calemdar

Author: Oscar-gg

prisma/schema.prisma

@@ -126,6 +126,10 @@ model User {
     semesters         Int?
     tags              String?
     excludeFromExport Boolean  @default(false)
+    // Microsoft integration (tokens never exposed to client)
+    msAccessToken  String?
+    msRefreshToken String?
+    msTokenExpiry  DateTime?
 
     // NextAuth relations
     accounts Account[]
@@ -262,15 +266,20 @@ model WorkPlanCompletion {
 // ─── Attendance ────────────────────────────────────────────────────────────────
 
 model Meeting {
-    id             String   @id @default(cuid())
-    title          String
-    description    String?
-    startTime      DateTime
-    duration       Int // minutes
-    checkInToken   String   @unique @default(cuid())
-    createdBy      String
-    projectId      String?
-    createdAt      DateTime @default(now())
+    id                  String   @id @default(cuid())
+    title               String
+    description         String?
+    notes               String?
+    notesAllowAttendees Boolean  @default(false)
+    startTime           DateTime
+    duration            Int // minutes
+    checkInToken        String   @unique @default(cuid())
+    createdBy           String
+    projectId           String?
+    teamsChannelId      String?
+    teamsJoinUrl        String?
+    outlookEventId      String?
+    createdAt           DateTime @default(now())
 
     creator     User              @relation("MeetingCreator", fields: [createdBy], references: [id])
     project     Project?          @relation(fields: [projectId], references: [id], onDelete: SetNull)

src/app/api/auth/microsoft/callback/route.ts

@@ -0,0 +1,73 @@
+/**
+ * Microsoft OAuth callback — exchanges the auth code for tokens and stores them.
+ */
+import { auth } from "~/server/auth";
+import { db } from "~/server/db";
+import { env } from "~/env.js";
+
+const SCOPES =
+  "offline_access Calendars.ReadWrite OnlineMeetings.ReadWrite ChannelMessage.Send Channel.ReadBasic.All User.Read";
+
+export async function GET(request: Request) {
+  const url = new URL(request.url);
+  const code = url.searchParams.get("code");
+  const state = url.searchParams.get("state");
+  const error = url.searchParams.get("error");
+  const profileUrl = `${url.origin}/dashboard/profile/edit`;
+
+  if (error) {
+    return Response.redirect(`${profileUrl}?ms_error=${encodeURIComponent(error)}`);
+  }
+  if (!code || !state) {
+    return Response.redirect(`${profileUrl}?ms_error=missing_params`);
+  }
+
+  // Verify the authenticated user matches the state (userId)
+  const session = await auth();
+  if (!session?.user?.id || session.user.id !== state) {
+    return Response.redirect(`${profileUrl}?ms_error=session_mismatch`);
+  }
+
+  if (!env.MICROSOFT_CLIENT_ID || !env.MICROSOFT_CLIENT_SECRET || !env.MICROSOFT_TENANT_ID) {
+    return Response.redirect(`${profileUrl}?ms_error=not_configured`);
+  }
+
+  const params = new URLSearchParams({
+    grant_type: "authorization_code",
+    client_id: env.MICROSOFT_CLIENT_ID,
+    client_secret: env.MICROSOFT_CLIENT_SECRET,
+    code,
+    redirect_uri: `${url.origin}/api/auth/microsoft/callback`,
+    scope: SCOPES,
+  });
+
+  const tokenRes = await fetch(
+    `https://login.microsoftonline.com/${env.MICROSOFT_TENANT_ID}/oauth2/v2.0/token`,
+    {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: params.toString(),
+    },
+  );
+
+  if (!tokenRes.ok) {
+    return Response.redirect(`${profileUrl}?ms_error=token_exchange_failed`);
+  }
+
+  const tokens = (await tokenRes.json()) as {
+    access_token: string;
+    refresh_token: string;
+    expires_in: number;
+  };
+
+  await db.user.update({
+    where: { id: session.user.id },
+    data: {
+      msAccessToken: tokens.access_token,
+      msRefreshToken: tokens.refresh_token,
+      msTokenExpiry: new Date(Date.now() + tokens.expires_in * 1000),
+    },
+  });
+
+  return Response.redirect(`${profileUrl}?ms_connected=1`);
+}

src/app/api/auth/microsoft/disconnect/route.ts

@@ -0,0 +1,19 @@
+/**
+ * Disconnects the user's Microsoft account by clearing stored tokens.
+ */
+import { auth } from "~/server/auth";
+import { db } from "~/server/db";
+
+export async function DELETE(request: Request) {
+  const session = await auth();
+  if (!session?.user?.id) {
+    return Response.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  await db.user.update({
+    where: { id: session.user.id },
+    data: { msAccessToken: null, msRefreshToken: null, msTokenExpiry: null },
+  });
+
+  return Response.json({ ok: true });
+}

src/app/api/auth/microsoft/route.ts

@@ -0,0 +1,38 @@
+/**
+ * Initiates Microsoft OAuth flow.
+ * User must be signed in; their session ID is used as the state parameter.
+ */
+import { auth } from "~/server/auth";
+import { env } from "~/env.js";
+
+const SCOPES =
+  "offline_access Calendars.ReadWrite OnlineMeetings.ReadWrite ChannelMessage.Send Channel.ReadBasic.All User.Read";
+
+export async function GET(request: Request) {
+  const session = await auth();
+  if (!session?.user?.id) {
+    return Response.redirect(new URL("/", request.url));
+  }
+
+  if (!env.MICROSOFT_CLIENT_ID || !env.MICROSOFT_TENANT_ID) {
+    return Response.redirect(
+      new URL("/dashboard/profile/edit?ms_error=not_configured", request.url),
+    );
+  }
+
+  const origin = new URL(request.url).origin;
+  const redirectUri = `${origin}/api/auth/microsoft/callback`;
+
+  const params = new URLSearchParams({
+    client_id: env.MICROSOFT_CLIENT_ID,
+    response_type: "code",
+    redirect_uri: redirectUri,
+    scope: SCOPES,
+    response_mode: "query",
+    state: session.user.id,
+  });
+
+  return Response.redirect(
+    `https://login.microsoftonline.com/${env.MICROSOFT_TENANT_ID}/oauth2/v2.0/authorize?${params.toString()}`,
+  );
+}