Bypassing user authentication
Cethy opened this issue · 4 comments
- Do you want to request a feature or report a bug?
feature
- What is the current behavior?
git-gateway requires an "authenticated user" via Identity (for every actions AFAIK).
eg : {your.domain.name}/.netlify/git/github/ <- will return 401 "This endpoint requires a Bearer token"
- What is the requested behavior?
git-gateway should be configurable to bypass the end-user authentication. (Or is it a bad practice I'm not aware of ?)
- Use-case :
For the app I'm working on, whenever a visitor triggers a particular action, it calls a lambda function which will update a "cache" in the repository.
Alright, realized the security issue.
Taking another route :) (auth in the lambda function)
@Cethy We are also trying to do the same. Can you please let us know how did you make this work ("auth in Lambda function"). We have Cognito user pool for auth already so we dont want any other authenticated user. Can you share you steps please? did you run Git Gateway on your own EC2 instance/Lambda?
@jinman My use-case was really simple (update 1 file in github repo & only 1 github user), so I ended up using https://github.com/octokit/rest.js which mimic the github REST api and comes with its limitations (multi-file commit was not possible at the time, don't know if it was added in the past year).
the code looks like this :
import Octokit from '@octokit/rest';
var octokit = Octokit();
octokit.repos.updateFile({
// auth
gh_user_name: '',
gh_repo_name: '',
gh_auth_token: '',
// commit
path: filePath,
message: message,
content: buffer64.encode(fileContent),
sha: currentSha
}));Hope it helps.
@jinman did you figure out how to get git-gateway working with Cognito? I am also looking at trying to run git-gateway on Lambda and hooking it up to Cognito rather than running GoTrue.