fix(credential-sets): stop leaking open-invite tokens to all users

GET /api/credential-sets/invitations returned every pending, unexpired
link-only (null-email) invitation across all organizations, including the
bearer token. Any authenticated user could enumerate and accept another
org's invitation, joining its credential set (cross-tenant access).

Scope the listing strictly to invitations addressed to the caller's own
email. Open-link invites remain redeemable only via the out-of-band
/credential-account/[token] URL.

Author: waleedlatif1

apps/sim/app/api/credential-sets/invitations/route.ts

@@ -1,7 +1,7 @@
 import { db } from '@sim/db'
 import { credentialSet, credentialSetInvitation, organization, user } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { and, eq, gt, isNull, or } from 'drizzle-orm'
+import { and, eq, gt } from 'drizzle-orm'
 import { NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
@@ -16,6 +16,9 @@ export const GET = withRouteHandler(async () => {
   }
 
   try {
+    // Scope to invitations addressed to the caller's own email only. Open-link
+    // (null-email) invites carry a bearer token redeemed via the out-of-band URL
+    // and must never be listed, or any user could accept another org's invite.
     const invitations = await db
       .select({
         invitationId: credentialSetInvitation.id,
@@ -37,10 +40,7 @@ export const GET = withRouteHandler(async () => {
       .leftJoin(user, eq(credentialSetInvitation.invitedBy, user.id))
       .where(
         and(
-          or(
-            eq(credentialSetInvitation.email, session.user.email),
-            isNull(credentialSetInvitation.email)
-          ),
+          eq(credentialSetInvitation.email, session.user.email),
           eq(credentialSetInvitation.status, 'pending'),
           gt(credentialSetInvitation.expiresAt, new Date())
         )