diff --git a/api/server/handlers/oauth_callback/upstash.go b/api/server/handlers/oauth_callback/upstash.go index 97622b9df9..abe5b22ad9 100644 --- a/api/server/handlers/oauth_callback/upstash.go +++ b/api/server/handlers/oauth_callback/upstash.go @@ -10,6 +10,7 @@ import ( "net/url" "time" + "github.com/golang-jwt/jwt" "github.com/porter-dev/porter/api/server/handlers" "github.com/porter-dev/porter/api/server/shared" "github.com/porter-dev/porter/api/server/shared/apierrors" @@ -100,6 +101,25 @@ func (p *OAuthCallbackUpstashHandler) ServeHTTP(w http.ResponseWriter, r *http.R return } + t, _, err := new(jwt.Parser).ParseUnverified(token.AccessToken, jwt.MapClaims{}) // safe to use because we validated the token above + if err != nil { + err = telemetry.Error(ctx, span, err, "error parsing token") + p.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusInternalServerError)) + return + } + + var email string + if claims, ok := t.Claims.(jwt.MapClaims); ok { + if emailVal, ok := claims["https://user.io/email"].(string); ok { + email = emailVal + } + } + if email == "" { + err = telemetry.Error(ctx, span, nil, "email not found in token") + p.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusInternalServerError)) + return + } + // make an http call to https://api.upstash.com/apikey with authorization: bearer // to get the api key apiKey, err := fetchUpstashApiKey(ctx, token.AccessToken) @@ -117,6 +137,7 @@ func (p *OAuthCallbackUpstashHandler) ServeHTTP(w http.ResponseWriter, r *http.R }, ProjectID: projID, DeveloperApiKey: []byte(apiKey), + UpstashEmail: email, } _, err = p.Repo().UpstashIntegration().Insert(ctx, oauthInt) diff --git a/internal/models/integrations/upstash.go b/internal/models/integrations/upstash.go index f90d2ddbec..049b85e028 100644 --- a/internal/models/integrations/upstash.go +++ b/internal/models/integrations/upstash.go @@ -11,4 +11,6 @@ type UpstashIntegration struct { SharedOAuthModel DeveloperApiKey []byte `json:"developer_api_key"` + + UpstashEmail string `json:"upstash_email"` }