Added Outlook integration toolkit #3
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,94 @@ | ||
| import { Tool, type ToolParams } from "./base.js"; | ||
| import fetch from 'node-fetch'; | ||
|
|
||
| export interface Email { | ||
| sender: string; | ||
| subject: string; | ||
| // Add other properties as needed | ||
| } | ||
|
|
||
| export class OutlookIntegration extends Tool { | ||
| accessToken: string; // Store the OAuth2 access token | ||
|
|
||
| constructor(params: ToolParams, accessToken: string) { | ||
| super(params); | ||
| this.accessToken = accessToken; // Initialize with an OAuth2 access token | ||
| } | ||
|
|
||
| async readEmails(): Promise<Email[]> { | ||
| try { | ||
| const response = await fetch("https://graph.microsoft.com/v1.0/me/mailFolders('Inbox')/messages?$select=sender,subject", { | ||
| headers: { | ||
| Authorization: `Bearer ${this.accessToken}`, | ||
| }, | ||
| }); | ||
|
|
||
| if (!response.ok) { | ||
| throw new Error(`Error: ${response.status}`); | ||
| } | ||
|
|
||
| const data = await response.json(); | ||
| return data.value; // Assuming 'value' contains the array of emails | ||
| } catch (error) { | ||
| console.error("Failed to read emails:", error); | ||
| throw error; | ||
| } | ||
|
Comment on lines
+32
to
+35
There was a problem hiding this comment. In the
Comment on lines
+32
to
+35
There was a problem hiding this comment. Security Issue: Error Handling and Logging The error handling in the readEmails and sendEmail methods could potentially leak sensitive information. When an error occurs, the error details are logged using console.error, which may include sensitive information such as the access token or other details about the API request. Actionable Feedback:
By handling errors carefully and avoiding the logging of sensitive information, you can prevent unauthorized access to sensitive data and maintain the security of your application.
|
||
| } | ||
|
|
||
| async sendEmail(to: string, subject: string, content: string): Promise<void> { | ||
| const message = { | ||
| message: { | ||
| subject: subject, | ||
| body: { | ||
| contentType: "Text", | ||
| content: content, | ||
| }, | ||
| toRecipients: [ | ||
| { | ||
| emailAddress: { | ||
| address: to, | ||
| }, | ||
| }, | ||
| ], | ||
| }, | ||
| }; | ||
|
|
||
| try { | ||
| const response = await fetch("https://graph.microsoft.com/v1.0/me/sendMail", { | ||
| method: "POST", | ||
| headers: { | ||
| Authorization: `Bearer ${this.accessToken}`, | ||
| 'Content-Type': 'application/json', | ||
| }, | ||
| body: JSON.stringify(message), | ||
| }); | ||
|
|
||
| if (!response.ok) { | ||
| throw new Error(`Error: ${response.status}`); | ||
| } | ||
|
|
||
| console.log("Email sent successfully"); | ||
| } catch (error) { | ||
| console.error("Failed to send email:", error); | ||
| throw error; | ||
| } | ||
| } | ||
|
|
||
| // You can add more methods for other features like managing contacts, calendar, etc. | ||
|
|
||
| } | ||
|
|
||
|
|
||
| // import fetch from "node-fetch"; | ||
|
|
||
| // const accessToken = "YOUR_ACCESS_TOKEN"; | ||
|
|
||
| // const response = await fetch("https://graph.microsoft.com/v1.0/me/messages", { | ||
| // headers: { | ||
| // Authorization: `Bearer ${accessToken}`, | ||
| // }, | ||
| // }); | ||
|
|
||
| // const data = await response.json(); | ||
|
|
||
| // console.log(data); | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security Issue: Access Token Storage
Storing the access token directly in the OutlookIntegration class as a property poses a security risk. If the codebase is compromised, an attacker could gain access to the stored access token and misuse it to access user data or perform unauthorized actions.
Actionable Feedback:
By following these recommendations, you can enhance the security of your application and protect user data from unauthorized access.