refactor: move oauth service to trpc (#281)

Author: jonathanlab

apps/array/src/main/di/container.ts

@@ -7,6 +7,7 @@ import { FileWatcherService } from "../services/file-watcher/service.js";
 import { FoldersService } from "../services/folders/service.js";
 import { FsService } from "../services/fs/service.js";
 import { GitService } from "../services/git/service.js";
+import { OAuthService } from "../services/oauth/service.js";
 import { ShellService } from "../services/shell/service.js";
 import { MAIN_TOKENS } from "./tokens.js";
 
@@ -21,4 +22,5 @@ container.bind(MAIN_TOKENS.FileWatcherService).to(FileWatcherService);
 container.bind(MAIN_TOKENS.FoldersService).to(FoldersService);
 container.bind(MAIN_TOKENS.FsService).to(FsService);
 container.bind(MAIN_TOKENS.GitService).to(GitService);
+container.bind(MAIN_TOKENS.OAuthService).to(OAuthService);
 container.bind(MAIN_TOKENS.ShellService).to(ShellService);

apps/array/src/main/di/tokens.ts

@@ -13,5 +13,6 @@ export const MAIN_TOKENS = Object.freeze({
   FoldersService: Symbol.for("Main.FoldersService"),
   FsService: Symbol.for("Main.FsService"),
   GitService: Symbol.for("Main.GitService"),
+  OAuthService: Symbol.for("Main.OAuthService"),
   ShellService: Symbol.for("Main.ShellService"),
 });

apps/array/src/main/index.ts

@@ -36,7 +36,6 @@ type TaskController = unknown;
 import { registerGitIpc } from "./services/git.js";
 import "./services/index.js";
 import { ExternalAppsService } from "./services/external-apps/service.js";
-import { registerOAuthHandlers } from "./services/oauth.js";
 import {
   initializePostHog,
   shutdownPostHog,
@@ -291,7 +290,6 @@ registerAutoUpdater(() => mainWindow);
 ipcMain.handle("app:get-version", () => app.getVersion());
 
 // Register IPC handlers via services
-registerOAuthHandlers();
 registerGitIpc();
 registerAgentIpc(taskControllers, () => mainWindow);
 registerWorkspaceIpc(() => mainWindow);

apps/array/src/main/preload.ts

@@ -8,7 +8,6 @@ import type {
   WorkspaceInfo,
   WorkspaceTerminalInfo,
 } from "../shared/types";
-import type { CloudRegion, OAuthTokenResponse } from "../shared/types/oauth";
 import "electron-log/preload";
 
 process.once("loaded", () => {
@@ -52,18 +51,6 @@ interface AgentStartParams {
 }
 
 contextBridge.exposeInMainWorld("electronAPI", {
-  // OAuth API
-  oauthStartFlow: (
-    region: CloudRegion,
-  ): Promise<{ success: boolean; data?: OAuthTokenResponse; error?: string }> =>
-    ipcRenderer.invoke("oauth:start-flow", region),
-  oauthRefreshToken: (
-    refreshToken: string,
-    region: CloudRegion,
-  ): Promise<{ success: boolean; data?: OAuthTokenResponse; error?: string }> =>
-    ipcRenderer.invoke("oauth:refresh-token", refreshToken, region),
-  oauthCancelFlow: (): Promise<{ success: boolean; error?: string }> =>
-    ipcRenderer.invoke("oauth:cancel-flow"),
   // Repo API
   validateRepo: (directoryPath: string): Promise<boolean> =>
     ipcRenderer.invoke("validate-repo", directoryPath),

apps/array/src/main/services/index.ts

@@ -4,7 +4,6 @@
  */
 
 import "./git.js";
-import "./oauth.js";
 import "./posthog-analytics.js";
 import "./session-manager.js";
 import "./settingsStore.js";

apps/array/src/main/services/oauth/schemas.ts

@@ -0,0 +1,46 @@
+import { z } from "zod";
+
+export const cloudRegion = z.enum(["us", "eu", "dev"]);
+export type CloudRegion = z.infer<typeof cloudRegion>;
+
+export const oAuthTokenResponse = z.object({
+  access_token: z.string(),
+  expires_in: z.number(),
+  token_type: z.string(),
+  scope: z.string(),
+  refresh_token: z.string(),
+  scoped_teams: z.array(z.number()).optional(),
+  scoped_organizations: z.array(z.string()).optional(),
+});
+export type OAuthTokenResponse = z.infer<typeof oAuthTokenResponse>;
+
+export const startFlowInput = z.object({
+  region: cloudRegion,
+});
+export type StartFlowInput = z.infer<typeof startFlowInput>;
+
+export const startFlowOutput = z.object({
+  success: z.boolean(),
+  data: oAuthTokenResponse.optional(),
+  error: z.string().optional(),
+});
+export type StartFlowOutput = z.infer<typeof startFlowOutput>;
+
+export const refreshTokenInput = z.object({
+  refreshToken: z.string(),
+  region: cloudRegion,
+});
+export type RefreshTokenInput = z.infer<typeof refreshTokenInput>;
+
+export const refreshTokenOutput = z.object({
+  success: z.boolean(),
+  data: oAuthTokenResponse.optional(),
+  error: z.string().optional(),
+});
+export type RefreshTokenOutput = z.infer<typeof refreshTokenOutput>;
+
+export const cancelFlowOutput = z.object({
+  success: z.boolean(),
+  error: z.string().optional(),
+});
+export type CancelFlowOutput = z.infer<typeof cancelFlowOutput>;

