From 19f8ba8af5f6e02af5ef1c1f1774db152fcb7cde Mon Sep 17 00:00:00 2001 From: gustrb Date: Mon, 21 Oct 2024 15:22:21 -0300 Subject: [PATCH 1/6] fix: store the scopes when fetching new tokens --- apps/meteor/app/api/server/v1/misc.ts | 3 ++- .../functions/getWorkspaceAccessToken.ts | 12 ++++----- .../getWorkspaceAccessTokenWithScope.ts | 17 +++++++----- .../server/functions/saveRegistrationData.ts | 8 +----- .../server/models/raw/WorkspaceCredentials.ts | 27 +++++-------------- apps/meteor/server/startup/migrations/v316.ts | 15 ++--------- .../src/models/IWorkspaceCredentialsModel.ts | 5 ++-- 7 files changed, 30 insertions(+), 57 deletions(-) diff --git a/apps/meteor/app/api/server/v1/misc.ts b/apps/meteor/app/api/server/v1/misc.ts index 5cd522d20533..c026236231d8 100644 --- a/apps/meteor/app/api/server/v1/misc.ts +++ b/apps/meteor/app/api/server/v1/misc.ts @@ -664,7 +664,8 @@ API.v1.addRoute( const settingsIds: string[] = []; if (this.bodyParams.setDeploymentAs === 'new-workspace') { - await WorkspaceCredentials.unsetCredentialByScope(); + await WorkspaceCredentials.removeAllCredentials(); + settingsIds.push( 'Cloud_Service_Agree_PrivacyTerms', 'Cloud_Workspace_Id', diff --git a/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts b/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts index 93cfa3266ecf..4286c9bdfa30 100644 --- a/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts +++ b/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts @@ -24,20 +24,18 @@ export async function getWorkspaceAccessToken(forceNew = false, scope = '', save return ''; } - const workspaceCredentials = await WorkspaceCredentials.getCredentialByScope(scope); - if (!workspaceCredentials) { - throw new CloudWorkspaceAccessTokenError(); - } + const scopes = scope === '' ? [] : [scope]; - if (!hasWorkspaceAccessTokenExpired(workspaceCredentials) && !forceNew) { + const workspaceCredentials = await WorkspaceCredentials.getCredentialByScopes(scopes); + if (workspaceCredentials && !hasWorkspaceAccessTokenExpired(workspaceCredentials) && !forceNew) { return workspaceCredentials.accessToken; } const accessToken = await getWorkspaceAccessTokenWithScope(scope, throwOnError); if (save) { - await WorkspaceCredentials.updateCredentialByScope({ - scope, + await WorkspaceCredentials.updateCredentialByScopes({ + scopes: accessToken.scopes, accessToken: accessToken.token, expirationDate: accessToken.expiresAt, }); diff --git a/apps/meteor/app/cloud/server/functions/getWorkspaceAccessTokenWithScope.ts b/apps/meteor/app/cloud/server/functions/getWorkspaceAccessTokenWithScope.ts index 3a04031ebb88..9899d6ff1d56 100644 --- a/apps/meteor/app/cloud/server/functions/getWorkspaceAccessTokenWithScope.ts +++ b/apps/meteor/app/cloud/server/functions/getWorkspaceAccessTokenWithScope.ts @@ -8,10 +8,16 @@ import { CloudWorkspaceAccessTokenError } from './getWorkspaceAccessToken'; import { removeWorkspaceRegistrationInfo } from './removeWorkspaceRegistrationInfo'; import { retrieveRegistrationStatus } from './retrieveRegistrationStatus'; -export async function getWorkspaceAccessTokenWithScope(scope = '', throwOnError = false) { +type WorkspaceAccessTokenWithScope = { + token: string; + expiresAt: Date; + scopes: string[]; +}; + +export async function getWorkspaceAccessTokenWithScope(scope = '', throwOnError = false): Promise { const { workspaceRegistered } = await retrieveRegistrationStatus(); - const tokenResponse = { token: '', expiresAt: new Date() }; + const tokenResponse = { token: '', expiresAt: new Date(), scopes: [] }; if (!workspaceRegistered) { return tokenResponse; @@ -23,9 +29,7 @@ export async function getWorkspaceAccessTokenWithScope(scope = '', throwOnError return tokenResponse; } - if (scope === '') { - scope = workspaceScopes.join(' '); - } + const scopes = scope === '' ? workspaceScopes.join(' ') : scope; // eslint-disable-next-line @typescript-eslint/naming-convention const client_secret = settings.get('Cloud_Workspace_Client_Secret'); @@ -36,7 +40,7 @@ export async function getWorkspaceAccessTokenWithScope(scope = '', throwOnError