Skip to content

Commit ac23c9a

Browse files
committed
refactor oauthScopes to enum
1 parent bd3d734 commit ac23c9a

File tree

11 files changed

+41
-54
lines changed

11 files changed

+41
-54
lines changed

codegen.json

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,12 @@
4949
"packages/server/graphql/public/resolverTypes.ts": {
5050
"config": {
5151
"contextType": "../graphql#GQLContext",
52+
"enumValues": {
53+
"OAuthScopeEnum": {
54+
"graphql_query": "graphql:query",
55+
"graphql_mutation": "graphql:mutation"
56+
}
57+
},
5258
"mappers": {
5359
"AddTeamPayload": "./types/AddTeamPayload#AddTeamPayloadSource",
5460
"AddOrgPayload": "./types/AddOrgPayload#AddOrgPayloadSource",
@@ -245,7 +251,8 @@
245251
"UpsertTeamPromptResponseSuccess": "./types/UpsertTeamPromptResponseSuccess#UpsertTeamPromptResponseSuccessSource",
246252
"User": "../../postgres/types/index#User as UserDB",
247253
"UserLogInPayload": "./types/UserLogInPayload#UserLogInPayloadSource",
248-
"_xGitLabProject": "./types/_xGitLabProject#_xGitLabProjectSource as _xGitLabProject"
254+
"_xGitLabProject": "./types/_xGitLabProject#_xGitLabProjectSource as _xGitLabProject",
255+
"OAuthScopeEnum": "../../postgres/types/pg#Oauthscopeenum"
249256
},
250257
"showUnusedMappers": false
251258
},

packages/client/modules/userDashboard/components/OrgIntegrations/OAuthAppFormContent.tsx

Lines changed: 12 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,9 @@ export interface FormContentProps {
2121
const OAuthAppFormContent = ({orgId, isNew, initialData, onClose}: FormContentProps) => {
2222
const [name, setName] = useState(initialData?.name || '')
2323
const [redirectUris, setRedirectUris] = useState((initialData?.redirectUris || []).join(', '))
24-
const [scopes, setScopes] = useState<string[]>(initialData?.scopes || [])
24+
const [scopes, setScopes] = useState<string[]>(
25+
(initialData?.scopes || []).map((s: string) => s.replace(':', '_'))
26+
)
2527
const [error, setError] = useState<string | null>(null)
2628
const [isSaving, setIsSaving] = useState(false)
2729
const [regenerateConfirmOpen, setRegenerateConfirmOpen] = useState(false)
@@ -99,14 +101,17 @@ const OAuthAppFormContent = ({orgId, isNew, initialData, onClose}: FormContentPr
99101

100102
const providerId = initialData?.id
101103

104+
// Cast scopes to any to avoid type errors since we don't have OAuthScopeEnum imported
105+
const mutationScopes = scopes as any
106+
102107
if (providerId) {
103108
commitUpdate({
104109
variables: {
105110
input: {
106111
providerId,
107112
name,
108113
redirectUris: uriList,
109-
scopes
114+
scopes: mutationScopes
110115
}
111116
},
112117
onCompleted: () => {
@@ -126,7 +131,7 @@ const OAuthAppFormContent = ({orgId, isNew, initialData, onClose}: FormContentPr
126131
orgId,
127132
name,
128133
redirectUris: uriList,
129-
scopes
134+
scopes: mutationScopes
130135
}
131136
},
132137
updater: (store) => {
@@ -350,17 +355,17 @@ const OAuthAppFormContent = ({orgId, isNew, initialData, onClose}: FormContentPr
350355
<label className='flex cursor-pointer items-center gap-2 text-slate-700 text-sm'>
351356
<input
352357
type='checkbox'
353-
checked={scopes.includes('graphql:query')}
354-
onChange={() => toggleScope('graphql:query')}
358+
checked={scopes.includes('graphql_query')}
359+
onChange={() => toggleScope('graphql_query')}
355360
className='rounded border-slate-300 text-sky-500 focus:ring-sky-500'
356361
/>
357362
graphql:query
358363
</label>
359364
<label className='flex cursor-pointer items-center gap-2 text-slate-700 text-sm'>
360365
<input
361366
type='checkbox'
362-
checked={scopes.includes('graphql:mutation')}
363-
onChange={() => toggleScope('graphql:mutation')}
367+
checked={scopes.includes('graphql_mutation')}
368+
onChange={() => toggleScope('graphql_mutation')}
364369
className='rounded border-slate-300 text-sky-500 focus:ring-sky-500'
365370
/>
366371
graphql:mutation

packages/server/graphql/public/mutations/createOAuthAPIProvider.ts

Lines changed: 2 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,7 @@
1-
import {GraphQLError} from 'graphql'
21
import {SubscriptionChannel} from 'parabol-client/types/constEnums'
32
import {generateOAuthClientId, generateOAuthClientSecret} from '../../../oauth2/credentials'
4-
import {OAUTH_SCOPES, validateOAuthScopes} from '../../../oauth2/oauthScopes'
53
import getKysely from '../../../postgres/getKysely'
64
import {selectOAuthAPIProvider} from '../../../postgres/select'
7-
import type {Oauthscopeenum} from '../../../postgres/types/pg'
85
import publish from '../../../utils/publish'
96
import type {MutationResolvers} from '../resolverTypes'
107

