more fixes

Author: icecrasher321

apps/sim/app/(auth)/oauth/consent/page.tsx

@@ -5,6 +5,8 @@ import { ArrowLeftRight } from 'lucide-react'
 import Image from 'next/image'
 import { useRouter, useSearchParams } from 'next/navigation'
 import { Button, Loader } from '@/components/emcn'
+import { requestJson } from '@/lib/api/client/request'
+import { oauthAuthorizeParamsContract } from '@/lib/api/contracts/oauth-connections'
 import { signOut, useSession } from '@/lib/auth/auth-client'
 import { AUTH_SUBMIT_BTN } from '@/app/(auth)/components/auth-button-classes'
 
@@ -102,16 +104,15 @@ export default function OAuthConsentPage() {
   const handleSwitchAccount = useCallback(async () => {
     if (!consentCode) return
 
-    // boundary-raw-fetch: route handler not yet contract-backed (uses safeParse, not parseRequest)
-    const res = await fetch(`/api/auth/oauth2/authorize-params?consent_code=${consentCode}`, {
-      credentials: 'include',
-    })
-    if (!res.ok) {
+    const params = await requestJson(oauthAuthorizeParamsContract, {
+      query: { consent_code: consentCode },
+    }).catch(() => null)
+
+    if (!params) {
       setError('Unable to switch accounts. Please re-initiate the connection.')
       return
     }
 
-    const params = (await res.json()) as Record<string, string | null>
     const authorizeUrl = new URL('/api/auth/oauth2/authorize', window.location.origin)
     for (const [key, value] of Object.entries(params)) {
       if (value) authorizeUrl.searchParams.set(key, value)

apps/sim/app/(landing)/components/auth-modal/auth-modal.tsx

@@ -14,6 +14,8 @@ import {
   ModalTrigger,
 } from '@/components/emcn'
 import { GithubIcon, GoogleIcon } from '@/components/icons'
+import { requestJson } from '@/lib/api/client/request'
+import { type AuthProviderStatusResponse, getAuthProvidersContract } from '@/lib/api/contracts/auth'
 import { client } from '@/lib/auth/auth-client'
 import { getEnv, isFalsy, isTruthy } from '@/lib/core/config/env'
 import { captureClientEvent } from '@/lib/posthog/client'
@@ -30,13 +32,9 @@ interface AuthModalProps {
   source: PostHogEventMap['auth_modal_opened']['source']
 }
 
-interface ProviderStatus {
-  githubAvailable: boolean
-  googleAvailable: boolean
-  registrationDisabled: boolean
-}
+type ProviderStatus = AuthProviderStatusResponse
 
-let fetchPromise: Promise<ProviderStatus> | null = null
+let fetchPromise: Promise<AuthProviderStatusResponse> | null = null
 
 const FALLBACK_STATUS: ProviderStatus = {
   githubAvailable: false,
@@ -49,13 +47,8 @@ const SOCIAL_BTN =
 
 function fetchProviderStatus(): Promise<ProviderStatus> {
   if (fetchPromise) return fetchPromise
-  // boundary-raw-fetch: /api/auth/providers route has no parseRequest contract (zero-input GET, no boundary contract exists)
-  fetchPromise = fetch('/api/auth/providers')
-    .then((r) => {
-      if (!r.ok) throw new Error(`HTTP ${r.status}`)
-      return r.json()
-    })
-    .then(({ githubAvailable, googleAvailable, registrationDisabled }: ProviderStatus) => ({
+  fetchPromise = requestJson(getAuthProvidersContract, {})
+    .then(({ githubAvailable, googleAvailable, registrationDisabled }) => ({
       githubAvailable,
       googleAvailable,
       registrationDisabled,

