[FEATURE]: Github sync, like Drive sync is working

[ericscheid]

I know it's probably pretty low on the wish-list, but I'd imagine there are a number of people who would love to sync their brews with their own github repo.

https://www.reddit.com/r/homebrewery/comments/jtrq9z/suggestion_github_sync_like_drive_sync_is_working/

[dbolack-ab]

For this to finish implementation we'd need a place to store the user's github token and ensure it could be seen by homebrewer.

If this is not desirable I think we should close this as a Won't Implement.

[5e-Cleric]

right, so modify the user db?

[Gazook89]

Is the implication here that if we are storing a github token on behalf of users, that we are opening ourselves up to greater security concerns? I don't know enough about these things so it's a genuine question.

With the Google token, my understanding is that even we have read/write access it is narrowed to a very small scope (in a specific folder), right? And with Github, it is similar, it only grants access to a specific repo (the user would create a repo for the Homebrewery stuff).

I'm just trying to read into the tone of If this is not desirable... as if you are raising an eyebrow or are skeptical that we would want to do this. Correct me if i'm wrong.

[dbolack-ab]

right, so modify the user db?

We'd have to if you want sharing.

[dbolack-ab]

Is the implication here that if we are storing a github token on behalf of users, that we are opening ourselves up to greater security concerns? I don't know enough about these things so it's a genuine question.

No. We would store a user-provided access token configured to allow as little as possible to create and read gists. Gists can be marked as Secret on creation - which I think we should use - but this behaves EXACTLY like an unpublished brew regarding discoverability.

If we switch from a gist model ( remember, a gist is a git repo wrapper and simplification ) to a repository model we can lock that down further but I feel that is overkill.

There are two big advantages from adding this feature:

• Significantly document history for the brew. Each save is a git commit.
• Github rate limiting is much better behaved. :)

I'm just trying to read into the tone of If this is not desirable... as if you are raising an eyebrow or are skeptical that we would want to do this. Correct me if i'm wrong.

If this feature is not desirable, this issue should be closed.

[5e-Cleric]

This feature is desirable and should be added in my opinion.

Adding this to the naturalCrit repo will be harder.

[calculuschild]

Fortunately the Naturalcrit site already uses a generic authentication package for the Google Login stuff. Passport.js.

Passport.js has plugins to handle authentication from hundreds if other sites, including Github. It would take some effort, but we should largely be able to copy what we have from Google authentication and let Passport handle the differences.

The more tricky part, I think, will be adding all the additional get/update/list/delete API calls to the brew editor, since I doubt they work the same as Google.

[dbolack-ab]

Passport.js has plugins to handle authentication from hundreds if other sites, including Github. It would take some effort, but we should largely be able to copy what we have from Google authentication and let Passport handle the differences.

I was thinking more about the general storage and input concerns. Passport makes the rest easy.

The more tricky part, I think, will be adding all the additional get/update/list/delete API calls to the brew editor, since I doubt they work the same as Google.

if you look at #3351, it wasn't that rough, but I had no understanding of how to get a token from natrualcrit at the time.