[Help] Cannot access private repos via github oauth · alanshaw/david-www#375

(1 评论) (0 反应) (0 负责人)JavaScript (733 star) (177 fork)batch import

bughelp wanted

描述

Following the optional "sign in" feature on the README, I attempted to setup github oauth with a privately hosted david-www (AWS Elastic Beanstalk).

:+1: Works with public repos in AWS :+1: Works with private repos with personal token via .davidrc :+1: Returns ?success when using oauth flow

Update .davidrc

{
  "github": {
    "oauth": {
      "clientId": "",
      "secret": ""
    }
  }

Request crsf-token: http://david-www.devtools.biobright.org/csrf-token.json
Follow github tutorial on oauth, constructing the url: https://github.com/login/oauth/authorize?client_id=<>&scope=repo,user,read:org&state=<csrf-token>
Github shows the user count increase / successful

:+1: Public repos still work :hankey: Private repos fail with 502 Bad Gateway :hankey:

Failed to get package.json <org> <repo> undefined undefined { [Error: {"message":"Not Found","documentation_url":"https://developer.github.com/v3"}]
  message: '{"message":"Not Found","documentation_url":"https://developer.github.com/v3"}',
  code: 404,
  status: 'Not Found',
  headers:
   { server: 'GitHub.com',
     date: 'Thu, 20 Apr 2017 02:22:39 GMT',
     'content-type': 'application/json; charset=utf-8',
     'content-length': '77',
     connection: 'close',
     status: '404 Not Found',
     'x-ratelimit-limit': '60',
     'x-ratelimit-remaining': '45',
     'x-ratelimit-reset': '1492658501',
     'x-github-media-type': 'github.v3; format=json',
     'access-control-expose-headers': 'ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval',
     'access-control-allow-origin': '*',
     'content-security-policy': 'default-src \'none\'',
     'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
     'x-content-type-options': 'nosniff',
     'x-frame-options': 'deny',
     'x-xss-protection': '1; mode=block',
     'x-github-request-id': '<>' } }
/var/app/current/node_modules/hoek/lib/index.js:736
    throw new Error(msgs.join(' ') || 'Unknown error');
    ^

Error: Cannot provide statusCode or message with boom error
    at Object.exports.assert (/var/app/current/node_modules/hoek/lib/index.js:736:11)
    at Object.exports.wrap (/var/app/current/node_modules/boom/lib/index.js:76:10)
    at withManifestAndInfo (/var/app/current/dist/routes/api/project.js:26:43)
    at manifest.getManifest (/var/app/current/dist/routes/helpers/with-manifest-and-info.js:37:25)
    at batch.call.cb (/var/app/current/dist/lib/manifest.js:111:45)
    at Array.forEach (native)
    at Batch.call (/var/app/current/node_modules/david/lib/batch.js:33:7)
    at gh.repos.getContent.err (/var/app/current/dist/lib/manifest.js:111:24)
    at __dirname.sendError (/var/app/current/node_modules/github/lib/index.js:785:13)
    at /var/app/current/node_modules/github/lib/index.js:792:29

Additional debugging... :question: user.json ==> null :+1: Logged the access_token in routes/session.js. Used the token in .davidrc, and I can access private repos just fine ==> suggests that scopes are appropriate :+1: Logged to verified that req.session.get('session/access-token') and req.session.get('session/user')) are indeed set ==> application defo has correct credentials stored in session :question: Unclear if linked to #366

Any ideas?

贡献者指南

技术栈: javascriptnodejsrest api
领域: authenticationbackend
议题类型: bug
难度: 3
预计时间: 1-3 hours
活动状态: stale
清晰度: needs investigation
前置要求: basic OAuth knowledgeGitHub API understandingNode.js debugging skills
新手友好度: 25
研究方向: Investigate why OAuth access token fails to retrieve private repos. Check `routes/session.js` for token storage and `dist/lib/manifest.js` for how the token is used in API calls. Compare with working token from `.davidrc`. The 502 suggests a crash; look at the stack trace in `withManifestAndInfo` and `manifest.getManifest`. Test with a private repo using the same token via curl to isolate the issue.