Comments (11)
@kadary Thanks! So the API pattern of Github Public API and Github Enterprise API is compatible, right?
- Github Public API V3 endpoint:
https://api.github.com/v3
- Github Enterprise API V3 endpoint:
http(s)://hostname/api/v3
I'll refined the docs about that.
from vssue.
I'm not familiar with Github enterprise. Does the baseURL
option help? Could you provide docs of github enterprise?
from vssue.
As state by GitHub Enterprise developper Doc, your concept of baseUrl can help customizing Vssue to use a Gh Enterprise server.
This is the link to the doc: https://developer.github.com/enterprise/2.16/v3/enterprise-admin/.
As a user the baseUrl can help me provide other endpoint to reach a GitHub servers API than the public GitHub servers (https://api.github.com)
from vssue.
@kadary The Authentication might be different. Could you please help to check if our current api-github-v3
/ api-github-v4
works with Github Enterprise?
from vssue.
These may not work well, as they are hard-coded to github.com
:
vssue/packages/@vssue/api-github-v3/src/index.ts
Lines 92 to 94 in 0cded76
vssue/packages/@vssue/api-github-v3/src/index.ts
Lines 145 to 147 in 0cded76
from vssue.
Hello,
Yes api-github-v3 works with github enterprise. I have never use api-github v4. But I can check that during next week.
the authorization endpoint will work by changing just the hostname to endprise server hostname (change https://github.com by https://github.mycompany.com) :
vssue/packages/@vssue/api-github-v3/src/index.ts
Lines 92 to 94 in 0cded76
And the logic can be:
- if a BaseUrl is provided eg: https://github.mycompany.com :
- calling REST API is done by appending baseUrl with /api/v3
- Calling OAuth2 endpoint is done by only using baseUrl as provided
- else Use public github endpoints
But I Think CORS proxy can be the blocking point since your CORS anywhere instance will not see any github Enterprise endpoint. Hopefully, many enterprises provide inhouse CORS Proxy for these kind of usage. So You can also add an optional config option to provide a custom GITHUB server token endpoint. to use here (eg: https://cors-proxy.company.com?target=https://github.mycompany.com/login/oauth/access_token):
vssue/packages/@vssue/api-github-v3/src/index.ts
Lines 145 to 147 in 0cded76
All these make me think about something:
1- Cors anywhere is used for all your API requests to github since GitHub does not support CORS
2- GitHub app secret is present in frontend JS wich is a high security risk.
Why did you not provide a simple node server as an option to handle all these for you.
I know it's more complicated to operate but these can be a killing feature that encourage large Enterprise to use Vssue in place of other tools like gitalk, gitment...
The node server can be just an optional companion app Wich can reuse your API packages in a secure maner. And the advantages will be:
- No hidden SPOF (ref cors-anywere)
- more secure for handling Oauth2 secret
- much robust and portable by respecting providers CORS policies.
And if you think it can help Vssue to get it's next gap, I can help you with the companion backend server.
from vssue.
Thanks so much about your advice.
About CORS
Only the API for getting access token does not support CORS, so we choose a third party cors-anywhere to handle that.
-
The author of Gitment make a cors proxy himself which is not stable.
-
Gitalk use cors-anywhere by default, and have an option proxy to change it.
It's a good idea to add a similar option in Vssue.
About Security
Gitment and Gitalk also hard-code app secret in JS file (see https://github.com/imsun/gitment#is-it-safe-to-make-my-client-secret-public).
But yes, this has potential risks.
I have ever found a possible solution in Netlify: https://www.netlify.com/docs/authentication-providers/.
So we can build a service like Netlify does. Users can config their cliendId
and cliendSecret
in our service, and our service gets the access token for users. If so, there would not have CORS and Security problems.
If this problem be solved, it will be one of the important advantages of Vssue, and we can release 1.0 version. It will be nice if you have time to help make Vssue better 😉
from vssue.
For gitment, I have filled an issue in gitment(imsun/gitment#179).
Yes providing a HA service like netlify can be a good option.
I will try to push to you a pull request for these feature with also GH Enterprise support
from vssue.
Gitment is not maintained for a long time, I'm afraid that you won't get reply 😅
Maybe we need to create another repo for the individual service
from vssue.
Found a repo: https://github.com/prose/gatekeeper
from vssue.
Hi @meteorlxy,
wonder what is the solution for enterprise Github?
- Simply updating base_url with enterprise path does not work, as it looks that it fails in the authentication with a 403 error.
- And the client_secret was explicitly specified in the front end so it is against the company's policy so it is even unable to be pushed to the deployment environment.
from vssue.
Related Issues (20)
- [Question] 设置了autoCreateIssue=true,点击创建issue 会显示评论加载失败,评论框无法输入 HOT 1
- 什么时候支持 vuepress2? HOT 2
- [Question] How to integrate with Vitepress? HOT 2
- 一切配置正常后页面无法评论 HOT 3
- [Feature Request] Add a hook that can modify then oauth url query params
- [Question] 可以登录,无法评论 HOT 2
- [Question] Vssue样式不对? HOT 1
- 请问github.io的pages无法使用吗 HOT 1
- 请教一下有没有从gitalk迁移到vssue的相关文档 HOT 2
- [Feature Request] MathJax rendering HOT 1
- vuepress 2.2 什么时候支持呢[Question] HOT 1
- [Bug Report] gitee 用不了 HOT 1
- [Bug Report] 用了gitee,github都不行,没什么用。 HOT 1
- [Feature Request] 大佬,能否考虑加个“收到新评论后邮件提醒”的功能? HOT 1
- gitlab cant work when i click new issue[Bug Report]
- [Bug Report] Vue url 404
- [Feature Request] 能否添加对文章的点赞功能
- [Feature Request] Add configurable Gitea instances
- [Bug Report] Vssue is not defined HOT 1
- how can vitepress use vssue smoothly
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vssue.