o365 integration v1

2026-02-26 22:17:28 +01:00 · 2026-02-26 22:17:28 +01:00 · 2f9218ce0e
parent b7da3b3ffc
commit 2f9218ce0e
8 changed files with 255 additions and 2 deletions
--- a/ka-note/.env.example
+++ b/ka-note/.env.example
@ -7,6 +7,14 @@ AZURE_TENANT_ID=<azure-ad-tenant-id>
 # AI lock duration in hours (default: 24, use 168 for 7 days)
 # AI_LOCK_EXPIRY_HOURS=168

+# Graph API calendar integration (OBO flow)
+# AZURE_CLIENT_SECRET=<client-secret-value>
+# AZURE_OBO_CLIENT_ID=<client-id of the app registration the frontend uses>
+# Only needed if VITE_AZURE_CLIENT_ID != AZURE_CLIENT_ID (separate frontend/backend registrations).
+# The OBO assertion token's audience must match this client_id.
+# Required: App Registration → API permissions → Microsoft Graph → Calendars.Read (delegated) → Grant admin consent
+# Then: Certificates & secrets → New client secret → copy value here
+
 # Client needs VITE_ prefix — create client/.env with:
 # VITE_AZURE_CLIENT_ID=<same as above>
 # VITE_AZURE_TENANT_ID=<same as above>
--- a/ka-note/client/src/lib/components/JournalView.svelte
+++ b/ka-note/client/src/lib/components/JournalView.svelte
@ -16,7 +16,9 @@
 	import { useUnsavedGuard } from '$lib/utils/unsavedGuard.svelte';
 	import EventCard from './EventCard.svelte';
 	import { eventsForDate } from '$lib/stores/agenda';
-	import { createEvent } from '$lib/db/repositories';
+	import { createEvent, updateEventNotes } from '$lib/db/repositories';
+	import { fetchCalendarEvents, type CalendarEvent } from '$lib/utils/calendarApi';
+	import type { PersonMeta } from '@ka-note/shared';

 	interface Props {
 		contextId: string;
@ -211,6 +213,47 @@
 	let newEventTitle = $state('');
 	let newEventTime = $state('');
 	let newEventParticipants = $state('');
+	let pendingBodyPreview = $state('');
+
+	// Calendar picker
+	let calendarPickerOpen = $state(false);
+	let calendarLoading = $state(false);
+	let calendarError = $state<string | null>(null);
+	let calendarEvents = $state<CalendarEvent[]>([]);
+
+	async function openCalendarPicker() {
+		if (!showNewEventForm) openNewEventForm();
+		calendarLoading = true;
+		calendarError = null;
+		calendarPickerOpen = true;
+		calendarEvents = [];
+		try {
+			calendarEvents = await fetchCalendarEvents(selectedDate);
+		} catch {
+			calendarError = 'Kalender nicht verfügbar';
+		} finally {
+			calendarLoading = false;
+		}
+	}
+
+	async function selectCalendarEvent(ev: CalendarEvent) {
+		newEventTitle = ev.subject;
+		newEventTime = ev.start;
+		pendingBodyPreview = ev.bodyPreview;
+
+		const persons = await db.contexts
+			.filter(c => !c.deletedAt && c.type === 'person')
+			.toArray();
+		const mentions = ev.attendees.map(att => {
+			const match = persons.find(
+				p => (p.meta as PersonMeta | null)?.email?.toLowerCase() === att.email.toLowerCase()
+			);
+			const name = match ? match.name : att.name;
+			return name.includes(' ') ? `@"${name}"` : `@${name}`;
+		});
+		newEventParticipants = mentions.join(' ');
+		calendarPickerOpen = false;
+	}

 	const dateEvents = $derived(eventsForDate(selectedDate));

@ -236,10 +279,14 @@
 		const title = newEventTitle.trim();
 		if (!title) return;
 		const participants = parseEventParticipants(newEventParticipants);
-		await createEvent(selectedDate, newEventTime || '00:00', title, participants);
+		const event = await createEvent(selectedDate, newEventTime || '00:00', title, participants);
+		if (pendingBodyPreview.trim()) {
+			await updateEventNotes(event.id, pendingBodyPreview.trim());
+		}
 		newEventTitle = '';
 		newEventTime = '';
 		newEventParticipants = '';
+		pendingBodyPreview = '';
 		showNewEventForm = false;
 	}

