feat: add support for a 2nd cleartext github app for grants (#2677)

gitcoinco · Jul 5, 2024 · eff5971 · eff5971
1 parent 223ea9e
commit eff5971
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 7 deletions.
diff --git a/iam/.env-example.env b/iam/.env-example.env
@@ -11,6 +11,8 @@ GITHUB_CLIENT_ID=MY_GITHUB_CLIENT_ID
 GITHUB_CLIENT_SECRET=MY_GITHUB_CLIENT_SECRET
 GRANT_HUB_GITHUB_CLIENT_ID=MY_GRANT_HUB_GITHUB_CLIENT_ID
 GRANT_HUB_GITHUB_CLIENT_SECRET=MY_GRANT_HUB_GITHUB_CLIENT_SECRET
+GRANT_HUB_MACI_GITHUB_CLIENT_ID=MY_GRANT_HUB_GITHUB_CLIENT_ID
+GRANT_HUB_MACI_GITHUB_CLIENT_SECRET=MY_GRANT_HUB_GITHUB_CLIENT_SECRET
 LINKEDIN_CLIENT_ID=MY_LINKEDIN_CLIENT_ID
 LINKEDIN_CLIENT_SECRET=MY_LINKEDIN_CLIENT_SECRET
 LINKEDIN_CALLBACK=http://localhost:3000/

diff --git a/infra/aws/iam_secrets.ts b/infra/aws/iam_secrets.ts
@@ -55,6 +55,14 @@ export const getIamSecrets = (PASSPORT_VC_SECRETS_ARN: string, IAM_SERVER_SSM_AR
     name: "GRANT_HUB_GITHUB_CLIENT_SECRET",
     valueFrom: `${IAM_SERVER_SSM_ARN}:GRANT_HUB_GITHUB_CLIENT_SECRET::`,
   },
+  {
+    name: "GRANT_HUB_MACI_GITHUB_CLIENT_ID",
+    valueFrom: `${IAM_SERVER_SSM_ARN}:GRANT_HUB_MACI_GITHUB_CLIENT_ID::`,
+  },
+  {
+    name: "GRANT_HUB_MACI_GITHUB_CLIENT_SECRET",
+    valueFrom: `${IAM_SERVER_SSM_ARN}:GRANT_HUB_MACI_GITHUB_CLIENT_SECRET::`,
+  },
   {
     name: "LINKEDIN_CLIENT_ID",
     valueFrom: `${IAM_SERVER_SSM_ARN}:LINKEDIN_CLIENT_ID::`,

diff --git a/platforms/src/ClearText/Providers/clearTextGithubOrg.ts b/platforms/src/ClearText/Providers/clearTextGithubOrg.ts
@@ -14,7 +14,8 @@ export type GithubFindMyUserResponse = {
 };
 
 export enum ClientType {
-  GrantHub,
+  GrantHub = 0,
+  GrantHubMACI = 1,
 }
 
 export type GHUserRequestPayload = RequestPayload & {
@@ -101,13 +102,27 @@ const verifyOrg = (data: Organization[], providedOrg: string): GithubMyOrg => {
   };
 };
 
+const getCredentials = (requestedClient: ClientType): { clientId: string; clientSecret: string } => {
+  switch (requestedClient) {
+    case ClientType.GrantHub:
+      return {
+        clientId: process.env.GRANT_HUB_GITHUB_CLIENT_ID,
+        clientSecret: process.env.GRANT_HUB_GITHUB_CLIENT_SECRET,
+      };
+    case ClientType.GrantHubMACI:
+      return {
+        clientId: process.env.GRANT_HUB_MACI_GITHUB_CLIENT_ID,
+        clientSecret: process.env.GRANT_HUB_MACI_GITHUB_CLIENT_SECRET,
+      };
+  }
+  return {
+    clientId: process.env.GITHUB_CLIENT_ID,
+    clientSecret: process.env.GITHUB_CLIENT_SECRET,
+  };
+};
+
 const requestAccessToken = async (code: string, requestedClient: ClientType): Promise<string> => {
-  const clientId =
-    requestedClient === ClientType.GrantHub ? process.env.GRANT_HUB_GITHUB_CLIENT_ID : process.env.GITHUB_CLIENT_ID;
-  const clientSecret =
-    requestedClient === ClientType.GrantHub
-      ? process.env.GRANT_HUB_GITHUB_CLIENT_SECRET
-      : process.env.GITHUB_CLIENT_SECRET;
+  const { clientId, clientSecret } = getCredentials(requestedClient);
 
   // Exchange the code for an access token
   const tokenRequest = await axios.post(