Skip to content

fix: standardize credential ID naming and improve error handling acro… #68

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
TejaBudumuru3 merged 1 commit into from
Feb 3, 2026
Merged

fix: standardize credential ID naming and improve error handling acro… #68

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions apps/http-backend/src/routes/google_callback.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import { Router, Request, Response } from "express";
import dotenv from "dotenv";
import { fileURLToPath } from "url";
import { dirname, join } from "path";
import { statusCodes } from "@repo/common/zod";

// Get the directory of this file
const __filename = fileURLToPath(import.meta.url);
Expand Down Expand Up @@ -190,7 +191,7 @@ googleAuth.get('/debug/config', async(req: Request, res: Response)=>{
: "❌ Redirect URI mismatch detected!"
});
} catch (err) {
return res.status(500).json({
return res.status(statusCodes.INTERNAL_SERVER_ERROR).json({
error: err instanceof Error ? err.message : 'Unknown error',
stack: err instanceof Error ? err.stack : undefined
});
Expand Down Expand Up @@ -232,6 +233,6 @@ googleAuth.get('/debug/credentials', async(req: Request, res: Response)=>{

return res.json({ credentials: debugInfo });
} catch (err) {
return res.status(500).json({ error: err instanceof Error ? err.message : 'Unknown error' });
return res.status(statusCodes.INTERNAL_SERVER_ERROR).json({ error: err instanceof Error ? err.message : 'Unknown error' });
}
});
16 changes: 8 additions & 8 deletions apps/http-backend/src/routes/sheet.routes.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,10 @@ sheetRouter.get(
try {
if (!req.user)
return res
.status(statusCodes.BAD_GATEWAY)
.status(statusCodes.UNAUTHORIZED)
.json({ message: "User isnot logged in /not authorized" });
const credId = req.params.cred;
if (!credId) {
const credentialId = req.params.cred;
if (!credentialId) {
return res
.status(statusCodes.BAD_REQUEST)
.json({ message: "credentials id not provided" });
Expand All @@ -29,7 +29,7 @@ sheetRouter.get(
.json({ message: "User id not provided" });
const sheets = await sheetExecutor.getSheets({
userId: userId,
credId: credId,
credentialId: credentialId,
});
if ((sheets as any)?.success === false) {
return res.status(statusCodes.NOT_FOUND).json({
Expand Down Expand Up @@ -61,11 +61,11 @@ sheetRouter.get(
const userId = req.user?.sub;
if (!userId)
return res
.status(statusCodes.BAD_GATEWAY)
.status(statusCodes.UNAUTHORIZED)
.json({ message: "User isnot logged in /not authorized" });
const credId = req.params.cred;
const credentialId = req.params.cred;
const sheetId = req.params.sheetId;
if (!credId || !sheetId) {
if (!credentialId || !sheetId) {
return res
.status(statusCodes.BAD_REQUEST)
.json({ message: `credentials id not provided ` });
Expand All @@ -76,7 +76,7 @@ sheetRouter.get(
});
}
const sheets = await sheetExecutor.getSheetTabs(
{ userId: userId, credId: credId },
{ userId: userId, credentialId: credentialId },
sheetId
);

Expand Down
2 changes: 1 addition & 1 deletion apps/http-backend/src/routes/userRoutes/executionRoutes.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ execRouter.post('/node', userMiddleware, async(req: AuthRequest, res: Response)
// if(nodeData.CredentialsID)
const context = {
userId: req.user.sub,
config: config ,
config: config ,
// credentialsId: nodeData.CredentialsID || ""
}
const executionResult = await ExecutionRegister.execute(type, context)
Expand Down
2 changes: 1 addition & 1 deletion apps/http-backend/src/routes/userRoutes/userMiddleware.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ export async function userMiddleware(
req.user = payload;
return next();
} catch (e) {
return res.status(401).json({
return res.status(statusCodes.UNAUTHORIZED).json({
message: `Invalid token: ${e instanceof Error ? e.message : "Unknown error"}`,
});
}
Expand Down
34 changes: 17 additions & 17 deletions apps/http-backend/src/routes/userRoutes/userRoutes.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ import {
HOOKS_URL,
} from "@repo/common/zod";
import { GoogleSheetsNodeExecutor } from "@repo/nodes";
import axios, { Axios } from "axios";
import axios from "axios";
const router: Router = Router();

router.post("/createAvaliableNode", async (req: AuthRequest, res: Response) => {
Expand Down Expand Up @@ -60,7 +60,7 @@ router.get(
message: "User has to be logged in , This is from getNodesEnd pont",
});
}
const userID = req.user.id;
// const userID = req.user.id;
// console.log(userID)
try {
const Data = await prismaClient.availableNode.findMany();
Expand Down Expand Up @@ -120,7 +120,7 @@ router.get(
console.log("RequestRecieved from the frontend");
if (!req.user)
return res
.status(statusCodes.BAD_GATEWAY)
.status(statusCodes.UNAUTHORIZED)
.json({ message: "User isnot logged in /not authorized" });

