rndquu
commented
1 month ago The decrypt functions should be exported in src/index.ts if we want to use it in
conversation-rewards
Closed rndquu closed 1 month ago
rndquu
commented
1 month ago The decrypt functions should be exported in src/index.ts if we want to use it in
conversation-rewards
Related to https://github.com/ubiquity/ubiquibot-kernel/issues/104
Right now there is an issue when a malicious partner can copy other partner's encrypted private key and use it in its own organization.
This PR introduces 3 private key formats:
PRIVATE_KEYPRIVATE_KEY:GITHUB_ORGANIZATION_IDPRIVATE_KEY:GITHUB_ORGANIZATION_ID:GITHUB_REPOSITORY_IDYou may read how they're supposed to be used here.
The next step is to validate organization and repository in the https://github.com/ubiquibot/conversation-rewards plugin if they are allowed to be used in the organization/repository where original issue was called from.