cowork-os 0.3.21 → 0.3.25

package/src/electron/utils/google-calendar-api.ts

@@ -0,0 +1,115 @@
+/**
+ * Google Calendar API helpers
+ */
+
+import { GoogleWorkspaceSettingsData } from '../../shared/types';
+import { getGoogleWorkspaceAccessToken, refreshGoogleWorkspaceAccessToken } from './google-workspace-auth';
+
+export const GOOGLE_CALENDAR_API_BASE = 'https://www.googleapis.com/calendar/v3';
+const DEFAULT_TIMEOUT_MS = 20000;
+
+function parseJsonSafe(text: string): any | undefined {
+  const trimmed = text.trim();
+  if (!trimmed) return undefined;
+  try {
+    return JSON.parse(trimmed);
+  } catch {
+    return undefined;
+  }
+}
+
+function formatCalendarError(status: number, data: any, fallback?: string): string {
+  const message =
+    data?.error?.message ||
+    data?.message ||
+    fallback ||
+    'Google Calendar API error';
+  return `Google Calendar API error ${status}: ${message}`;
+}
+
+export interface GoogleCalendarRequestOptions {
+  method: 'GET' | 'POST' | 'PATCH' | 'DELETE';
+  path: string;
+  query?: Record<string, string | number | boolean | undefined>;
+  body?: any;
+  timeoutMs?: number;
+}
+
+export interface GoogleCalendarRequestResult {
+  status: number;
+  data?: any;
+  raw?: string;
+}
+
+export async function googleCalendarRequest(
+  settings: GoogleWorkspaceSettingsData,
+  options: GoogleCalendarRequestOptions
+): Promise<GoogleCalendarRequestResult> {
+  const params = new URLSearchParams();
+  if (options.query) {
+    for (const [key, value] of Object.entries(options.query)) {
+      if (value === undefined || value === null) continue;
+      params.set(key, String(value));
+    }
+  }
+  const queryString = params.toString();
+  const url = `${GOOGLE_CALENDAR_API_BASE}${options.path}${queryString ? `?${queryString}` : ''}`;
+
+  const timeoutMs = options.timeoutMs ?? settings.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+
+  const requestOnce = async (accessToken: string): Promise<GoogleCalendarRequestResult> => {
+    const headers: Record<string, string> = {
+      Authorization: `Bearer ${accessToken}`,
+    };
+
+    if (options.method !== 'GET' && options.method !== 'DELETE') {
+      headers['Content-Type'] = 'application/json';
+    }
+
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), timeoutMs);
+
+    try {
+      const response = await fetch(url, {
+        method: options.method,
+        headers,
+        body: options.body ? JSON.stringify(options.body) : undefined,
+        signal: controller.signal,
+      });
+
+      const rawText = typeof response.text === 'function' ? await response.text() : '';
+      const data = rawText ? parseJsonSafe(rawText) : undefined;
+
+      if (!response.ok) {
+        throw Object.assign(new Error(formatCalendarError(response.status, data, response.statusText)), {
+          status: response.status,
+          data,
+        });
+      }
+
+      return {
+        status: response.status,
+        data: data ?? undefined,
+        raw: rawText || undefined,
+      };
+    } catch (error: any) {
+      if (error?.name === 'AbortError') {
+        throw new Error('Google Calendar API request timed out');
+      }
+      throw error;
+    } finally {
+      clearTimeout(timeout);
+    }
+  };
+
+  try {
+    const accessToken = await getGoogleWorkspaceAccessToken(settings);
+    return await requestOnce(accessToken);
+  } catch (error: any) {
+    if (error?.status === 401 && settings.refreshToken) {
+      const refreshedToken = await refreshGoogleWorkspaceAccessToken(settings);
+      return await requestOnce(refreshedToken);
+    }
+    throw error;
+  }
+}

package/src/electron/utils/google-workspace-api.ts

@@ -0,0 +1,228 @@
+/**
+ * Google Workspace API helpers (Drive)
+ */
+
+import { GoogleWorkspaceConnectionTestResult, GoogleWorkspaceSettingsData } from '../../shared/types';
+import { getGoogleWorkspaceAccessToken, refreshGoogleWorkspaceAccessToken } from './google-workspace-auth';
+import { gmailRequest } from './gmail-api';
+
+export const GOOGLE_DRIVE_API_BASE = 'https://www.googleapis.com/drive/v3';
+export const GOOGLE_DRIVE_UPLOAD_BASE = 'https://www.googleapis.com/upload/drive/v3';
+const DEFAULT_TIMEOUT_MS = 20000;
+
+function parseJsonSafe(text: string): any | undefined {
+  const trimmed = text.trim();
+  if (!trimmed) return undefined;
