feat(workspaces): add workspace logo upload (#4136)

* feat(workspaces): add workspace logo upload

* feat(workspaces): add workspace logo upload

* fix(workspaces): validate logoUrl accepts only paths or HTTPS URLs

* fix(workspaces): add admin authorization, audit log, and posthog event for workspace logo uploads

* lint

* fix: add WebP support and use refs pattern in useProfilePictureUpload

- Add image/webp to ACCEPTED_IMAGE_TYPES in useProfilePictureUpload
- Add image/webp to file input accept attributes in whitelabeling settings
- Refactor useProfilePictureUpload to use refs for onUpload, onError, and
  currentImage callbacks, matching the established codebase pattern

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: restore cloudwatch/cloudformation files from staging

These files were accidentally regressed during rebase conflict resolution,
reverting changes from #4027. Restoring to staging versions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add workspace_logo_uploaded to PostHogEventMap

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: separate workspaceId ref sync to prevent overwrite on re-render

Split the ref sync useEffect so workspaceIdRef only updates when the
workspaceId prop changes, not when onUpload/onError callbacks get new
references. Prevents setTargetWorkspaceId from being overwritten by
a re-render before the file upload completes.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use Pick type for workspace dropdown in knowledge header

The shared Workspace type requires ownerId and other fields that aren't
available from the workspaces API response mapping. Use a Pick type to
accurately represent the subset of fields actually constructed.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* refactor: replace raw fetch with useWorkspacesQuery in knowledge header

Remove useState + useEffect + fetch anti-pattern for loading workspaces.
Use useWorkspacesQuery from React Query with inline filter for write/admin
permissions. Eliminates ~30 lines of manual state management, any casts,
and the Pick type workaround.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Author: waleedlatif1

apps/sim/app/api/files/authorization.ts

@@ -114,8 +114,12 @@ export async function verifyFileAccess(
     // Infer context from key if not explicitly provided
     const inferredContext = context || inferContextFromKey(cloudKey)
 
-    // 0. Public contexts: profile pictures and OG images are publicly accessible
-    if (inferredContext === 'profile-pictures' || inferredContext === 'og-images') {
+    // 0. Public contexts: profile pictures, OG images, and workspace logos are publicly accessible
+    if (
+      inferredContext === 'profile-pictures' ||
+      inferredContext === 'og-images' ||
+      inferredContext === 'workspace-logos'
+    ) {
       logger.info('Public file access allowed', { cloudKey, context: inferredContext })
       return true
     }

apps/sim/app/api/files/serve/[...path]/route.ts

@@ -95,7 +95,9 @@ export async function GET(
     const cloudKey = isCloudPath ? path.slice(1).join('/') : fullPath
 
     const isPublicByKeyPrefix =
-      cloudKey.startsWith('profile-pictures/') || cloudKey.startsWith('og-images/')
+      cloudKey.startsWith('profile-pictures/') ||
+      cloudKey.startsWith('og-images/') ||
+      cloudKey.startsWith('workspace-logos/')
 
     if (isPublicByKeyPrefix) {
       const context = inferContextFromKey(cloudKey)

apps/sim/app/api/files/upload/route.ts

@@ -2,7 +2,9 @@ import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { sanitizeFileName } from '@/executor/constants'
 import '@/lib/uploads/core/setup.server'
+import { AuditAction, AuditResourceType, recordAudit } from '@/lib/audit/log'
 import { getSession } from '@/lib/auth'
+import { captureServerEvent } from '@/lib/posthog/server'
 import type { StorageContext } from '@/lib/uploads/config'
 import { generateWorkspaceFileKey } from '@/lib/uploads/contexts/workspace/workspace-file-manager'
 import { isImageFileType } from '@/lib/uploads/utils/file-utils'
@@ -64,7 +66,7 @@ export async function POST(request: NextRequest) {
     // Context must be explicitly provided
     if (!contextParam) {
       throw new InvalidRequestError(
-        'Upload requires explicit context parameter (knowledge-base, workspace, execution, copilot, chat, or profile-pictures)'
+        'Upload requires explicit context parameter (knowledge-base, workspace, execution, copilot, chat, profile-pictures, or workspace-logos)'
       )
     }
 
