Skip to content

Commit 06dd811

Browse files
authored
fix(google-forms): fail-closed auth, legacy formId key fallback, idempotency (#5377)
- verifyAuth now rejects with 401 when no token is configured instead of silently allowing unauthenticated requests through - formatInput falls back to the legacy formId providerConfig key (pre-#3141 rename to triggerFormId) so old deployments keep working - add extractIdempotencyId keyed on formId:responseId to dedupe retried Apps Script deliveries
1 parent f6b802e commit 06dd811

1 file changed

Lines changed: 23 additions & 2 deletions

File tree

apps/sim/lib/webhooks/providers/google-forms.ts

Lines changed: 23 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,12 @@ export const googleFormsHandler: WebhookProviderHandler = {
2929
const responseId = (b?.responseId || b?.id || '') as string
3030
const createTime = (b?.createTime || b?.timestamp || new Date().toISOString()) as string
3131
const lastSubmittedTime = (b?.lastSubmittedTime || createTime) as string
32-
const formId = (b?.formId || providerConfig.formId || '') as string
32+
// triggerFormId is the current subBlock id; formId is the pre-#3141 id still
33+
// present in provider_config for webhooks deployed before that rename.
34+
const formId = (b?.formId ||
35+
providerConfig.triggerFormId ||
36+
providerConfig.formId ||
37+
'') as string
3338
const includeRaw = providerConfig.includeRawPayload !== false
3439
return {
3540
input: {
@@ -46,7 +51,10 @@ export const googleFormsHandler: WebhookProviderHandler = {
4651
verifyAuth({ request, requestId, providerConfig }: AuthContext) {
4752
const expectedToken = providerConfig.token as string | undefined
4853
if (!expectedToken) {
49-
return null
54+
logger.warn(`[${requestId}] Google Forms webhook secret not configured`)
55+
return new NextResponse('Unauthorized - Missing Google Forms webhook secret', {
56+
status: 401,
57+
})
5058
}
5159

5260
const secretHeaderName = providerConfig.secretHeaderName as string | undefined
@@ -57,4 +65,17 @@ export const googleFormsHandler: WebhookProviderHandler = {
5765

5866
return null
5967
},
68+
69+
extractIdempotencyId(body: unknown): string | null {
70+
const b = body as Record<string, unknown>
71+
// Mirrors formatInput's responseId resolution. formId is deliberately not part
72+
// of this key: the final key is already scoped by webhookId (one webhook per
73+
// deployed form), and extractIdempotencyId has no access to providerConfig, so
74+
// a body-only formId fallback would risk a bogus 'unknown' segment.
75+
const responseId = (b?.responseId || b?.id) as string | undefined
76+
if (typeof responseId !== 'string' || !responseId) {
77+
return null
78+
}
79+
return `google_forms:${responseId}`
80+
},
6081
}

0 commit comments

Comments
 (0)