Google Drive

[gconsigli]

Allows you to create a space from Google Drive using the Google Drive API!

Google-Drive-Demo-Small.mp4

Note: Before this integration is published to the Chrome Web Store, the credentials need to be changed from development credentials (that only work with a limited number of Google accounts) to credentials verified with the extension on the Chrome Web Store:

This PR also includes the UUID dependency in yarn.lock which is needed for the LinkedIn integration.

[gemini-code-assist]

Hello @gconsigli, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

Summary of Changes

Hello team, gemini-code-assist here with a summary of this pull request titled "Google Drive".

The primary goal of this PR is to introduce a new integration that allows users to create 'spaces' within the application based on the content of their Google Drive. This involves implementing the necessary authentication flow using Google OAuth2 and fetching metadata about the user's files from the Google Drive API. A new connection type is added that triggers when the user is on a Google Drive URL, orchestrating the authentication, data fetching, space creation, and UI injection process.

Highlights

• New Google Drive Integration: Adds a new connection type specifically for Google Drive, enabling the creation of spaces from Drive content.
• Google OAuth2 Implementation: Integrates Google OAuth2 using the chrome.identity API to authenticate the user and obtain an access token for accessing Google Drive.
• Google Drive API Interaction: Fetches metadata (ID and name) for up to 2000 files from the user's Google Drive using the Google Drive v3 API, handling pagination.
• Connection Manager Update: Registers the new Google Drive connection in the application's connection manager, making it available for use.
• Configuration Updates: Adds necessary identity permission and oauth2 client ID/scopes configuration to the manifest and Plasmo config for Google authentication.

Changelog

Click here to see the changelog

• .gitignore
  • Added package-lock.json to the ignore list.
• package.json
  • Added identity permission to the manifest.
  • Added oauth2 configuration including a client_id and drive.readonly scope for Google authentication.
• plasmo.config.ts
  • Updated configuration to use defineConfig.
  • Added name and version fields.
  • Replaced webRequest permission with identity.
  • Added oauth2 configuration with a client_id (note: different from package.json) and drive.readonly scope.
• src/background.ts
  • Added an unused import for request from http.
  • Added a new message listener for action: "initiateOAuth".
  • Implemented an asynchronous function initiateSignIn to get a Google OAuth token using chrome.identity.getAuthToken.
  • Within the initiateOAuth listener, calls initiateSignIn.
  • If a token is obtained, fetches Google Drive file metadata (id, name) from the Drive v3 API, handling pagination up to 2000 files.
  • Sends the fetched files and token back via sendResponse or an error if the process fails.
• src/connection_manager.tsx
  • Imported the new GoogleDriveConnection.
  • Added GoogleDriveConnection to the CONNECTIONS array.
• src/connections/googleDrive/connection.tsx
  • Added a new file defining the GoogleDriveConnection.
  • Includes unused imports for create from domain, walk from acorn-walk, escodegen, acorn, and median from d3-array.
  • Defines a trigger function that matches URLs containing "drive.google.com".
  • Defines getDriveFiles to send a message to the background script to initiate OAuth and fetch files.
  • Defines createSpace to manage the space creation flow: fetch files, call reqSpaceCreation with file metadata, and call injectUI.
  • Defines injectUI to get the space portal and prepend it to the document body.
  • Exports the GoogleDriveConnection object with its properties (name, description, icon, trigger, createSpace, injectUI).

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

Drive files in the cloud,
Fetched with token, proud,
Space is made anew,
For me and for you,
Code review makes bugs disallowed.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a significant new feature: integrating Google Drive to allow users to create spaces from their Drive files. This is a valuable addition to the application's capabilities.

The implementation correctly uses chrome.identity.getAuthToken for OAuth and handles pagination for fetching files from the Google Drive API. However, there are several critical and high-severity issues that need to be addressed before this PR can be merged, particularly concerning security (hardcoded and inconsistent client IDs, token logging) and code hygiene (unused imports, potential runtime errors).

The PR description commendably notes the need to update credentials for production, which is crucial.

Summary of Findings

• Security: Hardcoded and Inconsistent Client IDs: OAuth client_ids are hardcoded in package.json and plasmo.config.ts, and they are inconsistent between the two files. This is a critical security and configuration issue that must be resolved before merging. Credentials should be managed securely, not committed directly.
• Security: Access Token Logging: Access tokens are logged to the console in src/background.ts and src/connections/googleDrive/connection.tsx. This is a high-severity security risk and should be removed or made conditional for debugging only.
• Runtime Errors: Invalid Imports: Node.js core modules (http, domain) are imported in browser/extension contexts (src/background.ts, src/connections/googleDrive/connection.tsx), which will cause runtime errors. These must be removed.
• Error Handling: Undefined File Metadata: In src/connections/googleDrive/connection.tsx, fileMetadata obtained from getDriveFiles() can be undefined but is used without a prior check, potentially leading to runtime errors. This needs to be handled.
• Code Hygiene: Unused Imports: Several modules (acorn-walk, escodegen, acorn, d3-array, registerAuthCookies) appear to be imported but unused in src/connections/googleDrive/connection.tsx for the current scope of changes. These should be reviewed and removed if not necessary.
• Configuration: Hardcoded File Limit: A hardcoded limit of 2000 files is applied when fetching from Google Drive. This should be documented, made configurable, or users should be informed if the limit is reached.
• Functionality: LinkedInConnection Removal: The LinkedInConnection was removed from CONNECTIONS in src/connection_manager.tsx. This should be confirmed as intentional.

Merge Readiness

This pull request introduces a valuable Google Drive integration. However, due to the presence of several critical and high severity issues, particularly concerning security (hardcoded client IDs, token logging) and potential runtime errors from invalid imports, I recommend that these issues be addressed before the pull request is merged. The PR description's note about changing credentials is very important and needs careful execution. As a reviewer, I am not authorized to approve pull requests, but I strongly advise resolving these points to ensure code quality, security, and stability. Other reviewers should also assess these changes before merging.

[DemonizedCrush]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces Google Drive integration and updates the UUID dependency. The OAuth and file fetching are implemented in the background script, with a new connection type for Google Drive.

Key areas for improvement:

• Security: The OAuth client_id is hardcoded in package.json and plasmo.config.ts. Manage this via environment variables.
• Error Handling: Improve error propagation from getDriveFiles to createSpace.
• Type Safety: Replace any[] for Google Drive file metadata with specific TypeScript interfaces.
• Maintainability: Remove the http import in background.ts and consider constants for hardcoded values.

[gconsigli]

Will merge once Google verifies the client_id