Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cover: GitHub OAuth happy path, token refresh, logout, expired token rejection, revoked token rejection, CSRF rejection. Run against a real test DB and stubbed GitHub API.
Generated by OpenDev AI
Built a self-contained GitHub OAuth auth module under
src/auth/using only Node built-ins and the existingpgdependency — no new production dependencies required.Architecture:
types.ts— shared interfaces for users, sessions, token responses, and configgithub-oauth.ts— thin wrappers around GitHub's OAuth and API endpoints using the globalfetch; each function throws on error with a descriptive messagesession-store.ts— PostgreSQL-backed store owning its own DDL (auth_users,auth_sessions); sessions are identified by a 32-byte random hex ID and carry a separate CSRF tokencsrf.ts— in-memory state store for the OAuthstateparameter; tokens are single-use (deleted on first validation attempt) and expire after 10 minutesserver.ts— bare Nodehttp.Serverwith five routes:GET /auth/github,GET /auth/github/callback,POST /auth/refresh,POST /auth/logout,GET /auth/meKey design decisions:
revoked_atmigrate()method usesCREATE TABLE IF NOT EXISTSso the service is safe to restart without manual DB setupTest strategy:
TEST_DATABASE_URLenv or falls back topostgres://opendev:opendev_secret@localhost:5432/opendev_test)globalThis.fetch; the stub passes localhost calls through to the realfetchso server↔test-client traffic is unaffectedbeforeAlland dropped inafterAll; rows are truncated between each test for isolation