-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathAuthorizer.ts
More file actions
109 lines (101 loc) · 3.78 KB
/
Authorizer.ts
File metadata and controls
109 lines (101 loc) · 3.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
namespace Authorizer {
const API_UNAUTHORIZED_MSG = 'Click on "Add-ons > Bkper > Open" to Sign in';
const clientIdKey = 'CLIENT_ID';
const clientSecretKey = 'CLIENT_SECRET';
export function initAuth() {
try {
BkperApp.setApiKey(
CachedProperties_.getCachedProperty(
CacheService.getScriptCache(),
PropertiesService.getScriptProperties(),
'API_KEY'
)
);
BkperApp.setAgentId('bkper-sheets');
BkperApp.setOAuthTokenProvider({
getOAuthToken: () => Authorizer.getAccessToken(),
});
} catch (error) {
//OK
}
}
export function handleCallback(request: object): boolean {
return getBkperService().handleCallback(request);
}
export function getAccessToken(): string {
let lock = Utilities_.retry<GoogleAppsScript.Lock.Lock>(() => LockService.getUserLock());
try {
Utilities_.retry<void>(() => lock.waitLock(30000));
return getBkperService().getAccessToken();
} catch (e) {
Logger.log('Could not obtain lock after 30 seconds.');
throw API_UNAUTHORIZED_MSG;
} finally {
if (lock != null) {
Utilities_.retry<void>(() => lock.releaseLock());
}
}
}
export function getAuthorizationUrl(): string {
let service = getBkperService();
service.setParam('login_hint', Session.getEffectiveUser().getEmail());
return service.getAuthorizationUrl();
}
export function isUserAuthorized(): boolean {
try {
validateAccessToken();
return true;
} catch (error) {
Logger.log(error);
return false;
}
}
export function validateAccessToken(): void {
try {
var accessToken = getAccessToken();
if (accessToken == null || accessToken.trim() == '') {
throw API_UNAUTHORIZED_MSG;
}
var responseJSON = UrlFetchApp.fetch(
'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=' + accessToken
).getContentText();
var tokenInfo = JSON.parse(responseJSON);
var rightAudience = CachedProperties_.getCachedProperty(
CacheService.getScriptCache(),
PropertiesService.getScriptProperties(),
clientIdKey
);
if (tokenInfo.audience != rightAudience) {
throw API_UNAUTHORIZED_MSG;
}
} catch (error) {
Logger.log(error);
throw API_UNAUTHORIZED_MSG;
}
}
function getBkperService(): GoogleAppsScriptOAuth2.OAuth2Service {
return OAuth2.createService('bkperauth')
.setAuthorizationBaseUrl('https://accounts.google.com/o/oauth2/auth')
.setTokenUrl('https://accounts.google.com/o/oauth2/token')
.setClientId(
CachedProperties_.getCachedProperty(
CacheService.getScriptCache(),
PropertiesService.getScriptProperties(),
clientIdKey
)
)
.setClientSecret(
CachedProperties_.getCachedProperty(
CacheService.getScriptCache(),
PropertiesService.getScriptProperties(),
clientSecretKey
)
)
.setCallbackFunction('authorizationCallback')
.setCache(CacheService.getUserCache())
.setPropertyStore(PropertiesService.getUserProperties())
.setScope('email')
.setParam('access_type', 'offline')
.setParam('prompt', 'consent');
}
}