cal.com/apps/api/v2/src/lib/services/oauth.service.ts at 48be8314f168e956957ecff0cdee37638e8caa06 · calcom/cal.com · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
import type { OAuth2Tokens } from "@calcom/platform-libraries";
import { OAuthService as BaseOAuthService } from "@calcom/platform-libraries";
import { Injectable } from "@nestjs/common";
import { PrismaAccessCodeRepository } from "@/lib/repositories/prisma-access-code.repository";
import { PrismaOAuthClientRepository } from "@/lib/repositories/prisma-oauth-client.repository";
import { PrismaOAuthRefreshTokenRepository } from "@/lib/repositories/prisma-oauth-refresh-token.repository";
import { PrismaTeamRepository } from "@/lib/repositories/prisma-team.repository";
import type { OAuth2ExchangeInput } from "@/modules/auth/oauth2/inputs/exchange.input";
import { OAuth2ExchangeConfidentialInput } from "@/modules/auth/oauth2/inputs/exchange.input";
import type { OAuth2RefreshInput } from "@/modules/auth/oauth2/inputs/refresh.input";
import { OAuth2RefreshConfidentialInput } from "@/modules/auth/oauth2/inputs/refresh.input";
import type { OAuth2TokenInput } from "@/modules/auth/oauth2/inputs/token.input.pipe";

@Injectable()
export class OAuthService extends BaseOAuthService {
  constructor(
    accessCodeRepository: PrismaAccessCodeRepository,
    oAuthClientRepository: PrismaOAuthClientRepository,
    oAuthRefreshTokenRepository: PrismaOAuthRefreshTokenRepository,
    teamsRepository: PrismaTeamRepository
  ) {
    super({
      accessCodeRepository: accessCodeRepository,
      oAuthClientRepository: oAuthClientRepository,
      oAuthRefreshTokenRepository: oAuthRefreshTokenRepository,
      teamsRepository: teamsRepository,
    });
  }

  async handleTokenRequest(clientId: string, body: OAuth2TokenInput): Promise<OAuth2Tokens> {
    switch (body.grant_type) {
      case "authorization_code":
        return this.exchangeAuthorizationCode(clientId, body);
      case "refresh_token":
        return this.refreshToken(clientId, body);
    }
  }

  private async exchangeAuthorizationCode(
    clientId: string,
    body: OAuth2ExchangeInput
  ): Promise<OAuth2Tokens> {
    if (body instanceof OAuth2ExchangeConfidentialInput) {
      return this.exchangeCodeForTokens(clientId, body.code, body.client_secret, body.redirect_uri);
    }

    return this.exchangeCodeForTokens(clientId, body.code, undefined, body.redirect_uri, body.code_verifier);
  }

  private async refreshToken(clientId: string, body: OAuth2RefreshInput): Promise<OAuth2Tokens> {
    if (body instanceof OAuth2RefreshConfidentialInput) {
      return this.refreshAccessToken(clientId, body.refresh_token, body.client_secret);
    }

    return this.refreshAccessToken(clientId, body.refresh_token);
  }
}