Conversation
chore: GTM 설정 (vue-gtm 설치 & GTM ID 추가)
hotfix: 랜덤 디펜스 검증 개선 & RestClient 타임아웃 설정 & Solved.ac Lazy Sync 반영
There was a problem hiding this comment.
Pull request overview
This PR migrates the authentication system from GitHub OAuth App to GitHub App to reduce permission requirements and improve security. The migration includes implementing JWT-based authentication for GitHub API communication, adding real-time polling for app installation detection during onboarding, and enhancing user guidance for app installation and permission management.
Changes:
- Implemented GitHub App integration with JWT authentication and private key loading for secure API communication
- Added real-time polling mechanism to detect GitHub App installation during onboarding without page navigation
- Enhanced error handling in profile view to guide users through GitHub App installation when permissions are missing
Reviewed changes
Copilot reviewed 19 out of 20 changed files in this pull request and generated 16 comments.
Show a summary per file
| File | Description |
|---|---|
| backend/src/main/java/com/ssafy/dash/github/application/GitHubAppService.java | New service implementing GitHub App JWT generation, installation token retrieval, and app installation verification |
| backend/src/main/java/com/ssafy/dash/github/application/GitHubPushEventWorker.java | Added token resolution logic to prefer GitHub App tokens over OAuth tokens when processing push events |
| backend/src/main/java/com/ssafy/dash/onboarding/application/OnboardingService.java | Removed webhook registration logic and added GitHub App installation pre-validation |
| backend/src/main/java/com/ssafy/dash/onboarding/presentation/OnboardingController.java | Added endpoint to check GitHub App installation status for repositories |
| backend/src/main/java/com/ssafy/dash/github/config/GitHubAppProperties.java | Configuration properties for GitHub App ID and private key path |
| backend/src/main/java/com/ssafy/dash/github/config/GitHubConfig.java | Configuration class enabling GitHub App and webhook properties |
| backend/src/main/java/com/ssafy/dash/onboarding/domain/exception/GitHubAppNotInstalledException.java | New exception for missing GitHub App installations |
| backend/src/main/java/com/ssafy/dash/common/exception/ErrorCode.java | Added error code for GitHub App not installed scenario |
| backend/src/main/resources/application.properties | Updated OAuth scopes and added GitHub App configuration |
| backend/pom.xml | Added JJWT dependencies for JWT token generation |
| frontend/src/views/onboarding/OnboardingView.vue | Added installation_id query parameter handling to redirect users back to repo step after app installation |
| frontend/src/views/onboarding/OnboardingStep5Repo.vue | Implemented real-time polling for GitHub App installation with visual states and timeout handling |
| frontend/src/views/user/ProfileView.vue | Enhanced error handling to detect app permission issues and guide users to GitHub App settings |
| frontend/src/api/onboarding.js | Added API method to check GitHub App installation status |
| docker-compose.yml | Added GitHub App environment variables and volume mount for private key |
| .gitignore | Added .pem files to prevent committing private keys |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| console.log('Found installation_id, forcing Step 5 (Repo)'); | ||
| currentStepIndex.value = 4; // repo 단계로 강제 이동 | ||
| return; |
There was a problem hiding this comment.
After a GitHub App installation, GitHub redirects back with an installation_id query parameter. However, the code forces the user to Step 5 (repo) without considering whether the repository has already been detected. If the user completes installation but returns via GitHub's redirect, they'll be forced back to Step 5 even if they've already completed it. Consider checking if the repository is already configured before forcing the user to Step 5, or clearing the query parameter after processing to prevent loops.
| console.log('Found installation_id, forcing Step 5 (Repo)'); | |
| currentStepIndex.value = 4; // repo 단계로 강제 이동 | |
| return; | |
| console.log('Found installation_id, handling GitHub App callback'); | |
| // installation_id 파라미터는 한 번 처리 후 제거하여 루프를 방지합니다. | |
| const { installation_id, ...restQuery } = route.query; | |
| if (installation_id) { | |
| router.replace({ path: route.path, query: restQuery }); | |
| } | |
| // 리포지토리가 아직 설정되지 않은 경우에만 리포지토리 단계(4)로 강제 이동합니다. | |
| if (!hasRepo) { | |
| currentStepIndex.value = 4; // repo 단계로 강제 이동 | |
| return; | |
| } | |
| // 이미 리포지토리가 설정된 경우에는 일반 온보딩 로직을 계속 진행합니다. |
| spring.security.oauth2.client.registration.github.client-id=${GITHUB_CLIENT_ID} | ||
| spring.security.oauth2.client.registration.github.client-secret=${GITHUB_CLIENT_SECRET} | ||
| spring.security.oauth2.client.registration.github.scope=read:user,user:email,repo,admin:repo_hook | ||
| spring.security.oauth2.client.registration.github.scope=read:user,user:email |
There was a problem hiding this comment.
OAuth scopes have been reduced from "read:user,user:email,repo,admin:repo_hook" to just "read:user,user:email". While this aligns with the GitHub App migration, if any existing code still relies on the OAuth token to access repository content or manage webhooks, those operations will fail. The PR description mentions migrating to GitHub App tokens, but verify that all OAuth token usage has been migrated to use GitHub App tokens instead.
| spring.security.oauth2.client.registration.github.scope=read:user,user:email | |
| spring.security.oauth2.client.registration.github.scope=read:user,user:email,repo,admin:repo_hook |
🚀 작업 배경
기존 OAuth App의 과도한 권한 요구 문제를 해결하고, 필요한 권한만 세밀하게 제어하기 위해 GitHub App으로 마이그레이션했습니다.
🛠️ 주요 변경 사항
🔗 관련 이슈