apps/sim/app/(landing)/components/contact/contact-form.tsx

@@ -7,10 +7,13 @@ import { useMutation } from '@tanstack/react-query'
 import Link from 'next/link'
 import { Combobox, Input, Textarea } from '@/components/emcn'
 import { Check } from '@/components/emcn/icons'
+import { requestJson } from '@/lib/api/client/request'
 import {
   CONTACT_TOPIC_OPTIONS,
   type ContactRequestPayload,
   contactRequestSchema,
+  type SubmitContactBody,
+  submitContactContract,
 } from '@/lib/api/contracts/contact'
 import { flattenFieldErrors } from '@/lib/api/contracts/primitives'
 import { getEnv } from '@/lib/core/config/env'
@@ -53,30 +56,8 @@ const LANDING_SUBMIT =
 const LANDING_LABEL =
   'font-[500] font-season text-[13px] text-[var(--landing-text)] tracking-[0.02em]'
 
-interface SubmitContactRequestInput extends ContactRequestPayload {
-  website: string
-  captchaToken?: string
-  captchaUnavailable?: boolean
-}
-
-async function submitContactRequest(payload: SubmitContactRequestInput) {
-  // boundary-raw-fetch: payload includes turnstile captcha + honeypot fields not in submitContactContract body
-  const response = await fetch('/api/contact', {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify(payload),
-  })
-
-  const result = (await response.json().catch(() => null)) as {
-    error?: string
-    message?: string
-  } | null
-
-  if (!response.ok) {
-    throw new Error(result?.error || 'Failed to send message')
-  }
-
-  return result
+async function submitContactRequest(payload: SubmitContactBody) {
+  return requestJson(submitContactContract, { body: payload })
 }
 
 export function ContactForm() {

apps/sim/app/_shell/providers/session-provider.tsx

@@ -4,6 +4,8 @@ import type React from 'react'
 import { createContext, useCallback, useEffect, useMemo, useState } from 'react'
 import { createLogger } from '@sim/logger'
 import { useQueryClient } from '@tanstack/react-query'
+import { requestJson } from '@/lib/api/client/request'
+import { listCreatorOrganizationsContract } from '@/lib/api/contracts/creator-profile'
 import { client } from '@/lib/auth/auth-client'
 import { extractSessionDataFromAuthClientResult } from '@/lib/auth/session-response'
 
@@ -92,15 +94,9 @@ export function SessionProvider({ children }: { children: React.ReactNode }) {
       }
 
       try {
-        // boundary-raw-fetch: GET route handler not yet contract-backed (no GET contract for /api/organizations)
-        const response = await fetch('/api/organizations')
-        if (!response.ok) {
-          return
-        }
+        const orgData = await requestJson(listCreatorOrganizationsContract, {}).catch(() => null)
+        if (!orgData) return
 
-        const orgData = (await response.json()) as {
-          organizations?: Array<{ id: string }>
-        }
         const organizationId = orgData.organizations?.[0]?.id
 
         if (!organizationId || isCancelled) {

apps/sim/app/api/auth/oauth2/authorize-params/route.ts

@@ -3,8 +3,8 @@ import { verification } from '@sim/db/schema'
 import { and, eq, gt } from 'drizzle-orm'
 import type { NextRequest } from 'next/server'
 import { NextResponse } from 'next/server'
-import { oauthAuthorizeParamsQuerySchema } from '@/lib/api/contracts/oauth-connections'
-import { getValidationErrorMessage } from '@/lib/api/server'
+import { oauthAuthorizeParamsContract } from '@/lib/api/contracts/oauth-connections'
+import { parseRequest } from '@/lib/api/server'
 import { getSession } from '@/lib/auth'
 import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
 
@@ -19,16 +19,9 @@ export const GET = withRouteHandler(async (request: NextRequest) => {
     return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
   }
 
