update auth, versioning in pipelines

jackmalcom · jackmalcom · commit c35ad00a6817 · 2026-01-20T10:25:22.000-06:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -14,7 +14,7 @@ jobs:
 
       - name: Build app
         run: |
-          xcodebuild -project Daycal.xcodeproj -scheme Daycal -configuration Release -derivedDataPath build
+          xcodebuild -project Daycal.xcodeproj -scheme Daycal -configuration Release -derivedDataPath build CURRENT_PROJECT_VERSION=${{ github.run_number }}
 
       - name: Package app
         run: |
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -16,7 +16,7 @@ jobs:
 
       - name: Build app
         run: |
-          xcodebuild -project Daycal.xcodeproj -scheme Daycal -configuration Release -derivedDataPath build
+          xcodebuild -project Daycal.xcodeproj -scheme Daycal -configuration Release -derivedDataPath build CURRENT_PROJECT_VERSION=${{ github.run_number }}
 
       - name: Create DMG
         run: |
diff --git a/Daycal.xcodeproj/project.pbxproj b/Daycal.xcodeproj/project.pbxproj
@@ -113,10 +113,10 @@
 /* End PBXSourcesBuildPhase section */
 
 /* Begin XCBuildConfiguration section */
-		231A49875AB7488A8723C653CBA2D987 /* Debug */ = {isa = XCBuildConfiguration; buildSettings = {CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = ""; ENABLE_HARDENED_RUNTIME = YES; GENERATE_INFOPLIST_FILE = NO; INFOPLIST_FILE = "$(SRCROOT)/Daycal/Info.plist"; PRODUCT_BUNDLE_IDENTIFIER = com.jackmal.daycal; MACOSX_DEPLOYMENT_TARGET = 13.0; PRODUCT_NAME = Daycal; SWIFT_VERSION = 5.9;}; name = Debug; };
-		1972127CC949410898FE23EFB31DC5D9 /* Release */ = {isa = XCBuildConfiguration; buildSettings = {CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = ""; ENABLE_HARDENED_RUNTIME = YES; GENERATE_INFOPLIST_FILE = NO; INFOPLIST_FILE = "$(SRCROOT)/Daycal/Info.plist"; PRODUCT_BUNDLE_IDENTIFIER = com.jackmal.daycal; MACOSX_DEPLOYMENT_TARGET = 13.0; PRODUCT_NAME = Daycal; SWIFT_VERSION = 5.9;}; name = Release; };
-		D31D27B8C16440C19203EC9B4CF566EB /* Debug */ = {isa = XCBuildConfiguration; buildSettings = {CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = ""; ENABLE_HARDENED_RUNTIME = YES; GENERATE_INFOPLIST_FILE = NO; INFOPLIST_FILE = "$(SRCROOT)/Daycal/Info.plist"; PRODUCT_BUNDLE_IDENTIFIER = com.jackmal.daycal; MACOSX_DEPLOYMENT_TARGET = 13.0; PRODUCT_NAME = Daycal; SWIFT_VERSION = 5.9;}; name = Debug; };
-		7FD36384F2094D4095CAE7D6ECC018A3 /* Release */ = {isa = XCBuildConfiguration; buildSettings = {CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = ""; ENABLE_HARDENED_RUNTIME = YES; GENERATE_INFOPLIST_FILE = NO; INFOPLIST_FILE = "$(SRCROOT)/Daycal/Info.plist"; PRODUCT_BUNDLE_IDENTIFIER = com.jackmal.daycal; MACOSX_DEPLOYMENT_TARGET = 13.0; PRODUCT_NAME = Daycal; SWIFT_VERSION = 5.9;}; name = Release; };
+		231A49875AB7488A8723C653CBA2D987 /* Debug */ = {isa = XCBuildConfiguration; buildSettings = {CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = ""; ENABLE_HARDENED_RUNTIME = YES; GENERATE_INFOPLIST_FILE = NO; INFOPLIST_FILE = "$(SRCROOT)/Daycal/Info.plist"; PRODUCT_BUNDLE_IDENTIFIER = com.jackmal.daycal; MACOSX_DEPLOYMENT_TARGET = 13.0; PRODUCT_NAME = Daycal; SWIFT_VERSION = 5.9; CURRENT_PROJECT_VERSION = 1;}; name = Debug; };
+		1972127CC949410898FE23EFB31DC5D9 /* Release */ = {isa = XCBuildConfiguration; buildSettings = {CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = ""; ENABLE_HARDENED_RUNTIME = YES; GENERATE_INFOPLIST_FILE = NO; INFOPLIST_FILE = "$(SRCROOT)/Daycal/Info.plist"; PRODUCT_BUNDLE_IDENTIFIER = com.jackmal.daycal; MACOSX_DEPLOYMENT_TARGET = 13.0; PRODUCT_NAME = Daycal; SWIFT_VERSION = 5.9; CURRENT_PROJECT_VERSION = 1;}; name = Release; };
+		D31D27B8C16440C19203EC9B4CF566EB /* Debug */ = {isa = XCBuildConfiguration; buildSettings = {CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = ""; ENABLE_HARDENED_RUNTIME = YES; GENERATE_INFOPLIST_FILE = NO; INFOPLIST_FILE = "$(SRCROOT)/Daycal/Info.plist"; PRODUCT_BUNDLE_IDENTIFIER = com.jackmal.daycal; MACOSX_DEPLOYMENT_TARGET = 13.0; PRODUCT_NAME = Daycal; SWIFT_VERSION = 5.9; CURRENT_PROJECT_VERSION = 1;}; name = Debug; };
+		7FD36384F2094D4095CAE7D6ECC018A3 /* Release */ = {isa = XCBuildConfiguration; buildSettings = {CODE_SIGN_STYLE = Automatic; DEVELOPMENT_TEAM = ""; ENABLE_HARDENED_RUNTIME = YES; GENERATE_INFOPLIST_FILE = NO; INFOPLIST_FILE = "$(SRCROOT)/Daycal/Info.plist"; PRODUCT_BUNDLE_IDENTIFIER = com.jackmal.daycal; MACOSX_DEPLOYMENT_TARGET = 13.0; PRODUCT_NAME = Daycal; SWIFT_VERSION = 5.9; CURRENT_PROJECT_VERSION = 1;}; name = Release; };
 /* End XCBuildConfiguration section */
 
