From 606932a77e030296d200472fcbb3a48a0ed7b5ff Mon Sep 17 00:00:00 2001 From: Baptiste Arnaud Date: Thu, 21 Apr 2022 10:50:36 -0700 Subject: [PATCH] =?UTF-8?q?refactor:=20=F0=9F=94=92=EF=B8=8F=20Still=20inv?= =?UTF-8?q?estigating=20sheets=20creds=20issue?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../google-sheets/spreadsheets.ts | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts b/apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts index dd7f16ba2d..e1d766740f 100644 --- a/apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts +++ b/apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts @@ -1,8 +1,13 @@ import { NextApiRequest, NextApiResponse } from 'next' import { drive } from '@googleapis/drive' import { getAuthenticatedGoogleClient } from 'libs/google-sheets' -import { badRequest, methodNotAllowed, notAuthenticated } from 'utils' -import { setUser, withSentry } from '@sentry/nextjs' +import { + badRequest, + forbidden, + methodNotAllowed, + notAuthenticated, +} from 'utils' +import { captureException, setUser, withSentry } from '@sentry/nextjs' import { getAuthenticatedUser } from 'services/api/utils' const handler = async (req: NextApiRequest, res: NextApiResponse) => { @@ -16,7 +21,15 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => { const auth = await getAuthenticatedGoogleClient(user.id, credentialsId) if (!auth) return res.status(404).send("Couldn't find credentials in database") - console.log(auth.credentials.name, user.email) + if (auth.credentials.ownerId !== user.id) { + // It should never happen but for some reason it does in rare cases... Currently under investigation. + captureException( + new Error( + `Credentials ownerId does not match user id ${auth.credentials.ownerId} !== ${user.id}` + ) + ) + return forbidden(res) + } const response = await drive({ version: 'v3', auth: auth.client,