fix(confluence): address PR review feedback

- Move get_user from GET to POST to avoid exposing access token in URL
- Add 400 validation for missing params in space-properties create/delete
- Add null check for blog post version before update to prevent TypeError

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: waleedlatif1

apps/sim/app/api/tools/confluence/blogposts/route.ts

@@ -330,6 +330,14 @@ export async function PUT(request: NextRequest) {
     }
 
     const currentPost = await currentResponse.json()
+
+    if (!currentPost.version?.number) {
+      return NextResponse.json(
+        { error: 'Unable to determine current blog post version' },
+        { status: 422 }
+      )
+    }
+
     const currentVersion = currentPost.version.number
 
     const updateBody: Record<string, unknown> = {

apps/sim/app/api/tools/confluence/space-properties/route.ts

@@ -60,6 +60,21 @@ export async function POST(request: NextRequest) {
 
     const baseUrl = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/spaces/${spaceId}/properties`
 
+    // Validate required params for specific actions
+    if (action === 'delete' && !propertyId) {
+      return NextResponse.json(
+        { error: 'Property ID is required for delete action' },
+        { status: 400 }
+      )
+    }
+
+    if (action === 'create' && !key) {
+      return NextResponse.json(
+        { error: 'Property key is required for create action' },
+        { status: 400 }
+      )
+    }
+
     // Delete a property
     if (action === 'delete' && propertyId) {
       const propertyIdValidation = validateAlphanumericId(propertyId, 'propertyId', 255)

apps/sim/app/api/tools/confluence/user/route.ts

@@ -12,18 +12,15 @@ export const dynamic = 'force-dynamic'
  * Get a Confluence user by account ID.
  * Uses GET /wiki/rest/api/user?accountId={accountId}
  */
-export async function GET(request: NextRequest) {
+export async function POST(request: NextRequest) {
   try {
     const auth = await checkSessionOrInternalAuth(request)
     if (!auth.success || !auth.userId) {
       return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
     }
 
-    const { searchParams } = new URL(request.url)
-    const domain = searchParams.get('domain')
-    const accessToken = searchParams.get('accessToken')
-    const accountId = searchParams.get('accountId')
-    const providedCloudId = searchParams.get('cloudId')
+    const body = await request.json()
+    const { domain, accessToken, accountId, cloudId: providedCloudId } = body
 
     if (!domain) {
       return NextResponse.json({ error: 'Domain is required' }, { status: 400 })

apps/sim/tools/confluence/get_user.ts

@@ -62,22 +62,19 @@ export const confluenceGetUserTool: ToolConfig<ConfluenceGetUserParams, Confluen
     },
 
     request: {
-      url: (params: ConfluenceGetUserParams) => {
-        const query = new URLSearchParams({
-          domain: params.domain,
-          accessToken: params.accessToken,
-          accountId: params.accountId?.trim(),
-        })
-        if (params.cloudId) {
-          query.set('cloudId', params.cloudId)
-        }
-        return `/api/tools/confluence/user?${query.toString()}`
-      },
-      method: 'GET',
+      url: () => '/api/tools/confluence/user',
+      method: 'POST',
       headers: (params: ConfluenceGetUserParams) => ({
         Accept: 'application/json',
+        'Content-Type': 'application/json',
         Authorization: `Bearer ${params.accessToken}`,
       }),
+      body: (params: ConfluenceGetUserParams) => ({
+        domain: params.domain,
+        accessToken: params.accessToken,
+        accountId: params.accountId?.trim(),
+        cloudId: params.cloudId,
+      }),
     },
 
     transformResponse: async (response: Response) => {