feat: add FOSSASIA org follow (closes #42)

[serilevanjalines]

New Feature Added

CONFIG.followOrganization toggle that:

• DOM form submission (bypasses API rate limits)
• form[action*='/follow'] selector working
• Promise chain integration perfect
• Purple UI + network requests confirmed

Tested: FOSSASIA repos - works despite CSP warnings

[sourcery-ai]

Reviewer's Guide

Adds a configurable organization-follow feature that performs a DOM-based follow request for the FOSSASIA GitHub org after completing existing star/follow operations, controlled via a CONFIG.followOrganization flag.

Sequence diagram for new organization follow flow

sequenceDiagram
  actor User
  participant Script
  participant GitHubOrgPage as GitHub_org_page
  participant GitHubFollowEndpoint as GitHub_follow_endpoint

  User->>Script: Execute_star_user_script
  Script->>GitHubOrgPage: HTTP GET https://github.com/orgs/fossasia
  GitHubOrgPage-->>Script: HTML_response
  Script->>Script: Parse_HTML_find_form_action_follow
  alt Follow_form_found
    Script->>GitHubFollowEndpoint: HTTP request to form_action
    GitHubFollowEndpoint-->>Script: JSON_follow_result
    Script->>Script: Log_followed_org
  else No_follow_form
    Script->>Script: Log_already_following_org
  end

Loading

Sequence diagram for updated promise chain with CONFIG.followOrganization

sequenceDiagram
  participant Script
  participant StarFlow as Star_repos_flow
  participant FollowFlow as Follow_users_flow
  participant OrgFollow as Org_follow_flow

  Script->>StarFlow: Reduce_StarRepos_with_starRepo
  StarFlow-->>Script: StarRepos_promise_chain
  Script->>FollowFlow: Reduce_FollowUser_with_followUser
  FollowFlow-->>Script: FollowUser_promise_chain
  Script->>Script: Promise_all StarRepos_and_FollowUser
  Script-->>Script: Then_handler
  alt CONFIG_followOrganization_true
    Script->>OrgFollow: followOrg fossasia
    OrgFollow-->>Script: Org_follow_promise_resolved
    Script->>Script: Log_Its_finally_over_wink
  else CONFIG_followOrganization_false
    Script->>Script: Log_Its_finally_over_wink
  end

Loading

Flow diagram for CONFIG.followOrganization controlled behavior

flowchart TD
  A[Script_start_after_star_and_follow_complete] --> B{CONFIG.followOrganization}
  B -- true --> C[Call_followOrg_fossasia]
  C --> D[Fetch_org_page_and_find_follow_form]
  D --> E{Follow_form_found}
  E -- yes --> F[Submit_follow_form_via_HTTP]
  F --> G[Log_org_followed]
  E -- no --> H[Log_already_following_org]
  G --> I[Log_its_finally_over_wink]
  H --> I[Log_its_finally_over_wink]
  B -- false --> I[Log_its_finally_over_wink]

Loading

File-Level Changes

Change	Details	Files
Introduce CONFIG flag to toggle organization-follow behavior and ensure code style consistency for FollowUser declaration.	Add CONFIG object with followOrganization boolean flag defaulting to true Terminate FollowUser array declaration with a semicolon to match surrounding style	star.user.js
Implement DOM-based followOrg helper that submits GitHub organization follow form via HTTP while handling already-following state.	Create followOrg(org) function that loads the org page via $Rainb.HTTP and parses the HTML into a temporary div Locate the follow form via querySelector("form[action*='/follow']") and, if present, submit it via $Rainb.HTTP using method and FormData(form) Log progress and success messages with colored console output, and resolve the promise whether the org is newly followed or already followed	star.user.js
Integrate organization-follow step into existing Promise chain after repo starring and user following, guarded by configuration flag.	Extend final Promise.all(...).then handler to conditionally call followOrg("fossasia") when CONFIG.followOrganization is true Move the completion log message into the followOrg resolution path and adjust the message text to include a winking emoticon Ensure the completion log still runs when organization-follow is disabled by logging in the else branch	star.user.js

Possibly linked issues

• Add option to follow the GitHub organization without requiring a GitHub token #42: They match: PR adds a configurable, tokenless, DOM-based FOSSASIA org follow exactly as requested in the issue.
• Add option to follow the GitHub organization without requiring a GitHub token #42: PR implements organization follow via form submission, matching the issue’s request to support following organizations in the script.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 2 security issues, and left some high level feedback:

Security issues:

• User controlled data in methods like innerHTML, outerHTML or document.write is an anti-pattern that can lead to XSS vulnerabilities (link)
• User controlled data in a div.innerHTML is an anti-pattern that can lead to XSS vulnerabilities (link)

General comments:

• The followOrg promise never rejects even on HTTP/network errors or unexpected responses; consider wiring through an error callback and calling reject so callers can handle failures explicitly.
• The organization slug passed to followOrg ("fossasia") is hardcoded and separate from StarRepos and CONFIG; consider centralizing this in configuration so the org to follow is defined in one place.
• Since CONFIG.followOrganization is introduced, you might want to structure CONFIG to be more extensible (e.g., include the org name or an organizationsToFollow list) to avoid scattering related constants across the file.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The `followOrg` promise never rejects even on HTTP/network errors or unexpected responses; consider wiring through an error callback and calling `reject` so callers can handle failures explicitly.
- The organization slug passed to `followOrg` ("fossasia") is hardcoded and separate from `StarRepos` and `CONFIG`; consider centralizing this in configuration so the org to follow is defined in one place.
- Since `CONFIG.followOrganization` is introduced, you might want to structure `CONFIG` to be more extensible (e.g., include the org name or an `organizationsToFollow` list) to avoid scattering related constants across the file.

## Individual Comments

### Comment 1
<location> `star.user.js:1454` </location>
<code_context>
      div.innerHTML = lol.response;
</code_context>

<issue_to_address>
**security (javascript.browser.security.insecure-document-method):** User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern that can lead to XSS vulnerabilities

*Source: opengrep*
</issue_to_address>

### Comment 2
<location> `star.user.js:1454` </location>
<code_context>
      div.innerHTML = lol.response;
</code_context>

<issue_to_address>
**security (javascript.browser.security.insecure-innerhtml):** User controlled data in a `div.innerHTML` is an anti-pattern that can lead to XSS vulnerabilities

*Source: opengrep*
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}