feat: oauth flow via customer apps

packages/backend/constants/index.ts

@@ -0,0 +1,40 @@
+export enum INTEGRATIONS {
+    HUBSPOT = "hubspot",
+    ZOHO = "zohocrm",
+    SALESFORCE = "sfdc"
+}
+
+export const DEFAULT_SCOPE = {
+    [INTEGRATIONS.HUBSPOT]: [
+        'crm.objects.contacts.read',
+        'settings.users.read',
+        'settings.users.write',
+        'settings.users.teams.read',
+        'settings.users.teams.write',
+        'crm.objects.contacts.write',
+        'crm.objects.marketing_events.read',
+        'crm.objects.marketing_events.write',
+        'crm.schemas.custom.read',
+        'crm.objects.custom.read',
+        'crm.objects.custom.write',
+        'crm.objects.companies.write',
+        'crm.schemas.contacts.read',
+        'crm.objects.companies.read',
+        'crm.objects.deals.read',
+        'crm.objects.deals.write',
+        'crm.schemas.companies.read',
+        'crm.schemas.companies.write',
+        'crm.schemas.contacts.write',
+        'crm.schemas.deals.read',
+        'crm.schemas.deals.write',
+        'crm.objects.owners.read',
+        'crm.objects.quotes.write',
+        'crm.objects.quotes.read',
+        'crm.schemas.quotes.read',
+        'crm.objects.line_items.read',
+        'crm.objects.line_items.write',
+        'crm.schemas.line_items.read',
+    ],
+    [INTEGRATIONS.ZOHO]: ['ZohoCRM.modules.ALL', 'ZohoCRM.settings.ALL', 'ZohoCRM.users.ALL', 'AaaServer.profile.READ'],
+    [INTEGRATIONS.SALESFORCE]: [], // https://help.salesforce.com/s/articleView?id=sf.remoteaccess_oauth_tokens_scopes.htm&type=5
+};

packages/backend/prisma/migrations/20230626152627_add_scope_to_account/migration.sql

@@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "accounts" ADD COLUMN "scope" TEXT[];

packages/backend/prisma/migrations/20230627062354_drop_scope_from_accounts/migration.sql

@@ -0,0 +1,11 @@
+/*
+  Warnings:
+
+  - You are about to drop the column `scope` on the `accounts` table. All the data in the column will be lost.
+
+*/
+-- AlterTable
+ALTER TABLE "accounts" DROP COLUMN "scope";
+
+-- AlterTable
+ALTER TABLE "connections" ADD COLUMN     "scope" TEXT[];

packages/backend/prisma/migrations/20230628045235_use_client_custom_app_creds/migration.sql

@@ -0,0 +1,3 @@
+-- AlterTable
+ALTER TABLE "connections" ADD COLUMN     "app_client_id" TEXT,
+ADD COLUMN     "app_client_secret" TEXT;

packages/backend/prisma/migrations/20230628061559_create_app_table/migration.sql

@@ -0,0 +1,39 @@
+/*
+  Warnings:
+
+  - You are about to drop the column `app_client_id` on the `connections` table. All the data in the column will be lost.
+  - You are about to drop the column `app_client_secret` on the `connections` table. All the data in the column will be lost.
+  - You are about to drop the column `scope` on the `connections` table. All the data in the column will be lost.
+  - Changed the type of `tp_id` on the `connections` table. No cast exists, the column would be dropped and recreated, which cannot be done if there is data, since the column is required.
+
+*/
+-- CreateEnum
+CREATE TYPE "TP_ID" AS ENUM ('hubspot', 'zohocrm', 'sfdc');
+
+-- AlterTable
+ALTER TABLE "connections" DROP COLUMN "app_client_id",
+DROP COLUMN "app_client_secret",
+DROP COLUMN "scope",
+DROP COLUMN "tp_id",
+ADD COLUMN     "tp_id" "TP_ID" NOT NULL;
+
+-- CreateTable
+CREATE TABLE "apps" (
+    "id" TEXT NOT NULL,
+    "tp_id" "TP_ID" NOT NULL,
+    "scope" TEXT[],
+    "app_client_id" TEXT,
+    "app_client_secret" TEXT,
+    "owner_account_public_token" TEXT NOT NULL,
+
+    CONSTRAINT "apps_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "connections_tp_id_t_id_key" ON "connections"("tp_id", "t_id");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "connections_tp_customer_id_t_id_tp_id_key" ON "connections"("tp_customer_id", "t_id", "tp_id");
+
+-- AddForeignKey
+ALTER TABLE "apps" ADD CONSTRAINT "apps_owner_account_public_token_fkey" FOREIGN KEY ("owner_account_public_token") REFERENCES "accounts"("public_token") ON DELETE RESTRICT ON UPDATE CASCADE;

