parcer/server/src/routes/auth.ts

import { Router, Request, Response } from "express";
import Airtable from "airtable";

import User from "../models/User";
import Robot from "../models/Robot";
import jwt from "jsonwebtoken";
import { hashPassword, comparePassword } from "../utils/auth";
import { requireSignIn } from "../middlewares/auth";
import { genAPIKey } from "../utils/api";
import { google } from "googleapis";
import { capture } from "../utils/analytics";



declare module "express-session" {
  interface SessionData {
    code_verifier: string;
    robotId: string;
  }
}

export const router = Router();

interface AuthenticatedRequest extends Request {
  user?: { id: string };
}

router.post("/register", async (req, res) => {
  try {
    const { email, password } = req.body;

    if (!email) return res.status(400).send("Email is required");
    if (!password || password.length < 6)
      return res
        .status(400)
        .send("Password is required and must be at least 6 characters");

    let userExist = await User.findOne({ raw: true, where: { email } });
    if (userExist) return res.status(400).send("User already exists");

    const hashedPassword = await hashPassword(password);

    let user: any;

    try {
      user = await User.create({ email, password: hashedPassword });
    } catch (error: any) {
      console.log(`Could not create user - ${error}`);
      return res.status(500).send(`Could not create user - ${error.message}`);
    }

    if (!process.env.JWT_SECRET) {
      console.log("JWT_SECRET is not defined in the environment");
      return res.status(500).send("Internal Server Error");
    }

    const token = jwt.sign({ id: user.id }, process.env.JWT_SECRET as string);
    user.password = undefined as unknown as string;
    res.cookie("token", token, {
      httpOnly: true,
    });
    capture("maxun-oss-user-registered", {
      email: user.email,
      userId: user.id,
      registeredAt: new Date().toISOString(),
    });
    console.log(`User registered`);
    res.json(user);
  } catch (error: any) {
    console.log(`Could not register user - ${error}`);
    res.status(500).send(`Could not register user - ${error.message}`);
  }
});

router.post("/login", async (req, res) => {
  try {
    const { email, password } = req.body;
    if (!email || !password)
      return res.status(400).send("Email and password are required");
    if (password.length < 6)
      return res.status(400).send("Password must be at least 6 characters");

    let user = await User.findOne({ raw: true, where: { email } });
    if (!user) return res.status(400).send("User does not exist");

    const match = await comparePassword(password, user.password);
    if (!match) return res.status(400).send("Invalid email or password");

    const token = jwt.sign({ id: user?.id }, process.env.JWT_SECRET as string);

    // return user and token to client, exclude hashed password
    if (user) {
      user.password = undefined as unknown as string;
    }
    res.cookie("token", token, {
      httpOnly: true,
    });
    capture("maxun-oss-user-login", {
      email: user.email,
      userId: user.id,
      loggedInAt: new Date().toISOString(),
    });
    res.json(user);
  } catch (error: any) {
    res.status(400).send(`Could not login user - ${error.message}`);
    console.log(`Could not login user - ${error}`);
  }
});

router.get("/logout", async (req, res) => {
  try {
    res.clearCookie("token");
    return res.json({ message: "Logout successful" });
  } catch (error: any) {
    res.status(500).send(`Could not logout user - ${error.message}`);
  }
});

router.get(
  "/current-user",
  requireSignIn,
  async (req: Request, res) => {
    const authenticatedReq = req as AuthenticatedRequest;
    try {
      if (!authenticatedReq.user) {
        return res.status(401).json({ ok: false, error: "Unauthorized" });
      }
      const user = await User.findByPk(authenticatedReq.user.id, {
        attributes: { exclude: ["password"] },
      });
      if (!user) {
        return res.status(404).json({ ok: false, error: "User not found" });
      } else {
        return res.status(200).json({ ok: true, user: user });
      }
    } catch (error: any) {
      console.error("Error in current-user route:", error);
      return res
        .status(500)
        .json({
          ok: false,
          error: `Could not fetch current user: ${error.message}`,
        });
    }
  }
);