+  try {
+    return JSON.parse(trimmed);
+  } catch {
+    return undefined;
+  }
+}
+
+function formatDriveError(status: number, data: any, fallback?: string): string {
+  const message =
+    data?.error?.message ||
+    data?.message ||
+    fallback ||
+    'Google Drive API error';
+  return `Google Drive API error ${status}: ${message}`;
+}
+
+export interface GoogleDriveRequestOptions {
+  method: 'GET' | 'POST' | 'PATCH' | 'DELETE';
+  path: string;
+  query?: Record<string, string | number | boolean | undefined>;
+  body?: Record<string, any>;
+  timeoutMs?: number;
+}
+
+export interface GoogleDriveRequestResult {
+  status: number;
+  data?: any;
+  raw?: string;
+}
+
+export async function googleDriveRequest(
+  settings: GoogleWorkspaceSettingsData,
+  options: GoogleDriveRequestOptions
+): Promise<GoogleDriveRequestResult> {
+  const params = new URLSearchParams();
+  if (options.query) {
+    for (const [key, value] of Object.entries(options.query)) {
+      if (value === undefined || value === null) continue;
+      params.set(key, String(value));
+    }
+  }
+  const queryString = params.toString();
+  const url = `${GOOGLE_DRIVE_API_BASE}${options.path}${queryString ? `?${queryString}` : ''}`;
+
+  const timeoutMs = options.timeoutMs ?? settings.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+
+  const requestOnce = async (accessToken: string): Promise<GoogleDriveRequestResult> => {
+    const headers: Record<string, string> = {
+      Authorization: `Bearer ${accessToken}`,
+    };
+
+    if (options.method !== 'GET' && options.method !== 'DELETE') {
+      headers['Content-Type'] = 'application/json';
+    }
+
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), timeoutMs);
+
+    try {
+      const response = await fetch(url, {
+        method: options.method,
+        headers,
+        body: options.body ? JSON.stringify(options.body) : undefined,
+        signal: controller.signal,
+      });
+
+      const rawText = typeof response.text === 'function' ? await response.text() : '';
+      const data = rawText ? parseJsonSafe(rawText) : undefined;
+
+      if (!response.ok) {
+        throw Object.assign(new Error(formatDriveError(response.status, data, response.statusText)), {
+          status: response.status,
+          data,
+        });
+      }
+
+      return {
+        status: response.status,
+        data: data ?? undefined,
+        raw: rawText || undefined,
+      };
+    } catch (error: any) {
+      if (error?.name === 'AbortError') {
+        throw new Error('Google Drive API request timed out');
+      }
+      throw error;
+    } finally {
+      clearTimeout(timeout);
+    }
+  };
+
+  try {
+    const accessToken = await getGoogleWorkspaceAccessToken(settings);
+    return await requestOnce(accessToken);
+  } catch (error: any) {
+    if (error?.status === 401 && settings.refreshToken) {
+      const refreshedToken = await refreshGoogleWorkspaceAccessToken(settings);
+      return await requestOnce(refreshedToken);
+    }
+    throw error;
+  }
+}
+
+export async function googleDriveUpload(
+  settings: GoogleWorkspaceSettingsData,
+  fileId: string,
+  data: Uint8Array,
+  contentType: string
+): Promise<GoogleDriveRequestResult> {
+  const url = `${GOOGLE_DRIVE_UPLOAD_BASE}/files/${fileId}?uploadType=media`;
+
+  const timeoutMs = settings.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+
+  const requestOnce = async (accessToken: string): Promise<GoogleDriveRequestResult> => {
+    const headers: Record<string, string> = {
+      Authorization: `Bearer ${accessToken}`,
+      'Content-Type': contentType,
+    };
+
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), timeoutMs);
+
+    try {
+      const response = await fetch(url, {
+        method: 'PATCH',
+        headers,
+        body: data,
+        signal: controller.signal,
+      });
+
+      const rawText = typeof response.text === 'function' ? await response.text() : '';
+      const dataJson = rawText ? parseJsonSafe(rawText) : undefined;
+
+      if (!response.ok) {
+        throw Object.assign(new Error(formatDriveError(response.status, dataJson, response.statusText)), {
+          status: response.status,
+          data: dataJson,
+        });
+      }
+
+      return {
+        status: response.status,
