openintegrations · pellicceama · Jan 28, 2025 · Jan 28, 2025 · Jan 28, 2025 · Jan 28, 2025
diff --git a/kits/cdk/internal/oauthConnector.ts b/kits/cdk/internal/oauthConnector.ts
@@ -27,6 +27,26 @@ export const zOauthConnectionError = z.object({
   message: z.string().nullish(),
 })
 
+const zOauthCredentials = z.object({
+  type: zAuthMode,
+  /** For API key auth... */
+  api_key: z.string().nullish(),
+  access_token: z.string().optional(),
+  refresh_token: z.string().optional(),
+  // sometimes this is missing from the response
+  expires_at: z.string().datetime().optional(),
+  raw: z.object({
+    access_token: z.string(),
+    // sometimes this is missing from the response
+    expires_in: z.number().optional(),
+    expires_at: z.string().datetime().optional(),
+    /** Refresh token (Only returned if the REFRESH_TOKEN boolean parameter is set to true and the refresh token is available) */
+    refresh_token: z.string().nullish(),
+    refresh_token_expires_in: z.number().nullish(),
+    token_type: z.string(), //'bearer',
+    scope: z.string().optional(),
+  }),
+});
 export const oauthBaseSchema = {
   name: z.literal('__oauth__'), // TODO: This is a noop
   connectorConfig: z.object({
@@ -40,24 +60,7 @@ export const oauthBaseSchema = {
   connectionSettings: z.object({
     // equivalent to nango /v1/connections data.connection object with certain fields removed like id
     oauth: z.object({
-      credentials: z.object({
-        type: zAuthMode,
-        /** For API key auth... */
-        api_key: z.string().nullish(),
-        access_token: z.string().optional(),
-        refresh_token: z.string().optional(),
-        expires_at: z.string().datetime(),
-        raw: z.object({
-          access_token: z.string(),
-          expires_in: z.number(),
-          expires_at: z.string().datetime(),
-          /** Refresh token (Only returned if the REFRESH_TOKEN boolean parameter is set to true and the refresh token is available) */
-          refresh_token: z.string().nullish(),
-          refresh_token_expires_in: z.number().nullish(),
-          token_type: z.string(), //'bearer',
-          scope: z.string().optional(),
-        }),
-      }),
+      credentials: zOauthCredentials,
       connection_config: z
         .object({
           portalId: z.number().nullish(),
@@ -156,6 +159,17 @@ export function makeOauthConnectorServer({
           },
         })
         .then((r) => r.data as OauthBaseTypes['connectionSettings'])
+
+
+      const parsed = zOauthCredentials.safeParse(res)
+      if (!parsed.success) {
+        console.error(
+          'Provider did not return valid connection settings',
+          parsed?.error?.format(),
+        )
+        throw new Error('Provider did not return valid connection settings')
+      }
+
       return {
         connectionExternalId: extractId(connId)[2],
         settings: {

diff --git a/packages/api/proxyHandler.ts b/packages/api/proxyHandler.ts
@@ -14,8 +14,7 @@ export const proxyHandler = async (req: Request) => {
   const protectedContext = getProtectedContext(ctx)
   const remoteContext = await getRemoteContext(protectedContext)
 
-  const credentialsExpired = remoteContext.remote.settings.oauth?.credentials
-    .expires_at
+  const credentialsExpired = remoteContext.remote.settings.oauth?.credentials?.expires_at
     ? new Date(remoteContext.remote.settings.oauth.credentials.expires_at) <
       new Date()
     : false

diff --git a/packages/engine-backend/router/connectionRouter.ts b/packages/engine-backend/router/connectionRouter.ts
@@ -262,9 +262,9 @@ export const connectionRouter = trpc.router({
     .output(z.object({}))
     .mutation(async ({input: {id: connId, ...opts}, ctx}) => {
       if (ctx.viewer.role === 'customer') {
-        await ctx.services.getConnectionOrFail(connId)
+        await ctx.services.getConnectionOrFail(connId, true)
       }
-      const conn = await ctx.asOrgIfNeeded.getConnectionExpandedOrFail(connId)
+      const conn = await ctx.asOrgIfNeeded.getConnectionExpandedOrFail(connId, true)
       const {settings, connectorConfig: ccfg} = conn
       if (!opts?.skipRevoke) {
         await ccfg.connector.revokeConnection?.(

diff --git a/packages/engine-backend/services/dbService.ts b/packages/engine-backend/services/dbService.ts
@@ -142,18 +142,18 @@ export function makeDBService({
     return getOrFail(tableName, id)
   }
 
-  const getConnectorConfigInfoOrFail = (id: Id['ccfg']) =>
+  const getConnectorConfigInfoOrFail = (id: Id['ccfg'], skipValidation = false) =>
     metaService.listConnectorConfigInfos({id}).then((ints) => {
       if (!ints[0]) {
         throw new TRPCError({
           code: 'NOT_FOUND',
           message: `ccfg info not found: ${id}`,
         })
       }
-      return ints[0]
+      return skipValidation ? ints[0] : zRaw.connector_config.parse(ints[0])
     })
 