apps/array/src/main/services/oauth.ts …array/src/main/services/oauth/service.tsapps/array/src/main/services/oauth.ts renamed to apps/array/src/main/services/oauth/service.ts apps/array/src/main/services/oauth.ts renamed to apps/array/src/main/services/oauth/service.ts

@@ -1,18 +1,26 @@
 import * as crypto from "node:crypto";
 import * as http from "node:http";
 import type { Socket } from "node:net";
-import { ipcMain, shell } from "electron";
+import { shell } from "electron";
+import { injectable } from "inversify";
 import {
   getCloudUrlFromRegion,
   getOauthClientIdFromRegion,
   OAUTH_PORT,
   OAUTH_SCOPES,
-} from "../../constants/oauth";
+} from "../../../constants/oauth.js";
 import type {
+  CancelFlowOutput,
   CloudRegion,
-  OAuthConfig,
   OAuthTokenResponse,
-} from "../../shared/types/oauth";
+  RefreshTokenOutput,
+  StartFlowOutput,
+} from "./schemas.js";
+
+interface OAuthConfig {
+  scopes: string[];
+  cloudRegion: CloudRegion;
+}
 
 function generateCodeVerifier(): string {
   return crypto.randomBytes(32).toString("base64url");
@@ -155,7 +163,6 @@ async function startCallbackServer(authUrl: string): Promise<{
       }
     });
 
-    // Track connections
     server.on("connection", (conn) => {
       connections.add(conn);
       conn.on("close", () => {
@@ -164,7 +171,6 @@ async function startCallbackServer(authUrl: string): Promise<{
     });
 
     const closeServer = () => {
-      // Destroy all active connections
       for (const conn of connections) {
         conn.destroy();
       }
@@ -233,76 +239,23 @@ async function refreshTokenRequest(
   return response.json();
 }
 
-let activeCloseServer: (() => void) | null = null;
-
-export async function performOAuthFlow(
-  config: OAuthConfig,
-): Promise<OAuthTokenResponse> {
-  const cloudUrl = getCloudUrlFromRegion(config.cloudRegion);
-  const codeVerifier = generateCodeVerifier();
-  const codeChallenge = generateCodeChallenge(codeVerifier);
-
-  const authUrl = new URL(`${cloudUrl}/oauth/authorize`);
-  authUrl.searchParams.set(
-    "client_id",
-    getOauthClientIdFromRegion(config.cloudRegion),
-  );
-  authUrl.searchParams.set(
-    "redirect_uri",
-    `http://localhost:${OAUTH_PORT}/callback`,
-  );
-  authUrl.searchParams.set("response_type", "code");
-  authUrl.searchParams.set("code_challenge", codeChallenge);
-  authUrl.searchParams.set("code_challenge_method", "S256");
-  authUrl.searchParams.set("scope", config.scopes.join(" "));
-  authUrl.searchParams.set("required_access_level", "project");
-
-  const localLoginUrl = `http://localhost:${OAUTH_PORT}/authorize`;
-
-  const { closeServer, waitForCallback } = await startCallbackServer(
-    authUrl.toString(),
-  );
-
-  activeCloseServer = closeServer;
-
-  await shell.openExternal(localLoginUrl);
-
-  try {
-    const code = await Promise.race([
-      waitForCallback(),
-      new Promise<never>((_, reject) =>
-        setTimeout(() => reject(new Error("Authorization timed out")), 180_000),
-      ),
-    ]);
-
-    const token = await exchangeCodeForToken(code, codeVerifier, config);
-
-    closeServer();
-    activeCloseServer = null;
-
-    return token;
-  } catch (error) {
-    closeServer();
-    activeCloseServer = null;
-    throw error;
-  }
-}
+@injectable()
+export class OAuthService {
+  private activeCloseServer: (() => void) | null = null;
 