@@ -282,13 +284,35 @@ export async function POST(request: NextRequest) {
         continue
       }
 
-      if (context === 'copilot' || context === 'chat' || context === 'profile-pictures') {
+      if (
+        context === 'copilot' ||
+        context === 'chat' ||
+        context === 'profile-pictures' ||
+        context === 'workspace-logos'
+      ) {
         if (context !== 'copilot' && !isImageFileType(file.type)) {
           throw new InvalidRequestError(
             `Only image files (JPEG, PNG, GIF, WebP, SVG) are allowed for ${context} uploads`
           )
         }
 
+        if (context === 'workspace-logos') {
+          if (!workspaceId) {
+            throw new InvalidRequestError('workspace-logos context requires workspaceId parameter')
+          }
+          const permission = await getUserEntityPermissions(
+            session.user.id,
+            'workspace',
+            workspaceId
+          )
+          if (permission !== 'admin') {
+            return NextResponse.json(
+              { error: 'Admin access required for workspace logo uploads' },
+              { status: 403 }
+            )
+          }
+        }
+
         if (context === 'chat' && workspaceId) {
           const permission = await getUserEntityPermissions(
             session.user.id,
@@ -346,13 +370,40 @@ export async function POST(request: NextRequest) {
         }
 
         logger.info(`Successfully uploaded ${context} file: ${fileInfo.key}`)
+
+        if (context === 'workspace-logos' && workspaceId) {
+          recordAudit({
+            workspaceId,
+            actorId: session.user.id,
+            actorName: session.user.name,
+            actorEmail: session.user.email,
+            action: AuditAction.FILE_UPLOADED,
+            resourceType: AuditResourceType.WORKSPACE,
+            resourceId: workspaceId,
+            description: `Uploaded workspace logo "${originalName}"`,
+            metadata: {
+              fileName: originalName,
+              fileKey: fileInfo.key,
+              fileSize: buffer.length,
+              fileType: file.type,
+            },
+            request,
+          })
+
+          captureServerEvent(session.user.id, 'workspace_logo_uploaded', {
+            workspace_id: workspaceId,
+            file_name: originalName,
+            file_size: buffer.length,
+          })
+        }
+
         uploadResults.push(uploadResult)
         continue
       }
 
       // Unknown context
       throw new InvalidRequestError(
-        `Unsupported context: ${context}. Use knowledge-base, workspace, execution, copilot, chat, or profile-pictures`
+        `Unsupported context: ${context}. Use knowledge-base, workspace, execution, copilot, chat, profile-pictures, or workspace-logos`
       )
     }
 

apps/sim/app/api/workspaces/[id]/route.ts

@@ -20,6 +20,13 @@ const patchWorkspaceSchema = z.object({
     .string()
     .regex(/^#[0-9a-fA-F]{6}$/)
     .optional(),
+  logoUrl: z
+    .string()
+    .refine((val) => val.startsWith('/') || val.startsWith('https://'), {
+      message: 'Logo URL must be an absolute path or HTTPS URL',
+    })
+    .nullable()
+    .optional(),
   billedAccountUserId: z.string().optional(),
   allowPersonalApiKeys: z.boolean().optional(),
 })
@@ -119,11 +126,12 @@ export async function PATCH(request: NextRequest, { params }: { params: Promise<
 
   try {
     const body = patchWorkspaceSchema.parse(await request.json())
-    const { name, color, billedAccountUserId, allowPersonalApiKeys } = body
+    const { name, color, logoUrl, billedAccountUserId, allowPersonalApiKeys } = body
 
     if (
       name === undefined &&
       color === undefined &&
+      logoUrl === undefined &&
       billedAccountUserId === undefined &&
       allowPersonalApiKeys === undefined
     ) {
@@ -150,6 +158,10 @@ export async function PATCH(request: NextRequest, { params }: { params: Promise<
       updateData.color = color
     }
 