@ -380,8 +427,41 @@
 							class="rounded bg-[#444] px-3 py-1 text-sm text-white hover:bg-[#555]"
 							onclick={() => (showNewEventForm = false)}
 						>Abbrechen</button>
+						<button
+							type="button"
+							class="ml-auto rounded border border-[#444] px-3 py-1 text-sm text-muted hover:border-[#666] hover:text-white"
+							onclick={openCalendarPicker}
+						>Aus Kalender</button>
 					</div>
 				</div>
+				{#if calendarPickerOpen}
+					<div class="mb-3 rounded border border-[#444] bg-[#1e1e1e] shadow-lg">
+						{#if calendarLoading}
+							<div class="px-3 py-2 text-sm text-muted">Lade...</div>
+						{:else if calendarError}
+							<div class="px-3 py-2 text-sm text-red-400">{calendarError}</div>
+						{:else if calendarEvents.length === 0}
+							<div class="px-3 py-2 text-sm text-muted">Keine Termine für diesen Tag</div>
+						{:else}
+							{#each calendarEvents as ev (ev.id)}
+								<button
+									class="w-full px-3 py-2 text-left text-sm hover:bg-[#2a2a2a]"
+									onclick={() => selectCalendarEvent(ev)}
+								>
+									<span class="font-mono text-[#aaa]">{ev.start}</span>
+									<span class="ml-2 text-white">{ev.subject}</span>
+									{#if ev.attendees.length > 0}
+										<span class="ml-2 text-xs text-muted">{ev.attendees.map(a => a.name).join(', ')}</span>
+									{/if}
+								</button>
+							{/each}
+						{/if}
+						<button
+							class="w-full border-t border-[#333] px-3 py-1.5 text-left text-xs text-muted hover:bg-[#2a2a2a]"
+							onclick={() => (calendarPickerOpen = false)}
+						>Schließen</button>
+					</div>
+				{/if}
 			{/if}
 			{#each $dateEvents ?? [] as event (event.id)}
 				<div class="mb-2">
--- a/ka-note/client/src/lib/utils/calendarApi.ts
+++ b/ka-note/client/src/lib/utils/calendarApi.ts
@ -0,0 +1,16 @@
+import { authFetch } from '$lib/auth/apiClient';
+
+export interface CalendarEvent {
+  id: string;
+  subject: string;
+  start: string; // "HH:MM"
+  end: string;   // "HH:MM"
+  bodyPreview: string;
+  attendees: { name: string; email: string }[];
+}
+
+export async function fetchCalendarEvents(date: string): Promise<CalendarEvent[]> {
+  const res = await authFetch(`/api/calendar/events?date=${encodeURIComponent(date)}`);
+  if (!res.ok) throw new Error(`calendar fetch failed: ${res.status}`);
+  return res.json() as Promise<CalendarEvent[]>;
+}
--- a/ka-note/server/ka-note.db-shm
+++ b/ka-note/server/ka-note.db-shm
--- a/ka-note/server/ka-note.db-wal
+++ b/ka-note/server/ka-note.db-wal
--- a/ka-note/server/src/index.ts
+++ b/ka-note/server/src/index.ts
@ -16,6 +16,7 @@ import pushRoutes from './routes/push.js';
 import backupRoutes from './routes/backup.js';
 import apiKeyRoutes from './routes/api-keys.js';
 import searchRoutes from './routes/search.js';
+import calendarRoutes from './routes/calendar.js';
 import { runScheduledBackup, runIfMissed, checkIntegrity } from './lib/backup-service.js';
 import { sqlite } from './db/connection.js';

@ -100,6 +101,9 @@ app.use('/api/search/*', authMiddleware);
 app.use('/api/search', authMiddleware);
 app.route('/api/search', searchRoutes);

