Commit Graph

20 Commits

Author SHA1 Message Date
Peter Steinberger
2652d2a65c refactor(auth): simplify account and token-source resolution 2026-03-07 23:48:50 +00:00
Peter Steinberger
11efb052e5 feat(auth): add direct access-token mode (#419) (thanks @mmkal) 2026-03-07 23:39:43 +00:00
Peter Steinberger
a2f001e3df fix(auth): persist rotated refresh tokens (#373) (thanks @joshp123) 2026-03-07 17:57:37 +00:00
the sun gif man
59ab29458c
fix(auth): persist rotated refresh tokens during API calls (#373)
Why
- gogcli refreshed access tokens from a stored refresh token but never wrote back
  a rotated refresh token returned by Google.
- In multi-process CLI usage this can leave keyring state stale across invocations
  and eventually cause invalid_grant when the old token is retired.

What
- add persistingTokenSource wrapper in internal/googleapi/client.go
- wrap oauth2.Config TokenSource in tokenSourceForAccountScopes
- persist rotated refresh token back into secrets store when it changes
- keep persistence failures non-fatal (warn, return token)
- add unit tests for rotate/no-rotate/persist-failure paths

Tests
- go test ./internal/googleapi
2026-03-07 17:57:23 +00:00
John Westerlund
fae24e3b1d
fix(auth): restrict Keep service account to Keep API calls only (#414)
When a Keep-specific service account file (keep-sa-*.json) exists,
tokenSourceForServiceAccountScopes falls back to it for all API calls,
not just Keep. This causes 401 errors on Calendar, Gmail, Drive, and
other services that should use OAuth.

Only use keep-sa and legacy Keep SA files when serviceLabel is "keep",
allowing other services to fall through to OAuth authentication.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 16:47:39 +00:00
laihenyi
449beff88b
fix(googleapi): replace Client.Timeout with transport-level ResponseHeaderTimeout (#425)
* feat(drive): include shortcutDetails in drive get fields

Add shortcutDetails to the Drive Get API fields to enable resolving
shortcut target file IDs and MIME types.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix(googleapi): replace Client.Timeout with transport-level ResponseHeaderTimeout

The global http.Client.Timeout (30s) applied to the entire request
lifecycle, causing large Drive file downloads (videos, backups, etc.)
to time out. Replace it with http.Transport.ResponseHeaderTimeout
which only limits the time waiting for the server to begin responding.
Once response headers arrive and the body starts streaming, there is
no hard cap — large transfers complete naturally.

- Set ResponseHeaderTimeout=30s on the base transport
- Remove http.Client.Timeout from the API client
- Keep a dedicated tokenExchangeTimeout=30s for OAuth2 token refreshes
- Add tests verifying the new transport configuration

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 16:44:37 +00:00
Peter Steinberger
e84b243b44 fix: timezone fallback and attachment output hardening
Lands #228.

Co-authored-by: salmonumbrella <182032677+salmonumbrella@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14 14:06:25 +01:00
Peter Steinberger
1a19a27f07 fix(googleapi): honor proxy env in custom OAuth transport 2026-02-13 18:36:58 +01:00
Peter Steinberger
99d957581f feat(auth): add multi-org login
Some checks failed
ci / test (push) Has been cancelled
ci / worker (push) Has been cancelled
ci / darwin-cgo-build (push) Has been cancelled
2026-01-22 04:04:14 +00:00
Peter Steinberger
3c131fb1e3 feat(auth): support Workspace service accounts (#54) (thanks @pvieito) 2026-01-11 02:09:05 +01:00
Peter Steinberger
3c1afc6caf chore: tighten lint rules and fix findings 2025-12-31 19:47:32 +01:00
Peter Steinberger
348f6d2a05 test: raise coverage and tighten lint 2025-12-31 14:31:49 +01:00
salmonumbrella
d2be673d10
feat: add retry logic, concurrent fetching, and extended commands
Resilience:
- RetryTransport with circuit breaker for 429/5xx resilience
- Exponential backoff with jitter, respects Retry-After headers
- Circuit breaker auto-resets after 30s of successful requests

Performance:
- Concurrent gmail thread fetching (fixes N+1 query pattern)
- Bounded concurrency with semaphore (max 10 parallel)

New calendar commands:
- colors: list available event/calendar colors
- conflicts: check availability across calendars
- search: find events by text query
- time: show current time in multiple timezones

New gmail commands:
- autoforward: get/enable/disable auto-forwarding
- delegates: list/add/remove mail delegation
- filters: list/create/delete inbox filters
- forwarding: manage forwarding addresses
- sendas: manage send-as aliases
- vacation: get/enable/disable vacation responder
- batch: bulk operations (mark-read, archive, label, delete)
- watch: Pub/Sub push with webhook forwarding

New services:
- Sheets: read/write/append spreadsheet data
- Tasks: manage tasklists and tasks

Developer experience:
- Shell completion (bash, zsh, fish, powershell)
- version command with build info
- --debug flag for verbose logging
- lefthook for pre-commit hooks

Documentation:
- Expanded README with examples
- Gmail watch/Pub/Sub guide (docs/watch.md)
- Architecture spec (docs/spec.md)
- Release process (docs/RELEASING.md)
2025-12-24 17:51:21 -08:00
Peter Steinberger
c6e17331d1 test: raise coverage (auth + googleapi + helpers) 2025-12-12 16:32:07 +00:00
Peter Steinberger
f27117ba33 test: raise coverage for drive and googleapi 2025-12-12 16:03:20 +00:00
Peter Steinberger
dbd3846fcc Auth: don't pre-check stored scopes 2025-12-12 15:03:03 +00:00
Peter Steinberger
c0589dca9d OAuth2: bound refresh-token HTTP with timeout 2025-12-12 14:55:19 +00:00
Peter Steinberger
654ce4740f Google API: set default HTTP timeout 2025-12-12 14:51:17 +00:00
Peter Steinberger
001d61210c People API: per-endpoint scopes + other contacts scope 2025-12-12 14:44:40 +00:00
Peter Steinberger
bfbc6e4323 Unify Google CLI with auth, services, and CI 2025-12-12 14:18:38 +00:00