dedupe, remove circular imports

auth/google_auth.py

@@ -13,7 +13,7 @@ from google.auth.transport.requests import Request
 from google.auth.exceptions import RefreshError
 from googleapiclient.discovery import build
 from googleapiclient.errors import HttpError
-from config.google_config import OAUTH_STATE_TO_SESSION_ID_MAP, SCOPES
+from auth.scopes import OAUTH_STATE_TO_SESSION_ID_MAP, SCOPES
 
 # Configure logging
 logging.basicConfig(level=logging.INFO)

auth/oauth_callback_server.py

@@ -16,7 +16,7 @@ from fastapi import FastAPI, Request
 import uvicorn
 
 from auth.google_auth import handle_auth_callback, CONFIG_CLIENT_SECRETS_PATH
-from config.google_config import OAUTH_STATE_TO_SESSION_ID_MAP, SCOPES
+from auth.scopes import OAUTH_STATE_TO_SESSION_ID_MAP, SCOPES
 from auth.oauth_responses import create_error_response, create_success_response, create_server_error_response
 
 logger = logging.getLogger(__name__)

auth/scopes.py

@@ -0,0 +1,99 @@
+"""
+Google Workspace OAuth Scopes
+
+This module centralizes OAuth scope definitions for Google Workspace integration.
+Separated from service_decorator.py to avoid circular imports.
+"""
+import logging
+from typing import Dict
+
+logger = logging.getLogger(__name__)
+
+# Temporary map to associate OAuth state with MCP session ID
+# This should ideally be a more robust cache in a production system (e.g., Redis)
+OAUTH_STATE_TO_SESSION_ID_MAP: Dict[str, str] = {}
+
+# Individual OAuth Scope Constants
+USERINFO_EMAIL_SCOPE = 'https://www.googleapis.com/auth/userinfo.email'
+OPENID_SCOPE = 'openid'
+CALENDAR_READONLY_SCOPE = 'https://www.googleapis.com/auth/calendar.readonly'
+CALENDAR_EVENTS_SCOPE = 'https://www.googleapis.com/auth/calendar.events'
+
+# Google Drive scopes
+DRIVE_READONLY_SCOPE = 'https://www.googleapis.com/auth/drive.readonly'
+DRIVE_FILE_SCOPE = 'https://www.googleapis.com/auth/drive.file'
+
+# Google Docs scopes
+DOCS_READONLY_SCOPE = 'https://www.googleapis.com/auth/documents.readonly'
+DOCS_WRITE_SCOPE = 'https://www.googleapis.com/auth/documents'
+
+# Gmail API scopes
+GMAIL_READONLY_SCOPE = 'https://www.googleapis.com/auth/gmail.readonly'
+GMAIL_SEND_SCOPE = 'https://www.googleapis.com/auth/gmail.send'
+GMAIL_COMPOSE_SCOPE = 'https://www.googleapis.com/auth/gmail.compose'
+GMAIL_MODIFY_SCOPE = 'https://www.googleapis.com/auth/gmail.modify'
+GMAIL_LABELS_SCOPE = 'https://www.googleapis.com/auth/gmail.labels'
+
+# Google Chat API scopes
+CHAT_READONLY_SCOPE = 'https://www.googleapis.com/auth/chat.messages.readonly'
+CHAT_WRITE_SCOPE = 'https://www.googleapis.com/auth/chat.messages'
+CHAT_SPACES_SCOPE = 'https://www.googleapis.com/auth/chat.spaces'
+
+# Google Sheets API scopes
+SHEETS_READONLY_SCOPE = 'https://www.googleapis.com/auth/spreadsheets.readonly'
+SHEETS_WRITE_SCOPE = 'https://www.googleapis.com/auth/spreadsheets'
+
+# Google Forms API scopes
+FORMS_BODY_SCOPE = 'https://www.googleapis.com/auth/forms.body'
+FORMS_BODY_READONLY_SCOPE = 'https://www.googleapis.com/auth/forms.body.readonly'
+FORMS_RESPONSES_READONLY_SCOPE = 'https://www.googleapis.com/auth/forms.responses.readonly'
+
+# Base OAuth scopes required for user identification
+BASE_SCOPES = [
+    USERINFO_EMAIL_SCOPE,
+    OPENID_SCOPE
+]
+
+# Service-specific scope groups
+DOCS_SCOPES = [
+    DOCS_READONLY_SCOPE,
+    DOCS_WRITE_SCOPE
+]
+
+CALENDAR_SCOPES = [
+    CALENDAR_READONLY_SCOPE,
+    CALENDAR_EVENTS_SCOPE
+]
+
+DRIVE_SCOPES = [
+    DRIVE_READONLY_SCOPE,
+    DRIVE_FILE_SCOPE
+]
+
+GMAIL_SCOPES = [
+    GMAIL_READONLY_SCOPE,
+    GMAIL_SEND_SCOPE,
+    GMAIL_COMPOSE_SCOPE,
+    GMAIL_MODIFY_SCOPE,
+    GMAIL_LABELS_SCOPE
+]
+
+CHAT_SCOPES = [
+    CHAT_READONLY_SCOPE,
+    CHAT_WRITE_SCOPE,
+    CHAT_SPACES_SCOPE
+]
+
+SHEETS_SCOPES = [
+    SHEETS_READONLY_SCOPE,
+    SHEETS_WRITE_SCOPE
+]
+
+FORMS_SCOPES = [
+    FORMS_BODY_SCOPE,
+    FORMS_BODY_READONLY_SCOPE,
+    FORMS_RESPONSES_READONLY_SCOPE
+]
+
+# Combined scopes for all supported Google Workspace operations
+SCOPES = list(set(BASE_SCOPES + CALENDAR_SCOPES + DRIVE_SCOPES + GMAIL_SCOPES + DOCS_SCOPES + CHAT_SCOPES + SHEETS_SCOPES + FORMS_SCOPES))

