Mailspring/packages/nylas-api/routes/auth.js

const Joi = require('joi');
const _ = require('underscore');
const google = require('googleapis');
const OAuth2 = google.auth.OAuth2;

const Serialization = require('../serialization');
const {
  IMAPConnection,
  DatabaseConnector,
  SyncPolicy,
  Provider,
  PubsubConnector,
  MessageTypes,
} = require('nylas-core');

const {GMAIL_CLIENT_ID, GMAIL_CLIENT_SECRET, GMAIL_REDIRECT_URL} = process.env;

const SCOPES = [
  'https://www.googleapis.com/auth/userinfo.email',  // email address
  'https://www.googleapis.com/auth/userinfo.profile',  // G+ profile
  'https://mail.google.com/',  // email
  'https://www.google.com/m8/feeds',  // contacts
  'https://www.googleapis.com/auth/calendar',  // calendar
];

const imapSmtpSettings = Joi.object().keys({
  imap_host: [Joi.string().ip().required(), Joi.string().hostname().required()],
  imap_port: Joi.number().integer().required(),
  imap_username: Joi.string().required(),
  imap_password: Joi.string().required(),
  smtp_host: [Joi.string().ip().required(), Joi.string().hostname().required()],
  smtp_port: Joi.number().integer().required(),
  smtp_username: Joi.string().required(),
  smtp_password: Joi.string().required(),
  ssl_required: Joi.boolean().required(),
}).required();

const exchangeSettings = Joi.object().keys({
  username: Joi.string().required(),
  password: Joi.string().required(),
  eas_server_host: [Joi.string().ip().required(), Joi.string().hostname().required()],
}).required();

const buildAccountWith = ({name, email, provider, settings, credentials}) => {
  return DatabaseConnector.forShared().then((db) => {
    const {AccountToken, Account} = db;

    const account = Account.build({
      name: name,
      provider: provider,
      emailAddress: email,
      syncPolicy: SyncPolicy.defaultPolicy(),
      connectionSettings: settings,
    })
    account.setCredentials(credentials);

    return account.save().then((saved) =>
      AccountToken.create({
        accountId: saved.id,
      }).then((token) =>
        Promise.resolve({account: saved, token: token})
      )
    );
  });
}

module.exports = (server) => {
  server.route({
    method: 'POST',
    path: '/auth',
    config: {
      description: 'Authenticates a new account.',
      notes: 'Notes go here',
      tags: ['accounts'],
      auth: false,
      validate: {
        query: {
          client_id: Joi.string().required(),
        },
        payload: {
          email: Joi.string().email().required(),
          name: Joi.string().required(),
          provider: Joi.string().required(),
          settings: Joi.alternatives().try(imapSmtpSettings, exchangeSettings),
        },
      },
      response: {
        schema: Joi.alternatives().try(
          Serialization.jsonSchema('Account'),
          Serialization.jsonSchema('Error')
        ),
      },
    },
    handler: (request, reply) => {
      const dbStub = {};
      const connectionChecks = [];
      const {settings, email, provider, name} = request.payload;

      if (provider === 'imap') {
        connectionChecks.push(IMAPConnection.connect(dbStub, settings))
      }

      Promise.all(connectionChecks).then(() => {
        return buildAccountWith({
          name,
          email,
          provider: Provider.IMAP,
          settings: _.pick(settings, [
            'imap_host', 'imap_port',
            'smtp_host', 'smtp_port',
            'ssl_required',
          ]),
          credentials: _.pick(settings, [
            'imap_username', 'imap_password',
            'smtp_username', 'smtp_password',
          ]),
        })
      })
      .then(({account, token}) => {
        const response = account.toJSON();
        response.token = token.value;
        reply(Serialization.jsonStringify(response));
      })
      .catch((err) => {
        reply({error: err.message}).code(400);
      })
    },
  });

