fix: user authentication interface

server/src/routes/auth.ts

@@ -146,7 +146,12 @@ router.get('/api-key', requireSignIn, async (req: AuthenticatedRequest, res) =>
     }
 });
 
-router.delete('/delete-api-key', requireSignIn, async (req, res) => {
+router.delete('/delete-api-key', requireSignIn, async (req: AuthenticatedRequest, res) => {
+
+    if (!req.user) {
+        return res.status(401).send({ error: 'Unauthorized' });
+    }
+
     try {
         const user = await User.findByPk(req.user.id, { raw: true });
 
@@ -193,7 +198,7 @@ router.get('/google', (req, res) => {
 });
 
 // Step 2: Handle Google OAuth callback
-router.get('/google/callback', requireSignIn, async (req, res) => {
+router.get('/google/callback', requireSignIn, async (req: AuthenticatedRequest, res) => {
     const { code, state } = req.query;
     try {
         if (!state) {
@@ -217,6 +222,10 @@ router.get('/google/callback', requireSignIn, async (req, res) => {
             return res.status(400).json({ message: 'Email not found' });
         }
 
+        if (!req.user) {
+            return res.status(401).send({ error: 'Unauthorized' });
+          }
+
         // Get the currently authenticated user (from `requireSignIn`)
         let user = await User.findOne({ where: { id: req.user.id } });
 
@@ -264,8 +273,11 @@ router.get('/google/callback', requireSignIn, async (req, res) => {
 });
 
 // Step 3: Get data from Google Sheets
-router.post('/gsheets/data', requireSignIn, async (req, res) => {
+router.post('/gsheets/data', requireSignIn, async (req: AuthenticatedRequest, res) => {
     const { spreadsheetId, robotId } = req.body;
+    if (!req.user) {
+        return res.status(401).send({ error: 'Unauthorized' });
+      }
     const user = await User.findByPk(req.user.id, { raw: true });
 
     if (!user) {

server/src/routes/integration.ts

@@ -1,6 +1,6 @@
 import { Router } from 'express';
 import logger from "../logger";
-import { loadIntegrations, saveIntegrations } from '../workflow-management/integrations/gsheet';
+// import { loadIntegrations, saveIntegrations } from '../workflow-management/integrations/gsheet';
 import { requireSignIn } from '../middlewares/auth';
 
 export const router = Router();
@@ -12,11 +12,6 @@ router.post('/upload-credentials', requireSignIn, async (req, res) => {
       return res.status(400).json({ message: 'Credentials, Spreadsheet ID, and Range are required.' });
     }
     // *** TEMPORARILY WE STORE CREDENTIALS HERE ***
-    let integrations = loadIntegrations(fileName);
-    integrations = { fileName, spreadsheetId, range, credentials };
-    saveIntegrations(fileName, integrations);
-    logger.log('info', 'Service account credentials saved successfully.');
-    return res.send(true);
   } catch (error: any) {
     logger.log('error', `Error saving credentials: ${error.message}`);
     return res.status(500).json({ message: 'Failed to save credentials.', error: error.message });

server/src/routes/record.ts

@@ -1,7 +1,7 @@
 /**
  * RESTful API endpoints handling remote browser recording sessions.
  */
-import { Router } from 'express';
+import { Router, Request, Response } from 'express';
 
 import {
     initializeRemoteBrowserForRecording,
@@ -20,6 +20,11 @@ import { requireSignIn } from '../middlewares/auth';
 export const router = Router();
 chromium.use(stealthPlugin());
 
+
+export interface AuthenticatedRequest extends Request {
+    user?: any;
+}
+
 /**
  * Logs information about remote browser recording session.
  */
@@ -32,7 +37,10 @@ router.all('/', requireSignIn, (req, res, next) => {
  * GET endpoint for starting the remote browser recording session.
  * returns session's id
  */
-router.get('/start', requireSignIn, async (req, res) => {
+router.get('/start', requireSignIn, async (req: AuthenticatedRequest, res: Response) => {
+    if (!req.user) {
+        return res.status(401).send('User not authenticated');
+    }
     const proxyConfig = await getDecryptedProxyConfig(req.user.id);
     // Prepare the proxy options dynamically based on the user's proxy configuration
     let proxyOptions: any = {}; // Default to no proxy

server/src/routes/storage.ts

@@ -13,6 +13,7 @@ import Robot from '../models/Robot';
 import Run from '../models/Run';
 import { BinaryOutputService } from '../storage/mino';
 import { workflowQueue } from '../worker';
+import { AuthenticatedRequest } from './record';
 
 export const router = Router();
 
@@ -101,7 +102,7 @@ router.delete('/runs/:id', requireSignIn, async (req, res) => {
  * PUT endpoint for starting a remote browser instance and saving run metadata to the storage.
  * Making it ready for interpretation and returning a runId.
  */
-router.put('/runs/:id', requireSignIn, async (req, res) => {
+router.put('/runs/:id', requireSignIn, async (req: AuthenticatedRequest, res) => {
   try {
     const recording = await Robot.findOne({
       where: {
@@ -114,6 +115,10 @@ router.put('/runs/:id', requireSignIn, async (req, res) => {
       return res.status(404).send({ error: 'Recording not found' });
     }
 
+    if (!req.user) {
+      return res.status(401).send({ error: 'Unauthorized' });
+    }
+
     const proxyConfig = await getDecryptedProxyConfig(req.user.id);
     let proxyOptions: any = {};
 
@@ -242,7 +247,7 @@ router.post('/runs/run/:id', requireSignIn, async (req, res) => {
   }
 });
 
-router.put('/schedule/:id/', requireSignIn, async (req, res) => {
+router.put('/schedule/:id/', requireSignIn, async (req: AuthenticatedRequest, res) => {
   console.log(req.body);
   try {
     const { id } = req.params;
@@ -333,6 +338,10 @@ router.put('/schedule/:id/', requireSignIn, async (req, res) => {
       return res.status(400).json({ error: 'Invalid cron expression generated' });
     }
 
+    if (!req.user) {
+      return res.status(401).send({ error: 'Unauthorized' });
+    }
+
     const runId = uuid();
     const userId = req.user.id;