+    if (logoUrl !== undefined) {
+      updateData.logoUrl = logoUrl
+    }
+
     if (allowPersonalApiKeys !== undefined) {
       updateData.allowPersonalApiKeys = Boolean(allowPersonalApiKeys)
     }
@@ -216,6 +228,9 @@ export async function PATCH(request: NextRequest, { params }: { params: Promise<
         changes: {
           ...(name !== undefined && { name: { from: existingWorkspace.name, to: name } }),
           ...(color !== undefined && { color: { from: existingWorkspace.color, to: color } }),
+          ...(logoUrl !== undefined && {
+            logoUrl: { from: existingWorkspace.logoUrl, to: logoUrl },
+          }),
           ...(allowPersonalApiKeys !== undefined && {
             allowPersonalApiKeys: {
               from: existingWorkspace.allowPersonalApiKeys,

apps/sim/app/workspace/[workspaceId]/knowledge/components/knowledge-header/knowledge-header.tsx

@@ -1,6 +1,6 @@
 'use client'
 
-import { useEffect, useState } from 'react'
+import { useState } from 'react'
 import { createLogger } from '@sim/logger'
 import { AlertTriangle, LibraryBig, MoreHorizontal } from 'lucide-react'
 import Link from 'next/link'
@@ -17,6 +17,7 @@ import { ChevronDown } from '@/components/emcn/icons'
 import { Trash } from '@/components/emcn/icons/trash'
 import { filterButtonClass } from '@/app/workspace/[workspaceId]/knowledge/components/constants'
 import { useUpdateKnowledgeBase } from '@/hooks/queries/kb/knowledge'
+import { useWorkspacesQuery } from '@/hooks/queries/workspace'
 
 const logger = createLogger('KnowledgeHeader')
 
@@ -48,52 +49,18 @@ interface KnowledgeHeaderProps {
   options?: KnowledgeHeaderOptions
 }
 
-interface Workspace {
-  id: string
-  name: string
-  permissions: 'admin' | 'write' | 'read'
-}
-
 export function KnowledgeHeader({ breadcrumbs, options }: KnowledgeHeaderProps) {
   const [isActionsMenuOpen, setIsActionsMenuOpen] = useState(false)
   const [isWorkspaceMenuOpen, setIsWorkspaceMenuOpen] = useState(false)
-  const [workspaces, setWorkspaces] = useState<Workspace[]>([])
-  const [isLoadingWorkspaces, setIsLoadingWorkspaces] = useState(false)
-
-  const updateKnowledgeBase = useUpdateKnowledgeBase()
 
-  useEffect(() => {
-    if (!options?.knowledgeBaseId) return
-
-    const fetchWorkspaces = async () => {
-      try {
-        setIsLoadingWorkspaces(true)
-
-        const response = await fetch('/api/workspaces')
-        if (!response.ok) {
-          throw new Error('Failed to fetch workspaces')
-        }
-
-        const data = await response.json()
-
-        const availableWorkspaces = data.workspaces
-          .filter((ws: any) => ws.permissions === 'write' || ws.permissions === 'admin')
-          .map((ws: any) => ({
-            id: ws.id,
-            name: ws.name,
-            permissions: ws.permissions,
-          }))
-
-        setWorkspaces(availableWorkspaces)
-      } catch (err) {
-        logger.error('Error fetching workspaces:', err)
-      } finally {
-        setIsLoadingWorkspaces(false)
-      }
-    }
+  const { data: allWorkspaces = [], isLoading: isLoadingWorkspaces } = useWorkspacesQuery(
+    !!options?.knowledgeBaseId
+  )
+  const workspaces = allWorkspaces.filter(
+    (ws) => ws.permissions === 'write' || ws.permissions === 'admin'
+  )
 
-    fetchWorkspaces()
-  }, [options?.knowledgeBaseId])
+  const updateKnowledgeBase = useUpdateKnowledgeBase()
 
   const handleWorkspaceChange = async (workspaceId: string | null) => {
     if (updateKnowledgeBase.isPending || !options?.knowledgeBaseId) return