Revert "feat: install gcal + gvideo by default for google signups (#17773)" (#17803)

This reverts commit fcd06c8.

Author: emrysal

Diff for: .env.example

@@ -119,7 +119,7 @@ NEXT_PUBLIC_FRESHCHAT_HOST=
 
 # Google OAuth credentials
 # To enable Login with Google you need to:
-# 1. Set `GOOGLE_API_CREDENTIALS` below
+# 1. Set `GOOGLE_API_CREDENTIALS` above
 # 2. Set `GOOGLE_LOGIN_ENABLED` to `true`
 # When self-hosting please ensure you configure the Google integration as an Internal app so no one else can login to your instance
 # @see https://support.google.com/cloud/answer/6158849#public-and-internal&zippy=%2Cpublic-and-internal-applications

Diff for: packages/app-store/googlecalendar/api/add.ts

@@ -1,10 +1,11 @@
 import { google } from "googleapis";
 import type { NextApiRequest, NextApiResponse } from "next";
 
-import { GOOGLE_CALENDAR_SCOPES, SCOPE_USERINFO_PROFILE, WEBAPP_URL_FOR_OAUTH } from "@calcom/lib/constants";
+import { WEBAPP_URL_FOR_OAUTH } from "@calcom/lib/constants";
 import { defaultHandler, defaultResponder } from "@calcom/lib/server";
 
 import { encodeOAuthState } from "../../_utils/oauth/encodeOAuthState";
+import { SCOPES } from "../lib/constants";
 import { getGoogleAppKeys } from "../lib/getGoogleAppKeys";
 
 async function getHandler(req: NextApiRequest, res: NextApiResponse) {
@@ -15,7 +16,7 @@ async function getHandler(req: NextApiRequest, res: NextApiResponse) {
 
   const authUrl = oAuth2Client.generateAuthUrl({
     access_type: "offline",
-    scope: [SCOPE_USERINFO_PROFILE, ...GOOGLE_CALENDAR_SCOPES],
+    scope: SCOPES,
     // A refresh token is only returned the first time the user
     // consents to providing access.  For illustration purposes,
     // setting the prompt to 'consent' will force this consent

Diff for: packages/app-store/googlecalendar/api/callback.ts

@@ -2,21 +2,18 @@ import { google } from "googleapis";
 import type { NextApiRequest, NextApiResponse } from "next";
 
 import { renewSelectedCalendarCredentialId } from "@calcom/lib/connectedCalendar";
-import {
-  GOOGLE_CALENDAR_SCOPES,
-  SCOPE_USERINFO_PROFILE,
-  WEBAPP_URL,
-  WEBAPP_URL_FOR_OAUTH,
-} from "@calcom/lib/constants";
+import { WEBAPP_URL, WEBAPP_URL_FOR_OAUTH } from "@calcom/lib/constants";
 import { getSafeRedirectUrl } from "@calcom/lib/getSafeRedirectUrl";
+import { getAllCalendars, updateProfilePhoto } from "@calcom/lib/google";
 import { HttpError } from "@calcom/lib/http-error";
 import { defaultHandler, defaultResponder } from "@calcom/lib/server";
 import { CredentialRepository } from "@calcom/lib/server/repository/credential";
-import { GoogleService } from "@calcom/lib/server/service/google";
+import { GoogleRepository } from "@calcom/lib/server/repository/google";
 import { Prisma } from "@calcom/prisma/client";
 
 import getInstalledAppPath from "../../_utils/getInstalledAppPath";
 import { decodeOAuthState } from "../../_utils/oauth/decodeOAuthState";
+import { REQUIRED_SCOPES, SCOPE_USERINFO_PROFILE } from "../lib/constants";
 import { getGoogleAppKeys } from "../lib/getGoogleAppKeys";
 
