[pull] main from formbricks:main

apps/web/app/(app)/workspaces/[workspaceId]/surveys/[surveyId]/(analysis)/summary/lib/surveySummary.ts

@@ -1111,27 +1111,23 @@ export const getResponsesForSummary = reactCache(
         skip: offset,
       });
 
-      const transformedResponses: TSurveySummaryResponse[] = await Promise.all(
-        responses.map((responsePrisma) => {
-          return {
-            id: responsePrisma.id,
-            data: (responsePrisma.data ?? {}) as TResponseData,
-            updatedAt: responsePrisma.updatedAt,
-            contact: responsePrisma.contact
-              ? {
-                  id: responsePrisma.contact.id as string,
-                  userId: responsePrisma.contact.attributes.find(
-                    (attribute) => attribute.attributeKey.key === "userId"
-                  )?.value as string,
-                }
-              : null,
-            contactAttributes: (responsePrisma.contactAttributes ?? {}) as TResponseContactAttributes,
-            language: responsePrisma.language,
-            ttc: (responsePrisma.ttc ?? {}) as TResponseTtc,
-            finished: responsePrisma.finished,
-          };
-        })
-      );
+      const transformedResponses: TSurveySummaryResponse[] = responses.map((responsePrisma) => ({
+        id: responsePrisma.id,
+        data: (responsePrisma.data ?? {}) as TResponseData,
+        updatedAt: responsePrisma.updatedAt,
+        contact: responsePrisma.contact
+          ? {
+              id: responsePrisma.contact.id as string,
+              userId: responsePrisma.contact.attributes.find(
+                (attribute) => attribute.attributeKey.key === "userId"
+              )?.value as string,
+            }
+          : null,
+        contactAttributes: (responsePrisma.contactAttributes ?? {}) as TResponseContactAttributes,
+        language: responsePrisma.language,
+        ttc: (responsePrisma.ttc ?? {}) as TResponseTtc,
+        finished: responsePrisma.finished,
+      }));
 
       return transformedResponses;
     } catch (error) {

apps/web/app/api/v1/management/responses/lib/response.ts

@@ -161,15 +161,11 @@ export const getResponsesByWorkspaceIds = reactCache(
         skip: offset ? offset : undefined,
       });
 
-      const transformedResponses: TResponse[] = await Promise.all(
-        responses.map((responsePrisma) => {
-          return {
-            ...responsePrisma,
-            contact: getResponseContact(responsePrisma),
-            tags: responsePrisma.tags.map((tagPrisma: { tag: TTag }) => tagPrisma.tag),
-          };
-        })
-      );
+      const transformedResponses: TResponse[] = responses.map((responsePrisma) => ({
+        ...responsePrisma,
+        contact: getResponseContact(responsePrisma),
+        tags: responsePrisma.tags.map((tagPrisma: { tag: TTag }) => tagPrisma.tag),
+      }));
 
       return transformedResponses;
     } catch (error) {
@@ -205,15 +201,11 @@ export const getResponses = reactCache(
         skip: offset,
       });
 
-      const transformedResponses: TResponse[] = await Promise.all(
-        responses.map((responsePrisma) => {
-          return {
-            ...responsePrisma,
-            contact: getResponseContact(responsePrisma),
-            tags: responsePrisma.tags.map((tagPrisma: { tag: TTag }) => tagPrisma.tag),
-          };
-        })
-      );
+      const transformedResponses: TResponse[] = responses.map((responsePrisma) => ({
+        ...responsePrisma,
+        contact: getResponseContact(responsePrisma),
+        tags: responsePrisma.tags.map((tagPrisma: { tag: TTag }) => tagPrisma.tag),
+      }));
 
       return transformedResponses;
     } catch (error) {

apps/web/app/api/v3/lib/api-wrapper.test.ts

@@ -26,6 +26,11 @@ const { mockQueueAuditEvent, mockBuildAuditLogBaseObject } = vi.hoisted(() => ({
   })),
 }));
 
