f.weber/homebrewery
0
0
Fork 0
mirror of https://github.com/naturalcrit/homebrewery.git synced 2026-01-08 03:12:40 +00:00
Code Wiki Activity

update googleActions and related files to use service-level auth where viable

Browse Source
This commit is contained in:
Charlie Humphreys
2022-02-14 22:21:58 -06:00
parent 42afbd3e70
commit 59d08a7414
3 changed files with 32 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/app.js
View File

@@ -25,7 +25,7 @@ const getBrewFromId = asyncHandler(async (id, accessType)=>{
if(id.length > 12) { if(id.length > 12) {
const googleId = id.slice(0, -12); const googleId = id.slice(0, -12);
id = id.slice(-12); id = id.slice(-12);
brew = await GoogleActions.readFileMetadata(config.get('google_api_key'), googleId, id, accessType); brew = await GoogleActions.readFileMetadata(googleId, id, accessType);
} else { } else {
brew = await HomebrewModel.get(accessType == 'edit' ? { editId: id } : { shareId: id }); brew = await HomebrewModel.get(accessType == 'edit' ? { editId: id } : { shareId: id });
brew = brew.toObject(); // Convert MongoDB object to standard Javascript Object brew = brew.toObject(); // Convert MongoDB object to standard Javascript Object

