Merge branch 'main' of https://github.com/trycompai/comp into chas/remove-hosts-when-removing-member

Author: chasprowebdev

apps/api/src/integration-platform/controllers/checks.controller.ts

@@ -17,6 +17,7 @@ import { ConnectionRepository } from '../repositories/connection.repository';
 import { CredentialVaultService } from '../services/credential-vault.service';
 import { ProviderRepository } from '../repositories/provider.repository';
 import { CheckRunRepository } from '../repositories/check-run.repository';
+import { getStringValue, toStringCredentials } from '../utils/credential-utils';
 
 interface RunChecksDto {
   checkId?: string;
@@ -199,10 +200,12 @@ export class ChecksController {
 
     try {
       // Run checks
+      const accessToken = getStringValue(credentials.access_token);
+      const stringCredentials = toStringCredentials(credentials);
       const result = await runAllChecks({
         manifest,
-        accessToken: credentials.access_token ?? undefined,
-        credentials: credentials,
+        accessToken,
+        credentials: stringCredentials,
         variables,
         connectionId,
         organizationId: connection.organizationId,

apps/api/src/integration-platform/controllers/connections.controller.ts

@@ -23,18 +23,26 @@ import {
   TASK_TEMPLATE_INFO,
   type OAuthConfig,
   type TaskTemplateId,
+  type IntegrationCredentials,
 } from '@comp/integration-platform';
 
 interface CreateConnectionDto {
   providerSlug: string;
   organizationId: string;
-  credentials?: Record<string, string>;
+  credentials?: Record<string, string | string[]>;
 }
 
 interface ListConnectionsQuery {
   organizationId: string;
 }
 
+const hasCredentialValue = (value?: string | string[]): boolean => {
+  if (Array.isArray(value)) {
+    return value.length > 0;
+  }
+  return typeof value === 'string' && value.trim().length > 0;
+};
+
 @Controller({ path: 'integrations/connections', version: '1' })
 export class ConnectionsController {
   private readonly logger = new Logger(ConnectionsController.name);
@@ -402,7 +410,9 @@ export class ConnectionsController {
     }
 
     try {
-      const isValid = await manifest.handler.testConnection(credentials);
+      const isValid = await manifest.handler.testConnection(
+        credentials as IntegrationCredentials,
+      );
 
       if (isValid) {
         await this.connectionService.activateConnection(connection.id);
@@ -575,7 +585,10 @@ export class ConnectionsController {
     }
 
     // For OAuth, validate access_token exists
-    if (manifest.auth.type === 'oauth2' && !credentials.access_token) {
+    const accessToken =
+      typeof credentials.access_token === 'string' ? credentials.access_token : undefined;
+
+    if (manifest.auth.type === 'oauth2' && !accessToken) {
       throw new HttpException(
         'No valid OAuth credentials found. Please reconnect.',
         HttpStatus.BAD_REQUEST,
@@ -585,7 +598,7 @@ export class ConnectionsController {
     // For API key auth, validate key exists
     if (manifest.auth.type === 'api_key') {
       const apiKeyField = manifest.auth.config.name;
-      if (!credentials[apiKeyField] && !credentials.api_key) {
+      if (!hasCredentialValue(credentials[apiKeyField]) && !hasCredentialValue(credentials.api_key)) {
         throw new HttpException('API key not found', HttpStatus.BAD_REQUEST);
       }
     }
@@ -594,7 +607,7 @@ export class ConnectionsController {
     if (manifest.auth.type === 'basic') {
       const usernameField = manifest.auth.config.usernameField || 'username';
       const passwordField = manifest.auth.config.passwordField || 'password';
-      if (!credentials[usernameField] || !credentials[passwordField]) {
+      if (!hasCredentialValue(credentials[usernameField]) || !hasCredentialValue(credentials[passwordField])) {
         throw new HttpException(
           'Username and password required',
           HttpStatus.BAD_REQUEST,
@@ -615,7 +628,7 @@ export class ConnectionsController {
 
     return {
       success: true,
-      accessToken: credentials.access_token ?? undefined,
+      accessToken,
       credentials,
     };
   }
@@ -627,7 +640,7 @@ export class ConnectionsController {
   async updateCredentials(
     @Param('id') id: string,
     @Query('organizationId') organizationId: string,
-    @Body() body: { credentials: Record<string, string> },
+    @Body() body: { credentials: Record<string, string | string[]> },
   ) {
     if (!organizationId) {
       throw new HttpException(

apps/api/src/integration-platform/controllers/sync.controller.ts

@@ -1318,7 +1318,12 @@ export class SyncController {
       type: 'system';
     }
 