auth/service_decorator.py

@@ -9,6 +9,17 @@ from auth.google_auth import get_authenticated_google_service, GoogleAuthenticat
 
 logger = logging.getLogger(__name__)
 
+# Import scope constants
+from auth.scopes import (
+    GMAIL_READONLY_SCOPE, GMAIL_SEND_SCOPE, GMAIL_COMPOSE_SCOPE, GMAIL_MODIFY_SCOPE, GMAIL_LABELS_SCOPE,
+    DRIVE_READONLY_SCOPE, DRIVE_FILE_SCOPE,
+    DOCS_READONLY_SCOPE, DOCS_WRITE_SCOPE,
+    CALENDAR_READONLY_SCOPE, CALENDAR_EVENTS_SCOPE,
+    SHEETS_READONLY_SCOPE, SHEETS_WRITE_SCOPE,
+    CHAT_READONLY_SCOPE, CHAT_WRITE_SCOPE, CHAT_SPACES_SCOPE,
+    FORMS_BODY_SCOPE, FORMS_BODY_READONLY_SCOPE, FORMS_RESPONSES_READONLY_SCOPE
+)
+
 # Service configuration mapping
 SERVICE_CONFIGS = {
     "gmail": {"service": "gmail", "version": "v1"},
@@ -20,40 +31,41 @@ SERVICE_CONFIGS = {
     "forms": {"service": "forms", "version": "v1"}
 }
 
+
 # Scope group definitions for easy reference
 SCOPE_GROUPS = {
     # Gmail scopes
-    "gmail_read": "https://www.googleapis.com/auth/gmail.readonly",
-    "gmail_send": "https://www.googleapis.com/auth/gmail.send",
-    "gmail_compose": "https://www.googleapis.com/auth/gmail.compose",
-    "gmail_modify": "https://www.googleapis.com/auth/gmail.modify",
-    "gmail_labels": "https://www.googleapis.com/auth/gmail.labels",
+    "gmail_read": GMAIL_READONLY_SCOPE,
+    "gmail_send": GMAIL_SEND_SCOPE,
+    "gmail_compose": GMAIL_COMPOSE_SCOPE,
+    "gmail_modify": GMAIL_MODIFY_SCOPE,
+    "gmail_labels": GMAIL_LABELS_SCOPE,
 
     # Drive scopes
-    "drive_read": "https://www.googleapis.com/auth/drive.readonly",
-    "drive_file": "https://www.googleapis.com/auth/drive.file",
+    "drive_read": DRIVE_READONLY_SCOPE,
+    "drive_file": DRIVE_FILE_SCOPE,
 
     # Docs scopes
-    "docs_read": "https://www.googleapis.com/auth/documents.readonly",
-    "docs_write": "https://www.googleapis.com/auth/documents",
+    "docs_read": DOCS_READONLY_SCOPE,
+    "docs_write": DOCS_WRITE_SCOPE,
 
     # Calendar scopes
-    "calendar_read": "https://www.googleapis.com/auth/calendar.readonly",
-    "calendar_events": "https://www.googleapis.com/auth/calendar.events",
+    "calendar_read": CALENDAR_READONLY_SCOPE,
+    "calendar_events": CALENDAR_EVENTS_SCOPE,
 
     # Sheets scopes
-    "sheets_read": "https://www.googleapis.com/auth/spreadsheets.readonly",
-    "sheets_write": "https://www.googleapis.com/auth/spreadsheets",
+    "sheets_read": SHEETS_READONLY_SCOPE,
+    "sheets_write": SHEETS_WRITE_SCOPE,
 
     # Chat scopes
-    "chat_read": "https://www.googleapis.com/auth/chat.messages.readonly",
-    "chat_write": "https://www.googleapis.com/auth/chat.messages",
-    "chat_spaces": "https://www.googleapis.com/auth/chat.spaces.readonly",
+    "chat_read": CHAT_READONLY_SCOPE,
+    "chat_write": CHAT_WRITE_SCOPE,
+    "chat_spaces": CHAT_SPACES_SCOPE,
 
     # Forms scopes
-    "forms": "https://www.googleapis.com/auth/forms.body",
-    "forms_read": "https://www.googleapis.com/auth/forms.body.readonly",
-    "forms_responses_read": "https://www.googleapis.com/auth/forms.responses.readonly",
+    "forms": FORMS_BODY_SCOPE,
+    "forms_read": FORMS_BODY_READONLY_SCOPE,
+    "forms_responses_read": FORMS_RESPONSES_READONLY_SCOPE,
 }
 
 # Service cache: {cache_key: (service, cached_time, user_email)}