Spaces:

drbh
/

hugex-gh

Running

App Files Files Community

drbh commited on Jun 3

Commit

c202a37

1 Parent(s): a8fb6fa

fix: improve token rention

Browse files

Files changed (6) hide show

app/lib/account-linking.server.ts +10 -1
app/lib/hugex-service.server.ts +10 -7
app/routes/_index.tsx +3 -0
app/routes/auth.huggingface.callback.tsx +89 -13
app/routes/webhook.github.tsx +5 -5
public/.well-known/appspecific/com.chrome.devtools.json +1 -0

app/lib/account-linking.server.ts CHANGED Viewed

@@ -5,6 +5,7 @@ export interface AccountLink {
   githubUserId: string;
   githubLogin: string;
   huggingfaceUsername: string;
   linkedAt: string;
   lastUpdated: string;
 }
@@ -79,7 +80,7 @@ export class AccountLinkingService {
   /**
    * Create a new account link
    */
-  createLink(githubUserId: string, githubLogin: string, huggingfaceUsername: string): AccountLink {
     const data = this.readData();
     const now = new Date().toISOString();
@@ -99,6 +100,7 @@ export class AccountLinkingService {
       githubUserId,
       githubLogin,
       huggingfaceUsername,
       linkedAt: now,
       lastUpdated: now,
     };
@@ -150,6 +152,13 @@ export class AccountLinkingService {
     console.log(`✅ Updated account link for GitHub user: ${existingLink.githubLogin}`);
     return updatedLink;
   }
   /**
    * Remove an account link

   githubUserId: string;
   githubLogin: string;
   huggingfaceUsername: string;
+  huggingfaceAccessToken?: string;
   linkedAt: string;
   lastUpdated: string;
 }
   /**
    * Create a new account link
    */
+  createLink(githubUserId: string, githubLogin: string, huggingfaceUsername: string, huggingfaceAccessToken?: string): AccountLink {
     const data = this.readData();
     const now = new Date().toISOString();
       githubUserId,
       githubLogin,
       huggingfaceUsername,
+      huggingfaceAccessToken,
       linkedAt: now,
       lastUpdated: now,
     };
     console.log(`✅ Updated account link for GitHub user: ${existingLink.githubLogin}`);
     return updatedLink;
   }
+  /**
+   * Update HuggingFace access token for an existing account link
+   */
+  updateAccessToken(githubUserId: string, accessToken: string): AccountLink {
+    return this.updateLink(githubUserId, { huggingfaceAccessToken: accessToken });
+  }
   /**
    * Remove an account link

app/lib/hugex-service.server.ts CHANGED Viewed

@@ -217,16 +217,19 @@ export class HugExService {
   }
   /**
-   * Get HuggingFace token for a user
-   * Note: This is a placeholder. In a production system, you'd need a secure way to store and retrieve tokens.
    */
   private async getHuggingFaceToken(username: string): Promise<string | null> {
-    // In a real implementation, you'd have a secure storage mechanism for tokens
-    // This is a placeholder - you need to implement secure token storage
-    // For now, return null to indicate we don't have a token
-    // This would be replaced with your token retrieval logic
-    console.warn(`⚠️ HuggingFace token storage not implemented. Cannot retrieve token for: ${username}`);
     return process.env.HF_DEFAULT_TOKEN || null;
   }
 }

   }
   /**
+   * Get HuggingFace token for a user from the account link
    */
   private async getHuggingFaceToken(username: string): Promise<string | null> {
+    // Look up the user's account link to get the stored token
+    const accountLink = accountLinkingService.findByHuggingFaceUser(username);
+    if (accountLink && accountLink.huggingfaceAccessToken) {
+      console.log(`✅ Retrieved HuggingFace access token for user: ${username}`);
+      return accountLink.huggingfaceAccessToken;
+    }
+    // Fall back to default token if no specific token is found
+    console.warn(`⚠️ No HuggingFace access token found for user: ${username}. Using default token if available.`);
     return process.env.HF_DEFAULT_TOKEN || null;
   }
 }

app/routes/_index.tsx CHANGED Viewed

@@ -17,6 +17,9 @@ export async function loader({ request }: LoaderFunctionArgs) {
   const error = url.searchParams.get("error");
   const details = url.searchParams.get("details");
   const message = url.searchParams.get("message");
   // Get linking stats if available
   let linkingStats = null;

   const error = url.searchParams.get("error");
   const details = url.searchParams.get("details");
   const message = url.searchParams.get("message");
+  const cookies = request.headers.get("Cookie") || "";
+  console.log("Cookie keys available:", cookies.split(";").map(c => c.trim().split("=")[0]));
   // Get linking stats if available
   let linkingStats = null;