-  const getConnectorConfigOrFail = (id: Id['ccfg']) =>
+  const getConnectorConfigOrFail = (id: Id['ccfg'], skipValidation = false) =>
     metaService.tables.connector_config.get(id).then((_ccfg) => {
       if (!_ccfg) {
         throw new TRPCError({
@@ -163,11 +163,13 @@ export function makeDBService({
       }
       const int = zRaw.connector_config.parse(_ccfg)
       const connector = getConnectorOrFail(int.id)
-      const config: {} = connector.schemas.connectorConfig?.parse(int.config)
+      const config: {} = skipValidation
+        ? int.config
+        : connector.schemas.connectorConfig?.parse(int.config)
       return {...int, connector, config}
     })
 
-  const getIntegrationOrFail = (id: Id['int']) =>
+  const getIntegrationOrFail = (id: Id['int'], skipValidation = false) =>
     metaService.tables.integration.get(id).then(async (ins) => {
       if (!ins) {
         throw new TRPCError({
@@ -182,49 +184,54 @@ export function makeDBService({
         ins.standard = provider?.standardMappers?.integration?.(ins.external)
         await metaLinks.patch('integration', ins.id, {standard: ins.standard})
       }
-      return zRaw.integration.parse(ins)
+      return skipValidation ? ins : zRaw.integration.parse(ins)
     })
-  const getConnectionOrFail = (id: Id['conn']) =>
+  const getConnectionOrFail = (id: Id['conn'], skipValidation = false) =>
     metaService.tables.connection.get(id).then((conn) => {
       if (!conn) {
         throw new TRPCError({
           code: 'NOT_FOUND',
           message: `conn not found: ${id}`,
         })
       }
-      return zRaw.connection.parse(conn)
+      if (!skipValidation) {
+        return zRaw.connection.parse(conn)
+      }
+      return conn
     })
-  const getPipelineOrFail = (id: Id['pipe']) =>
+  const getPipelineOrFail = (id: Id['pipe'], skipValidation = false) =>
     metaService.tables.pipeline.get(id).then((pipe) => {
       if (!pipe) {
         throw new TRPCError({
           code: 'NOT_FOUND',
           message: `pipe not found: ${id}`,
         })
       }
-      return zRaw.pipeline.parse(pipe)
+      return skipValidation ? pipe : zRaw.pipeline.parse(pipe)
     })
 
-  const getConnectionExpandedOrFail = (id: Id['conn']) =>
+  const getConnectionExpandedOrFail = (id: Id['conn'], skipValidation = false) =>
     getConnectionOrFail(id).then(async (conn) => {
-    getConnectionOrFail(id).then(async (conn) => {
+    getConnectionOrFail(id, skipValidation)
-    getConnectionOrFail(id).then(async (conn) => {
+    getConnectionOrFail(id, skipValidation)
       const connectorConfig = await getConnectorConfigOrFail(
         conn.connectorConfigId,
+        skipValidation,
       )
-      const settings: {} =
-        connectorConfig.connector.schemas.connectionSettings?.parse(
-          conn.settings,
-        )
+      const settings: {} = skipValidation
+        ? conn.settings
+        : connectorConfig.connector.schemas.connectionSettings?.parse(
+            conn.settings,
+          )
       const integration = conn.integrationId
-        ? await getIntegrationOrFail(conn.integrationId)
+        ? await getIntegrationOrFail(conn.integrationId, skipValidation)
         : undefined
       return {...conn, connectorConfig, settings, integration}
     })
 
-  const getPipelineExpandedOrFail = (id: Id['pipe']) =>
+  const getPipelineExpandedOrFail = (id: Id['pipe'], skipValidation = false) =>
     getPipelineOrFail(id).then(async (pipe) => {
       const [source, destination] = await Promise.all([
-        getConnectionExpandedOrFail(pipe.sourceId!),
-        getConnectionExpandedOrFail(pipe.destinationId!),
+        getConnectionExpandedOrFail(pipe.sourceId!, skipValidation),
+        getConnectionExpandedOrFail(pipe.destinationId!, skipValidation),
       ])
       // if (
       //   pipe.sourceState != null &&
@@ -244,13 +251,17 @@ export function makeDBService({
       //     message: `destinationState is not supported for ${destination.connectorConfig.connector.name}`,
       //   })
       // }
-      const sourceState: {} = (
-        source.connectorConfig.connector.schemas.sourceState ?? z.unknown()
-      ).parse(pipe.sourceState)
-      const destinationState: {} = (
-        destination.connectorConfig.connector.schemas.destinationState ??
-        z.unknown()
-      ).parse(pipe.destinationState)
+      const sourceState: {} = skipValidation
+        ? pipe.sourceState
+        : (
+            source.connectorConfig.connector.schemas.sourceState ?? z.unknown()
+          ).parse(pipe.sourceState)
+      const destinationState: {} = skipValidation
+        ? pipe.destinationState
+        : (
+            destination.connectorConfig.connector.schemas.destinationState ??
+            z.unknown()
+          ).parse(pipe.destinationState)
       // const links = R.pipe(
       //   rest.linkOptions ?? pipeline?.linkOptions ?? [],
       //   R.map((l) =>