diff --git a/plugins/calendar-resources/src/components/IntegrationConnect.svelte b/plugins/calendar-resources/src/components/IntegrationConnect.svelte index c729f09749..e457b56ef4 100644 --- a/plugins/calendar-resources/src/components/IntegrationConnect.svelte +++ b/plugins/calendar-resources/src/components/IntegrationConnect.svelte @@ -41,6 +41,10 @@ 'Content-Type': 'application/json' } }) + if (res.status !== 200) { + connecting = false + return + } const redirectTo = await res.text() window.open(redirectTo, '_blank', 'location=yes,height=870,width=720,scrollbars=yes,status=yes') dispatch('close') diff --git a/server/client/src/token.ts b/server/client/src/token.ts index 7f0f486435..0ee0cff137 100644 --- a/server/client/src/token.ts +++ b/server/client/src/token.ts @@ -1,7 +1,7 @@ import { type Token, decodeToken } from '@hcengineering/server-token' import { type IncomingHttpHeaders } from 'http' -const extractCookieToken = (cookie?: string): Token | null => { +const extractCookieToken = (cookie?: string): string | null => { if (cookie === undefined || cookie === null) { return null } @@ -17,10 +17,10 @@ const extractCookieToken = (cookie?: string): Token | null => { return null } - return decodeToken(encodedToken) + return encodedToken } -const extractAuthorizationToken = (authorization?: string): Token | null => { +const extractAuthorizationToken = (authorization?: string): string | null => { if (authorization === undefined || authorization === null) { return null } @@ -30,14 +30,22 @@ const extractAuthorizationToken = (authorization?: string): Token | null => { return null } - return decodeToken(encodedToken) + return encodedToken +} + +export function readToken (headers: IncomingHttpHeaders): string | undefined { + try { + return extractAuthorizationToken(headers.authorization) ?? extractCookieToken(headers.cookie) ?? undefined + } catch { + return undefined + } } export function extractToken (headers: IncomingHttpHeaders): Token | undefined { try { - const token = extractAuthorizationToken(headers.authorization) ?? extractCookieToken(headers.cookie) + const tokenStr = readToken(headers) - return token ?? undefined + return tokenStr !== undefined ? decodeToken(tokenStr) : undefined } catch { return undefined } diff --git a/services/calendar/pod-calendar/src/main.ts b/services/calendar/pod-calendar/src/main.ts index c0502b5453..cfe80dfa46 100644 --- a/services/calendar/pod-calendar/src/main.ts +++ b/services/calendar/pod-calendar/src/main.ts @@ -19,10 +19,9 @@ import { calendarIntegrationKind } from '@hcengineering/calendar' import { newMetrics } from '@hcengineering/core' import { getIntegrationClient } from '@hcengineering/integration-client' import { setMetadata } from '@hcengineering/platform' -import serverClient, { getAccountClient } from '@hcengineering/server-client' +import serverClient, { extractToken, readToken, getAccountClient } from '@hcengineering/server-client' import { initStatisticsContext } from '@hcengineering/server-core' import serverToken, { decodeToken } from '@hcengineering/server-token' -import { type IncomingHttpHeaders } from 'http' import { join } from 'path' import { AuthController } from './auth' @@ -36,14 +35,6 @@ import { GoogleEmail, type Endpoint, type State } from './types' import { getServiceToken } from './utils' import { WatchController } from './watch' -const extractToken = (header: IncomingHttpHeaders): any => { - try { - return header.authorization?.slice(7) ?? '' - } catch { - return undefined - } -} - export const main = async (): Promise => { const ctx = initStatisticsContext(calendarIntegrationKind, { factory: () => @@ -93,8 +84,7 @@ export const main = async (): Promise => { } const redirectURL = req.query.redirectURL as string - const { workspace } = decodeToken(token) - const url = AuthController.getAuthUrl(redirectURL, workspace, token) + const url = AuthController.getAuthUrl(redirectURL, token.workspace, token.account) res.send(url) } catch (err) { ctx.error('signin error', { message: (err as any).message }) @@ -125,7 +115,7 @@ export const main = async (): Promise => { type: 'get', handler: async (req, res) => { try { - const token = extractToken(req.headers) + const token = readToken(req.headers) if (token === undefined) { res.status(401).send() @@ -171,6 +161,13 @@ export const main = async (): Promise => { endpoint: '/event', type: 'post', handler: async (req, res) => { + const token = extractToken(req.headers) + + if (token === undefined) { + res.status(401).send() + return + } + const { event, workspace, type } = req.body if (event === undefined || workspace === undefined || type === undefined) { diff --git a/services/calendar/pod-calendar/src/utils.ts b/services/calendar/pod-calendar/src/utils.ts index ffe4f6a092..f9b3f27b70 100644 --- a/services/calendar/pod-calendar/src/utils.ts +++ b/services/calendar/pod-calendar/src/utils.ts @@ -284,6 +284,9 @@ export function getGoogleClient (): { auth: OAuth2Client google: calendar_v3.Calendar } { + if (config.Credentials === undefined) { + throw new Error('Google Credentials not provided') + } const credentials = JSON.parse(config.Credentials) const { client_secret, client_id, redirect_uris } = credentials.web // eslint-disable-line const oAuth2Client = new google.auth.OAuth2(client_id, client_secret, redirect_uris[0]) // eslint-disable-line