Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Check URL #15815

Merged
merged 2 commits into from
Jul 18, 2024
Merged

fix: Check URL #15815

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1731202
Check URL
hariombalhara Jul 18, 2024
e75c884
Merge branch 'main' into fix-zoho
zomars Jul 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions packages/app-store/zoho-bigin/api/callback.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,20 @@ import createOAuthAppCredential from "../../_utils/oauth/createOAuthAppCredentia
import { decodeOAuthState } from "../../_utils/oauth/decodeOAuthState";
import appConfig from "../config.json";

function isAuthorizedAccountsServerUrl(accountsServer: string) {
// As per https://www.zoho.com/crm/developer/docs/api/v6/multi-dc.html#:~:text=US:%20https://accounts.zoho,https://accounts.zohocloud.ca&text=The%20%22location=us%22%20parameter,domain%20in%20all%20API%20endpoints.&text=You%20must%20make%20the%20authorization,.zoho.com.cn.
const authorizedAccountServers = [
"https://accounts.zoho.com",
"https://accounts.zoho.eu",
"https://accounts.zoho.in",
"https://accounts.zoho.com.cn",
"https://accounts.zoho.jp",
"https://accounts.zohocloud.ca",
"https://accounts.zoho.com.au",
];
return authorizedAccountServers.includes(accountsServer);
}

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
const { code, "accounts-server": accountsServer } = req.query;
const state = decodeOAuthState(req);
Expand All @@ -20,6 +34,16 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
return;
}

if (!accountsServer || typeof accountsServer !== "string") {
res.status(400).json({ message: "`accounts-server` is required and must be a string" });
return;
}

if (!isAuthorizedAccountsServerUrl(accountsServer)) {
res.status(400).json({ message: "`accounts-server` is not authorized" });
return;
}

if (!req.session?.user?.id) {
res.status(401).json({ message: "You must be logged in to do this" });
return;
Expand Down
30 changes: 26 additions & 4 deletions packages/app-store/zohocrm/api/callback.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 +13,38 @@ import appConfig from "../config.json";

let client_id = "";
let client_secret = "";
function isAuthorizedAccountsServerUrl(accountsServer: string) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are two different apps. So, keeping this logic duplicate is fine.

// As per https://www.zoho.com/crm/developer/docs/api/v6/multi-dc.html#:~:text=US:%20https://accounts.zoho,https://accounts.zohocloud.ca&text=The%20%22location=us%22%20parameter,domain%20in%20all%20API%20endpoints.&text=You%20must%20make%20the%20authorization,.zoho.com.cn.
const authorizedAccountServers = [
"https://accounts.zoho.com",
"https://accounts.zoho.eu",
"https://accounts.zoho.in",
"https://accounts.zoho.com.cn",
"https://accounts.zoho.jp",
"https://accounts.zohocloud.ca",
"https://accounts.zoho.com.au",
];
return authorizedAccountServers.includes(accountsServer);
}

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
const { code } = req.query;
const { code, "accounts-server": accountsServer } = req.query;

if (code === undefined && typeof code !== "string") {
res.status(400).json({ message: "`code` must be a string" });
return;
}

if (!accountsServer || typeof accountsServer !== "string") {
res.status(400).json({ message: "`accounts-server` is required and must be a string" });
return;
}

if (!isAuthorizedAccountsServerUrl(accountsServer)) {
res.status(400).json({ message: "`accounts-server` is not authorized" });
return;
}

if (!req.session?.user?.id) {
return res.status(401).json({ message: "You must be logged in to do this" });
}
Expand All @@ -31,8 +54,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
if (typeof appKeys.client_secret === "string") client_secret = appKeys.client_secret;
if (!client_id) return res.status(400).json({ message: "Zoho Crm consumer key missing." });
if (!client_secret) return res.status(400).json({ message: "Zoho Crm consumer secret missing." });

const url = `${req.query["accounts-server"]}/oauth/v2/token`;
const url = `${accountsServer}/oauth/v2/token`;
const redirectUri = `${WEBAPP_URL}/api/integrations/zohocrm/callback`;
const formData = {
grant_type: "authorization_code",
Expand All @@ -51,7 +73,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
});
// set expiry date as offset from current time.
zohoCrmTokenInfo.data.expiryDate = Math.round(Date.now() + 60 * 60);
zohoCrmTokenInfo.data.accountServer = req.query["accounts-server"];
zohoCrmTokenInfo.data.accountServer = accountsServer;

await createOAuthAppCredential({ appId: appConfig.slug, type: appConfig.type }, zohoCrmTokenInfo.data, req);

Expand Down
Loading