router.get(
  "/user/:id",
  requireSignIn,
  async (req: Request, res) => {
    try {
      const { id } = req.params;
      if (!id) {
        return res.status(400).json({ message: "User ID is required" });
      }

      const user = await User.findByPk(id, {
        attributes: { exclude: ["password"] },
      });

      if (!user) {
        return res.status(404).json({ message: "User not found" });
      }

      return res
        .status(200)
        .json({ message: "User fetched successfully", user });
    } catch (error: any) {
      return res
        .status(500)
        .json({ message: "Error fetching user", error: error.message });
    }
  }
);

router.post(
  "/generate-api-key",
  requireSignIn,
  async (req: Request, res) => {
    const authenticatedReq = req as AuthenticatedRequest;
    try {
      if (!authenticatedReq.user) {
        return res.status(401).json({ ok: false, error: "Unauthorized" });
      }
      const user = await User.findByPk(authenticatedReq.user.id, {
        attributes: { exclude: ["password"] },
      });

      if (!user) {
        return res.status(404).json({ message: "User not found" });
      }

      if (user.api_key) {
        return res.status(400).json({ message: "API key already exists" });
      }
      const apiKey = genAPIKey();

      await user.update({ api_key: apiKey });

      capture("maxun-oss-api-key-created", {
        user_id: user.id,
        created_at: new Date().toISOString(),
      });

      return res.status(200).json({
        message: "API key generated successfully",
        api_key: apiKey,
      });
    } catch (error) {
      return res
        .status(500)
        .json({ message: "Error generating API key", error });
    }
  }
);

router.get(
  "/api-key",
  requireSignIn,
  async (req: Request, res) => {
    const authenticatedReq = req as AuthenticatedRequest;
    try {
      if (!authenticatedReq.user) {
        return res.status(401).json({ ok: false, error: "Unauthorized" });
      }

      const user = await User.findByPk(authenticatedReq.user.id, {
        raw: true,
        attributes: ["api_key"],
      });

      if (!user) {
        return res.status(404).json({ message: "User not found" });
      }

      return res.status(200).json({
        message: "API key fetched successfully",
        api_key: user.api_key || null,
      });
    } catch (error) {
      return res.status(500).json({ message: "Error fetching API key", error });
    }
  }
);

router.delete(
  "/delete-api-key",
  requireSignIn,
  async (req: Request, res) => {
    const authenticatedReq = req as AuthenticatedRequest;
    if (!authenticatedReq.user) {
      return res.status(401).send({ error: "Unauthorized" });
    }

    try {
      const user = await User.findByPk(authenticatedReq.user.id, { raw: true });

      if (!user) {
        return res.status(404).json({ message: "User not found" });
      }

      if (!user.api_key) {
        return res.status(404).json({ message: "API Key not found" });
      }

      await User.update({ api_key: null }, { where: { id: authenticatedReq.user.id } });

      capture("maxun-oss-api-key-deleted", {
        user_id: user.id,
        deleted_at: new Date().toISOString(),
      });

      return res.status(200).json({ message: "API Key deleted successfully" });
    } catch (error: any) {
      return res
        .status(500)
        .json({ message: "Error deleting API key", error: error.message });
    }
  }
);

const oauth2Client = new google.auth.OAuth2(
  process.env.GOOGLE_CLIENT_ID,
  process.env.GOOGLE_CLIENT_SECRET,
  process.env.GOOGLE_REDIRECT_URI
);

// Step 1: Redirect to Google for authentication
router.get("/google", (req, res) => {
  const { robotId } = req.query;
  if (!robotId) {
    return res.status(400).json({ message: "Robot ID is required" });
  }
  const scopes = [
    "https://www.googleapis.com/auth/spreadsheets",
    "https://www.googleapis.com/auth/userinfo.email",
    "https://www.googleapis.com/auth/drive.readonly",
  ];
  const url = oauth2Client.generateAuthUrl({
    access_type: "offline",
    prompt: "consent", // Ensures you get a refresh token on first login
    scope: scopes,
    state: robotId.toString(),
  });
  res.redirect(url);
});

