From 90fee1b0c4020f02c7bdcf97a53ba761d5a73910 Mon Sep 17 00:00:00 2001
From: Pontus Dreij <pontus.dreij@scandichotels.com>
Date: Tue, 18 Feb 2025 11:42:18 +0000
Subject: [PATCH] Merged in fix/get-booking-as-user (pull request #1366)

Fix: Use session.token.access_token if session exists in booking confirmation, else use serviceToken

* Fix: Added service token to safeProtectedProcedure

* fix: use of safeProtectedServiceProcedure


Approved-by: Michael Zetterberg
---
 server/routers/booking/query.ts | 12 +++++++++---
 server/routers/hotels/output.ts |  2 +-
 server/trpc.ts                  |  1 -
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/server/routers/booking/query.ts b/server/routers/booking/query.ts
index a59e2469e..46d6dbf3d 100644
--- a/server/routers/booking/query.ts
+++ b/server/routers/booking/query.ts
@@ -3,7 +3,11 @@ import { metrics } from "@opentelemetry/api"
 import * as api from "@/lib/api"
 import { dt } from "@/lib/dt"
 import { badRequestError, serverErrorByStatus } from "@/server/errors/trpc"
-import { router, serviceProcedure } from "@/server/trpc"
+import {
+  router,
+  safeProtectedServiceProcedure,
+  serviceProcedure,
+} from "@/server/trpc"
 
 import { getHotel } from "../hotels/query"
 import { bookingConfirmationInput, getBookingStatusInput } from "./input"
@@ -30,16 +34,18 @@ const getBookingStatusFailCounter = meter.createCounter(
 )
 
 export const bookingQueryRouter = router({
-  confirmation: serviceProcedure
+  confirmation: safeProtectedServiceProcedure
     .input(bookingConfirmationInput)
     .query(async function ({ ctx, input: { confirmationNumber } }) {
       getBookingConfirmationCounter.add(1, { confirmationNumber })
 
+      const token = ctx.session?.token.access_token ?? ctx.serviceToken
+
       const apiResponse = await api.get(
         api.endpoints.v1.Booking.booking(confirmationNumber),
         {
           headers: {
-            Authorization: `Bearer ${ctx.serviceToken}`,
+            Authorization: `Bearer ${token}`,
           },
         }
       )
diff --git a/server/routers/hotels/output.ts b/server/routers/hotels/output.ts
index d103abba3..f35c4a844 100644
--- a/server/routers/hotels/output.ts
+++ b/server/routers/hotels/output.ts
@@ -365,7 +365,7 @@ export const ancillaryPackagesSchema = z
             id: item.id,
             title: item.title,
             description: item.descriptions.html,
-            imageUrl: item.images[0].imageSizes.small,
+            imageUrl: item.images[0]?.imageSizes.small,
             price: {
               total: parseInt(item.variants.ancillary.price.totalPrice),
               currency: item.variants.ancillary.price.currency,
diff --git a/server/trpc.ts b/server/trpc.ts
index 5751d929b..23c48e5c7 100644
--- a/server/trpc.ts
+++ b/server/trpc.ts
@@ -117,7 +117,6 @@ export const protectedProcedure = baseProcedure.use(async function (opts) {
 
 export const safeProtectedProcedure = baseProcedure.use(async function (opts) {
   const authRequired = opts.meta?.authRequired ?? true
-
   let session: Session | null = await opts.ctx.auth()
   if (!authRequired && env.NODE_ENV === "development") {
     console.info(