From 9cddc755a3087631605c91a8efce35b4ad74e916 Mon Sep 17 00:00:00 2001
From: Baptiste Arnaud <contact@baptiste-arnaud.fr>
Date: Sat, 2 Jul 2022 08:28:20 +0200
Subject: [PATCH] =?UTF-8?q?fix(sheets):=20=F0=9F=94=92=EF=B8=8F=20Check=20?=
 =?UTF-8?q?token=20id=20before=20updating=20creds?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/builder/libs/google-sheets.ts                 | 14 ++++++++++----
 .../api/credentials/google-sheets/callback.ts      |  1 -
 apps/viewer/libs/google-sheets.ts                  | 14 ++++++++++----
 .../[spreadsheetId]/sheets/[sheetId].ts            | 12 ++++++------
 packages/utils/src/utils.ts                        |  9 +++++++++
 5 files changed, 35 insertions(+), 15 deletions(-)

diff --git a/apps/builder/libs/google-sheets.ts b/apps/builder/libs/google-sheets.ts
index 9052305c3..9d751d360 100644
--- a/apps/builder/libs/google-sheets.ts
+++ b/apps/builder/libs/google-sheets.ts
@@ -1,7 +1,7 @@
 import { Credentials as CredentialsFromDb } from 'db'
 import { OAuth2Client, Credentials } from 'google-auth-library'
 import { GoogleSheetsCredentialsData } from 'models'
-import { decrypt, encrypt } from 'utils'
+import { decrypt, encrypt, isDefined } from 'utils'
 import prisma from './prisma'
 
 export const oauth2Client = new OAuth2Client(
@@ -33,9 +33,15 @@ export const getAuthenticatedGoogleClient = async (
 const updateTokens =
   (credentialsId: string, existingCredentials: GoogleSheetsCredentialsData) =>
   async (credentials: Credentials) => {
-    const newCredentials = {
-      refresh_token: existingCredentials.refresh_token,
-      ...credentials,
+    if (
+      isDefined(existingCredentials.id_token) &&
+      credentials.id_token !== existingCredentials.id_token
+    )
+      return
+    const newCredentials: GoogleSheetsCredentialsData = {
+      ...existingCredentials,
+      expiry_date: credentials.expiry_date,
+      access_token: credentials.access_token,
     }
     const { encryptedData, iv } = encrypt(newCredentials)
     await prisma.credentials.update({
diff --git a/apps/builder/pages/api/credentials/google-sheets/callback.ts b/apps/builder/pages/api/credentials/google-sheets/callback.ts
index db6b0000c..a8cc4acb0 100644
--- a/apps/builder/pages/api/credentials/google-sheets/callback.ts
+++ b/apps/builder/pages/api/credentials/google-sheets/callback.ts
@@ -37,7 +37,6 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
       return res
         .status(400)
         .send({ message: "User didn't accepted required scopes" })
-    // console.log(tokens)
     const { encryptedData, iv } = encrypt(tokens)
     const credentials = {
       name: email,
diff --git a/apps/viewer/libs/google-sheets.ts b/apps/viewer/libs/google-sheets.ts
index 476ad9897..3fec04c0a 100644
--- a/apps/viewer/libs/google-sheets.ts
+++ b/apps/viewer/libs/google-sheets.ts
@@ -1,7 +1,7 @@
 import { Credentials as CredentialsFromDb } from 'db'
 import { OAuth2Client, Credentials } from 'google-auth-library'
 import { GoogleSheetsCredentialsData } from 'models'
-import { decrypt, encrypt } from 'utils'
+import { decrypt, encrypt, isDefined } from 'utils'
 import prisma from './prisma'
 