@@ -21,15 +18,7 @@ export const createOAuthAPIProvider: MutationResolvers['createOAuthAPIProvider']
2118
const clientSecret = generateOAuthClientSecret()
2219

2320
if (scopes.length === 0) {
24-
scopes = [OAUTH_SCOPES['graphql:query'], OAUTH_SCOPES['graphql:mutation']]
25-
}
26-
27-
if (!validateOAuthScopes(scopes)) {
28-
throw new GraphQLError('Invalid scopes.', {
29-
extensions: {
30-
code: 'BAD_USER_INPUT'
31-
}
32-
})
21+
scopes = ['graphql:query', 'graphql:mutation']
3322
}
3423

3524
const pg = getKysely()
@@ -40,7 +29,7 @@ export const createOAuthAPIProvider: MutationResolvers['createOAuthAPIProvider']
4029
clientId,
4130
clientSecret,
4231
redirectUris,
43-
scopes: scopes as Oauthscopeenum[]
32+
scopes
4433
}
4534

4635
const {id: providerId} = await pg

packages/server/graphql/public/mutations/updateOAuthAPIProvider.ts

Lines changed: 2 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,7 @@
11
import {GraphQLError} from 'graphql'
22
import {SubscriptionChannel} from 'parabol-client/types/constEnums'
3-
import {OAUTH_SCOPES, validateOAuthScopes} from '../../../oauth2/oauthScopes'
43
import getKysely from '../../../postgres/getKysely'
54
import {selectOAuthAPIProvider} from '../../../postgres/select'
6-
import type {Oauthscopeenum} from '../../../postgres/types/pg'
75
import {getUserId, isUserOrgAdmin} from '../../../utils/authorization'
86
import {CipherId} from '../../../utils/CipherId'
97
import publish from '../../../utils/publish'
@@ -43,15 +41,7 @@ const updateOAuthAPIProvider: MutationResolvers['updateOAuthAPIProvider'] = asyn
4341

4442
if (scopes) {
4543
if (scopes && scopes.length === 0) {
46-
scopes = [OAUTH_SCOPES['graphql:query'], OAUTH_SCOPES['graphql:mutation']]
47-
}
48-
if (!validateOAuthScopes(scopes)) {
49-
throw new GraphQLError('Invalid scopes. Only graphql:read and graphql:write are allowed.', {
50-
extensions: {
51-
code: 'BAD_USER_INPUT',
52-
userId: viewerId
53-
}
54-
})
44+
scopes = ['graphql:query', 'graphql:mutation']
5545
}
5646
}
5747

@@ -60,7 +50,7 @@ const updateOAuthAPIProvider: MutationResolvers['updateOAuthAPIProvider'] = asyn
6050
.set({
6151
name: name ?? undefined,
6252
redirectUris: redirectUris ?? undefined,
63-
scopes: scopes ? (scopes as Oauthscopeenum[]) : undefined
53+
scopes: scopes || undefined
6454
})
6555
.where('id', '=', providerId)
6656
.execute()

packages/server/graphql/public/typeDefs/CreateOAuthAPIProviderInput.graphql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,5 +2,5 @@ input CreateOAuthAPIProviderInput {
22
orgId: ID!
33
name: String!
44
redirectUris: [RedirectURI!]!
5-
scopes: [String!]!
5+
scopes: [OAuthScopeEnum!]!
66
}
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
enum OAuthScopeEnum {
2+
graphql_query
3+
graphql_mutation
4+
}

packages/server/graphql/public/typeDefs/UpdateOAuthAPIProviderInput.graphql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,5 +2,5 @@ input UpdateOAuthAPIProviderInput {
22
providerId: ID!
33
name: String
44
redirectUris: [RedirectURI!]
5-
scopes: [String!]
5+
scopes: [OAuthScopeEnum!]
66
}
Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
const OAuthScopeEnum = {
2+
graphql_query: 'graphql:query',
3+
graphql_mutation: 'graphql:mutation'
4+
}
5+
6+
export default OAuthScopeEnum

packages/server/oauth2/createOAuthCode.ts

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
1+
import crypto from 'crypto'
12
import ms from 'ms'
23
import getKysely from '../postgres/getKysely'
34
import type {Oauthscopeenum} from '../postgres/types/pg'
4-
import {CipherId} from '../utils/CipherId'
55

66
interface CreateOAuthCodeParams {
77
clientId: string
@@ -35,9 +35,11 @@ export async function createOAuthCode(
3535
}
3636

3737
const expiresAt = new Date(Date.now() + ms('10m'))
38+
const code = crypto.randomBytes(32).toString('hex')
3839
const {id: codeId} = await pg
3940
.insertInto('OAuthAPICode')
4041
.values({
42+
id: code,
4143
clientId,
4244
redirectUri,
4345
userId,
@@ -48,6 +50,6 @@ export async function createOAuthCode(
4850
.executeTakeFirstOrThrow()
4951

5052
return {
51-
code: CipherId.toClient(codeId, 'OAuthAPICode')
53+
code: codeId
5254
}
5355
}

packages/server/oauth2/oauthScopes.ts

Lines changed: 0 additions & 14 deletions
This file was deleted.

0 commit comments

Comments
 (0)