Added IntegrationProvider, IntegrationToken tables, GitLab auth, migrated Mattermost to the new data format #5805
Conversation
- TODO: add userId to MattermostAuth, query best auth for team
Before, when we did an "import someImage 'static/some.png'", file-loader would give us a path relative to the root like 'dist/[hash].png'. Now, we'll: - Use the CDN if it's configured - Serve up the assets via `static/` otherwise Also: - makeMattermostAttachments fixed to server assets from CDN
Also:
- Fixed bugs in (Add|Update)IntegrationProvier mutations where
we were returning the wrong error type (and sometimes the
incorrect error variable!)
- Added comments and TODOs to enhance AddIntegrationProvider
when an oauth token is specified to work like AddIntegrationToken and,
- validate that new tokens are functional by loading the appropriate ServerManager
and running a method that tests that ServerManager's connection
I felt this too, so hard, when I was coding this set of features |
packages/server/postgres/migrations/1635354572171_addIntegrationProviderAndToken.ts
Show resolved
Hide resolved
packages/server/postgres/migrations/1635354572171_addIntegrationProviderAndToken.ts
Show resolved
Hide resolved
packages/server/postgres/migrations/1635354572171_addIntegrationProviderAndToken.ts
Outdated
Show resolved
Hide resolved
packages/server/postgres/migrations/1636229261909_mattermostToIntegrationsTables.ts
Show resolved
Hide resolved
| if (queryParams) { | ||
| uri = uri.concat(`?${stringify(queryParams)}`) | ||
| } | ||
| const oauth2Response = await fetch(uri, { |
There was a problem hiding this comment.
Wrap in try/catch
| additonalHeaders?: Record<string, string> | ||
| } | ||
|
|
||
| export const authorizeOAuth2 = async ({ |
BartoszJarocki
force-pushed
the
feat/integration-providers
branch
from
8e8d5e1 to
c0813b7
Compare
BartoszJarocki
changed the title
|
@Dschoordsch I'd really appreciate it if you could take a look, thank you! |
packages/client/modules/teamDashboard/components/ProviderRow/GitLabConfigMenu.tsx
Show resolved
Hide resolved
packages/client/modules/teamDashboard/components/ProviderRow/GitLabProviderRow.tsx
Show resolved
Hide resolved
packages/server/postgres/migrations/1635354572171_addIntegrationProviderAndToken.ts
Show resolved
Hide resolved
There was a problem hiding this comment.
I'm not sure how this change relates to #5829 so I just have a few comments for now.
packages/server/postgres/migrations/1635354572171_addIntegrationProviderAndToken.ts
Show resolved
Hide resolved
| "teamId" VARCHAR(100), | ||
| "isActive" BOOLEAN DEFAULT TRUE NOT NULL, | ||
| "name" VARCHAR(250) NOT NULL, | ||
| "providerMetadata" JSONB NOT NULL DEFAULT '{}', |
There was a problem hiding this comment.
+1 why not call it just "metadata"?
There was a problem hiding this comment.
i think that was chosen to differentiate between tokenMetadata & providerMetadata (it gets confusing when you're in the thick of it, especially because the types weren't originally very strict).
IMO i think we should just use columns, then we get types for free!
| return null | ||
| } | ||
|
|
||
| const addIntegrationToken = { |
There was a problem hiding this comment.
+1 maybe name it addUserIntegration after its purpose
There was a problem hiding this comment.
i agree token referring to an entire DB row feels bad.
technically, it isn't related to the User, but the TeamMember.
maybe IntegrationTeamMemberAuth? IntegrationAuth? IntegrationAuthStrategy?
| name | ||
| updatedAt | ||
| providerMetadata { | ||
| ... on OAuth2ProviderMetadata { |
There was a problem hiding this comment.
Going forward with this, does that mean if we have a integration provider which supports OAuth2 and PAT we would split it into 2 different providers?
packages/client/modules/teamDashboard/components/ProviderRow/MattermostProviderRow.tsx
Show resolved
Hide resolved
| $providerId: ID! | ||
| $oauthCodeOrPat: ID! | ||
| $teamId: ID! | ||
| $redirectUri: URL! |
There was a problem hiding this comment.
I don't see why we can't trust the redirect URI here? If we pass a wrong one, then adding the token will fail. It's not used for anything else. Since the client does the initial redirect itself, it should also know which redirect URI was used. The OAuth provider should also be set up to only allow the correct redirect URIs.
| }) | ||
|
|
||
| const data = {userId: viewerId, teamId} | ||
| publish(SubscriptionChannel.TEAM, teamId, 'AddIntegrationToken', data, subOptions) |
There was a problem hiding this comment.
NOTIFICATION channel, not team. team doesn't get to know about 1 persons token
|
closing in favor of #5829 |
This PR adds two new tables:
IntegrationProviderandIntegrationToken, migrates existing Mattermost integration to a new type, and adds aGitLabauth integration. See more information here.Base PR for reference: #5594
Base RFC: #5567
The main goal of this PR was to remove provider-specific columns from
IntegrationProviderandIntegrationTokentables, fix the TS errors, and do some code cleanup.Leftovers
authorizeOAuth2helper method, as we continue to improve our integrations the differences between GitLab/GitHub/Atlassian OAuth2 growIntegrationToken, maybeUserIntegration?@jordanh's Loom about new tables: https://www.loom.com/share/22037d51a1404fa5aab5d6ba10c98778
Self-review, my first Loom so I'm sorry for being chaotic! https://www.loom.com/share/9435223bbeeb47da977343d65d6c95bc