| 1 | # frozen_string_literal: true |
| 2 | |
| 3 | # A user's connection to their GitHub account for importing repositories. |
| 4 | # |
| 5 | # Distinct from smbCloud "Continue with GitHub" sign-in: that authenticates the |
| 6 | # user to siGit; this holds a GitHub API token (scope `repo` or `public_repo`) |
| 7 | # used to list and clone the user's repos. One connection per user; the token is |
| 8 | # encrypted at rest and never serialized to the client. |
| 9 | class GithubConnection < ApplicationRecord |
| 10 | belongs_to :user |
| 11 | |
| 12 | encrypts :access_token |
| 13 | |
| 14 | validates :access_token, presence: true |
| 15 | validates :user_id, uniqueness: true |
| 16 | |
| 17 | # True when the connection can reach the user's private repositories. |
| 18 | def private_scope? |
| 19 | scope.to_s.split(/[ ,]/).include?("repo") |
| 20 | end |
| 21 | |
| 22 | # A GithubApiClient bound to this connection's token. The token stays server |
| 23 | # side; callers get repo data, never the credential. |
| 24 | def api_client |
| 25 | GithubApiClient.new(access_token) |
| 26 | end |
| 27 | end |