+        data: dataJson ?? undefined,
+        raw: rawText || undefined,
+      };
+    } catch (error: any) {
+      if (error?.name === 'AbortError') {
+        throw new Error('Google Drive upload request timed out');
+      }
+      throw error;
+    } finally {
+      clearTimeout(timeout);
+    }
+  };
+
+  try {
+    const accessToken = await getGoogleWorkspaceAccessToken(settings);
+    return await requestOnce(accessToken);
+  } catch (error: any) {
+    if (error?.status === 401 && settings.refreshToken) {
+      const refreshedToken = await refreshGoogleWorkspaceAccessToken(settings);
+      return await requestOnce(refreshedToken);
+    }
+    throw error;
+  }
+}
+
+function extractUserInfo(data: any): { name?: string; userId?: string; email?: string } {
+  if (!data || typeof data !== 'object') return {};
+  const user = data.user || data;
+  const name = user.displayName || user.name || undefined;
+  const userId = user.permissionId || user.userId || user.id || undefined;
+  const email = user.emailAddress || user.email || undefined;
+  return { name, userId, email };
+}
+
+export async function testGoogleWorkspaceConnection(settings: GoogleWorkspaceSettingsData): Promise<GoogleWorkspaceConnectionTestResult> {
+  try {
+    const profile = await gmailRequest(settings, {
+      method: 'GET',
+      path: '/users/me/profile',
+    });
+    const email = profile.data?.emailAddress as string | undefined;
+    return {
+      success: true,
+      name: email,
+      userId: profile.data?.historyId as string | undefined,
+      email,
+    };
+  } catch {
+    // Fall back to Drive if Gmail scope is unavailable
+  }
+
+  try {
+    const result = await googleDriveRequest(settings, {
+      method: 'GET',
+      path: '/about',
+      query: { fields: 'user' },
+    });
+    const extracted = extractUserInfo(result.data);
+    return {
+      success: true,
+      name: extracted.name,
+      userId: extracted.userId,
+      email: extracted.email,
+    };
+  } catch (error: any) {
+    return {
+      success: false,
+      error: error?.message || 'Failed to connect to Google Workspace',
+    };
+  }
+}

package/src/electron/utils/google-workspace-auth.ts

@@ -0,0 +1,109 @@
+/**
+ * Google Workspace OAuth helpers (token refresh)
+ */
+
+import { GoogleWorkspaceSettingsData } from '../../shared/types';
+import { GoogleWorkspaceSettingsManager } from '../settings/google-workspace-manager';
+
+const GOOGLE_OAUTH_TOKEN_URL = 'https://oauth2.googleapis.com/token';
+const TOKEN_REFRESH_BUFFER_MS = 2 * 60 * 1000;
+
+function parseJsonSafe(text: string): any | undefined {
+  const trimmed = text.trim();
+  if (!trimmed) return undefined;
+  try {
+    return JSON.parse(trimmed);
+  } catch {
+    return undefined;
+  }
+}
+
+function parseScopeList(scope?: string): string[] | undefined {
+  if (!scope) return undefined;
+  return scope
+    .split(/\s+/)
+    .map((s) => s.trim())
+    .filter(Boolean);
+}
+
+export async function refreshGoogleWorkspaceAccessToken(
+  settings: GoogleWorkspaceSettingsData
+): Promise<string> {
+  if (!settings.refreshToken) {
+    throw new Error('Google Workspace refresh token not configured. Reconnect in Settings > Integrations > Google Workspace.');
+  }
+  if (!settings.clientId) {
+    throw new Error('Google Workspace client ID not configured. Add it in Settings > Integrations > Google Workspace.');
+  }
+
+  const params = new URLSearchParams({
+    client_id: settings.clientId,
+    grant_type: 'refresh_token',
+    refresh_token: settings.refreshToken,
+  });
+
+  if (settings.clientSecret) {
+    params.set('client_secret', settings.clientSecret);
+  }
+
+  const response = await fetch(GOOGLE_OAUTH_TOKEN_URL, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+    body: params.toString(),
+  });
+
+  const rawText = typeof response.text === 'function' ? await response.text() : '';
+  const data = rawText ? parseJsonSafe(rawText) : undefined;
+
+  if (!response.ok) {
+    const message = data?.error_description || data?.error || response.statusText || 'Token refresh failed';
+    throw new Error(`Google Workspace token refresh failed: ${message}`);
+  }
+
+  const accessToken = data?.access_token as string | undefined;
+  if (!accessToken) {
+    throw new Error('Google Workspace token refresh did not return an access_token');
