Skip to content

Commit 233b727

Browse files
waleedlatif1waleedlatif1
committed
fix(aws): deep validation fixes across SES, IAM, Identity Center, DynamoDB integrations
- IAM: replace non-existent StatementId with SourcePolicyType in simulatePrincipalPolicy - IAM: add .int() constraint to list-users/roles/policies/groups Zod schemas - IAM: remove redundant manual requestId from all 21 IAM route handlers - SES: add .refine() body validation to create-template route - SES: make bulk email destination templateData optional, only include ReplacementEmailContent when present - SES: fix pageSize guard to if (pageSize != null) to correctly forward 0 - SES: add max(100) to list-templates pageSize, revert list-identities to min(0) per SDK - STS: fix logger.error calls to use structured metadata pattern - Identity Center: remove deprecated account.Status fallback, use account.State only - DynamoDB: convert empty interface extends to type aliases, remove redundant error field, fix barrel to absolute imports
1 parent f23fdc1 commit 233b727

39 files changed

Lines changed: 144 additions & 210 deletions

File tree

apps/sim/app/api/tools/iam/add-user-to-group/route.ts

Lines changed: 4 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
import { createLogger } from '@sim/logger'
22
import { toError } from '@sim/utils/errors'
3-
import { generateId } from '@sim/utils/id'
43
import { type NextRequest, NextResponse } from 'next/server'
54
import { z } from 'zod'
65
import { checkInternalAuth } from '@/lib/auth/hybrid'
@@ -18,8 +17,6 @@ const Schema = z.object({
1817
})
1918

2019
export const POST = withRouteHandler(async (request: NextRequest) => {
21-
const requestId = generateId().slice(0, 8)
22-
2320
const auth = await checkInternalAuth(request)
2421
if (!auth.success || !auth.userId) {
2522
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
@@ -29,7 +26,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
2926
const body = await request.json()
3027
const params = Schema.parse(body)
3128

32-
logger.info(`[${requestId}] Adding user "${params.userName}" to group "${params.groupName}"`)
29+
logger.info(`Adding user "${params.userName}" to group "${params.groupName}"`)
3330

3431
const client = createIAMClient({
3532
region: params.region,
@@ -39,9 +36,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
3936

4037
try {
4138
await addUserToGroup(client, params.userName, params.groupName)
42-
logger.info(
43-
`[${requestId}] Successfully added user "${params.userName}" to group "${params.groupName}"`
44-
)
39+
logger.info(`Successfully added user "${params.userName}" to group "${params.groupName}"`)
4540
return NextResponse.json({
4641
message: `User "${params.userName}" added to group "${params.groupName}"`,
4742
})
@@ -50,13 +45,13 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
5045
}
5146
} catch (error) {
5247
if (error instanceof z.ZodError) {
53-
logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
48+
logger.warn(`Invalid request data`, { errors: error.errors })
5449
return NextResponse.json(
5550
{ error: 'Invalid request data', details: error.errors },
5651
{ status: 400 }
5752
)
5853
}
59-
logger.error(`[${requestId}] Failed to add user to group:`, error)
54+
logger.error(`Failed to add user to group:`, error)
6055
return NextResponse.json(
6156
{ error: `Failed to add user to group: ${toError(error).message}` },
6257
{ status: 500 }

apps/sim/app/api/tools/iam/attach-role-policy/route.ts

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
import { createLogger } from '@sim/logger'
22
import { toError } from '@sim/utils/errors'
3-
import { generateId } from '@sim/utils/id'
43
import { type NextRequest, NextResponse } from 'next/server'
54
import { z } from 'zod'
65
import { checkInternalAuth } from '@/lib/auth/hybrid'
@@ -18,8 +17,6 @@ const Schema = z.object({
1817
})
1918

2019
export const POST = withRouteHandler(async (request: NextRequest) => {
21-
const requestId = generateId().slice(0, 8)
22-
2320
const auth = await checkInternalAuth(request)
2421
if (!auth.success || !auth.userId) {
2522
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
@@ -29,7 +26,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
2926
const body = await request.json()
3027
const params = Schema.parse(body)
3128

32-
logger.info(`[${requestId}] Attaching policy to IAM role "${params.roleName}"`)
29+
logger.info(`Attaching policy to IAM role "${params.roleName}"`)
3330

3431
const client = createIAMClient({
3532
region: params.region,
@@ -39,7 +36,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
3936