const body = new URLSearchParams(); body.append('client_id', client_id); body.append('client_secret', client_secret); - body.append('scope', scope); + body.append('scope', scopes); body.append('grant_type', 'client_credentials'); body.append('redirect_uri', redirectUri); @@ -62,6 +66,7 @@ export async function getWorkspaceAccessTokenWithScope(scope = '', throwOnError return { token: payload.access_token, expiresAt, + scopes: scope === '' ? [...workspaceScopes] : [scope], }; } catch (err: any) { if (err instanceof CloudWorkspaceAccessTokenError) { diff --git a/apps/meteor/app/cloud/server/functions/saveRegistrationData.ts b/apps/meteor/app/cloud/server/functions/saveRegistrationData.ts index 746904687d67..63633c567845 100644 --- a/apps/meteor/app/cloud/server/functions/saveRegistrationData.ts +++ b/apps/meteor/app/cloud/server/functions/saveRegistrationData.ts @@ -1,5 +1,5 @@ import { applyLicense } from '@rocket.chat/license'; -import { Settings, WorkspaceCredentials } from '@rocket.chat/models'; +import { Settings } from '@rocket.chat/models'; import { notifyOnSettingChangedById } from '../../../lib/server/lib/notifyListener'; import { settings } from '../../../settings/server'; @@ -59,12 +59,6 @@ async function saveRegistrationDataBase({ { _id: 'Cloud_Workspace_Registration_Client_Uri', value: registration_client_uri }, ]; - await WorkspaceCredentials.updateCredentialByScope({ - scope: '', - accessToken: '', - expirationDate: new Date(0), - }); - const promises = [...settingsData.map(({ _id, value }) => Settings.updateValueById(_id, value))]; (await Promise.all(promises)).forEach((value, index) => { diff --git a/apps/meteor/server/models/raw/WorkspaceCredentials.ts b/apps/meteor/server/models/raw/WorkspaceCredentials.ts index b989ace8c2a3..c37787539e5d 100644 --- a/apps/meteor/server/models/raw/WorkspaceCredentials.ts +++ b/apps/meteor/server/models/raw/WorkspaceCredentials.ts @@ -13,40 +13,28 @@ export class WorkspaceCredentialsRaw extends BaseRaw impl return [{ key: { scopes: 1, expirationDate: 1, accessToken: 1 }, unique: true }]; } - getCredentialByScope(scope = ''): Promise { + getCredentialByScopes(scopes: string[] = []): Promise { const query: Filter = { scopes: { - $all: [scope], - $size: 1, + $eq: scopes, }, }; return this.findOne(query); } - unsetCredentialByScope(scope = ''): Promise { - const query: Filter = { - scopes: { - $all: [scope], - $size: 1, - }, - }; - - return this.deleteOne(query); - } - - updateCredentialByScope({ - scope, + updateCredentialByScopes({ + scopes, accessToken, expirationDate, }: { - scope: string; + scopes: string[]; accessToken: string; expirationDate: Date; }): Promise { const record = { $set: { - scopes: [scope], + scopes, accessToken, expirationDate, }, @@ -54,8 +42,7 @@ export class WorkspaceCredentialsRaw extends BaseRaw impl const query: Filter = { scopes: { - $all: [scope], - $size: 1, + $eq: scopes, }, }; diff --git a/apps/meteor/server/startup/migrations/v316.ts b/apps/meteor/server/startup/migrations/v316.ts index c8641b896e77..210dafc4483f 100644 --- a/apps/meteor/server/startup/migrations/v316.ts +++ b/apps/meteor/server/startup/migrations/v316.ts @@ -1,16 +1,11 @@ -import { Settings, WorkspaceCredentials } from '@rocket.chat/models'; +import { Settings } from '@rocket.chat/models'; import { addMigration } from '../../lib/migrations'; addMigration({ version: 316, - name: 'Remove Cloud_Workspace_Access_Token and Cloud_Workspace_Access_Token_Expires_At from the settings collection and add to the WorkspaceCredentials collection', + name: 'Remove Cloud_Workspace_Access_Token and Cloud_Workspace_Access_Token_Expires_At from the settings collection', async up() { - const workspaceCredentials = await WorkspaceCredentials.getCredentialByScope(); - if (workspaceCredentials) { - return; - } - const accessToken = ((await Settings.getValueById('Cloud_Workspace_Access_Token')) as string) || ''; const expirationDate = ((await Settings.getValueById('Cloud_Workspace_Access_Token_Expires_At')) as Date) || new Date(0); @@ -21,11 +16,5 @@ addMigration({ if (expirationDate) { await