[英]Serve private GitHub release downloads through Node.js
I've been trying to make the ability to download a private release from a private website for a client.我一直在努力使从私人网站为客户下载私人版本的能力。
Using Node.JS I can use my personal access token to request all the releases, and importantly all the assets inside of that.使用 Node.JS,我可以使用我的个人访问令牌来请求所有版本,重要的是其中的所有资产。 Download URL works well but still requires the user to be logged into Github.com to access the file.
下载 URL 运行良好,但仍需要用户登录 Github.com 才能访问该文件。
Request made on my Node API, which is then served to the frontend (to hide the Personal Access Token.)在我的 Node API 上发出的请求,然后提供给前端(以隐藏个人访问令牌。)
const {data} = await axios.get("https://api.github.com/repos/<company>/<repo>/releases", {
auth: {
username: 'LukeXF',
password: '<key>'
}
})
So, I'm either:所以,我要么:
Results so far:到目前为止的结果:
I can't seem to get the GitHub URL to support inline authentication eg https://github.com/<company>/<repo>/releases/download/${asset}?accessToken=<key>
, which I didn't expect to work anyway, and also is a security vulnerability exposing the token like that.我似乎无法获得支持内联身份验证的 GitHub URL,例如
https://github.com/<company>/<repo>/releases/download/${asset}?accessToken=<key>
,我没有无论如何都不希望工作,而且也是一个暴露令牌的安全漏洞。
Using the Node API as a middle man, I've got it working in parts, but can't seem to get the encoding or user agent working correct, or there are issues with the authentication (which is odd because the first request for the JSON file works without issues).使用 Node API 作为中间人,我让它部分工作,但似乎无法让编码或用户代理正常工作,或者身份验证存在问题(这很奇怪,因为第一个请求JSON 文件可以正常工作)。
const fullUrl = `https://github.com/<company>/<repo>/releases/download/${asset}`;
const {data} = await axios.get(fullUrl, {
headers: {
'Accept': 'application/octet-stream',
// 'User-Agent': 'request module',
},
// encoding: null,
auth: {
username: 'LukeXF',
password: '<key>'
// token: '<key>'
}
});
Any guidance on downloading private release assets from GitHub through Node.js?关于通过 Node.js 从 GitHub 下载私有发布资产的任何指导? I understand if the repo/releases were public then this wouldn't be an issue but it can't be made public.
我知道如果 repo/releases 是公开的,那么这不会是一个问题,但它不能公开。 Perhaps I might need to host my repos on another platform I'm using Electron's auto-updater with private GitHub releases already, I just need to make the ability to manual download releases rather than automated.
也许我可能需要在另一个平台上托管我的存储库,我已经在使用 Electron 的自动更新程序和私有 GitHub 版本,我只需要能够手动下载版本而不是自动化。
If you're using a personal token, you can use Authorization
http header to authenticate using the api, see this :如果您使用的是个人令牌,你可以使用
Authorization
HTTP标头使用API进行身份验证,看这个:
const axios = require("axios");
const key = "YOUR_TOKEN";
(async () => {
//get releases
const { data } = await axios.get(
"https://api.github.com/repos/OWNER/REPO/releases",
{
headers: {
Authorization: `Token ${key}`,
},
}
);
console.log(data);
})();
The following script will download all assets from the latest release and save those assets to local files:以下脚本将从最新版本下载所有资产并将这些资产保存到本地文件:
const axios = require("axios");
const fs = require("fs");
const key = "YOUR_TOKEN";
const authHeaders = {
Authorization: `Token ${key}`,
};
const repoWithOwner = "bertrandmartel/test-repo";
(async () => {
//get latest release
var response = await axios.get(
`https://api.github.com/repos/${repoWithOwner}/releases/latest`,
{
headers: authHeaders,
}
);
var assets = response.data.assets;
for (var i = 0; i < assets.length; i++) {
console.log(assets[i].url);
response = await axios({
method: "get",
url: assets[i].url,
responseType: "stream",
headers: {
Accept: "application/octet-stream",
...authHeaders,
},
});
response.data.pipe(fs.createWriteStream(assets[i].name)); //write asset to file
}
})();
Also, there is octokit github client for JS此外,还有用于 JS 的 octokit github 客户端
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.