4037
try {
4138
await attachRolePolicy(client, params.roleName, params.policyArn)
42-
logger.info(`[${requestId}] Successfully attached policy to IAM role "${params.roleName}"`)
39+
logger.info(`Successfully attached policy to IAM role "${params.roleName}"`)
4340
return NextResponse.json({
4441
message: `Policy "${params.policyArn}" attached to role "${params.roleName}"`,
4542
})
@@ -48,13 +45,13 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
4845
}
4946
} catch (error) {
5047
if (error instanceof z.ZodError) {
51-
logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
48+
logger.warn(`Invalid request data`, { errors: error.errors })
5249
return NextResponse.json(
5350
{ error: 'Invalid request data', details: error.errors },
5451
{ status: 400 }
5552
)
5653
}
57-
logger.error(`[${requestId}] Failed to attach role policy:`, error)
54+
logger.error(`Failed to attach role policy:`, error)
5855
return NextResponse.json(
5956
{ error: `Failed to attach role policy: ${toError(error).message}` },
6057
{ status: 500 }

apps/sim/app/api/tools/iam/attach-user-policy/route.ts

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
import { createLogger } from '@sim/logger'
22
import { toError } from '@sim/utils/errors'
3-
import { generateId } from '@sim/utils/id'
43
import { type NextRequest, NextResponse } from 'next/server'
54
import { z } from 'zod'
65
import { checkInternalAuth } from '@/lib/auth/hybrid'
@@ -18,8 +17,6 @@ const Schema = z.object({
1817
})
1918

2019
export const POST = withRouteHandler(async (request: NextRequest) => {
21-
const requestId = generateId().slice(0, 8)
22-
2320
const auth = await checkInternalAuth(request)
2421
if (!auth.success || !auth.userId) {
2522
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
@@ -29,7 +26,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
2926
const body = await request.json()
3027
const params = Schema.parse(body)
3128

32-
logger.info(`[${requestId}] Attaching policy to IAM user "${params.userName}"`)
29+
logger.info(`Attaching policy to IAM user "${params.userName}"`)
3330

3431
const client = createIAMClient({
3532
region: params.region,
@@ -39,7 +36,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
3936

4037
try {
4138
await attachUserPolicy(client, params.userName, params.policyArn)
42-
logger.info(`[${requestId}] Successfully attached policy to IAM user "${params.userName}"`)
39+
logger.info(`Successfully attached policy to IAM user "${params.userName}"`)
4340
return NextResponse.json({
4441
message: `Policy "${params.policyArn}" attached to user "${params.userName}"`,
4542
})
@@ -48,13 +45,13 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
4845
}
4946
} catch (error) {
5047
if (error instanceof z.ZodError) {
51-
logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
48+
logger.warn(`Invalid request data`, { errors: error.errors })
5249
return NextResponse.json(
5350
{ error: 'Invalid request data', details: error.errors },
5451
{ status: 400 }
5552
)
5653
}
57-
logger.error(`[${requestId}] Failed to attach user policy:`, error)
54+
logger.error(`Failed to attach user policy:`, error)
5855
return NextResponse.json(
5956
{ error: `Failed to attach user policy: ${toError(error).message}` },
6057
{ status: 500 }

apps/sim/app/api/tools/iam/create-access-key/route.ts

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
import { createLogger } from '@sim/logger'
22
import { toError } from '@sim/utils/errors'
3-
import { generateId } from '@sim/utils/id'
43
import { type NextRequest, NextResponse } from 'next/server'
54
import { z } from 'zod'
65
import { checkInternalAuth } from '@/lib/auth/hybrid'
@@ -17,8 +16,6 @@ const Schema = z.object({
1716
})
1817

1918
export const POST = withRouteHandler(async (request: NextRequest) => {
20-
const requestId = generateId().slice(0, 8)
21-
2219
const auth = await checkInternalAuth(request)
2320
if (!auth.success || !auth.userId) {
2421
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
@@ -28,7 +25,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
2825
const body = await request.json()
2926
const params = Schema.parse(body)
3027

31-
logger.info(`[${requestId}] Creating IAM access key`)
28+
logger.info(`Creating IAM access key`)
3229

3330
const client = createIAMClient({
3431
region: params.region,
@@ -38,7 +35,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
3835

