feat(integration): add github app authentication (#3968)

2026-02-28 01:10:54 +01:00 · 2025-09-10 21:17:36 +02:00
parent 4d57c7ca13
commit bfcbffbdc6
14 changed files with 282 additions and 77 deletions
--- a/packages/api/src/router/integration/integration-test-connection.ts
+++ b/packages/api/src/router/integration/integration-test-connection.ts
@@ -25,16 +25,6 @@ export const testConnectionAsync = async (
    integrationUrl: integration.url,
  });

-  const formSecrets = integration.secrets
-    .filter((secret) => secret.value !== null)
-    .map((secret) => ({
-      ...secret,
-      // We ensured above that the value is not null
-      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-      value: secret.value!,
-      source: "form" as const,
-    }));
-
  const decryptedDbSecrets = dbSecrets
    .map((secret) => {
      try {
@@ -55,6 +45,15 @@ export const testConnectionAsync = async (
    })
    .filter((secret) => secret !== null);

+  const formSecrets = integration.secrets
+    .map((secret) => ({
+      ...secret,
+      // If the value is not defined in the form (because we only changed other values) we use the existing value from the db if it exists
+      value: secret.value ?? decryptedDbSecrets.find((dbSecret) => dbSecret.kind === secret.kind)?.value ?? null,
+      source: "form" as const,
+    }))
+    .filter((secret): secret is SourcedIntegrationSecret<"form"> => secret.value !== null);
+
  const sourcedSecrets = [...formSecrets, ...decryptedDbSecrets];
  const secretKinds = getSecretKindOption(integration.kind, sourcedSecrets);

@@ -89,10 +88,10 @@ export const testConnectionAsync = async (
  return result;
 };

-interface SourcedIntegrationSecret {
+interface SourcedIntegrationSecret<TSource extends string = "db" | "form"> {
  kind: IntegrationSecretKind;
  value: string;
-  source: "db" | "form";
+  source: TSource;
 }

 const getSecretKindOption = (kind: IntegrationKind, sourcedSecrets: SourcedIntegrationSecret[]) => {
@@ -111,7 +110,9 @@ const getSecretKindOption = (kind: IntegrationKind, sourcedSecrets: SourcedInteg
  }

  const onlyFormSecretsKindOptions = matchingSecretKindOptions.filter((secretKinds) =>
-    sourcedSecrets.filter((secret) => secretKinds.includes(secret.kind)).every((secret) => secret.source === "form"),
+    secretKinds.every((secretKind) =>
+      sourcedSecrets.find((secret) => secret.kind === secretKind && secret.source === "form"),
+    ),
  );

  if (onlyFormSecretsKindOptions.length >= 1) {
--- a/packages/api/src/router/test/integration/integration-test-connection.spec.ts
+++ b/packages/api/src/router/test/integration/integration-test-connection.spec.ts
@@ -265,4 +265,77 @@ describe("testConnectionAsync should run test connection of integration", () =>
      ],
    });
  });
+
+  test("with input of existing github app", async () => {
+    // Arrange
+    const factorySpy = vi.spyOn(homarrIntegrations, "createIntegrationAsync");
+    const optionsSpy = vi.spyOn(homarrDefinitions, "getAllSecretKindOptions");
+    factorySpy.mockReturnValue(
+      Promise.resolve({
+        testConnectionAsync: async () => await Promise.resolve({ success: true }),
+      } as homarrIntegrations.PiHoleIntegrationV6),
+    );
+    optionsSpy.mockReturnValue([[], ["githubAppId", "githubInstallationId", "privateKey"]]);
+
+    const integration = {
+      id: "new",
+      name: "GitHub",
+      url: "https://api.github.com",
+      kind: "github" as const,
+      secrets: [
+        {
+          kind: "githubAppId" as const,
+          value: "345",
+        },
+        {
+          kind: "githubInstallationId" as const,
+          value: "456",
+        },
+        {
+          kind: "privateKey" as const,
+          value: null,
+        },
+      ],
+    };
+
+    const dbSecrets = [
+      {
+        kind: "githubAppId" as const,
+        value: "123.encrypted" as const,
+      },
+      {
+        kind: "githubInstallationId" as const,
+        value: "234.encrypted" as const,
+      },
+      {
+        kind: "privateKey" as const,
+        value: "privateKey.encrypted" as const,
+      },
+    ];
+
+    // Act
+    await testConnectionAsync(integration, dbSecrets);
+
+    // Assert
+    expect(factorySpy).toHaveBeenCalledWith({
+      id: "new",
+      name: "GitHub",
+      url: "https://api.github.com",
+      kind: "github" as const,
+      decryptedSecrets: [
+        expect.objectContaining({
+          kind: "githubAppId",
+          value: "345",
+        }),
+        expect.objectContaining({
+          kind: "githubInstallationId",
+          value: "456",
+        }),
+        expect.objectContaining({
+          kind: "privateKey",
+          value: "privateKey",
+        }),
+      ],
+    });
+  });
 });