feat(plugin-auth): add plugin auth function in NylasAPI

Summary: Adds two new functions in NylasAPI to allow auth and unauth of plugin backends. The `authPlugin` function should be called within plugins before taking any action that requires offline account access from the plugin's backend server. The `unauthPlugin` function will be used by N1 internally to revoke offline account access for plugins. Test Plan: manual for now Reviewers: bengotow, evan, juan Reviewed By: evan, juan Differential Revision: https://phab.nylas.com/D2440
2025-01-10 02:03:07 +08:00 · 2016-01-20 16:43:11 -08:00 · 2016-01-20 16:43:11 -08:00 · 2d51f92f17
commit 2d51f92f17
parent c7a685630d
1 changed files with 65 additions and 0 deletions
--- a/src/flux/nylas-api.coffee
+++ b/src/flux/nylas-api.coffee
@ -362,4 +362,69 @@ class NylasAPI
    AccountStore = require './stores/account-store'
    AccountStore.tokenForAccountId(aid)

+  # Returns a promise that will resolve if the user is successfully authed
+  # to the plugin backend, and will reject if the auth fails for any reason.
+  #
+  # Inside the promise, we:
+  # 1. Ask the API whether this plugin is authed to this account already, and resolve
+  #    if true.
+  # 2. If not, we display a dialog to the user asking whether to auth this plugin.
+  # 3. If the user says yes to the dialog, then we send an auth request to the API to
+  #    auth this plugin.
+  #
+  # The returned promise will reject on the failure of any of these 3 steps, namely:
+  # 1. The API request to check that the account is authed failed. This may mean
+  #    that the plugin's Nylas Application is invalid, or that the Nylas API couldn't
+  #    be reached.
+  # 2. The user declined the plugin auth prompt.
+  # 3. The API request to auth this account to the plugin failed. This may mean that
+  #    the plugin server couldn't be reached or failed to respond properly when authing
+  #    the account, or that the Nylas API couldn't be reached.
+  authPlugin: (plugin, account) ->
+    return @makeRequest({
+      returnsModel: false,
+      method: "GET",
+      accountId: account.id,
+      path: "/auth/plugin?client_id=#{plugin.appId}"
+    }).then( (result) =>
+      if result.authed
+        return Promise.resolve()
+      else
+        return @_requestPluginAuth(plugin.name, account).then( -> @makeRequest({
+          returnsModel: false,
+          method: "POST",
+          accountId: account.id,
+          path: "/auth/plugin",
+          body: JSON.stringify({client_id: plugin.appId}),
+          json: true
+        }))
+    )
+
+  _requestPluginAuth: (pluginName, account) ->
+    dialog = require('remote').require('dialog')
+    return new Promise( (resolve, reject) =>
+      dialog.showMessageBox({
+        title: "Plugin Offline Email Access",
+        message: "The N1 plugin #{pluginName} requests offline access to your email.",
+        detail: "The #{pluginName} plugin would like to be able to access your email \
+account #{account.emailAddress} while you are offline. Only grant offline access to plugins you trust. \
+You can review and revoke Offline Access for plugins at any time from Preferences > Plugins.",
+        buttons: ["Grant access","Cancel"],
+        type: 'info',
+      }, (result) =>
+        if result == 0
+          resolve()
+        else
+          reject()
+      )
+    )
+
+  unauthPlugin: (plugin, account) ->
+    return @makeRequest({
+      returnsModel: false,
+      method: "DELETE",
+      accountId: account.id,
+      path: "/auth/plugin?client_id=#{plugin.appId}"
+    });
+
 module.exports = new NylasAPI()