feat(dashboard): proxy GitHub user-attachment images

GitHub's modern issue-comment image hosting at
github.com/user-attachments/assets/<uuid> is auth-gated — the URL only
302-resolves to a JWT-signed private-user-images.githubusercontent.com
asset when the request carries a _gh_sess cookie or App-installation
bearer. From a third-party browser tab the request 404s, so screenshots
pasted into synced GitHub comments rendered as broken-image glyphs in
the dashboard.

Adds an image-proxy endpoint that fetches the URL server-side using the
project's GitHub App installation token, manually follows the 302 to the
CDN (without forwarding the bearer to the redirect host), and streams
the bytes back. The markdown renderer now rewrites recognised GitHub
asset URLs through this proxy so existing comment bodies just work.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: Ripwords

apps/dashboard/app/composables/use-markdown.ts

@@ -35,10 +35,40 @@ marked.use({ renderer, async: false })
  * measure; our renderer also adds rel="noopener noreferrer" so the risk is
  * covered).
  */
+// Hosts whose image URLs need to be proxied through our origin. The
+// `github.com/user-attachments/assets/<uuid>` URL is auth-gated — it only
+// 302-resolves to a signed `private-user-images.githubusercontent.com/...`
+// asset when the request carries a `_gh_sess` cookie or `Authorization`
+// header. From a third-party browser tab the request 404s, so the dashboard
+// would otherwise render a broken-image glyph for every screenshot pasted
+// into a synced GitHub comment. We rewrite those URLs to flow through our
+// own origin, where the server fetches them with the GitHub App
+// installation token. Public `user-images.githubusercontent.com` (older
+// uploads) and avatar URLs are unaffected.
+const PROXY_HOST_RE =
+  /^https:\/\/(?:github\.com\/user-attachments\/assets\/|private-user-images\.githubusercontent\.com\/)/
+
+function rewriteGithubImages(html: string, projectId: string): string {
+  return html.replace(/<img\b([^>]*?)\bsrc="([^"]+)"/gi, (whole, attrs: string, url: string) => {
+    if (!PROXY_HOST_RE.test(url)) return whole
+    const proxied = `/api/projects/${encodeURIComponent(projectId)}/integrations/github/image-proxy?url=${encodeURIComponent(url)}`
+    return `<img${attrs} src="${proxied}"`
+  })
+}
+
+export interface RenderMarkdownOptions {
+  /** When set, GitHub user-attachment image URLs are rewritten through
+   *  the dashboard's image-proxy endpoint so they bypass GitHub's auth gate. */
+  rewriteImagesFor?: { projectId: string }
+}
+
 export function useMarkdown() {
-  function renderMarkdown(src: string): string {
+  function renderMarkdown(src: string, opts?: RenderMarkdownOptions): string {
     if (!src) return ""
-    const rawHtml = marked(src) as string
+    let rawHtml = marked(src) as string
+    if (opts?.rewriteImagesFor) {
+      rawHtml = rewriteGithubImages(rawHtml, opts.rewriteImagesFor.projectId)
+    }
     if (import.meta.server) {
       // DOMPurify needs a DOM. During SSR we return an unsanitised string —
       // BUT the Comments tab only renders on the client (it's a tab the user