3936
try {
4037
const result = await createAccessKey(client, params.userName)
41-
logger.info(`[${requestId}] Successfully created access key for user "${result.userName}"`)
38+
logger.info(`Successfully created access key for user "${result.userName}"`)
4239
return NextResponse.json({
4340
message: `Access key created for user "${result.userName}"`,
4441
...result,
@@ -48,13 +45,13 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
4845
}
4946
} catch (error) {
5047
if (error instanceof z.ZodError) {
51-
logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
48+
logger.warn(`Invalid request data`, { errors: error.errors })
5249
return NextResponse.json(
5350
{ error: 'Invalid request data', details: error.errors },
5451
{ status: 400 }
5552
)
5653
}
57-
logger.error(`[${requestId}] Failed to create access key:`, error)
54+
logger.error(`Failed to create access key:`, error)
5855
return NextResponse.json(
5956
{ error: `Failed to create access key: ${toError(error).message}` },
6057
{ status: 500 }

apps/sim/app/api/tools/iam/create-role/route.ts

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
import { createLogger } from '@sim/logger'
22
import { toError } from '@sim/utils/errors'
3-
import { generateId } from '@sim/utils/id'
43
import { type NextRequest, NextResponse } from 'next/server'
54
import { z } from 'zod'
65
import { checkInternalAuth } from '@/lib/auth/hybrid'
@@ -21,8 +20,6 @@ const Schema = z.object({
2120
})
2221

2322
export const POST = withRouteHandler(async (request: NextRequest) => {
24-
const requestId = generateId().slice(0, 8)
25-
2623
const auth = await checkInternalAuth(request)
2724
if (!auth.success || !auth.userId) {
2825
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
@@ -32,7 +29,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
3229
const body = await request.json()
3330
const params = Schema.parse(body)
3431

35-
logger.info(`[${requestId}] Creating IAM role "${params.roleName}"`)
32+
logger.info(`Creating IAM role "${params.roleName}"`)
3633

3734
const client = createIAMClient({
3835
region: params.region,
@@ -49,7 +46,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
4946
params.path,
5047
params.maxSessionDuration
5148
)
52-
logger.info(`[${requestId}] Successfully created IAM role "${result.roleName}"`)
49+
logger.info(`Successfully created IAM role "${result.roleName}"`)
5350
return NextResponse.json({
5451
message: `Role "${result.roleName}" created successfully`,
5552
...result,
@@ -59,13 +56,13 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
5956
}
6057
} catch (error) {
6158
if (error instanceof z.ZodError) {
62-
logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
59+
logger.warn(`Invalid request data`, { errors: error.errors })
6360
return NextResponse.json(
6461
{ error: 'Invalid request data', details: error.errors },
6562
{ status: 400 }
6663
)
6764
}
68-
logger.error(`[${requestId}] Failed to create IAM role:`, error)
65+
logger.error(`Failed to create IAM role:`, error)
6966
return NextResponse.json(
7067
{ error: `Failed to create IAM role: ${toError(error).message}` },
7168
{ status: 500 }

apps/sim/app/api/tools/iam/create-user/route.ts

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
import { createLogger } from '@sim/logger'
22
import { toError } from '@sim/utils/errors'
3-
import { generateId } from '@sim/utils/id'
43
import { type NextRequest, NextResponse } from 'next/server'
54
import { z } from 'zod'
65
import { checkInternalAuth } from '@/lib/auth/hybrid'
@@ -18,8 +17,6 @@ const Schema = z.object({
1817
})
1918

2019
export const POST = withRouteHandler(async (request: NextRequest) => {
21-
const requestId = generateId().slice(0, 8)
22-
2320
const auth = await checkInternalAuth(request)
2421
if (!auth.success || !auth.userId) {
2522
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
@@ -29,7 +26,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
2926
const body = await request.json()
3027
const params = Schema.parse(body)
3128

32-
logger.info(`[${requestId}] Creating IAM user "${params.userName}"`)
29+
logger.info(`Creating IAM user "${params.userName}"`)
3330

3431
const client = createIAMClient({
3532
region: params.region,
@@ -39,7 +36,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
3936

4037
try {
4138
const result = await createUser(client, params.userName, params.path)
42-
logger.info(`[${requestId}] Successfully created IAM user "${result.userName}"`)
39+
logger.info(`Successfully created IAM user "${result.userName}"`)
4340
return NextResponse.json({
4441
message: `User "${result.userName}" created successfully`,
4542
...result,
@@ -49,13 +46,13 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
4946
}
5047
} catch (error) {
5148
if (error instanceof z.ZodError) {
52-
logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
49+
logger.warn(`Invalid request data`, { errors: error.errors })
5350
return NextResponse.json(
5451
{ error: 'Invalid request data', details: error.errors },
5552
{ status: 400 }
5653
)
5754
}
58-
logger.error(`[${requestId}] Failed to create IAM user:`, error)
55+
logger.error(`Failed to create IAM user:`, error)
5956
return NextResponse.json(
6057
{ error: `Failed to create IAM user: ${toError(error).message}` },
6158
{ status: 500 }

apps/sim/app/api/tools/iam/delete-access-key/route.ts

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
import { createLogger } from '@sim/logger'
22
import { toError } from '@sim/utils/errors'
3-
import { generateId } from '@sim/utils/id'
43
import { type NextRequest, NextResponse } from 'next/server'
54
import { z } from 'zod'
65
import { checkInternalAuth } from '@/lib/auth/hybrid'
@@ -18,8 +17,6 @@ const Schema = z.object({
1817
})
1918

