Wip: store scopes in connected accounts

martmull · martmull · commit 9aa36f50a314 · 2024-10-07T22:00:40.000+02:00
diff --git a/packages/twenty-server/src/engine/core-modules/auth/constants/google-apis-oauth-scopes.ts b/packages/twenty-server/src/engine/core-modules/auth/constants/google-apis-oauth-scopes.ts
@@ -0,0 +1,8 @@
+export const GOOGLE_APIS_OAUTH_SCOPES = [
+  'email',
+  'profile',
+  'https://www.googleapis.com/auth/gmail.readonly',
+  'https://www.googleapis.com/auth/gmail.send',
+  'https://www.googleapis.com/auth/calendar.events',
+  'https://www.googleapis.com/auth/profile.emails.read',
+];
diff --git a/packages/twenty-server/src/engine/core-modules/auth/services/google-apis.service.ts b/packages/twenty-server/src/engine/core-modules/auth/services/google-apis.service.ts
@@ -35,6 +35,7 @@ import {
   MessagingMessageListFetchJobData,
 } from 'src/modules/messaging/message-import-manager/jobs/messaging-message-list-fetch.job';
 import { WorkspaceMemberWorkspaceEntity } from 'src/modules/workspace-member/standard-objects/workspace-member.workspace-entity';
+import { GOOGLE_APIS_OAUTH_SCOPES } from 'src/engine/core-modules/auth/constants/google-apis-oauth-scopes';
 
 @Injectable()
 export class GoogleAPIsService {
@@ -106,6 +107,7 @@ export class GoogleAPIsService {
             accessToken: input.accessToken,
             refreshToken: input.refreshToken,
             accountOwnerId: workspaceMemberId,
+            scopes: GOOGLE_APIS_OAUTH_SCOPES,
           },
           workspaceId,
           manager,
diff --git a/packages/twenty-server/src/engine/core-modules/auth/strategies/google-apis-oauth-common.auth.strategy.ts b/packages/twenty-server/src/engine/core-modules/auth/strategies/google-apis-oauth-common.auth.strategy.ts
@@ -4,6 +4,7 @@ import { PassportStrategy } from '@nestjs/passport';
 import { Strategy } from 'passport-google-oauth20';
 
 import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
+import { GOOGLE_APIS_OAUTH_SCOPES } from 'src/engine/core-modules/auth/constants/google-apis-oauth-scopes';
 
 export type GoogleAPIScopeConfig = {
   isCalendarEnabled?: boolean;
@@ -19,20 +20,11 @@ export class GoogleAPIsOauthCommonStrategy extends PassportStrategy(
     environmentService: EnvironmentService,
     scopeConfig: GoogleAPIScopeConfig,
   ) {
-    const scopes = [
-      'email',
-      'profile',
-      'https://www.googleapis.com/auth/gmail.readonly',
-      'https://www.googleapis.com/auth/gmail.send',
-      'https://www.googleapis.com/auth/calendar.events',
-      'https://www.googleapis.com/auth/profile.emails.read',
-    ];
-
     super({
       clientID: environmentService.get('AUTH_GOOGLE_CLIENT_ID'),
       clientSecret: environmentService.get('AUTH_GOOGLE_CLIENT_SECRET'),
       callbackURL: environmentService.get('AUTH_GOOGLE_APIS_CALLBACK_URL'),
-      scope: scopes,
+      scope: GOOGLE_APIS_OAUTH_SCOPES,
       passReqToCallback: true,
     });
   }
diff --git a/packages/twenty-server/src/modules/connected-account/repositories/connected-account.repository.ts b/packages/twenty-server/src/modules/connected-account/repositories/connected-account.repository.ts
@@ -4,6 +4,7 @@ import { EntityManager } from 'typeorm';
 
 import { WorkspaceDataSourceService } from 'src/engine/workspace-datasource/workspace-datasource.service';
 import { ConnectedAccountWorkspaceEntity } from 'src/modules/connected-account/standard-objects/connected-account.workspace-entity';
+import { GOOGLE_APIS_OAUTH_SCOPES } from 'src/engine/core-modules/auth/constants/google-apis-oauth-scopes';
 
 @Injectable()
 export class ConnectedAccountRepository {
@@ -90,6 +91,7 @@ export class ConnectedAccountRepository {
       | 'accessToken'
       | 'refreshToken'
       | 'accountOwnerId'
+      | 'scopes'
     >,
     workspaceId: string,
     transactionManager?: EntityManager,
@@ -123,8 +125,8 @@ export class ConnectedAccountRepository {
       this.workspaceDataSourceService.getSchemaName(workspaceId);
 
     await this.workspaceDataSourceService.executeRawQuery(
-      `UPDATE ${dataSourceSchema}."connectedAccount" SET "accessToken" = $1, "refreshToken" = $2, "authFailedAt" = NULL WHERE "id" = $3`,
-      [accessToken, refreshToken, connectedAccountId],
+      `UPDATE ${dataSourceSchema}."connectedAccount" SET "accessToken" = $1, "refreshToken" = $2, "authFailedAt" = NULL, "scopes" = $3 WHERE "id" = $4`,
+      [accessToken, refreshToken, GOOGLE_APIS_OAUTH_SCOPES, connectedAccountId],
       workspaceId,
       transactionManager,
     );