 /* Begin XCConfigurationList section */
diff --git a/Daycal/Info.plist b/Daycal/Info.plist
@@ -6,6 +6,8 @@
     <string>Daycal</string>
     <key>CFBundleIdentifier</key>
     <string>com.jackmal.daycal</string>
+    <key>CFBundleVersion</key>
+    <string>$(CURRENT_PROJECT_VERSION)</string>
     <key>CFBundleName</key>
     <string>Daycal</string>
     <key>CFBundlePackageType</key>
diff --git a/Sources/Daycal/AuthRedirectHandler.swift b/Sources/Daycal/AuthRedirectHandler.swift
@@ -1,13 +1,18 @@
 import Foundation
 
 final class AuthRedirectHandler {
+    struct AuthResponse {
+        let code: String
+        let state: String?
+    }
+
     static let shared = AuthRedirectHandler()
 
-    private var completion: ((Result<String, Error>) -> Void)?
+    private var completion: ((Result<AuthResponse, Error>) -> Void)?
 
     private init() {}
 
-    func start(completion: @escaping (Result<String, Error>) -> Void) {
+    func start(completion: @escaping (Result<AuthResponse, Error>) -> Void) {
         self.completion = completion
     }
 
@@ -20,7 +25,8 @@ final class AuthRedirectHandler {
             return
         }
 
-        completion?(.success(code))
+        let state = items.first(where: { $0.name == "state" })?.value
+        completion?(.success(AuthResponse(code: code, state: state)))
         completion = nil
     }
 }
diff --git a/Sources/Daycal/CalendarStore.swift b/Sources/Daycal/CalendarStore.swift
@@ -22,12 +22,21 @@ final class CalendarStore: ObservableObject {
 
     init() {
         Task {
-            if tokenStore.hasToken {
-                authState = .signedIn
-                await refreshEvents()
-                scheduleAutoRefresh()
-            } else {
+            await restoreSession()
+        }
+    }
+
+    private func restoreSession() async {
+        do {
+            _ = try await tokenStore.validToken()
+            authState = .signedIn
+            await refreshEvents()
+            scheduleAutoRefresh()
+        } catch {
+            if let authError = error as? CalendarAuthError, authError == .missingToken {
                 authState = .signedOut
+            } else {
+                authState = .error(error.localizedDescription)
             }
         }
     }
@@ -44,7 +53,11 @@ final class CalendarStore: ObservableObject {
                 scheduleAutoRefresh()
             } catch {
                 if Task.isCancelled { return }
-                authState = .error(error.localizedDescription)
+                if let authError = error as? CalendarAuthError, authError == .missingToken {
+                    authState = .signedOut
+                } else {
+                    authState = .error(error.localizedDescription)
+                }
             }
         }
     }
@@ -60,11 +73,6 @@ final class CalendarStore: ObservableObject {
     }
 
     func refreshEvents() async {
-        guard tokenStore.hasValidToken else {
-            authState = .signedOut
-            return
-        }
-
         isLoading = true
         defer { isLoading = false }
 
