feat(docs): Use GitHub App over PAT and use octokit (#599)

* feat(docs): Use GitHub App over PAT and use octokit

* Use typescript

Author: robinbraemer

.web/functions/api/extensions.js

@@ -0,0 +1,84 @@
+/// <reference types="@cloudflare/workers-types" />
+
+// functions/api/extensions.ts
+
+import { getOctokit, type GitHubAppEnv } from './github-auth';
+
+const CACHE_DURATION = 60 * 60; // Cache duration in seconds
+
+interface ExtensionRepository {
+  name: string;
+  owner: string;
+  description: string | null;
+  stars: number;
+  url: string;
+}
+
+interface CloudflarePagesFunctionEnv extends GitHubAppEnv {
+  GITHUB_CACHE: KVNamespace;
+}
+
+interface CloudflarePagesFunctionContext {
+  env: CloudflarePagesFunctionEnv;
+}
+
+export async function onRequest(
+  context: CloudflarePagesFunctionContext
+): Promise<Response> {
+  const cacheKey = 'gate-extension-repositories';
+
+  // Access the KV namespace from context.env
+  const GITHUB_CACHE = context.env.GITHUB_CACHE;
+
+  // Check for cached data
+  const cachedResponse = await GITHUB_CACHE.get(cacheKey);
+  if (cachedResponse) {
+    return new Response(cachedResponse, {
+      headers: {
+        'Content-Type': 'application/json',
+        'Access-Control-Allow-Origin': '*',
+      },
+    });
+  }
+
+  try {
+    // Get authenticated Octokit instance
+    const octokit = await getOctokit(context.env, GITHUB_CACHE);
+
+    // Search for repositories with topic:gate-extension
+    const { data } = await octokit.request('GET /search/repositories', {
+      q: 'topic:gate-extension',
+      sort: 'stars',
+      order: 'desc',
+    });
+
+    const libraries: ExtensionRepository[] = data.items.map((item) => ({
+      name: item.name,
+      owner: item.owner?.login ?? 'unknown',
+      description: item.description,
+      stars: item.stargazers_count,
+      url: item.html_url,
+    }));
+
+    // Cache the response
+    await GITHUB_CACHE.put(cacheKey, JSON.stringify(libraries), {
+      expirationTtl: CACHE_DURATION,
+    });
+
+    return new Response(JSON.stringify(libraries), {
+      headers: {
+        'Content-Type': 'application/json',
+        'Access-Control-Allow-Origin': '*',
+        'Access-Control-Allow-Methods': 'GET',
+        'Access-Control-Allow-Headers': 'Content-Type',
+      },
+    });
+  } catch (error) {
+    const errorMessage =
+      error instanceof Error ? error.message : 'Unknown error';
+    return new Response(`Error fetching data: ${errorMessage}`, {
+      status: 500,
+    });
+  }
+}
+

.web/functions/api/extensions.ts

@@ -0,0 +1,79 @@
+/// <reference types="@cloudflare/workers-types" />
+
+// Shared utility for GitHub App authentication
+// This replaces PAT (Personal Access Token) authentication with GitHub App authentication
+// Uses JWT tokens for public repository searches (no installation required)
+
+import { createAppAuth } from '@octokit/auth-app';
+import { Octokit } from '@octokit/core';
+
+const JWT_TOKEN_CACHE_KEY = 'github-jwt-token';
+const JWT_TOKEN_CACHE_TTL = 8 * 60; // 8 minutes (JWT tokens expire after 10 minutes)
+
+/**
+ * Environment variables interface for GitHub App configuration
+ */
+export interface GitHubAppEnv {
+  GITHUB_APP_ID: string;
+  GITHUB_APP_PRIVATE_KEY: string;
+  GITHUB_CACHE?: KVNamespace;
+}
+
+/**
+ * Get an authenticated Octokit instance using GitHub App JWT
+ * @param env - Cloudflare environment variables
+ * @param cache - Cache object (e.g., KV namespace)
+ * @returns Authenticated Octokit instance
+ */
+export async function getOctokit(
+  env: GitHubAppEnv,
+  cache?: KVNamespace
+): Promise<Octokit> {
+  // Get GitHub App credentials
+  const appId = env.GITHUB_APP_ID;
+  const privateKey = env.GITHUB_APP_PRIVATE_KEY;
+
+  if (!appId || !privateKey) {
+    throw new Error(
+      'GitHub App credentials not configured. Need GITHUB_APP_ID and GITHUB_APP_PRIVATE_KEY'
+    );
+  }
+
+  // Check cache first for JWT token
+  let token: string | null = null;
+  if (cache) {
+    const cachedToken = await cache.get(JWT_TOKEN_CACHE_KEY);
+    if (cachedToken) {
+      token = cachedToken;
+    }
+  }
+
+  // Generate fresh JWT token if not cached
+  if (!token) {
+    // Create GitHub App auth instance
+    const auth = createAppAuth({
+      appId,
+      privateKey,
+    });
+
+    // Get JWT token (no installation needed for public repo searches)
+    const authResult = await auth({
+      type: 'app',
+    });
+
+    token = authResult.token;
+
+    // Cache the token (JWT tokens are valid for 10 minutes)
+    if (cache && token) {
+      await cache.put(JWT_TOKEN_CACHE_KEY, token, {
+        expirationTtl: JWT_TOKEN_CACHE_TTL,
+      });
+    }
+  }
+
+  // Return authenticated Octokit instance
+  return new Octokit({
+    auth: token,
+  });
+}
+