feat: implement GitHub OAuth for blog publishing (#350)#370
Open
Randall-Muana-Sheriff wants to merge 2 commits into
Open
feat: implement GitHub OAuth for blog publishing (#350)#370Randall-Muana-Sheriff wants to merge 2 commits into
Randall-Muana-Sheriff wants to merge 2 commits into
Conversation
- Add OAuth sign-in flow: /api/auth/github (initiate), /api/auth/github/callback (token exchange), /api/auth/me (status check), /api/auth/github/logout - Rewrite /api/publish to use the authenticated user's own token and fork instead of a hardcoded username - Add AuthStatus component gating the blog editor's Save button on sign-in - Fix a real deployment blocker found along the way: this repo builds with output: "export" for GitHub Pages, which cannot support the dynamic GET routes OAuth requires. Made output: "export" conditional — only applies for production builds that aren't running on Vercel (VERCEL env var) and aren't local dev (NODE_ENV). Added scripts/strip-api-for-static-export.js + a new build:static CI script so GitHub Pages keeps building as pure static (API-free) even with the API route files present in the tree. - Document GITHUB_CLIENT_ID/GITHUB_CLIENT_SECRET in .env.example - Broaden .gitignore to cover .env.local, not just .env
|
@Randall-Muana-Sheriff is attempting to deploy a commit to the PhysicsHub's projects Team on Vercel. A member of the Team first needs to authorize it. |
Unrelated to the OAuth feature - this file had a formatting violation on main already, which was failing this PR's CI check since it lints the whole repo, not just the diff.
Collaborator
|
Hey man! Sorry for the delay, I'm so busy right now, I'd love to push this, give me some time to setup this |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #350 (partially — see note below on remaining dependency).
What this does
Implements the full OAuth flow described in the issue: sign-in with GitHub,
token exchange, and the publish workflow now uses the authenticated
contributor's own account/fork instead of the hardcoded username.
A blocker I found and fixed along the way
This repo builds with
output: "export"for the GitHub Pages deploy, whichcan't support the dynamic GET routes OAuth needs (confirmed this against a
pristine build before touching anything — see my earlier comment on #350).
output: "export"is now conditional: it only applies for productionbuilds that are neither running on Vercel nor local dev, so:
npm run dev→ fully dynamic, contributors can test OAuth locallybuild:static) → static export, API routes physicallystripped first via
scripts/strip-api-for-static-export.js, since theroutes can't coexist with
output: "export"even with the configchange alone.
Remaining dependency
This is ready to merge, but won't actually work in production until the
Vercel deployment is set up with real
GITHUB_CLIENT_ID/GITHUB_CLIENT_SECRETenv vars, per the issue's "Maintainer Configuration Required" section.
Happy to help with that setup if useful — just let me know what you need
from my end.
Testing
Tested the full flow locally end-to-end with my own throwaway OAuth App:
sign-in redirect, authorization, fork creation/detection, branch, commit,
and PR creation all work correctly. Also verified all three build modes
(dev, Vercel-style build, GitHub Pages static build) produce the expected
output.