Skip to content

feat: implement GitHub OAuth for blog publishing (#350)#370

Open
Randall-Muana-Sheriff wants to merge 2 commits into
physicshub:mainfrom
Randall-Muana-Sheriff:feat/oauth-blog-publishing
Open

feat: implement GitHub OAuth for blog publishing (#350)#370
Randall-Muana-Sheriff wants to merge 2 commits into
physicshub:mainfrom
Randall-Muana-Sheriff:feat/oauth-blog-publishing

Conversation

@Randall-Muana-Sheriff

Copy link
Copy Markdown
Contributor

Closes #350 (partially — see note below on remaining dependency).

What this does

Implements the full OAuth flow described in the issue: sign-in with GitHub,
token exchange, and the publish workflow now uses the authenticated
contributor's own account/fork instead of the hardcoded username.

A blocker I found and fixed along the way

This repo builds with output: "export" for the GitHub Pages deploy, which
can't support the dynamic GET routes OAuth needs (confirmed this against a
pristine build before touching anything — see my earlier comment on #350).
output: "export" is now conditional: it only applies for production
builds that are neither running on Vercel nor local dev, so:

  • npm run dev → fully dynamic, contributors can test OAuth locally
  • Vercel build → fully dynamic, API routes actually run
  • GitHub Pages build (build:static) → static export, API routes physically
    stripped first via scripts/strip-api-for-static-export.js, since the
    routes can't coexist with output: "export" even with the config
    change alone.

Remaining dependency

This is ready to merge, but won't actually work in production until the
Vercel deployment is set up with real GITHUB_CLIENT_ID/GITHUB_CLIENT_SECRET
env vars, per the issue's "Maintainer Configuration Required" section.
Happy to help with that setup if useful — just let me know what you need
from my end.

Testing

Tested the full flow locally end-to-end with my own throwaway OAuth App:
sign-in redirect, authorization, fork creation/detection, branch, commit,
and PR creation all work correctly. Also verified all three build modes
(dev, Vercel-style build, GitHub Pages static build) produce the expected
output.

- Add OAuth sign-in flow: /api/auth/github (initiate), /api/auth/github/callback
  (token exchange), /api/auth/me (status check), /api/auth/github/logout
- Rewrite /api/publish to use the authenticated user's own token and fork
  instead of a hardcoded username
- Add AuthStatus component gating the blog editor's Save button on sign-in
- Fix a real deployment blocker found along the way: this repo builds with
  output: "export" for GitHub Pages, which cannot support the dynamic GET
  routes OAuth requires. Made output: "export" conditional — only applies
  for production builds that aren't running on Vercel (VERCEL env var) and
  aren't local dev (NODE_ENV). Added scripts/strip-api-for-static-export.js
  + a new build:static CI script so GitHub Pages keeps building as pure
  static (API-free) even with the API route files present in the tree.
- Document GITHUB_CLIENT_ID/GITHUB_CLIENT_SECRET in .env.example
- Broaden .gitignore to cover .env.local, not just .env
@vercel

vercel Bot commented Jul 12, 2026

Copy link
Copy Markdown

@Randall-Muana-Sheriff is attempting to deploy a commit to the PhysicsHub's projects Team on Vercel.

A member of the Team first needs to authorize it.

Unrelated to the OAuth feature - this file had a formatting violation
on main already, which was failing this PR's CI check since it lints
the whole repo, not just the diff.
@mattqdev

Copy link
Copy Markdown
Collaborator

Hey man! Sorry for the delay, I'm so busy right now, I'd love to push this, give me some time to setup this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Feat]: Implement GitHub OAuth Authentication for Contributor Blog Publishing

2 participants