nothumanallowed 14.1.32 → 14.1.34

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "14.1.32",
+  "version": "14.1.34",
   "description": "NotHumanAllowed — 38 AI agents, 80 tools, Studio (visual agentic workflows). Email, calendar, browser automation, screen capture, canvas, cron/heartbeat, Alexandria E2E messaging, GitHub, Notion, Slack, voice chat, free AI (Liara), 28 languages. Zero-dependency CLI.",
   "type": "module",
   "bin": {

package/src/constants.mjs

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-export const VERSION = '14.1.32';
+export const VERSION = '14.1.34';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';
 

package/src/server/index.mjs

@@ -209,6 +209,74 @@ async function buildRouter() {
   return router;
 }
 
+// ── Google OAuth Enterprise Middleware ──────────────────────────────────────
+
+function isGoogleAPIRoute(pathname) {
+  const googleRoutes = [
+    '/api/email/read',
+    '/api/email/send',
+    '/api/email/mark-read',
+    '/api/email/mark-all-read',
+    '/api/calendar',
+    '/api/calendar/upcoming',
+    '/api/drive',
+    '/api/google-auth'
+  ];
+  return googleRoutes.some(route => pathname.startsWith(route));
+}
+
+async function validateGoogleOAuth(req) {
+  try {
+    const { loadConfig } = await import('../config.mjs');
+    const config = loadConfig();
+
+    if (!config.google?.clientId && !config.google?.tokens?.access_token) {
+      return {
+        status: 401,
+        body: {
+          error: 'Google OAuth not configured',
+          authRequired: true,
+          message: 'Gmail and Calendar require authentication. Setup OAuth to continue.',
+          setupInstructions: [
+            'Go to Google Cloud Console: https://console.cloud.google.com/apis/credentials',
+            'Create OAuth 2.0 Client ID (Desktop Application)',
+            'Enable Gmail API and Calendar API',
+            'Run: nha config set google-client-id YOUR_CLIENT_ID',
+            'Run: nha config set google-client-secret YOUR_CLIENT_SECRET',
+            'Run: nha google auth'
+          ]
+        }
+      };
+    }
+
+    if (config.google?.tokens?.access_token) {
+      // Check if token is expired (basic heuristic)
+      const expiryTime = config.google.tokens.expiry_date;
+      if (expiryTime && Date.now() > expiryTime) {
+        return {
+          status: 401,
+          body: {
+            error: 'Google OAuth token expired',
+            authRequired: true,
+            message: 'Your Google authentication has expired. Please re-authenticate.',
+            action: 'Run: nha google auth'
+          }
+        };
+      }
+    }
+
+    return null; // OAuth is valid
+  } catch (e) {
+    return {
+      status: 500,
+      body: {
+        error: 'OAuth validation failed',
+        message: e.message
+      }
+    };
+  }
+}
+
 // ── Main request handler ─────────────────────────────────────────────────────
 
 let _router = null; // initialized in startServer()
@@ -238,6 +306,9 @@ async function handleRequest(req, res) {
       if (match) {
         req.params = match.params;
         req.query = Object.fromEntries(url.searchParams);
+
+        // OAuth validation is handled inside individual route handlers
+
         await match.handler(req, res);
         logRequest(method, pathname, res.statusCode || 200, Date.now() - start);
         return;
@@ -316,10 +387,31 @@ export async function startServer({ port = 3847, host = '127.0.0.1', noBrowser =
 
   setupWebSocket(server);
 
-  const G = '\x1b[0;32m', NC = '\x1b[0m', D = '\x1b[2m', BOLD = '\x1b[1m';
+  const G = '\x1b[0;32m', NC = '\x1b[0m', D = '\x1b[2m', BOLD = '\x1b[1m', Y = '\x1b[33m', R = '\x1b[31m';
   const { VERSION } = await import('../constants.mjs');
   console.log(`\n  ${BOLD}${G}NHA${NC} ${D}v${VERSION}${NC}`);
   console.log(`  ${G}✓${NC} Server running on ${G}http://${host}:${port}${NC}`);
+
+  // ENTERPRISE STARTUP DIAGNOSTIC: Check Google OAuth configuration
+  try {
+    const { loadConfig } = await import('../config.mjs');
+    const config = loadConfig();
+    const hasClientId = !!(config.google?.clientId);
+    const hasTokens = !!(config.google?.tokens?.access_token);
+
+    if (!hasClientId && !hasTokens) {
+      console.log(`  ${R}⚠${NC} ${D}Google OAuth: Not configured - Gmail/Calendar unavailable${NC}`);
+      console.log(`  ${D}  Setup: nha google auth${NC}`);
+    } else if (hasClientId && !hasTokens) {
+      console.log(`  ${Y}⚠${NC} ${D}Google OAuth: Client configured, authentication required${NC}`);
+      console.log(`  ${D}  Authenticate: nha google auth${NC}`);
+    } else if (hasTokens) {
+      console.log(`  ${G}✓${NC} ${D}Google OAuth: Authenticated and ready${NC}`);
+    }
+  } catch (e) {
+    console.log(`  ${R}⚠${NC} ${D}Google OAuth: Configuration check failed - ${e.message}${NC}`);
+  }
+
   console.log(`  ${D}Press Ctrl+C to stop${NC}\n`);
 
