blsmedia/bot
2
0
Fork 0
Code Activity

fix: 🔒️ Better guard spreadsheets GET

Browse Source
This commit is contained in:
Baptiste Arnaud
2022-04-09 08:05:30 -05:00
parent 378fe0fe82
commit 97ba29f801
2 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts
View File

@ -1,7 +1,7 @@
import { NextApiRequest, NextApiResponse } from 'next'
import { drive } from '@googleapis/drive'
import { getAuthenticatedGoogleClient } from 'libs/google-sheets'
import { methodNotAllowed, notAuthenticated } from 'utils'
import { badRequest, methodNotAllowed, notAuthenticated } from 'utils'
import { setUser, withSentry } from '@sentry/nextjs'
import { getAuthenticatedUser } from 'services/api/utils'
@ -11,7 +11,8 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
setUser({ email: user.email ?? undefined, id: user.id })
if (req.method === 'GET') {
const credentialsId = req.query.credentialsId.toString()
const credentialsId = req.query.credentialsId as string | undefined
if (!credentialsId) return badRequest(res)
const auth = await getAuthenticatedGoogleClient(user.id, credentialsId)
if (!auth)
return res.status(404).send("Couldn't find credentials in database")

10
apps/builder/pages/api/integrations/google-sheets/spreadsheets/[id]/sheets.ts
View File

@ -1,7 +1,12 @@
import { NextApiRequest, NextApiResponse } from 'next'
import { GoogleSpreadsheet } from 'google-spreadsheet'
import { getAuthenticatedGoogleClient } from 'libs/google-sheets'
import { isDefined, methodNotAllowed, notAuthenticated } from 'utils'
import {
badRequest,
isDefined,
methodNotAllowed,
notAuthenticated,
} from 'utils'
import { withSentry, setUser } from '@sentry/nextjs'
import { getAuthenticatedUser } from 'services/api/utils'
@ -11,7 +16,8 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
setUser({ email: user.email ?? undefined, id: user.id })
if (req.method === 'GET') {
const credentialsId = req.query.credentialsId.toString()
const credentialsId = req.query.credentialsId as string | undefined
if (!credentialsId) return badRequest(res)
const spreadsheetId = req.query.id.toString()
const doc = new GoogleSpreadsheet(spreadsheetId)