook.ts
+++ b/packages/twenty-server/src/engine/core-modules/app-token/hooks/before-create-one-app-token.hook.ts
@ -13,7 +13,7 @@ export class BeforeCreateOneAppToken<T extends AppToken>
    instance: CreateOneInputType<T>,
    context: any,
  ): Promise<CreateOneInputType<T>> {
-    const userId = context?.req?.user?.user?.id;
+    const userId = context?.req?.user?.id;

    instance.input.userId = userId;
    // FIXME: These fields should be autogenerated, we need to run a migration for this
--- a/packages/twenty-server/src/engine/core-modules/auth/auth.resolver.ts
+++ b/packages/twenty-server/src/engine/core-modules/auth/auth.resolver.ts
@ -16,13 +16,14 @@ import { UpdatePasswordViaResetTokenInput } from 'src/engine/core-modules/auth/d
 import { ValidatePasswordResetToken } from 'src/engine/core-modules/auth/dto/validate-password-reset-token.entity';
 import { ValidatePasswordResetTokenInput } from 'src/engine/core-modules/auth/dto/validate-password-reset-token.input';
 import { AuthGraphqlApiExceptionFilter } from 'src/engine/core-modules/auth/filters/auth-graphql-api-exception.filter';
+import { CaptchaGuard } from 'src/engine/core-modules/captcha/captcha.guard';
 import { UserService } from 'src/engine/core-modules/user/services/user.service';
 import { User } from 'src/engine/core-modules/user/user.entity';
 import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
 import { AuthUser } from 'src/engine/decorators/auth/auth-user.decorator';
 import { AuthWorkspace } from 'src/engine/decorators/auth/auth-workspace.decorator';
-import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
-import { CaptchaGuard } from 'src/engine/core-modules/captcha/captcha.guard';
+import { UserAuthGuard } from 'src/engine/guards/user-auth.guard';
+import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';

 import { ChallengeInput } from './dto/challenge.input';
 import { ImpersonateInput } from './dto/impersonate.input';
@ -111,7 +112,7 @@ export class AuthResolver {
  }

  @Mutation(() => TransientToken)
-  @UseGuards(JwtAuthGuard)
+  @UseGuards(WorkspaceAuthGuard, UserAuthGuard)
  async generateTransientToken(
    @AuthUser() user: User,
  ): Promise<TransientToken | void> {
@ -141,7 +142,7 @@ export class AuthResolver {
  }

  @Mutation(() => AuthorizeApp)
-  @UseGuards(JwtAuthGuard)
+  @UseGuards(WorkspaceAuthGuard, UserAuthGuard)
  async authorizeApp(
    @Args() authorizeAppInput: AuthorizeAppInput,
    @AuthUser() user: User,
@ -155,7 +156,7 @@ export class AuthResolver {
  }

  @Mutation(() => AuthTokens)
-  @UseGuards(JwtAuthGuard)
+  @UseGuards(WorkspaceAuthGuard, UserAuthGuard)
  async generateJWT(
    @AuthUser() user: User,
    @Args() args: GenerateJwtInput,
@ -177,7 +178,7 @@ export class AuthResolver {
    return { tokens: tokens };
  }

-  @UseGuards(JwtAuthGuard)
+  @UseGuards(WorkspaceAuthGuard, UserAuthGuard)
  @Mutation(() => Verify)
  async impersonate(
    @Args() impersonateInput: ImpersonateInput,
@ -186,7 +187,7 @@ export class AuthResolver {
    return await this.authService.impersonate(impersonateInput.userId, user);
  }

