: 🔒️ Investigate on why spreadsheets sometimes fail

apps/builder/libs/google-sheets.ts

@@ -13,9 +13,11 @@ export const oauth2Client = new OAuth2Client(
 export const getAuthenticatedGoogleClient = async (
   userId: string,
   credentialsId: string
-): Promise<OAuth2Client | undefined> => {
+): Promise<
-  const credentials = (await prisma.credentials.findUnique({
+  { client: OAuth2Client; credentials: CredentialsFromDb } | undefined
-    where: { id: credentialsId },
+> => {
+  const credentials = (await prisma.credentials.findFirst({
+    where: { id: credentialsId, ownerId: userId },
   })) as CredentialsFromDb | undefined
   if (!credentials || credentials.ownerId !== userId) return
   const data = decrypt(
@@ -25,7 +27,7 @@ export const getAuthenticatedGoogleClient = async (
 
   oauth2Client.setCredentials(data)
   oauth2Client.on('tokens', updateTokens(credentialsId, data))
-  return oauth2Client
+  return { client: oauth2Client, credentials }
 }
 
 const updateTokens =

apps/builder/mocks/index.ts

@@ -6,7 +6,7 @@ const handlers = () => [
     const authenticatedUser = JSON.parse(
       typeof localStorage !== 'undefined'
         ? (localStorage.getItem('authenticatedUser') as string)
-        : '{"id":"proUser","name":"John Smith","email":"john@smith.com","emailVerified":null,"image":"https://avatars.githubusercontent.com/u/16015833?v=4","plan":"PRO","stripeId":null}'
+        : '{"id":"proUser","name":"Pro user","email":"pro-user@email.com","emailVerified":null,"image":"https://avatars.githubusercontent.com/u/16015833?v=4","plan":"PRO","stripeId":null}'
     )
     return res(
       ctx.json({

apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts

@@ -1,8 +1,13 @@
 import { NextApiRequest, NextApiResponse } from 'next'
 import { drive } from '@googleapis/drive'
 import { getAuthenticatedGoogleClient } from 'libs/google-sheets'
-import { badRequest, methodNotAllowed, notAuthenticated } from 'utils'
+import {
-import { setUser, withSentry } from '@sentry/nextjs'
+  badRequest,
+  forbidden,
+  methodNotAllowed,
+  notAuthenticated,
+} from 'utils'
+import { captureException, setUser, withSentry } from '@sentry/nextjs'
 import { getAuthenticatedUser } from 'services/api/utils'
 
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
@@ -16,9 +21,18 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
     const auth = await getAuthenticatedGoogleClient(user.id, credentialsId)
     if (!auth)
       return res.status(404).send("Couldn't find credentials in database")
+    console.log(auth.credentials.name, user.email)
+    if (auth.credentials.name !== user.email) {
+      captureException(
+        new Error(
+          `Credentials name does not match user email ${auth?.credentials.name} !== ${user.email}`
+        )
+      )
+      return forbidden(res)
+    }
     const response = await drive({
       version: 'v3',
-      auth: auth,
+      auth: auth.client,
     }).files.list({
       q: "mimeType='application/vnd.google-apps.spreadsheet'",
       fields: 'nextPageToken, files(id, name)',

apps/builder/pages/api/integrations/google-sheets/spreadsheets/[id]/sheets.ts

@@ -21,12 +21,12 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
 
     const spreadsheetId = req.query.id.toString()
     const doc = new GoogleSpreadsheet(spreadsheetId)
-    const client = await getAuthenticatedGoogleClient(user.id, credentialsId)
+    const auth = await getAuthenticatedGoogleClient(user.id, credentialsId)
-    if (!client)
+    if (!auth)
       return res
         .status(404)
         .send({ message: "Couldn't find credentials in database" })
-    doc.useOAuth2Client(client)
+    doc.useOAuth2Client(auth.client)
     await doc.loadInfo()
     return res.send({
       sheets: (

apps/builder/playwright/services/database.ts

@@ -109,7 +109,7 @@ const createCredentials = () => {
   return prisma.credentials.createMany({
     data: [
       {
-        name: 'test2@gmail.com',
+        name: 'pro-user@email.com',
         ownerId: 'proUser',
         type: CredentialsType.GOOGLE_SHEETS,
         data: encryptedData,

apps/builder/playwright/tests/integrations/googleSheets.spec.ts

@@ -152,7 +152,7 @@ test.describe.parallel('Google sheets integration', () => {
 const fillInSpreadsheetInfo = async (page: Page) => {
   await page.click('text=Configure...')
   await page.click('text=Select an account')
-  await page.click('text=test2@gmail.com')
+  await page.click('text=pro-user@email.com')
 
   await page.fill('input[placeholder="Search for spreadsheet"]', 'CR')
   await page.click('text=CRM')