use env platform URL for datasource auth to prevent tenant overrides

packages/backend-core/src/middleware/passport/datasource/google.js

@@ -4,6 +4,7 @@ const google = require("../google")
 const { Configs, Cookies } = require("../../../constants")
 const { clearCookie, getCookie } = require("../../../utils")
 const { getDB } = require("../../../db")
+const environment = require("../../../environment")
 
 async function preAuth(passport, ctx, next) {
   const db = getGlobalDB()
@@ -12,10 +13,7 @@ async function preAuth(passport, ctx, next) {
     type: Configs.GOOGLE,
     workspace: ctx.query.workspace,
   })
-  const publicConfig = await getScopedConfig(db, {
+  let callbackUrl = `${environment.PLATFORM_URL}/api/global/auth/datasource/google/callback`
-    type: Configs.SETTINGS,
-  })
-  let callbackUrl = `${publicConfig.platformUrl}/api/global/auth/datasource/google/callback`
   const strategy = await google.strategyFactory(config, callbackUrl)
 
   if (!ctx.query.appId || !ctx.query.datasourceId) {
@@ -37,11 +35,7 @@ async function postAuth(passport, ctx, next) {
     workspace: ctx.query.workspace,
   })
 
-  const publicConfig = await getScopedConfig(db, {
+  let callbackUrl = `${environment.PLATFORM_URL}/api/global/auth/datasource/google/callback`
-    type: Configs.SETTINGS,
-  })
-
-  let callbackUrl = `${publicConfig.platformUrl}/api/global/auth/datasource/google/callback`
   const strategy = await google.strategyFactory(
     config,
     callbackUrl,

packages/worker/src/api/routes/global/auth.js

@@ -80,6 +80,11 @@ router
     updateTenant,
     authController.googleAuth
   )
+  .get(
+    "/api/global/auth/:tenantId/datasource/:provider/callback",
+    updateTenant,
+    authController.datasourceAuth
+  )
   .get(
     "/api/global/auth/:tenantId/oidc/configs/:configId",
     updateTenant,