-export function registerOAuthHandlers(): void {
-  ipcMain.handle("oauth:start-flow", async (_, region: CloudRegion) => {
+  async startFlow(region: CloudRegion): Promise<StartFlowOutput> {
     try {
-      // Close any existing server before starting a new flow
-      if (activeCloseServer) {
-        activeCloseServer();
-        activeCloseServer = null;
+      if (this.activeCloseServer) {
+        this.activeCloseServer();
+        this.activeCloseServer = null;
       }
 
       const config: OAuthConfig = {
         scopes: OAUTH_SCOPES,
         cloudRegion: region,
       };
 
-      const tokenResponse = await performOAuthFlow(config);
+      const tokenResponse = await this.performOAuthFlow(config);
 
       return {
         success: true,
@@ -314,31 +267,31 @@ export function registerOAuthHandlers(): void {
         error: error instanceof Error ? error.message : "Unknown error",
       };
     }
-  });
+  }
 
-  ipcMain.handle(
-    "oauth:refresh-token",
-    async (_, refreshToken: string, region: CloudRegion) => {
-      try {
-        const tokenResponse = await refreshTokenRequest(refreshToken, region);
-        return {
-          success: true,
-          data: tokenResponse,
-        };
-      } catch (error) {
-        return {
-          success: false,
-          error: error instanceof Error ? error.message : "Unknown error",
-        };
-      }
-    },
-  );
+  async refreshToken(
+    refreshToken: string,
+    region: CloudRegion,
+  ): Promise<RefreshTokenOutput> {
+    try {
+      const tokenResponse = await refreshTokenRequest(refreshToken, region);
+      return {
+        success: true,
+        data: tokenResponse,
+      };
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : "Unknown error",
+      };
+    }
+  }
 
-  ipcMain.handle("oauth:cancel-flow", async () => {
+  cancelFlow(): CancelFlowOutput {
     try {
-      if (activeCloseServer) {
-        activeCloseServer();
-        activeCloseServer = null;
+      if (this.activeCloseServer) {
+        this.activeCloseServer();
+        this.activeCloseServer = null;
       }
       return { success: true };
     } catch (error) {
@@ -347,5 +300,61 @@ export function registerOAuthHandlers(): void {
         error: error instanceof Error ? error.message : "Unknown error",
       };
     }
-  });
+  }
+
+  private async performOAuthFlow(
+    config: OAuthConfig,
+  ): Promise<OAuthTokenResponse> {
+    const cloudUrl = getCloudUrlFromRegion(config.cloudRegion);
+    const codeVerifier = generateCodeVerifier();
+    const codeChallenge = generateCodeChallenge(codeVerifier);
+
+    const authUrl = new URL(`${cloudUrl}/oauth/authorize`);
+    authUrl.searchParams.set(
+      "client_id",
+      getOauthClientIdFromRegion(config.cloudRegion),
+    );
+    authUrl.searchParams.set(
+      "redirect_uri",
+      `http://localhost:${OAUTH_PORT}/callback`,
+    );
+    authUrl.searchParams.set("response_type", "code");
+    authUrl.searchParams.set("code_challenge", codeChallenge);
+    authUrl.searchParams.set("code_challenge_method", "S256");
+    authUrl.searchParams.set("scope", config.scopes.join(" "));
+    authUrl.searchParams.set("required_access_level", "project");
+
+    const localLoginUrl = `http://localhost:${OAUTH_PORT}/authorize`;
+
+    const { closeServer, waitForCallback } = await startCallbackServer(
+      authUrl.toString(),
+    );
+
+    this.activeCloseServer = closeServer;
+
+    await shell.openExternal(localLoginUrl);
+
+    try {
+      const code = await Promise.race([
+        waitForCallback(),
+        new Promise<never>((_, reject) =>
+          setTimeout(
+            () => reject(new Error("Authorization timed out")),
+            180_000,
+          ),
+        ),
+      ]);
+
+      const token = await exchangeCodeForToken(code, codeVerifier, config);
+
+      closeServer();
+      this.activeCloseServer = null;
+
+      return token;
+    } catch (error) {
+      closeServer();
+      this.activeCloseServer = null;
+      throw error;
+    }
+  }
 }

apps/array/src/main/trpc/router.ts

@@ -7,6 +7,7 @@ import { foldersRouter } from "./routers/folders.js";
 import { fsRouter } from "./routers/fs.js";
 import { gitRouter } from "./routers/git.js";
 import { logsRouter } from "./routers/logs.js";
+import { oauthRouter } from "./routers/oauth.js";
 import { osRouter } from "./routers/os.js";
 import { secureStoreRouter } from "./routers/secure-store.js";
 import { shellRouter } from "./routers/shell.js";
@@ -22,6 +23,7 @@ export const trpcRouter = router({
   fs: fsRouter,
   git: gitRouter,
   logs: logsRouter,
+  oauth: oauthRouter,
   os: osRouter,
   secureStore: secureStoreRouter,
   shell: shellRouter,