drbh
commited on
Commit
Β·
e30ea26
1
Parent(s):
0b1afcf
fix: make setup more strict
Browse files- app/lib/github-app.server.ts +20 -6
- app/lib/session.server.ts +16 -11
- app/routes/status.tsx +3 -3
app/lib/github-app.server.ts
CHANGED
|
@@ -3,10 +3,14 @@ import { createAppAuth } from "@octokit/auth-app";
|
|
| 3 |
import jwt from "jsonwebtoken";
|
| 4 |
|
| 5 |
// GitHub App configuration - these should be environment variables in production
|
| 6 |
-
const GITHUB_APP_ID = process.env.GITHUB_APP_ID
|
| 7 |
-
const GITHUB_APP_PRIVATE_KEY = process.env.GITHUB_APP_PRIVATE_KEY
|
| 8 |
-
const GITHUB_APP_CLIENT_ID = process.env.GITHUB_APP_CLIENT_ID
|
| 9 |
-
const GITHUB_APP_CLIENT_SECRET = process.env.GITHUB_APP_CLIENT_SECRET
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10 |
|
| 11 |
// For now, we'll hardcode a simple in-memory store
|
| 12 |
// In production, you'd use a database
|
|
@@ -30,7 +34,12 @@ export class GitHubAppAuth {
|
|
| 30 |
* Generate the installation URL for users to authorize the app
|
| 31 |
*/
|
| 32 |
getInstallationUrl(state?: string): string {
|
| 33 |
-
const
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 34 |
const params = new URLSearchParams();
|
| 35 |
|
| 36 |
if (state) {
|
|
@@ -44,9 +53,14 @@ export class GitHubAppAuth {
|
|
| 44 |
* Get OAuth authorization URL for user identity
|
| 45 |
*/
|
| 46 |
getOAuthUrl(state?: string): string {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47 |
const params = new URLSearchParams({
|
| 48 |
client_id: GITHUB_APP_CLIENT_ID,
|
| 49 |
-
redirect_uri:
|
| 50 |
scope: 'user:email',
|
| 51 |
state: state || '',
|
| 52 |
});
|
|
|
|
| 3 |
import jwt from "jsonwebtoken";
|
| 4 |
|
| 5 |
// GitHub App configuration - these should be environment variables in production
|
| 6 |
+
const GITHUB_APP_ID = process.env.GITHUB_APP_ID;
|
| 7 |
+
const GITHUB_APP_PRIVATE_KEY = process.env.GITHUB_APP_PRIVATE_KEY;
|
| 8 |
+
const GITHUB_APP_CLIENT_ID = process.env.GITHUB_APP_CLIENT_ID;
|
| 9 |
+
const GITHUB_APP_CLIENT_SECRET = process.env.GITHUB_APP_CLIENT_SECRET;
|
| 10 |
+
|
| 11 |
+
if (!GITHUB_APP_ID || !GITHUB_APP_PRIVATE_KEY || !GITHUB_APP_CLIENT_ID || !GITHUB_APP_CLIENT_SECRET) {
|
| 12 |
+
throw new Error('Missing required GitHub App environment variables. Please check your .env file.');
|
| 13 |
+
}
|
| 14 |
|
| 15 |
// For now, we'll hardcode a simple in-memory store
|
| 16 |
// In production, you'd use a database
|
|
|
|
| 34 |
* Generate the installation URL for users to authorize the app
|
| 35 |
*/
|
| 36 |
getInstallationUrl(state?: string): string {
|
| 37 |
+
const appName = process.env.GITHUB_APP_NAME;
|
| 38 |
+
if (!appName) {
|
| 39 |
+
throw new Error('GITHUB_APP_NAME environment variable is required for installation URL');
|
| 40 |
+
}
|
| 41 |
+
|
| 42 |
+
const baseUrl = `https://github.com/apps/${appName}/installations/new`;
|
| 43 |
const params = new URLSearchParams();
|
| 44 |
|
| 45 |
if (state) {
|
|
|
|
| 53 |
* Get OAuth authorization URL for user identity
|
| 54 |
*/
|
| 55 |
getOAuthUrl(state?: string): string {
|
| 56 |
+
const callbackUrl = process.env.GITHUB_CALLBACK_URL;
|
| 57 |
+
if (!callbackUrl) {
|
| 58 |
+
throw new Error('GITHUB_CALLBACK_URL environment variable is required');
|
| 59 |
+
}
|
| 60 |
+
|
| 61 |
const params = new URLSearchParams({
|
| 62 |
client_id: GITHUB_APP_CLIENT_ID,
|
| 63 |
+
redirect_uri: callbackUrl,
|
| 64 |
scope: 'user:email',
|
| 65 |
state: state || '',
|
| 66 |
});
|
app/lib/session.server.ts
CHANGED
|
@@ -1,5 +1,20 @@
|
|
| 1 |
import { createCookieSessionStorage } from "@remix-run/node";
|
| 2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3 |
