✨(interop) allow to save an attachment into Drive workspace

Setup Drive resource server query to retrieve and save files from a configured
Drive instance through OIDC resource server.

suitenumerique/drive#379

Author: jbpenrath

docs/env.md

@@ -156,6 +156,9 @@ The application uses a new environment file structure with `.defaults` and `.loc
 | `OIDC_OP_LOGOUT_ENDPOINT` | None | OIDC logout endpoint | Optional |
 | `OIDC_USERINFO_ESSENTIAL_CLAIMS` | `[]` | Essential OIDC claims | Optional |
 | `OIDC_USERINFO_FULLNAME_FIELDS` | `["first_name", "last_name"]` | Fields to use for full name | Optional |
+| `OIDC_STORE_ACCESS_TOKEN` | `False` | Store access token | Optional |
+| `OIDC_STORE_REFRESH_TOKEN` | `False` | Store refresh token | Optional |
+| `OIDC_STORE_REFRESH_TOKEN_KEY` | `None` | Refresh token encryption key (Must be a valid Fernet key) | Optional |
 
 
 ### OIDC Advanced Settings

src/backend/core/api/openapi.json

@@ -182,12 +182,17 @@
                                                 "api_url": {
                                                     "type": "string",
                                                     "readOnly": true
+                                                },
+                                                "file_url": {
+                                                    "type": "string",
+                                                    "readOnly": true
                                                 }
                                             },
                                             "readOnly": true,
                                             "required": [
                                                 "sdk_url",
-                                                "api_url"
+                                                "api_url",
+                                                "file_url"
                                             ]
                                         },
                                         "SCHEMA_CUSTOM_ATTRIBUTES_USER": {
@@ -1652,6 +1657,76 @@
                 }
             }
         },
+        "/api/v1.0/interop/drive/": {
+            "get": {
+                "operationId": "interop_drive_retrieve",
+                "description": "Search for files created by the current user.",
+                "parameters": [
+                    {
+                        "in": "query",
+                        "name": "title",
+                        "schema": {
+                            "type": "string"
+                        },
+                        "description": "Search files by title."
+                    }
+                ],
+                "tags": [
+                    "interop/drive"
+                ],
+                "security": [
+                    {
+                        "cookieAuth": []
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "No response body"
+                    }
+                }
+            },
+            "post": {
+                "operationId": "interop_drive_create",
+                "description": "Create a new file in the main workspace.",
+                "tags": [
+                    "interop"
+                ],
+                "requestBody": {
+                    "content": {
+                        "application/json": {
+                            "schema": {
+                                "$ref": "#/components/schemas/DriveUploadAttachmentRequest"
+                            }
+                        },
+                        "multipart/form-data": {
+                            "schema": {
+                                "$ref": "#/components/schemas/DriveUploadAttachmentRequest"
+                            }
+                        }
+                    },
+                    "required": true
+                },
+                "security": [
+                    {
+                        "cookieAuth": []
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "File created successfully"
+                    },
+                    "400": {
+                        "description": "Bad request - attachment_id is required"
+                    },
+                    "404": {
+                        "description": "Attachment not found"
+                    },
+                    "500": {
+                        "description": "Internal server error"
+                    }
+                }
+            }
+        },
         "/api/v1.0/labels/": {
             "get": {
                 "operationId": "labels_list",
@@ -4972,12 +5047,6 @@
                 "type": "object",
                 "description": "Serialize attachments.",
                 "properties": {
-                    "id": {
-                        "type": "string",
-                        "format": "uuid",
-                        "readOnly": true,
-                        "description": "primary key for the record as UUID"
-                    },
                     "blobId": {
                         "type": "string",
                         "format": "uuid",
@@ -5020,7 +5089,6 @@
                     "blobId",
                     "cid",
                     "created_at",
-                    "id",
                     "name",
                     "sha256",
                     "size",
@@ -5225,6 +5293,19 @@
                     "senderId"
                 ]
             },
+            "DriveUploadAttachmentRequest": {
+                "type": "object",
+                "properties": {
+                    "attachment_id": {
+                        "type": "string",
+                        "format": "uuid",
+                        "description": "ID of the attachment to upload"
+                    }
+                },
+                "required": [
+                    "attachment_id"
+                ]
+            },
             "FlagEnum": {
                 "enum": [
                     "unread",

src/backend/core/api/serializers.py

@@ -388,7 +388,6 @@ def get_sha256(self, obj):
     class Meta:
         model = models.Attachment
         fields = [
-            "id",
             "blobId",
             "name",
             "size",

src/backend/core/api/viewsets/config.py

@@ -50,9 +50,13 @@ class ConfigView(drf.views.APIView):
                                     "type": "string",
                                     "readOnly": True,
                                 },
+                                "file_url": {
+                                    "type": "string",
+                                    "readOnly": True,
+                                },
                             },
                             "readOnly": True,
-                            "required": ["sdk_url", "api_url"],
+                            "required": ["sdk_url", "api_url", "file_url"],
                         },
                         "SCHEMA_CUSTOM_ATTRIBUTES_USER": {
                             "type": "object",
@@ -107,6 +111,7 @@ def get(self, request):
                     "DRIVE": {
                         "sdk_url": f"{base_url}{settings.DRIVE_CONFIG.get('sdk_url')}",
                         "api_url": f"{base_url}{settings.DRIVE_CONFIG.get('api_url')}",
+                        "file_url": f"{base_url}{settings.DRIVE_CONFIG.get('file_url')}",
                     }
                 }
             )