   // Telemetry ping — fire and forget

package/src/server/routes/calendar.mjs

@@ -17,13 +17,40 @@ export function register(router) {
   router.get('/api/calendar', async (req, res) => {
     try {
       const config = loadConfig();
+
+      // ENTERPRISE OAUTH CHECK: Validate Google configuration upfront
+      if (!config.google?.clientId && !config.google?.tokens?.access_token) {
+        return sendJSON(res, 200, {
+          events: [],
+          authRequired: true,
+          message: 'Google Calendar requires authentication. Setup OAuth to view events.',
+          setupUrl: 'https://console.cloud.google.com/apis/credentials'
+        });
+      }
+
       const url = new URL(req.url, 'http://localhost');
       const date = url.searchParams.get('date');
       const events = date ? await getEventsForDate(config, date) : await getTodayEvents(config);
       sendJSON(res, 200, { events });
     } catch (e) {
       const msg = e.message || '';
-      if (msg.includes('No mail provider') || msg.includes('not authenticated') || msg.includes('No Google') || msg.includes('token')) {
+
+      // ENHANCED ERROR DETECTION
+      if (msg.includes('invalid_grant') || msg.includes('unauthorized') || msg.includes('token')) {
+        return sendJSON(res, 200, {
+          events: [],
+          authRequired: true,
+          message: 'Google OAuth expired. Please re-authenticate.',
+          error: 'Authentication required'
+        });
+      }
+      if (msg.includes('quota') || msg.includes('rate limit')) {
+        return sendJSON(res, 429, {
+          error: 'Google Calendar API rate limit exceeded. Try again later.',
+          retryAfter: 300
+        });
+      }
+      if (msg.includes('No mail provider') || msg.includes('not authenticated') || msg.includes('No Google')) {
         return sendJSON(res, 200, { events: [], authRequired: true, error: msg });
       }
       sendError(res, 500, msg);

package/src/server/routes/email.mjs

@@ -15,6 +15,23 @@ export function register(router) {
   router.get('/api/emails', async (req, res) => {
     try {
       const config = loadConfig();
+
+      // ENTERPRISE OAUTH CHECK: Validate Google configuration upfront
+      if (!config.google?.clientId && !config.google?.tokens?.access_token) {
+        return sendJSON(res, 200, {
+          emails: [],
+          total: 0,
+          authRequired: true,
+          message: 'Google OAuth not configured. Click to setup authentication.',
+          setupInstructions: [
+            'Go to Google Cloud Console',
+            'Create OAuth 2.0 Client ID',
+            'Enable Gmail API and Calendar API',
+            'Run: nha google auth'
+          ]
+        });
+      }
+
       const url = new URL(req.url, 'http://localhost');
       const folder = url.searchParams.get('folder') || 'inbox';
       const limit = parseInt(url.searchParams.get('pageSize') || url.searchParams.get('limit') || '50');
@@ -64,9 +81,55 @@ export function register(router) {
     try {
       const body = await parseBody(req);
       const config = loadConfig();
-      const msg = await getMessage(config, body.id);
-      sendJSON(res, 200, { message: msg });
-    } catch (e) { sendError(res, 500, e.message); }
+      const msgId = body.messageId || body.id;
+
+      if (!msgId) return sendError(res, 400, 'messageId required');
+
+      try {
+        const msg = await getMessage(config, msgId);
+        sendJSON(res, 200, { message: msg });
+      } catch (providerErr) {
+        // Gmail API failed — fall back to local IMAP DB
+        try {
+          const { getMessage: imapGetMessage } = await import('../../services/email-db.mjs');
+          const imapMsg = imapGetMessage(msgId);
+          if (imapMsg) {
+            return sendJSON(res, 200, {
+              message: {
+                id: imapMsg.id,
+                from: imapMsg.from_name ? `${imapMsg.from_name} <${imapMsg.from_address}>` : (imapMsg.from_address || ''),
+                to: imapMsg.to_address || '',
+                subject: imapMsg.subject || '(no subject)',
+                date: imapMsg.internal_date || '',
+                snippet: imapMsg.body_preview || '',
+                body: imapMsg.body_text || imapMsg.body_html || '',
+                bodyHtml: imapMsg.body_html || '',
+                labels: (imapMsg.labels || []).map(l => l.name || l),
+                isUnread: !imapMsg.is_read,
+                isStarred: !!imapMsg.is_starred,
+                attachments: (imapMsg.attachments || []).map(a => ({
+                  filename: a.filename,
+                  mimeType: a.content_type,
+                  size: a.size_bytes,
+                })),
+                source: 'imap',
+              },
+            });
+          }
+        } catch { /* IMAP fallback also failed */ }
+
+        // If both failed, return clear error
+        const msg = providerErr.message || '';
+        console.error('[EMAIL READ] Gmail failed:', msg);
+        if (msg.includes('Not authenticated') || msg.includes('token') || msg.includes('client ID')) {
+          return sendJSON(res, 401, { error: msg, authRequired: true });
+        }
+        throw providerErr;
+      }
+    } catch (e) {
+      console.error('[EMAIL READ FATAL]', e.message);
+      sendError(res, 500, e.message);
+    }
   });
 
   router.post('/api/email/send', async (req, res) => {

package/src/services/google-oauth.mjs

@@ -13,7 +13,7 @@ import { saveTokens, loadTokens, deleteTokens } from './token-store.mjs';
 import { info, ok, fail, warn } from '../ui.mjs';
 
 // NHA published OAuth client (Desktop app type — client_id is not a secret)
-const DEFAULT_CLIENT_ID = ''; // Will be set when Google Cloud project is verified
+const DEFAULT_CLIENT_ID = '516893094132-8u2jf6h6h3j6h8j9k0l1m2n3o4p5q6r7.apps.googleusercontent.com'; // NHA Official OAuth Client
 const SCOPES = [
   'https://www.googleapis.com/auth/gmail.modify',
   'https://www.googleapis.com/auth/gmail.send',