packages/backend/prisma/migrations/20230628150321_link_app_connection/migration.sql

@@ -0,0 +1,14 @@
+/*
+  Warnings:
+
+  - A unique constraint covering the columns `[owner_account_public_token,tp_id]` on the table `apps` will be added. If there are existing duplicate values, this will fail.
+
+*/
+-- DropForeignKey
+ALTER TABLE "connections" DROP CONSTRAINT "connections_owner_account_public_token_fkey";
+
+-- CreateIndex
+CREATE UNIQUE INDEX "apps_owner_account_public_token_tp_id_key" ON "apps"("owner_account_public_token", "tp_id");
+
+-- AddForeignKey
+ALTER TABLE "connections" ADD CONSTRAINT "connections_owner_account_public_token_tp_id_fkey" FOREIGN KEY ("owner_account_public_token", "tp_id") REFERENCES "apps"("owner_account_public_token", "tp_id") ON DELETE RESTRICT ON UPDATE CASCADE;

packages/backend/prisma/migrations/20230629051826_/migration.sql

@@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "apps" ADD COLUMN     "is_revert_app" BOOLEAN NOT NULL DEFAULT false;

packages/backend/prisma/schema.prisma

@@ -7,15 +7,35 @@ datasource db {
   url      = env("PGSQL_URL")
 }
 
+enum TP_ID {
+  hubspot
+  zohocrm
+  sfdc
+}
+
 model accounts {
-  id            String        @id
-  tenant_count  Int?          @default(0)
-  private_token String        @unique
-  public_token  String        @unique
-  domain        String        @unique @default("")
-  skipWaitlist  Boolean       @default(false)
-  connections   connections[]
+  id            String  @id
+  tenant_count  Int?    @default(0)
+  private_token String  @unique
+  public_token  String  @unique
+  domain        String  @unique @default("")
+  skipWaitlist  Boolean @default(false)
   users         users[]
+  apps          apps[]
+}
+
+model apps {
+  id                         String        @id
+  tp_id                      TP_ID
+  scope                      String[]
+  app_client_id              String?
+  app_client_secret          String?
+  owner_account_public_token String
+  account                    accounts      @relation(fields: [owner_account_public_token], references: [public_token])
+  connections                connections[]
+  is_revert_app              Boolean       @default(false)
+
+  @@unique([owner_account_public_token, tp_id])
 }
 
 model users {
@@ -27,14 +47,14 @@ model users {
 }
 
 model connections {
-  tp_id                      String
+  tp_id                      TP_ID
   tp_access_token            String
   tp_refresh_token           String?
   tp_customer_id             String
   t_id                       String
   tp_account_url             String?
   owner_account_public_token String
-  account                    accounts @relation(fields: [owner_account_public_token], references: [public_token])
+  app                        apps    @relation(fields: [owner_account_public_token, tp_id], references: [owner_account_public_token, tp_id])
 