Settings.removeById('Cloud_Workspace_Access_Token_Expires_At'); } - - await WorkspaceCredentials.updateCredentialByScope({ - scope: '', - accessToken, - expirationDate, - }); }, }); diff --git a/packages/model-typings/src/models/IWorkspaceCredentialsModel.ts b/packages/model-typings/src/models/IWorkspaceCredentialsModel.ts index 58b9a8a5049d..afc118f0d30c 100644 --- a/packages/model-typings/src/models/IWorkspaceCredentialsModel.ts +++ b/packages/model-typings/src/models/IWorkspaceCredentialsModel.ts @@ -4,8 +4,7 @@ import type { DeleteResult, UpdateResult } from 'mongodb'; import type { IBaseModel } from './IBaseModel'; export interface IWorkspaceCredentialsModel extends IBaseModel { - getCredentialByScope(scope?: string): Promise; - unsetCredentialByScope(scope?: string): Promise; - updateCredentialByScope(credentials: { scope: string; accessToken: string; expirationDate: Date }): Promise; + getCredentialByScopes(scopes?: string[]): Promise; + updateCredentialByScopes(credentials: { scopes: string[]; accessToken: string; expirationDate: Date }): Promise; removeAllCredentials(): Promise; } From 0db731eedf18369dfbff451190168830ec7c68d1 Mon Sep 17 00:00:00 2001 From: gustrb Date: Mon, 21 Oct 2024 16:18:13 -0300 Subject: [PATCH 2/6] chore: use correct default scopes --- .../app/cloud/server/functions/getWorkspaceAccessToken.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts b/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts index 4286c9bdfa30..fe7b798ccc7c 100644 --- a/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts +++ b/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts @@ -1,6 +1,7 @@ import type { IWorkspaceCredentials } from '@rocket.chat/core-typings'; import { WorkspaceCredentials } from '@rocket.chat/models'; +import { workspaceScopes } from '../oauthScopes'; import { getWorkspaceAccessTokenWithScope } from './getWorkspaceAccessTokenWithScope'; import { retrieveRegistrationStatus } from './retrieveRegistrationStatus'; @@ -24,7 +25,9 @@ export async function getWorkspaceAccessToken(forceNew = false, scope = '', save return ''; } - const scopes = scope === '' ? [] : [scope]; + // Note: If no scope is given, it means we should assume the default scope, we store the default scopes + // in the global variable workspaceScopes. + const scopes = scope === '' ? [...workspaceScopes] : [scope]; const workspaceCredentials = await WorkspaceCredentials.getCredentialByScopes(scopes); if (workspaceCredentials && !hasWorkspaceAccessTokenExpired(workspaceCredentials) && !forceNew) { From 7d7c08ea7564230a66a9b34d2ccf0d98d331573e Mon Sep 17 00:00:00 2001 From: gustrb Date: Mon, 21 Oct 2024 16:35:36 -0300 Subject: [PATCH 3/6] chore: using a string instead of an array --- .../functions/getWorkspaceAccessToken.ts | 8 +++---- .../getWorkspaceAccessTokenWithScope.ts | 12 ++++++---- .../server/models/raw/WorkspaceCredentials.ts | 24 +++++++------------ .../src/ee/IWorkspaceCredentials.ts | 2 +- .../src/models/IWorkspaceCredentialsModel.ts | 4 ++-- 5 files changed, 22 insertions(+), 28 deletions(-) diff --git a/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts b/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts index fe7b798ccc7c..3a9d06fc7f71 100644 --- a/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts +++ b/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts @@ -27,9 +27,9 @@ export async function getWorkspaceAccessToken(forceNew = false, scope = '', save // Note: If no scope is given, it means we should assume the default scope, we store the default scopes // in the global variable workspaceScopes. - const scopes = scope === '' ? [...workspaceScopes] : [scope]; + const scopes = scope === '' ? workspaceScopes.join(' ') : scope; - const workspaceCredentials = await WorkspaceCredentials.getCredentialByScopes(scopes); + const workspaceCredentials = await WorkspaceCredentials.getCredentialByScope(scopes); if (workspaceCredentials && !hasWorkspaceAccessTokenExpired(workspaceCredentials) && !forceNew) { return workspaceCredentials.accessToken; } @@ -37,8 +37,8 @@ export