69
server/googleActions.js
View File

@@ -5,7 +5,22 @@ const { nanoid } = require('nanoid');
const token = require('./token.js'); const token = require('./token.js');
const config = require('./config.js'); const config = require('./config.js');
//let oAuth2Client; const keys = typeof(config.get('service_account')) == 'string' ?
JSON.parse(config.get('service_account')) :
config.get('service_account');
let serviceAuth;
try {
serviceAuth = google.auth.fromJSON(keys);
serviceAuth.scopes = [
'https://www.googleapis.com/auth/drive',
'https://www.googleapis.com/auth/drive.appdata',
'https://www.googleapis.com/auth/drive.file',
'https://www.googleapis.com/auth/drive.metadata'
];
} catch (err) {
console.warn(err);
}
google.options({ auth: serviceAuth || config.get('google_api_key') });
const GoogleActions = { const GoogleActions = {
@@ -43,7 +58,7 @@ const GoogleActions = {
}, },
getGoogleFolder : async (auth)=>{ getGoogleFolder : async (auth)=>{
const drive = google.drive({ version: 'v3', auth: auth }); const drive = google.drive({ version: 'v3', auth });
fileMetadata = { fileMetadata = {
'name' : 'Homebrewery', 'name' : 'Homebrewery',
@@ -81,13 +96,11 @@ const GoogleActions = {
listGoogleBrews : async (req, res)=>{ listGoogleBrews : async (req, res)=>{
oAuth2Client = GoogleActions.authCheck(req.account, res); const oAuth2Client = GoogleActions.authCheck(req.account, res);
//TODO: Change to service account to allow non-owners to view published files. //TODO: Change to service account to allow non-owners to view published files.
// Requires a driveId parameter in the drive.files.list command // Requires a driveId parameter in the drive.files.list command
// const keys = JSON.parse(config.get('service_account')); // Then remove the `auth` parameter from the drive object initialization
// const auth = google.auth.fromJSON(keys);
// auth.scopes = ['https://www.googleapis.com/auth/drive'];
const drive = google.drive({ version: 'v3', auth: oAuth2Client }); const drive = google.drive({ version: 'v3', auth: oAuth2Client });
@@ -129,8 +142,8 @@ const GoogleActions = {
return brews; return brews;
}, },
existsGoogleBrew : async (auth, id)=>{ existsGoogleBrew : async (id)=>{
const drive = google.drive({ version: 'v3', auth: auth }); const drive = google.drive({ version: 'v3' });
const result = await drive.files.get({ fileId: id }) const result = await drive.files.get({ fileId: id })
.catch((err)=>{ .catch((err)=>{
@@ -144,10 +157,10 @@ const GoogleActions = {
return false; return false;
}, },
updateGoogleBrew : async (auth, brew)=>{ updateGoogleBrew : async (brew)=>{
const drive = google.drive({ version: 'v3', auth: auth }); const drive = google.drive({ version: 'v3' });
if(await GoogleActions.existsGoogleBrew(auth, brew.googleId) == true) { if(await GoogleActions.existsGoogleBrew(brew.googleId) == true) {
await drive.files.update({ await drive.files.update({
fileId : brew.googleId, fileId : brew.googleId,
resource : { resource : {
@@ -180,7 +193,7 @@ const GoogleActions = {
}, },
newGoogleBrew : async (auth, brew)=>{ newGoogleBrew : async (auth, brew)=>{
const drive = google.drive({ version: 'v3', auth: auth }); const drive = google.drive({ version: 'v3', auth });
const media = { const media = {
mimeType : 'text/plain', mimeType : 'text/plain',
@@ -248,9 +261,8 @@ const GoogleActions = {
return newHomebrew; return newHomebrew;
}, },
readFileMetadata : async (auth, id, accessId, accessType)=>{ readFileMetadata : async (id, accessId, accessType)=>{
const drive = google.drive({ version: 'v3' });
const drive = google.drive({ version: 'v3', auth: auth });
const obj = await drive.files.get({ const obj = await drive.files.get({
fileId : id, fileId : id,
@@ -269,16 +281,7 @@ const GoogleActions = {
throw ('Share ID does not match'); throw ('Share ID does not match');
} }
//Access file using service account. Using API key only causes "automated query" lockouts after a while. const serviceDrive = google.drive({ version: 'v3' });
const keys = typeof(config.get('service_account')) == 'string' ?
JSON.parse(config.get('service_account')) :
config.get('service_account');
const serviceAuth = google.auth.fromJSON(keys);
serviceAuth.scopes = ['https://www.googleapis.com/auth/drive'];
const serviceDrive = google.drive({ version: 'v3', auth: serviceAuth });
const file = await serviceDrive.files.get({ const file = await serviceDrive.files.get({
fileId : id, fileId : id,
@@ -320,8 +323,7 @@ const GoogleActions = {
}, },
deleteGoogleBrew : async (req, res, id)=>{ deleteGoogleBrew : async (req, res, id)=>{
const oAuth2Client = GoogleActions.authCheck(req.account, res);
oAuth2Client = GoogleActions.authCheck(req.account, res);
const drive = google.drive({ version: 'v3', auth: oAuth2Client }); const drive = google.drive({ version: 'v3', auth: oAuth2Client });
const googleId = id.slice(0, -12); const googleId = id.slice(0, -12);
@@ -354,16 +356,7 @@ const GoogleActions = {
}, },
increaseView : async (id, accessId, accessType, brew)=>{ increaseView : async (id, accessId, accessType, brew)=>{
//service account because this is modifying another user's file properties const drive = google.drive({ version: 'v3' });
//so we need extended scope
const keys = typeof(config.get('service_account')) == 'string' ?
JSON.parse(config.get('service_account')) :
config.get('service_account');
const auth = google.auth.fromJSON(keys);
auth.scopes = ['https://www.googleapis.com/auth/drive'];
const drive = google.drive({ version: 'v3', auth: auth });
await drive.files.update({ await drive.files.update({
fileId : brew.googleId, fileId : brew.googleId,
@@ -380,8 +373,6 @@ const GoogleActions = {
console.error(err); console.error(err);
//return res.status(500).send('Error while saving'); //return res.status(500).send('Error while saving');
}); });
return;
} }
}; };

6
server/homebrew.api.js
View File

@@ -167,15 +167,11 @@ const newGoogleBrew = async (req, res, next)=>{
}; };
const updateGoogleBrew = async (req, res, next)=>{ const updateGoogleBrew = async (req, res, next)=>{
let oAuth2Client;
try { oAuth2Client = GoogleActions.authCheck(req.account, res); } catch (err) { return res.status(err.status).send(err.message); }
const brew = excludePropsFromUpdate(req.body); const brew = excludePropsFromUpdate(req.body);
brew.text = mergeBrewText(brew); brew.text = mergeBrewText(brew);
try { try {
const updatedBrew = await GoogleActions.updateGoogleBrew(oAuth2Client, brew); const updatedBrew = await GoogleActions.updateGoogleBrew(brew);
return res.status(200).send(updatedBrew); return res.status(200).send(updatedBrew);
} catch (err) { } catch (err) {
return res.status(err.response?.status || 500).send(err); return res.status(err.response?.status || 500).send(err);