address comments, antipatterns

Author: icecrasher321

.gitignore

@@ -85,3 +85,6 @@ i18n.cache
 .claude/worktrees/
 .claude/scheduled_tasks.lock
 .deepsec/
+
+# Personal Cursor Skills
+.cursor/skills/ask-sim/

apps/sim/app/api/files/upload/route.test.ts

@@ -227,6 +227,26 @@ describe('File Upload API Route', () => {
     expect(uploadWorkspaceFile).toHaveBeenCalled()
   })
 
+  it('should accept chunked multipart uploads without a content-length header', async () => {
+    setupFileApiMocks({
+      cloudEnabled: false,
+      storageProvider: 'local',
+    })
+
+    const formData = createMockFormData([createMockFile()])
+    const req = new NextRequest('http://localhost:3000/api/files/upload', {
+      method: 'POST',
+      body: formData,
+    })
+
+    expect(req.headers.get('content-length')).toBeNull()
+
+    const response = await POST(req)
+
+    expect(response.status).toBe(200)
+    expect(uploadWorkspaceFile).toHaveBeenCalled()
+  })
+
   it('should upload a file to S3 when in S3 mode', async () => {
     setupFileApiMocks({
       cloudEnabled: true,

apps/sim/app/api/files/upload/route.ts

@@ -11,10 +11,10 @@ import {
 import { getValidationErrorMessage } from '@/lib/api/server'
 import { getSession } from '@/lib/auth'
 import {
-  assertContentLengthWithinLimit,
   assertKnownSizeWithinLimit,
   isPayloadSizeLimitError,
   readFileToBufferWithLimit,
+  readFormDataWithLimit,
 } from '@/lib/core/utils/stream-limits'
 import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
 import { captureServerEvent } from '@/lib/posthog/server'
@@ -50,19 +50,10 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
       return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
     }
 
-    if (request.headers && !request.headers.get('content-length')) {
-      return NextResponse.json(
-        { error: 'Content-Length is required for multipart uploads' },
-        { status: 411 }
-      )
-    }
-    assertContentLengthWithinLimit(
-      request.headers,
-      MAX_WORKSPACE_FORMDATA_FILE_SIZE + MAX_MULTIPART_OVERHEAD_BYTES,
-      'multipart upload body'
-    )
-
-    const formData = await request.formData()
+    const formData = await readFormDataWithLimit(request, {
+      maxBytes: MAX_WORKSPACE_FORMDATA_FILE_SIZE + MAX_MULTIPART_OVERHEAD_BYTES,
+      label: 'multipart upload body',
+    })
 
     const rawFiles = formData.getAll('file')
     const filesResult = uploadFilesFormFilesSchema.safeParse(rawFiles)

apps/sim/app/api/table/[tableId]/import/route.test.ts

@@ -229,6 +229,21 @@ describe('POST /api/table/[tableId]/import', () => {
     expect(mockReplaceTableRowsWithTx).not.toHaveBeenCalled()
   })
 
+  it('accepts chunked multipart imports without a content-length header', async () => {
+    const form = createFormData(createCsvFile('name,age\nAlice,30'), { mode: 'append' })
+    const req = new NextRequest('http://localhost:3000/api/table/tbl_1/import', {
+      method: 'POST',
+      body: form,
+    })
+
+    expect(req.headers.get('content-length')).toBeNull()
+
+    const response = await POST(req, { params: Promise.resolve({ tableId: 'tbl_1' }) })
+
+    expect(response.status).toBe(200)
+    expect(mockBatchInsertRowsWithTx).toHaveBeenCalledTimes(1)
+  })
+
   it('rejects append when it would exceed maxRows', async () => {
     mockCheckAccess.mockResolvedValueOnce({
       ok: true,

apps/sim/app/api/table/[tableId]/import/route.ts

@@ -15,9 +15,9 @@ import { getValidationErrorMessage } from '@/lib/api/server'
 import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { generateRequestId } from '@/lib/core/utils/request'
 import {
-  assertContentLengthWithinLimit,
   isPayloadSizeLimitError,
   readFileToBufferWithLimit,
+  readFormDataWithLimit,
 } from '@/lib/core/utils/stream-limits'
 import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
 import {
@@ -56,19 +56,10 @@ export const POST = withRouteHandler(async (request: NextRequest, { params }: Ro
       return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
     }
 
-    if (request.headers && !request.headers.get('content-length')) {
-      return NextResponse.json(
-        { error: 'Content-Length is required for CSV imports' },
-        { status: 411 }
-      )
-    }
-    assertContentLengthWithinLimit(
-      request.headers,
-      CSV_MAX_FILE_SIZE_BYTES + MAX_MULTIPART_OVERHEAD_BYTES,
-      'CSV import body'
-    )
-
-    const formData = await request.formData()
+    const formData = await readFormDataWithLimit(request, {
+      maxBytes: CSV_MAX_FILE_SIZE_BYTES + MAX_MULTIPART_OVERHEAD_BYTES,
+      label: 'CSV import body',
+    })
     const formValidation = csvImportFormSchema.safeParse({
       file: formData.get('file'),
       workspaceId: formData.get('workspaceId'),

apps/sim/app/api/table/import-csv/route.test.ts

@@ -90,17 +90,15 @@ describe('POST /api/table/import-csv', () => {
     expect(mockCreateTable).not.toHaveBeenCalled()
   })
 