const Data = await prismaClient.availableTrigger.findMany();
Expand All @@ -141,7 +141,7 @@ router.get(
router.get(
"/getCredentials/:type",
userMiddleware,
async (req: AuthRequest, res) => {
async (req: AuthRequest, res: Response) => {
try {
// console.log("user from getcredentials: ", req.user);
if (!req.user) {
Expand Down Expand Up @@ -186,12 +186,12 @@ router.get(
// Data: credentials,
// });
if (credentials.length === 0) {
return res.status(200).json({
return res.status(statusCodes.OK).json({
message: "No credentials found",
});
}

return res.status(200).json({
return res.status(statusCodes.OK).json({
message: "Credentials fetched",
data: credentials,
hasCredentials: true,
Expand Down Expand Up @@ -244,7 +244,7 @@ router.get(
router.post(
"/create/workflow",
userMiddleware,
async (req: AuthRequest, res) => {
async (req: AuthRequest, res: Response) => {

if (!req.user) {
return res.status(statusCodes.BAD_REQUEST).json({
Expand All @@ -253,7 +253,7 @@ router.post(
}
const Data = req.body;
const ParsedData = WorkflowSchema.safeParse(Data);
const UserID = req.user.id;
const UserID = req.user.sub;
// const UserID = "343c9a0a-9c3f-40d0-81de-9a5969e03f92";
// Ensure that the required fields are present in the parsed data and create the workflow properly.
if (!ParsedData.success) {
Expand Down Expand Up @@ -298,7 +298,7 @@ router.get(
return res
.status(statusCodes.UNAUTHORIZED)
.json({ message: "User is not logged in /not authorized" });
const userId = req.user.id;
const userId = req.user.sub;

const workflows = await prismaClient.workflow.findMany({
where: {
Expand All @@ -313,7 +313,7 @@ router.get(
console.log("The error is from getting wrkflows", error.message);

return res.status(statusCodes.INTERNAL_SERVER_ERROR).json({
meesage: "Internal Server Error From getting workflows for the user",
message: "Internal Server Error From getting workflows for the user",
});
}
}
Expand All @@ -328,7 +328,7 @@ router.get(
return res
.status(statusCodes.UNAUTHORIZED)
.json({ message: "User is not logged in /not authorized" });
const userId = req.user.id;
const userId = req.user.sub;
const workflow = await prismaClient.workflow.findFirst({
where: {
userId: userId,
Expand All @@ -348,7 +348,7 @@ router.get(
);

return res.status(statusCodes.INTERNAL_SERVER_ERROR).json({
meesage: "Internal Server Error From getting workflows for the user",
message: "Internal Server Error From getting workflows for the user",
});
}
}
Expand All @@ -363,7 +363,7 @@ router.get(
return res
.status(statusCodes.BAD_GATEWAY)
.json({ message: "User isnot logged in /not authorized" });
const userId = req.user.id;
const userId = req.user.sub;

const workflowId = req.params.workflowId;
const getWorkflow = await prismaClient.workflow.findFirst({
Expand Down Expand Up @@ -411,7 +411,7 @@ router.put("/workflow/update", userMiddleware, async (req: AuthRequest, res: Res
message: "User Not Authenticated"
})
}
const userId = req.user.id
const userId = req.user.sub
try {
const workflowValid = await prismaClient.workflow.findFirst({
where: { id: workflowId, userId: userId }
Expand Down Expand Up @@ -637,7 +637,7 @@ router.put(
}
);

router.post("/executeWorkflow", userMiddleware, async (req: AuthRequest, res) => {
router.post("/executeWorkflow", userMiddleware, async (req: AuthRequest, res: Response) => {
console.log("REcieved REquest to the execute route ")
const Data = req.body
if (!req.user) {
Expand All @@ -654,7 +654,7 @@ router.post("/executeWorkflow", userMiddleware, async (req: AuthRequest, res) =>
})
}
const workflowId = parsedData.data.workflowId;
const userId = req.user.id
const userId = req.user.sub
try {
const trigger = await prismaClient.workflow.findFirst({
where: { id: workflowId, userId: userId },
Expand Down Expand Up @@ -684,7 +684,7 @@ router.post("/executeWorkflow", userMiddleware, async (req: AuthRequest, res) =>
}
)
}
return res.status(200).json({
return res.status(statusCodes.OK).json({
success: true,
workflowExecutionId: data.data.workflowExecutionId
});
Expand Down
2 changes: 1 addition & 1 deletion apps/processor/src/lib/retry.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ export async function retryLogic<T>(
const result = await fn();
return result;
} catch (error) {
if (attempt === maxRetries - 1)
if (attempt === maxRetries)
throw Error("Max Retries Reached. Try again after some time");

