feat: improvement for the GitHub API Authentication Fix #1421
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Stijnus
changed the title
thecodacus
reviewed
Mar 4, 2025
app/components/@settings/tabs/connections/components/RepositorySelectionDialog.tsx
Show resolved
Hide resolved
All GitHub API calls now use Bearer ${token} format ✅
All other API calls (OpenAI, Netlify, etc.) already use the correct Bearer format ✅
No instances of the old token format remain ✅
The changes we've made ensure:
Higher rate limits (5,000 requests per hour vs 60)
Consistent authentication format across the codebase
Better security by using the modern OAuth 2.0 standard
|
I have made some changes, can you please check.
…On Tue, 4 Mar 2025 at 16:41, Anirban Kar ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In
***@***.***/tabs/connections/components/RepositorySelectionDialog.tsx
<#1421 (comment)>
:
> @@ -159,7 +159,8 @@ export function RepositorySelectionDialog({ isOpen, onClose, onSelect }: Reposit
try {
const response = await fetch('https://api.github.com/user/repos?sort=updated&per_page=100&type=all', {
headers: {
- Authorization: `Bearer ${connection.token}`,
+ Accept: 'application/vnd.github.v3+json',
+ Authorization: `token ${connection.token}`,
},
token ${connection.token} is this correct?
—
Reply to this email directly, view it on GitHub
<#1421 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ARJQVTJZLW4Z6FCLWQD2UNT2SXCQ3AVCNFSM6AAAAABYFJOFLWVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDMNJYGA2DONBVHE>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
GitHub has phased out basic username/password authentication for API access for security reasons. This change has been in effect for a while now as part of GitHub's security improvements. Here's the situation: Why Username/Password Authentication Is No Longer Available Security Improvement: GitHub discontinued basic username/password authentication for API access to enhance security. Industry Standard: This follows the industry trend of moving away from password-based authentication toward token-based authentication for APIs. Better Access Control: Personal access tokens allow for more granular control over permissions compared to using your full account credentials. Your Options for Accessing Private Repositories To access private repositories, you now have these options: Personal Access Token (PAT): This is what we've implemented in the form You create this token in your GitHub account settings It's the most straightforward method for individual users OAuth Apps: More complex to set up but provides a more seamless user experience Requires registering an application with GitHub GitHub Apps: Enterprise-level solution More complex but provides the most granular permissions How to Get a Personal Access Token Getting a token is straightforward: Go to GitHub Settings > Developer settings > Personal access tokens Click "Generate new token" (classic) Give it a name like "Bolt DIY Access" Select the "repo" scope to access private repositories Click "Generate token" Copy the token and paste it into our application Important Considerations Repository Access: You still need to be granted access to the private repository by its owner, regardless of having a token. Token Security: Treat your token like a password - it provides access to your GitHub account based on the permissions you grant it. Token Scope: For accessing private repositories, your token needs the "repo" scope.
thecodacus
reviewed
Mar 6, 2025
app/components/@settings/tabs/connections/components/RepositorySelectionDialog.tsx
Show resolved
Hide resolved
|
@thecodacus made the changes... |
|
looks good to me. the url option should allow user to use any non github url. but that we can do in another PR. |
thecodacus
approved these changes
Mar 8, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
GitHub API Authentication and UI Improvements
Summary
This PR fixes the GitHub API rate limiting issue when downloading templates and improves the UI of the Connections tab.
Changes Made
Fixed GitHub API Rate Limiting Issue
Bearertoken format instead of the oldertokenformatToken Implementation Details
githubToken,githubUsername, andgit:esyshub.st101.workers.devVITE_GITHUB_ACCESS_TOKEN) when cookies are not availableVITE_GITHUB_TOKEN_TYPEenvironment variableImproved Connections Tab UI
These changes ensure that template downloads work properly without hitting rate limits and provide a cleaner, more consistent user interface. The implementation supports both manual token entry through the UI and automatic configuration via environment variables.