fix(sheets): 🔒️ Check token id before updating creds
This commit is contained in:
Baptiste Arnaud
@ -1,7 +1,7 @@
|
|||||||
import { Credentials as CredentialsFromDb } from 'db'
|
import { Credentials as CredentialsFromDb } from 'db'
|
||||||
import { OAuth2Client, Credentials } from 'google-auth-library'
|
import { OAuth2Client, Credentials } from 'google-auth-library'
|
||||||
import { GoogleSheetsCredentialsData } from 'models'
|
import { GoogleSheetsCredentialsData } from 'models'
|
||||||
import { decrypt, encrypt } from 'utils'
|
import { decrypt, encrypt, isDefined } from 'utils'
|
||||||
import prisma from './prisma'
|
import prisma from './prisma'
|
||||||
|
|
||||||
export const oauth2Client = new OAuth2Client(
|
export const oauth2Client = new OAuth2Client(
|
||||||
@ -33,9 +33,15 @@ export const getAuthenticatedGoogleClient = async (
|
|||||||
const updateTokens =
|
const updateTokens =
|
||||||
(credentialsId: string, existingCredentials: GoogleSheetsCredentialsData) =>
|
(credentialsId: string, existingCredentials: GoogleSheetsCredentialsData) =>
|
||||||
async (credentials: Credentials) => {
|
async (credentials: Credentials) => {
|
||||||
const newCredentials = {
|
if (
|
||||||
refresh_token: existingCredentials.refresh_token,
|
isDefined(existingCredentials.id_token) &&
|
||||||
...credentials,
|
credentials.id_token !== existingCredentials.id_token
|
||||||
|
)
|
||||||
|
return
|
||||||
|
const newCredentials: GoogleSheetsCredentialsData = {
|
||||||
|
...existingCredentials,
|
||||||
|
expiry_date: credentials.expiry_date,
|
||||||
|
access_token: credentials.access_token,
|
||||||
}
|
}
|
||||||
const { encryptedData, iv } = encrypt(newCredentials)
|
const { encryptedData, iv } = encrypt(newCredentials)
|
||||||
await prisma.credentials.update({
|
await prisma.credentials.update({
|
||||||
|
|||||||
@ -37,7 +37,6 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
|||||||
return res
|
return res
|
||||||
.status(400)
|
.status(400)
|
||||||
.send({ message: "User didn't accepted required scopes" })
|
.send({ message: "User didn't accepted required scopes" })
|
||||||
// console.log(tokens)
|
|
||||||
const { encryptedData, iv } = encrypt(tokens)
|
const { encryptedData, iv } = encrypt(tokens)
|
||||||
const credentials = {
|
const credentials = {
|
||||||
name: email,
|
name: email,
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
import { Credentials as CredentialsFromDb } from 'db'
|
import { Credentials as CredentialsFromDb } from 'db'
|
||||||
import { OAuth2Client, Credentials } from 'google-auth-library'
|
import { OAuth2Client, Credentials } from 'google-auth-library'
|
||||||
import { GoogleSheetsCredentialsData } from 'models'
|
import { GoogleSheetsCredentialsData } from 'models'
|
||||||
import { decrypt, encrypt } from 'utils'
|
import { decrypt, encrypt, isDefined } from 'utils'
|
||||||
import prisma from './prisma'
|
import prisma from './prisma'
|
||||||
|
|
||||||
export const getAuthenticatedGoogleClient = async (
|
export const getAuthenticatedGoogleClient = async (
|
||||||
@ -29,9 +29,15 @@ export const getAuthenticatedGoogleClient = async (
|
|||||||
const updateTokens =
|
const updateTokens =
|
||||||
(credentialsId: string, existingCredentials: GoogleSheetsCredentialsData) =>
|
(credentialsId: string, existingCredentials: GoogleSheetsCredentialsData) =>
|
||||||
async (credentials: Credentials) => {
|
async (credentials: Credentials) => {
|
||||||
const newCredentials = {
|
if (
|
||||||
refresh_token: existingCredentials.refresh_token,
|
isDefined(existingCredentials.id_token) &&
|
||||||
...credentials,
|
credentials.id_token !== existingCredentials.id_token
|
||||||
|
)
|
||||||
|
return
|
||||||
|
const newCredentials: GoogleSheetsCredentialsData = {
|
||||||
|
...existingCredentials,
|
||||||
|
expiry_date: credentials.expiry_date,
|
||||||
|
access_token: credentials.access_token,
|
||||||
}
|
}
|
||||||
const { encryptedData, iv } = encrypt(newCredentials)
|
const { encryptedData, iv } = encrypt(newCredentials)
