✨(interop) allow to save an attachment into Drive workspace

Setup Drive resource server query to retrieve and save files from a configured
Drive instance through OIDC resource server.

suitenumerique/drive#379

Author: jbpenrath

docs/env.md

@@ -156,6 +156,9 @@ The application uses a new environment file structure with `.defaults` and `.loc
 | `OIDC_OP_LOGOUT_ENDPOINT` | None | OIDC logout endpoint | Optional |
 | `OIDC_USERINFO_ESSENTIAL_CLAIMS` | `[]` | Essential OIDC claims | Optional |
 | `OIDC_USERINFO_FULLNAME_FIELDS` | `["first_name", "last_name"]` | Fields to use for full name | Optional |
+| `OIDC_STORE_ACCESS_TOKEN` | `False` | Store access token | Optional |
+| `OIDC_STORE_REFRESH_TOKEN` | `False` | Store refresh token | Optional |
+| `OIDC_STORE_REFRESH_TOKEN_KEY` | `None` | Refresh token encryption key (Must be a valid Fernet key) | Optional |
 
 
 ### OIDC Advanced Settings

src/backend/core/api/openapi.json

@@ -182,12 +182,17 @@
                                                 "api_url": {
                                                     "type": "string",
                                                     "readOnly": true
+                                                },
+                                                "file_url": {
+                                                    "type": "string",
+                                                    "readOnly": true
                                                 }
                                             },
                                             "readOnly": true,
                                             "required": [
                                                 "sdk_url",
-                                                "api_url"
+                                                "api_url",
+                                                "file_url"
                                             ]
                                         },
                                         "SCHEMA_CUSTOM_ATTRIBUTES_USER": {
@@ -1652,6 +1657,82 @@
                 }
             }
         },
+        "/api/v1.0/interop/drive/": {
+            "get": {
+                "operationId": "interop_drive_retrieve",
+                "description": "Search for files created by the current user.",
+                "parameters": [
+                    {
+                        "in": "query",
+                        "name": "title",
+                        "schema": {
+                            "type": "string"
+                        },
+                        "description": "Search files by title.",
+                        "required": true
+                    }
+                ],
+                "tags": [
+                    "interop/drive"
+                ],
+                "security": [
+                    {
+                        "cookieAuth": []
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "content": {
+                            "application/json": {
+                                "schema": {
+                                    "$ref": "#/components/schemas/PaginatedDriveItemResponse"
+                                }
+                            }
+                        },
+                        "description": "Files found"
+                    }
+                }
+            },
+            "post": {
+                "operationId": "interop_drive_create",
+                "description": "Create a new file in the main workspace.",
+                "tags": [
+                    "interop"
+                ],
+                "requestBody": {
+                    "content": {
+                        "application/json": {
+                            "schema": {
+                                "$ref": "#/components/schemas/DriveUploadAttachmentRequest"
+                            }
+                        },
+                        "multipart/form-data": {
+                            "schema": {
+                                "$ref": "#/components/schemas/DriveUploadAttachmentRequest"
+                            }
+                        }
+                    },
+                    "required": true
+                },
+                "security": [
+                    {
+                        "cookieAuth": []
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "content": {
+                            "application/json": {
+                                "schema": {
+                                    "$ref": "#/components/schemas/PartialDriveItem"
+                                }
+                            }
+                        },
+                        "description": "File created successfully"
+                    }
+                }
+            }
+        },
         "/api/v1.0/labels/": {
             "get": {
                 "operationId": "labels_list",
@@ -4972,12 +5053,6 @@
                 "type": "object",
                 "description": "Serialize attachments.",
                 "properties": {
-                    "id": {
-                        "type": "string",
-                        "format": "uuid",
-                        "readOnly": true,
-                        "description": "primary key for the record as UUID"
-                    },
                     "blobId": {
                         "type": "string",
                         "format": "uuid",
@@ -5020,7 +5095,6 @@
                     "blobId",
                     "cid",
                     "created_at",
-                    "id",
                     "name",
                     "sha256",
                     "size",
@@ -5225,6 +5299,19 @@
                     "senderId"
                 ]
             },
+            "DriveUploadAttachmentRequest": {
+                "type": "object",
+                "properties": {
+                    "blob_id": {
+                        "type": "string",
+                        "format": "uuid",
+                        "description": "ID of the attachment to upload"
+                    }
+                },
+                "required": [
+                    "blob_id"
+                ]
+            },
             "FlagEnum": {
                 "enum": [
                     "unread",
@@ -6510,6 +6597,34 @@
                     "signature"
                 ]
             },
+            "PaginatedDriveItemResponse": {
+                "type": "object",
+                "properties": {
+                    "count": {
+                        "type": "integer"
+                    },
+                    "next": {
+                        "type": "string",
+                        "nullable": true
+                    },
+                    "previous": {
+                        "type": "string",
+                        "nullable": true
+                    },
+                    "results": {
+                        "type": "array",
+                        "items": {
+                            "$ref": "#/components/schemas/PartialDriveItem"
+                        }
+                    }
+                },
+                "required": [
+                    "count",
+                    "next",
+                    "previous",
+                    "results"
+                ]
+            },
             "PaginatedMailDomainAdminList": {
                 "type": "object",
                 "required": [
@@ -6696,6 +6811,31 @@
                     }
                 }
             },
+            "PartialDriveItem": {
+                "type": "object",
+                "description": "Serializer for Drive Item resource (OpenAPI purpose only...).\nIt supports partially the Drive Item resource response structure.\nWe declare only fields that are useful in the Messages context.",
+                "properties": {
+                    "id": {
+                        "type": "string",
+                        "format": "uuid"
+                    },
+                    "filename": {
+                        "type": "string"
+                    },
+                    "mimetype": {
+                        "type": "string"
+                    },
+                    "size": {
+                        "type": "integer"
+                    }
+                },
+                "required": [
+                    "filename",
+                    "id",
+                    "mimetype",
+                    "size"
+                ]
+            },
             "PatchedLabelRequest": {
                 "type": "object",
                 "description": "Serializer for Label model.",

