Thursday November 11, 2021; 8:46 AM EST
- The place to ask questions is here. #
- Before anything -- be careful!#
- The GitHub functionality is simple, easy to master -- but incredibly powerful.#
- I just got an alert from GitHub that they noticed that I uploaded a valid access token to my tmp1 repository, #
- It's good that they were watching. #
- How did I do this? I uploaded the OPML of my notes outline that had one-liners in it, including one that returns my access token. I was debugging my code, so it was a natural thing to do. And uploading the file was a one-liner! Really easy. I was so proud. #
- Okay they revoked the token. Good move. But if there were other sensitive info there they would not have been able to revoke it. #
- So be careful! Don't upload before thinking. And don't enter security oriented info into your outlines, ever. A rule I am pretty good at following, except sometimes when I'm feeling successful apparently. #
- Be careful. Be careful. Be careful. Be careful. Be careful. Be careful. Be careful. Be careful. Be careful. #
- Things I still have to do --#
- Review DocServer docs. Some of the requests return huge amounts of info, not really great for DocServer, so I want to edit things so it's less cumbersome.#
- New release of Electric Drummer. This will be the first release since the first ship of Drummer on Oct 10. But I have some programming to do to make E/D work with GitHub, but I don't think it'll take too long to get done. #
- Test error conditions. I haven't tried getting the directory of a file, for example. It shouldn't work. I have no idea what it returns. #
- Things you should do next#
- First thing you should do, in an outline, with Cmd-/. #
- github.connectViaOauth ()#
- What it does -- it redirects you to GitHub where it knows about Drummer (I configured it, and it gave me back a client ID and secret). Your request includes the client id, that's how it knows where you came from. Then you will authorize Drummer to do stuff on your behalf. I think I have only asked for access to repos. You should verify that? It's a little confusing perhaps, for me too.#
- Then, assuming you've given permission, it redirects back to drummer.scripting.com, and it opens the client in your browser, with your access token as a parameter. The client sees the access token, puts it in localStorage on your machine, and then redirects back to itself without the access token param. So you may see a little loading and reloading, but when everything settles down, you'll be logged in. #
- The way to verify that you're logged in is to specifically check, thus --#
- github.getAccessToken ()#
- Then here are some other things you can try out#
- github.getUserInfo ()#
- github.getUserInfo ("scripting")#
- Do you have a repo? If so, try downloading a file, here's an example that works for me.#
- github.download ("scripting", "Scripting-News", "/blog/stories/2020/02/15/a142106.md")#
- You can also upload files, but only to repos where you have permission to write. #