|
||||||
await prisma.credentials.update({
|
await prisma.credentials.update({
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
import { NextApiRequest, NextApiResponse } from 'next'
|
import { NextApiRequest, NextApiResponse } from 'next'
|
||||||
import { badRequest, initMiddleware, methodNotAllowed } from 'utils'
|
import { badRequest, initMiddleware, methodNotAllowed, hasValue } from 'utils'
|
||||||
import { GoogleSpreadsheet } from 'google-spreadsheet'
|
import { GoogleSpreadsheet } from 'google-spreadsheet'
|
||||||
import { getAuthenticatedGoogleClient } from 'libs/google-sheets'
|
import { getAuthenticatedGoogleClient } from 'libs/google-sheets'
|
||||||
import { Cell } from 'models'
|
import { Cell } from 'models'
|
||||||
@ -15,7 +15,7 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
|||||||
const spreadsheetId = req.query.spreadsheetId as string
|
const spreadsheetId = req.query.spreadsheetId as string
|
||||||
const sheetId = req.query.sheetId as string
|
const sheetId = req.query.sheetId as string
|
||||||
const credentialsId = req.query.credentialsId as string | undefined
|
const credentialsId = req.query.credentialsId as string | undefined
|
||||||
if (!credentialsId) return badRequest(res)
|
if (!hasValue(credentialsId)) return badRequest(res)
|
||||||
const referenceCell = {
|
const referenceCell = {
|
||||||
column: req.query['referenceCell[column]'],
|
column: req.query['referenceCell[column]'],
|
||||||
value: req.query['referenceCell[value]'],
|
value: req.query['referenceCell[value]'],
|
||||||
@ -63,7 +63,7 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
|||||||
credentialsId?: string
|
credentialsId?: string
|
||||||
values: { [key: string]: string }
|
values: { [key: string]: string }
|
||||||
}
|
}
|
||||||
if (!credentialsId) return badRequest(res)
|
if (!hasValue(credentialsId)) return badRequest(res)
|
||||||
const doc = new GoogleSpreadsheet(spreadsheetId)
|
const doc = new GoogleSpreadsheet(spreadsheetId)
|
||||||
const auth = await getAuthenticatedGoogleClient(credentialsId)
|
const auth = await getAuthenticatedGoogleClient(credentialsId)
|
||||||
if (!auth)
|
if (!auth)
|
||||||
@ -81,8 +81,8 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (req.method === 'PATCH') {
|
if (req.method === 'PATCH') {
|
||||||
const spreadsheetId = req.query.spreadsheetId.toString()
|
const spreadsheetId = req.query.spreadsheetId as string
|
||||||
const sheetId = req.query.sheetId.toString()
|
const sheetId = req.query.sheetId as string
|
||||||
const { credentialsId, values, referenceCell } = (
|
const { credentialsId, values, referenceCell } = (
|
||||||
typeof req.body === 'string' ? JSON.parse(req.body) : req.body
|
typeof req.body === 'string' ? JSON.parse(req.body) : req.body
|
||||||
) as {
|
) as {
|
||||||
@ -90,7 +90,7 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
|||||||
referenceCell: Cell
|
referenceCell: Cell
|
||||||
values: { [key: string]: string }
|
values: { [key: string]: string }
|
||||||
}
|
}
|
||||||
if (!credentialsId) return badRequest(res)
|
if (!hasValue(credentialsId)) return badRequest(res)
|
||||||
const doc = new GoogleSpreadsheet(spreadsheetId)
|
const doc = new GoogleSpreadsheet(spreadsheetId)
|
||||||
const auth = await getAuthenticatedGoogleClient(credentialsId)
|
const auth = await getAuthenticatedGoogleClient(credentialsId)
|
||||||
if (!auth)
|
if (!auth)
|
||||||
|
|||||||
@ -259,3 +259,12 @@ export const env = (key = ''): string | undefined => {
|
|||||||
? undefined
|
? undefined
|
||||||
: (process.env['NEXT_PUBLIC_' + key] as string)
|
: (process.env['NEXT_PUBLIC_' + key] as string)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export const hasValue = (
|
||||||
|
value: string | undefined | null
|
||||||
|
): value is NonNullable<string> =>
|
||||||
|
value !== undefined &&
|
||||||
|
value !== null &&
|
||||||
|
value !== '' &&
|
||||||
|
value !== 'undefined' &&
|
||||||
|
value !== 'null'
|
||||||
|
|||||||
Reference in New Issue
Block a user