+const { mockLoggerWarn, mockLoggerError } = vi.hoisted(() => ({
+  mockLoggerWarn: vi.fn(),
+  mockLoggerError: vi.fn(),
+}));
+
 vi.mock("next-auth", () => ({
   getServerSession: mockGetServerSession,
 }));
@@ -53,8 +58,8 @@ vi.mock("@/app/lib/api/with-api-logging", () => ({
 vi.mock("@formbricks/logger", () => ({
   logger: {
     withContext: vi.fn(() => ({
-      error: vi.fn(),
-      warn: vi.fn(),
+      error: mockLoggerError,
+      warn: mockLoggerWarn,
     })),
   },
 }));
@@ -294,6 +299,13 @@ describe("withV3ApiWrapper", () => {
     expect(response.status).toBe(401);
     expect(handler).not.toHaveBeenCalled();
     expect(response.headers.get("Content-Type")).toBe("application/problem+json");
+    expect(mockLoggerWarn).toHaveBeenCalledWith(
+      expect.objectContaining({
+        statusCode: 401,
+        detail: "Not authenticated",
+      }),
+      "V3 API authentication failed"
+    );
   });
 
   test("returns 400 problem response for invalid query input", async () => {
@@ -325,6 +337,14 @@ describe("withV3ApiWrapper", () => {
     const body = await response.json();
     expect(body.invalid_params).toEqual(expect.arrayContaining([expect.objectContaining({ name: "limit" })]));
     expect(body.requestId).toBe("req-invalid");
+    expect(mockLoggerWarn).toHaveBeenCalledWith(
+      expect.objectContaining({
+        statusCode: 400,
+        detail: "Invalid query parameters",
+        invalidParams: expect.arrayContaining([expect.objectContaining({ name: "limit" })]),
+      }),
+      "V3 API request validation failed"
+    );
   });
 
   test("parses body, repeated query params, and async route params", async () => {
@@ -413,6 +433,19 @@ describe("withV3ApiWrapper", () => {
         reason: "Malformed JSON input, please check your request body",
       },
     ]);
+    expect(mockLoggerWarn).toHaveBeenCalledWith(
+      expect.objectContaining({
+        statusCode: 400,
+        detail: "Invalid request body",
+        invalidParams: [
+          {
+            name: "body",
+            reason: "Malformed JSON input, please check your request body",
+          },
+        ],
+      }),
+      "V3 API request validation failed"
+    );
   });
 
   test("returns 413 problem response for oversized JSON input", async () => {

apps/web/app/api/v3/lib/api-wrapper.ts

@@ -79,6 +79,13 @@ function formatZodIssues(error: z.ZodError, fallbackName: "body" | "query" | "pa
   }));
 }
 
+type TV3InputParseFailure = {
+  ok: false;
+  response: Response;
+  detail: string;
+  invalidParams: InvalidParam[];
+};
+
 function searchParamsToObject(searchParams: URLSearchParams): Record<string, string | string[]> {
   const query: Record<string, string | string[]> = {};
 
@@ -159,13 +166,7 @@ async function parseV3Input<S extends TV3Schemas | undefined, TProps>(
   schemas: S | undefined,
   requestId: string,
   instance: string
-): Promise<
-  | { ok: true; parsedInput: TV3ParsedInput<S> }
-  | {
-      ok: false;
-      response: Response;
-    }
-> {
+): Promise<{ ok: true; parsedInput: TV3ParsedInput<S> } | TV3InputParseFailure> {
   const parsedInput = {} as TV3ParsedInput<S>;
 
   if (schemas?.body) {
@@ -177,26 +178,36 @@ async function parseV3Input<S extends TV3Schemas | undefined, TProps>(
       if (error instanceof RequestBodyTooLargeError) {
         return {
           ok: false,
+          detail: error.message,
+          invalidParams: [],
           response: problemPayloadTooLarge(requestId, error.message, instance),
         };
       }
 
+      const invalidParams = [
+        { name: "body", reason: "Malformed JSON input, please check your request body" },
+      ];
       return {
         ok: false,
+        detail: "Invalid request body",
+        invalidParams,
         response: problemBadRequest(requestId, "Invalid request body", {
           instance,
-          invalid_params: [{ name: "body", reason: "Malformed JSON input, please check your request body" }],
+          invalid_params: invalidParams,
         }),
       };
     }
 