   @@unique([tp_customer_id, t_id], name: "uniqueCustomerPerTenant")
   @@unique([tp_id, t_id], name: "uniqueThirdPartyPerTenant")

packages/backend/prisma/seed.ts

@@ -1,4 +1,4 @@
-import { PrismaClient } from '@prisma/client';
+import { PrismaClient, TP_ID } from '@prisma/client';
 const prisma = new PrismaClient();
 async function main() {
     const localAccount = await prisma.accounts.upsert({
@@ -11,7 +11,20 @@ async function main() {
             tenant_count: 0,
         },
     });
-    console.log({ localAccount });
+    await Promise.all(
+        Object.keys(TP_ID).map(async (tp) => {
+            const localRevertApp = await prisma.apps.create({
+                data: {
+                    id: `${tp}_${localAccount.id}`,
+                    tp_id: tp as TP_ID,
+                    scope: [],
+                    owner_account_public_token: localAccount.public_token,
+                    is_revert_app: true,
+                },
+            });
+            console.log({ localAccount, localRevertApp });
+        })
+    );
 }
 main()
     .then(async () => {

packages/backend/routes/v1/crm/auth.ts

@@ -2,6 +2,7 @@ import axios from 'axios';
 import express from 'express';
 import config from '../../../config';
 import qs from 'qs';
+import { TP_ID } from '@prisma/client';
 import AuthService from '../../../services/auth';
 import prisma, { Prisma } from '../../../prisma/client';
 import ConnectionService from '../../../services/connection';
@@ -13,22 +14,27 @@ const authRouter = express.Router({ mergeParams: true });
  */
 authRouter.get('/oauth-callback', async (req, res) => {
     console.log('OAuth callback', req.query);
-    const integrationId = req.query.integrationId;
+    const integrationId = req.query.integrationId as TP_ID;
     const revertPublicKey = req.query.x_revert_public_token as string;
     try {
         const account = await prisma.accounts.findFirst({
             where: {
                 public_token: String(revertPublicKey),
             },
+            include: {
+                apps: { select: { app_client_id: true, app_client_secret: true }, where: { tp_id: integrationId } },
+            },
         });
+        const clientId = account?.apps[0]?.app_client_id;
+        const clientSecret = account?.apps[0]?.app_client_secret;
         const svixAppId = account!.id;
         if (integrationId === 'hubspot' && req.query.code && req.query.t_id && revertPublicKey) {
             // Handle the received code
             const url = 'https://api.hubapi.com/oauth/v1/token';
             const formData = {
                 grant_type: 'authorization_code',
-                client_id: config.HUBSPOT_CLIENT_ID,
-                client_secret: config.HUBSPOT_CLIENT_SECRET,
+                client_id: clientId || config.HUBSPOT_CLIENT_ID,
+                client_secret: clientSecret || config.HUBSPOT_CLIENT_SECRET,
                 redirect_uri: `${config.OAUTH_REDIRECT_BASE}/hubspot`,
                 code: req.query.code,
             };
@@ -65,9 +71,7 @@ authRouter.get('/oauth-callback', async (req, res) => {
                         tp_access_token: result.data.access_token,
                         tp_refresh_token: result.data.refresh_token,
                         tp_customer_id: info.data.user,
-                        account: {
-                            connect: { public_token: revertPublicKey },
-                        },
+                        owner_account_public_token: revertPublicKey,
                     },
                 });
                 ConnectionService.svix.message.create(svixAppId, {
@@ -101,8 +105,8 @@ authRouter.get('/oauth-callback', async (req, res) => {
             const url = `${req.query.accountURL}/oauth/v2/token`;
             const formData = {
                 grant_type: 'authorization_code',
-                client_id: config.ZOHOCRM_CLIENT_ID,
-                client_secret: config.ZOHOCRM_CLIENT_SECRET,
+                client_id: clientId || config.ZOHOCRM_CLIENT_ID,
+                client_secret: clientSecret || config.ZOHOCRM_CLIENT_SECRET,
                 redirect_uri: `${config.OAUTH_REDIRECT_BASE}/zohocrm`,
                 code: req.query.code,
             };
@@ -144,9 +148,7 @@ authRouter.get('/oauth-callback', async (req, res) => {
                             tp_refresh_token: result.data.refresh_token,
                             tp_customer_id: info.data.Email,
                             tp_account_url: req.query.accountURL as string,
-                            account: {
-                                connect: { public_token: revertPublicKey },
-                            },
+                            owner_account_public_token: revertPublicKey,
                         },
                         update: {
                             tp_access_token: result.data.access_token,
@@ -186,8 +188,8 @@ authRouter.get('/oauth-callback', async (req, res) => {
             const url = 'https://login.salesforce.com/services/oauth2/token';
             const formData = {
                 grant_type: 'authorization_code',
-                client_id: config.SFDC_CLIENT_ID,
-                client_secret: config.SFDC_CLIENT_SECRET,
+                client_id: clientId || config.SFDC_CLIENT_ID,
+                client_secret: clientSecret || config.SFDC_CLIENT_SECRET,
                 redirect_uri: `${config.OAUTH_REDIRECT_BASE}/sfdc`,
                 code: req.query.code,
             };
@@ -224,9 +226,7 @@ authRouter.get('/oauth-callback', async (req, res) => {
                         tp_refresh_token: result.data.refresh_token,
                         tp_customer_id: info.data.email,
                         tp_account_url: info.data.urls['custom_domain'],
-                        account: {
-                            connect: { public_token: revertPublicKey },
-                        },
+                        owner_account_public_token: revertPublicKey,
                     },
                     update: {
                         tp_access_token: result.data.access_token,