  server.route({
    method: 'GET',
    path: '/auth/gmail',
    config: {
      description: 'Redirects to Gmail OAuth',
      notes: 'Notes go here',
      tags: ['accounts'],
      auth: false,
    },
    handler: (request, reply) => {
      const oauthClient = new OAuth2(GMAIL_CLIENT_ID, GMAIL_CLIENT_SECRET, GMAIL_REDIRECT_URL);
      reply.redirect(oauthClient.generateAuthUrl({
        access_type: 'offline',
        prompt: 'consent',
        scope: SCOPES,
      }));
    },
  });

  server.route({
    method: 'GET',
    path: '/auth/gmail/oauthcallback',
    config: {
      description: 'Authenticates a new account.',
      notes: 'Notes go here',
      tags: ['accounts'],
      auth: false,
      validate: {
        query: {
          code: Joi.string().required(),
        },
      },
    },
    handler: (request, reply) => {
      const oauthClient = new OAuth2(GMAIL_CLIENT_ID, GMAIL_CLIENT_SECRET, GMAIL_REDIRECT_URL);
      oauthClient.getToken(request.query.code, (err, tokens) => {
        if (err) {
          reply({error: err.message}).code(400);
          return;
        }
        oauthClient.setCredentials(tokens);
        google.oauth2({version: 'v2', auth: oauthClient}).userinfo.get((error, profile) => {
          if (error) {
            reply({error: error.message}).code(400);
            return;
          }

          const settings = {
            imap_username: profile.email,
            imap_host: 'imap.gmail.com',
            imap_port: 993,
            ssl_required: true,
          }
          const credentials = {
            access_token: tokens.access_token,
            refresh_token: tokens.refresh_token,
            client_id: GMAIL_CLIENT_ID,
            client_secret: GMAIL_CLIENT_SECRET,
          }

          Promise.all([
            IMAPConnection.connect({}, Object.assign({}, settings, credentials)),
          ])
          .then(() =>
            buildAccountWith({
              name: profile.name,
              email: profile.email,
              provider: Provider.Gmail,
              settings,
              credentials,
            })
          )
          .then(({account, token}) => {
            const response = account.toJSON();
            response.token = token.value;
            reply(Serialization.jsonStringify(response));
          })
          .catch((connectionErr) => {
            reply({error: connectionErr.message}).code(400);
          });
        });
      });
    },
  });
}
Change uppercase instance of Joi to lowercase 2016-06-25 05:07:10 +08:00			`const Joi = require('joi');`
/auth + remove hardcoded stub in favor of curl request 2016-06-23 08:19:48 +08:00			`const _ = require('underscore');`
Gmail auth at http://localhost:5100/auth/gmail 2016-06-25 07:46:38 +08:00			`const google = require('googleapis');`
			`const OAuth2 = google.auth.OAuth2;`
/auth + remove hardcoded stub in favor of curl request 2016-06-23 08:19:48 +08:00
			`const Serialization = require('../serialization');`
Escalate sync policy based on number of stream connections 2016-06-24 02:44:57 +08:00			`const {`
			`IMAPConnection,`
			`DatabaseConnector,`
sync db <=> redis with sequelize hooks 2016-06-24 07:28:51 +08:00			`SyncPolicy,`
Reintroduce concept of `provider`, start work on Gmail 2016-06-28 01:28:43 +08:00			`Provider,`
Fix account creation redis publish, rename to make more clear 2016-07-01 04:25:13 +08:00			`PubsubConnector,`
			`MessageTypes,`
Escalate sync policy based on number of stream connections 2016-06-24 02:44:57 +08:00			`} = require('nylas-core');`
/auth + remove hardcoded stub in favor of curl request 2016-06-23 08:19:48 +08:00
Reintroduce concept of `provider`, start work on Gmail 2016-06-28 01:28:43 +08:00			`const {GMAIL_CLIENT_ID, GMAIL_CLIENT_SECRET, GMAIL_REDIRECT_URL} = process.env;`
Gmail auth at http://localhost:5100/auth/gmail 2016-06-25 07:46:38 +08:00
			`const SCOPES = [`
			`'https://www.googleapis.com/auth/userinfo.email', // email address`
			`'https://www.googleapis.com/auth/userinfo.profile', // G+ profile`
			`'https://mail.google.com/', // email`
			`'https://www.google.com/m8/feeds', // contacts`
			`'https://www.googleapis.com/auth/calendar', // calendar`
			`];`