async function getWorkspaceAccessToken(forceNew = false, scope = '', save const accessToken = await getWorkspaceAccessTokenWithScope(scope, throwOnError); if (save) { - await WorkspaceCredentials.updateCredentialByScopes({ - scopes: accessToken.scopes, + await WorkspaceCredentials.updateCredentialByScope({ + scope: accessToken.scope, accessToken: accessToken.token, expirationDate: accessToken.expiresAt, }); diff --git a/apps/meteor/app/cloud/server/functions/getWorkspaceAccessTokenWithScope.ts b/apps/meteor/app/cloud/server/functions/getWorkspaceAccessTokenWithScope.ts index 9899d6ff1d56..ec05937a8270 100644 --- a/apps/meteor/app/cloud/server/functions/getWorkspaceAccessTokenWithScope.ts +++ b/apps/meteor/app/cloud/server/functions/getWorkspaceAccessTokenWithScope.ts @@ -11,13 +11,13 @@ import { retrieveRegistrationStatus } from './retrieveRegistrationStatus'; type WorkspaceAccessTokenWithScope = { token: string; expiresAt: Date; - scopes: string[]; + scope: string; }; export async function getWorkspaceAccessTokenWithScope(scope = '', throwOnError = false): Promise { const { workspaceRegistered } = await retrieveRegistrationStatus(); - const tokenResponse = { token: '', expiresAt: new Date(), scopes: [] }; + const tokenResponse = { token: '', expiresAt: new Date(), scope: '' }; if (!workspaceRegistered) { return tokenResponse; @@ -29,7 +29,9 @@ export async function getWorkspaceAccessTokenWithScope(scope = '', throwOnError return tokenResponse; } - const scopes = scope === '' ? workspaceScopes.join(' ') : scope; + if (scope === '') { + scope = workspaceScopes.join(' '); + } // eslint-disable-next-line @typescript-eslint/naming-convention const client_secret = settings.get('Cloud_Workspace_Client_Secret'); @@ -40,7 +42,7 @@ export async function getWorkspaceAccessTokenWithScope(scope = '', throwOnError const body = new URLSearchParams(); body.append('client_id', client_id); body.append('client_secret', client_secret); - body.append('scope', scopes); + body.append('scope', scope); body.append('grant_type', 'client_credentials'); body.append('redirect_uri', redirectUri); @@ -66,7 +68,7 @@ export async function getWorkspaceAccessTokenWithScope(scope = '', throwOnError return { token: payload.access_token, expiresAt, - scopes: scope === '' ? [...workspaceScopes] : [scope], + scope: payload.scope, }; } catch (err: any) { if (err instanceof CloudWorkspaceAccessTokenError) { diff --git a/apps/meteor/server/models/raw/WorkspaceCredentials.ts b/apps/meteor/server/models/raw/WorkspaceCredentials.ts index c37787539e5d..09706cdec4bb 100644 --- a/apps/meteor/server/models/raw/WorkspaceCredentials.ts +++ b/apps/meteor/server/models/raw/WorkspaceCredentials.ts @@ -10,41 +10,33 @@ export class WorkspaceCredentialsRaw extends BaseRaw impl } protected modelIndexes(): IndexDescription[] { - return [{ key: { scopes: 1, expirationDate: 1, accessToken: 1 }, unique: true }]; + return [{ key: { scope: 1, expirationDate: 1, accessToken: 1 }, unique: true }]; } - getCredentialByScopes(scopes: string[] = []): Promise { - const query: Filter = { - scopes: { - $eq: scopes, - }, - }; + getCredentialByScope(scope = ''): Promise { + const query: Filter = { scope }; return this.findOne(query); } - updateCredentialByScopes({ - scopes, + updateCredentialByScope({ + scope, accessToken, expirationDate, }: { - scopes: string[]; + scope: string; accessToken: string; expirationDate: Date; }): Promise { const record = { $set: { - scopes, + scope, accessToken, expirationDate, }, }; - const query: Filter = { - scopes: { - $eq: scopes, - }, - }; + const query: Filter = { scope }; return this.updateOne(query, record, { upsert: true }); } diff --git a/packages/core-typings/src/ee/IWorkspaceCredentials.ts b/packages/core-typings/src/ee/IWorkspaceCredentials.ts index 1acf4570f3cf..1fda00d0c8b3 100644 --- a/packages/core-typings/src/ee/IWorkspaceCredentials.ts +++ b/packages/core-typings/src/ee/IWorkspaceCredentials.ts @@ -2,7 +2,7 @@ import type { IRocketChatRecord } from '../IRocketChatRecord'; export interface IWorkspaceCredentials extends IRocketChatRecord { _id: string; - scopes: string[]; + scope: string; expirationDate: Date; accessToken: string; } diff --git a/packages/model-typings/src/models/IWorkspaceCredentialsModel.ts b/packages/model-typings/src/models/IWorkspaceCredentialsModel.ts index afc118f0d30c..fa13dfa82977 100644 --- a/packages/model-typings/src/models/IWorkspaceCredentialsModel.ts +++ b/packages/model-typings/src/models/IWorkspaceCredentialsModel.ts @@ -4,7 +4,7 @@ import type { DeleteResult, UpdateResult } from 'mongodb'; import type { IBaseModel } from './IBaseModel'; export interface IWorkspaceCredentialsModel extends IBaseModel { - getCredentialByScopes(scopes?: string[]): Promise; - updateCredentialByScopes(credentials: { scopes: string[]; accessToken: string; expirationDate: Date }): Promise; + getCredentialByScope(scope?: string): Promise; + updateCredentialByScope(credentials: { scope: string; accessToken: string; expirationDate: Date }): Promise; removeAllCredentials(): Promise; } From 0eb5a20bbb8a925425a2fa64eb2ed81d2ea3d1fc Mon Sep 17 00:00:00 2001 From: gustrb Date: Mon, 21 Oct 2024 16:54:28 -0300 Subject: [PATCH 4/6] chore: improve logging --- .../app/cloud/server/functions/getWorkspaceAccessToken.ts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts b/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts index 3a9d06fc7f71..a85b845382d0 100644 --- a/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts +++ b/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts @@ -1,6 +1,7 @@ import type { IWorkspaceCredentials } from '@rocket.chat/core-typings'; import { WorkspaceCredentials } from '@rocket.chat/models'; +import { SystemLogger } from '../../../../server/lib/logger/system'; import { workspaceScopes } from '../oauthScopes'; import { getWorkspaceAccessTokenWithScope } from './getWorkspaceAccessTokenWithScope'; import { retrieveRegistrationStatus } from './retrieveRegistrationStatus'; @@ -31,9 +32,14 @@ export async function getWorkspaceAccessToken(forceNew = false, scope = '', save const workspaceCredentials = await WorkspaceCredentials.getCredentialByScope(scopes); if (workspaceCredentials && !hasWorkspaceAccessTokenExpired(workspaceCredentials) && !forceNew) { + SystemLogger.debug( + `Workspace credentials cache hit using scopes: ${scopes}. Avoiding generating a new access token from cloud services.`, + ); return workspaceCredentials.accessToken; } + SystemLogger.debug(`Workspace credentials cache miss using scopes: ${scopes}, fetching new access token from cloud services.`); + const accessToken = await getWorkspaceAccessTokenWithScope(scope, throwOnError); if (save) { From 90f3a49046f2fc653b8ec9a882cc26ca400dc792 Mon Sep 17 00:00:00 2001 From: gustrb Date: Mon, 21 Oct 2024 17:25:40 -0300 Subject: [PATCH 5/6] chore: use the default scope the same way --- .../cloud/server/functions/getWorkspaceAccessToken.ts | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts b/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts index a85b845382d0..d281121a7de9 100644 --- a/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts +++ b/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts @@ -28,17 +28,19 @@ export async function getWorkspaceAccessToken(forceNew = false, scope = '', save // Note: If no scope is given, it means we should assume the default scope, we store the default scopes // in the global variable workspaceScopes. - const scopes = scope === '' ? workspaceScopes.join(' ') : scope; + if (scope === '') { + scope = workspaceScopes.join(' '); + } - const workspaceCredentials = await WorkspaceCredentials.getCredentialByScope(scopes); + const workspaceCredentials = await WorkspaceCredentials.getCredentialByScope(scope); if (workspaceCredentials && !hasWorkspaceAccessTokenExpired(workspaceCredentials) && !forceNew) { SystemLogger.debug( - `Workspace credentials cache hit using scopes: ${scopes}. Avoiding generating a new access token from cloud services.`, + `Workspace credentials cache hit using scope: ${scope}. Avoiding generating a new access token from cloud services.