-  it('requires content-length when request headers are available', async () => {
+  it('accepts chunked multipart requests without a content-length header', async () => {
     const req = {
       headers: new Headers({ 'transfer-encoding': 'chunked' }),
       formData: vi.fn(async () => createFormData(createCsvFile('name\nAlice'))),
     } as unknown as NextRequest
 
     const response = await POST(req)
-    const data = await response.json()
 
-    expect(response.status).toBe(411)
-    expect(data.error).toMatch(/Content-Length is required/)
-    expect(req.formData).not.toHaveBeenCalled()
+    expect(response.status).not.toBe(411)
+    expect(req.formData).toHaveBeenCalled()
   })
 })

apps/sim/app/api/table/import-csv/route.ts

@@ -7,9 +7,9 @@ import { getValidationErrorMessage } from '@/lib/api/server'
 import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
 import { generateRequestId } from '@/lib/core/utils/request'
 import {
-  assertContentLengthWithinLimit,
   isPayloadSizeLimitError,
   readFileToBufferWithLimit,
+  readFormDataWithLimit,
 } from '@/lib/core/utils/stream-limits'
 import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
 import {
@@ -41,19 +41,10 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
       return NextResponse.json({ error: 'Authentication required' }, { status: 401 })
     }
 
-    if (request.headers && !request.headers.get('content-length')) {
-      return NextResponse.json(
-        { error: 'Content-Length is required for CSV imports' },
-        { status: 411 }
-      )
-    }
-    assertContentLengthWithinLimit(
-      request.headers,
-      CSV_MAX_FILE_SIZE_BYTES + MAX_MULTIPART_OVERHEAD_BYTES,
-      'CSV import body'
-    )
-
-    const formData = await request.formData()
+    const formData = await readFormDataWithLimit(request, {
+      maxBytes: CSV_MAX_FILE_SIZE_BYTES + MAX_MULTIPART_OVERHEAD_BYTES,
+      label: 'CSV import body',
+    })
     const validation = csvImportFormSchema.safeParse({
       file: formData.get('file'),
       workspaceId: formData.get('workspaceId'),

apps/sim/app/api/tools/docusign/route.ts

@@ -8,12 +8,12 @@ import {
   assertKnownSizeWithinLimit,
   DEFAULT_MAX_ERROR_BODY_BYTES,
   isPayloadSizeLimitError,
-  PayloadSizeLimitError,
   readResponseJsonWithLimit,
   readResponseTextWithLimit,
   readResponseToBufferWithLimit,
 } from '@/lib/core/utils/stream-limits'
 import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
+import { uploadCopilotFile } from '@/lib/uploads/contexts/copilot'
 import { uploadExecutionFile } from '@/lib/uploads/contexts/execution'
 import { FileInputSchema } from '@/lib/uploads/utils/file-schemas'
 import { processFilesToUserFiles, type RawFileInput } from '@/lib/uploads/utils/file-utils'
@@ -23,7 +23,6 @@ import { assertToolFileAccess } from '@/app/api/files/authorization'
 const logger = createLogger('DocuSignAPI')
 const MAX_DOCUSIGN_DOCUMENT_BYTES = 25 * 1024 * 1024
 const MAX_DOCUSIGN_JSON_BYTES = 2 * 1024 * 1024
-const MAX_LEGACY_INLINE_DOCUMENT_BYTES = 7 * 1024 * 1024
 
 interface DocuSignAccountInfo {
   accountId: string
@@ -140,7 +139,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
       case 'void_envelope':
         return await handleVoidEnvelope(apiBase, headers, params)
       case 'download_document':
-        return await handleDownloadDocument(apiBase, headers, params)
+        return await handleDownloadDocument(apiBase, headers, params, authResult.userId)
       case 'list_templates':
         return await handleListTemplates(apiBase, headers, params)
       case 'list_recipients':
@@ -445,7 +444,8 @@ async function handleVoidEnvelope(
 async function handleDownloadDocument(
   apiBase: string,
   headers: Record<string, string>,
-  params: Record<string, unknown>
+  params: Record<string, unknown>,
+  userId: string
 ) {
   const { envelopeId, documentId } = params
   if (!envelopeId) {
@@ -509,17 +509,14 @@ async function handleDownloadDocument(
     })
   }
 
-  if (buffer.length > MAX_LEGACY_INLINE_DOCUMENT_BYTES) {
-    throw new PayloadSizeLimitError({
-      label: 'DocuSign legacy inline document',
-      maxBytes: MAX_LEGACY_INLINE_DOCUMENT_BYTES,
-      observedBytes: buffer.length,
-    })
-  }
-
-  const base64Content = buffer.toString('base64')
+  const file = await uploadCopilotFile({
+    buffer,
+    fileName,
+    contentType,
+    userId,
+  })
 
-  return NextResponse.json({ base64Content, mimeType: contentType, fileName })
+  return NextResponse.json({ file, mimeType: contentType, fileName })
 }
 
 async function handleListTemplates(