try to fix repo access

package-lock.json

@@ -3954,10 +3954,9 @@
       }
     },
     "node_modules/@mongodb-js/saslprep": {
-      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/@mongodb-js/saslprep/-/saslprep-1.2.1.tgz",
-      "integrity": "sha512-1NCa8GsZ+OFLTw5KkKQS22wLS+Rs+y02sgkhr99Pm4OSXtSDHCJyq0uscPF0qA86ipGYH4PwtC2+a8Y4RKkCcg==",
-      "license": "MIT",
+      "version": "1.1.5",
+      "resolved": "https://registry.npmjs.org/@mongodb-js/saslprep/-/saslprep-1.1.5.tgz",
+      "integrity": "sha512-XLNOMH66KhJzUJNwT/qlMnS4WsNDWD5ASdyaSH3EtK+F4r/CFGa3jT4GNi4mfOitGvWXtdLgQJkQjxSVrio+jA==",
       "optional": true,
       "dependencies": {
         "sparse-bitfield": "^3.0.3"
@@ -8983,14 +8982,12 @@
     "node_modules/@types/webidl-conversions": {
       "version": "7.0.3",
       "resolved": "https://registry.npmjs.org/@types/webidl-conversions/-/webidl-conversions-7.0.3.tgz",
-      "integrity": "sha512-CiJJvcRtIgzadHCYXw7dqEnMNRjhGZlYK05Mj9OyktqV8uVT8fD2BFOB7S1uwBE3Kj2Z+4UyPmFw/Ixgw/LAlA==",
-      "license": "MIT"
+      "integrity": "sha512-CiJJvcRtIgzadHCYXw7dqEnMNRjhGZlYK05Mj9OyktqV8uVT8fD2BFOB7S1uwBE3Kj2Z+4UyPmFw/Ixgw/LAlA=="
     },
     "node_modules/@types/whatwg-url": {
       "version": "8.2.2",
       "resolved": "https://registry.npmjs.org/@types/whatwg-url/-/whatwg-url-8.2.2.tgz",
       "integrity": "sha512-FtQu10RWgn3D9U4aazdwIE2yzphmTJREDqNdODHrbrZmmMqI0vMheC/6NE/J1Yveaj8H+ela+YwWTjq5PGmuhA==",
-      "license": "MIT",
       "dependencies": {
         "@types/node": "*",
         "@types/webidl-conversions": "*"
@@ -9572,7 +9569,6 @@
       "version": "5.5.1",
       "resolved": "https://registry.npmjs.org/bson/-/bson-5.5.1.tgz",
       "integrity": "sha512-ix0EwukN2EpC0SRWIj/7B5+A6uQMQy6KMREI9qQqvgpkV2frH63T0UDVd1SYedL6dNCmDBYB3QtXi4ISk9YT+g==",
-      "license": "Apache-2.0",
       "engines": {
         "node": ">=14.20.1"
       }
@@ -12143,7 +12139,6 @@
       "version": "9.0.5",
       "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-9.0.5.tgz",
       "integrity": "sha512-zHtQzGojZXTwZTHQqra+ETKd4Sn3vgi7uBmlPoXVWZqYvuKmtI0l/VZTjqGmJY9x88GGOaZ9+G9ES8hC4T4X8g==",
-      "license": "MIT",
       "dependencies": {
         "jsbn": "1.1.0",
         "sprintf-js": "^1.1.3"
@@ -12484,8 +12479,7 @@
     "node_modules/jsbn": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-1.1.0.tgz",
-      "integrity": "sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A==",
-      "license": "MIT"
+      "integrity": "sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A=="
     },
     "node_modules/json-bigint": {
       "version": "1.0.0",
@@ -12945,7 +12939,6 @@
       "version": "1.5.0",
       "resolved": "https://registry.npmjs.org/memory-pager/-/memory-pager-1.5.0.tgz",
       "integrity": "sha512-ZS4Bp4r/Zoeq6+NLJpP+0Zzm0pR8whtGPf1XExKLJBAczGMnSi3It14OiNCStjQjM6NU1okjQGSxgEZN8eBYKg==",
-      "license": "MIT",
       "optional": true
     },
     "node_modules/merge-descriptors": {
@@ -13257,7 +13250,6 @@
       "version": "2.6.0",
       "resolved": "https://registry.npmjs.org/mongodb-connection-string-url/-/mongodb-connection-string-url-2.6.0.tgz",
       "integrity": "sha512-WvTZlI9ab0QYtTYnuMLgobULWhokRjtC7db9LtcVfJ+Hsnyr5eo6ZtNAt3Ly24XZScGMelOcGtm7lSn0332tPQ==",
-      "license": "Apache-2.0",
       "dependencies": {
         "@types/whatwg-url": "^8.2.1",
         "whatwg-url": "^11.0.0"
@@ -13267,7 +13259,6 @@
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/tr46/-/tr46-3.0.0.tgz",
