From aae0f68aa96b53b32c57b7ba4a21014f3ba41222 Mon Sep 17 00:00:00 2001
From: ctrlc03 <93448202+ctrlc03@users.noreply.github.com>
Date: Wed, 25 Jan 2023 14:46:34 +0000
Subject: [PATCH] feat(auth): added a function to detect GitHub reputation
 based on simple heuristics

Added a function that checks whether a connected GitHub account follows at least 5 users and has at
least one public repository.

fix #271
---
 packages/actions/src/helpers/security.ts | 38 ++++++++++++++++++++++++
 packages/actions/src/index.ts            |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 packages/actions/src/helpers/security.ts

diff --git a/packages/actions/src/helpers/security.ts b/packages/actions/src/helpers/security.ts
new file mode 100644
index 00000000..452957b2
--- /dev/null
+++ b/packages/actions/src/helpers/security.ts
@@ -0,0 +1,38 @@
+import fetch from "node-fetch"
+
+/**
+ * This function will return the number of public repos of a user
+ * @param user <string> The username of the user
+ * @param token <string> The token of the user
+ * @returns <number> The number of public repos
+ */
+const getNumberOfPublicRepos = async (user: string, token: string): Promise<number> => {
+    const response = await fetch(`https://api.github.com/users/${user}/repos`, {
+        headers: {
+            Authorization: `token ${token}`
+        }
+    })
+    const repos = await response.json()
+
+    if (!repos || repos.length === 0) throw new Error("No public repos found")
+    return repos.length
+}
+
+/**
+ * This function will check if the user is reputable enough to be able to use the app
+ * @param token <string> The token of the user
+ */
+export const githubReputation = async (token: string) => {
+    const userResponse = await fetch("https://api.github.com/user", {
+        headers: {
+            authorization: `token ${token}`
+        }
+    })
+    if (userResponse.status !== 200) throw new Error("Not connected")
+    const user = await userResponse.json()
+
+    const following = Number(user.following)
+    const repos = await getNumberOfPublicRepos(user.login, token)
+
+    if (following < 5 && repos === 0) throw new Error("This account is not reputable enough")
+}
diff --git a/packages/actions/src/index.ts b/packages/actions/src/index.ts
index 625bf3a6..cabf75cb 100644
--- a/packages/actions/src/index.ts
+++ b/packages/actions/src/index.ts
@@ -54,3 +54,4 @@ export {
     signInToFirebaseWithCredentials,
     getCurrentFirebaseAuthUser
 } from "./helpers/firebase"
+export { githubReputation } from "./helpers/security"