cal.pub0.org/packages/app-store/larkcalendar/api/callback.ts

101 lines
3.3 KiB
TypeScript
Raw Normal View History

import type { NextApiRequest, NextApiResponse } from "next";
import { z } from "zod";
import { getSafeRedirectUrl } from "@calcom/lib/getSafeRedirectUrl";
import logger from "@calcom/lib/logger";
import { defaultHandler, defaultResponder } from "@calcom/lib/server";
import prisma from "@calcom/prisma";
import { decodeOAuthState } from "../../_utils/decodeOAuthState";
import { LARK_HOST } from "../common";
import { getAppAccessToken } from "../lib/AppAccessToken";
import type { LarkAuthCredentials } from "../types/LarkCalendar";
const log = logger.getChildLogger({ prefix: [`[[lark/api/callback]`] });
const callbackQuerySchema = z.object({
code: z.string().min(1),
});
async function getHandler(req: NextApiRequest, res: NextApiResponse) {
const { code } = callbackQuerySchema.parse(req.query);
const state = decodeOAuthState(req);
try {
const appAccessToken = await getAppAccessToken();
const response = await fetch(`https://${LARK_HOST}/open-apis/authen/v1/access_token`, {
method: "POST",
headers: {
Authorization: "Bearer " + appAccessToken,
"Content-Type": "application/json",
},
body: JSON.stringify({
grant_type: "authorization_code",
code,
}),
});
const responseBody = await response.json();
if (!response.ok || responseBody.code !== 0) {
log.error("get user_access_token failed with none 0 code", responseBody);
return res.redirect("/apps/installed?error=" + JSON.stringify(responseBody));
}
const key: LarkAuthCredentials = {
expiry_date: Math.round(+new Date() / 1000 + responseBody.data.expires_in),
access_token: responseBody.data.access_token,
refresh_token: responseBody.data.refresh_token,
refresh_expires_date: Math.round(+new Date() / 1000 + responseBody.data.refresh_expires_in),
};
/**
* A user can have only one pair of refresh_token and access_token effective
* at same time. Newly created refresh_token and access_token will invalidate
* older ones. So we need to keep only one lark credential per user only.
* However, a user may connect many times, since both userId and type are
* not unique in schema, so we have to use credential id as index for looking
* for the unique access_token token. In this case, id does not exist before created, so we cannot use credential id (which may not exist) as where statement
*/
const currentCredential = await prisma.credential.findFirst({
where: {
userId: req.session?.user.id,
type: "lark_calendar",
},
});
if (!currentCredential) {
await prisma.credential.create({
data: {
type: "lark_calendar",
key,
userId: req.session?.user.id,
appId: "lark-calendar",
},
});
} else {
await prisma.credential.update({
data: {
type: "lark_calendar",
key,
userId: req.session?.user.id,
appId: "lark-calendar",
},
where: {
id: currentCredential.id,
},
});
}
res.redirect(getSafeRedirectUrl(state?.returnTo) ?? "/apps/installed");
} catch (error) {
log.error("handle callback error", error);
res.redirect(state?.returnTo ?? "/apps/installed");
}
}
export default defaultHandler({
GET: Promise.resolve({ default: defaultResponder(getHandler) }),
});