You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ensure public-only scoped tokens never return private orgs, repos, activity feeds, or repo-by-id details by enforcing visibility in handlers and routes.
Add a notifications middleware to block public-only tokens at the router level.
Add integration tests covering public-only behavior for user/org repos, repo-by-id access, activity feeds, stars, and notifications.
The scattered if ctx.PublicOnly { private = false } checks across 6+ handlers are fragile and easy to miss when adding new endpoints. A cleaner approach would be to push PublicOnly into the query layer: add a PublicOnly bool field to the search/find option structs (SearchRepoOptions, FindOrgOptions, StarredReposOptions, WatchedReposOptions, etc.), set it once from ctx.PublicOnly, and let the database queries handle the exclusion. For entity-level checks (like GetByID), a centralized tokenCanAccessRepo(ctx, repo) called from repoAssignment() would also reduce the surface area for missed checks.
rejectPublicOnly() hardcodes "token scope is limited to public notifications" — should use a generic message like "this endpoint is not available for public-only tokens" or accept a parameter.
The explanatory comment about notifications is placed after the middleware registration — should go before it.
TestAPIActivityFeedsPublicOnly asserts Empty(t, activities), which only works because all test fixture activity happens to be on private repos. If someone adds public activity for user2/org3, the test would still pass but no longer actually test the filtering. Better to assert that no returned activity references a private repo.
The switch → for fix and the notification rejection approach are solid as-is.
This comment was written with the help of Claude.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lgtm/need 2This PR needs two approvals by maintainers to be considered for merging.modifies/apiThis PR adds API routes or modifies themmodifies/goPull requests that update Go code
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GiteaBot
added
the
lgtm/need 2
github-actions
bot
added
modifies/api
Generated by a coding agent with Codex 5.2