Skip to content

Miscellaneous Info

Jump to bottom
David Ong edited this page Feb 2, 2023 · 1 revision

Since we don't have a DG right now I'll put some information here. (regarding workarounds/anything that is not obvious)

GitHub pages deployment

  • Some npm scripts are specific to this:
    • build-base runs vite build with the --base flag set to /RepoSense-wizard/, this is to set the base of the app to URL/RepoSense-wizard
    • prepare-deploy makes a copy of index.html as 404.html, this is due to GitHub pages not natively supporting SPAs. One workaround is to use hash router instead, but this results in a '#' in the URL. This workaround redirects 404s to the base app, which allows vue-router to correctly display the corresponding view. (see https://stackoverflow.com/questions/48521177/404-when-reloading-a-vue-website-published-to-github-pages)

AuthRedirect component

  • GitHub apps only allow one callback URL. This is a problem because in prod we want the callback URL to be the actual deployed URL, but in dev we might want the callback to be localhost. If we set the redirect_uri in the query param to a different subdomain than the callback URL, we will get an error.
  • So the workaround is in dev, we redirect to URL/auth/redirect instead of URL/auth, which then redirects the user to localhost:5173/auth

GitHub auth

As stated in this article, the auth flow is

  1. We redirect user to github to log in
  2. GitHub redirects to our callback url with a code
  3. We need to exchange the code with the app client_secret to get access_token
  4. We can use access_token to authenticate with GitHub API and perform actions on behalf of the user

For step (3), the client_secret cannot be exposed to the client and so that's the need for server-side. Currently using https://github.com/reposense/RepoSense-auth-helper for this

Access token

So far I haven't found a good way to store the access_token without using a server, e.g. localStorage/sessionStorage are vulnerable. Currently it's just stored in memory, so the user will need to re-authenticate after refreshing/separate sessions.

This is similar to CATcher (I think), see https://github.com/CATcher-org/CATcher/issues/1010

Clone this wiki locally