Mailspring/packages/nylas-api/routes/auth.js

212 lines
6.1 KiB
JavaScript

const Joi = require('joi');
const _ = require('underscore');
const google = require('googleapis');
const OAuth2 = google.auth.OAuth2;
const Serialization = require('../serialization');
const {
IMAPConnection,
DatabaseConnector,
SyncPolicy,
Provider,
} = require('nylas-core');
const {GMAIL_CLIENT_ID, GMAIL_CLIENT_SECRET, GMAIL_REDIRECT_URL} = process.env;
const SCOPES = [
'https://www.googleapis.com/auth/userinfo.email', // email address
'https://www.googleapis.com/auth/userinfo.profile', // G+ profile
'https://mail.google.com/', // email
'https://www.google.com/m8/feeds', // contacts
'https://www.googleapis.com/auth/calendar', // calendar
];
const imapSmtpSettings = Joi.object().keys({
imap_host: [Joi.string().ip().required(), Joi.string().hostname().required()],
imap_port: Joi.number().integer().required(),
imap_username: Joi.string().required(),
imap_password: Joi.string().required(),
smtp_host: [Joi.string().ip().required(), Joi.string().hostname().required()],
smtp_port: Joi.number().integer().required(),
smtp_username: Joi.string().required(),
smtp_password: Joi.string().required(),
ssl_required: Joi.boolean().required(),
}).required();
const exchangeSettings = Joi.object().keys({
username: Joi.string().required(),
password: Joi.string().required(),
eas_server_host: [Joi.string().ip().required(), Joi.string().hostname().required()],
}).required();
const buildAccountWith = ({name, email, provider, settings, credentials}) => {
return DatabaseConnector.forShared().then((db) => {
const {AccountToken, Account} = db;
const account = Account.build({
name: name,
provider: provider,
emailAddress: email,
syncPolicy: SyncPolicy.defaultPolicy(),
connectionSettings: settings,
})
account.setCredentials(credentials);
return account.save().then((saved) =>
AccountToken.create({
AccountId: saved.id,
}).then((token) =>
Promise.resolve({account: saved, token: token})
)
);
});
}
module.exports = (server) => {
server.route({
method: 'POST',
path: '/auth',
config: {
description: 'Authenticates a new account.',
notes: 'Notes go here',
tags: ['accounts'],
auth: false,
validate: {
query: {
client_id: Joi.string().required(),
},
payload: {
email: Joi.string().email().required(),
name: Joi.string().required(),
provider: Joi.string().required(),
settings: Joi.alternatives().try(imapSmtpSettings, exchangeSettings),
},
},
response: {
schema: Joi.alternatives().try(
Serialization.jsonSchema('Account'),
Serialization.jsonSchema('Error')
),
},
},
handler: (request, reply) => {
const dbStub = {};
const connectionChecks = [];
const {settings, email, provider, name} = request.payload;
if (provider === 'imap') {
connectionChecks.push(IMAPConnection.connect(dbStub, settings))
}
Promise.all(connectionChecks).then(() => {
return buildAccountWith({
name,
email,
provider: Provider.IMAP,
settings: _.pick(settings, [
'imap_host', 'imap_port',
'smtp_host', 'smtp_port',
'ssl_required',
]),
credentials: _.pick(settings, [
'imap_username', 'imap_password',
'smtp_username', 'smtp_password',
]),
})
})
.then(({account, token}) => {
const response = account.toJSON();
response.token = token.value;
reply(Serialization.jsonStringify(response));
})
.catch((err) => {
reply({error: err.message}).code(400);
})
},
});
server.route({
method: 'GET',
path: '/auth/gmail',
config: {
description: 'Redirects to Gmail OAuth',
notes: 'Notes go here',
tags: ['accounts'],
auth: false,
},
handler: (request, reply) => {
const oauthClient = new OAuth2(GMAIL_CLIENT_ID, GMAIL_CLIENT_SECRET, GMAIL_REDIRECT_URL);
reply.redirect(oauthClient.generateAuthUrl({
access_type: 'offline',
prompt: 'consent',
scope: SCOPES,
}));
},
});
server.route({
method: 'GET',
path: '/auth/gmail/oauthcallback',
config: {
description: 'Authenticates a new account.',
notes: 'Notes go here',
tags: ['accounts'],
auth: false,
validate: {
query: {
code: Joi.string().required(),
},
},
},
handler: (request, reply) => {
const oauthClient = new OAuth2(GMAIL_CLIENT_ID, GMAIL_CLIENT_SECRET, GMAIL_REDIRECT_URL);
oauthClient.getToken(request.query.code, (err, tokens) => {
if (err) {
reply({error: err.message}).code(400);
return;
}
oauthClient.setCredentials(tokens);
google.oauth2({version: 'v2', auth: oauthClient}).userinfo.get((error, profile) => {
if (error) {
reply({error: error.message}).code(400);
return;
}
const settings = {
imap_username: profile.email,
imap_host: 'imap.gmail.com',
imap_port: 993,
ssl_required: true,
}
const credentials = {
access_token: tokens.access_token,
refresh_token: tokens.refresh_token,
client_id: GMAIL_CLIENT_ID,
client_secret: GMAIL_CLIENT_SECRET,
}
Promise.all([
IMAPConnection.connect({}, Object.assign({}, settings, credentials)),
])
.then(() =>
buildAccountWith({
name: profile.name,
email: profile.email,
provider: Provider.Gmail,
settings,
credentials,
})
)
.then(({account, token}) => {
const response = account.toJSON();
response.token = token.value;
reply(Serialization.jsonStringify(response));
})
.catch((connectionErr) => {
reply({error: connectionErr.message}).code(400);
});
});
});
},
});
}