Closed csala closed 2 weeks ago
Hello @csala
Noted the above. The platform aims to empower the users to:
We are looking for a solution to enable only the login, at first, and later let the user add permissions:
Allowing users to add their GH key, might be a solution.
Being an Opensource App Generator anyone can check transparently what happens with the business logic.
In case you have the time, feel free to join the Discord community and chat 1-1 with the support
Thanks for the feedback.
Thanks for the quick reaction time @app-generator!
Yes, I understand what you mention about wanting the platform to be able to handle everything on behalf of the user, but giving access to everything up front, including unrelated repos and orgs, feels way too intrusive and insecure.
What you suggested (and already implemented) about getting the minimal user information initially and then figure out deeper permissions when needed sounds much better :-)
As a suggestion, apart from GH Keys to act on behalf of the user, you may consider an alternative route: Have a bot user (maybe just this one, @app-generator) which users can invite into the organizations or repositories which they want the App Generator to manage, then they can cherry pick what they give it access to. I'm not really sure if this would be simpler for the user or more flexible than issueing personal access tokens, but just dropping the suggestion for you to consider it.
In case you have the time, feel free to join the Discord community and chat 1-1 with the support
I'm already there, csaladev
. Happy to chat there if I can be of more help.
Great suggestion @csala we will try it.
besides the permissions, the service can be used via CLI or API. For instance, anyone can generate a Django Codebase using the CLI (soon to be added to the DOCS)
https://github.com/app-generator/appseed-v2?tab=readme-ov-file#cli-interface
$ python manage.py generator -i # Print HELP
$ python manage.py generator -f sources/input-template-volt.json
Like this, all platform features can be used without an account on the App-Generator domain.
Thanks again for yr feedback.
I just stumbled upon the https://app-generator.dev/ website and tried clicking on the Github Sign IN button.
In the Github consent page I was warned about AppSeed requesting access to absolutely everything from my Github: public and private repos, settings, deploy keys...
If this is intentional it is a huge red flag. If this is a mistake it is even worse, because it may put your users at risk.
I suggest that you urgently address this and revoke any access that any user may have already granted.