feat: Linear OAuth 2.0 (#10851)

Fixes https://linear.app/chatwoot/issue/CW-3417/oauth-20-authentication We are planning to publish the Chatwoot app in the Linear [integration list](https://linear.app/docs/integration-directory). While we currently use token-based authentication, Linear recommends OAuth2 authentication. This PR implements OAuth2 support. --------- Co-authored-by: Sivin Varghese <64252451+iamsivin@users.noreply.github.com> Co-authored-by: Shivam Mishra <scm.mymail@gmail.com>
2025-02-27 18:15:53 +05:30
parent 30996140a3
commit 12134f9391
18 changed files with 432 additions and 29 deletions
--- a/app/controllers/api/v1/accounts/integrations/linear_controller.rb
+++ b/app/controllers/api/v1/accounts/integrations/linear_controller.rb
@@ -1,5 +1,11 @@
 class Api::V1::Accounts::Integrations::LinearController < Api::V1::Accounts::BaseController
  before_action :fetch_conversation, only: [:link_issue, :linked_issues]
+  before_action :fetch_hook, only: [:destroy]
+
+  def destroy
+    @hook.destroy!
+    head :ok
+  end

  def teams
    teams = linear_processor_service.teams
@@ -90,4 +96,8 @@ class Api::V1::Accounts::Integrations::LinearController < Api::V1::Accounts::Bas
  def permitted_params
    params.permit(:team_id, :project_id, :conversation_id, :issue_id, :link_id, :title, :description, :assignee_id, :priority, label_ids: [])
  end
+
+  def fetch_hook
+    @hook = Integrations::Hook.where(account: Current.account).find_by(app_id: 'linear')
+  end
 end
--- a/app/controllers/linear/callbacks_controller.rb
+++ b/app/controllers/linear/callbacks_controller.rb
@@ -0,0 +1,70 @@
+class Linear::CallbacksController < ApplicationController
+  include Linear::IntegrationHelper
+
+  def show
+    @response = oauth_client.auth_code.get_token(
+      params[:code],
+      redirect_uri: "#{base_url}/linear/callback"
+    )
+
+    handle_response
+  rescue StandardError => e
+    Rails.logger.error("Linear callback error: #{e.message}")
+    redirect_to linear_redirect_uri
+  end
+
+  private
+
+  def oauth_client
+    OAuth2::Client.new(
+      ENV.fetch('LINEAR_CLIENT_ID', nil),
+      ENV.fetch('LINEAR_CLIENT_SECRET', nil),
+      {
+        site: 'https://api.linear.app',
+        token_url: '/oauth/token',
+        authorize_url: '/oauth/authorize'
+      }
+    )
+  end
+
+  def handle_response
+    hook = account.hooks.new(
+      access_token: parsed_body['access_token'],
+      status: 'enabled',
+      app_id: 'linear',
+      settings: {
+        token_type: parsed_body['token_type'],
+        expires_in: parsed_body['expires_in'],
+        scope: parsed_body['scope']
+      }
+    )
+    # You may wonder why we're not handling the refresh token update, since the token will expire only after 10 years, https://github.com/linear/linear/issues/251
+    hook.save!
+    redirect_to linear_redirect_uri
+  rescue StandardError => e
+    Rails.logger.error("Linear callback error: #{e.message}")
+    redirect_to linear_redirect_uri
+  end
+
+  def account
+    @account ||= Account.find(account_id)
+  end
+
+  def account_id
+    return unless params[:state]
+
+    verify_linear_token(params[:state])
+  end
+
+  def linear_redirect_uri
+    "#{ENV.fetch('FRONTEND_URL', nil)}/app/accounts/#{account.id}/settings/integrations/linear"
+  end
+
+  def parsed_body
+    @parsed_body ||= @response.response.parsed
+  end
+
+  def base_url
+    ENV.fetch('FRONTEND_URL', 'http://localhost:3000')
+  end
+end