diff --git a/public/i18n/locale-en.json b/public/i18n/locale-en.json index eba9e48..920c1d7 100644 --- a/public/i18n/locale-en.json +++ b/public/i18n/locale-en.json @@ -3,6 +3,7 @@ "unknown_error": "Unknown error, contact the admin.", "unreachable": "Anonymous GitHub is unreachable, contact the admin.", "request_error": "Unable to download the file, check your connection or contact the admin.", + "repo_access_limited": "Access to repository limited by org.", "repo_not_found": "The repository is not found.", "repo_not_accessible": "Anonymous GitHub is unable to or is forbidden to access the repository.", "repository_expired": "The repository is expired", diff --git a/src/core/GitHubUtils.ts b/src/core/GitHubUtils.ts index cf30db1..4366eb0 100644 --- a/src/core/GitHubUtils.ts +++ b/src/core/GitHubUtils.ts @@ -28,18 +28,19 @@ export async function checkToken(token: string) { export async function getToken(repository: Repository) { const span = trace.getTracer("ano-file").startSpan("GHUtils.getToken"); span.setAttribute("repoId", repository.repoId); + console.log("getToken", repository.repoId); try { - if (repository.model.source.accessToken) { - // only check the token if the repo has been visited less than 10 minutes ago - if ( - repository.status == RepositoryStatus.READY && - repository.model.lastView > new Date(Date.now() - 1000 * 60 * 10) - ) { - return repository.model.source.accessToken; - } else if (await checkToken(repository.model.source.accessToken)) { - return repository.model.source.accessToken; - } - } + // if (repository.model.source.accessToken) { + // // only check the token if the repo has been visited less than 10 minutes ago + // if ( + // repository.status == RepositoryStatus.READY && + // repository.model.lastView > new Date(Date.now() - 1000 * 60 * 10) + // ) { + // return repository.model.source.accessToken; + // } else if (await checkToken(repository.model.source.accessToken)) { + // return repository.model.source.accessToken; + // } + // } if (!repository.owner.model.accessTokens?.github) { const query = await UserModel.findById(repository.owner.id, { accessTokens: 1, diff --git a/src/core/source/GitHubRepository.ts b/src/core/source/GitHubRepository.ts index 3d67829..f12bdd9 100644 --- a/src/core/source/GitHubRepository.ts +++ b/src/core/source/GitHubRepository.ts @@ -272,6 +272,21 @@ export async function getRepositoryFromGitHub(opt: { ).data; } catch (error) { span.recordException(error as Error); + if ( + error instanceof Error && + error.message.includes( + "organization has enabled OAuth App access restrictions" + ) + ) { + throw new AnonymousError("repo_access_limited", { + httpStatus: 403, + object: { + owner: opt.owner, + repo: opt.repo, + }, + cause: error as Error, + }); + } throw new AnonymousError("repo_not_found", { httpStatus: (error as any).status, object: { diff --git a/src/server/routes/connection.ts b/src/server/routes/connection.ts index c0891e8..5423212 100644 --- a/src/server/routes/connection.ts +++ b/src/server/routes/connection.ts @@ -10,6 +10,7 @@ import config from "../../config"; import UserModel from "../../core/model/users/users.model"; import { IUserDocument } from "../../core/model/users/users.types"; import AnonymousError from "../../core/AnonymousError"; +import AnonymizedPullRequestModel from "../../core/model/anonymizedPullRequests/anonymizedPullRequests.model"; export function ensureAuthenticated( req: express.Request, @@ -33,6 +34,10 @@ const verify = async ( user = await UserModel.findOne({ "externalIDs.github": profile.id }); if (user) { user.accessTokens.github = accessToken; + await AnonymizedPullRequestModel.updateMany( + { owner: user._id }, + { "source.accessToken": accessToken } + ); } else { const photo = profile.photos ? profile.photos[0]?.value : null; user = new UserModel({