try to fix repo access

public/i18n/locale-en.json

@@ -3,6 +3,7 @@
     "unknown_error": "Unknown error, contact the admin.",
     "unreachable": "Anonymous GitHub is unreachable, contact the admin.",
     "request_error": "Unable to download the file, check your connection or contact the admin.",
+    "repo_access_limited": "Access to repository limited by org.",
     "repo_not_found": "The repository is not found.",
     "repo_not_accessible": "Anonymous GitHub is unable to or is forbidden to access the repository.",
     "repository_expired": "The repository is expired",

src/core/GitHubUtils.ts

@@ -28,18 +28,19 @@ export async function checkToken(token: string) {
 export async function getToken(repository: Repository) {
   const span = trace.getTracer("ano-file").startSpan("GHUtils.getToken");
   span.setAttribute("repoId", repository.repoId);
+  console.log("getToken", repository.repoId);
   try {
-    if (repository.model.source.accessToken) {
+    // if (repository.model.source.accessToken) {
-      // only check the token if the repo has been visited less than 10 minutes ago
+    //   // only check the token if the repo has been visited less than 10 minutes ago
-      if (
+    //   if (
-        repository.status == RepositoryStatus.READY &&
+    //     repository.status == RepositoryStatus.READY &&
-        repository.model.lastView > new Date(Date.now() - 1000 * 60 * 10)
+    //     repository.model.lastView > new Date(Date.now() - 1000 * 60 * 10)
-      ) {
+    //   ) {
-        return repository.model.source.accessToken;
+    //     return repository.model.source.accessToken;
-      } else if (await checkToken(repository.model.source.accessToken)) {
+    //   } else if (await checkToken(repository.model.source.accessToken)) {
-        return repository.model.source.accessToken;
+    //     return repository.model.source.accessToken;
-      }
+    //   }
-    }
+    // }
     if (!repository.owner.model.accessTokens?.github) {
       const query = await UserModel.findById(repository.owner.id, {
         accessTokens: 1,

src/core/source/GitHubRepository.ts

@@ -272,6 +272,21 @@ export async function getRepositoryFromGitHub(opt: {
       ).data;
     } catch (error) {
       span.recordException(error as Error);
+      if (
+        error instanceof Error &&
+        error.message.includes(
+          "organization has enabled OAuth App access restrictions"
+        )
+      ) {
+        throw new AnonymousError("repo_access_limited", {
+          httpStatus: 403,
+          object: {
+            owner: opt.owner,
+            repo: opt.repo,
+          },
+          cause: error as Error,
+        });
+      }
       throw new AnonymousError("repo_not_found", {
         httpStatus: (error as any).status,
         object: {

src/server/routes/connection.ts

@@ -10,6 +10,7 @@ import config from "../../config";
 import UserModel from "../../core/model/users/users.model";
 import { IUserDocument } from "../../core/model/users/users.types";
 import AnonymousError from "../../core/AnonymousError";
+import AnonymizedPullRequestModel from "../../core/model/anonymizedPullRequests/anonymizedPullRequests.model";
 
 export function ensureAuthenticated(
   req: express.Request,
@@ -33,6 +34,10 @@ const verify = async (
     user = await UserModel.findOne({ "externalIDs.github": profile.id });
     if (user) {
       user.accessTokens.github = accessToken;
+      await AnonymizedPullRequestModel.updateMany(
+        { owner: user._id },
+        { "source.accessToken": accessToken }
+      );
     } else {
       const photo = profile.photos ? profile.photos[0]?.value : null;
       user = new UserModel({