feat: add oauth support (#82)

Author: joshsny

src/api/fetcher.ts

@@ -2,49 +2,72 @@ import type { createApiClient } from "./generated";
 
 export const buildApiFetcher: (config: {
   apiToken: string;
+  onTokenRefresh?: () => Promise<string>;
 }) => Parameters<typeof createApiClient>[0] = (config) => {
-  return {
-    fetch: async (input) => {
-      const headers = new Headers();
-      headers.set("Authorization", `Bearer ${config.apiToken}`);
+  const makeRequest = async (
+    input: Parameters<Parameters<typeof createApiClient>[0]["fetch"]>[0],
+    token: string,
+  ): Promise<Response> => {
+    const headers = new Headers();
+    headers.set("Authorization", `Bearer ${token}`);
 
-      if (input.urlSearchParams) {
-        input.url.search = input.urlSearchParams.toString();
-      }
+    if (input.urlSearchParams) {
+      input.url.search = input.urlSearchParams.toString();
+    }
 
-      const body = ["post", "put", "patch", "delete"].includes(
-        input.method.toLowerCase(),
-      )
-        ? JSON.stringify(input.parameters?.body)
-        : undefined;
+    const body = ["post", "put", "patch", "delete"].includes(
+      input.method.toLowerCase(),
+    )
+      ? JSON.stringify(input.parameters?.body)
+      : undefined;
 
-      if (body) {
-        headers.set("Content-Type", "application/json");
-      }
+    if (body) {
+      headers.set("Content-Type", "application/json");
+    }
 
-      if (input.parameters?.header) {
-        for (const [key, value] of Object.entries(input.parameters.header)) {
-          if (value != null) {
-            headers.set(key, String(value));
-          }
+    if (input.parameters?.header) {
+      for (const [key, value] of Object.entries(input.parameters.header)) {
+        if (value != null) {
+          headers.set(key, String(value));
         }
       }
+    }
 
-      let response: Response;
-      try {
-        response = await fetch(input.url, {
-          method: input.method.toUpperCase(),
-          ...(body && { body }),
-          headers,
-          ...input.overrides,
-        });
-      } catch (err) {
-        throw new Error(
-          `Network request failed for ${input.method.toUpperCase()} ${input.url}: ${
-            err instanceof Error ? err.message : String(err)
-          }`,
-          { cause: err instanceof Error ? err : undefined },
-        );
+    try {
+      const response = await fetch(input.url, {
+        method: input.method.toUpperCase(),
+        ...(body && { body }),
+        headers,
+        ...input.overrides,
+      });
+
+      return response;
+    } catch (err) {
+      throw new Error(
+        `Network request failed for ${input.method.toUpperCase()} ${input.url}: ${
+          err instanceof Error ? err.message : String(err)
+        }`,
+        { cause: err instanceof Error ? err : undefined },
+      );
+    }
+  };
+
+  return {
+    fetch: async (input) => {
+      let response = await makeRequest(input, config.apiToken);
+
+      // Handle 401 with automatic token refresh
+      if (!response.ok && response.status === 401 && config.onTokenRefresh) {
+        try {
+          const newToken = await config.onTokenRefresh();
+          response = await makeRequest(input, newToken);
+        } catch {
+          // Token refresh failed - throw the original 401 error
+          const errorResponse = await response.json();
+          throw new Error(
+            `Failed request: [${response.status}] ${JSON.stringify(errorResponse)}`,
+          );
+        }
       }
 
       if (!response.ok) {

src/api/posthogClient.ts

@@ -6,9 +6,23 @@ export class PostHogAPIClient {
   private api: ReturnType<typeof createApiClient>;
   private _teamId: number | null = null;
 
-  constructor(apiKey: string, apiHost: string) {
+  constructor(
+    accessToken: string,
+    apiHost: string,
+    onTokenRefresh?: () => Promise<string>,
+    teamId?: number,
+  ) {
     const baseUrl = apiHost.endsWith("/") ? apiHost.slice(0, -1) : apiHost;
-    this.api = createApiClient(buildApiFetcher({ apiToken: apiKey }), baseUrl);
+    this.api = createApiClient(
+      buildApiFetcher({
+        apiToken: accessToken,
+        onTokenRefresh,
+      }),
+      baseUrl,
+    );
+    if (teamId) {
+      this._teamId = teamId;
+    }
   }
 
   private async getTeamId(): Promise<number> {

src/constants/environment.ts

@@ -0,0 +1 @@
+export const IS_DEV = import.meta.env.DEV as boolean;