       "integrity": "sha512-l7FvfAHlcmulp8kr+flpQZmVwtu7nfRV7NZujtN0OqES8EL4O4e0qqzL0DC5gAvx/ZC/9lk6rhcUwYvkBnBnYA==",
-      "license": "MIT",
       "dependencies": {
         "punycode": "^2.1.1"
       },
@@ -13279,7 +13270,6 @@
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-7.0.0.tgz",
       "integrity": "sha512-VwddBukDzu71offAQR975unBIGqfKZpM+8ZX6ySk8nYhVoo5CYaZyzt3YBvYtRtO+aoGlqxPg/B87NGVZ/fu6g==",
-      "license": "BSD-2-Clause",
       "engines": {
         "node": ">=12"
       }
@@ -13288,7 +13278,6 @@
       "version": "11.0.0",
       "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-11.0.0.tgz",
       "integrity": "sha512-RKT8HExMpoYx4igMiVMY83lN6UeITKJlBQ+vR/8ZJ8OCdSiN3RwCq+9gH0+Xzj0+5IrM6i4j/6LuvzbZIQgEcQ==",
-      "license": "MIT",
       "dependencies": {
         "tr46": "^3.0.0",
         "webidl-conversions": "^7.0.0"
@@ -13298,14 +13287,13 @@
       }
     },
     "node_modules/mongoose": {
-      "version": "7.8.4",
-      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-7.8.4.tgz",
-      "integrity": "sha512-qqQ7imsb9lyrW1jmYj6/wDiSewRtd/gpOU2Vdy1AMRBT7jrghKnoDMbC3keFUzZ0iyo3ZcYumisPKFnap5R4zQ==",
-      "license": "MIT",
+      "version": "7.6.10",
+      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-7.6.10.tgz",
+      "integrity": "sha512-vfvGxXwFk6rZVRaMC+8pgXj1uOR2RafZpgaA3fO6ygDJN7dXnBQ3ehuacwaVD+U3hmZetqHimORJhvLEpdRl1w==",
       "dependencies": {
         "bson": "^5.5.0",
         "kareem": "2.5.1",
-        "mongodb": "5.9.2",
+        "mongodb": "5.9.1",
         "mpath": "0.9.0",
         "mquery": "5.0.0",
         "ms": "2.1.3",
@@ -13320,10 +13308,9 @@
       }
     },
     "node_modules/mongoose/node_modules/mongodb": {
-      "version": "5.9.2",
-      "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-5.9.2.tgz",
-      "integrity": "sha512-H60HecKO4Bc+7dhOv4sJlgvenK4fQNqqUIlXxZYQNbfEWSALGAwGoyJd/0Qwk4TttFXUOHJ2ZJQe/52ScaUwtQ==",
-      "license": "Apache-2.0",
+      "version": "5.9.1",
+      "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-5.9.1.tgz",
+      "integrity": "sha512-NBGA8AfJxGPeB12F73xXwozt8ZpeIPmCUeWRwl9xejozTXFes/3zaep9zhzs1B/nKKsw4P3I4iPfXl3K7s6g+Q==",
       "dependencies": {
         "bson": "^5.5.0",
         "mongodb-connection-string-url": "^2.6.0",
@@ -14457,7 +14444,6 @@
       "version": "2.3.1",
       "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz",
       "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==",
-      "license": "MIT",
       "engines": {
         "node": ">=6"
       }
@@ -15108,7 +15094,6 @@
       "version": "4.2.0",
       "resolved": "https://registry.npmjs.org/smart-buffer/-/smart-buffer-4.2.0.tgz",
       "integrity": "sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg==",
-      "license": "MIT",
       "engines": {
         "node": ">= 6.0.0",
         "npm": ">= 3.0.0"
@@ -15125,10 +15110,9 @@
       }
     },
     "node_modules/socks": {
-      "version": "2.8.4",
-      "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.4.tgz",
-      "integrity": "sha512-D3YaD0aRxR3mEcqnidIs7ReYJFVzWdd6fXJYUM8ixcQcJRGTka/b3saV0KflYhyVJXKhb947GndU35SxYNResQ==",
-      "license": "MIT",
+      "version": "2.8.1",
+      "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.1.tgz",
+      "integrity": "sha512-B6w7tkwNid7ToxjZ08rQMT8M9BJAf8DKx8Ft4NivzH0zBUfd6jldGcisJn/RLgxcX3FPNDdNQCUEMMT79b+oCQ==",
       "dependencies": {
         "ip-address": "^9.0.5",
         "smart-buffer": "^4.2.0"
@@ -15165,7 +15149,6 @@
       "version": "3.0.3",
       "resolved": "https://registry.npmjs.org/sparse-bitfield/-/sparse-bitfield-3.0.3.tgz",
       "integrity": "sha512-kvzhi7vqKTfkh0PZU+2D2PIllw2ymqJKujUcyPMd9Y75Nv4nPbGJZXNhxsgdQab2BmlDct1YnfQCguEvHr7VsQ==",
-      "license": "MIT",
       "optional": true,
       "dependencies": {
         "memory-pager": "^1.0.2"
@@ -15215,8 +15198,7 @@
     "node_modules/sprintf-js": {
       "version": "1.1.3",
       "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.1.3.tgz",
-      "integrity": "sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA==",
-      "license": "BSD-3-Clause"
+      "integrity": "sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA=="
     },
     "node_modules/ssri": {
       "version": "10.0.5",
@@ -19437,9 +19419,9 @@
       "integrity": "sha512-iUKgm52T8HOE/makSxjqoWhe95ZJA1/G1sYsGev2JDKUSS14KAgg1LHb+Ba+IPow0xflbnSkOsZcO08C7w1gYw=="
     },
     "@mongodb-js/saslprep": {
-      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/@mongodb-js/saslprep/-/saslprep-1.2.1.tgz",
-      "integrity": "sha512-1NCa8GsZ+OFLTw5KkKQS22wLS+Rs+y02sgkhr99Pm4OSXtSDHCJyq0uscPF0qA86ipGYH4PwtC2+a8Y4RKkCcg==",
+      "version": "1.1.5",
+      "resolved": "https://registry.npmjs.org/@mongodb-js/saslprep/-/saslprep-1.1.5.tgz",
+      "integrity": "sha512-XLNOMH66KhJzUJNwT/qlMnS4WsNDWD5ASdyaSH3EtK+F4r/CFGa3jT4GNi4mfOitGvWXtdLgQJkQjxSVrio+jA==",
       "optional": true,
       "requires": {
         "sparse-bitfield": "^3.0.3"
@@ -26504,13 +26486,13 @@
       }
     },
     "mongoose": {
-      "version": "7.8.4",
-      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-7.8.4.tgz",
-      "integrity": "sha512-qqQ7imsb9lyrW1jmYj6/wDiSewRtd/gpOU2Vdy1AMRBT7jrghKnoDMbC3keFUzZ0iyo3ZcYumisPKFnap5R4zQ==",
+      "version": "7.6.10",
+      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-7.6.10.tgz",
+      "integrity": "sha512-vfvGxXwFk6rZVRaMC+8pgXj1uOR2RafZpgaA3fO6ygDJN7dXnBQ3ehuacwaVD+U3hmZetqHimORJhvLEpdRl1w==",
       "requires": {
         "bson": "^5.5.0",
         "kareem": "2.5.1",
-        "mongodb": "5.9.2",
+        "mongodb": "5.9.1",
         "mpath": "0.9.0",
         "mquery": "5.0.0",
         "ms": "2.1.3",
@@ -26518,9 +26500,9 @@
       },
       "dependencies": {
         "mongodb": {
-          "version": "5.9.2",
-          "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-5.9.2.tgz",
-          "integrity": "sha512-H60HecKO4Bc+7dhOv4sJlgvenK4fQNqqUIlXxZYQNbfEWSALGAwGoyJd/0Qwk4TttFXUOHJ2ZJQe/52ScaUwtQ==",
+          "version": "5.9.1",
+          "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-5.9.1.tgz",
+          "integrity": "sha512-NBGA8AfJxGPeB12F73xXwozt8ZpeIPmCUeWRwl9xejozTXFes/3zaep9zhzs1B/nKKsw4P3I4iPfXl3K7s6g+Q==",
           "requires": {
             "@mongodb-js/saslprep": "^1.1.0",
             "bson": "^5.5.0",
@@ -27821,9 +27803,9 @@
       "dev": true
     },
     "socks": {
-      "version": "2.8.4",
-      "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.4.tgz",
-      "integrity": "sha512-D3YaD0aRxR3mEcqnidIs7ReYJFVzWdd6fXJYUM8ixcQcJRGTka/b3saV0KflYhyVJXKhb947GndU35SxYNResQ==",
+      "version": "2.8.1",
+      "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.1.tgz",
+      "integrity": "sha512-B6w7tkwNid7ToxjZ08rQMT8M9BJAf8DKx8Ft4NivzH0zBUfd6jldGcisJn/RLgxcX3FPNDdNQCUEMMT79b+oCQ==",
       "requires": {
         "ip-address": "^9.0.5",
         "smart-buffer": "^4.2.0"

public/i18n/locale-en.json

@@ -3,6 +3,7 @@
     "unknown_error": "Unknown error, contact the admin.",
     "unreachable": "Anonymous GitHub is unreachable, contact the admin.",
     "request_error": "Unable to download the file, check your connection or contact the admin.",
+    "repo_access_limited": "Access to repository limited by org.",
     "repo_not_found": "The repository is not found.",
     "repo_not_accessible": "Anonymous GitHub is unable to or is forbidden to access the repository.",
     "repository_expired": "The repository is expired",

src/core/GitHubUtils.ts

@@ -28,18 +28,19 @@ export async function checkToken(token: string) {
 export async function getToken(repository: Repository) {
   const span = trace.getTracer("ano-file").startSpan("GHUtils.getToken");
   span.setAttribute("repoId", repository.repoId);
+  console.log("getToken", repository.repoId);
   try {
-    if (repository.model.source.accessToken) {
-      // only check the token if the repo has been visited less than 10 minutes ago
-      if (
-        repository.status == RepositoryStatus.READY &&
-        repository.model.lastView > new Date(Date.now() - 1000 * 60 * 10)
-      ) {
-        return repository.model.source.accessToken;
-      } else if (await checkToken(repository.model.source.accessToken)) {
-        return repository.model.source.accessToken;
-      }
-    }
+    // if (repository.model.source.accessToken) {
+    //   // only check the token if the repo has been visited less than 10 minutes ago
+    //   if (
+    //     repository.status == RepositoryStatus.READY &&
+    //     repository.model.lastView > new Date(Date.now() - 1000 * 60 * 10)
+    //   ) {
+    //     return repository.model.source.accessToken;
+    //   } else if (await checkToken(repository.model.source.accessToken)) {
+    //     return repository.model.source.accessToken;
+    //   }
+    // }
     if (!repository.owner.model.accessTokens?.github) {
       const query = await UserModel.findById(repository.owner.id, {
         accessTokens: 1,

src/core/source/GitHubRepository.ts

@@ -272,6 +272,21 @@ export async function getRepositoryFromGitHub(opt: {
       ).data;
     } catch (error) {
       span.recordException(error as Error);
+      if (
+        error instanceof Error &&
+        error.message.includes(
+          "organization has enabled OAuth App access restrictions"
+        )
+      ) {
+        throw new AnonymousError("repo_access_limited", {
+          httpStatus: 403,
+          object: {
+            owner: opt.owner,
+            repo: opt.repo,
+          },
+          cause: error as Error,
+        });
+      }
       throw new AnonymousError("repo_not_found", {
         httpStatus: (error as any).status,
         object: {

src/server/routes/connection.ts

@@ -10,6 +10,7 @@ import config from "../../config";
 import UserModel from "../../core/model/users/users.model";
 import { IUserDocument } from "../../core/model/users/users.types";
 import AnonymousError from "../../core/AnonymousError";
+import AnonymizedPullRequestModel from "../../core/model/anonymizedPullRequests/anonymizedPullRequests.model";
 
 export function ensureAuthenticated(
   req: express.Request,
@@ -33,6 +34,10 @@ const verify = async (
     user = await UserModel.findOne({ "externalIDs.github": profile.id });
     if (user) {
       user.accessTokens.github = accessToken;
+      await AnonymizedPullRequestModel.updateMany(
+        { owner: user._id },
+        { "source.accessToken": accessToken }
+      );
     } else {
       const photo = profile.photos ? profile.photos[0]?.value : null;
       user = new UserModel({