Skip to content

[WIP] Fix sync service with OAuth and GitHub App authentication#380

Draft
Copilot wants to merge 1 commit into
mainfrom
copilot/bug-sync-service-oauth-github-app-authentication
Draft

[WIP] Fix sync service with OAuth and GitHub App authentication#380
Copilot wants to merge 1 commit into
mainfrom
copilot/bug-sync-service-oauth-github-app-authentication

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 29, 2026

Thanks for asking me to work on this. I will get started on it and keep this PR's description up to date as I form a plan and make progress.

This section details on the original issue you should resolve

<issue_title>bug: sync service with OAuth/GitHub App authentication</issue_title>
<issue_description>Major parts of the sync service are disrupted when when using OAuth [for user authentication] or a GitHub App [for github api authentication].

sync cronjob

The sync cronjob/container's entrypoint code only checks for a github PAT (in process.env.NUXT_GITHUB_TOKEN):

copilot-metrics-viewer/server/sync-entry.ts

Lines 41 to 45 in b1112bf

if (!githubToken) {
logger.error('NUXT_GITHUB_TOKEN environment variable is required');
process.exit(1);
return; // guard: allows tests to mock process.exit without continuing
}

and does not respect the presence of NUXT_GITHUB_APP_ID and NUXT_GITHUB_APP_PRIVATE_KEY when present. The authentication middleware isn't invoked to create headers, creating them manually instead. In theory, this should be an easy update to expand the checks and calling the auth middleware to init headers, which will handle selecting the right auth.

/api/admin/sync endpoint

When any external auth provider is configured, calls to the /api/admin/sync endpoint will be rejected without a valid user session.

The docs make it sound like it should support pass-through auth, and I think it does, but it's not getting this far due to the authentication middleware:

copilot-metrics-viewer/server/middleware/github.ts

Line 31 in b1112bf

const requireAuth = config.public.requireAuth || config.public.usingGithubAuth || config.public.isPublicApp || !!config.public.authProviders;

I'm not sure what the intended use of this was supposed to be when user auth is enabled. Should a sync token value be implemented in these cases? Should a special handler skip OAuth and allow pass-through auth?

Happy to PR for either with some direction.</issue_description>

<agent_instructions>Please investigate and suggest changes</agent_instructions>

Comments on the Issue (you are @copilot in this section)

Copilot AI linked an issue May 29, 2026 that may be closed by this pull request
bug: sync service with OAuth/GitHub App authentication #379
Open
Copilot stopped work on behalf of karpikpl due to an error May 29, 2026 19:02
Copilot had to stop work due to a timeout.
Copilot AI requested a review from karpikpl May 29, 2026 19:02
Copilot stopped work on behalf of karpikpl due to an error May 29, 2026 20:57
Copilot had to stop work due to a timeout.
@karpikpl
Copy link
Copy Markdown
Collaborator

karpikpl commented May 30, 2026

@copilot investigate failing build

Copilot stopped work on behalf of karpikpl due to an error May 30, 2026 04:04
Copilot had to stop work due to a timeout.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@karpikpl karpikpl Awaiting requested review from karpikpl

At least 1 approving review is required to merge this pull request.

Assignees

@karpikpl karpikpl

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

bug: sync service with OAuth/GitHub App authentication

2 participants

@karpikpl