src/constants/oauth.ts

@@ -0,0 +1,39 @@
+import type { CloudRegion } from "../shared/types/oauth";
+
+export const POSTHOG_US_CLIENT_ID = "HCWoE0aRFMYxIxFNTTwkOORn5LBjOt2GVDzwSw5W";
+export const POSTHOG_EU_CLIENT_ID = "AIvijgMS0dxKEmr5z6odvRd8Pkh5vts3nPTzgzU9";
+export const POSTHOG_DEV_CLIENT_ID = "DC5uRLVbGI02YQ82grxgnK6Qn12SXWpCqdPb60oZ";
+
+export const OAUTH_PORT = 8237;
+
+export const OAUTH_SCOPES = [
+  "user:read",
+  "project:read",
+  "task:write",
+  "integration:read",
+];
+
+// Token refresh settings
+export const TOKEN_REFRESH_BUFFER_MS = 5 * 60 * 1000; // 5 minutes before expiry
+
+export function getCloudUrlFromRegion(region: CloudRegion): string {
+  switch (region) {
+    case "us":
+      return "https://us.posthog.com";
+    case "eu":
+      return "https://eu.posthog.com";
+    case "dev":
+      return "http://localhost:8010";
+  }
+}
+
+export function getOauthClientIdFromRegion(region: CloudRegion): string {
+  switch (region) {
+    case "us":
+      return POSTHOG_US_CLIENT_ID;
+    case "eu":
+      return POSTHOG_EU_CLIENT_ID;
+    case "dev":
+      return POSTHOG_DEV_CLIENT_ID;
+  }
+}

src/main/index.ts

@@ -12,6 +12,7 @@ import {
 } from "electron";
 import { registerAgentIpc, type TaskController } from "./services/agent.js";
 import { registerFsIpc } from "./services/fs.js";
+import { registerOAuthHandlers } from "./services/oauth.js";
 import { registerOsIpc } from "./services/os.js";
 import { registerPosthogIpc } from "./services/posthog.js";
 import {
@@ -192,6 +193,7 @@ ipcMain.handle("app:get-version", () => app.getVersion());
 
 // Register IPC handlers via services
 registerPosthogIpc();
+registerOAuthHandlers();
 registerOsIpc(() => mainWindow);
 registerAgentIpc(taskControllers, () => mainWindow);
 registerFsIpc();

src/main/preload.ts

@@ -1,5 +1,10 @@
 import { contextBridge, type IpcRendererEvent, ipcRenderer } from "electron";
 import type { Recording } from "../shared/types";
+import type {
+  CloudRegion,
+  OAuthTokenResponse,
+  StoredOAuthTokens,
+} from "../shared/types/oauth";
 
 interface MessageBoxOptions {
   type?: "info" | "error" | "warning" | "question";
@@ -29,6 +34,26 @@ contextBridge.exposeInMainWorld("electronAPI", {
     ipcRenderer.invoke("store-api-key", apiKey),
   retrieveApiKey: (encryptedKey: string): Promise<string | null> =>
     ipcRenderer.invoke("retrieve-api-key", encryptedKey),
+  // OAuth API
+  oauthStartFlow: (
+    region: CloudRegion,
+  ): Promise<{ success: boolean; data?: OAuthTokenResponse; error?: string }> =>
+    ipcRenderer.invoke("oauth:start-flow", region),
+  oauthEncryptTokens: (
+    tokens: StoredOAuthTokens,
+  ): Promise<{ success: boolean; encrypted?: string; error?: string }> =>
+    ipcRenderer.invoke("oauth:encrypt-tokens", tokens),
+  oauthRetrieveTokens: (
+    encrypted: string,
+  ): Promise<{ success: boolean; data?: StoredOAuthTokens; error?: string }> =>
+    ipcRenderer.invoke("oauth:retrieve-tokens", encrypted),
+  oauthDeleteTokens: (): Promise<{ success: boolean }> =>
+    ipcRenderer.invoke("oauth:delete-tokens"),
+  oauthRefreshToken: (
+    refreshToken: string,
+    region: CloudRegion,
+  ): Promise<{ success: boolean; data?: OAuthTokenResponse; error?: string }> =>
+    ipcRenderer.invoke("oauth:refresh-token", refreshToken, region),
   selectDirectory: (): Promise<string | null> =>
     ipcRenderer.invoke("select-directory"),
   searchDirectories: (query: string, searchRoot?: string): Promise<string[]> =>