// Step 2: Handle Google OAuth callback
router.get(
  "/google/callback",
  requireSignIn,
  async (req: Request, res) => {
    const authenticatedReq = req as AuthenticatedRequest;
    const { code, state } = req.query;
    try {
      if (!state) {
        return res.status(400).json({ message: "Robot ID is required" });
      }

      const robotId = state;

      // Get access and refresh tokens
      if (typeof code !== "string") {
        return res.status(400).json({ message: "Invalid code" });
      }
      const { tokens } = await oauth2Client.getToken(code);
      oauth2Client.setCredentials(tokens);

      // Get user profile from Google
      const oauth2 = google.oauth2({ version: "v2", auth: oauth2Client });
      const {
        data: { email },
      } = await oauth2.userinfo.get();

      if (!email) {
        return res.status(400).json({ message: "Email not found" });
      }

      if (!authenticatedReq.user) {
        return res.status(401).send({ error: "Unauthorized" });
      }

      // Get the currently authenticated user (from `requireSignIn`)
      let user = await User.findOne({ where: { id: authenticatedReq.user.id } });

      if (!user) {
        return res.status(400).json({ message: "User not found" });
      }

      let robot = await Robot.findOne({
        where: { "recording_meta.id": robotId },
      });

      if (!robot) {
        return res.status(400).json({ message: "Robot not found" });
      }

      robot = await robot.update({
        google_sheet_email: email,
        google_access_token: tokens.access_token,
        google_refresh_token: tokens.refresh_token,
      });
      capture("maxun-oss-google-sheet-integration-created", {
        user_id: user.id,
        robot_id: robot.recording_meta.id,
        created_at: new Date().toISOString(),
      });

      // List user's Google Sheets from their Google Drive
      const drive = google.drive({ version: "v3", auth: oauth2Client });
      const response = await drive.files.list({
        q: "mimeType='application/vnd.google-apps.spreadsheet'", // List only Google Sheets files
        fields: "files(id, name)", // Retrieve the ID and name of each file
      });

      const files = response.data.files || [];
      if (files.length === 0) {
        return res.status(404).json({ message: "No spreadsheets found." });
      }

      // Generate JWT token for session
      const jwtToken = jwt.sign(
        { id: user.id },
        process.env.JWT_SECRET as string
      );
      res.cookie("token", jwtToken, { httpOnly: true });

      // res.json({
      //     message: 'Google authentication successful',
      //     google_sheet_email: robot.google_sheet_email,
      //     jwtToken,
      //     files
      // });

      res.cookie("robot_auth_status", "success", {
        httpOnly: false,
        maxAge: 60000,
      }); // 1-minute expiration
      // res.cookie("robot_auth_message", "Robot successfully authenticated", {
      //   httpOnly: false,
      //   maxAge: 60000,
      // });
      res.cookie('robot_auth_robotId', robotId, {
        httpOnly: false,
        maxAge: 60000,
      });

      const baseUrl = process.env.PUBLIC_URL || "http://localhost:5173";
      const redirectUrl = `${baseUrl}/robots/`;

      res.redirect(redirectUrl);
    } catch (error: any) {
      res.status(500).json({ message: `Google OAuth error: ${error.message}` });
    }
  }
);

// Step 3: Get data from Google Sheets
router.post(
  "/gsheets/data",
  requireSignIn,
  async (req: Request, res) => {
    const authenticatedReq = req as AuthenticatedRequest;
    const { spreadsheetId, robotId } = req.body;
    if (!authenticatedReq.user) {
      return res.status(401).send({ error: "Unauthorized" });
    }
    const user = await User.findByPk(authenticatedReq.user.id, { raw: true });

    if (!user) {
      return res.status(400).json({ message: "User not found" });
    }

    const robot = await Robot.findOne({
      where: { "recording_meta.id": robotId },
      raw: true,
    });

    if (!robot) {
      return res.status(400).json({ message: "Robot not found" });
    }

    // Set Google OAuth credentials
    oauth2Client.setCredentials({
      access_token: robot.google_access_token,
      refresh_token: robot.google_refresh_token,
    });

    const sheets = google.sheets({ version: "v4", auth: oauth2Client });

    try {
      // Fetch data from the spreadsheet (you can let the user choose a specific range too)
      const sheetData = await sheets.spreadsheets.values.get({
        spreadsheetId,
        range: "Sheet1!A1:D5", // Default range, could be dynamic based on user input
      });
      res.json(sheetData.data);
    } catch (error: any) {
      res
        .status(500)
        .json({ message: `Error accessing Google Sheets: ${error.message}` });
    }
  }
);

// Step 4: Get user's Google Sheets files (new route)
router.get("/gsheets/files", requireSignIn, async (req, res) => {
  try {
    const robotId = req.query.robotId;
    const robot = await Robot.findOne({
      where: { "recording_meta.id": robotId },
      raw: true,
    });

    if (!robot) {
      return res.status(400).json({ message: "Robot not found" });
    }

    oauth2Client.setCredentials({
      access_token: robot.google_access_token,
      refresh_token: robot.google_refresh_token,
    });

    // List user's Google Sheets files from their Google Drive
    const drive = google.drive({ version: "v3", auth: oauth2Client });
    const response = await drive.files.list({
      q: "mimeType='application/vnd.google-apps.spreadsheet'",
      fields: "files(id, name)",
    });

    const files = response.data.files || [];
    if (files.length === 0) {
      return res.status(404).json({ message: "No spreadsheets found." });
    }

    res.json(files);
  } catch (error: any) {
    console.log("Error fetching Google Sheets files:", error);
    res
      .status(500)
      .json({
        message: `Error retrieving Google Sheets files: ${error.message}`,
      });
  }
});

// Step 5: Update robot's google_sheet_id when a Google Sheet is selected
router.post("/gsheets/update", requireSignIn, async (req, res) => {
  const { spreadsheetId, spreadsheetName, robotId } = req.body;

  if (!spreadsheetId || !robotId) {
    return res
      .status(400)
      .json({ message: "Spreadsheet ID and Robot ID are required" });
  }

  try {
    let robot = await Robot.findOne({
      where: { "recording_meta.id": robotId },
    });

    if (!robot) {
      return res.status(404).json({ message: "Robot not found" });
    }

    await robot.update({
      google_sheet_id: spreadsheetId,
      google_sheet_name: spreadsheetName,
    });

    res.json({ message: "Robot updated with selected Google Sheet ID" });
  } catch (error: any) {
    res.status(500).json({ message: `Error updating robot: ${error.message}` });
  }
});

router.post(
  "/gsheets/remove",
  requireSignIn,
  async (req: Request, res) => {
    const authenticatedReq = req as AuthenticatedRequest;
    const { robotId } = req.body;
    if (!robotId) {
      return res.status(400).json({ message: "Robot ID is required" });
    }

    if (!authenticatedReq.user) {
      return res.status(401).send({ error: "Unauthorized" });
    }

    try {
      let robot = await Robot.findOne({
        where: { "recording_meta.id": robotId },
      });

      if (!robot) {
        return res.status(404).json({ message: "Robot not found" });
      }

      await robot.update({
        google_sheet_id: null,
        google_sheet_name: null,
        google_sheet_email: null,
        google_access_token: null,
        google_refresh_token: null,
      });

      capture("maxun-oss-google-sheet-integration-removed", {
        user_id: authenticatedReq.user.id,
        robot_id: robotId,
        deleted_at: new Date().toISOString(),
      });

      res.json({ message: "Google Sheets integration removed successfully" });
    } catch (error: any) {
      res
        .status(500)
        .json({
          message: `Error removing Google Sheets integration: ${error.message}`,
        });
    }
  }
);




import crypto from 'crypto';

