TDvorak/Trackeep
1
0
Fork 0
mirror of https://github.com/Dvorinka/Trackeep.git synced 2026-06-03 20:12:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
c6a99c7e21b2ab8461629bbbdfb1f6dc81ec5ceb
Trackeep/docs/OAUTH_UPDATE_INTEGRATION.md
T
Tomas Dvorak c6a99c7e21 small fix, don't worry about it
2026-04-10 12:06:01 +02:00

198 lines
5.3 KiB
Markdown
Raw Blame History

# OAuth Integration for Updates
This document explains how the Trackeep update system integrates with the OAuth service to use user's GitHub tokens for checking updates from the **Dvorinka/Trackeep** repository.
## How It Works
### 1. OAuth Service Integration
The update system requires the OAuth service to be running and automatically extracts GitHub tokens:
1. **User Authentication**: User logs in via the OAuth service (`@Others/oauth-service`)
2. **Token Storage**: OAuth service stores the GitHub access token in the JWT
3. **Update Check**: Update system extracts the token from the JWT for GitHub API calls
4. **Repository**: Checks for updates from `https://github.com/Dvorinka/Trackeep`
### 2. Token Extraction Process
```go
// Function: getGitHubTokenFromContext()
// 1. Extract Authorization header from request
// 2. Parse JWT token using JWT_SECRET
// 3. Extract GitHub access token from claims
// 4. Validate token expiration
// 5. Return token for GitHub API calls
```
### 3. OAuth Service Requirement
The update system **requires** the OAuth service to be running:
- No fallback to environment tokens
- Clear error messages when OAuth service is unavailable
- Automatic token management through OAuth
## Configuration
### Required Environment Variables
```bash
# Control service URL is hardwired in Trackeep
# https://hq.trackeep.org
JWT_SECRET=your-jwt-secret-key
# Update Configuration
APP_VERSION=1.0.0
AUTO_UPDATE_CHECK=false
UPDATE_CHECK_INTERVAL=24h
PRERELEASE_UPDATES=false
```
### OAuth Service Setup
The OAuth service must be running and configured with:
- GitHub OAuth App credentials
- JWT signing secret matching backend
- Proper CORS configuration
- Access to `Dvorinka/Trackeep` repository
## API Flow
### Update Check Request
```http
GET /api/updates/check
Authorization: Bearer <jwt_token_from_oauth>
```
### Error Handling
If OAuth service is not available:
```json
{
"error": "OAuth service not available",
"message": "Please ensure OAuth service is running and you are authenticated"
}
```
HTTP Status: `503 Service Unavailable`
## Benefits
### For Users
- **Zero Configuration**: No need to create GitHub tokens
- **Automatic Updates**: Seamless update checking through OAuth
- **Security**: Tokens managed securely by OAuth service
### For Developers
- **Centralized Authentication**: Single OAuth service for all instances
- **Repository Control**: Updates from your specific repository
- **No Token Management**: OAuth handles token lifecycle automatically
## Repository Configuration
The update system is configured to check:
- **Repository**: `Dvorinka/Trackeep`
- **API Endpoint**: `https://api.github.com/repos/Dvorinka/Trackeep/releases/latest`
- **Assets**: Platform-specific release assets
## Security Considerations
1. **OAuth Required**: No fallback authentication methods
2. **Token Validation**: JWT tokens are validated before use
3. **Expiration Check**: Tokens are checked for expiration
4. **Repository Access**: OAuth service needs access to your repository
## Troubleshooting
### Common Issues
1. **"OAuth service not available"**
- Ensure OAuth service is running on port 9090
- Check JWT_SECRET matches between services
- Verify user is authenticated via OAuth
2. **"No GitHub token found"**
- User needs to authenticate with OAuth service
- Check Authorization header is present
- Verify JWT token contains access_token claim
3. **"Failed to check for updates"**
- Verify repository exists: `Dvorinka/Trackeep`
- Check OAuth service has repository access
- Ensure GitHub releases are published
### Debug Logging
The system provides clear logging:
```
Using GitHub token from OAuth service for update check
No GitHub token from OAuth service - update check failed
OAuth service not available - please ensure OAuth service is running
```
## Deployment Requirements
### Production Setup
1. **OAuth Service**: Must be deployed and accessible
2. **Environment Variables**: JWT_SECRET must match between services
3. **GitHub Releases**: Publish releases to `Dvorinka/Trackeep`
4. **Repository Access**: OAuth app needs access to your repository
### Service Dependencies
```
Trackeep Backend → OAuth Service → GitHub API
↓ ↓ ↓
Updates Authentication Release Data
```
## Implementation Details
### Repository URL
```go
owner := "Dvorinka"
repo := "Trackeep"
url := fmt.Sprintf("https://api.github.com/repos/%s/%s/releases/latest", owner, repo)
```
### OAuth Token Extraction
```go
// Extract from JWT claims
claims := token.Claims.(jwt.MapClaims)
githubToken := claims["access_token"].(string)
```
### Error Response
```go
c.JSON(http.StatusServiceUnavailable, gin.H{
"error": "OAuth service not available",
"message": "Please ensure OAuth service is running and you are authenticated",
})
```
## Migration from Manual Tokens
### Before (Manual Setup)
```bash
# Required manual token creation
GITHUB_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxx
```
### After (OAuth Required)
```bash
# Zero configuration - Trackeep uses https://hq.trackeep.org
JWT_SECRET=shared-secret
```
## Release Process
To publish updates:
1. **Create Release**: Publish release on `Dvorinka/Trackeep`
2. **Platform Assets**: Include platform-specific binaries
3. **Release Notes**: Add changelog and checksum information
4. **Automatic Detection**: OAuth-enabled instances will detect updates automatically
Reference in New Issue View Git Blame Copy Permalink