[Suggestion] Limit GitHub authorization scope to selected repositories instead of all public repos

mazzzystar / tinymind

Tinymind - Write and sync your blog & thoughts with GitHub

https://tinymind.me

MIT License

649 stars 46 forks source link

[Suggestion] Limit GitHub authorization scope to selected repositories instead of all public repos #22

Open b1tg opened 1 month ago

b1tg commented 1 month ago

First of all, Tinymind is a fantastic tool.

I've noticed an area where I believe we could enhance user privacy and security: When logging in with GitHub, users need to authorize Tinymind to access all of their public GitHub repositories, which seems unnecessary. Could we limit the access to selected repositories instead?

mazzzystar commented 1 month ago

Hi I've tried to give permission to only "create repo" and "modify that repo", but I found I can't do that because when auth user didn't have that repo.

Any good ideas for this part?https://github.com/mazzzystar/tinymind/blob/d1a8745c58ad04228355618548e65bc35738b49b/lib/auth.ts#L27-L38

b1tg commented 1 month ago

Sorry, I don't have the experience debugging GitHub authentication processes, but when i use hashnode.com 's Back up to Github (accessible via Dashboard -> GitHub -> GitHub integration), it only asks for single repo access, which might be helpful.

mazzzystar commented 1 month ago

Thank you, I will try out later.