Merge pull request #27 from learningtapestry/google-auth-scope

Use a more restrict scope for google oauth2
learningtapestry · Apr 16, 2018 · 631c18d · 631c18d
2 parents 8c85c4a + 24cdcc9
commit 631c18d
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/lib/google_auth.rb b/lib/google_auth.rb
@@ -8,6 +8,8 @@
 # Google Oauth2 wrapper
 #
 class GoogleAuth
+  API_SCOPE = %w(https://www.googleapis.com/auth/drive.readonly).freeze
+
   attr_reader :request, :user_id
 
   #
@@ -24,9 +26,8 @@ def self.authorizer
     @authorizer ||= begin
       client_id = Google::Auth::ClientId.new(ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'])
       token_store = Google::Auth::Stores::RedisTokenStore.new(redis: AppHelpers.redis)
-      scope = %w(https://www.googleapis.com/auth/drive)
       callback_url = AppHelpers.url_for('/google-auth/callback')
-      Google::Auth::WebUserAuthorizer.new(client_id, scope, token_store, callback_url)
+      Google::Auth::WebUserAuthorizer.new(client_id, API_SCOPE, token_store, callback_url)
     end
   end