-  const parsedQuery = oauthAuthorizeParamsQuerySchema.safeParse({
-    consent_code: request.nextUrl.searchParams.get('consent_code') || undefined,
-  })
-  if (!parsedQuery.success) {
-    return NextResponse.json(
-      { error: getValidationErrorMessage(parsedQuery.error) },
-      { status: 400 }
-    )
-  }
-  const consentCode = parsedQuery.data.consent_code
+  const parsed = await parseRequest(oauthAuthorizeParamsContract, request, {})
+  if (!parsed.success) return parsed.response
+  const consentCode = parsed.data.query.consent_code
 
   const [record] = await db
     .select({ value: verification.value })

apps/sim/app/api/auth/providers/route.ts

@@ -1,11 +1,17 @@
+import type { NextRequest } from 'next/server'
 import { NextResponse } from 'next/server'
+import { getAuthProvidersContract } from '@/lib/api/contracts/auth'
+import { parseRequest } from '@/lib/api/server'
 import { isRegistrationDisabled } from '@/lib/core/config/feature-flags'
 import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
 import { getOAuthProviderStatus } from '@/app/(auth)/components/oauth-provider-checker'
 
 export const dynamic = 'force-dynamic'
 
-export const GET = withRouteHandler(async () => {
+export const GET = withRouteHandler(async (request: NextRequest) => {
+  const parsed = await parseRequest(getAuthProvidersContract, request, {})
+  if (!parsed.success) return parsed.response
+
   const { githubAvailable, googleAvailable } = await getOAuthProviderStatus()
   return NextResponse.json({
     githubAvailable,

apps/sim/app/api/contact/route.ts

@@ -2,9 +2,9 @@ import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { renderHelpConfirmationEmail } from '@/components/emails'
 import {
-  contactRequestSchema,
   getContactTopicLabel,
   mapContactTopicToHelpType,
+  submitContactBodySchema,
 } from '@/lib/api/contracts/contact'
 import { getValidationErrorMessage } from '@/lib/api/server'
 import { env } from '@/lib/core/config/env'
@@ -120,7 +120,7 @@ export const POST = withRouteHandler(async (req: NextRequest) => {
       }
     }
 
-    const validationResult = contactRequestSchema.safeParse(body)
+    const validationResult = submitContactBodySchema.safeParse(body)
 
     if (!validationResult.success) {
       logger.warn(`[${requestId}] Invalid contact request data`, {

apps/sim/app/api/credential-sets/invite/[token]/route.ts

@@ -10,7 +10,11 @@ import { createLogger } from '@sim/logger'
 import { generateId } from '@sim/utils/id'
 import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
-import { credentialSetInviteTokenParamsSchema } from '@/lib/api/contracts/credential-sets'
+import {
+  acceptCredentialSetInvitationContract,
+  getCredentialSetInvitationContract,
+} from '@/lib/api/contracts/credential-sets'
+import { parseRequest } from '@/lib/api/server'
 import { getSession } from '@/lib/auth'
 import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
 import { normalizeEmail } from '@/lib/invitations/core'
@@ -19,8 +23,10 @@ import { syncAllWebhooksForCredentialSet } from '@/lib/webhooks/utils.server'
 const logger = createLogger('CredentialSetInviteToken')
 
 export const GET = withRouteHandler(
-  async (req: NextRequest, { params }: { params: Promise<{ token: string }> }) => {
-    const { token } = credentialSetInviteTokenParamsSchema.parse(await params)
+  async (req: NextRequest, context: { params: Promise<{ token: string }> }) => {
+    const parsed = await parseRequest(getCredentialSetInvitationContract, req, context)
+    if (!parsed.success) return parsed.response
+    const { token } = parsed.data.params
 
     const [invitation] = await db
       .select({
@@ -69,8 +75,10 @@ export const GET = withRouteHandler(
 )
 
 export const POST = withRouteHandler(
-  async (req: NextRequest, { params }: { params: Promise<{ token: string }> }) => {
-    const { token } = credentialSetInviteTokenParamsSchema.parse(await params)
+  async (req: NextRequest, context: { params: Promise<{ token: string }> }) => {
+    const parsed = await parseRequest(acceptCredentialSetInvitationContract, req, context)
+    if (!parsed.success) return parsed.response
+    const { token } = parsed.data.params
 
