Dynamic OauthDriver scope (#544)

* Dynamic OauthDriver scope * support migration for mysql * Refactor default scopes for integrations * Small UI changes * fix flet select tooltip * fix linter * Fix google token size in DB --------- Co-authored-by: Julien Nahum <julien@nahum.net>
2024-08-29 16:58:02 +05:30
parent 89513e3b4a
commit da0ea04475
12 changed files with 130 additions and 15 deletions
--- a/api/app/Http/Controllers/Auth/OAuthController.php
+++ b/api/app/Http/Controllers/Auth/OAuthController.php
@@ -93,6 +93,7 @@ class OAuthController extends Controller
            $oauthProvider->update([
                'access_token' => $socialiteUser->token,
                'refresh_token' => $socialiteUser->refreshToken,
+                'scopes' => $socialiteUser->approvedScopes
            ]);

            return $oauthProvider->user;
@@ -139,6 +140,7 @@ class OAuthController extends Controller
                'refresh_token' => $socialiteUser->refreshToken,
                'name' => $socialiteUser->getName(),
                'email' => $socialiteUser->getEmail(),
+                'scopes' => $socialiteUser->approvedScopes
            ]
        );
        return $user;
--- a/api/app/Http/Controllers/Settings/OAuthProviderController.php
+++ b/api/app/Http/Controllers/Settings/OAuthProviderController.php
@@ -26,8 +26,10 @@ class OAuthProviderController extends Controller
        $userId = Auth::id();
        cache()->put("oauth-intention:{$userId}", $request->input('intention'), 60 * 5);

+        // Connecting an account for integrations purposes
+        // Adding full scopes to the driver
        return response()->json([
-            'url' => $service->getDriver()->getRedirectUrl(),
+            'url' => $service->getDriver()->fullScopes()->getRedirectUrl(),
        ]);
    }

@@ -47,6 +49,7 @@ class OAuthProviderController extends Controller
                    'refresh_token' => $driverUser->refreshToken,
                    'name' => $driverUser->getName(),
                    'email' => $driverUser->getEmail(),
+                    'scopes' => $driverUser->approvedScopes
                ]
            );

--- a/api/app/Http/Resources/OAuthProviderResource.php
+++ b/api/app/Http/Resources/OAuthProviderResource.php
@@ -32,6 +32,7 @@ class OAuthProviderResource extends JsonResource
                fn () => OAuthProviderUserResource::make($this->resource->user),
                null,
            ),
+            'scopes' => $this->resource->scopes
        ];
    }
 }
--- a/api/app/Integrations/OAuth/Drivers/Contracts/OAuthDriver.php
+++ b/api/app/Integrations/OAuth/Drivers/Contracts/OAuthDriver.php
@@ -7,7 +7,14 @@ use Laravel\Socialite\Contracts\User;
 interface OAuthDriver
 {
    public function getRedirectUrl(): string;
-    public function setRedirectUrl($url): self;
+    public function setRedirectUrl(string $url): self;
+    public function setScopes(array $scopes): self;
    public function getUser(): User;
    public function canCreateUser(): bool;
+
+    /**
+     * Set up all the scopes required by OpnForm for various integrations.
+     * This method configures the necessary permissions for the current OAuth driver.
+     */
+    public function fullScopes(): self;
 }
--- a/api/app/Integrations/OAuth/Drivers/OAuthGoogleDriver.php
+++ b/api/app/Integrations/OAuth/Drivers/OAuthGoogleDriver.php
@@ -11,6 +11,7 @@ use Laravel\Socialite\Two\GoogleProvider;
 class OAuthGoogleDriver implements OAuthDriver
 {
    private ?string $redirectUrl = null;
+    private ?array $scopes = [];

    protected GoogleProvider $provider;

@@ -22,7 +23,7 @@ class OAuthGoogleDriver implements OAuthDriver
    public function getRedirectUrl(): string
    {
        return $this->provider
-            ->scopes([Sheets::DRIVE_FILE])
+            ->scopes($this->scopes ?? [])
            ->stateless()
            ->redirectUrl($this->redirectUrl ?? config('services.google.redirect'))
            ->with([
@@ -46,10 +47,20 @@ class OAuthGoogleDriver implements OAuthDriver
        return true;
    }

-    public function setRedirectUrl($url): OAuthDriver
+    public function setRedirectUrl(string $url): OAuthDriver
    {
        $this->redirectUrl = $url;
        return $this;
    }

+    public function setScopes(array $scopes): OAuthDriver
+    {
+        $this->scopes = $scopes;
+        return $this;
+    }
+
+    public function fullScopes(): OAuthDriver
+    {
+        return $this->setScopes([Sheets::DRIVE_FILE]);
+    }
 }
--- a/api/app/Models/OAuthProvider.php
+++ b/api/app/Models/OAuthProvider.php
@@ -30,7 +30,8 @@ class OAuthProvider extends Model
     * @var array
     */
    protected $hidden = [
-        'access_token', 'refresh_token',
+        'access_token',
+        'refresh_token',
    ];

    protected function casts()
@@ -38,6 +39,7 @@ class OAuthProvider extends Model
        return [
            'provider' => OAuthProviderService::class,
            'token_expires_at' => 'datetime',
+            'scopes' => 'array'
        ];
    }