-  @UseGuards(JwtAuthGuard)
+  @UseGuards(WorkspaceAuthGuard)
  @Mutation(() => ApiKeyToken)
  async generateApiKeyToken(
    @Args() args: ApiKeyTokenInput,
--- a/packages/twenty-server/src/engine/core-modules/auth/services/token.service.ts
+++ b/packages/twenty-server/src/engine/core-modules/auth/services/token.service.ts
@ -36,14 +36,14 @@ import {
  JwtPayload,
 } from 'src/engine/core-modules/auth/strategies/jwt.auth.strategy';
 import { AuthContext } from 'src/engine/core-modules/auth/types/auth-context.type';
+import { EmailService } from 'src/engine/core-modules/email/email.service';
+import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
 import { JwtWrapperService } from 'src/engine/core-modules/jwt/services/jwt-wrapper.service';
 import { User } from 'src/engine/core-modules/user/user.entity';
 import {
  Workspace,
  WorkspaceActivationStatus,
 } from 'src/engine/core-modules/workspace/workspace.entity';
-import { EmailService } from 'src/engine/core-modules/email/email.service';
-import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
 import { TwentyORMGlobalManager } from 'src/engine/twenty-orm/twenty-orm-global.manager';
 import { WorkspaceMemberWorkspaceEntity } from 'src/modules/workspace-member/standard-objects/workspace-member.workspace-entity';

--- a/packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.ts
+++ b/packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.ts
@ -11,9 +11,9 @@ import {
  AuthExceptionCode,
 } from 'src/engine/core-modules/auth/auth.exception';
 import { AuthContext } from 'src/engine/core-modules/auth/types/auth-context.type';
+import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
 import { User } from 'src/engine/core-modules/user/user.entity';
 import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
-import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
 import { DataSourceService } from 'src/engine/metadata-modules/data-source/data-source.service';
 import { ApiKeyWorkspaceEntity } from 'src/modules/api-key/standard-objects/api-key.workspace-entity';

@ -90,7 +90,6 @@ export class JwtAuthStrategy extends PassportStrategy(Strategy, 'jwt') {
    if (payload.workspaceId) {
      user = await this.userRepository.findOne({
        where: { id: payload.sub },
-        relations: ['defaultWorkspace'],
      });
      if (!user) {
        throw new AuthException(
--- a/packages/twenty-server/src/engine/core-modules/billing/billing.resolver.ts
+++ b/packages/twenty-server/src/engine/core-modules/billing/billing.resolver.ts
@ -16,7 +16,8 @@ import { User } from 'src/engine/core-modules/user/user.entity';
 import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
 import { AuthUser } from 'src/engine/decorators/auth/auth-user.decorator';
 import { AuthWorkspace } from 'src/engine/decorators/auth/auth-workspace.decorator';
-import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
+import { UserAuthGuard } from 'src/engine/guards/user-auth.guard';
+import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';

@Resolver()
 export class BillingResolver {
@ -37,7 +38,7 @@ export class BillingResolver {
  }

  @Query(() => SessionEntity)
-  @UseGuards(JwtAuthGuard)
+  @UseGuards(WorkspaceAuthGuard, UserAuthGuard)
  async billingPortalSession(
    @AuthUser() user: User,
    @Args() { returnUrlPath }: BillingSessionInput,
@ -51,7 +52,7 @@ export class BillingResolver {
  }

  @Mutation(() => SessionEntity)
-  @UseGuards(JwtAuthGuard)
+  @UseGuards(WorkspaceAuthGuard, UserAuthGuard)
  async checkoutSession(
    @AuthWorkspace() workspace: Workspace,
    @AuthUser() user: User,
@ -79,7 +80,7 @@ export class BillingResolver {
  }

  @Mutation(() => UpdateBillingEntity)
-  @UseGuards(JwtAuthGuard)
+  @UseGuards(WorkspaceAuthGuard)
  async updateBillingSubscription(@AuthUser() user: User) {
    await this.billingSubscriptionService.applyBillingSubscription(user);

--- a/packages/twenty-server/src/engine/core-modules/calendar/timeline-calendar-event.resolver.ts
+++ b/packages/twenty-server/src/engine/core-modules/calendar/timeline-calendar-event.resolver.ts
@ -7,7 +7,7 @@ import { UUIDScalarType } from 'src/engine/api/graphql/workspace-schema-builder/
 import { TIMELINE_CALENDAR_EVENTS_MAX_PAGE_SIZE } from 'src/engine/core-modules/calendar/constants/calendar.constants';
 import { TimelineCalendarEventsWithTotal } from 'src/engine/core-modules/calendar/dtos/timeline-calendar-events-with-total.dto';
 import { TimelineCalendarEventService } from 'src/engine/core-modules/calendar/timeline-calendar-event.service';
-import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
+import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';

