Fix .bat anonymization, truncated-tree misses, submodule warning, account deletion (#742)

* fix: anonymize Windows batch scripts (#735)

mime-types maps .bat to application/x-msdownload, the same MIME type as
.exe/.dll, so batch scripts were classified as binary and streamed
through without any anonymization. Special-case .bat/.cmd as text before
the MIME lookup, keeping .exe/.dll binary.

* fix: recover files missing from truncated tree listings (#738)

GitHub truncates tree listings of very large repositories. Folders whose
listing was truncated are recorded in truncatedFolders, but files that
fell outside the listing never reached the database, so requesting them
returned 404 file_not_found even though they exist on GitHub — and a
force refresh could not help.

When a file lookup misses and its directory is under a truncated folder,
fetch the file metadata directly from GitHub's contents API (object
media type, so it works past the 1MB inline limit), cache it in the
database, and serve it normally.

* feat: warn when a repository uses git submodules (#737)

GitHub archives and tree listings never include submodule contents, so
submodules end up as empty folders in the anonymized repository, which
surprises users. Detect a root .gitmodules file and show a warning
banner in the explorer explaining that submodule contents are not
included.

* feat: allow users to delete their account (#741)

Add DELETE /api/user: removes all anonymized repositories, gists, and
pull requests owned by the user, best-effort revokes the GitHub OAuth
grant, and scrubs personal data (username, emails, tokens, GitHub id,
photo) from the user record. The record itself is kept with a
placeholder username so removed repoIds stay reserved and owner
references remain resolvable.

The settings page gains an Account section with a confirmed delete
button.

* fix: add missing error translations for token_expired and job_is_active

The error-code coverage test failed because both backend codes had no
frontend translation.
This commit is contained in:
Thomas Durieux
2026-07-02 14:35:48 +03:00
committed by GitHub
parent e4e102eccd
commit 839582c657
13 changed files with 267 additions and 4 deletions
+1 -1
View File
@@ -1,6 +1,6 @@
{
"core.min.js": "core.6332b3c288.min.js",
"vendor.min.js": "vendor.d7d972f465.min.js",
"vendor.min.js": "vendor.2b972dfbd5.min.js",
"mermaid.min.js": "mermaid.f848a72d16.min.js",
"all.min.css": "all.1a9babcb45.min.css"
}
+5 -2
View File
@@ -108,12 +108,15 @@
"cannot_coauthor_self": "You cannot add yourself as a co-author.",
"storage_write_size_mismatch": "The downloaded file was smaller than expected. The upstream source may have returned an incomplete response — please try again.",
"storage_read_error": "An error occurred while reading the file from storage — please try again.",
"upstream_error": "A temporary error occurred while fetching from GitHub — please try again."
"upstream_error": "A temporary error occurred while fetching from GitHub — please try again.",
"token_expired": "Your GitHub access token has expired. Please log out and log in again to refresh it.",
"job_is_active": "This job is currently running — wait for it to finish or remove it first."
},
"WARNINGS": {
"page_not_enabled_on_repo": "GitHub Pages is not enabled on this repository. Enable it in the repository's Settings → Pages on GitHub, then refresh.",
"page_branch_mismatch": "GitHub Pages on this repository is served from the '{{pageBranch}}' branch, but you selected '{{selectedBranch}}'. Switch the branch above to '{{pageBranch}}' to anonymize the Pages site.",
"folder_truncated": "This folder has more than 10,000 entries; only a partial listing is shown.",
"repo_truncated": "Some folders in this repository have too many files to be fully listed. Affected folders are marked with a warning icon."
"repo_truncated": "Some folders in this repository have too many files to be fully listed. Affected folders are marked with a warning icon.",
"submodules_not_included": "This repository uses git submodules. Submodule contents are not included in the anonymized repository and appear as empty folders."
}
}
+8
View File
@@ -50,6 +50,14 @@
<i class="fas fa-exclamation-triangle"></i>
{{ 'WARNINGS.repo_truncated' | translate }}
</div>
<div
ng-if="options.hasSubmodules"
class="paper-inline-warning"
role="alert"
>
<i class="fas fa-exclamation-triangle"></i>
{{ 'WARNINGS.submodules_not_included' | translate }}
</div>
<tree class="files" file="files" search-query="fileSearchQuery" search-results="fileSearchResults"></tree>
</div>
<div class="leftCol-foot">
+15
View File
@@ -12,6 +12,7 @@
<a href="#settings-rendering">Rendering</a>
<a href="#settings-features">Features</a>
<a href="#settings-expiration">Expiration</a>
<a href="#settings-account">Account</a>
</nav>
</aside>
@@ -168,6 +169,20 @@
</button>
</div>
</form>
<section id="settings-account" class="paper-settings-section">
<div class="paper-section-eyebrow">Account</div>
<p class="form-text text-muted">
Deleting your account removes all your anonymized repositories,
gists, and pull requests, revokes the application's access to your
GitHub account, and erases your personal data (username, email,
access tokens) from our database. This cannot be undone.
</p>
<div class="alert alert-danger" role="alert" ng-if="deleteError" ng-bind="deleteError"></div>
<button type="button" class="btn btn-danger" ng-click="deleteAccount()" ng-disabled="deletingAccount">
{{ deletingAccount ? 'Deleting…' : 'Delete my account' }}
</button>
</section>
</div>
</div>
</div>
+20
View File
@@ -1161,6 +1161,26 @@ angular
}
);
};
$scope.deleteAccount = () => {
if (
!confirm(
"Delete your account? All your anonymized repositories, gists, and pull requests will be removed, and your personal data will be erased. This cannot be undone."
)
)
return;
$scope.deletingAccount = true;
$http.delete("/api/user").then(
() => {
window.location.href = "/";
},
() => {
$scope.deletingAccount = false;
$scope.deleteError =
"Unable to delete the account. Please try again.";
}
);
};
},
])
.controller("claimController", [
+1 -1
View File
File diff suppressed because one or more lines are too long