feat: support for gitlab and github and safer token storage

[D-Byte]

Updated version after commit dustinwloring1988:feat/enhanced-github-connection

Secure Git Credentials Management System

Overview

Implemented a secure credential management system for GitHub and GitLab integrations, featuring encrypted storage and seamless authentication handling.

Key Features

• Secure encryption using Web Crypto API with AES-GCM
• Automatic encryption key management without user intervention
• Support for both GitHub and GitLab credentials
• Automatic migration from legacy cookie storage
• Unified interface for managing multiple Git provider credentials
• Improved error handling and user feedback
• Clean separation of concerns between UI and credential management

Technical Implementation

• Uses AES-GCM encryption for secure credential storage
• Implements automatic key generation and management
• Stores encrypted credentials in cookies with proper domain isolation
• Provides fallback and migration from legacy storage formats
• Handles both GitHub and GitLab API authentication formats
• Includes comprehensive error handling and user notifications

UI/UX Improvements

• Clear feedback for authentication states
• Guided user flow for credential setup
• Improved error messages and notifications
• GitHub or GitLab button visible on workbench when credentials are set
• Streamlined repository creation process

GitHub setup form

GitLab setup form

Only show push to ... button when there are credentials set.

[thecodacus]

@D-Byte - Great work on this! I noticed you're importing useCredentials in the hooks section, but it's not being used as a hook. To improve the implementation, could you:

Wrap these functions into a custom hook
Use useEffect to initialize the master key within the hook
This way, we avoid redundant

Let me know if you'd like help with the implementation.

[D-Byte]

@thecodacus, Thanks is it maybe an idea that i put all the git stuf in a lib and also the auth stuf in a lib? So that these can scale more easy the git related things in there?

[thecodacus]

@thecodacus, Thanks is it maybe an idea that i put all the git stuf in a lib and also the auth stuf in a lib? So that these can scale more easy the git related things in there?

this makes more sense, thanks.
let me know when you are ready for me to test.

[thecodacus]

also one thing is bugging me whats the point of encrypting if the key to decryption is also stored in browser?

[D-Byte]

@thecodacus You are right but my reasoning was some encryption is better than none. But for most cases its safer than a normal cookie. The local storage is protected by the Same-Origin Policy. For now I think this is a little better. I first wanted to have this function with GitLab and GitHub working. The encryption is some extra that need some extra attention later on, maybe some other community user has a bright idea about it.

I am now going to test if pulling and pushing to GitHub works.
Later i want to add some more features more in line with Git pull, push, commit and branch.

[dustinwloring1988]

@D-Byte I really like this PR however can you please run pnpm typecheck and fix the errors

[D-Byte]

@D-Byte I really like this PR however can you please run pnpm typecheck and fix the errors

I am moving some things around again to make the code more flexible so it can host other git providers without breaking.
So at the moment its a WIP

[D-Byte]

@thecodacus, @dustinwloring1988 I think its ready for testing, it only do some basic pull, push and commit (create, update)
Only in my test i sometimes not see the icons on the buttons and in the connection settings page.

[thecodacus]

looks good so far, I am not able to connect to gitlab though, even after adding api, write_repository, scopes

will test again, and if all look good will target for 0.0.5 release

[D-Byte]

looks good so far, I am not able to connect to gitlab though, even after adding api, write_repository, scopes

will test again, and if all look good will target for 0.0.5 release

You are right, there was a token not set in the gitlab request. Now its fixed and it should work as intended

[D-Byte]

@thecodacus Updated to the new main branch

[thecodacus]

I will check and review

[D-Byte]

@thecodacus I think i have to abandon this project, I have no time to keep up with the changes that are made to the git commit part in b1f9380 and i dont have the feeling to refactor my code again. So do with it what you like.

[thecodacus]

@thecodacus I think i have to abandon this project, I have no time to keep up with the changes that are made to the git commit part in b1f9380 and i dont have the feeling to refactor my code again. So do with it what you like.

I will try to resolve and review the changes. once we have a cloudflare auto deploy ci in place it will be easier and faster for us to review UI changes