+  }
+
+  const expiresIn = typeof data?.expires_in === 'number' ? data.expires_in : undefined;
+  const nextSettings: GoogleWorkspaceSettingsData = {
+    ...settings,
+    accessToken,
+    tokenExpiresAt: expiresIn ? Date.now() + expiresIn * 1000 : settings.tokenExpiresAt,
+  };
+
+  if (data?.refresh_token) {
+    nextSettings.refreshToken = data.refresh_token;
+  }
+
+  const scopes = parseScopeList(data?.scope);
+  if (scopes) {
+    nextSettings.scopes = scopes;
+  }
+
+  GoogleWorkspaceSettingsManager.saveSettings(nextSettings);
+  GoogleWorkspaceSettingsManager.clearCache();
+
+  return accessToken;
+}
+
+export async function getGoogleWorkspaceAccessToken(
+  settings: GoogleWorkspaceSettingsData
+): Promise<string> {
+  if (!settings.accessToken && !settings.refreshToken) {
+    throw new Error('Google Workspace access token not configured. Connect in Settings > Integrations > Google Workspace.');
+  }
+
+  const now = Date.now();
+  if (settings.accessToken) {
+    if (!settings.tokenExpiresAt || now < settings.tokenExpiresAt - TOKEN_REFRESH_BUFFER_MS) {
+      return settings.accessToken;
+    }
+  }
+
+  if (settings.refreshToken) {
+    return refreshGoogleWorkspaceAccessToken(settings);
+  }
+
+  throw new Error('Google Workspace access token expired. Reconnect in Settings > Integrations > Google Workspace.');
+}

package/src/electron/utils/google-workspace-oauth.ts

@@ -0,0 +1,232 @@
+import { shell } from 'electron';
+import http from 'http';
+import { randomBytes, createHash } from 'crypto';
+import { URL } from 'url';
+
+export interface GoogleWorkspaceOAuthRequest {
+  clientId: string;
+  clientSecret?: string;
+  scopes?: string[];
+}
+
+export interface GoogleWorkspaceOAuthResult {
+  accessToken: string;
+  refreshToken?: string;
+  expiresIn?: number;
+  tokenType?: string;
+  scopes?: string[];
+}
+
+const DEFAULT_TIMEOUT_MS = 2 * 60 * 1000;
+const OAUTH_CALLBACK_PORT = 18766;
+const GOOGLE_OAUTH_AUTHORIZE_URL = 'https://accounts.google.com/o/oauth2/v2/auth';
+const GOOGLE_OAUTH_TOKEN_URL = 'https://oauth2.googleapis.com/token';
+
+function base64Url(buffer: Buffer): string {
+  return buffer
+    .toString('base64')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=+$/, '');
+}
+
+function createCodeVerifier(): string {
+  return base64Url(randomBytes(32));
+}
+
+function createCodeChallenge(verifier: string): string {
+  const hash = createHash('sha256').update(verifier).digest();
+  return base64Url(hash);
+}
+
+function parseJsonSafe(text: string): any | undefined {
+  const trimmed = text.trim();
+  if (!trimmed) return undefined;
+  try {
+    return JSON.parse(trimmed);
+  } catch {
+    return undefined;
+  }
+}
+
+function parseScopeList(scope?: string): string[] | undefined {
+  if (!scope) return undefined;
+  return scope
+    .split(/\s+/)
+    .map((s) => s.trim())
+    .filter(Boolean);
+}
+
+async function startOAuthCallbackServer(timeoutMs = DEFAULT_TIMEOUT_MS): Promise<{
+  redirectUri: string;
+  state: string;
+  waitForCode: () => Promise<{ code: string; state: string }>;
+}> {
+  const state = base64Url(randomBytes(16));
+
+  return new Promise((resolve, reject) => {
+    const server = http.createServer();
+
+    let resolveCode: (value: { code: string; state: string }) => void = () => {};
+    let rejectCode: (error: Error) => void = () => {};
+
+    const codePromise = new Promise<{ code: string; state: string }>((innerResolve, innerReject) => {
+      resolveCode = innerResolve;
+      rejectCode = innerReject;
+    });
+
+    const timeout = setTimeout(() => {
+      server.close();
+      rejectCode(new Error('OAuth timed out. Please try again.'));
+    }, timeoutMs);
+
+    server.on('request', (req, res) => {
+      if (!req.url) {
+        res.writeHead(400);
+        res.end('Invalid request');
+        return;
+      }
+
+      const url = new URL(req.url, 'http://127.0.0.1');
+      if (url.pathname !== '/oauth/callback') {
+        res.writeHead(404);
+        res.end('Not found');
+        return;
+      }
+
+      const code = url.searchParams.get('code');
+      const returnedState = url.searchParams.get('state');
+      const error = url.searchParams.get('error');
+      const errorDescription = url.searchParams.get('error_description');
+
