Move existing integration authorization and creation into separate steps

backend/src/controllers/v1/integrationAuthController.ts

@@ -10,6 +10,31 @@ import { INTEGRATION_SET, INTEGRATION_OPTIONS } from '../../variables';
 import { IntegrationService } from '../../services';
 import { getApps, revokeAccess } from '../../integrations';
 
+/***
+ * Return integration authorization with id [integrationAuthId]
+ */
+export const getIntegrationAuth = async (req: Request, res: Response) => {
+	let integrationAuth;
+	try {
+		const { integrationAuthId } = req.params;
+		integrationAuth = await IntegrationAuth.findById(integrationAuthId);
+
+		if (!integrationAuth) return res.status(400).send({
+			message: 'Failed to find integration authorization'
+		});
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to get integration authorization'
+		});	
+	}
+
+	return res.status(200).send({
+		integrationAuth
+	});
+}
+
 export const getIntegrationOptions = async (
 	req: Request,
 	res: Response
@@ -31,7 +56,6 @@ export const oAuthExchange = async (
 ) => {
 	try {
 		const { workspaceId, code, integration } = req.body;
-
 		if (!INTEGRATION_SET.has(integration))
 			throw new Error('Failed to validate integration');
 
@@ -81,6 +105,13 @@ export const saveIntegrationAccessToken = async (
 			integration: string;
 		} = req.body;
 
+		const bot = await Bot.findOne({
+            workspace: new Types.ObjectId(workspaceId),
+            isActive: true
+        });
+
+        if (!bot) throw new Error('Bot must be enabled to save integration access token');
+
 		integrationAuth = await IntegrationAuth.findOneAndUpdate({
             workspace: new Types.ObjectId(workspaceId),
             integration
@@ -91,13 +122,6 @@ export const saveIntegrationAccessToken = async (
             new: true,
             upsert: true
         });
-
-		const bot = await Bot.findOne({
-            workspace: new Types.ObjectId(workspaceId),
-            isActive: true
-        });
-
-        if (!bot) throw new Error('Bot must be enabled to save integration access token');
 
 		// encrypt and save integration access token
 		integrationAuth = await IntegrationService.setIntegrationAuthAccess({

backend/src/controllers/v1/integrationController.ts

@@ -24,23 +24,34 @@ export const createIntegration = async (req: Request, res: Response) => {
 			app,
 			appId,
 			isActive,
+			sourceEnvironment,
 			targetEnvironment,
 			owner
 		} = req.body;
+
+		// TODO: validate [sourceEnvironment] and [targetEnvironment]
 
 		// initialize new integration after saving integration access token
         integration = await new Integration({
             workspace: req.integrationAuth.workspace._id,
-            environment: req.integrationAuth.workspace?.environments[0].slug,
+            environment: sourceEnvironment,
             isActive,
             app,
 			appId,
 			targetEnvironment,
+			owner,
             integration: req.integrationAuth.integration,
             integrationAuth: new Types.ObjectId(integrationAuthId)
         }).save();
 
-		// TODO: run sync function
+		if (integration) {
+			// trigger event - push secrets
+			EventService.handleEvent({
+				event: eventPushSecrets({
+					workspaceId: integration.workspace.toString()
+				})
+			});
+		}
 
 	} catch (err) {
 		Sentry.setUser({ email: req.user.email });

backend/src/helpers/integration.ts

@@ -43,9 +43,7 @@ const handleOAuthExchangeHelper = async ({
     code: string;
     environment: string;
 }) => {
-    let action;
     let integrationAuth;
-    // let newIntegration;
     try {
         const bot = await Bot.findOne({
             workspace: workspaceId,
@@ -100,16 +98,6 @@ const handleOAuthExchangeHelper = async ({
                 accessExpiresAt: res.accessExpiresAt
             });
         }
-
-        // // initialize new integration after exchange
-        // newIntegration = await new Integration({
-        //     workspace: workspaceId,
-        //     isActive: false,
-        //     app: null,
-        //     environment,
-        //     integration,
-        //     integrationAuth: integrationAuth._id
-        // }).save();
     } catch (err) {
         Sentry.setUser(null);
         Sentry.captureException(err);

backend/src/integrations/exchange.ts

@@ -144,7 +144,7 @@ const exchangeCodeAzure = async ({
         scope: 'https://vault.azure.net/.default openid offline_access', // TODO: do we need all these permissions?
         client_id: CLIENT_ID_AZURE,
         client_secret: CLIENT_SECRET_AZURE,
-        redirect_uri: `${SITE_URL}/azure-key-vault`
+        redirect_uri: `${SITE_URL}/integrations/azure-key-vault/oauth2/callback`
       } as any)
     )).data;
 
@@ -227,7 +227,7 @@ const exchangeCodeVercel = async ({ code }: { code: string }) => {
           code: code,
           client_id: CLIENT_ID_VERCEL,
           client_secret: CLIENT_SECRET_VERCEL,
-          redirect_uri: `${SITE_URL}/vercel`
+          redirect_uri: `${SITE_URL}/integrations/vercel/oauth2/callback`
         } as any)
       )
     ).data;
@@ -267,7 +267,7 @@ const exchangeCodeNetlify = async ({ code }: { code: string }) => {
           code: code,
           client_id: CLIENT_ID_NETLIFY,
           client_secret: CLIENT_SECRET_NETLIFY,
-          redirect_uri: `${SITE_URL}/netlify`
+          redirect_uri: `${SITE_URL}/integrations/netlify/oauth2/callback`
         } as any)
       )
     ).data;
@@ -319,7 +319,7 @@ const exchangeCodeGithub = async ({ code }: { code: string }) => {
           client_id: CLIENT_ID_GITHUB,
           client_secret: CLIENT_SECRET_GITHUB,
           code: code,
-          redirect_uri: `${SITE_URL}/github`
+          redirect_uri: `${SITE_URL}/integrations/github/oauth2/callback`
         },
         headers: {
           Accept: 'application/json'

backend/src/integrations/sync.ts

@@ -1,9 +1,7 @@
 import axios from 'axios';
 import * as Sentry from '@sentry/node';
 import { Octokit } from '@octokit/rest';
-// import * as sodium from 'libsodium-wrappers';
 import sodium from 'libsodium-wrappers';
-// const sodium = require('libsodium-wrappers');
 import { IIntegration, IIntegrationAuth } from '../models';
 import {
   INTEGRATION_AZURE_KEY_VAULT,

backend/src/routes/v1/integration.ts

@@ -23,6 +23,7 @@ router.post( // new: add new integration for integration auth
 	body('app').isString().trim(),
 	body('isActive').exists().isBoolean(),
 	body('appId').trim(),
+	body('sourceEnvironment').trim(),
 	body('targetEnvironment').trim(),
 	body('owner').trim(),
 	validateRequest,

backend/src/routes/v1/integrationAuth.ts

@@ -18,6 +18,19 @@ router.get(
 	integrationAuthController.getIntegrationOptions
 );
 
+router.get(
+	'/:integrationAuthId',
+	requireAuth({
+        acceptedAuthModes: ['jwt']
+    }),
+	requireIntegrationAuthorizationAuth({
+		acceptedRoles: [ADMIN, MEMBER]
+	}),
+	param('integrationAuthId'),
+	validateRequest,
+	integrationAuthController.getIntegrationAuth	
+);
+
 router.post(
 	'/oauth-token',
 	requireAuth({