src/backend/core/api/serializers.py

@@ -388,7 +388,6 @@ def get_sha256(self, obj):
     class Meta:
         model = models.Attachment
         fields = [
-            "id",
             "blobId",
             "name",
             "size",
@@ -1470,3 +1469,26 @@ def create(self, validated_data):
 
     def update(self, instance, validated_data):
         """This serializer is only used to validate the data, not to create or update."""
+
+
+class PartialDriveItemSerializer(serializers.Serializer):
+    """
+    Serializer for Drive Item resource (OpenAPI purpose only...).
+    It supports partially the Drive Item resource response structure.
+    We declare only fields that are useful in the Messages context.
+    """
+
+    id = serializers.UUIDField(required=True)
+    filename = serializers.CharField(required=True)
+    mimetype = serializers.CharField(required=True)
+    size = serializers.IntegerField(required=True)
+
+    class Meta:
+        fields = ["id", "filename", "mimetype", "size"]
+        read_only_fields = fields
+
+    def create(self, validated_data):
+        """This serializer is only used to validate the data, not to create or update."""
+
+    def update(self, instance, validated_data):
+        """This serializer is only used to validate the data, not to create or update."""

src/backend/core/api/utils.py

@@ -7,6 +7,8 @@
 import boto3
 import botocore
 
+from core import models
+
 
 def flat_to_nested(items):
     """
@@ -68,6 +70,39 @@ def generate_presigned_url(storage, *args, **kwargs):
     return s3_client.generate_presigned_url(*args, **kwargs)
 
 
+def get_attachment_from_blob_id(blob_id, user):
+    """
+    Parse a given blob ID to get the attachment data from the related message raw mime.
+    Blob IDs in the form msg_[message_id]_[attachment_number] are looked up
+    directly in the message's attachments.
+    """
+    if not blob_id.startswith("msg_"):
+        raise ValueError("Invalid blob ID")
+
+    message_id = blob_id.split("_")[1]
+    attachment_number = blob_id.split("_")[2]
+    message = models.Message.objects.get(id=message_id)
+
+    # Does the user have access to the message via its thread?
+    if not models.ThreadAccess.objects.filter(
+        thread=message.thread, mailbox__accesses__user=user
+    ).exists():
+        raise models.Blob.DoesNotExist()
+
+    # Does the message have any attachments?
+    if not message.has_attachments:
+        raise models.Blob.DoesNotExist()
+
+    # Parse the raw mime message to get the attachment
+    parsed_email = message.get_parsed_data()
+    attachment = parsed_email.get("attachments", [])[int(attachment_number)]
+
+    if not attachment:
+        raise models.Blob.DoesNotExist()
+
+    return attachment
+
+
 # def generate_s3_authorization_headers(key):
 #     """
 #     Generate authorization headers for an s3 object.

src/backend/core/api/viewsets/blob.py

@@ -15,7 +15,7 @@
 from rest_framework.viewsets import ViewSet
 
 from core import models
-from core.api import permissions
+from core.api import permissions, utils
 
 # Define logger
 logger = logging.getLogger(__name__)
@@ -164,23 +164,16 @@ def download(self, request, pk=None):
             # Blob IDs in the form msg_[message_id]_[attachment_number] are looked up
             # directly in the message's attachments.
             if pk.startswith("msg_"):
-                message_id = pk.split("_")[1]
-                attachment_number = pk.split("_")[2]
-                message = models.Message.objects.get(id=message_id)
-
-                # Does the user have access to the message via its thread?
-                if not models.ThreadAccess.objects.filter(
-                    thread=message.thread, mailbox__accesses__user=request.user
-                ).exists():
-                    raise models.Blob.DoesNotExist()
-
-                # Does the message have any attachments?
-                if not message.has_attachments:
-                    raise models.Blob.DoesNotExist()
-
-                # Parse the raw mime message to get the attachment
-                parsed_email = message.get_parsed_data()
-                attachment = parsed_email.get("attachments", [])[int(attachment_number)]
+                try:
+                    attachment = utils.get_attachment_from_blob_id(pk, request.user)
+                except ValueError as e:
+                    return Response(
+                        status=status.HTTP_400_BAD_REQUEST, data={"error": str(e)}
+                    )
+                except models.Blob.DoesNotExist as e:
+                    return Response(
+                        status=status.HTTP_404_NOT_FOUND, data={"error": str(e)}
+                    )
 
                 # Create response with decompressed content
                 response = HttpResponse(

src/backend/core/api/viewsets/config.py

@@ -50,9 +50,13 @@ class ConfigView(drf.views.APIView):
                                     "type": "string",
                                     "readOnly": True,
                                 },
+                                "file_url": {
+                                    "type": "string",
+                                    "readOnly": True,
+                                },
                             },
                             "readOnly": True,
-                            "required": ["sdk_url", "api_url"],
+                            "required": ["sdk_url", "api_url", "file_url"],
                         },
                         "SCHEMA_CUSTOM_ATTRIBUTES_USER": {
                             "type": "object",
@@ -107,6 +111,7 @@ def get(self, request):
                     "DRIVE": {
                         "sdk_url": f"{base_url}{settings.DRIVE_CONFIG.get('sdk_url')}",
                         "api_url": f"{base_url}{settings.DRIVE_CONFIG.get('api_url')}",
+                        "file_url": f"{base_url}{settings.DRIVE_CONFIG.get('file_url')}",
                     }
                 }
             )