src/backend/core/api/viewsets/drive.py

@@ -0,0 +1,164 @@
+import requests
+from django.conf import settings
+from django.utils.decorators import method_decorator
+
+from rest_framework import permissions, serializers
+from rest_framework.response import Response
+from rest_framework.views import APIView
+from lasuite.oidc_login.decorators import refresh_oidc_access_token
+from drf_spectacular.utils import OpenApiParameter, OpenApiTypes, extend_schema
+
+from core import models
+from drf_spectacular.utils import extend_schema, OpenApiResponse, inline_serializer
+
+
+
+
+
+class DriveAPIView(APIView):
+    """
+    API View to upload an attachment to Drive.
+    """
+    permission_classes = [permissions.IsAuthenticated]
+
+    @extend_schema(
+        tags=["interop/drive"],
+        parameters=[
+            OpenApiParameter(
+                name="title",
+                type=OpenApiTypes.STR,
+                location=OpenApiParameter.QUERY,
+                description="Search files by title.",
+                required=False,
+            ),
+        ],
+    )
+    @method_decorator(refresh_oidc_access_token)
+    def get(self, request):
+        """
+        Search for files created by the current user.
+        """
+        drive_external_api = f"{settings.DRIVE_CONFIG.get('base_url')}/external_api/v1.0"
+        access_token = request.session.get('oidc_access_token')
+        filters = {
+            "is_creator_me": True,
+            "type": "file",
+        }
+        for key, value in request.query_params.items():
+            filters.update({key: value})
+
+        # Retrieve the main workspace
+        response = requests.get(
+            f"{drive_external_api}/items/",
+            headers={"Authorization": f"Bearer {access_token}", "Content-Type": "application/json"},
+        )
+        response.raise_for_status()
+        data = response.json()
+        items = data['results']
+        main_workspace = None
+        for item in items:
+            if item['main_workspace']:
+                main_workspace = item
+                break
+        if not main_workspace:
+            return Response(status=404, data={"error": "No main workspace found"})
+
+        # Search for files in the main workspace
+        response = requests.get(
+            f"{drive_external_api}/items/{main_workspace['id']}/children/",
+            params=filters,
+            headers={"Authorization": f"Bearer {access_token}", "Content-Type": "application/json"},
+        )
+
+        return Response(response.json())
+
+    @extend_schema(
+        description="Create a new file in the main workspace.",
+        request=inline_serializer(
+            name="DriveUploadAttachment",
+            fields={
+                "attachment_id": serializers.UUIDField(
+                    required=True,
+                    help_text="ID of the attachment to upload",
+                ),
+
+            },
+        ),
+        responses={
+            200: OpenApiResponse(description="File created successfully"),
+            400: OpenApiResponse(description="Bad request - attachment_id is required"),
+            404: OpenApiResponse(description="Attachment not found"),
+            500: OpenApiResponse(description="Internal server error"),
+        },
+    )
+    @method_decorator(refresh_oidc_access_token)
+    def post(self, request):
+        """
+        Create a new file in the main workspace.
+        """
+        drive_external_api = f"{settings.DRIVE_CONFIG.get('base_url')}/external_api/v1.0"
+
+        # Get the access token from the session
+        access_token = request.session.get('oidc_access_token')
+        attachment_id = request.data.get('attachment_id')
+        if not attachment_id:
+            return Response(status=400, data={"error": "attachment_id is required"})
+
+        # TODO : Make this shit properly
+        message_id = attachment_id.split("_")[1]
+        attachment_number = attachment_id.split("_")[2]
+        message = models.Message.objects.get(id=message_id)
+        # Parse the raw mime message to get the attachment
+        parsed_email = message.get_parsed_data()
+        attachment = parsed_email.get("attachments", [])[int(attachment_number)]
+
+        # Get the main workspace
+        response = requests.get(
+            f"{drive_external_api}/items/",
+            headers={"Authorization": f"Bearer {access_token}", "Content-Type": "application/json"},
+        )
+        response.raise_for_status()
+        data = response.json()
+        items = data['results']
+        main_workspace = None
+        for item in items:
+            if item['main_workspace']:
+                main_workspace = item
+                break
+
+        if not main_workspace:
+            return Response(status=404, data={"error": "No main workspace found"})
+
+        # Create a new file in the main workspace
+        response = requests.post(
+            f"{drive_external_api}/items/{main_workspace['id']}/children/",
+            json={
+                "type": "file",
+                "filename": attachment['name'],
+            },
+            headers={"Authorization": f"Bearer {access_token}", "Content-Type": "application/json"},
+        )
+        response.raise_for_status()
+        item = response.json()
+        policy = item['policy']
+
+        # Upload file content using the presigned URL
+        upload_response = requests.put(
+            policy,
+            data=attachment['content'],
+            headers={
+                    "Content-Type": attachment['type'],
+                    "x-amz-acl": "private"
+                }
+            )
+        upload_response.raise_for_status()
+
+        # Tell the Drive API that the upload is ended
+        response = requests.post(
+            f"{drive_external_api}/items/{item['id']}/upload-ended/",
+            json={},
+            headers={"Authorization": f"Bearer {access_token}", "Content-Type": "application/json"},
+        )
+        response.raise_for_status()
+
+        return Response(response.json())

src/backend/core/authentication/backends.py

@@ -70,7 +70,6 @@ def get_or_create_user(self, access_token, id_token, payload):
 
         # if sub is absent, try matching on email
         user = self.get_existing_user(sub, email)
-
         self.create_testdomain()
 
         if user: