try to fix repo access

2026-02-16 20:22:46 +00:00 · 2025-04-01 22:27:41 +02:00
5 changed files with 41 additions and 50 deletions
--- a/package-lock.json
+++ b/package-lock.json
@@ -4460,12 +4460,11 @@
      }
    },
    "node_modules/@octokit/request-error": {
-      "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-5.1.1.tgz",
-      "integrity": "sha512-v9iyEQJH6ZntoENr9/yXxjuezh4My67CBSu9r6Ve/05Iu5gNgnisNWOsoJHTP6k0Rr0+HQIpnH+kyammu90q/g==",
-      "license": "MIT",
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-5.0.1.tgz",
+      "integrity": "sha512-X7pnyTMV7MgtGmiXBwmO6M5kIPrntOXdyKZLigNfQWSEQzVxR4a4vo49vJjTWX70mPndj8KhfT4Dx+2Ng3vnBQ==",
      "dependencies": {
-        "@octokit/types": "^13.1.0",
+        "@octokit/types": "^12.0.0",
        "deprecation": "^2.0.0",
        "once": "^1.4.0"
      },
@@ -4473,21 +4472,6 @@
        "node": ">= 18"
      }
    },
-    "node_modules/@octokit/request-error/node_modules/@octokit/openapi-types": {
-      "version": "24.2.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-24.2.0.tgz",
-      "integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg==",
-      "license": "MIT"
-    },
-    "node_modules/@octokit/request-error/node_modules/@octokit/types": {
-      "version": "13.10.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.10.0.tgz",
-      "integrity": "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA==",
-      "license": "MIT",
-      "dependencies": {
-        "@octokit/openapi-types": "^24.2.0"
-      }
-    },
    "node_modules/@octokit/rest": {
      "version": "20.0.2",
      "resolved": "https://registry.npmjs.org/@octokit/rest/-/rest-20.0.2.tgz",
@@ -19762,28 +19746,13 @@
      }
    },
    "@octokit/request-error": {
-      "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-5.1.1.tgz",
-      "integrity": "sha512-v9iyEQJH6ZntoENr9/yXxjuezh4My67CBSu9r6Ve/05Iu5gNgnisNWOsoJHTP6k0Rr0+HQIpnH+kyammu90q/g==",
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-5.0.1.tgz",
+      "integrity": "sha512-X7pnyTMV7MgtGmiXBwmO6M5kIPrntOXdyKZLigNfQWSEQzVxR4a4vo49vJjTWX70mPndj8KhfT4Dx+2Ng3vnBQ==",
      "requires": {
-        "@octokit/types": "^13.1.0",
+        "@octokit/types": "^12.0.0",
        "deprecation": "^2.0.0",
        "once": "^1.4.0"
-      },
-      "dependencies": {
-        "@octokit/openapi-types": {
-          "version": "24.2.0",
-          "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-24.2.0.tgz",
-          "integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg=="
-        },
-        "@octokit/types": {
-          "version": "13.10.0",
-          "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.10.0.tgz",
-          "integrity": "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA==",
-          "requires": {
-            "@octokit/openapi-types": "^24.2.0"
-          }
-        }
      }
    },
    "@octokit/rest": {
--- a/public/i18n/locale-en.json
+++ b/public/i18n/locale-en.json
@@ -3,6 +3,7 @@
    "unknown_error": "Unknown error, contact the admin.",
    "unreachable": "Anonymous GitHub is unreachable, contact the admin.",
    "request_error": "Unable to download the file, check your connection or contact the admin.",
+    "repo_access_limited": "Access to repository limited by org.",
    "repo_not_found": "The repository is not found.",
    "repo_not_accessible": "Anonymous GitHub is unable to or is forbidden to access the repository.",
    "repository_expired": "The repository is expired",
--- a/src/core/GitHubUtils.ts
+++ b/src/core/GitHubUtils.ts
@@ -28,18 +28,19 @@ export async function checkToken(token: string) {
 export async function getToken(repository: Repository) {
  const span = trace.getTracer("ano-file").startSpan("GHUtils.getToken");
  span.setAttribute("repoId", repository.repoId);
+  console.log("getToken", repository.repoId);
  try {
-    if (repository.model.source.accessToken) {
-      // only check the token if the repo has been visited less than 10 minutes ago
-      if (
-        repository.status == RepositoryStatus.READY &&
-        repository.model.lastView > new Date(Date.now() - 1000 * 60 * 10)
-      ) {
-        return repository.model.source.accessToken;
-      } else if (await checkToken(repository.model.source.accessToken)) {
-        return repository.model.source.accessToken;
-      }
-    }
+    // if (repository.model.source.accessToken) {
+    //   // only check the token if the repo has been visited less than 10 minutes ago
+    //   if (
+    //     repository.status == RepositoryStatus.READY &&
+    //     repository.model.lastView > new Date(Date.now() - 1000 * 60 * 10)
+    //   ) {
+    //     return repository.model.source.accessToken;
+    //   } else if (await checkToken(repository.model.source.accessToken)) {
+    //     return repository.model.source.accessToken;
+    //   }
+    // }
    if (!repository.owner.model.accessTokens?.github) {
      const query = await UserModel.findById(repository.owner.id, {
        accessTokens: 1,
--- a/src/core/source/GitHubRepository.ts
+++ b/src/core/source/GitHubRepository.ts
@@ -272,6 +272,21 @@ export async function getRepositoryFromGitHub(opt: {
      ).data;
    } catch (error) {
      span.recordException(error as Error);
+      if (
+        error instanceof Error &&
+        error.message.includes(
+          "organization has enabled OAuth App access restrictions"
+        )
+      ) {
+        throw new AnonymousError("repo_access_limited", {
+          httpStatus: 403,
+          object: {
+            owner: opt.owner,
+            repo: opt.repo,
+          },
+          cause: error as Error,
+        });
+      }
      throw new AnonymousError("repo_not_found", {
        httpStatus: (error as any).status,
        object: {
--- a/src/server/routes/connection.ts
+++ b/src/server/routes/connection.ts
@@ -10,6 +10,7 @@ import config from "../../config";
 import UserModel from "../../core/model/users/users.model";
 import { IUserDocument } from "../../core/model/users/users.types";
 import AnonymousError from "../../core/AnonymousError";
+import AnonymizedPullRequestModel from "../../core/model/anonymizedPullRequests/anonymizedPullRequests.model";

 export function ensureAuthenticated(
  req: express.Request,
@@ -33,6 +34,10 @@ const verify = async (
    user = await UserModel.findOne({ "externalIDs.github": profile.id });
    if (user) {
      user.accessTokens.github = accessToken;
+      await AnonymizedPullRequestModel.updateMany(
+        { owner: user._id },
+        { "source.accessToken": accessToken }
+      );
    } else {
      const photo = profile.photos ? profile.photos[0]?.value : null;
      user = new UserModel({