-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathgoogle_oauth_callback.php
More file actions
103 lines (82 loc) · 3.24 KB
/
google_oauth_callback.php
File metadata and controls
103 lines (82 loc) · 3.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<?php
/**
* Google OAuth 2.0 Callback Handler
*
* Receives the authorization code from Google and exchanges it
* for access + refresh tokens. Mirrors oauth_callback.php for Microsoft.
*/
require_once 'config.php';
require_once 'includes/encryption.php';
if (!isset($_GET['code'])) {
if (isset($_GET['error'])) {
die('Google OAuth Error: ' . htmlspecialchars($_GET['error']));
}
die('No authorization code received.');
}
$authCode = $_GET['code'];
$state = $_GET['state'] ?? '';
// Parse state: format "google_mailbox_ID_randomhex"
$mailboxId = null;
if (preg_match('/^google_mailbox_(\d+)_/', $state, $matches)) {
$mailboxId = (int)$matches[1];
}
if (!$mailboxId) {
die('Missing mailbox ID in state parameter.');
}
try {
$dsn = "mysql:host=" . DB_SERVER . ";dbname=" . DB_NAME . ";charset=utf8mb4";
$conn = new PDO($dsn, DB_USERNAME, DB_PASSWORD);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Get mailbox config
$stmt = $conn->prepare("SELECT * FROM target_mailboxes WHERE id = ?");
$stmt->execute([$mailboxId]);
$mailbox = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$mailbox) {
die('Mailbox not found.');
}
$mailbox = decryptMailboxRow($mailbox);
// Exchange code for tokens
// Google uses azure_client_id / azure_client_secret columns (repurposed for Google credentials)
$postData = [
'code' => $authCode,
'client_id' => $mailbox['azure_client_id'],
'client_secret' => $mailbox['azure_client_secret'],
'redirect_uri' => $mailbox['oauth_redirect_uri'],
'grant_type' => 'authorization_code'
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://oauth2.googleapis.com/token');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($postData));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, SSL_VERIFY_PEER);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, SSL_VERIFY_PEER ? 2 : 0);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if (curl_errno($ch)) {
throw new Exception('cURL error: ' . curl_error($ch));
}
curl_close($ch);
if ($httpCode !== 200) {
throw new Exception('Failed to get tokens. HTTP ' . $httpCode . '. Response: ' . $response);
}
$tokenData = json_decode($response, true);
if (!isset($tokenData['access_token'])) {
throw new Exception('Access token not found in response: ' . $response);
}
$tokens = [
'access_token' => $tokenData['access_token'],
'refresh_token' => $tokenData['refresh_token'] ?? null,
'expires_in' => $tokenData['expires_in'] ?? 3600,
'token_type' => $tokenData['token_type'] ?? 'Bearer',
'expires_at' => time() + ($tokenData['expires_in'] ?? 3600),
'created_at' => time()
];
// Save tokens
$stmt = $conn->prepare("UPDATE target_mailboxes SET token_data = ? WHERE id = ?");
$stmt->execute([json_encode($tokens), $mailboxId]);
header('Location: tickets/settings/index.php?oauth=success&mailbox_id=' . $mailboxId);
exit;
} catch (Exception $e) {
die('Error getting Google tokens: ' . htmlspecialchars($e->getMessage()));
}