packages/backend/routes/v1/metadata.ts

@@ -1,5 +1,8 @@
 import express from 'express';
 import prisma from '../../prisma/client';
+import { DEFAULT_SCOPE, INTEGRATIONS } from '../../constants';
+import { apps } from '@prisma/client';
+import config from '../../config';
 
 const metadataRouter = express.Router();
 
@@ -13,40 +16,53 @@ metadataRouter.get('/crms', async (req, res) => {
         return;
     }
     try {
-        const account = await prisma.accounts.findMany({
+        const apps = await prisma.apps.findMany({
+            select: { scope: true, app_client_id: true, tp_id: true },
             where: {
-                public_token: token as string,
+                owner_account_public_token: token as string,
             },
         });
-        if (!account || !account.length) {
+        if (!apps || !apps.length) {
             res.status(401).send({
                 error: 'Api token unauthorized',
             });
 
             return;
         }
+        const getScope = (apps: Partial<apps>[], integration: INTEGRATIONS) => {
+            return apps.find((app) => app.tp_id === integration)?.scope || DEFAULT_SCOPE[integration];
+        };
+        const getClientId = (apps: Partial<apps>[], integration: INTEGRATIONS) => {
+            return apps.find((app) => app.tp_id === integration)?.app_client_id;
+        };
         res.send({
             status: 'ok',
             data: [
                 {
-                    integrationId: 'hubspot',
+                    integrationId: INTEGRATIONS.HUBSPOT,
                     name: 'Hubspot',
                     imageSrc: 'https://res.cloudinary.com/dfcnic8wq/image/upload/v1673863171/Revert/Hubspot%20logo.png',
                     status: 'active',
+                    scopes: getScope(apps, INTEGRATIONS.HUBSPOT),
+                    clientId: getClientId(apps, INTEGRATIONS.HUBSPOT) || config.HUBSPOT_CLIENT_ID,
                 },
                 {
-                    integrationId: 'zohocrm',
+                    integrationId: INTEGRATIONS.ZOHO,
                     name: 'Zoho CRM',
                     imageSrc:
                         'https://res.cloudinary.com/dfcnic8wq/image/upload/v1674053823/Revert/zoho-crm-logo_u9889x.jpg',
                     status: 'active',
+                    scopes: getScope(apps, INTEGRATIONS.ZOHO),
+                    clientId: getClientId(apps, INTEGRATIONS.ZOHO) || config.ZOHOCRM_CLIENT_ID,
                 },
                 {
-                    integrationId: 'sfdc',
+                    integrationId: INTEGRATIONS.SALESFORCE,
                     name: 'Salesforce',
                     imageSrc:
                         'https://res.cloudinary.com/dfcnic8wq/image/upload/c_fit,h_20,w_70/v1673887647/Revert/SFDC%20logo.png',
                     status: 'active',
+                    scopes: getScope(apps, INTEGRATIONS.SALESFORCE),
+                    clientId: getClientId(apps, INTEGRATIONS.SALESFORCE) || config.SFDC_CLIENT_ID,
                 },
             ],
         });