`, ); return workspaceCredentials.accessToken; } - SystemLogger.debug(`Workspace credentials cache miss using scopes: ${scopes}, fetching new access token from cloud services.`); + SystemLogger.debug(`Workspace credentials cache miss using scope: ${scope}, fetching new access token from cloud services.`); const accessToken = await getWorkspaceAccessTokenWithScope(scope, throwOnError); From 5263a7d2e30b2e6d034cfa443325075cc68f88d4 Mon Sep 17 00:00:00 2001 From: gustrb Date: Tue, 22 Oct 2024 14:28:24 -0300 Subject: [PATCH 6/6] chore: using object as parameter --- apps/meteor/app/apps/server/bridges/cloud.ts | 2 +- .../cloud/server/functions/getWorkspaceAccessToken.ts | 2 +- .../functions/getWorkspaceAccessTokenWithScope.ts | 10 +++++++++- apps/meteor/ee/server/apps/communication/rest.ts | 4 ++-- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/apps/meteor/app/apps/server/bridges/cloud.ts b/apps/meteor/app/apps/server/bridges/cloud.ts index 30ca897240f8..0f908ccfe0a3 100644 --- a/apps/meteor/app/apps/server/bridges/cloud.ts +++ b/apps/meteor/app/apps/server/bridges/cloud.ts @@ -12,7 +12,7 @@ export class AppCloudBridge extends CloudWorkspaceBridge { public async getWorkspaceToken(scope: string, appId: string): Promise { this.orch.debugLog(`App ${appId} is getting the workspace's token`); - const token = await getWorkspaceAccessTokenWithScope(scope); + const token = await getWorkspaceAccessTokenWithScope({ scope }); return token; } diff --git a/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts b/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts index d281121a7de9..6595c8e90fc4 100644 --- a/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts +++ b/apps/meteor/app/cloud/server/functions/getWorkspaceAccessToken.ts @@ -42,7 +42,7 @@ export async function getWorkspaceAccessToken(forceNew = false, scope = '', save SystemLogger.debug(`Workspace credentials cache miss using scope: ${scope}, fetching new access token from cloud services.`); - const accessToken = await getWorkspaceAccessTokenWithScope(scope, throwOnError); + const accessToken = await getWorkspaceAccessTokenWithScope({ scope, throwOnError }); if (save) { await WorkspaceCredentials.updateCredentialByScope({ diff --git a/apps/meteor/app/cloud/server/functions/getWorkspaceAccessTokenWithScope.ts b/apps/meteor/app/cloud/server/functions/getWorkspaceAccessTokenWithScope.ts index ec05937a8270..1137b899967a 100644 --- a/apps/meteor/app/cloud/server/functions/getWorkspaceAccessTokenWithScope.ts +++ b/apps/meteor/app/cloud/server/functions/getWorkspaceAccessTokenWithScope.ts @@ -14,7 +14,15 @@ type WorkspaceAccessTokenWithScope = { scope: string; }; -export async function getWorkspaceAccessTokenWithScope(scope = '', throwOnError = false): Promise { +type GetWorkspaceAccessTokenWithScopeParams = { + scope?: string; + throwOnError?: boolean; +}; + +export async function getWorkspaceAccessTokenWithScope({ + scope = '', + throwOnError = false, +}: GetWorkspaceAccessTokenWithScopeParams): Promise { const { workspaceRegistered } = await retrieveRegistrationStatus(); const tokenResponse = { token: '', expiresAt: new Date(), scope: '' }; diff --git a/apps/meteor/ee/server/apps/communication/rest.ts b/apps/meteor/ee/server/apps/communication/rest.ts index fc597d00857c..0283f2eef783 100644 --- a/apps/meteor/ee/server/apps/communication/rest.ts +++ b/apps/meteor/ee/server/apps/communication/rest.ts @@ -189,7 +189,7 @@ export class AppsRestApi { return API.v1.failure({ error: 'Invalid purchase type' }); } - const response = await getWorkspaceAccessTokenWithScope('marketplace:purchase'); + const response = await getWorkspaceAccessTokenWithScope({ scope: 'marketplace:purchase' }); if (!response.token) { return API.v1.failure({ error: 'Unauthorized' }); } @@ -289,7 +289,7 @@ export class AppsRestApi { return API.v1.failure({ error: 'Invalid purchase type' }); } - const token = await getWorkspaceAccessTokenWithScope('marketplace:purchase'); + const token = await getWorkspaceAccessTokenWithScope({ scope: 'marketplace:purchase' }); if (!token) { return API.v1.failure({ error: 'Unauthorized' }); }