@ArgsType()
 class GetTimelineCalendarEventsFromPersonIdArgs {
@ -35,7 +35,7 @@ class GetTimelineCalendarEventsFromCompanyIdArgs {
  pageSize: number;
 }

-@UseGuards(JwtAuthGuard)
+@UseGuards(WorkspaceAuthGuard)
@Resolver(() => TimelineCalendarEventsWithTotal)
 export class TimelineCalendarEventResolver {
  constructor(
--- a/packages/twenty-server/src/engine/core-modules/file/file-upload/resolvers/file-upload.resolver.spec.ts
+++ b/packages/twenty-server/src/engine/core-modules/file/file-upload/resolvers/file-upload.resolver.spec.ts
@ -1,5 +1,6 @@
 import { Test, TestingModule } from '@nestjs/testing';

+import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
 import { FileUploadService } from 'src/engine/core-modules/file/file-upload/services/file-upload.service';

 import { FileUploadResolver } from './file-upload.resolver';
@ -15,6 +16,10 @@ describe('FileUploadResolver', () => {
          provide: FileUploadService,
          useValue: {},
        },
+        {
+          provide: EnvironmentService,
+          useValue: {},
+        },
      ],
    }).compile();

--- a/packages/twenty-server/src/engine/core-modules/file/file-upload/resolvers/file-upload.resolver.ts
+++ b/packages/twenty-server/src/engine/core-modules/file/file-upload/resolvers/file-upload.resolver.ts
@ -9,10 +9,10 @@ import { FileUploadService } from 'src/engine/core-modules/file/file-upload/serv
 import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
 import { AuthWorkspace } from 'src/engine/decorators/auth/auth-workspace.decorator';
 import { DemoEnvGuard } from 'src/engine/guards/demo.env.guard';
-import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
+import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';
 import { streamToBuffer } from 'src/utils/stream-to-buffer';

-@UseGuards(JwtAuthGuard, DemoEnvGuard)
+@UseGuards(WorkspaceAuthGuard, DemoEnvGuard)
@Resolver()
 export class FileUploadResolver {
  constructor(private readonly fileUploadService: FileUploadService) {}
--- a/packages/twenty-server/src/engine/core-modules/messaging/timeline-messaging.resolver.ts
+++ b/packages/twenty-server/src/engine/core-modules/messaging/timeline-messaging.resolver.ts
@ -10,7 +10,8 @@ import { GetMessagesService } from 'src/engine/core-modules/messaging/services/g
 import { UserService } from 'src/engine/core-modules/user/services/user.service';
 import { User } from 'src/engine/core-modules/user/user.entity';
 import { AuthUser } from 'src/engine/decorators/auth/auth-user.decorator';
-import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
+import { UserAuthGuard } from 'src/engine/guards/user-auth.guard';
+import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';

@ArgsType()
 class GetTimelineThreadsFromPersonIdArgs {
@ -38,7 +39,7 @@ class GetTimelineThreadsFromCompanyIdArgs {
  pageSize: number;
 }

-@UseGuards(JwtAuthGuard)
+@UseGuards(WorkspaceAuthGuard, UserAuthGuard)
@Resolver(() => TimelineThreadsWithTotal)
 export class TimelineMessagingResolver {
  constructor(
--- a/packages/twenty-server/src/engine/core-modules/onboarding/onboarding.resolver.ts
+++ b/packages/twenty-server/src/engine/core-modules/onboarding/onboarding.resolver.ts
@ -7,9 +7,10 @@ import { User } from 'src/engine/core-modules/user/user.entity';
 import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
 import { AuthUser } from 'src/engine/decorators/auth/auth-user.decorator';
 import { AuthWorkspace } from 'src/engine/decorators/auth/auth-workspace.decorator';
-import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
+import { UserAuthGuard } from 'src/engine/guards/user-auth.guard';
+import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';