2019
export const POST = withRouteHandler(async (request: NextRequest) => {
21-
const requestId = generateId().slice(0, 8)
22-
2320
const auth = await checkInternalAuth(request)
2421
if (!auth.success || !auth.userId) {
2522
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
@@ -29,7 +26,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
2926
const body = await request.json()
3027
const params = Schema.parse(body)
3128

32-
logger.info(`[${requestId}] Deleting IAM access key "${params.accessKeyIdToDelete}"`)
29+
logger.info(`Deleting IAM access key "${params.accessKeyIdToDelete}"`)
3330

3431
const client = createIAMClient({
3532
region: params.region,
@@ -39,20 +36,20 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
3936

4037
try {
4138
await deleteAccessKey(client, params.accessKeyIdToDelete, params.userName)
42-
logger.info(`[${requestId}] Successfully deleted access key "${params.accessKeyIdToDelete}"`)
39+
logger.info(`Successfully deleted access key "${params.accessKeyIdToDelete}"`)
4340
return NextResponse.json({ message: `Access key "${params.accessKeyIdToDelete}" deleted` })
4441
} finally {
4542
client.destroy()
4643
}
4744
} catch (error) {
4845
if (error instanceof z.ZodError) {
49-
logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
46+
logger.warn(`Invalid request data`, { errors: error.errors })
5047
return NextResponse.json(
5148
{ error: 'Invalid request data', details: error.errors },
5249
{ status: 400 }
5350
)
5451
}
55-
logger.error(`[${requestId}] Failed to delete access key:`, error)
52+
logger.error(`Failed to delete access key:`, error)
5653
return NextResponse.json(
5754
{ error: `Failed to delete access key: ${toError(error).message}` },
5855
{ status: 500 }

apps/sim/app/api/tools/iam/delete-role/route.ts

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
import { createLogger } from '@sim/logger'
22
import { toError } from '@sim/utils/errors'
3-
import { generateId } from '@sim/utils/id'
43
import { type NextRequest, NextResponse } from 'next/server'
54
import { z } from 'zod'
65
import { checkInternalAuth } from '@/lib/auth/hybrid'
@@ -17,8 +16,6 @@ const Schema = z.object({
1716
})
1817

1918
export const POST = withRouteHandler(async (request: NextRequest) => {
20-
const requestId = generateId().slice(0, 8)
21-
2219
const auth = await checkInternalAuth(request)
2320
if (!auth.success || !auth.userId) {
2421
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
@@ -28,7 +25,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
2825
const body = await request.json()
2926
const params = Schema.parse(body)
3027

31-
logger.info(`[${requestId}] Deleting IAM role "${params.roleName}"`)
28+
logger.info(`Deleting IAM role "${params.roleName}"`)
3229

3330
const client = createIAMClient({
3431
region: params.region,
@@ -38,20 +35,20 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
3835

3936
try {
4037
await deleteRole(client, params.roleName)
41-
logger.info(`[${requestId}] Successfully deleted IAM role "${params.roleName}"`)
38+
logger.info(`Successfully deleted IAM role "${params.roleName}"`)
4239
return NextResponse.json({ message: `Role "${params.roleName}" deleted successfully` })
4340
} finally {
4441
client.destroy()
4542
}
4643
} catch (error) {
4744
if (error instanceof z.ZodError) {
48-
logger.warn(`[${requestId}] Invalid request data`, { errors: error.errors })
45+
logger.warn(`Invalid request data`, { errors: error.errors })
4946
return NextResponse.json(
5047
{ error: 'Invalid request data', details: error.errors },
5148
{ status: 400 }
5249
)
5350
}
54-
logger.error(`[${requestId}] Failed to delete IAM role:`, error)
51+
logger.error(`Failed to delete IAM role:`, error)
5552
return NextResponse.json(
5653
{ error: `Failed to delete IAM role: ${toError(error).message}` },
5754
{ status: 500 }

0 commit comments

Comments
 (0)