Merged
Conversation
…t linking - Added email/password sign-up and sign-in functionality using Supertokens, allowing users to authenticate without Google. - Implemented a "Connect Google Calendar" feature for users who signed up with email/password, enabling account linking and synchronization of Compass-only events to Google. - Updated the SessionExpiredToast to provide a generic message for session expiration, directing users to sign in via AuthModal. - Enhanced tests for new authentication flows and ensured consistent naming for authentication state. - Improved user experience by allowing seamless sign-in from any device using either authentication method.
- Updated the Schema_User interface to make the google property optional, allowing for greater flexibility in user data representation. - This change enhances compatibility with users who may not have linked a Google account.
- Introduced a new test suite for the `getGcalClient` function, covering scenarios where users are not connected to Google Calendar or lack a valid refresh token. - Enhanced error handling tests to ensure appropriate exceptions are thrown for users without Google accounts or invalid tokens. - Added tests for the `isGoogleNotConnectedError` utility to verify its functionality in identifying specific error types. - Mocked user queries to isolate tests and improve reliability.
- Removed unnecessary variable assignments in Google Calendar event creation and update methods, simplifying the return logic to always return the operation summary. - Enhanced delete operations to handle cases where the event ID may not be present, defaulting to a successful operation when the ID is absent. - Improved code clarity and maintainability by reducing redundancy in event handling methods.
- Replaced instances of UserError.GoogleNotConnected with UserError.MissingGoogleField in the Google authentication service and tests to improve clarity and accuracy in error reporting. - Updated related test cases to reflect the new error handling logic, ensuring that appropriate exceptions are thrown when users lack necessary Google account fields. - Removed unused error handling functions to streamline the codebase and enhance maintainability.
- Added `isGoogleConnected` and `requireGoogleConnection` functions to validate Google account connections for users. - Created corresponding tests for the Google guard to ensure accurate functionality and error handling. - Developed middleware functions `requireGoogleConnectionSession` and `requireGoogleConnectionFrom` to enforce Google connection requirements in route handlers. - Updated event and sync routes to utilize the new middleware, ensuring that Google connection is verified before allowing access to certain operations. - Enhanced test coverage for middleware to validate behavior under various scenarios, including missing user IDs and connection errors.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces Google-connection guards and middleware in the backend to ensure routes that depend on Google Calendar access validate that the current (or target) user has a Google refresh token available, and updates related event/sync flows and tests accordingly.
Changes:
- Made
Schema_User.googleoptional and added guard helpers (isGoogleConnected,requireGoogleConnection) for Google connection validation. - Added reusable Express middleware to enforce Google connection based on session userId or a route param, and applied it to event/sync routes.
- Added/updated unit tests for the new guard, middleware, and Google auth client initialization behavior when Google is not connected.
Reviewed changes
Copilot reviewed 17 out of 17 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/core/src/types/user.types.ts | Makes google optional on Schema_User to support non-Google users. |
| packages/backend/src/sync/sync.routes.config.ts | Adds Google-connection enforcement middleware to sync endpoints (prod + debug). |
| packages/backend/src/event/event.routes.config.ts | Requires Google connection for event create/update/delete routes. |
| packages/backend/src/event/classes/compass.event.parser.ts | Adjusts return behavior around Google Calendar operations; makes deletes safe when gEventId is missing. |
| packages/backend/src/common/middleware/google.required.middleware.ts | New middleware enforcing Google connection from session or route params. |
| packages/backend/src/common/middleware/google.required.middleware.test.ts | Unit tests for the new Google-required middleware. |
| packages/backend/src/common/guards/google.guard.ts | New guard utilities to check/require Google connection. |
| packages/backend/src/common/guards/google.guard.test.ts | Unit tests for the new Google guard utilities. |
| packages/backend/src/common/errors/user/user.errors.ts | Renames/repurposes the Google-missing error metadata. |
| packages/backend/src/auth/services/google.auth.service.ts | Adds missing-refresh-token checks; clarifies GaxiosError variable naming. |
| packages/backend/src/auth/services/google.auth.service.test.ts | Tests error behavior when user has no Google connection or is missing. |
| PW-PLAN-MASTER.md | Adds a high-level plan for the password-auth rollout sequence. |
| PW-PLAN-1.md | Documents PR1 design goals and implementation plan. |
| PW-PLAN-2.md | Documents PR2 email/password auth plan. |
| PW-PLAN-3.md | Documents PR3 session-expired toast plan. |
| PW-PLAN-4.md | Documents PR4 Google account linking plan. |
| PW-PLAN-5.md | Documents PR5 tests/polish plan. |
Comments suppressed due to low confidence (1)
packages/core/src/types/user.types.ts:14
- Making
Schema_User.googleoptional will cause strict TS errors anywhere that accessesuser.google.*without narrowing (e.g.packages/backend/src/user/services/user.service.test.ts:58andpackages/core/src/mappers/map.user.test.ts:22currently dereferencegoogledirectly). Please update affected call sites to use optional chaining / runtime assertions, or introduce a separate type for “Google-connected users” wheregoogleis required and narrow to it before dereferencing.