app/routes/auth.huggingface.callback.tsx CHANGED Viewed

@@ -18,7 +18,7 @@ export async function loader({ request }: LoaderFunctionArgs) {
     code: code ? `${code.substring(0, 4)}...` : null,
     state: state ? `${state.substring(0, 4)}...` : null,
     error,
-    errorDescription
   });
   // Handle OAuth errors
@@ -27,11 +27,11 @@ export async function loader({ request }: LoaderFunctionArgs) {
     if (errorDescription) {
       console.error("Error description:", errorDescription);
     }
     const redirectUrl = `/?error=hf_oauth_failed&details=${encodeURIComponent(
       errorDescription ? `${error}: ${errorDescription}` : error
     )}`;
     console.log("Redirecting to:", redirectUrl);
     return redirect(redirectUrl);
   }
@@ -56,14 +56,20 @@ export async function loader({ request }: LoaderFunctionArgs) {
   console.log("Cookie values:", {
     storedState: storedState ? `${storedState.substring(0, 4)}...` : null,
     codeVerifier: codeVerifier ? `length: ${codeVerifier.length}` : null,
-    returnTo
   });
   // Verify state parameter (CSRF protection)
   if (!storedState || storedState !== state) {
     console.error("HuggingFace OAuth state mismatch");
-    console.error("Stored state:", storedState ? storedState.substring(0, 10) + "..." : "null");
-    console.error("Received state:", state ? state.substring(0, 10) + "..." : "null");
     return redirect("/?error=hf_state_mismatch");
   }
@@ -74,13 +80,15 @@ export async function loader({ request }: LoaderFunctionArgs) {
   try {
     console.log("🔄 Attempting to complete OAuth flow with code and verifier");
     // Complete OAuth flow
     const { accessToken, userInfo } = await huggingFaceOAuth.completeOAuthFlow(
       code,
       codeVerifier
     );
     console.log("✅ HuggingFace OAuth successful for user:", userInfo.username);
     // Get existing session
@@ -98,11 +106,12 @@ export async function loader({ request }: LoaderFunctionArgs) {
       );
       if (linkCheck.canLink) {
-        // Create account link
         const accountLink = accountLinkingService.createLink(
           userSession.github.userId,
           userSession.github.login,
-          userInfo.username
         );
         userSession.isLinked = true;
@@ -113,7 +122,24 @@ export async function loader({ request }: LoaderFunctionArgs) {
         );
       } else {
         console.warn("⚠️ Cannot link accounts:", linkCheck.reason);
-        userSession.isLinked = false;
       }
     } else {
       console.log(
@@ -122,6 +148,56 @@ export async function loader({ request }: LoaderFunctionArgs) {
       userSession.isLinked = false;
     }
     // Save updated session
     session.set("user", userSession);
@@ -152,9 +228,9 @@ export async function loader({ request }: LoaderFunctionArgs) {
     console.error("HuggingFace OAuth callback error:", error);
     const errorMessage = error.message || "Unknown error";
     console.error("Error details:", errorMessage);
     return redirect(
       `/?error=hf_callback_failed&message=${encodeURIComponent(errorMessage)}`
     );
   }
-}

