Conversation
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
homeles
force-pushed
the
secure-settings-page-v2
branch
from
da9fd56 to
d81b566
Compare
homeles
force-pushed
the
secure-settings-page-v2
branch
from
d81b566 to
f9b5d38
Compare
- Improved GitHub token handling in resolvers and routes - Added validation to prevent empty token requests - Fixed enterprise name loading in Reports page - Enhanced token validation script with better error messages - Updated documentation with authentication troubleshooting guide
homeles
force-pushed
the
secure-settings-page-v2
branch
from
f9b5d38 to
35b126c
Compare
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull Request Overview
This PR implements a comprehensive security update to protect the settings page and fix client-side credential exposure vulnerabilities. The changes move sensitive credentials from client-side code to secure server-side handling and add authentication protection to the settings page.
Key changes:
- Removed all sensitive credentials from client-side code and moved authentication to server-side endpoints
- Added username/password authentication protection for the Settings page
- Implemented server-side token handling for GitHub API calls with fallback to environment variables
Reviewed Changes
Copilot reviewed 21 out of 21 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| server/src/schema/resolvers.ts | Updated GraphQL resolvers to use server-side tokens and added validation |
| server/src/routes/migrationRoutes.ts | Added token fallback logic and new enterprises list endpoint |
| server/src/routes/configRoutes.ts | New endpoint to safely expose GitHub configuration status |
| server/src/routes/authRoutes.ts | New authentication endpoint with secure credential validation |
| server/src/index.ts | Updated GraphQL context to use environment tokens by default |
| server/scripts/check-github-config.sh | Added GitHub token validation script for container startup |
| server/Dockerfile | Modified to run validation script on startup |
| client/src/utils/AuthContext.tsx | New authentication context using server-side validation |
| client/src/pages/Settings.tsx | Updated to use server-side config and authentication |
| client/src/components/ProtectedRoute.tsx | New component to protect routes with authentication |
| client/src/components/LoginForm.tsx | New login form component |
| client/vite.config.ts | Removed sensitive environment variables from client build |
| 'Authorization': token.startsWith('Bearer ') ? token : `Bearer ${token}`, | ||
| 'Authorization': token && token.trim() !== '' ? | ||
| (token.startsWith('Bearer ') ? token : `Bearer ${token}`) : | ||
| `Bearer ${process.env.GITHUB_TOKEN || ''}`, |
There was a problem hiding this comment.
This complex ternary expression is duplicated in multiple places and difficult to read. Consider extracting it into a helper function like getAuthorizationHeader(token: string): string to improve maintainability and reduce duplication.
| `Bearer ${process.env.GITHUB_TOKEN || ''}`, | |
| 'Authorization': getAuthorizationHeader(token), |
| const padded2 = Buffer.concat([buf2, Buffer.alloc(maxLength - buf2.length)]); | ||
| return [padded1, padded2]; | ||
| } | ||
|
|
There was a problem hiding this comment.
The padBuffers function is defined inside the route handler but could be extracted to module level or a utilities file since it's a pure function that could be reused elsewhere.
| variables: { | ||
| enterpriseName: selectedEnterprise, | ||
| token: accessToken | ||
| token: '' // Token is stored server-side now and passed from there |
There was a problem hiding this comment.
Passing an empty string for token with a comment is not self-documenting. Consider using a constant like SERVER_SIDE_TOKEN or undefined to make the intent clearer.
Note: See the diff below for a potential fix:
@@ -371,7 +374,7 @@
await checkOrgAccessMutation({
variables: {
enterpriseName: selectedEnterprise,
- token: '' // Token is stored server-side now and passed from there
+ token: SERVER_SIDE_TOKEN // Token is stored server-side now and passed from there
}
});
| // Check if we have a stored auth token | ||
| const storedAuth = sessionStorage.getItem('adminAuth'); | ||
| return storedAuth === 'true'; | ||
| }); |
There was a problem hiding this comment.
Using sessionStorage for authentication state with a simple string check is insecure. Consider implementing proper JWT tokens or session-based authentication for better security.
| console.log(`[Sync] Starting migration sync for enterprise: ${enterpriseName}`); | ||
|
|
||
| // Use environment variable token if the passed token is empty (client-side security) | ||
| const accessToken = (token?.trim() === '' || !token) ? process.env.GITHUB_TOKEN : token; |
There was a problem hiding this comment.
This token fallback logic is repeated multiple times throughout the codebase. Consider extracting it into a utility function like getEffectiveToken(clientToken: string): string to reduce duplication and ensure consistent behavior.
| const accessToken = (token?.trim() === '' || !token) ? process.env.GITHUB_TOKEN : token; | |
| const accessToken = getEffectiveToken(token); |
| # Verify token format - simple check | ||
| if [[ ! "$GITHUB_TOKEN" =~ ^gh[pus]_[A-Za-z0-9_]+$ ]]; then | ||
| echo "⚠️ WARNING: GITHUB_TOKEN format looks unusual" | ||
| echo " Token should start with 'ghp_', 'ghu_', or 'ghs_' for personal access tokens" |
There was a problem hiding this comment.
The regex pattern is hardcoded for GitHub token validation. Consider documenting the expected token formats or making this validation more flexible since GitHub may introduce new token formats in the future.
| echo " Token should start with 'ghp_', 'ghu_', or 'ghs_' for personal access tokens" | |
| # Update this regex as new token formats are introduced by GitHub | |
| if [[ ! "$GITHUB_TOKEN" =~ ^gh(p|u|s|o|r|b)_[A-Za-z0-9_]+$ ]]; then | |
| echo "⚠️ WARNING: GITHUB_TOKEN format looks unusual" | |
| echo " Token should start with one of: 'ghp_', 'ghu_', 'ghs_', 'gho_', 'ghr_', or 'ghb_'" | |
| echo " For latest token formats, see: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-authentication-to-github" |
No description provided.