try to fix repo access

Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) to 0.1.12 and updates ancestor dependency [express](https://github.com/expressjs/express). These dependencies need to be updated together.


Updates `path-to-regexp` from 0.1.10 to 0.1.12
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.12)

Updates `express` from 4.20.0 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](https://github.com/expressjs/express/compare/4.20.0...4.21.2)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-type: indirect
- dependency-name: express
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

README.md

@@ -73,7 +73,7 @@ In double-anonymous peer-review, the boundary of anonymization is the paper plus
 
 ## How does it work?
 
-Anonymous Github either download the complete repository and anonymize the content of the file or proxy the request to GitHub. In both case, the original and anonymized versions of the file are cached on the server.
+Anonymous Github either downloads the complete repository and anonymizes the content of the file or proxies the request to GitHub. In both cases, the original and anonymized versions of the file are cached on the server.
 
 ## Related tools
 

public/i18n/locale-en.json

@@ -3,6 +3,7 @@
     "unknown_error": "Unknown error, contact the admin.",
     "unreachable": "Anonymous GitHub is unreachable, contact the admin.",
     "request_error": "Unable to download the file, check your connection or contact the admin.",
+    "repo_access_limited": "Access to repository limited by org.",
     "repo_not_found": "The repository is not found.",
     "repo_not_accessible": "Anonymous GitHub is unable to or is forbidden to access the repository.",
     "repository_expired": "The repository is expired",

public/partials/faq.htm

@@ -13,42 +13,6 @@
             role="tablist"
             aria-multiselectable="true"
           >
-            <div class="panel panel-default mb-4">
-              <div class="panel-heading p-3" role="tab" id="heading0">
-                <h3 class="panel-title">
-                  <a
-                    class="collapsed"
-                    role="button"
-                    title=""
-                    data-toggle="collapse"
-                    data-parent="#faq"
-                    href="#download"
-                    aria-expanded="true"
-                    aria-controls="download"
-                  >
-                    Can I download the repository?
-                  </a>
-                </h3>
-              </div>
-              <div
-                id="download"
-                class="panel-collapse collapse"
-                role="tabpanel"
-                aria-labelledby="heading0"
-              >
-                <div class="panel-body p-3">
-                  <p>
-                    It is currently not possible to download an anonymized
-                    repository neither to clone it.
-                    It is technically possible to implement however it 
-                    would require additional processing power and storage. 
-                    I am currently not able to cover the cost of this feature.
-                    If you want to see this feature on Anonymous GitHub, please consider doing a donation.
-                  </p>
-                </div>
-              </div>
-            </div>
-
             <div class="panel panel-default mb-4">
               <div class="panel-heading p-3" role="tab" id="heading6">
                 <h3 class="panel-title">
@@ -75,9 +39,6 @@
                 <div class="panel-body p-3">
                   <p>
                     <ul>
-                      <li>
-                        Anonymous GitHub does not allow to download the repository.
-                      </li>
                       <li>
                         Anonymous GitHub only anonymizes textual files.
                         It does not support the use of a static site generator, such as Jekyll, with GitHub Pages (although Markdown files are converted to HTML without any special formatting).

src/core/GitHubUtils.ts

@@ -28,18 +28,19 @@ export async function checkToken(token: string) {
 export async function getToken(repository: Repository) {
   const span = trace.getTracer("ano-file").startSpan("GHUtils.getToken");
   span.setAttribute("repoId", repository.repoId);
+  console.log("getToken", repository.repoId);
   try {
-    if (repository.model.source.accessToken) {
-      // only check the token if the repo has been visited less than 10 minutes ago
-      if (
-        repository.status == RepositoryStatus.READY &&
-        repository.model.lastView > new Date(Date.now() - 1000 * 60 * 10)
-      ) {
-        return repository.model.source.accessToken;
-      } else if (await checkToken(repository.model.source.accessToken)) {
-        return repository.model.source.accessToken;
-      }
-    }
+    // if (repository.model.source.accessToken) {
+    //   // only check the token if the repo has been visited less than 10 minutes ago
+    //   if (
+    //     repository.status == RepositoryStatus.READY &&
+    //     repository.model.lastView > new Date(Date.now() - 1000 * 60 * 10)
+    //   ) {
+    //     return repository.model.source.accessToken;
+    //   } else if (await checkToken(repository.model.source.accessToken)) {
+    //     return repository.model.source.accessToken;
+    //   }
+    // }
     if (!repository.owner.model.accessTokens?.github) {
       const query = await UserModel.findById(repository.owner.id, {
         accessTokens: 1,

src/core/source/GitHubRepository.ts

@@ -272,6 +272,21 @@ export async function getRepositoryFromGitHub(opt: {
       ).data;
     } catch (error) {
       span.recordException(error as Error);
+      if (
+        error instanceof Error &&
+        error.message.includes(
+          "organization has enabled OAuth App access restrictions"
+        )
+      ) {
+        throw new AnonymousError("repo_access_limited", {
+          httpStatus: 403,
+          object: {
+            owner: opt.owner,
+            repo: opt.repo,
+          },
+          cause: error as Error,
+        });
+      }
       throw new AnonymousError("repo_not_found", {
         httpStatus: (error as any).status,
         object: {

src/server/routes/connection.ts

@@ -10,6 +10,7 @@ import config from "../../config";
 import UserModel from "../../core/model/users/users.model";
 import { IUserDocument } from "../../core/model/users/users.types";
 import AnonymousError from "../../core/AnonymousError";
+import AnonymizedPullRequestModel from "../../core/model/anonymizedPullRequests/anonymizedPullRequests.model";
 
 export function ensureAuthenticated(
   req: express.Request,
@@ -33,6 +34,10 @@ const verify = async (
     user = await UserModel.findOne({ "externalIDs.github": profile.id });
     if (user) {
       user.accessTokens.github = accessToken;
+      await AnonymizedPullRequestModel.updateMany(
+        { owner: user._id },
+        { "source.accessToken": accessToken }
+      );
     } else {
       const photo = profile.photos ? profile.photos[0]?.value : null;
       user = new UserModel({