/auth + remove hardcoded stub in favor of curl request 2016-06-23 08:19:48 +08:00			`const imapSmtpSettings = Joi.object().keys({`
			`imap_host: [Joi.string().ip().required(), Joi.string().hostname().required()],`
			`imap_port: Joi.number().integer().required(),`
			`imap_username: Joi.string().required(),`
			`imap_password: Joi.string().required(),`
			`smtp_host: [Joi.string().ip().required(), Joi.string().hostname().required()],`
			`smtp_port: Joi.number().integer().required(),`
			`smtp_username: Joi.string().required(),`
			`smtp_password: Joi.string().required(),`
			`ssl_required: Joi.boolean().required(),`
			`}).required();`

			`const exchangeSettings = Joi.object().keys({`
			`username: Joi.string().required(),`
			`password: Joi.string().required(),`
			`eas_server_host: [Joi.string().ip().required(), Joi.string().hostname().required()],`
			`}).required();`

Reintroduce concept of `provider`, start work on Gmail 2016-06-28 01:28:43 +08:00			`const buildAccountWith = ({name, email, provider, settings, credentials}) => {`
Gmail auth at http://localhost:5100/auth/gmail 2016-06-25 07:46:38 +08:00			`return DatabaseConnector.forShared().then((db) => {`
			`const {AccountToken, Account} = db;`

			`const account = Account.build({`
			`name: name,`
Reintroduce concept of `provider`, start work on Gmail 2016-06-28 01:28:43 +08:00			`provider: provider,`
Gmail auth at http://localhost:5100/auth/gmail 2016-06-25 07:46:38 +08:00			`emailAddress: email,`
			`syncPolicy: SyncPolicy.defaultPolicy(),`
			`connectionSettings: settings,`
			`})`
			`account.setCredentials(credentials);`

			`return account.save().then((saved) =>`
			`AccountToken.create({`
AccountId -> accountId 2016-06-30 05:43:20 +08:00			`accountId: saved.id,`
Gmail auth at http://localhost:5100/auth/gmail 2016-06-25 07:46:38 +08:00			`}).then((token) =>`
			`Promise.resolve({account: saved, token: token})`
			`)`
			`);`
			`});`
			`}`

/auth + remove hardcoded stub in favor of curl request 2016-06-23 08:19:48 +08:00			`module.exports = (server) => {`
			`server.route({`
			`method: 'POST',`
			`path: '/auth',`
			`config: {`
			`description: 'Authenticates a new account.',`
			`notes: 'Notes go here',`
			`tags: ['accounts'],`
			`auth: false,`
			`validate: {`
			`query: {`
			`client_id: Joi.string().required(),`
			`},`
			`payload: {`
			`email: Joi.string().email().required(),`
			`name: Joi.string().required(),`
			`provider: Joi.string().required(),`
			`settings: Joi.alternatives().try(imapSmtpSettings, exchangeSettings),`
			`},`
			`},`
			`response: {`
			`schema: Joi.alternatives().try(`
			`Serialization.jsonSchema('Account'),`
			`Serialization.jsonSchema('Error')`
			`),`
			`},`
			`},`
			`handler: (request, reply) => {`
Gmail auth at http://localhost:5100/auth/gmail 2016-06-25 07:46:38 +08:00			`const dbStub = {};`
/auth + remove hardcoded stub in favor of curl request 2016-06-23 08:19:48 +08:00			`const connectionChecks = [];`
			`const {settings, email, provider, name} = request.payload;`

