Require user to enter own GitHub token

Author: tygern

.env.example

@@ -1,3 +1,3 @@
 export OPEN_AI_KEY=fill_me_in
-export GITHUB_TOKEN=fill_me_in
 export USE_FLASK_DEBUG_MODE=true
+export FLASK_SECRET_KEY=e0bc47d4a5c3eedd2a5aa2dc0d6c1b0454f523241467f198853e4057a418d1f3

.github/workflows/pipeline.yml

@@ -54,5 +54,4 @@ jobs:
           region: us-central1
           flags: --allow-unauthenticated --platform managed
           secrets: |
-            GITHUB_TOKEN=GITHUB_TOKEN:latest
             OPEN_AI_KEY=OPEN_AI_KEY:latest

discovery/app.py

@@ -3,21 +3,22 @@
 from flask import Flask
 from openai import OpenAI
 
+from discovery.authentication_page import authentication_page
 from discovery.environment import Environment
-from discovery.github_support.github_client import GithubClient
 from discovery.index_page import index_page
-from discovery.repository_agent.repository_agent import create_repository_agent
+from discovery.repository_agent.repository_agent import repository_agent_creator
 
 logger = logging.getLogger(__name__)
 
 
 def create_app(env: Environment = Environment.from_env()):
     app = Flask(__name__)
-    open_ai_client = OpenAI(api_key=env.open_ai_key)
-    github_client = GithubClient(access_token=env.github_token)
+    app.secret_key = env.flask_secret_key
 
-    agent = create_repository_agent(open_ai_client, github_client)
+    open_ai_client = OpenAI(api_key=env.open_ai_key)
+    agent_creator = repository_agent_creator(open_ai_client)
 
-    app.register_blueprint(index_page(agent))
+    app.register_blueprint(index_page(agent_creator))
+    app.register_blueprint(authentication_page())
 
     return app

discovery/auth/__init__.py

@@ -0,0 +1,19 @@
+from functools import wraps
+
+from flask import redirect, g
+
+from discovery.auth.session_manager import SessionManager
+
+
+def require_authentication(func):
+    @wraps(func)
+    def wrapper(*args, **kwargs):
+        user = SessionManager.user()
+        if user is None:
+            return redirect("/login")
+
+        g.username = user.username
+        g.github_token = user.github_token
+        return func(*args, **kwargs)
+
+    return wrapper

discovery/auth/requre_authentication.py

@@ -0,0 +1,31 @@
+from dataclasses import dataclass
+from typing import Optional
+
+from flask import session
+
+
+@dataclass
+class SessionUser:
+    username: str
+    github_token: str
+
+
+class SessionManager:
+    @staticmethod
+    def login(username: str, github_token: str):
+        session["username"] = username
+        session["github_token"] = github_token
+
+    @staticmethod
+    def user() -> Optional[SessionUser]:
+        if "username" not in session or "github_token" not in session:
+            return None
+
+        return SessionUser(
+            username=session["username"],
+            github_token=session["github_token"],
+        )
+
+    @staticmethod
+    def logout():
+        session.clear()

discovery/auth/session_manager.py

@@ -0,0 +1,41 @@
+import logging
+
+from flask import Blueprint, render_template, request, Response, redirect, g
+from flask.typing import ResponseReturnValue
+
+from discovery.auth.requre_authentication import require_authentication
+from discovery.auth.session_manager import SessionManager
+from discovery.github_support.github_client import GithubClient
+
+logger = logging.getLogger(__name__)
+
+
+def authentication_page() -> Blueprint:
+    page = Blueprint('authentication_page', __name__)
+
+    @page.get('/login')
+    def login_page() -> ResponseReturnValue:
+        return render_template('login.html')
+
+    @page.get('/logout')
+    @require_authentication
+    def log_out() -> ResponseReturnValue:
+        logger.info(f"Logging out user %s", g.username)
+        SessionManager.logout()
+        return redirect("/login")
+
+    @page.post('/login')
+    def login_with_token() -> ResponseReturnValue:
+        github_token = request.form.get('token')
+        github_client = GithubClient(github_token)
+        user = github_client.get_user()
+        if user is None:
+            logger.error(f"User not found")
+            return Response("User not found", status=400)
+
+        SessionManager.login(user.name, github_token)
+        logger.info(f"Logged in user %s", user.name)
+
+        return redirect("/")
+
+    return page

