-
Notifications
You must be signed in to change notification settings - Fork 90
Conversation
… currently stands. bin/cc sends a list of tokens as a simple JSON string, colon-separated. This gets rejected by strict body-parser JSON parsing (which expects JSON to be an array or an object). Add a GET verb to the /config/tokens endpoint to list the tokens that have already been added.
@stuartlangridge, It will cover your contributions to all Microsoft-managed open source projects. |
@stuartlangridge, thanks for signing the contribution license agreement. We will now validate the agreement and then the pull request. |
…already knows about. Requires a crawler with microsoft/ghcrawler#113 merged.
Thanks for the pull request. As the tokens are key secrets and typically have very significant permissions, I'm wary of exposing them via a REST API. Can you outline the scenario where that functionality is needed? |
Fair point on the exposure. The scenario where it's needed is this: me asking "have I added this token? which ones have I added already?". Not being able to find this out at all is quite frustrating, especially when you're experimenting with the token functionality :) If you think it's too risky then dropping it from the REST API is reasonable, but having some way to list the tokens that the crawler already knows about would be much appreciated! |
got it. What we do in the logs is output part of the token (see https://github.com/Microsoft/ghcrawler/blob/develop/providers/fetcher/githubFetcher.js#L51). That is generally enough for debugging purposes. Would that work for you? |
It would! That's a good thought, indeed. |
(pushed a new commit which ellipsises tokens to 8 characters) |
Thanks for the changes @stuartlangridge |
Fix the config/tokens endpoint, which does not work from bin/cc as it currently stands.
bin/cc sends a list of tokens as a simple JSON string, colon-separated, by PUT. This gets rejected by strict body-parser JSON parsing (which expects JSON to be an array or an object), and also by config.js which expects config/tokens to be addressed as POST.
Add a GET verb to the /config/tokens endpoint to list the tokens that have already been added.
(Fixes microsoft/ghcrawler-cli#8)