fix: encrypt tokens at rest, invalidate cache on refresh, clean up logging

2026-05-05 13:52:40 +02:00 · 2026-04-22 20:08:19 +02:00 · 2026-04-22 20:08:19 +02:00 · a1d03da896
commit a1d03da896
parent 4915675f45
3 changed files with 103 additions and 75 deletions
--- a/surfsense_backend/app/routes/mcp_oauth_route.py
+++ b/surfsense_backend/app/routes/mcp_oauth_route.py
@ -79,16 +79,15 @@ async def _fetch_account_metadata(
                    "https://api.airtable.com/v0/meta/whoami",
                    headers={"Authorization": f"Bearer {access_token}"},
                )
-                if resp.status_code != 200:
-                    logger.warning(
-                        "Airtable whoami API response: status=%s body=%s",
-                        resp.status_code, resp.text[:300],
-                    )
                if resp.status_code == 200:
                    whoami = resp.json()
                    meta["user_id"] = whoami.get("id", "")
                    meta["user_email"] = whoami.get("email", "")
                    meta["display_name"] = whoami.get("email", "Airtable")
+                else:
+                    logger.warning(
+                        "Airtable whoami API returned %d (non-blocking)", resp.status_code,
+                    )

    except Exception:
        logger.warning(
@ -346,7 +345,6 @@ async def mcp_oauth_callback(
            "server_config": {
                "transport": "streamable-http",
                "url": mcp_url,
-                "headers": {"Authorization": f"Bearer {access_token}"},
            },
            "mcp_service": svc_key,
            "mcp_oauth": {