apps/dashboard/server/api/projects/[id]/integrations/github/image-proxy.get.ts

@@ -0,0 +1,127 @@
+// apps/dashboard/server/api/projects/[id]/integrations/github/image-proxy.get.ts
+//
+// Proxies GitHub user-attachment image URLs through this origin so they can
+// load in the dashboard's comment thread.
+//
+// Why this exists:
+//   GitHub's modern issue-comment image hosting at
+//   `https://github.com/user-attachments/assets/<uuid>` is auth-gated. The
+//   URL only 302-resolves to a JWT-signed
+//   `https://private-user-images.githubusercontent.com/<id>/<uuid>?jwt=...`
+//   when the request carries a `_gh_sess` cookie or `Authorization: Bearer
+//   <token>`. From a third-party browser tab — i.e. *every* dashboard user —
+//   the request 404s. The dashboard would otherwise render a broken-image
+//   glyph for every screenshot pasted into a synced GitHub comment.
+//
+// What we do:
+//   1. Validate the requested URL is one of the recognised GitHub asset hosts.
+//   2. Mint a short-lived installation access token for the project's
+//      GitHub App installation.
+//   3. Issue the request with `Authorization: Bearer <token>`,
+//      `redirect: "manual"`. GitHub responds 302 with a Location header
+//      pointing at a JWT-signed CDN URL.
+//   4. Refetch the redirect target *without* the bearer token (the JWT is
+//      already part of the URL; forwarding our App token to a different
+//      host would leak credentials).
+//   5. Stream the bytes back with the upstream Content-Type and a short
+//      private cache window.
+//
+// Threat model:
+//   - Auth: requireProjectRole(viewer) — only members of the project that
+//     owns the comment can fetch images for that project.
+//   - SSRF: URL host is regex-checked against a tight whitelist of GitHub
+//     hosts; arbitrary URLs are rejected at step (1).
+//   - Token leak: bearer token is dropped before following the 302 to
+//     `private-user-images.githubusercontent.com` (different host, JWT in
+//     the URL is sufficient auth).
+//   - Bandwidth: 10 MiB cap so a malformed/oversized upstream can't be used
+//     as an egress amplifier.
+//   - Content sniffing: `X-Content-Type-Options: nosniff` + we refuse
+//     non-image upstream Content-Types.
+import { createError, defineEventHandler, getQuery, getRouterParam, setHeader } from "h3"
+import { Buffer } from "node:buffer"
+import { eq } from "drizzle-orm"
+import { db } from "../../../../../db"
+import { githubIntegrations } from "../../../../../db/schema"
+import { requireProjectRole } from "../../../../../lib/permissions"
+import { getInstallationToken } from "../../../../../lib/github"
+
+const ALLOWED_HOST_RE =
+  /^https:\/\/(?:github\.com\/user-attachments\/assets\/|private-user-images\.githubusercontent\.com\/|user-images\.githubusercontent\.com\/)/
+
+const MAX_BYTES = 10 * 1024 * 1024 // 10 MiB
+
+export default defineEventHandler(async (event): Promise<Buffer> => {
+  const projectId = getRouterParam(event, "id")
+  if (!projectId) throw createError({ statusCode: 400, statusMessage: "missing project id" })
+  await requireProjectRole(event, projectId, "viewer")
+
+  const { url } = getQuery(event) as { url?: string }
+  if (!url || typeof url !== "string" || !ALLOWED_HOST_RE.test(url)) {
+    throw createError({ statusCode: 400, statusMessage: "Invalid or disallowed URL" })
+  }
+
+  const [gi] = await db
+    .select({ installationId: githubIntegrations.installationId })
+    .from(githubIntegrations)
+    .where(eq(githubIntegrations.projectId, projectId))
+    .limit(1)
+
+  if (!gi) {
+    throw createError({ statusCode: 404, statusMessage: "GitHub integration not configured" })
+  }
+
+  const token = await getInstallationToken(gi.installationId)
+
+  // Step 1: hit the auth-gated GitHub URL with our App token. Manual redirect
+  // — we MUST NOT let fetch follow it automatically because that would
+  // forward the bearer token to the CDN host.
+  const upstream = await fetch(url, {
+    headers: {
+      Authorization: `Bearer ${token}`,
+      "User-Agent": "Repro-Dashboard-ImageProxy",
+      Accept: "image/*,*/*;q=0.8",
+    },
+    redirect: "manual",
+  })
+
+  let final: Response
+  if (upstream.status >= 300 && upstream.status < 400) {
+    const location = upstream.headers.get("location")
+    if (!location) {
+      throw createError({ statusCode: 502, statusMessage: "Upstream redirect without Location" })
+    }
+    // Step 2: follow the redirect to the JWT-signed CDN URL, no auth header.
+    final = await fetch(location, {
+      headers: {
+        "User-Agent": "Repro-Dashboard-ImageProxy",
+        Accept: "image/*,*/*;q=0.8",
+      },
+      redirect: "follow",
+    })
+  } else {
+    final = upstream
+  }
+
+  if (!final.ok) {
+    throw createError({ statusCode: final.status, statusMessage: `Upstream ${final.status}` })
+  }
+
+  const contentType = final.headers.get("content-type") ?? "application/octet-stream"
+  if (!contentType.startsWith("image/")) {
+    throw createError({ statusCode: 415, statusMessage: "Upstream is not an image" })
+  }
+
+  const buf = Buffer.from(await final.arrayBuffer())
+  if (buf.byteLength > MAX_BYTES) {
+    throw createError({ statusCode: 413, statusMessage: "Image too large" })
+  }
+
+  setHeader(event, "Content-Type", contentType)
+  // Override the global `/api/**` no-store rule — the proxied bytes are
+  // immutable for a given URL (uuids are content-addressed) and re-fetching
+  // on every paint hammers GitHub. Private since this is auth-gated content.
+  setHeader(event, "Cache-Control", "private, max-age=3600, immutable")
+  setHeader(event, "X-Content-Type-Options", "nosniff")
+  return buf
+})

apps/dashboard/server/lib/github.ts

@@ -2,7 +2,7 @@
 import { createHmac, timingSafeEqual } from "node:crypto"
 import { readFileSync } from "node:fs"
 import { isAbsolute, resolve } from "node:path"
-import { createInstallationClient } from "@reprojs/integrations-github"
+import { createAppAuth, createInstallationClient } from "@reprojs/integrations-github"
 import type { GitHubInstallationClient } from "@reprojs/integrations-github"
 import { getGithubAppCredentials } from "./github-app-credentials"
 
@@ -12,6 +12,29 @@ function resolvePrivateKey(raw: string): string {
   return readFileSync(path, "utf8")
 }
 
+/**
+ * Mint a short-lived installation access token for raw HTTP calls that
+ * Octokit can't easily express (binary streaming, manual redirect handling).
+ * The current consumer is the GitHub user-attachment image proxy — see
+ * `server/api/projects/[id]/integrations/github/image-proxy.get.ts`.
+ *
+ * Throws if the GitHub App is not configured. Returns the bare token; the
+ * caller wraps it as `Authorization: Bearer <token>`.
+ */
+export async function getInstallationToken(installationId: number): Promise<string> {
+  const creds = await getGithubAppCredentials()
+  if (!creds) {
+    throw new Error("GitHub App is not configured — cannot mint installation token")
+  }
+  const auth = createAppAuth({
+    appId: creds.appId,
+    privateKey: resolvePrivateKey(creds.privateKey),
+    installationId,
+  })
+  const result = (await auth({ type: "installation" })) as { token: string }
+  return result.token
+}
+
 // Test-only override hook: allows integration tests to inject a mock client
 // without reaching the Octokit network path. Production callers ignore it.
 let overrideFactory: ((installationId: number) => GitHubInstallationClient) | null = null

packages/integrations/github/src/client.ts

@@ -1,6 +1,11 @@
 // packages/integrations/github/src/client.ts
 import { createAppAuth } from "@octokit/auth-app"
 import { Octokit } from "@octokit/rest"
+
+// Re-exported so server-side dashboard code can mint installation tokens for
+// raw HTTP calls (e.g. proxying user-attachment images) without taking a
+// direct dep on @octokit/auth-app.
+export { createAppAuth }
 import type {
   CloseIssueInput,
   CreateIssueInput,