 async function getHandler(req: NextApiRequest, res: NextApiResponse) {
@@ -50,7 +47,7 @@ async function getHandler(req: NextApiRequest, res: NextApiResponse) {
     const key = token.tokens;
     const grantedScopes = token.tokens.scope?.split(" ") ?? [];
     // Check if we have granted all required permissions
-    const hasMissingRequiredScopes = GOOGLE_CALENDAR_SCOPES.some((scope) => !grantedScopes.includes(scope));
+    const hasMissingRequiredScopes = REQUIRED_SCOPES.some((scope) => !grantedScopes.includes(scope));
     if (hasMissingRequiredScopes) {
       if (!state?.fromApp) {
         throw new HttpError({
@@ -75,7 +72,19 @@ async function getHandler(req: NextApiRequest, res: NextApiResponse) {
       auth: oAuth2Client,
     });
 
-    const primaryCal = await GoogleService.getPrimaryCalendar(calendar);
+    const cals = await getAllCalendars(calendar);
+
+    const primaryCal = cals.find((cal) => cal.primary) ?? cals[0];
+
+    // Only attempt to update the user's profile photo if the user has granted the required scope
+    if (grantedScopes.includes(SCOPE_USERINFO_PROFILE)) {
+      await updateProfilePhoto(oAuth2Client, req.session.user.id);
+    }
+
+    const gcalCredential = await GoogleRepository.createGoogleCalendarCredential({
+      key,
+      userId: req.session.user.id,
+    });
 
     // If we still don't have a primary calendar skip creating the selected calendar.
     // It can be toggled on later.
@@ -87,16 +96,6 @@ async function getHandler(req: NextApiRequest, res: NextApiResponse) {
       return;
     }
 
-    // Only attempt to update the user's profile photo if the user has granted the required scope
-    if (grantedScopes.includes(SCOPE_USERINFO_PROFILE)) {
-      await GoogleService.updateProfilePhoto(oAuth2Client, req.session.user.id);
-    }
-
-    const gcalCredential = await GoogleService.createGoogleCalendarCredential({
-      key,
-      userId: req.session.user.id,
-    });
-
     const selectedCalendarWhereUnique = {
       userId: req.session.user.id,
       externalId: primaryCal.id,
@@ -106,7 +105,7 @@ async function getHandler(req: NextApiRequest, res: NextApiResponse) {
     // Wrapping in a try/catch to reduce chance of race conditions-
     // also this improves performance for most of the happy-paths.
     try {
-      await GoogleService.upsertSelectedCalendar({
+      await GoogleRepository.upsertSelectedCalendar({
         credentialId: gcalCredential.id,
         externalId: selectedCalendarWhereUnique.externalId,
         userId: selectedCalendarWhereUnique.userId,
@@ -146,7 +145,7 @@ async function getHandler(req: NextApiRequest, res: NextApiResponse) {
     return;
   }
 
-  const existingGoogleMeetCredential = await GoogleService.findGoogleMeetCredential({
+  const existingGoogleMeetCredential = await GoogleRepository.findGoogleMeetCredential({
     userId: req.session.user.id,
   });
 
@@ -160,7 +159,7 @@ async function getHandler(req: NextApiRequest, res: NextApiResponse) {
   }
 
   // Create a new google meet credential
-  await GoogleService.createGoogleMeetsCredential({ userId: req.session.user.id });
+  await GoogleRepository.createGoogleMeetsCredential({ userId: req.session.user.id });
   res.redirect(
     getSafeRedirectUrl(`${WEBAPP_URL}/apps/installed/conferencing?hl=google-meet`) ??
       getInstalledAppPath({ variant: "conferencing", slug: "google-meet" })

