Trigger workflow run manually (#6696)

Fix https://github.com/twentyhq/twenty/issues/6669 - create a commun function `startWorkflowRun` that both create the run object and the job for executing the workflow - use it in both the `workflowEventJob` and the `runWorkflowVersion` endpoint Bonus: - use filtering for exceptions instead of a util. It avoids doing a try catch in all endpoint
2024-08-21 17:41:26 +02:00
parent da5dfb7a5b
commit 663acd56e4
43 changed files with 452 additions and 316 deletions
--- a/packages/twenty-server/src/engine/core-modules/auth/services/token.service.spec.ts
+++ b/packages/twenty-server/src/engine/core-modules/auth/services/token.service.spec.ts
@ -16,6 +16,7 @@ import { User } from 'src/engine/core-modules/user/user.entity';
 import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
 import { EmailService } from 'src/engine/integrations/email/email.service';
 import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
+import { TwentyORMGlobalManager } from 'src/engine/twenty-orm/twenty-orm-global.manager';

 import { TokenService } from './token.service';

@ -66,6 +67,10 @@ describe('TokenService', () => {
          provide: getRepositoryToken(Workspace, 'core'),
          useValue: {},
        },
+        {
+          provide: TwentyORMGlobalManager,
+          useValue: {},
+        },
      ],
    }).compile();

--- a/packages/twenty-server/src/engine/core-modules/auth/services/token.service.ts
+++ b/packages/twenty-server/src/engine/core-modules/auth/services/token.service.ts
@ -41,6 +41,8 @@ import { User } from 'src/engine/core-modules/user/user.entity';
 import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
 import { EmailService } from 'src/engine/integrations/email/email.service';
 import { EnvironmentService } from 'src/engine/integrations/environment/environment.service';
+import { TwentyORMGlobalManager } from 'src/engine/twenty-orm/twenty-orm-global.manager';
+import { WorkspaceMemberWorkspaceEntity } from 'src/modules/workspace-member/standard-objects/workspace-member.workspace-entity';

@Injectable()
 export class TokenService {
@ -55,6 +57,7 @@ export class TokenService {
    @InjectRepository(Workspace, 'core')
    private readonly workspaceRepository: Repository<Workspace>,
    private readonly emailService: EmailService,
+    private readonly twentyORMGlobalManager: TwentyORMGlobalManager,
  ) {}

  async generateAccessToken(
@ -91,9 +94,33 @@ export class TokenService {
      );
    }

+    const workspaceIdNonNullable = workspaceId
+      ? workspaceId
+      : user.defaultWorkspace.id;
+
+    const workspaceMemberRepository =
+      await this.twentyORMGlobalManager.getRepositoryForWorkspace<WorkspaceMemberWorkspaceEntity>(
+        workspaceIdNonNullable,
+        'workspaceMember',
+      );
+
+    const workspaceMember = await workspaceMemberRepository.findOne({
+      where: {
+        userId: user.id,
+      },
+    });
+
+    if (!workspaceMember) {
+      throw new AuthException(
+        'User is not a member of the workspace',
+        AuthExceptionCode.FORBIDDEN_EXCEPTION,
+      );
+    }
+
    const jwtPayload: JwtPayload = {
      sub: user.id,
      workspaceId: workspaceId ? workspaceId : user.defaultWorkspace.id,
+      workspaceMemberId: workspaceMember.id,
    };

    return {
@ -247,11 +274,10 @@ export class TokenService {
      this.environmentService.get('ACCESS_TOKEN_SECRET'),
    );

-    const { user, apiKey, workspace } = await this.jwtStrategy.validate(
-      decoded as JwtPayload,
-    );
+    const { user, apiKey, workspace, workspaceMemberId } =
+      await this.jwtStrategy.validate(decoded as JwtPayload);

-    return { user, apiKey, workspace };
+    return { user, apiKey, workspace, workspaceMemberId };
  }

  async verifyLoginToken(loginToken: string): Promise<string> {
--- a/packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.ts
+++ b/packages/twenty-server/src/engine/core-modules/auth/strategies/jwt.auth.strategy.ts
@ -17,7 +17,12 @@ import { EnvironmentService } from 'src/engine/integrations/environment/environm
 import { DataSourceService } from 'src/engine/metadata-modules/data-source/data-source.service';
 import { ApiKeyWorkspaceEntity } from 'src/modules/api-key/standard-objects/api-key.workspace-entity';

-export type JwtPayload = { sub: string; workspaceId: string; jti?: string };
+export type JwtPayload = {
+  sub: string;
+  workspaceId: string;
+  workspaceMemberId: string;
+  jti?: string;
+};

@Injectable()
 export class JwtAuthStrategy extends PassportStrategy(Strategy, 'jwt') {
@ -95,6 +100,9 @@ export class JwtAuthStrategy extends PassportStrategy(Strategy, 'jwt') {
      }
    }

-    return { user, apiKey, workspace };
+    // We don't check if the user is a member of the workspace yet
+    const workspaceMemberId = payload.workspaceMemberId;
+
+    return { user, apiKey, workspace, workspaceMemberId };
  }
 }
--- a/packages/twenty-server/src/engine/core-modules/auth/types/auth-context.type.ts
+++ b/packages/twenty-server/src/engine/core-modules/auth/types/auth-context.type.ts
@ -5,5 +5,6 @@ import { ApiKeyWorkspaceEntity } from 'src/modules/api-key/standard-objects/api-
 export type AuthContext = {
  user?: User | null | undefined;
  apiKey?: ApiKeyWorkspaceEntity | null | undefined;
+  workspaceMemberId?: string;
  workspace: Workspace;
 };