const delay = Math.pow(2, attempt) * 1000;
Expand Down
24 changes: 22 additions & 2 deletions apps/worker/src/engine/executor.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,16 +62,36 @@ export async function executeWorkflow(
: String(currentInputData);
nodeConfig.body = nodeConfig.body + inputStr;
}
if(!node.CredentialsID){
await prismaClient.workflowExecution.update({
where: { id: workflowExecutionId },
data: {
status: "Failed",
error: "Credential id not found",
completedAt: new Date(),
},
});

await prismaClient.nodeExecution.update({
where: {id: nodeExecution.id},
data:{
status: "Failed",
error: "Credential id not found",
completedAt: new Date()
}
})
return;
}
const context = {
// nodeId: node.id,
userId: data.workflow.userId,
credId: node.CredentialsID,
credentialId: node.CredentialsID,
// config: node.config as Record<string, any>,
config: nodeConfig,
inputData: currentInputData,
};
console.log(`Executing with context: ${JSON.stringify(context)}`);
console.log(`Executing with context: ${context.credId}`);
console.log(`Executing with context: ${context.credentialId}`);

const execute = await ExecutionRegister.execute(nodeType, context);
if (!execute.success) {
Expand Down
47 changes: 0 additions & 47 deletions apps/worker/src/engine/registory.ts
View file
Open in desktop

This file was deleted.

4 changes: 2 additions & 2 deletions apps/worker/src/tests/test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import { executeWorkflow } from "../engine/executor.js";
import { register } from "../engine/registory.js";

// import { register } from "../engine/registory.js";
import { ExecutionRegister as register } from "@repo/nodes";
async function testDirect() {
console.log("🧪 Testing Gmail integration directly...\n");

Expand Down
16 changes: 0 additions & 16 deletions apps/worker/src/types.ts
View file
Open in desktop

This file was deleted.

6 changes: 3 additions & 3 deletions packages/nodes/src/common/google-oauth-service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,13 +85,13 @@ class GoogleOAuthService {

async getCredentials(
userId: string,
credId: string
credentialId: string
): Promise<{ id: string; tokens: OAuthTokens } | null> {
try {
console.log("user id: ", userId, " & ", credId, " from oauth service");
console.log("user id: ", userId, " & ", credentialId, " from oauth service");
const credentials = await this.prisma.credential.findFirst({
where: {
id: credId,
id: credentialId,
// userId: userId,
type: "google_oauth",
},
Comment on lines 92 to 97
Copy link

@coderabbitai coderabbitai bot Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Security concern: userId filter is commented out.

The userId is passed as a parameter but not used in the query filter (Line 95 is commented out). This means any user who knows a credentialId could potentially access credentials belonging to other users.

This is an authorization bypass risk. The query should verify that the credential belongs to the requesting user.

🔒 Proposed fix 
       const credentials = await this.prisma.credential.findFirst({
         where: {
           id: credentialId,
-          // userId: userId,
+          userId: userId,
           type: "google_oauth",
         },
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
const credentials = await this.prisma.credential.findFirst({
where: {
id: credId,
id: credentialId,
// userId: userId,
type: "google_oauth",
},
const credentials = await this.prisma.credential.findFirst({
where: {
id: credentialId,
userId: userId,
type: "google_oauth",
},
🤖 Prompt for AI Agents 
In `@packages/nodes/src/common/google-oauth-service.ts` around lines 92 - 97, The
findFirst query using this.prisma.credential.findFirst currently omits the user
filter (credentialId is checked but userId is commented out), allowing
credential access by ID alone; restore and use the passed userId in the where
clause (e.g., include userId: userId alongside id: credentialId and type:
"google_oauth") so the query only returns credentials owned by the requesting
user, and ensure any callers still pass a validated userId parameter when
invoking the method that performs this lookup.

Expand Down
4 changes: 2 additions & 2 deletions packages/nodes/src/gmail/gmail.executor.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ import { GoogleOAuthService } from "../common/google-oauth-service.js";
import { GmailService, GmailCredentials } from "./gmail.service.js";

interface NodeExecutionContext {
credId: string;
credentialId: string;
userId: string;
config?: any;
inputData?: any;
Expand All @@ -27,7 +27,7 @@ class GmailExecutor {
// Get credentials
const credentials = await this.oauthService.getCredentials(
context.userId,
context.credId
context.credentialId
);

if (!credentials) {
Expand Down
Loading