// Airtable OAuth Routes
router.get("/airtable", (req, res) => {
  const { robotId } = req.query;
  if (!robotId) {
    return res.status(400).json({ message: "Robot ID is required" });
  }

  // Generate PKCE codes
  const code_verifier = crypto.randomBytes(64).toString('base64url');
  const code_challenge = crypto.createHash('sha256')
    .update(code_verifier)
    .digest('base64url');

  // Store in session
  req.session.code_verifier = code_verifier;
  req.session.robotId = robotId.toString();

  const params = new URLSearchParams({
    client_id: process.env.AIRTABLE_CLIENT_ID!,
    redirect_uri: process.env.AIRTABLE_REDIRECT_URI!,
   
    response_type: 'code',
    state: robotId.toString(),
    scope: 'data.records:read data.records:write schema.bases:read',
    code_challenge: code_challenge,
    code_challenge_method: 'S256'
  });

  res.redirect(`https://airtable.com/oauth2/v1/authorize?${params}`);
});

router.get("/airtable/callback", async (req, res) => {
  try {
    const { code, state, error } = req.query;

    if (error) {
      return res.redirect(
        `${process.env.PUBLIC_URL}/robots/${state}/integrate?error=${encodeURIComponent(error.toString())}`
      );
    }

    if (!code || !state) {
      return res.status(400).json({ message: "Missing authorization code or state" });
    }

    // Verify session data
    if (!req.session?.code_verifier || req.session.robotId !== state.toString()) {
      return res.status(400).json({ 
        message: "Session expired - please restart the OAuth flow"
      });
    }

    // Exchange code for tokens
    const tokenResponse = await fetch("https://airtable.com/oauth2/v1/token", {
      method: "POST",
      headers: {
        "Content-Type": "application/x-www-form-urlencoded",
      },
      body: new URLSearchParams({
        grant_type: "authorization_code",
        code: code.toString(),
        client_id: process.env.AIRTABLE_CLIENT_ID!,
        
        redirect_uri: process.env.AIRTABLE_REDIRECT_URI!,
        code_verifier: req.session.code_verifier
      }),
    });

    if (!tokenResponse.ok) {
      const errorData = await tokenResponse.json();
      console.error('Token exchange failed:', errorData);
      return res.redirect(
        `${process.env.PUBLIC_URL}/robots/${state}/integrate?error=${encodeURIComponent(errorData.error_description || 'Authentication failed')}`
      );
    }

    const tokens = await tokenResponse.json();

    // Update robot with credentials
    const robot = await Robot.findOne({
      where: { "recording_meta.id": req.session.robotId }
    });

    if (!robot) {
      return res.status(404).json({ message: "Robot not found" });
    }

    await robot.update({
      airtable_access_token: tokens.access_token,
      airtable_refresh_token: tokens.refresh_token,

      
    });

    // Clear session data
    req.session.destroy((err) => {
      if (err) console.error('Session cleanup error:', err);
    });

    res.cookie("airtable_auth_status", "success", {
      httpOnly: false,
      maxAge: 60000,
    }); // 1-minute expiration
    res.cookie("airtable_auth_message", "Robot successfully authenticated", {
      httpOnly: false,
      maxAge: 60000,
    });

    res.redirect(
      `${process.env.PUBLIC_URL}/robots/${state}/integrate || http://localhost:5173/robots/${state}/integrate`
    );

  } catch (error: any) {
    console.error('Airtable callback error:', error);
    res.redirect(
      `${process.env.PUBLIC_URL}/robots/${req.session.robotId}/integrate?error=${encodeURIComponent(error.message)}`
    );
  }
});