 export const getAuthenticatedGoogleClient = async (
@@ -29,9 +29,15 @@ export const getAuthenticatedGoogleClient = async (
 const updateTokens =
   (credentialsId: string, existingCredentials: GoogleSheetsCredentialsData) =>
   async (credentials: Credentials) => {
-    const newCredentials = {
-      refresh_token: existingCredentials.refresh_token,
-      ...credentials,
+    if (
+      isDefined(existingCredentials.id_token) &&
+      credentials.id_token !== existingCredentials.id_token
+    )
+      return
+    const newCredentials: GoogleSheetsCredentialsData = {
+      ...existingCredentials,
+      expiry_date: credentials.expiry_date,
+      access_token: credentials.access_token,
     }
     const { encryptedData, iv } = encrypt(newCredentials)
     await prisma.credentials.update({
diff --git a/apps/viewer/pages/api/integrations/google-sheets/spreadsheets/[spreadsheetId]/sheets/[sheetId].ts b/apps/viewer/pages/api/integrations/google-sheets/spreadsheets/[spreadsheetId]/sheets/[sheetId].ts
index e2f509c05..79db93a08 100644
--- a/apps/viewer/pages/api/integrations/google-sheets/spreadsheets/[spreadsheetId]/sheets/[sheetId].ts
+++ b/apps/viewer/pages/api/integrations/google-sheets/spreadsheets/[spreadsheetId]/sheets/[sheetId].ts
@@ -1,5 +1,5 @@
 import { NextApiRequest, NextApiResponse } from 'next'
-import { badRequest, initMiddleware, methodNotAllowed } from 'utils'
+import { badRequest, initMiddleware, methodNotAllowed, hasValue } from 'utils'
 import { GoogleSpreadsheet } from 'google-spreadsheet'
 import { getAuthenticatedGoogleClient } from 'libs/google-sheets'
 import { Cell } from 'models'
@@ -15,7 +15,7 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
     const spreadsheetId = req.query.spreadsheetId as string
     const sheetId = req.query.sheetId as string
     const credentialsId = req.query.credentialsId as string | undefined
-    if (!credentialsId) return badRequest(res)
+    if (!hasValue(credentialsId)) return badRequest(res)
     const referenceCell = {
       column: req.query['referenceCell[column]'],
       value: req.query['referenceCell[value]'],
@@ -63,7 +63,7 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
       credentialsId?: string
       values: { [key: string]: string }
     }
-    if (!credentialsId) return badRequest(res)
+    if (!hasValue(credentialsId)) return badRequest(res)
     const doc = new GoogleSpreadsheet(spreadsheetId)
     const auth = await getAuthenticatedGoogleClient(credentialsId)
     if (!auth)
@@ -81,8 +81,8 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
     }
   }
   if (req.method === 'PATCH') {
-    const spreadsheetId = req.query.spreadsheetId.toString()
-    const sheetId = req.query.sheetId.toString()
+    const spreadsheetId = req.query.spreadsheetId as string
+    const sheetId = req.query.sheetId as string
     const { credentialsId, values, referenceCell } = (
       typeof req.body === 'string' ? JSON.parse(req.body) : req.body
     ) as {
@@ -90,7 +90,7 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
       referenceCell: Cell
       values: { [key: string]: string }
     }
-    if (!credentialsId) return badRequest(res)
+    if (!hasValue(credentialsId)) return badRequest(res)
     const doc = new GoogleSpreadsheet(spreadsheetId)
     const auth = await getAuthenticatedGoogleClient(credentialsId)
     if (!auth)
diff --git a/packages/utils/src/utils.ts b/packages/utils/src/utils.ts
index 26b0486f4..74e85d990 100644
--- a/packages/utils/src/utils.ts
+++ b/packages/utils/src/utils.ts
@@ -259,3 +259,12 @@ export const env = (key = ''): string | undefined => {
     ? undefined
     : (process.env['NEXT_PUBLIC_' + key] as string)
 }
+
+export const hasValue = (
+  value: string | undefined | null
+): value is NonNullable<string> =>
+  value !== undefined &&
+  value !== null &&
+  value !== '' &&
+  value !== 'undefined' &&
+  value !== 'null'