Diff for: packages/app-store/googlecalendar/lib/CalendarService.ts

@@ -18,9 +18,10 @@ import {
   CREDENTIAL_SYNC_SECRET_HEADER_NAME,
 } from "@calcom/lib/constants";
 import { formatCalEvent } from "@calcom/lib/formatCalendarEvent";
+import { getAllCalendars } from "@calcom/lib/google";
 import logger from "@calcom/lib/logger";
 import { safeStringify } from "@calcom/lib/safeStringify";
-import { GoogleService } from "@calcom/lib/server/service/google";
+import { GoogleRepository } from "@calcom/lib/server/repository/google";
 import prisma from "@calcom/prisma";
 import type {
   Calendar,
@@ -542,7 +543,7 @@ export default class GoogleCalendarService implements Calendar {
     }
     async function getCalIds() {
       if (selectedCalendarIds.length !== 0) return selectedCalendarIds;
-      const cals = await GoogleService.getAllCalendars(calendar, ["id"]);
+      const cals = await getAllCalendars(calendar, ["id"]);
       if (!cals.length) return [];
       return cals.reduce((c, cal) => (cal.id ? [...c, cal.id] : c), [] as string[]);
     }
@@ -606,7 +607,7 @@ export default class GoogleCalendarService implements Calendar {
             status: 200,
             statusText: "OK",
             data: {
-              items: await GoogleService.getAllCalendars(calendar),
+              items: await getAllCalendars(calendar),
             },
           })
       );
@@ -651,7 +652,7 @@ export default class GoogleCalendarService implements Calendar {
       },
     });
     const response = res.data;
-    await GoogleService.upsertSelectedCalendar({
+    await GoogleRepository.upsertSelectedCalendar({
       userId: this.credential.userId!,
       externalId: calendarId,
       credentialId: this.credential.id,
@@ -685,7 +686,7 @@ export default class GoogleCalendarService implements Calendar {
       .catch((err) => {
         console.warn(JSON.stringify(err));
       });
-    await GoogleService.upsertSelectedCalendar({
+    await GoogleRepository.upsertSelectedCalendar({
       userId: this.credential.userId!,
       externalId: calendarId,
       credentialId: this.credential.id,

Diff for: packages/app-store/googlecalendar/lib/constants.ts

@@ -0,0 +1,7 @@
+export const SCOPE_USERINFO_PROFILE = "https://www.googleapis.com/auth/userinfo.profile";
+export const SCOPE_CALENDAR_READONLY = "https://www.googleapis.com/auth/calendar.readonly";
+export const SCOPE_CALENDAR_EVENT = "https://www.googleapis.com/auth/calendar.events";
+
+export const REQUIRED_SCOPES = [SCOPE_CALENDAR_READONLY, SCOPE_CALENDAR_EVENT];
+
+export const SCOPES = [...REQUIRED_SCOPES, SCOPE_USERINFO_PROFILE];

Diff for: packages/app-store/googlecalendar/lib/utils.ts

@@ -0,0 +1,29 @@
+import type { calendar_v3 } from "googleapis";
+
+import logger from "@calcom/lib/logger";
+
+export async function getAllCalendars(
+  calendar: calendar_v3.Calendar,
+  fields: string[] = ["id", "summary", "primary", "accessRole"]
+): Promise<calendar_v3.Schema$CalendarListEntry[]> {
+  let allCalendars: calendar_v3.Schema$CalendarListEntry[] = [];
+  let pageToken: string | undefined;
+
+  try {
+    do {
+      const response: any = await calendar.calendarList.list({
+        fields: `items(${fields.join(",")}),nextPageToken`,
+        pageToken,
+        maxResults: 250, // 250 is max
+      });
+
+      allCalendars = [...allCalendars, ...(response.data.items ?? [])];
+      pageToken = response.data.nextPageToken;
+    } while (pageToken);
+
+    return allCalendars;
+  } catch (error) {
+    logger.error("Error fetching all Google Calendars", { error });
+    throw error;
+  }
+}

