From 24cdcc967fb12403f60d2bc861ad1b81e5f30122 Mon Sep 17 00:00:00 2001
From: Anderson Pierre Cardoso <apierre.cardoso@gmail.com>
Date: Mon, 16 Apr 2018 10:48:20 -0300
Subject: [PATCH] Use a more restrict scope for google oauth2

---
 lib/google_auth.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/google_auth.rb b/lib/google_auth.rb
index 8aec673..f5d9b20 100644
--- a/lib/google_auth.rb
+++ b/lib/google_auth.rb
@@ -8,6 +8,8 @@
 # Google Oauth2 wrapper
 #
 class GoogleAuth
+  API_SCOPE = %w(https://www.googleapis.com/auth/drive.readonly).freeze
+
   attr_reader :request, :user_id
 
   #
@@ -24,9 +26,8 @@ def self.authorizer
     @authorizer ||= begin
       client_id = Google::Auth::ClientId.new(ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'])
       token_store = Google::Auth::Stores::RedisTokenStore.new(redis: AppHelpers.redis)
-      scope = %w(https://www.googleapis.com/auth/drive)
       callback_url = AppHelpers.url_for('/google-auth/callback')
-      Google::Auth::WebUserAuthorizer.new(client_id, scope, token_store, callback_url)
+      Google::Auth::WebUserAuthorizer.new(client_id, API_SCOPE, token_store, callback_url)
     end
   end