+app.use('/api/calendar/*', authMiddleware);
+app.route('/api/calendar', calendarRoutes);
+
 // OpenAPI spec + Scalar UI
 app.openAPIRegistry.registerComponent('securitySchemes', 'BearerAuth', {
  type: 'http',
--- a/ka-note/server/src/lib/graph-service.ts
+++ b/ka-note/server/src/lib/graph-service.ts
@ -0,0 +1,118 @@
+export interface CalendarEvent {
+  id: string;
+  subject: string;
+  start: string; // "HH:MM"
+  end: string;   // "HH:MM"
+  bodyPreview: string;
+  attendees: { name: string; email: string }[];
+}
+
+interface OboTokenEntry {
+  accessToken: string;
+  expiresAt: number; // ms
+}
+
+const tokenCache = new Map<string, OboTokenEntry>();
+
+const tenantId = process.env.AZURE_TENANT_ID ?? '';
+// OBO client_id must match the audience of the client's access token.
+// Use AZURE_OBO_CLIENT_ID if the frontend uses a different app registration than the server.
+const oboClientId = process.env.AZURE_OBO_CLIENT_ID ?? process.env.AZURE_CLIENT_ID ?? '';
+const clientSecret = process.env.AZURE_CLIENT_SECRET ?? '';
+
+async function getOboToken(userToken: string, userId: string): Promise<string> {
+  const cached = tokenCache.get(userId);
+  if (cached && cached.expiresAt > Date.now() + 60_000) {
+    return cached.accessToken;
+  }
+
+  const body = new URLSearchParams({
+    client_id: oboClientId,
+    client_secret: clientSecret,
+    grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
+    assertion: userToken,
+    requested_token_use: 'on_behalf_of',
+    scope: 'https://graph.microsoft.com/Calendars.Read',
+  });
+
+  const res = await fetch(
+    `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token`,
+    { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body },
+  );
+
+  if (!res.ok) {
+    const detail = await res.text();
+    throw new Error(`OBO token exchange failed (${res.status}): ${detail}`);
+  }
+
+  const json = await res.json() as { access_token: string; expires_in: number };
+  const entry: OboTokenEntry = {
+    accessToken: json.access_token,
+    expiresAt: Date.now() + json.expires_in * 1000,
+  };
+  tokenCache.set(userId, entry);
+  return entry.accessToken;
+}
+
+function toHHMM(dateTime: string): string {
+  // Graph returns "2026-02-26T09:30:00.0000000" (local TZ, no Z)
+  return dateTime.slice(11, 16);
+}
+
+export async function getCalendarEvents(
+  userToken: string,
+  userId: string,
+  userEmail: string,
+  date: string,
+): Promise<CalendarEvent[]> {
+
+  const graphToken = await getOboToken(userToken, userId);
+
+  const start = `${date}T00:00:00`;
+  const end = `${date}T23:59:59`;
+  const select = 'id,subject,start,end,bodyPreview,attendees,isAllDay';
+  const url =
+    `https://graph.microsoft.com/v1.0/me/calendarView` +
+    `?startDateTime=${encodeURIComponent(start)}` +
+    `&endDateTime=${encodeURIComponent(end)}` +
+    `&$select=${select}` +
+    `&$top=50`;
+
+  const res = await fetch(url, {
+    headers: {
+      Authorization: `Bearer ${graphToken}`,
+      'Content-Type': 'application/json',
+    },
+  });
+
+  if (!res.ok) {
+    const detail = await res.text();
+    throw new Error(`Graph calendarView failed (${res.status}): ${detail}`);
+  }
+
+  type GraphEvent = {
+    id: string;
+    subject: string;
+    start: { dateTime: string };
+    end: { dateTime: string };
+    bodyPreview: string;
+    isAllDay: boolean;
+    attendees: { emailAddress: { name: string; address: string }; type: string }[];
+  };
+
+  const data = await res.json() as { value: GraphEvent[] };
+
+  return data.value
+    .filter((e) => !e.isAllDay)
+    .map((e) => ({
+      id: e.id,
+      subject: e.subject ?? '',
+      start: toHHMM(e.start.dateTime),
+      end: toHHMM(e.end.dateTime),
+      bodyPreview: e.bodyPreview ?? '',
+      attendees: (e.attendees ?? [])
+        .filter((a) => a.emailAddress.address.toLowerCase() !== userEmail.toLowerCase())
+        .map((a) => ({ name: a.emailAddress.name, email: a.emailAddress.address })),
+    }))
+    .sort((a, b) => a.start.localeCompare(b.start));
+}
--- a/ka-note/server/src/routes/calendar.ts
+++ b/ka-note/server/src/routes/calendar.ts
@ -0,0 +1,27 @@
+import { Hono } from 'hono';
+import type { AuthEnv } from '../middleware/auth.js';
+import { getCalendarEvents } from '../lib/graph-service.js';
+
+const calendar = new Hono<AuthEnv>();
+
+const DATE_RE = /^\d{4}-\d{2}-\d{2}$/;
+
+calendar.get('/events', async (c) => {
+  const date = c.req.query('date') ?? '';
+  if (!DATE_RE.test(date)) {
+    return c.json({ error: 'date param required (YYYY-MM-DD)' }, 400);
+  }
+
+  const auth = c.get('auth');
+  const rawToken = c.req.header('Authorization')?.slice(7) ?? '';
+
+  try {
+    const events = await getCalendarEvents(rawToken, auth.userId, auth.email, date);
+    return c.json(events);
+  } catch (err) {
+    console.error('[calendar] Graph error:', err instanceof Error ? err.message : err);
+    return c.json({ error: 'graph_unavailable', detail: err instanceof Error ? err.message : String(err) }, 502);
+  }
+});
+
+export default calendar;