fix(sheets): 🔒️ Check token id before updating creds

2022-07-02 08:28:20 +02:00
parent 994ae61719
commit 9cddc755a3
5 changed files with 35 additions and 15 deletions
--- a/apps/builder/libs/google-sheets.ts
+++ b/apps/builder/libs/google-sheets.ts
@ -1,7 +1,7 @@
 import { Credentials as CredentialsFromDb } from 'db'
 import { OAuth2Client, Credentials } from 'google-auth-library'
 import { GoogleSheetsCredentialsData } from 'models'
-import { decrypt, encrypt } from 'utils'
+import { decrypt, encrypt, isDefined } from 'utils'
 import prisma from './prisma'

 export const oauth2Client = new OAuth2Client(
@ -33,9 +33,15 @@ export const getAuthenticatedGoogleClient = async (
 const updateTokens =
  (credentialsId: string, existingCredentials: GoogleSheetsCredentialsData) =>
  async (credentials: Credentials) => {
-    const newCredentials = {
-      refresh_token: existingCredentials.refresh_token,
-      ...credentials,
+    if (
+      isDefined(existingCredentials.id_token) &&
+      credentials.id_token !== existingCredentials.id_token
+    )
+      return
+    const newCredentials: GoogleSheetsCredentialsData = {
+      ...existingCredentials,
+      expiry_date: credentials.expiry_date,
+      access_token: credentials.access_token,
    }
    const { encryptedData, iv } = encrypt(newCredentials)
    await prisma.credentials.update({
--- a/apps/builder/pages/api/credentials/google-sheets/callback.ts
+++ b/apps/builder/pages/api/credentials/google-sheets/callback.ts
@ -37,7 +37,6 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
      return res
        .status(400)
        .send({ message: "User didn't accepted required scopes" })
-    // console.log(tokens)
    const { encryptedData, iv } = encrypt(tokens)
    const credentials = {
      name: email,
--- a/apps/viewer/libs/google-sheets.ts
+++ b/apps/viewer/libs/google-sheets.ts
@ -1,7 +1,7 @@
 import { Credentials as CredentialsFromDb } from 'db'
 import { OAuth2Client, Credentials } from 'google-auth-library'
 import { GoogleSheetsCredentialsData } from 'models'
-import { decrypt, encrypt } from 'utils'
+import { decrypt, encrypt, isDefined } from 'utils'
 import prisma from './prisma'

 export const getAuthenticatedGoogleClient = async (
@ -29,9 +29,15 @@ export const getAuthenticatedGoogleClient = async (
 const updateTokens =
  (credentialsId: string, existingCredentials: GoogleSheetsCredentialsData) =>
  async (credentials: Credentials) => {
-    const newCredentials = {
-      refresh_token: existingCredentials.refresh_token,
-      ...credentials,
+    if (
+      isDefined(existingCredentials.id_token) &&
+      credentials.id_token !== existingCredentials.id_token
+    )
+      return
+    const newCredentials: GoogleSheetsCredentialsData = {
+      ...existingCredentials,
+      expiry_date: credentials.expiry_date,
+      access_token: credentials.access_token,
    }
    const { encryptedData, iv } = encrypt(newCredentials)
    await prisma.credentials.update({
--- a/apps/viewer/pages/api/integrations/google-sheets/spreadsheets/[spreadsheetId]/sheets/[sheetId].ts
+++ b/apps/viewer/pages/api/integrations/google-sheets/spreadsheets/[spreadsheetId]/sheets/[sheetId].ts
@ -1,5 +1,5 @@
 import { NextApiRequest, NextApiResponse } from 'next'
-import { badRequest, initMiddleware, methodNotAllowed } from 'utils'
+import { badRequest, initMiddleware, methodNotAllowed, hasValue } from 'utils'
 import { GoogleSpreadsheet } from 'google-spreadsheet'
 import { getAuthenticatedGoogleClient } from 'libs/google-sheets'
 import { Cell } from 'models'
@ -15,7 +15,7 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
    const spreadsheetId = req.query.spreadsheetId as string
    const sheetId = req.query.sheetId as string
    const credentialsId = req.query.credentialsId as string | undefined
-    if (!credentialsId) return badRequest(res)
+    if (!hasValue(credentialsId)) return badRequest(res)
    const referenceCell = {
      column: req.query['referenceCell[column]'],
      value: req.query['referenceCell[value]'],
@ -63,7 +63,7 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
      credentialsId?: string
      values: { [key: string]: string }
    }
-    if (!credentialsId) return badRequest(res)
+    if (!hasValue(credentialsId)) return badRequest(res)
    const doc = new GoogleSpreadsheet(spreadsheetId)
    const auth = await getAuthenticatedGoogleClient(credentialsId)
    if (!auth)
@ -81,8 +81,8 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
    }
  }
  if (req.method === 'PATCH') {
-    const spreadsheetId = req.query.spreadsheetId.toString()
-    const sheetId = req.query.sheetId.toString()
+    const spreadsheetId = req.query.spreadsheetId as string
+    const sheetId = req.query.sheetId as string
    const { credentialsId, values, referenceCell } = (
      typeof req.body === 'string' ? JSON.parse(req.body) : req.body
    ) as {
@ -90,7 +90,7 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
      referenceCell: Cell
      values: { [key: string]: string }
    }
-    if (!credentialsId) return badRequest(res)
+    if (!hasValue(credentialsId)) return badRequest(res)
    const doc = new GoogleSpreadsheet(spreadsheetId)
    const auth = await getAuthenticatedGoogleClient(credentialsId)
    if (!auth)
--- a/packages/utils/src/utils.ts
+++ b/packages/utils/src/utils.ts
@ -259,3 +259,12 @@ export const env = (key = ''): string | undefined => {
    ? undefined
    : (process.env['NEXT_PUBLIC_' + key] as string)
 }
+
+export const hasValue = (
+  value: string | undefined | null
+): value is NonNullable<string> =>
+  value !== undefined &&
+  value !== null &&
+  value !== '' &&
+  value !== 'undefined' &&
+  value !== 'null'