-@UseGuards(JwtAuthGuard)
+@UseGuards(WorkspaceAuthGuard, UserAuthGuard)
@Resolver()
 export class OnboardingResolver {
  constructor(private readonly onboardingService: OnboardingService) {}
--- a/packages/twenty-server/src/engine/core-modules/postgres-credentials/postgres-credentials.resolver.ts
+++ b/packages/twenty-server/src/engine/core-modules/postgres-credentials/postgres-credentials.resolver.ts
@ -1,11 +1,11 @@
 import { UseGuards } from '@nestjs/common';
-import { Resolver, Mutation, Query } from '@nestjs/graphql';
+import { Mutation, Query, Resolver } from '@nestjs/graphql';

 import { PostgresCredentialsDTO } from 'src/engine/core-modules/postgres-credentials/dtos/postgres-credentials.dto';
 import { PostgresCredentialsService } from 'src/engine/core-modules/postgres-credentials/postgres-credentials.service';
 import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
 import { AuthWorkspace } from 'src/engine/decorators/auth/auth-workspace.decorator';
-import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
+import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';

@Resolver(() => PostgresCredentialsDTO)
 export class PostgresCredentialsResolver {
@ -13,19 +13,19 @@ export class PostgresCredentialsResolver {
    private readonly postgresCredentialsService: PostgresCredentialsService,
  ) {}

-  @UseGuards(JwtAuthGuard)
+  @UseGuards(WorkspaceAuthGuard)
  @Mutation(() => PostgresCredentialsDTO)
  async enablePostgresProxy(@AuthWorkspace() { id: workspaceId }: Workspace) {
    return this.postgresCredentialsService.enablePostgresProxy(workspaceId);
  }

-  @UseGuards(JwtAuthGuard)
+  @UseGuards(WorkspaceAuthGuard)
  @Mutation(() => PostgresCredentialsDTO)
  async disablePostgresProxy(@AuthWorkspace() { id: workspaceId }: Workspace) {
    return this.postgresCredentialsService.disablePostgresProxy(workspaceId);
  }

-  @UseGuards(JwtAuthGuard)
+  @UseGuards(WorkspaceAuthGuard)
  @Query(() => PostgresCredentialsDTO, { nullable: true })
  async getPostgresCredentials(
    @AuthWorkspace() { id: workspaceId }: Workspace,
--- a/packages/twenty-server/src/engine/core-modules/user-workspace/user-workspace.resolver.ts
+++ b/packages/twenty-server/src/engine/core-modules/user-workspace/user-workspace.resolver.ts
@ -4,15 +4,15 @@ import { InjectRepository } from '@nestjs/typeorm';

 import { Repository } from 'typeorm';

-import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
-import { UserWorkspace } from 'src/engine/core-modules/user-workspace/user-workspace.entity';
-import { AuthUser } from 'src/engine/decorators/auth/auth-user.decorator';
-import { User } from 'src/engine/core-modules/user/user.entity';
 import { WorkspaceInviteHashValidInput } from 'src/engine/core-modules/auth/dto/workspace-invite-hash.input';
-import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
+import { UserWorkspace } from 'src/engine/core-modules/user-workspace/user-workspace.entity';
 import { UserWorkspaceService } from 'src/engine/core-modules/user-workspace/user-workspace.service';
+import { User } from 'src/engine/core-modules/user/user.entity';
+import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
+import { AuthUser } from 'src/engine/decorators/auth/auth-user.decorator';
+import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';

-@UseGuards(JwtAuthGuard)
+@UseGuards(WorkspaceAuthGuard)
@Resolver(() => UserWorkspace)
 export class UserWorkspaceResolver {
  constructor(
--- a/packages/twenty-server/src/engine/core-modules/user/user.auto-resolver-opts.ts
+++ b/packages/twenty-server/src/engine/core-modules/user/user.auto-resolver-opts.ts
@ -1,11 +1,11 @@
 import {
  AutoResolverOpts,
-  ReadResolverOpts,
  PagingStrategies,
+  ReadResolverOpts,
 } from '@ptc-org/nestjs-query-graphql';

 import { User } from 'src/engine/core-modules/user/user.entity';
-import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
+import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';

 export const userAutoResolverOpts: AutoResolverOpts<
  any,
@ -33,6 +33,6 @@ export const userAutoResolverOpts: AutoResolverOpts<
      one: { disabled: true },
    },
    delete: { many: { disabled: true }, one: { disabled: true } },
-    guards: [JwtAuthGuard],
+    guards: [WorkspaceAuthGuard],
  },
 ];
--- a/packages/twenty-server/src/engine/core-modules/user/user.resolver.ts
+++ b/packages/twenty-server/src/engine/core-modules/user/user.resolver.ts
@ -16,9 +16,10 @@ import { GraphQLJSONObject } from 'graphql-type-json';
 import { FileUpload, GraphQLUpload } from 'graphql-upload';
 import { Repository } from 'typeorm';