-    const apiKey = credentials.api_key;
+    const apiKey = Array.isArray(credentials.api_key)
+      ? credentials.api_key[0]
+      : credentials.api_key;
+    if (!apiKey) {
+      throw new HttpException('API key not found', HttpStatus.BAD_REQUEST);
+    }
     const users: JumpCloudUser[] = [];
 
     try {

apps/api/src/integration-platform/controllers/task-integrations.controller.ts

@@ -21,6 +21,7 @@ import { ProviderRepository } from '../repositories/provider.repository';
 import { CheckRunRepository } from '../repositories/check-run.repository';
 import { CredentialVaultService } from '../services/credential-vault.service';
 import { OAuthCredentialsService } from '../services/oauth-credentials.service';
+import { getStringValue, toStringCredentials } from '../utils/credential-utils';
 import { db } from '@db';
 import type { Prisma } from '@prisma/client';
 
@@ -346,10 +347,12 @@ export class TaskIntegrationsController {
 
     try {
       // Run the specific check
+      const accessToken = getStringValue(credentials.access_token);
+      const stringCredentials = toStringCredentials(credentials);
       const result = await runAllChecks({
         manifest,
-        accessToken: credentials.access_token ?? undefined,
-        credentials: credentials,
+        accessToken,
+        credentials: stringCredentials,
         variables,
         connectionId,
         organizationId,

apps/api/src/integration-platform/controllers/variables.controller.ts

@@ -227,7 +227,9 @@ export class VariablesController {
     const credentials =
       await this.credentialVaultService.getDecryptedCredentials(connectionId);
 
-    if (!credentials?.access_token) {
+    const accessToken =
+      typeof credentials?.access_token === 'string' ? credentials.access_token : undefined;
+    if (!accessToken) {
       throw new HttpException(
         'No valid credentials found',
         HttpStatus.BAD_REQUEST,
@@ -239,12 +241,12 @@ export class VariablesController {
 
     const buildHeaders = () => ({
       ...defaultHeaders,
-      Authorization: `Bearer ${credentials.access_token}`,
+      Authorization: `Bearer ${accessToken}`,
     });
 
     // Create minimal context for fetching options
     const fetchContext = {
-      accessToken: credentials.access_token,
+      accessToken,
 
       fetch: async <T = unknown>(path: string): Promise<T> => {
         const url = new URL(path, baseUrl);

apps/api/src/integration-platform/repositories/connection.repository.ts

@@ -38,13 +38,9 @@ export class ConnectionRepository {
     providerId: string,
     organizationId: string,
   ): Promise<IntegrationConnection | null> {
-    return db.integrationConnection.findUnique({
-      where: {
-        providerId_organizationId: {
-          providerId,
-          organizationId,
-        },
-      },
+    return db.integrationConnection.findFirst({
+      where: { providerId, organizationId },
+      orderBy: { createdAt: 'desc' },
       include: {
         provider: true,
       },
@@ -146,13 +142,8 @@ export class ConnectionRepository {
     providerId: string,
     organizationId: string,
   ): Promise<void> {
-    await db.integrationConnection.delete({
-      where: {
-        providerId_organizationId: {
-          providerId,
-          organizationId,
-        },
-      },
+    await db.integrationConnection.deleteMany({
+      where: { providerId, organizationId },
     });
   }
 }

apps/api/src/integration-platform/services/connection-auth-teardown.service.ts

@@ -30,7 +30,8 @@ export class ConnectionAuthTeardownService {
 
     const credentials =
       await this.credentialVaultService.getDecryptedCredentials(connectionId);
-    const accessToken = credentials?.access_token;
+    const accessToken =
+      typeof credentials?.access_token === 'string' ? credentials.access_token : undefined;
 
     if (providerSlug && accessToken) {
       try {

apps/api/src/integration-platform/services/credential-vault.service.ts

@@ -159,16 +159,25 @@ export class CredentialVaultService {
    */
   async storeApiKeyCredentials(
     connectionId: string,
-    credentials: Record<string, string>,
+    credentials: Record<string, string | string[]>,
   ): Promise<void> {
     const encryptedPayload: Record<string, unknown> = {};
 
