[Suggestion] Limit GitHub authorization scope to selected repositories instead of all public repos

mazzzystar / tinymind

Tinymind - Write and sync your blog & thoughts with GitHub

https://tinymind.me

MIT License

612 stars 46 forks source link

[Suggestion] Limit GitHub authorization scope to selected repositories instead of all public repos #22

Open b1tg opened 1 week ago

b1tg commented 1 week ago

First of all, Tinymind is a fantastic tool.

I've noticed an area where I believe we could enhance user privacy and security: When logging in with GitHub, users need to authorize Tinymind to access all of their public GitHub repositories, which seems unnecessary. Could we limit the access to selected repositories instead?

mazzzystar commented 1 week ago

Hi I've tried to give permission to only "create repo" and "modify that repo", but I found I can't do that because when auth user didn't have that repo.

Any good ideas for this part?https://github.com/mazzzystar/tinymind/blob/d1a8745c58ad04228355618548e65bc35738b49b/lib/auth.ts#L27-L38

b1tg commented 1 week ago

Sorry, I don't have the experience debugging GitHub authentication processes, but when i use hashnode.com 's Back up to Github (accessible via Dashboard -> GitHub -> GitHub integration), it only asks for single repo access, which might be helpful.

mazzzystar commented 1 week ago

Thank you, I will try out later.