📁 feat: Integrate SharePoint File Picker and Download Workflow (#8651)

* feat(sharepoint): integrate SharePoint file picker and download workflow Introduces end‑to‑end SharePoint import support: * Token exchange with Microsoft Graph and scope management (`useSharePointToken`) * Re‑usable hooks: `useSharePointPicker`, `useSharePointDownload`, `useSharePointFileHandling` * FileSearch dropdown now offers **From Local Machine** / **From SharePoint** sources and gracefully falls back when SharePoint is disabled * Agent upload model, `AttachFileMenu`, and `DropdownPopup` extended for SharePoint files and sub‑menus * Blurry overlay with progress indicator and `maxSelectionCount` limit during downloads * Cache‑flush utility (`config/flush-cache.js`) supporting Redis & filesystem, with dry‑run and npm script * Updated `SharePointIcon` (uses `currentColor`) and new i18n keys * Bug fixes: placeholder syntax in progress message, picker event‑listener cleanup * Misc style and performance optimizations * Fix ESLint warnings --------- Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
2025-09-22 08:12:00 +02:00 · 2025-07-25 00:03:23 -04:00 · 2025-07-25 00:03:23 -04:00 · a955097faf
commit a955097faf
parent b6413b06bc
40 changed files with 2500 additions and 123 deletions
--- a/api/server/controllers/AuthController.js
+++ b/api/server/controllers/AuthController.js
@ -12,6 +12,7 @@ const {
 } = require('~/server/services/AuthService');
 const { findUser, getUserById, deleteAllUserSessions, findSession } = require('~/models');
 const { getOpenIdConfig } = require('~/strategies');
+const { getGraphApiToken } = require('~/server/services/GraphTokenService');

 const registrationController = async (req, res) => {
  try {
@ -118,9 +119,54 @@ const refreshController = async (req, res) => {
  }
 };

+const graphTokenController = async (req, res) => {
+  try {
+    // Validate user is authenticated via Entra ID
+    if (!req.user.openidId || req.user.provider !== 'openid') {
+      return res.status(403).json({
+        message: 'Microsoft Graph access requires Entra ID authentication',
+      });
+    }
+
+    // Check if OpenID token reuse is active (required for on-behalf-of flow)
+    if (!isEnabled(process.env.OPENID_REUSE_TOKENS)) {
+      return res.status(403).json({
+        message: 'SharePoint integration requires OpenID token reuse to be enabled',
+      });
+    }
+
+    // Extract access token from Authorization header
+    const authHeader = req.headers.authorization;
+    if (!authHeader || !authHeader.startsWith('Bearer ')) {
+      return res.status(401).json({
+        message: 'Valid authorization token required',
+      });
+    }
+
+    // Get scopes from query parameters
+    const scopes = req.query.scopes;
+    if (!scopes) {
+      return res.status(400).json({
+        message: 'Graph API scopes are required as query parameter',
+      });
+    }
+
+    const accessToken = authHeader.substring(7); // Remove 'Bearer ' prefix
+    const tokenResponse = await getGraphApiToken(req.user, accessToken, scopes);
+
+    res.json(tokenResponse);
+  } catch (error) {
+    logger.error('[graphTokenController] Failed to obtain Graph API token:', error);
+    res.status(500).json({
+      message: 'Failed to obtain Microsoft Graph token',
+    });
+  }
+};
+
 module.exports = {
  refreshController,
  registrationController,
  resetPasswordController,
  resetPasswordRequestController,
+  graphTokenController,
 };