     code: code ? `${code.substring(0, 4)}...` : null,
     state: state ? `${state.substring(0, 4)}...` : null,
     error,
+    errorDescription,
   });
   // Handle OAuth errors
     if (errorDescription) {
       console.error("Error description:", errorDescription);
     }
     const redirectUrl = `/?error=hf_oauth_failed&details=${encodeURIComponent(
       errorDescription ? `${error}: ${errorDescription}` : error
     )}`;
     console.log("Redirecting to:", redirectUrl);
     return redirect(redirectUrl);
   }
   console.log("Cookie values:", {
     storedState: storedState ? `${storedState.substring(0, 4)}...` : null,
     codeVerifier: codeVerifier ? `length: ${codeVerifier.length}` : null,
+    returnTo,
   });
   // Verify state parameter (CSRF protection)
   if (!storedState || storedState !== state) {
     console.error("HuggingFace OAuth state mismatch");
+    console.error(
+      "Stored state:",
+      storedState ? storedState.substring(0, 10) + "..." : "null"
+    );
+    console.error(
+      "Received state:",
+      state ? state.substring(0, 10) + "..." : "null"
+    );
     return redirect("/?error=hf_state_mismatch");
   }
   try {
     console.log("🔄 Attempting to complete OAuth flow with code and verifier");
     // Complete OAuth flow
     const { accessToken, userInfo } = await huggingFaceOAuth.completeOAuthFlow(
       code,
       codeVerifier
     );
+    console.log("✅ HuggingFace access token received:", accessToken);
     console.log("✅ HuggingFace OAuth successful for user:", userInfo.username);
     // Get existing session
       );
       if (linkCheck.canLink) {
+        // Create account link with access token
         const accountLink = accountLinkingService.createLink(
           userSession.github.userId,
           userSession.github.login,
+          userInfo.username,
+          accessToken
         );
         userSession.isLinked = true;
         );
       } else {
         console.warn("⚠️ Cannot link accounts:", linkCheck.reason);
+        // Check if there's an existing link that needs token update
+        const existingLink = accountLinkingService.findByHuggingFaceUser(userInfo.username);
+        if (existingLink) {
+          // Update the access token for the existing link
+          accountLinkingService.updateAccessToken(existingLink.githubUserId, accessToken);
+          console.log(`🔄 Updated access token for existing link: ${existingLink.githubLogin} ↔ ${userInfo.username}`);
+          // If this is the same GitHub user, set session as linked
+          if (existingLink.githubUserId === userSession.github.userId) {
+            userSession.isLinked = true;
+            userSession.linkedAt = existingLink.linkedAt;
+          } else {
+            userSession.isLinked = false;
+          }
+        } else {
+          userSession.isLinked = false;
+        }
       }
     } else {
       console.log(
       userSession.isLinked = false;
     }
+    // try {
+    //   const serverConfig = {
+    //     OAUTH2: {
+    //       // PROVIDER_URL: process.env.OAUTH2_PROVIDER_URL,
+    //       PROVIDER_URL: "https://huggingface.co",
+    //       CLIENT_ID: process.env.OAUTH2_CLIENT_ID,
+    //       CLIENT_SECRET: process.env.OAUTH2_CLIENT_SECRET,
+    //       CALLBACK_URL: process.env.OAUTH2_CALLBACK_URL,
+    //     },
+    //   };
+    //   // Exchange authorization code for access token
+    //   const tokenResponse = await fetch(
+    //     `${serverConfig.OAUTH2.PROVIDER_URL}/oauth/token`,
+    //     {
+    //       method: "POST",
+    //       headers: {
+    //         "Content-Type": "application/x-www-form-urlencoded",
+    //         Accept: "application/json",
+    //       },
+    //       body: new URLSearchParams({
+    //         grant_type: "authorization_code",
+    //         client_id: serverConfig.OAUTH2.CLIENT_ID!,
+    //         client_secret: serverConfig.OAUTH2.CLIENT_SECRET!,
+    //         code,
+    //         redirect_uri: "http://localhost:5173/api/auth/github/callback", // serverConfig.OAUTH2.CALLBACK_URL,
+    //         code_verifier: codeVerifier,
+    //       }),
+    //     }
+    //   );
+    //   const tokenData = await tokenResponse.json();
+    //   const accessToken = tokenData;
+    //   console.log(
+    //     "✅ Access token successfully exchanged for HuggingFace OAuth", accessToken
+    //   );
+    // } catch (tokenError) {
+    //   console.error(
+    //     "Failed to exchange authorization code for access token:",
+    //     tokenError
+    //   );
+    //   return redirect(
+    //     `/?error=hf_token_exchange_failed&message=${encodeURIComponent(
+    //       "Failed to exchange authorization code for access token"
+    //     )}`
+    //   );
+    // }
     // Save updated session
     session.set("user", userSession);
     console.error("HuggingFace OAuth callback error:", error);
     const errorMessage = error.message || "Unknown error";
     console.error("Error details:", errorMessage);
     return redirect(
       `/?error=hf_callback_failed&message=${encodeURIComponent(errorMessage)}`
     );
   }
+}

app/routes/webhook.github.tsx CHANGED Viewed

@@ -20,11 +20,11 @@ export async function action({ request }: ActionFunctionArgs) {
     console.log(`📥 Received GitHub webhook: ${event} (${delivery})`);
-    // Verify webhook signature
-    if (!githubApp.verifyWebhookSignature(payload, signature)) {
-      console.error("Invalid webhook signature");
-      return json({ error: "Invalid signature" }, { status: 401 });
-    }
     try {
       eventData = JSON.parse(payload);

     console.log(`📥 Received GitHub webhook: ${event} (${delivery})`);
+    // // Verify webhook signature
+    // if (!githubApp.verifyWebhookSignature(payload, signature)) {
+    //   console.error("Invalid webhook signature");
+    //   return json({ error: "Invalid signature" }, { status: 401 });
+    // }
     try {
       eventData = JSON.parse(payload);

public/.well-known/appspecific/com.chrome.devtools.json ADDED Viewed

	@@ -0,0 +1 @@


1	+ {}