• queries all repos
• serializes linked repos

this can be done client side:
https://docs.github.com/en/rest/search/search?apiVersion=2022-11-28#search-repositories

• list them all in a dropdown menu for now

• handles a POST request.
• handles it at /repos/link?id=123
  • id is a repo id that can be used to request from github.
• writes to database, only if the user is the owner (schemas defined here)
• returns 201 on success, or forward github response code otherwise.
• no response body

I've built out the hero section, but the feature section will still need to be developed.
Here is the figma.

Color palette have been configured in the Tailwind config file (./web/tailwind.config.js)

The page is in ./web/src/pages/home/index.tsx

Unlink repositories

Make an api call to github API to see if the user owns the repository or not, then delete it from the database if they are. I'm using Github ID's for both user and repository. The variables column has the constraint to be deleted as well so no worries about cleaning up in that table.

Requirements

• I'm making an api calls to /repos/{repo-id}/delete with a header entry for "Authorization" and cookie, but I have code to manage this data extraction, see below.

• On success it should return a 204 with no response body on success. Otherwise a json
  {"message":"some error"}, with the appropriate status code.

  • NOTE: The codebase uses the constants defined in the http package (ie: http.StatusNoContent). In the interest of consistency, please use it as well, this will be the only micro-managing I do lol.

Getting started

1. Request API

   1.1. Response: To handle the communication to the frontend, they also provide some utilities for error handling.

   1.2. RequestCtx: To extract some useful information from the user. Note that this only works if you're are calling it from a handler that has the TokenValidator middleware applied to it. Otherwise it returns an error, (which you may ignore, but leave a note indicating that it is being used in the appropriate route, I just find that it's less keystrokes for me to handle it since.. hotkeys...).

2. Github API

• Since the route is likely going to have the (mentioned) middleware, you'd have access to the user token that you would need to make an api call, this endpointis a good example on how to use this api and the Response struct.

3. Auth flow:

Could I have used an auth service? Maybe. But I wanted to learn how to implement this from scratch.

• On user login, I'm rewriting to the database the user information, along with a refresh token, this is purely to update and sync the user information with GitHub, (nothing telemetry-like, I have more features in mind to utilize these information for the next version, if the app lasts).

• User then receives an httpOnly cookie that has the refresh token. This is only used to refresh the JWT, the access token is then ciphered and is contained within this JWT that exipires in 24h. These Github access token supposedly lasts for an entire year or after the first write request.

  • Once a session, the user will make and api call to refresh the token for a day.

• On sign out, the token in database is deleted, and the cookie will be invalidated. One issue is that we have no way to invalidate a JWT though...

• The middleware TokenValidator is applied to almost all of the routes, it validates the state of authorization and extract the needed access token for Github API call.

I've made a middleware to check for write access, this middleware should be applied for this endpoint as well.

This handler deletes a variable based on the request context being passed down by the middleware, take a look at the endpoint that creates a new variable (~ line 22, rCtx).

No need to write test, I'll deal with that part. but you are expected to have the db function as an interface (see here.) This is so I can mock the testing bit of the db (test for the sql query will be written as well.)

NOTE:

• I have a very general way of handling responses, is done via the response

api.NewResponse(w)...

• router is setup in server/handlers/router.go, I'm making an api call from the front-end to repo/{repoID}/variables/{variableID}, for both delete and update http methods. make sure to allow these when you are doing a request method check.