From 97ba29f80193dff79abe821c9cfc92f7822aabe5 Mon Sep 17 00:00:00 2001
From: Baptiste Arnaud <contact@baptiste-arnaud.fr>
Date: Sat, 9 Apr 2022 08:05:30 -0500
Subject: [PATCH] =?UTF-8?q?fix:=20=F0=9F=94=92=EF=B8=8F=20Better=20guard?=
 =?UTF-8?q?=20spreadsheets=20GET?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../api/integrations/google-sheets/spreadsheets.ts     |  5 +++--
 .../google-sheets/spreadsheets/[id]/sheets.ts          | 10 ++++++++--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts b/apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts
index 7681e1e6a..f8667e0ad 100644
--- a/apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts
+++ b/apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts
@@ -1,7 +1,7 @@
 import { NextApiRequest, NextApiResponse } from 'next'
 import { drive } from '@googleapis/drive'
 import { getAuthenticatedGoogleClient } from 'libs/google-sheets'
-import { methodNotAllowed, notAuthenticated } from 'utils'
+import { badRequest, methodNotAllowed, notAuthenticated } from 'utils'
 import { setUser, withSentry } from '@sentry/nextjs'
 import { getAuthenticatedUser } from 'services/api/utils'
 
@@ -11,7 +11,8 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
 
   setUser({ email: user.email ?? undefined, id: user.id })
   if (req.method === 'GET') {
-    const credentialsId = req.query.credentialsId.toString()
+    const credentialsId = req.query.credentialsId as string | undefined
+    if (!credentialsId) return badRequest(res)
     const auth = await getAuthenticatedGoogleClient(user.id, credentialsId)
     if (!auth)
       return res.status(404).send("Couldn't find credentials in database")
diff --git a/apps/builder/pages/api/integrations/google-sheets/spreadsheets/[id]/sheets.ts b/apps/builder/pages/api/integrations/google-sheets/spreadsheets/[id]/sheets.ts
index ea69b25ce..3027b8e85 100644
--- a/apps/builder/pages/api/integrations/google-sheets/spreadsheets/[id]/sheets.ts
+++ b/apps/builder/pages/api/integrations/google-sheets/spreadsheets/[id]/sheets.ts
@@ -1,7 +1,12 @@
 import { NextApiRequest, NextApiResponse } from 'next'
 import { GoogleSpreadsheet } from 'google-spreadsheet'
 import { getAuthenticatedGoogleClient } from 'libs/google-sheets'
-import { isDefined, methodNotAllowed, notAuthenticated } from 'utils'
+import {
+  badRequest,
+  isDefined,
+  methodNotAllowed,
+  notAuthenticated,
+} from 'utils'
 import { withSentry, setUser } from '@sentry/nextjs'
 import { getAuthenticatedUser } from 'services/api/utils'
 
@@ -11,7 +16,8 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
 
   setUser({ email: user.email ?? undefined, id: user.id })
   if (req.method === 'GET') {
-    const credentialsId = req.query.credentialsId.toString()
+    const credentialsId = req.query.credentialsId as string | undefined
+    if (!credentialsId) return badRequest(res)
 
     const spreadsheetId = req.query.id.toString()
     const doc = new GoogleSpreadsheet(spreadsheetId)