     const bodyResult = schemas.body.safeParse(bodyData);
     if (!bodyResult.success) {
+      const invalidParams = formatZodIssues(bodyResult.error, "body");
       return {
         ok: false,
+        detail: "Invalid request body",
+        invalidParams,
         response: problemBadRequest(requestId, "Invalid request body", {
           instance,
-          invalid_params: formatZodIssues(bodyResult.error, "body"),
+          invalid_params: invalidParams,
         }),
       };
     }
@@ -207,11 +218,14 @@ async function parseV3Input<S extends TV3Schemas | undefined, TProps>(
   if (schemas?.query) {
     const queryResult = schemas.query.safeParse(searchParamsToObject(req.nextUrl.searchParams));
     if (!queryResult.success) {
+      const invalidParams = formatZodIssues(queryResult.error, "query");
       return {
         ok: false,
+        detail: "Invalid query parameters",
+        invalidParams,
         response: problemBadRequest(requestId, "Invalid query parameters", {
           instance,
-          invalid_params: formatZodIssues(queryResult.error, "query"),
+          invalid_params: invalidParams,
         }),
       };
     }
@@ -222,11 +236,14 @@ async function parseV3Input<S extends TV3Schemas | undefined, TProps>(
   if (schemas?.params) {
     const paramsResult = schemas.params.safeParse(await getRouteParams(props));
     if (!paramsResult.success) {
+      const invalidParams = formatZodIssues(paramsResult.error, "params");
       return {
         ok: false,
+        detail: "Invalid route parameters",
+        invalidParams,
         response: problemBadRequest(requestId, "Invalid route parameters", {
           instance,
-          invalid_params: formatZodIssues(paramsResult.error, "params"),
+          invalid_params: invalidParams,
         }),
       };
     }
@@ -375,13 +392,23 @@ export const withV3ApiWrapper = <S extends TV3Schemas | undefined, TProps = unkn
     try {
       const authResult = await authenticateV3RequestOrRespond(req, auth, requestId, instance);
       if (authResult.response) {
-        log.warn({ statusCode: authResult.response.status }, "V3 API authentication failed");
+        log.warn(
+          { statusCode: authResult.response.status, detail: getUnauthenticatedDetail(auth) },
+          "V3 API authentication failed"
+        );
         return authResult.response;
       }
 
       const parsedInputResult = await parseV3Input(req, props, schemas, requestId, instance);
       if (!parsedInputResult.ok) {
-        log.warn({ statusCode: parsedInputResult.response.status }, "V3 API request validation failed");
+        log.warn(
+          {
+            statusCode: parsedInputResult.response.status,
+            detail: parsedInputResult.detail,
+            invalidParams: parsedInputResult.invalidParams,
+          },
+          "V3 API request validation failed"
+        );
         return parsedInputResult.response;
       }
 

apps/web/app/api/v3/lib/auth.test.ts

@@ -3,7 +3,7 @@ import { beforeEach, describe, expect, test, vi } from "vitest";
 import { AuthorizationError } from "@formbricks/types/errors";
 import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
 import { getOrganizationIdFromWorkspaceId } from "@/lib/utils/helper";
-import { findWorkspaceByIdOrLegacyEnvId } from "@/lib/utils/resolve-client-id";
+import { getWorkspace } from "@/lib/workspace/service";
 import { requireSessionWorkspaceAccess, requireV3WorkspaceAccess } from "./auth";
 
 vi.mock("@formbricks/logger", () => ({
@@ -19,8 +19,8 @@ vi.mock("@/lib/utils/helper", () => ({
   getOrganizationIdFromWorkspaceId: vi.fn(),
 }));
 
-vi.mock("@/lib/utils/resolve-client-id", () => ({
-  findWorkspaceByIdOrLegacyEnvId: vi.fn(),
+vi.mock("@/lib/workspace/service", () => ({
+  getWorkspace: vi.fn(),
 }));
 
 vi.mock("@/lib/utils/action-client/action-client-middleware", () => ({
@@ -39,7 +39,7 @@ describe("requireSessionWorkspaceAccess", () => {
     expect(body.requestId).toBe(requestId);
     expect(body.status).toBe(401);
     expect(body.code).toBe("not_authenticated");
-    expect(findWorkspaceByIdOrLegacyEnvId).not.toHaveBeenCalled();
+    expect(getWorkspace).not.toHaveBeenCalled();
     expect(checkAuthorizationUpdated).not.toHaveBeenCalled();
   });
 