+      res.writeHead(200, { 'Content-Type': 'text/html' });
+      res.end(`<!DOCTYPE html><html><body style="font-family: sans-serif; padding: 24px;">
+        <h2>Authorization complete</h2>
+        <p>You can close this window and return to CoWork OS.</p>
+      </body></html>`);
+
+      clearTimeout(timeout);
+      server.close();
+
+      if (error) {
+        rejectCode(new Error(errorDescription || error));
+        return;
+      }
+
+      if (!code || !returnedState) {
+        rejectCode(new Error('Missing OAuth code or state'));
+        return;
+      }
+
+      if (returnedState !== state) {
+        rejectCode(new Error('OAuth state mismatch'));
+        return;
+      }
+
+      resolveCode({ code, state: returnedState });
+    });
+
+    server.on('error', (error: NodeJS.ErrnoException) => {
+      clearTimeout(timeout);
+      const portMessage = error.code === 'EADDRINUSE'
+        ? `Port ${OAUTH_CALLBACK_PORT} is already in use. Close the conflicting app and try again.`
+        : error.message;
+      reject(new Error(`OAuth callback server failed: ${portMessage}`));
+    });
+
+    server.listen(OAUTH_CALLBACK_PORT, '127.0.0.1', () => {
+      const address = server.address();
+      if (!address || typeof address === 'string') {
+        clearTimeout(timeout);
+        server.close();
+        reject(new Error('Failed to start OAuth callback server'));
+        return;
+      }
+
+      const redirectUri = `http://127.0.0.1:${address.port}/oauth/callback`;
+      resolve({
+        redirectUri,
+        state,
+        waitForCode: () => codePromise,
+      });
+    });
+  });
+}
+
+export async function startGoogleWorkspaceOAuth(
+  request: GoogleWorkspaceOAuthRequest
+): Promise<GoogleWorkspaceOAuthResult> {
+  if (!request.clientId) {
+    throw new Error('Google Workspace OAuth requires a client ID');
+  }
+
+  const scopes = (request.scopes && request.scopes.length > 0)
+    ? request.scopes
+    : [
+      'https://www.googleapis.com/auth/drive',
+      'https://www.googleapis.com/auth/gmail.readonly',
+      'https://www.googleapis.com/auth/gmail.send',
+      'https://www.googleapis.com/auth/calendar',
+    ];
+
+  const { redirectUri, waitForCode, state } = await startOAuthCallbackServer();
+  const codeVerifier = createCodeVerifier();
+  const codeChallenge = createCodeChallenge(codeVerifier);
+
+  const authUrl = new URL(GOOGLE_OAUTH_AUTHORIZE_URL);
+  authUrl.searchParams.set('response_type', 'code');
+  authUrl.searchParams.set('client_id', request.clientId);
+  authUrl.searchParams.set('redirect_uri', redirectUri);
+  authUrl.searchParams.set('scope', scopes.join(' '));
+  authUrl.searchParams.set('state', state);
+  authUrl.searchParams.set('code_challenge', codeChallenge);
+  authUrl.searchParams.set('code_challenge_method', 'S256');
+  authUrl.searchParams.set('access_type', 'offline');
+  authUrl.searchParams.set('prompt', 'consent');
+
+  await shell.openExternal(authUrl.toString());
+
+  const { code } = await waitForCode();
+
+  const params = new URLSearchParams({
+    grant_type: 'authorization_code',
+    code,
+    client_id: request.clientId,
+    redirect_uri: redirectUri,
+    code_verifier: codeVerifier,
+  });
+
+  if (request.clientSecret) {
+    params.set('client_secret', request.clientSecret);
+  }
+
+  const tokenResponse = await fetch(GOOGLE_OAUTH_TOKEN_URL, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+    body: params.toString(),
+  });
+
+  const rawText = typeof tokenResponse.text === 'function' ? await tokenResponse.text() : '';
+  const tokenData = rawText ? parseJsonSafe(rawText) : undefined;
+
+  if (!tokenResponse.ok) {
+    const message = tokenData?.error_description || tokenData?.error || tokenResponse.statusText || 'OAuth failed';
+    throw new Error(`Google Workspace OAuth failed: ${message}`);
+  }
+
+  const accessToken = tokenData?.access_token as string | undefined;
+  if (!accessToken) {
+    throw new Error('Google Workspace OAuth did not return an access_token');
+  }
+
+  const expiresIn = typeof tokenData?.expires_in === 'number' ? tokenData.expires_in : undefined;
+  const scopesGranted = parseScopeList(tokenData?.scope);
+
+  return {
+    accessToken,
+    refreshToken: tokenData?.refresh_token,
+    expiresIn,
+    tokenType: tokenData?.token_type,
+    scopes: scopesGranted,
+  };
+}