     for (const [key, value] of Object.entries(credentials)) {
       if (typeof value === 'string') {
         encryptedPayload[key] = await this.encrypt(value);
-      } else {
-        encryptedPayload[key] = value;
+        continue;
+      }
+
+      if (Array.isArray(value)) {
+        const encryptedItems = await Promise.all(
+          value.map((item) => (typeof item === 'string' ? this.encrypt(item) : item)),
+        );
+        encryptedPayload[key] = encryptedItems;
+        continue;
       }
+
+      encryptedPayload[key] = value;
     }
 
     const credentialVersion = await this.credentialRepository.create({
@@ -190,7 +199,7 @@ export class CredentialVaultService {
    */
   async getDecryptedCredentials(
     connectionId: string,
-  ): Promise<Record<string, string> | null> {
+  ): Promise<Record<string, string | string[]> | null> {
     const latestVersion =
       await this.credentialRepository.findLatestByConnection(connectionId);
     if (!latestVersion) return null;
@@ -199,13 +208,23 @@ export class CredentialVaultService {
       string,
       unknown
     >;
-    const decrypted: Record<string, string> = {};
+    const decrypted: Record<string, string | string[]> = {};
 
     for (const [key, value] of Object.entries(encryptedPayload)) {
       if (this.isEncryptedData(value)) {
         decrypted[key] = await this.decrypt(value);
       } else if (typeof value === 'string') {
         decrypted[key] = value;
+      } else if (Array.isArray(value)) {
+        const decryptedItems = await Promise.all(
+          value.map(async (item) => {
+            if (this.isEncryptedData(item)) {
+              return this.decrypt(item);
+            }
+            return typeof item === 'string' ? item : '';
+          }),
+        );
+        decrypted[key] = decryptedItems.filter((item) => item.length > 0);
       }
     }
 
@@ -228,7 +247,7 @@ export class CredentialVaultService {
    */
   async rotateCredentials(
     connectionId: string,
-    newCredentials: Record<string, string>,
+    newCredentials: Record<string, string | string[]>,
   ): Promise<void> {
     const latestVersion =
       await this.credentialRepository.findLatestByConnection(connectionId);
@@ -270,7 +289,7 @@ export class CredentialVaultService {
    */
   async getRefreshToken(connectionId: string): Promise<string | null> {
     const credentials = await this.getDecryptedCredentials(connectionId);
-    return credentials?.refresh_token || null;
+    return typeof credentials?.refresh_token === 'string' ? credentials.refresh_token : null;
   }
 
   /**
@@ -395,6 +414,6 @@ export class CredentialVaultService {
 
     // Get current credentials
     const credentials = await this.getDecryptedCredentials(connectionId);
-    return credentials?.access_token || null;
+    return typeof credentials?.access_token === 'string' ? credentials.access_token : null;
   }
 }

apps/api/src/integration-platform/utils/credential-utils.ts

@@ -0,0 +1,35 @@
+/**
+ * Shared credential utility functions for normalizing credential values
+ * across controllers that handle integration credentials.
+ */
+
+/**
+ * Extracts a single string value from a credential that may be string or string[]
+ * @param value - The credential value which may be string or string[]
+ * @returns The first string value, or undefined if no value exists
+ */
+export function getStringValue(value?: string | string[]): string | undefined {
+  if (Array.isArray(value)) {
+    return value[0];
+  }
+  return value;
+}
+
+/**
+ * Normalizes credentials from Record<string, string | string[]> to Record<string, string>
+ * by extracting the first value from arrays
+ * @param credentials - The credentials object with potential array values
+ * @returns A normalized credentials object with only string values
+ */
+export function toStringCredentials(
+  credentials: Record<string, string | string[]>,
+): Record<string, string> {
+  const normalized: Record<string, string> = {};
+  for (const [key, value] of Object.entries(credentials)) {
+    const stringValue = getStringValue(value);
+    if (typeof stringValue === 'string' && stringValue.length > 0) {
+      normalized[key] = stringValue;
+    }
+  }
+  return normalized;
+}

apps/app/package.json

@@ -111,7 +111,7 @@
     "sonner": "^2.0.5",
     "stripe": "^20.0.0",
     "swr": "^2.3.4",
-    "three": "^0.177.0",
+    "three": "^0.182.0",
     "ts-pattern": "^5.7.0",
     "use-debounce": "^10.0.4",
     "use-long-press": "^3.3.0",