fix(integration): 🔒️ Enforce Sheets security

apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts

@@ -1,13 +1,8 @@
 import { NextApiRequest, NextApiResponse } from 'next'
 import { drive } from '@googleapis/drive'
 import { getAuthenticatedGoogleClient } from 'libs/google-sheets'
-import {
-  badRequest,
-  forbidden,
-  methodNotAllowed,
-  notAuthenticated,
-} from 'utils'
-import { captureException, setUser, withSentry } from '@sentry/nextjs'
+import { badRequest, methodNotAllowed, notAuthenticated } from 'utils'
+import { setUser, withSentry } from '@sentry/nextjs'
 import { getAuthenticatedUser } from 'services/api/utils'
 
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
@@ -21,15 +16,6 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
     const auth = await getAuthenticatedGoogleClient(user.id, credentialsId)
     if (!auth)
       return res.status(404).send("Couldn't find credentials in database")
-    if (auth.credentials.ownerId !== user.id) {
-      // It should never happen but for some reason it does in rare cases... Currently under investigation.
-      captureException(
-        new Error(
-          `Credentials ownerId does not match user id ${auth.credentials.ownerId} !== ${user.id}`
-        )
-      )
-      return forbidden(res)
-    }
     const response = await drive({
       version: 'v3',
       auth: auth.client,

apps/builder/pages/api/integrations/google-sheets/spreadsheets/[id]/sheets.ts

@@ -18,7 +18,6 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
   if (req.method === 'GET') {
     const credentialsId = req.query.credentialsId as string | undefined
     if (!credentialsId) return badRequest(res)
-
     const spreadsheetId = req.query.id.toString()
     const doc = new GoogleSpreadsheet(spreadsheetId)
     const auth = await getAuthenticatedGoogleClient(user.id, credentialsId)