blsmedia/bot
2
0
Fork 0
Code Activity

fix(editor): 🔒️ Enforce credentials security

Browse Source
This commit is contained in:
Baptiste Arnaud
2022-04-14 15:45:52 -07:00
parent 18319c88c8
commit ed680969f9
2 changed files with 3 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/builder/libs/google-sheets.ts
View File

@ -14,10 +14,10 @@ export const getAuthenticatedGoogleClient = async (
userId: string, userId: string,
credentialsId: string credentialsId: string
): Promise<OAuth2Client | undefined> => { ): Promise<OAuth2Client | undefined> => {
const credentials = (await prisma.credentials.findFirst({ const credentials = (await prisma.credentials.findUnique({
where: { id: credentialsId, ownerId: userId }, where: { id: credentialsId },
})) as CredentialsFromDb | undefined })) as CredentialsFromDb | undefined
if (!credentials) return if (!credentials || credentials.ownerId !== userId) return
const data = decrypt( const data = decrypt(
credentials.data, credentials.data,
credentials.iv credentials.iv

2
apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts
View File

@ -18,8 +18,6 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
return res.status(404).send("Couldn't find credentials in database") return res.status(404).send("Couldn't find credentials in database")
const response = await drive({ const response = await drive({
version: 'v3', version: 'v3',
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
// @ts-ignore
auth: auth, auth: auth,
}).files.list({ }).files.list({
q: "mimeType='application/vnd.google-apps.spreadsheet'", q: "mimeType='application/vnd.google-apps.spreadsheet'",