			`if (provider === 'imap') {`
Update IMAPConnection api + error handling fixes + misc - `IMAPConnection::openBox` now returns a Promise that resolves to an IMAPBox, and IMAPBox contains all of the `fetch` operations. This makes the dependency between fetch operations and the currently open mailbox explicit rather than implicit and by forcing the operations to be called on a box instance and hopefully prevent errors. It will also throw an error if the constraint is no longer satisfied. - `fetch` operations now return an observable stream of messages (or Promise for single value), while preserving the same logic of the original implementation. You can use `.toPromise()` on the observable to get a Promise that resolves when the observable stream has completely drained. - Fixes error handling in a few places and renames some variables 2016-06-26 16:57:33 +08:00			`connectionChecks.push(IMAPConnection.connect(dbStub, settings))`
/auth + remove hardcoded stub in favor of curl request 2016-06-23 08:19:48 +08:00			`}`

			`Promise.all(connectionChecks).then(() => {`
Fix auth response + log errors 2016-06-26 13:19:05 +08:00			`return buildAccountWith({`
Gmail auth at http://localhost:5100/auth/gmail 2016-06-25 07:46:38 +08:00			`name,`
			`email,`
Reintroduce concept of `provider`, start work on Gmail 2016-06-28 01:28:43 +08:00			`provider: Provider.IMAP,`
Gmail auth at http://localhost:5100/auth/gmail 2016-06-25 07:46:38 +08:00			`settings: _.pick(settings, [`
			`'imap_host', 'imap_port',`
			`'smtp_host', 'smtp_port',`
			`'ssl_required',`
			`]),`
			`credentials: _.pick(settings, [`
/auth + remove hardcoded stub in favor of curl request 2016-06-23 08:19:48 +08:00			`'imap_username', 'imap_password',`
			`'smtp_username', 'smtp_password',`
Gmail auth at http://localhost:5100/auth/gmail 2016-06-25 07:46:38 +08:00			`]),`
/auth + remove hardcoded stub in favor of curl request 2016-06-23 08:19:48 +08:00			`})`
			`})`
Gmail auth at http://localhost:5100/auth/gmail 2016-06-25 07:46:38 +08:00			`.then(({account, token}) => {`
			`const response = account.toJSON();`
			`response.token = token.value;`
			`reply(Serialization.jsonStringify(response));`
			`})`
/auth + remove hardcoded stub in favor of curl request 2016-06-23 08:19:48 +08:00			`.catch((err) => {`
Reintroduce concept of `provider`, start work on Gmail 2016-06-28 01:28:43 +08:00			`reply({error: err.message}).code(400);`
/auth + remove hardcoded stub in favor of curl request 2016-06-23 08:19:48 +08:00			`})`
			`},`
			`});`
Gmail auth at http://localhost:5100/auth/gmail 2016-06-25 07:46:38 +08:00
			`server.route({`
			`method: 'GET',`
			`path: '/auth/gmail',`
			`config: {`
			`description: 'Redirects to Gmail OAuth',`
			`notes: 'Notes go here',`
			`tags: ['accounts'],`
			`auth: false,`
			`},`
			`handler: (request, reply) => {`
Reintroduce concept of `provider`, start work on Gmail 2016-06-28 01:28:43 +08:00			`const oauthClient = new OAuth2(GMAIL_CLIENT_ID, GMAIL_CLIENT_SECRET, GMAIL_REDIRECT_URL);`
Gmail auth at http://localhost:5100/auth/gmail 2016-06-25 07:46:38 +08:00			`reply.redirect(oauthClient.generateAuthUrl({`
			`access_type: 'offline',`
			`prompt: 'consent',`
			`scope: SCOPES,`
			`}));`
			`},`
			`});`

