add functionality to pass token in the request parameters

mansab · mansab · commit 330e022f5b29 · 2023-06-16T17:42:00.000+02:00
diff --git a/README.md b/README.md
@@ -19,6 +19,7 @@ You can use the App to configure [CCTray Clients](https://cctray.org/clients/):
 * Github Personal Access Token
     * [FGPAT (recommended) or PAT](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)
     * Read-Only access to Actions (Workflows, workflow runs and artifacts) required for Private repos.
+    * Please take into account the (Github API rate limit)[https://docs.github.com/en/rest/overview/resources-in-the-rest-api?apiVersion=2022-11-28#rate-limiting] for authentication tokens.
 * Development
     * Python 3.9
     * pip
@@ -47,23 +48,27 @@ Once up, the App binds to port `8000` by default and should be available at: htt
 
 ## Making an HTTP request
 
-The App accepts GET and POST requests with **two manadatory parameters**:
+The App accepts GET requests with following parameters:
+
+**manadatory parameters**
 
 * `owner` - Organisation or User who owns the repository
 * `repo` - Name of the Repository
 
-For Example:
+**optional parameter**
 
-* GET
+* `token` - If you want to use FGPAT per user to access the API, to overcome Github API rate limiting (this takes precedence over the token set in the env var).
 
+For Example:
+
+* Mandatory Parameters
 ```bash
 curl -X GET http://localhost:8000?owner=<repo_owner>&repo=<repository_name>
 ```
 
-* POST
-
+* Optional Parameter
 ```bash
-curl -d "owner=<repo_owner>&repo=<repository_name>" -X POST http://localhost:8000
+curl -X GET http://localhost:8000?owner=<repo_owner>&repo=<repository_name&token=<your_token>
 ```
 
 ## Response
diff --git a/app.py b/app.py
@@ -17,14 +17,24 @@
 app.config['BASIC_AUTH_USERNAME'] = os.environ.get("BASIC_AUTH_USERNAME")
 app.config['BASIC_AUTH_PASSWORD'] = os.environ.get("BASIC_AUTH_PASSWORD")
 
-token = os.environ.get("GITHUB_TOKEN")
-
 basic_auth = BasicAuth(app)
 
 API_BASE_URL = "https://api.github.com"
 MAX_WORKERS = 10
 TIMEOUT = 10
 
+def get_token():
+    """Sets the Github API token
+
+    Returns:
+        token: Either from the query parameter or the environment variable
+    """
+    query_token = request.args.get("token")
+
+    if query_token:
+        return query_token
+    return os.environ.get("GITHUB_TOKEN")
+
 
 def get_workflows(owner, repo, headers):
     """Get the workflows for a given owner and repo from the GitHub API.
@@ -104,9 +114,9 @@ def index():
     Returns:
         flask.Response: The XML response containing the project information.
     """
-
     owner = request.args.get("owner") or request.form.get('owner')
     repo = request.args.get("repo") or request.form.get('repo')
+    token = get_token()
 
     if not owner or not repo or not token:
         logger.warning("Missing parameter(s) or Environment Variable")
@@ -159,7 +169,6 @@ def health():
     Returns:
         flask.Response: JSON response containing the status and version.
     """
-
     with open('CHANGELOG.md', 'r', encoding='utf-8') as changelog_file:
         changelog_content = changelog_file.read()
 
@@ -175,12 +184,14 @@ def health():
     return jsonify(response)
 
 @app.route('/limit')
+@basic_auth.required
 def limit():
     """Endpoint for checking the rate limit status.
 
     Returns:
         flask.Response: JSON response containing rate limiting information.
     """
+    token = get_token()
 
     headers = {
         'Accept': 'application/vnd.github+json',