// Get Airtable bases
router.get("/airtable/bases", async (req: AuthenticatedRequest, res) => {
  try {
    const { robotId } = req.query;
    if (!robotId) {
      return res.status(400).json({ message: "Robot ID is required" });
    }

    const robot = await Robot.findOne({
      where: { "recording_meta.id": robotId.toString() },
      raw: true,
    });

    if (!robot?.airtable_access_token) {
      return res.status(400).json({ message: "Robot not authenticated with Airtable" });
    }

    const response = await fetch('https://api.airtable.com/v0/meta/bases', {
      headers: {
        'Authorization': `Bearer ${robot.airtable_access_token}`
      }
    });

    if (!response.ok) {
      const errorData = await response.json();
      throw new Error(errorData.error.message || 'Failed to fetch bases');
    }

    const data = await response.json();
    res.json(data.bases.map((base: any) => ({
      id: base.id,
      name: base.name
    })));

  } catch (error: any) {
    res.status(500).json({ message: error.message });
  }
});

// Update robot with selected base
router.post("/airtable/update", async (req: AuthenticatedRequest, res) => {
  const { baseId, robotId , tableName} = req.body;

  if (!baseId || !robotId) {
    return res.status(400).json({ message: "Base ID and Robot ID are required" });
  }

  try {
    const robot = await Robot.findOne({
      where: { "recording_meta.id": robotId }
    });

    if (!robot) {
      return res.status(404).json({ message: "Robot not found" });
    }

    await robot.update({
      airtable_base_id: baseId,
      airtable_table_name: tableName,
      
    });

    capture("maxun-oss-airtable-integration-created", {
      user_id: req.user?.id,
      robot_id: robotId,
      created_at: new Date().toISOString(),
    });

    res.json({ message: "Airtable base updated successfully" });

  } catch (error: any) {
    res.status(500).json({ message: error.message });
  }
});

// Remove Airtable integration
router.post("/airtable/remove", requireSignIn, async (req: AuthenticatedRequest, res) => {
  const { robotId } = req.body;
  if (!robotId) {
    return res.status(400).json({ message: "Robot ID is required" });
  }

  try {
    const robot = await Robot.findOne({
      where: { "recording_meta.id": robotId }
    });

    if (!robot) {
      return res.status(404).json({ message: "Robot not found" });
    }

    await robot.update({
      airtable_access_token: null,
      airtable_refresh_token: null,
      airtable_base_id: null,
   
    });

    capture("maxun-oss-airtable-integration-removed", {
      user_id: req.user?.id,
      robot_id: robotId,
      deleted_at: new Date().toISOString(),
    });

    res.json({ message: "Airtable integration removed successfully" });

  } catch (error: any) {
    res.status(500).json({ message: error.message });
  }
});



// Fetch tables from an Airtable base
router.get("/airtable/tables", async (req: AuthenticatedRequest, res) => {
  try {
    const { baseId, robotId } = req.query;

    if (!baseId || !robotId) {
      return res.status(400).json({ message: "Base ID and Robot ID are required" });
    }

    const robot = await Robot.findOne({
      where: { "recording_meta.id": robotId.toString() },
      raw: true,
    });

    if (!robot?.airtable_access_token) {
      return res.status(400).json({ message: "Robot not authenticated with Airtable" });
    }

    const response = await fetch(`https://api.airtable.com/v0/meta/bases/${baseId}/tables`, {
      headers: {
        'Authorization': `Bearer ${robot.airtable_access_token}`
      }
    });

    if (!response.ok) {
      const errorData = await response.json();
      throw new Error(errorData.error.message || 'Failed to fetch tables');
    }

    const data = await response.json();
    res.json(data.tables.map((table: any) => ({
      id: table.id,
      name: table.name,
      fields: table.fields
    })));

  } catch (error: any) {
    res.status(500).json({ message: error.message });
  }
});