const { getSession, commitSession, destroySession } = createCookieSessionStorage({
|
| 4 |
cookie: {
|
| 5 |
name: "__session",
|
|
@@ -7,21 +22,11 @@ const { getSession, commitSession, destroySession } = createCookieSessionStorage
|
|
| 7 |
maxAge: 60 * 60 * 24 * 30, // 30 days
|
| 8 |
path: "/",
|
| 9 |
sameSite: "lax",
|
| 10 |
-
secrets: [
|
| 11 |
secure: process.env.NODE_ENV === "production",
|
| 12 |
},
|
| 13 |
});
|
| 14 |
|
| 15 |
-
export { getSession, commitSession, destroySession };
|
| 16 |
-
|
| 17 |
-
export interface UserSession {
|
| 18 |
-
userId: string;
|
| 19 |
-
login: string;
|
| 20 |
-
name?: string;
|
| 21 |
-
email?: string;
|
| 22 |
-
avatar_url?: string;
|
| 23 |
-
}
|
| 24 |
-
|
| 25 |
export async function requireUserSession(request: Request): Promise<UserSession> {
|
| 26 |
const session = await getSession(request.headers.get("Cookie"));
|
| 27 |
const userSession = session.get("user");
|
|
|
|
| 1 |
import { createCookieSessionStorage } from "@remix-run/node";
|
| 2 |
|
| 3 |
+
export { getSession, commitSession, destroySession };
|
| 4 |
+
|
| 5 |
+
export interface UserSession {
|
| 6 |
+
userId: string;
|
| 7 |
+
login: string;
|
| 8 |
+
name?: string;
|
| 9 |
+
email?: string;
|
| 10 |
+
avatar_url?: string;
|
| 11 |
+
}
|
| 12 |
+
|
| 13 |
+
const sessionSecret = process.env.SESSION_SECRET;
|
| 14 |
+
if (!sessionSecret) {
|
| 15 |
+
throw new Error('SESSION_SECRET environment variable is required');
|
| 16 |
+
}
|
| 17 |
+
|
| 18 |
const { getSession, commitSession, destroySession } = createCookieSessionStorage({
|
| 19 |
cookie: {
|
| 20 |
name: "__session",
|
|
|
|
| 22 |
maxAge: 60 * 60 * 24 * 30, // 30 days
|
| 23 |
path: "/",
|
| 24 |
sameSite: "lax",
|
| 25 |
+
secrets: [sessionSecret],
|
| 26 |
secure: process.env.NODE_ENV === "production",
|
| 27 |
},
|
| 28 |
});
|
| 29 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 30 |
export async function requireUserSession(request: Request): Promise<UserSession> {
|
| 31 |
const session = await getSession(request.headers.get("Cookie"));
|
| 32 |
const userSession = session.get("user");
|
app/routes/status.tsx
CHANGED
|
@@ -8,12 +8,12 @@ export async function loader({ request }: LoaderFunctionArgs) {
|
|
| 8 |
GITHUB_APP_ID: {
|
| 9 |
value: process.env.GITHUB_APP_ID || null,
|
| 10 |
required: true,
|
| 11 |
-
example: "
|
| 12 |
},
|
| 13 |
GITHUB_APP_NAME: {
|
| 14 |
value: process.env.GITHUB_APP_NAME || null,
|
| 15 |
required: true,
|
| 16 |
-
example: "
|
| 17 |
},
|
| 18 |
GITHUB_APP_PRIVATE_KEY: {
|
| 19 |
value: process.env.GITHUB_APP_PRIVATE_KEY ? "β Set" : null,
|
|
@@ -23,7 +23,7 @@ export async function loader({ request }: LoaderFunctionArgs) {
|
|
| 23 |
GITHUB_APP_CLIENT_ID: {
|
| 24 |
value: process.env.GITHUB_APP_CLIENT_ID || null,
|
| 25 |
required: true,
|
| 26 |
-
example: "
|
| 27 |
},
|
| 28 |
GITHUB_APP_CLIENT_SECRET: {
|
| 29 |
value: process.env.GITHUB_APP_CLIENT_SECRET ? "β Set" : null,
|
|
|
|
| 8 |
GITHUB_APP_ID: {
|
| 9 |
value: process.env.GITHUB_APP_ID || null,
|
| 10 |
required: true,
|
| 11 |
+
example: "your-app-id",
|
| 12 |
},
|
| 13 |
GITHUB_APP_NAME: {
|
| 14 |
value: process.env.GITHUB_APP_NAME || null,
|
| 15 |
required: true,
|
| 16 |
+
example: "your-app-name",
|
| 17 |
},
|
| 18 |
GITHUB_APP_PRIVATE_KEY: {
|
| 19 |
value: process.env.GITHUB_APP_PRIVATE_KEY ? "β Set" : null,
|
|
|
|
| 23 |
GITHUB_APP_CLIENT_ID: {
|
| 24 |
value: process.env.GITHUB_APP_CLIENT_ID || null,
|
| 25 |
required: true,
|
| 26 |
+
example: "your-client-id",
|
| 27 |
},
|
| 28 |
GITHUB_APP_CLIENT_SECRET: {
|
| 29 |
value: process.env.GITHUB_APP_CLIENT_SECRET ? "β Set" : null,
|