google?: {
googleId: string;
picture: string;
gRefreshToken: string;
};
…ection - Updated error messages in `google.auth.service.ts` for clarity, specifying user ID requirements and Google Calendar connection status. - Enhanced the `UserError` descriptions in `user.errors.ts` to provide more specific feedback regarding missing Google refresh tokens. - Added validation in `google.guard.ts` to check for valid ObjectId format for user IDs, improving error handling in the Google connection guard. - Expanded tests in `google.guard.test.ts` to cover scenarios for invalid user IDs and ensure proper error propagation in middleware.
- Replaced instances of UserError.MissingGoogleField with UserError.MissingGoogleRefreshToken across multiple files to improve clarity in error reporting. - Updated tests in google.auth.service.test.ts, google.guard.test.ts, and google.required.middleware.test.ts to reflect the new error handling logic. - Enhanced UserError definitions in user.errors.ts to provide more specific feedback regarding missing Google refresh tokens.
Made-with: Cursor
packages/backend/src/common/middleware/google.required.middleware.ts
Outdated
Show resolved
Hide resolved
packages/backend/src/common/middleware/google.required.middleware.ts
Outdated
Show resolved
Hide resolved
packages/backend/src/common/middleware/google.required.middleware.ts
Outdated
Show resolved
Hide resolved
packages/backend/src/common/middleware/google.required.middleware.test.ts
Show resolved
Hide resolved
…ware - Changed the error response format in `sendBaseError` to use `res.send` instead of `res.json`, simplifying the response structure. - Updated middleware functions to ensure consistent error handling and improved clarity in the response flow. - Enhanced tests to verify the updated behavior of error handling in `google.required.middleware.test.ts`.
…leware - Updated the error response handling in `sendBaseError` to use `res.json` for a more structured response format. - Adjusted tests in `google.required.middleware.test.ts` to verify the new response structure, ensuring clarity in error reporting. - Improved logging of errors on the server side for better debugging without exposing sensitive details to clients.
packages/backend/src/common/middleware/google.required.middleware.ts
Outdated
Show resolved
Hide resolved
packages/backend/src/common/middleware/google.required.middleware.test.ts
Outdated
Show resolved
Hide resolved
packages/backend/src/common/middleware/google.required.middleware.test.ts
Outdated
Show resolved
Hide resolved
…t descriptions - Updated test descriptions in `google.auth.service.test.ts`, `google.guard.test.ts`, and `google.required.middleware.test.ts` to consistently reference `UserError.MissingGoogleRefreshToken` for clarity. - Renamed test suites and methods to improve readability and align with updated error handling logic, enhancing overall test structure. - Added a new test case in `google.guard.test.ts` to verify behavior when a user does not exist, ensuring comprehensive coverage of error scenarios.
…yload - Updated the error handling in `error.express.handler.ts` to utilize a new function, `toClientErrorPayload`, which formats error responses for clients without exposing sensitive details. - Added a new test suite in `error.handler.test.ts` to validate the behavior of `toClientErrorPayload`, ensuring it correctly formats errors and excludes internal properties. - Improved overall error response structure for better clarity and security in client communications.
- Replaced the custom error response function with a standardized error handler that utilizes `toClientErrorPayload` for consistent client-safe error responses. - Updated tests in `google.required.middleware.test.ts` to reflect changes in error response structure, ensuring accurate validation of error handling. - Enhanced logging of errors to improve debugging while maintaining security by not exposing sensitive details to clients.
…tion - Improved user ID extraction logic in `google.auth.service.ts` to ensure consistent handling of different ID types. - Refactored `isGoogleConnected` function in `google.guard.test.ts` to include validation for user ID format using `IDSchema`. - Updated `requireGoogleConnection` in `google.guard.ts` to throw a user not found error if the user does not exist, enhancing error handling clarity.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Addresses #1476
isGoogleConnectedandrequireGoogleConnectionfunctions to validate Google account connections for users.requireGoogleConnectionSessionandrequireGoogleConnectionFromto enforce Google connection requirements in route handlers.