From ed680969f9e3acc3404d52952b983cd601a9ec09 Mon Sep 17 00:00:00 2001 From: Baptiste Arnaud Date: Thu, 14 Apr 2022 15:45:52 -0700 Subject: [PATCH] =?UTF-8?q?fix(editor):=20=F0=9F=94=92=EF=B8=8F=20Enforce?= =?UTF-8?q?=20credentials=20security?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/builder/libs/google-sheets.ts | 6 +++--- .../pages/api/integrations/google-sheets/spreadsheets.ts | 2 -- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/apps/builder/libs/google-sheets.ts b/apps/builder/libs/google-sheets.ts index 365e687cb..40fd43cdb 100644 --- a/apps/builder/libs/google-sheets.ts +++ b/apps/builder/libs/google-sheets.ts @@ -14,10 +14,10 @@ export const getAuthenticatedGoogleClient = async ( userId: string, credentialsId: string ): Promise => { - const credentials = (await prisma.credentials.findFirst({ - where: { id: credentialsId, ownerId: userId }, + const credentials = (await prisma.credentials.findUnique({ + where: { id: credentialsId }, })) as CredentialsFromDb | undefined - if (!credentials) return + if (!credentials || credentials.ownerId !== userId) return const data = decrypt( credentials.data, credentials.iv diff --git a/apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts b/apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts index f8667e0ad..6685914c6 100644 --- a/apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts +++ b/apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts @@ -18,8 +18,6 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => { return res.status(404).send("Couldn't find credentials in database") const response = await drive({ version: 'v3', - // eslint-disable-next-line @typescript-eslint/ban-ts-comment - // @ts-ignore auth: auth, }).files.list({ q: "mimeType='application/vnd.google-apps.spreadsheet'",