			`server.route({`
			`method: 'GET',`
			`path: '/auth/gmail/oauthcallback',`
			`config: {`
			`description: 'Authenticates a new account.',`
			`notes: 'Notes go here',`
			`tags: ['accounts'],`
			`auth: false,`
			`validate: {`
			`query: {`
			`code: Joi.string().required(),`
			`},`
			`},`
			`},`
			`handler: (request, reply) => {`
Reintroduce concept of `provider`, start work on Gmail 2016-06-28 01:28:43 +08:00			`const oauthClient = new OAuth2(GMAIL_CLIENT_ID, GMAIL_CLIENT_SECRET, GMAIL_REDIRECT_URL);`
Gmail auth at http://localhost:5100/auth/gmail 2016-06-25 07:46:38 +08:00			`oauthClient.getToken(request.query.code, (err, tokens) => {`
			`if (err) {`
Reintroduce concept of `provider`, start work on Gmail 2016-06-28 01:28:43 +08:00			`reply({error: err.message}).code(400);`
Gmail auth at http://localhost:5100/auth/gmail 2016-06-25 07:46:38 +08:00			`return;`
			`}`
			`oauthClient.setCredentials(tokens);`
			`google.oauth2({version: 'v2', auth: oauthClient}).userinfo.get((error, profile) => {`
			`if (error) {`
Reintroduce concept of `provider`, start work on Gmail 2016-06-28 01:28:43 +08:00			`reply({error: error.message}).code(400);`
Gmail auth at http://localhost:5100/auth/gmail 2016-06-25 07:46:38 +08:00			`return;`
			`}`

			`const settings = {`
			`imap_username: profile.email,`
			`imap_host: 'imap.gmail.com',`
			`imap_port: 993,`
			`ssl_required: true,`
			`}`
			`const credentials = {`
			`access_token: tokens.access_token,`
			`refresh_token: tokens.refresh_token,`
Reintroduce concept of `provider`, start work on Gmail 2016-06-28 01:28:43 +08:00			`client_id: GMAIL_CLIENT_ID,`
			`client_secret: GMAIL_CLIENT_SECRET,`
Gmail auth at http://localhost:5100/auth/gmail 2016-06-25 07:46:38 +08:00			`}`

			`Promise.all([`
Update IMAPConnection api + error handling fixes + misc - `IMAPConnection::openBox` now returns a Promise that resolves to an IMAPBox, and IMAPBox contains all of the `fetch` operations. This makes the dependency between fetch operations and the currently open mailbox explicit rather than implicit and by forcing the operations to be called on a box instance and hopefully prevent errors. It will also throw an error if the constraint is no longer satisfied. - `fetch` operations now return an observable stream of messages (or Promise for single value), while preserving the same logic of the original implementation. You can use `.toPromise()` on the observable to get a Promise that resolves when the observable stream has completely drained. - Fixes error handling in a few places and renames some variables 2016-06-26 16:57:33 +08:00			`IMAPConnection.connect({}, Object.assign({}, settings, credentials)),`
Gmail auth at http://localhost:5100/auth/gmail 2016-06-25 07:46:38 +08:00			`])`
			`.then(() =>`
Reintroduce concept of `provider`, start work on Gmail 2016-06-28 01:28:43 +08:00			`buildAccountWith({`
			`name: profile.name,`
			`email: profile.email,`
			`provider: Provider.Gmail,`
			`settings,`
			`credentials,`
			`})`
Gmail auth at http://localhost:5100/auth/gmail 2016-06-25 07:46:38 +08:00			`)`
			`.then(({account, token}) => {`
			`const response = account.toJSON();`
			`response.token = token.value;`
			`reply(Serialization.jsonStringify(response));`
			`})`
			`.catch((connectionErr) => {`
Reintroduce concept of `provider`, start work on Gmail 2016-06-28 01:28:43 +08:00			`reply({error: connectionErr.message}).code(400);`
Gmail auth at http://localhost:5100/auth/gmail 2016-06-25 07:46:38 +08:00			`});`
			`});`
			`});`
			`},`
			`});`
			`}`