diff --git a/Sources/Daycal/EventsMenuView.swift b/Sources/Daycal/EventsMenuView.swift
@@ -95,8 +95,13 @@ struct EventsMenuView: View {
                 }
             case .error(let message):
                 Text("Error: \(message)")
-                Button("Try Again") {
-                    calendarStore.signIn()
+                HStack(spacing: 8) {
+                    Button("Try Again") {
+                        calendarStore.signIn()
+                    }
+                    Button("Quit") {
+                        NSApplication.shared.terminate(nil)
+                    }
                 }
             }
         }
diff --git a/Sources/Daycal/GoogleAuthService.swift b/Sources/Daycal/GoogleAuthService.swift
@@ -6,6 +6,7 @@ enum CalendarAuthError: Error, LocalizedError {
     case invalidRedirect
     case tokenExchangeFailed
     case cancelled
+    case stateMismatch
 
     var errorDescription: String? {
         switch self {
@@ -17,10 +18,13 @@ enum CalendarAuthError: Error, LocalizedError {
             return "Could not exchange authorization code."
         case .cancelled:
             return "Sign-in was cancelled."
+        case .stateMismatch:
+            return "Sign-in response did not match the request."
         }
     }
 }
 
+
 final class GoogleAuthService: NSObject {
     private var authContinuation: CheckedContinuation<OAuthToken, Error>?
     private let redirectServer = RedirectServer()
@@ -67,10 +71,15 @@ final class GoogleAuthService: NSObject {
             authContinuation = continuation
             AuthRedirectHandler.shared.start { result in
                 switch result {
-                case .success(let code):
+                case .success(let response):
+                    guard response.state == state else {
+                        server.stop()
+                        continuation.resume(throwing: CalendarAuthError.stateMismatch)
+                        return
+                    }
                     Task {
                         do {
-                            let token = try await GoogleAuthService.exchangeCodeForToken(code: code)
+                            let token = try await GoogleAuthService.exchangeCodeForToken(code: response.code)
                             server.stop()
                             continuation.resume(returning: token)
                         } catch {
@@ -85,7 +94,7 @@ final class GoogleAuthService: NSObject {
             }
 
             Task {
-                try? await Task.sleep(nanoseconds: 30_000_000_000)
+                try? await Task.sleep(nanoseconds: 60_000_000_000)
                 guard server.isRunning else { return }
                 server.stop()
                 continuation.resume(throwing: CalendarAuthError.cancelled)
diff --git a/Sources/Daycal/TokenStore.swift b/Sources/Daycal/TokenStore.swift
@@ -43,6 +43,10 @@ final class TokenStore {
         }
 
         if token.isExpired {
+            guard !token.refreshToken.isEmpty else {
+                clear()
+                throw CalendarAuthError.missingToken
+            }
             let refreshed = try await GoogleAuthService().refresh(token: token)
             save(token: refreshed)
             return refreshed

Original file line number	Diff line number	Diff line change
`@@ -1,13 +1,18 @@`
`1`	`1`	`import Foundation`
`2`	`2`
`3`	`3`	`final class AuthRedirectHandler {`
	`4`	`+ struct AuthResponse {`
	`5`	`+ let code: String`
	`6`	`+ let state: String?`
	`7`	`+ }`
	`8`	`+`
`4`	`9`	`static let shared = AuthRedirectHandler()`
`5`	`10`
`6`		`- private var completion: ((Result<String, Error>) -> Void)?`
	`11`	`+ private var completion: ((Result<AuthResponse, Error>) -> Void)?`
`7`	`12`
`8`	`13`	`private init() {}`
`9`	`14`
`10`		`- func start(completion: @escaping (Result<String, Error>) -> Void) {`
	`15`	`+ func start(completion: @escaping (Result<AuthResponse, Error>) -> Void) {`
`11`	`16`	`self.completion = completion`
`12`	`17`	`}`
`13`	`18`
`@@ -20,7 +25,8 @@ final class AuthRedirectHandler {`
`20`	`25`	`return`
`21`	`26`	`}`
`22`	`27`
`23`		`- completion?(.success(code))`
	`28`	`+ let state = items.first(where: { $0.name == "state" })?.value`
	`29`	`+ completion?(.success(AuthResponse(code: code, state: state)))`
`24`	`30`	`completion = nil`
`25`	`31`	`}`
`26`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -95,8 +95,13 @@ struct EventsMenuView: View {`
`95`	`95`	`}`
`96`	`96`	`case .error(let message):`
`97`	`97`	`Text("Error: \(message)")`
`98`		`- Button("Try Again") {`
`99`		`- calendarStore.signIn()`
	`98`	`+ HStack(spacing: 8) {`
	`99`	`+ Button("Try Again") {`
	`100`	`+ calendarStore.signIn()`
	`101`	`+ }`
	`102`	`+ Button("Quit") {`
	`103`	`+ NSApplication.shared.terminate(nil)`
	`104`	`+ }`
`100`	`105`	`}`
`101`	`106`	`}`
`102`	`107`	`}`