@@ -55,11 +55,11 @@ describe("requireSessionWorkspaceAccess", () => {
     const body = await (result as Response).json();
     expect(body.requestId).toBe(requestId);
     expect(body.code).toBe("not_authenticated");
-    expect(findWorkspaceByIdOrLegacyEnvId).not.toHaveBeenCalled();
+    expect(getWorkspace).not.toHaveBeenCalled();
   });
 
   test("returns 403 when workspace is not found (avoid leaking existence)", async () => {
-    vi.mocked(findWorkspaceByIdOrLegacyEnvId).mockResolvedValueOnce(null);
+    vi.mocked(getWorkspace).mockResolvedValueOnce(null);
     const result = await requireSessionWorkspaceAccess(
       { user: { id: "user_1" }, expires: "" } as any,
       "ws_nonexistent",
@@ -72,12 +72,12 @@ describe("requireSessionWorkspaceAccess", () => {
     const body = await (result as Response).json();
     expect(body.requestId).toBe(requestId);
     expect(body.code).toBe("forbidden");
-    expect(findWorkspaceByIdOrLegacyEnvId).toHaveBeenCalledWith("ws_nonexistent");
+    expect(getWorkspace).toHaveBeenCalledWith("ws_nonexistent");
     expect(checkAuthorizationUpdated).not.toHaveBeenCalled();
   });
 
   test("returns 403 when user has no access to workspace", async () => {
-    vi.mocked(findWorkspaceByIdOrLegacyEnvId).mockResolvedValueOnce({ id: "proj_abc" });
+    vi.mocked(getWorkspace).mockResolvedValueOnce({ id: "proj_abc" } as any);
     vi.mocked(getOrganizationIdFromWorkspaceId).mockResolvedValueOnce("org_1");
     vi.mocked(checkAuthorizationUpdated).mockRejectedValueOnce(new AuthorizationError("Not authorized"));
     const result = await requireSessionWorkspaceAccess(
@@ -102,7 +102,7 @@ describe("requireSessionWorkspaceAccess", () => {
   });
 
   test("returns workspace context when session is valid and user has access", async () => {
-    vi.mocked(findWorkspaceByIdOrLegacyEnvId).mockResolvedValueOnce({ id: "proj_abc" });
+    vi.mocked(getWorkspace).mockResolvedValueOnce({ id: "proj_abc" } as any);
     vi.mocked(getOrganizationIdFromWorkspaceId).mockResolvedValueOnce("org_1");
     vi.mocked(checkAuthorizationUpdated).mockResolvedValueOnce(undefined as any);
     const result = await requireSessionWorkspaceAccess(
@@ -144,7 +144,7 @@ function wsPerm(workspaceId: string, permission: ApiKeyPermission = ApiKeyPermis
 
 describe("requireV3WorkspaceAccess", () => {
   beforeEach(() => {
-    vi.mocked(findWorkspaceByIdOrLegacyEnvId).mockResolvedValue({ id: "proj_k" });
+    vi.mocked(getWorkspace).mockResolvedValue({ id: "proj_k" } as any);
     vi.mocked(getOrganizationIdFromWorkspaceId).mockResolvedValue("org_k");
   });
 
@@ -154,7 +154,7 @@ describe("requireV3WorkspaceAccess", () => {
   });
 
   test("delegates to session flow when user is present", async () => {
-    vi.mocked(findWorkspaceByIdOrLegacyEnvId).mockResolvedValueOnce({ id: "proj_s" });
+    vi.mocked(getWorkspace).mockResolvedValueOnce({ id: "proj_s" } as any);
     vi.mocked(getOrganizationIdFromWorkspaceId).mockResolvedValueOnce("org_s");
     vi.mocked(checkAuthorizationUpdated).mockResolvedValueOnce(undefined as any);
     const r = await requireV3WorkspaceAccess(
@@ -179,7 +179,7 @@ describe("requireV3WorkspaceAccess", () => {
       workspaceId: "proj_k",
       organizationId: "org_k",
     });
-    expect(findWorkspaceByIdOrLegacyEnvId).toHaveBeenCalledWith("proj_k");
+    expect(getWorkspace).toHaveBeenCalledWith("proj_k");
   });
 
   test("returns context for API key with write on workspace", async () => {
@@ -239,7 +239,7 @@ describe("requireV3WorkspaceAccess", () => {
   });
 
   test("returns 403 when the workspace cannot be resolved for an API key", async () => {
-    vi.mocked(findWorkspaceByIdOrLegacyEnvId).mockResolvedValueOnce(null);
+    vi.mocked(getWorkspace).mockResolvedValueOnce(null);
     const auth = {
       ...keyBase,
       workspacePermissions: [wsPerm("proj_k", ApiKeyPermission.manage)],