91- Add GitHub Authentication- client side - Ebrahim #117
Conversation
ebrahimbeiati
force-pushed
the
github-authentication
branch
from
259dc8c to
82c6535
Compare
ebrahimbeiati
force-pushed
the
github-authentication
branch
from
3eb224b to
d71fd14
Compare
ebrahimbeiati
force-pushed
the
github-authentication
branch
from
79c8630 to
dc3153b
Compare
ebrahimbeiati
force-pushed
the
github-authentication
branch
from
96b4c2a to
71c26c1
Compare
|
The PR structure doesn't follow the project rules. please fix it and add description to your PR. |
oliverlloyd
left a comment
oliverlloyd
left a comment
There was a problem hiding this comment.
There's a lot of great work here, well done!
Would it be possible to update the description to explain what the changes are and why each one is needed. It would be really useful to have an overview for things
It would also be great to see some more comments in the code explaining what the different functions and steps are doing 🙏
| } | ||
| }, [userData]); | ||
|
|
||
| const contextValue = useMemo(() => ({ userData, setUserData }), [userData]); |
There was a problem hiding this comment.
Do we need to use useMemo here? This doesn't look like an expensive calculation
There was a problem hiding this comment.
I use useMemo to ensure that the contextValue object passed to the Context Provider maintains the same reference between renders unless userData or setUserData change. This helps prevent unnecessary re-renders of components consuming the context, optimizing performance.
There was a problem hiding this comment.
Did you get this answer from AI? :)
I don't see any benefit to useMemo here. Does it work if you remove it?
| return false; | ||
| } | ||
| setFileList((prevList) => [...prevList, file]); | ||
| return true; // Allow the file to be added to the list |
There was a problem hiding this comment.
Was there a reason for deleting this comment?
There was a problem hiding this comment.
This one :)
// Allow the file to be added to the list
I noticed it was removed and wondered why 🤷
ebrahimbeiati
force-pushed
the
github-authentication
branch
from
d472e23 to
506b414
Compare
ebrahimbeiati
force-pushed
the
github-authentication
branch
from
506b414 to
817c5c4
Compare
oliverlloyd
left a comment
oliverlloyd
left a comment
There was a problem hiding this comment.
Could you update the PR description please to explain what this solution is doing and why it is doing it? 🙏
| import { SubscriptionLogo } from "../components/SubscriptionLogo"; | ||
| import { ThemedButton } from "../components/ThemedButton"; | ||
|
|
||
| const CLIENT_ID = import.meta.env.VITE_GITHUB_CLIENT_ID; |
There was a problem hiding this comment.
Can you explain what this line is meant to be doing? I don't think this will work
|
|
||
| const handleGitHubLogin = () => { | ||
| window.location.assign( | ||
| `https://github.com/login/oauth/authorize?client_id=${CLIENT_ID}`, |
There was a problem hiding this comment.
The client_id is public (it is used in the url so everyone can see it) so it does not need to be kept secret and can just be entered in the code here
There was a problem hiding this comment.
Could we review the functions in this file to add logger.info and logger.error statements so that we have data in our logs about what is happening here
If we don't log errors or info about what is happening, we won't be able to debug problems.
Note. We should try to write detailed logs but we don't want to write any sensitve information to the log such as ids, passwords or email address
| const userData = await response.json(); | ||
| req.user = userData; | ||
| next(); | ||
| } catch (error) { |
There was a problem hiding this comment.
Everywhere where we have an error we should capture this with logger.error
| module.exports.CLIENT_SECRET = process.env.GITHUB_CLIENT_SECRET; | ||
| module.exports.CLIENT_ID = process.env.GITHUB_CLIENT_ID; |
There was a problem hiding this comment.
I don't think this is the correct way to include these values. We already have an existing module.exports line
Better would be to have
github: {
GITHUB_CLIENT_SECRET: process.env.GITHUB_CLIENT_SECRET,
// etc.
}
and add this to the extsing config object
| import AuthCallback from "./pages/AuthCallback.jsx"; | ||
| import { ConfirmationPage } from "./pages/ConfirmationPage.jsx"; | ||
| import Dashboard from "./pages/Dashboard.jsx"; |
There was a problem hiding this comment.
These should also be named imports. It's good to keep things consistent 🙏
| import bodyParser from "body-parser"; | ||
| import cors from "cors"; |
There was a problem hiding this comment.
What was the reason for including these?
It's always good to comment your own PRs with explanations for things so it's clear to reviewers why things area happening
| } | ||
| }, [userData]); | ||
|
|
||
| const contextValue = useMemo(() => ({ userData, setUserData }), [userData]); |
There was a problem hiding this comment.
Did you get this answer from AI? :)
I don't see any benefit to useMemo here. Does it work if you remove it?
|
Please don't "roll your own" security. Use existing, tested tools like Passport. There's an example of this in use in CYF/tech-products-demo, where it's all handled server-side so the client can just have a vanilla link to start the process: <a href="/api/auth/login">Log In</a> |
ebrahimbeiati
changed the title
Implemented OAuth 2.0 GitHub authentication flow