feat: add restricted access on github auth

[olzhik11]

Added access control on github auth through json file

---

Important

Added restricted access for GitHub authentication using a JSON file to control allowed emails.

• Authentication:
  • Added signIn callback in auth.ts to restrict GitHub access based on emails from allowed-emails.json.
  • Introduced getEmailsConfig in server-utils.ts to read allowed emails from JSON.
• Components:
  • Updated GitHubSignInButton in github-signin.tsx to handle sign-in errors with toast notifications.
  • Simplified EmailSignInButton in email-signin.tsx by removing unused props.
• Features:
  • Added check for GITHUB_AUTH in features.ts to ensure GitHub credentials are set.
• Misc:
  • Standardized import quotes across modified files.

^{This description was created by for 855bacc. It will automatically update as commits are pushed.}

[dinmukhamedm]

Good job. I left a couple comments

[dinmukhamedm]

nit: redundant import

[dinmukhamedm]

should we maybe do toast in addition to/instead of console.log?

[dinmukhamedm]

nit: do we really need this? If this is not debug log I suggest we either remove it or make it more informative

[dinmukhamedm]

nit: let's make this a little more informative, e.g. Failed to read allowed-emails.json ${e}

[dinmukhamedm]

Even though this may throw TS errors, I think it will silently return undefined for valid JSON files with invalid format. Please handle, by at least returning jsonData.emails ?? [] or better throw an error if jsonData.emails === undefined

[dinmukhamedm]

Even though this may throw TS errors, I think it will silently return undefined for valid JSON files with invalid format. Please handle, by at least returning jsonData.emails ?? [] or better throw an error if jsonData.emails === undefined

[dinmukhamedm]

• we might also want to validate every email, but that might be overkill – up to you

[olzhik11]

I think email validation might be too much

[olzhik11]

@dinmukhamedm yes agree with all comments, should have fixed them before, should be good now, for the emails part I agree we need fallback or error throw, I added error throw though if needed we can make fallback for empty list, meaning no user will be able to pass github signin

[dinmukhamedm]

LGTM

[ellipsis-dev]

❌ Changes requested. Reviewed everything up to 855bacc in 1 minute and 57 seconds

More details

• Looked at 511 lines of code in 6 files
• Skipped 0 files when reviewing.
• Skipped posting 1 drafted comments based on config settings.

1. frontend/components/sign-in/email-signin.tsx:43

• Draft comment:
  The handleEnter prop is not defined in the Button component's props. Consider removing it or implementing it in the Button component.
• Reason this comment was not posted:
  Comment was on unchanged code.

Workflow ID: wflow_KfkpCB94KpD8oF5l

---

Want Ellipsis to fix these issues? Tag @ellipsis-dev in a comment. You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.

[ellipsis-dev]

Consider using fs.promises.readFile instead of fs.readFileSync to avoid blocking the event loop in an async function.

[dinmukhamedm]

@olzhik11 please have a look if that makes sense

[ellipsis-dev]

Consider adding a try-catch block around JSON.parse to handle potential JSON parsing errors gracefully.

[dinmukhamedm]

@olzhik11 please address

[olzhik11]

@dinmukhamedm for this one then we won't be able to throw error if file doesn't match structure

[olzhik11]

@dinmukhamedm I added fallback instead, and throw on file parsing error