Refactor invalid scopes
This commit is contained in:
parent
48dde246e9
commit
57a4bbc071
|
@ -57,6 +57,7 @@ function useAddAppMutation(_type: App["type"] | null, allOptions?: UseAddAppMuta
|
|||
{ variant: variables && variables.variant, slug: variables && variables.slug },
|
||||
location.search
|
||||
),
|
||||
fromApp: true,
|
||||
...(type === "google_calendar" && { installGoogleVideo: options?.installGoogleVideo }),
|
||||
...(teamId && { teamId }),
|
||||
};
|
||||
|
|
|
@ -8,7 +8,7 @@ import { defaultHandler, defaultResponder } from "@calcom/lib/server";
|
|||
import getAppKeysFromSlug from "../../_utils/getAppKeysFromSlug";
|
||||
import { encodeOAuthState } from "../../_utils/oauth/encodeOAuthState";
|
||||
|
||||
const scopes = [
|
||||
export const scopes = [
|
||||
"https://www.googleapis.com/auth/calendar.readonly",
|
||||
"https://www.googleapis.com/auth/calendar.events",
|
||||
];
|
||||
|
|
|
@ -10,6 +10,7 @@ import prisma from "@calcom/prisma";
|
|||
import getAppKeysFromSlug from "../../_utils/getAppKeysFromSlug";
|
||||
import getInstalledAppPath from "../../_utils/getInstalledAppPath";
|
||||
import { decodeOAuthState } from "../../_utils/oauth/decodeOAuthState";
|
||||
import { scopes } from "./add";
|
||||
|
||||
let client_id = "";
|
||||
let client_secret = "";
|
||||
|
@ -37,20 +38,44 @@ async function getHandler(req: NextApiRequest, res: NextApiResponse) {
|
|||
const oAuth2Client = new google.auth.OAuth2(client_id, client_secret, redirect_uri);
|
||||
|
||||
let key = "";
|
||||
let invalid = false;
|
||||
|
||||
if (code) {
|
||||
const token = await oAuth2Client.getToken(code);
|
||||
key = token.res?.data;
|
||||
|
||||
// Check that the has granted all permissions
|
||||
const grantedScopes = key.scope;
|
||||
for (const scope of scopes) {
|
||||
if (!grantedScopes.includes(scope)) {
|
||||
if (!state?.fromApp) {
|
||||
throw new HttpError({
|
||||
statusCode: 400,
|
||||
message: "You must grant all permissions to use this integration",
|
||||
});
|
||||
} else {
|
||||
invalid = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
const credential = await prisma.credential.create({
|
||||
data: {
|
||||
type: "google_calendar",
|
||||
key,
|
||||
userId: req.session.user.id,
|
||||
appId: "google-calendar",
|
||||
invalid,
|
||||
},
|
||||
});
|
||||
|
||||
if (invalid) {
|
||||
res.redirect(
|
||||
getSafeRedirectUrl(state?.returnTo) ??
|
||||
getInstalledAppPath({ variant: "calendar", slug: "google-calendar" })
|
||||
);
|
||||
}
|
||||
|
||||
// Set the primary calendar as the first selected calendar
|
||||
|
||||
// We can ignore this type error because we just validated the key when we init oAuth2Client
|
||||
|
|
|
@ -8,6 +8,7 @@ export type IntegrationOAuthCallbackState = {
|
|||
returnTo: string;
|
||||
installGoogleVideo?: boolean;
|
||||
teamId?: number;
|
||||
fromApp?: boolean;
|
||||
};
|
||||
|
||||
export type CredentialOwner = {
|
||||
|
|
Loading…
Reference in New Issue
Block a user