Diff for: packages/features/auth/lib/next-auth-options.ts

@@ -1,6 +1,5 @@
 import type { Membership, Team, UserPermissionRole } from "@prisma/client";
 import { waitUntil } from "@vercel/functions";
-import { google } from "googleapis";
 import type { AuthOptions, Session, User } from "next-auth";
 import type { JWT } from "next-auth/jwt";
 import { encode } from "next-auth/jwt";
@@ -16,12 +15,7 @@ import ImpersonationProvider from "@calcom/features/ee/impersonation/lib/Imperso
 import { getOrgFullOrigin, subdomainSuffix } from "@calcom/features/ee/organizations/lib/orgDomains";
 import { clientSecretVerifier, hostedCal, isSAMLLoginEnabled } from "@calcom/features/ee/sso/lib/saml";
 import { checkRateLimitAndThrowError } from "@calcom/lib/checkRateLimitAndThrowError";
-import {
-  GOOGLE_CALENDAR_SCOPES,
-  GOOGLE_OAUTH_SCOPES,
-  HOSTED_CAL_FEATURES,
-  IS_CALCOM,
-} from "@calcom/lib/constants";
+import { HOSTED_CAL_FEATURES, IS_CALCOM } from "@calcom/lib/constants";
 import { ENABLE_PROFILE_SWITCHER, IS_TEAM_BILLING_ENABLED, WEBAPP_URL } from "@calcom/lib/constants";
 import { symmetricDecrypt, symmetricEncrypt } from "@calcom/lib/crypto";
 import { defaultCookies } from "@calcom/lib/default-cookies";
@@ -31,7 +25,6 @@ import { randomString } from "@calcom/lib/random";
 import { safeStringify } from "@calcom/lib/safeStringify";
 import { ProfileRepository } from "@calcom/lib/server/repository/profile";
 import { UserRepository } from "@calcom/lib/server/repository/user";
-import { GoogleService } from "@calcom/lib/server/service/google";
 import slugify from "@calcom/lib/slugify";
 import prisma from "@calcom/prisma";
 import { IdentityProvider, MembershipRole } from "@calcom/prisma/enums";
@@ -258,13 +251,6 @@ if (IS_GOOGLE_LOGIN_ENABLED) {
       clientId: GOOGLE_CLIENT_ID,
       clientSecret: GOOGLE_CLIENT_SECRET,
       allowDangerousEmailAccountLinking: true,
-      authorization: {
-        params: {
-          scope: [...GOOGLE_OAUTH_SCOPES, ...GOOGLE_CALENDAR_SCOPES].join(" "),
-          access_type: "offline",
-          prompt: "consent",
-        },
-      },
     })
   );
 }
@@ -622,55 +608,6 @@ export const getOptions = ({
           return await autoMergeIdentities();
         }
 
-        const grantedScopes = account.scope?.split(" ") ?? [];
-        if (
-          account.provider === "google" &&
-          !(await GoogleService.findFirstGoogleCalendarCredential({
-            userId: user.id as number,
-          })) &&
-          GOOGLE_CALENDAR_SCOPES.every((scope) => grantedScopes.includes(scope))
-        ) {
-          // Installing Google Calendar by default
-          const credentialkey = {
-            access_token: account.access_token,
-            refresh_token: account.refresh_token,
-            id_token: account.id_token,
-            token_type: account.token_type,
-            expires_at: account.expires_at,
-          };
-
-          const gcalCredential = await GoogleService.createGoogleCalendarCredential({
-            userId: user.id as number,
-            key: credentialkey,
-          });
-
-          if (
-            !(await GoogleService.findGoogleMeetCredential({
-              userId: user.id as number,
-            }))
-          ) {
-            await GoogleService.createGoogleMeetsCredential({
-              userId: user.id as number,
-            });
-          }
-
-          const oAuth2Client = new google.auth.OAuth2(GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET);
-          oAuth2Client.setCredentials(credentialkey);
-          const calendar = google.calendar({
-            version: "v3",
-            auth: oAuth2Client,
-          });
-          const primaryCal = await GoogleService.getPrimaryCalendar(calendar);
-          if (primaryCal?.id) {
-            await GoogleService.createSelectedCalendar({
-              credentialId: gcalCredential.id,
-              userId: user.id as number,
-              externalId: primaryCal.id,
-            });
-          }
-          await GoogleService.updateProfilePhoto(oAuth2Client, user.id as number);
-        }
-
         return {
           ...token,
           id: existingUser.id,
@@ -695,6 +632,7 @@ export const getOptions = ({
       log.debug("callbacks:session - Session callback called", safeStringify({ session, token, user }));
       const licenseKeyService = await LicenseKeySingleton.getInstance();
       const hasValidLicense = await licenseKeyService.checkLicense();
+
       const profileId = token.profileId;
       const calendsoSession: Session = {
         ...session,