-import { FileFolder } from 'src/engine/core-modules/file/interfaces/file-folder.interface';
 import { SupportDriver } from 'src/engine/core-modules/environment/interfaces/support.interface';
+import { FileFolder } from 'src/engine/core-modules/file/interfaces/file-folder.interface';

+import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
 import { FileUploadService } from 'src/engine/core-modules/file/file-upload/services/file-upload.service';
 import { FileService } from 'src/engine/core-modules/file/services/file.service';
 import { OnboardingStatus } from 'src/engine/core-modules/onboarding/enums/onboarding-status.enum';
@ -31,8 +32,7 @@ import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
 import { AuthUser } from 'src/engine/decorators/auth/auth-user.decorator';
 import { AuthWorkspace } from 'src/engine/decorators/auth/auth-workspace.decorator';
 import { DemoEnvGuard } from 'src/engine/guards/demo.env.guard';
-import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
-import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
+import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';
 import { streamToBuffer } from 'src/utils/stream-to-buffer';

 const getHMACKey = (email?: string, key?: string | null) => {
@ -43,7 +43,7 @@ const getHMACKey = (email?: string, key?: string | null) => {
  return hmac.update(email).digest('hex');
 };

-@UseGuards(JwtAuthGuard)
+@UseGuards(WorkspaceAuthGuard)
@Resolver(() => User)
 export class UserResolver {
  constructor(
--- a/packages/twenty-server/src/engine/core-modules/workflow/workflow-trigger.resolver.ts
+++ b/packages/twenty-server/src/engine/core-modules/workflow/workflow-trigger.resolver.ts
@ -7,11 +7,12 @@ import { WorkflowRunDTO } from 'src/engine/core-modules/workflow/dtos/workflow-r
 import { WorkflowTriggerGraphqlApiExceptionFilter } from 'src/engine/core-modules/workflow/filters/workflow-trigger-graphql-api-exception.filter';
 import { AuthUser } from 'src/engine/decorators/auth/auth-user.decorator';
 import { AuthWorkspaceMemberId } from 'src/engine/decorators/auth/auth-workspace-member-id.decorator';
-import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
+import { UserAuthGuard } from 'src/engine/guards/user-auth.guard';
+import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';
 import { WorkflowTriggerWorkspaceService } from 'src/modules/workflow/workflow-trigger/workspace-services/workflow-trigger.workspace-service';

@Resolver()
-@UseGuards(JwtAuthGuard)
+@UseGuards(WorkspaceAuthGuard, UserAuthGuard)
@UseFilters(WorkflowTriggerGraphqlApiExceptionFilter)
 export class WorkflowTriggerResolver {
  constructor(
--- a/packages/twenty-server/src/engine/core-modules/workspace/services/workspace.service.ts
+++ b/packages/twenty-server/src/engine/core-modules/workspace/services/workspace.service.ts
@ -9,6 +9,8 @@ import { SendInviteLinkEmail } from 'twenty-emails';
 import { Repository } from 'typeorm';

 import { BillingSubscriptionService } from 'src/engine/core-modules/billing/services/billing-subscription.service';
+import { EmailService } from 'src/engine/core-modules/email/email.service';
+import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
 import { OnboardingService } from 'src/engine/core-modules/onboarding/onboarding.service';
 import { UserWorkspace } from 'src/engine/core-modules/user-workspace/user-workspace.entity';
 import { UserWorkspaceService } from 'src/engine/core-modules/user-workspace/user-workspace.service';
@ -19,8 +21,6 @@ import {
  Workspace,
  WorkspaceActivationStatus,
 } from 'src/engine/core-modules/workspace/workspace.entity';
-import { EmailService } from 'src/engine/core-modules/email/email.service';
-import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
 import { WorkspaceManagerService } from 'src/engine/workspace-manager/workspace-manager.service';

 // eslint-disable-next-line @nx/workspace-inject-workspace-repository
@ -48,7 +48,7 @@ export class WorkspaceService extends TypeOrmQueryService<Workspace> {
    }

    const existingWorkspace = await this.workspaceRepository.findOneBy({
-      id: user.defaultWorkspace.id,
+      id: user.defaultWorkspaceId,
    });

    if (!existingWorkspace) {
@ -69,21 +69,21 @@ export class WorkspaceService extends TypeOrmQueryService<Workspace> {
      throw new Error('Worspace is not pending creation');
    }

-    await this.workspaceRepository.update(user.defaultWorkspace.id, {
+    await this.workspaceRepository.update(user.defaultWorkspaceId, {
      activationStatus: WorkspaceActivationStatus.ONGOING_CREATION,
    });

-    await this.workspaceManagerService.init(user.defaultWorkspace.id);
+    await this.workspaceManagerService.init(user.defaultWorkspaceId);
    await this.userWorkspaceService.createWorkspaceMember(
-      user.defaultWorkspace.id,
+      user.defaultWorkspaceId,
      user,
    );
-    await this.workspaceRepository.update(user.defaultWorkspace.id, {
+    await this.workspaceRepository.update(user.defaultWorkspaceId, {
      displayName: data.displayName,
      activationStatus: WorkspaceActivationStatus.ACTIVE,
    });

-    return user.defaultWorkspace;
+    return existingWorkspace;
  }

  async softDeleteWorkspace(id: string) {
--- a/packages/twenty-server/src/engine/core-modules/workspace/workspace.auto-resolver-opts.ts
+++ b/packages/twenty-server/src/engine/core-modules/workspace/workspace.auto-resolver-opts.ts
@ -4,8 +4,8 @@ import {
  ReadResolverOpts,
 } from '@ptc-org/nestjs-query-graphql';

-import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
 import { UpdateWorkspaceInput } from 'src/engine/core-modules/workspace/dtos/update-workspace-input';
+import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';

 import { Workspace } from './workspace.entity';

@ -36,6 +36,6 @@ export const workspaceAutoResolverOpts: AutoResolverOpts<
      many: { disabled: true },
    },
    delete: { many: { disabled: true }, one: { disabled: true } },
-    guards: [JwtAuthGuard],
+    guards: [WorkspaceAuthGuard],
  },
 ];
--- a/packages/twenty-server/src/engine/core-modules/workspace/workspace.resolver.ts
+++ b/packages/twenty-server/src/engine/core-modules/workspace/workspace.resolver.ts
@ -25,7 +25,8 @@ import { UpdateWorkspaceInput } from 'src/engine/core-modules/workspace/dtos/upd
 import { AuthUser } from 'src/engine/decorators/auth/auth-user.decorator';
 import { AuthWorkspace } from 'src/engine/decorators/auth/auth-workspace.decorator';
 import { DemoEnvGuard } from 'src/engine/guards/demo.env.guard';
-import { JwtAuthGuard } from 'src/engine/guards/jwt.auth.guard';
+import { UserAuthGuard } from 'src/engine/guards/user-auth.guard';
+import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';
 import { assert } from 'src/utils/assert';
 import { streamToBuffer } from 'src/utils/stream-to-buffer';

@ -33,7 +34,7 @@ import { Workspace } from './workspace.entity';

 import { WorkspaceService } from './services/workspace.service';

-@UseGuards(JwtAuthGuard)
+@UseGuards(WorkspaceAuthGuard)
@Resolver(() => Workspace)
 export class WorkspaceResolver {
  constructor(
@ -54,7 +55,7 @@ export class WorkspaceResolver {
  }

  @Mutation(() => Workspace)
-  @UseGuards(JwtAuthGuard)
+  @UseGuards(UserAuthGuard)
  async activateWorkspace(
    @Args('data') data: ActivateWorkspaceInput,
    @AuthUser() user: User,
@ -139,6 +140,7 @@ export class WorkspaceResolver {
  }

  @Mutation(() => SendInviteLink)
+  @UseGuards(UserAuthGuard)
  async sendInviteLink(
    @Args() sendInviteLinkInput: SendInviteLinkInput,
    @AuthUser() user: User,