discovery/authentication_page.py

@@ -5,21 +5,21 @@
 @dataclass
 class Environment:
     open_ai_key: str
-    github_token: str
     root_log_level: str
     discovery_log_level: str
     use_flask_debug_mode: bool
     port: str
+    flask_secret_key: str
 
     @classmethod
     def from_env(cls) -> 'Environment':
         return cls(
             open_ai_key=require_env('OPEN_AI_KEY'),
-            github_token=require_env('GITHUB_TOKEN'),
             root_log_level=os.environ.get('ROOT_LOG_LEVEL', 'INFO'),
             discovery_log_level=os.environ.get('DISCOVERY_LOG_LEVEL', 'INFO'),
             use_flask_debug_mode=os.environ.get('USE_FLASK_DEBUG_MODE', 'false') == 'true',
             port=os.environ.get('PORT', '5050'),
+            flask_secret_key=require_env('FLASK_SECRET_KEY'),
         )
 
 def require_env(name: str) -> str:

discovery/environment.py

@@ -1,6 +1,6 @@
 import logging
 from dataclasses import dataclass
-from typing import List
+from typing import List, Optional
 
 import requests
 
@@ -17,6 +17,11 @@ class Repository:
     forks: int
 
 
+@dataclass
+class GithubUser:
+    name: str
+
+
 logger = logging.getLogger(__name__)
 
 
@@ -28,6 +33,14 @@ def __init__(self, access_token: str):
             "X-GitHub-Api-Version": "2022-11-28",
         }
 
+    def get_user(self) -> Optional[GithubUser]:
+        response = requests.get(f"https://api.github.com/user", headers=self.request_headers)
+        if response.status_code != 200:
+            logger.error(f"Failed to get user")
+            return None
+
+        return GithubUser(name=response.json()["login"])
+
     def list_repositories_for_organization(self, organization: str) -> List[Repository]:
         response = requests.get(f"https://api.github.com/orgs/{organization}/repos", headers=self.request_headers)
         if response.status_code != 200:
@@ -37,7 +50,7 @@ def list_repositories_for_organization(self, organization: str) -> List[Reposito
         return [self.__repo_from_json(repo) for repo in response.json()]
 
     def list_repositories_for_user(self, user: str) -> List[Repository]:
-        response = requests.get(f"https://api.github.com/user/{user}/repos", headers=self.request_headers)
+        response = requests.get(f"https://api.github.com/users/{user}/repos", headers=self.request_headers)
         if response.status_code != 200:
             logger.error(f"Failed to get repositories for user {user}: {response.text}")
             return []

discovery/github_support/github_client.py

@@ -1,27 +1,32 @@
-from typing import Protocol
+from typing import Protocol, Callable
 
 import mistune
-from flask import Blueprint, render_template, request
+from flask import Blueprint, render_template, request, g
 from flask.typing import ResponseReturnValue
 
 from discovery.agent_support.agent import AgentResult
+from discovery.auth.requre_authentication import require_authentication
+from discovery.github_support.github_client import GithubClient
 
 
 class AiAgent(Protocol):
     def answer(self, query: str) -> AgentResult:
         ...
 
 
-def index_page(agent: AiAgent) -> Blueprint:
+def index_page(agent_creator: Callable[[GithubClient], AiAgent]) -> Blueprint:
     page = Blueprint('index_page', __name__)
 
     @page.get('/')
+    @require_authentication
     def index() -> ResponseReturnValue:
         return render_template('index.html')
 
     @page.post('/')
+    @require_authentication
     def query() -> ResponseReturnValue:
         user_query = request.form.get('query')
+        agent = agent_creator(GithubClient(g.github_token))
         result = agent.answer(user_query)
 
         return render_template(