     const session = await getSession()
     if (!session?.user?.id) {

apps/sim/app/api/invitations/[id]/accept/route.ts

@@ -1,47 +1,32 @@
 import { AuditAction, AuditResourceType, recordAudit } from '@sim/audit'
 import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
-import {
-  invitationActionBodySchema,
-  invitationActionParamsSchema,
-} from '@/lib/api/contracts/invitations'
-import { getValidationErrorMessage } from '@/lib/api/server'
+import { acceptInvitationContract } from '@/lib/api/contracts/invitations'
+import { parseRequest } from '@/lib/api/server'
 import { getSession } from '@/lib/auth'
 import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
 import { acceptInvitation } from '@/lib/invitations/core'
 
 const logger = createLogger('InvitationAcceptAPI')
 
 export const POST = withRouteHandler(
-  async (request: NextRequest, { params }: { params: Promise<{ id: string }> }) => {
-    const parsedParams = invitationActionParamsSchema.safeParse(await params)
-    if (!parsedParams.success) {
-      return NextResponse.json(
-        { error: getValidationErrorMessage(parsedParams.error) },
-        { status: 400 }
-      )
-    }
-    const { id } = parsedParams.data
+  async (request: NextRequest, context: { params: Promise<{ id: string }> }) => {
     const session = await getSession()
 
     if (!session?.user?.id || !session.user.email) {
       return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
     }
 
-    const body = await request.json().catch(() => ({}))
-    const parsed = invitationActionBodySchema.safeParse(body)
-    if (!parsed.success) {
-      return NextResponse.json(
-        { error: getValidationErrorMessage(parsed.error, 'Invalid request body') },
-        { status: 400 }
-      )
-    }
+    const parsed = await parseRequest(acceptInvitationContract, request, context)
+    if (!parsed.success) return parsed.response
+
+    const { id } = parsed.data.params
 
     const result = await acceptInvitation({
       userId: session.user.id,
       userEmail: session.user.email,
       invitationId: id,
-      token: parsed.data.token ?? null,
+      token: parsed.data.body.token ?? null,
     })
 
     if (!result.success) {

apps/sim/app/api/invitations/[id]/reject/route.ts

@@ -1,47 +1,32 @@
 import { AuditAction, AuditResourceType, recordAudit } from '@sim/audit'
 import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
-import {
-  invitationActionBodySchema,
-  invitationActionParamsSchema,
-} from '@/lib/api/contracts/invitations'
-import { getValidationErrorMessage } from '@/lib/api/server'
+import { rejectInvitationContract } from '@/lib/api/contracts/invitations'
+import { parseRequest } from '@/lib/api/server'
 import { getSession } from '@/lib/auth'
 import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
 import { rejectInvitation } from '@/lib/invitations/core'
 
 const logger = createLogger('InvitationRejectAPI')
 
 export const POST = withRouteHandler(
-  async (request: NextRequest, { params }: { params: Promise<{ id: string }> }) => {
-    const parsedParams = invitationActionParamsSchema.safeParse(await params)
-    if (!parsedParams.success) {
-      return NextResponse.json(
-        { error: getValidationErrorMessage(parsedParams.error) },
-        { status: 400 }
-      )
-    }
-    const { id } = parsedParams.data
+  async (request: NextRequest, context: { params: Promise<{ id: string }> }) => {
     const session = await getSession()
 
     if (!session?.user?.id || !session.user.email) {
       return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
     }
 
-    const body = await request.json().catch(() => ({}))
-    const parsed = invitationActionBodySchema.safeParse(body)
-    if (!parsed.success) {
-      return NextResponse.json(
-        { error: getValidationErrorMessage(parsed.error, 'Invalid request body') },
-        { status: 400 }
-      )
-    }
+    const parsed = await parseRequest(rejectInvitationContract, request, context)
+    if (!parsed.success) return parsed.response
+
+    const { id } = parsed.data.params
 
     const result = await rejectInvitation({
       userId: session.user.id,
       userEmail: session.user.email,
       invitationId: id,
-      token: parsed.data.token ?? null,
+      token: parsed.data.body.token ?? null,
     })
 
     if (!result.success) {