Diff for: packages/lib/constants.ts

@@ -192,10 +192,3 @@ export const RECORDING_IN_PROGRESS_ICON = IS_PRODUCTION
   ? `${WEBAPP_URL}/stop-recording.svg`
   : `https://app.cal.com/stop-recording.svg`;
 
-export const SCOPE_USERINFO_PROFILE = "https://www.googleapis.com/auth/userinfo.profile";
-export const SCOPE_USERINFO_EMAIL = "https://www.googleapis.com/auth/userinfo.email";
-export const GOOGLE_OAUTH_SCOPES = [SCOPE_USERINFO_PROFILE, SCOPE_USERINFO_EMAIL];
-export const GOOGLE_CALENDAR_SCOPES = [
-  "https://www.googleapis.com/auth/calendar.events",
-  "https://www.googleapis.com/auth/calendar.readonly",
-];

Diff for: packages/lib/google.ts

@@ -0,0 +1,45 @@
+import type { OAuth2Client } from "google-auth-library";
+import type { calendar_v3 } from "googleapis";
+import { google } from "googleapis";
+
+import logger from "@calcom/lib/logger";
+
+import { UserRepository } from "./server/repository/user";
+
+export async function getAllCalendars(
+  calendar: calendar_v3.Calendar,
+  fields: string[] = ["id", "summary", "primary", "accessRole"]
+): Promise<calendar_v3.Schema$CalendarListEntry[]> {
+  let allCalendars: calendar_v3.Schema$CalendarListEntry[] = [];
+  let pageToken: string | undefined;
+
+  try {
+    do {
+      const response: any = await calendar.calendarList.list({
+        fields: `items(${fields.join(",")}),nextPageToken`,
+        pageToken,
+        maxResults: 250, // 250 is max
+      });
+
+      allCalendars = [...allCalendars, ...(response.data.items ?? [])];
+      pageToken = response.data.nextPageToken;
+    } while (pageToken);
+
+    return allCalendars;
+  } catch (error) {
+    logger.error("Error fetching all Google Calendars", { error });
+    throw error;
+  }
+}
+
+export async function updateProfilePhoto(oAuth2Client: OAuth2Client, userId: number) {
+  try {
+    const oauth2 = google.oauth2({ version: "v2", auth: oAuth2Client });
+    const userDetails = await oauth2.userinfo.get();
+    if (userDetails.data?.picture) {
+      await UserRepository.updateAvatar({ id: userId, avatarUrl: userDetails.data.picture });
+    }
+  } catch (error) {
+    logger.error("Error updating avatarUrl from google calendar connect", error);
+  }
+}

Diff for: packages/lib/server/repository/credential.ts

@@ -30,15 +30,6 @@ export class CredentialRepository {
     });
   }
 
-  static async findFirstByAppIdAndUserId({ appId, userId }: { appId: string; userId: number }) {
-    return await prisma.credential.findFirst({
-      where: {
-        appId,
-        userId,
-      },
-    });
-  }
-
   static async findFirstByUserIdAndType({ userId, type }: { userId: number; type: string }) {
     return await prisma.credential.findFirst({ where: { userId, type } });
   }