diff --git a/github_access_scripts/README.md b/github_access_scripts/README.md new file mode 100644 index 0000000..c5b1c38 --- /dev/null +++ b/github_access_scripts/README.md @@ -0,0 +1,63 @@ +# GitHub Access Scripts + +This directory contains scripts to check user access to GitHub repositories. + +## Setup + +1. **Create `accounts.json`:** Before running the scripts, you need to create an `accounts.json` file in the root of this project. This file should contain an array of GitHub accounts, each with a username and a personal access token (PAT). + + *Example `accounts.json`:* + ```json + [ + { + "user": "your_github_username", + "token": "your_personal_access_token" + }, + { + "user": "another_github_username", + "token": "another_personal_access_token" + } + ] + ``` + +2. **Permissions:** The personal access tokens require the `repo` scope to read repository information and collaborator lists. + +> **Security Warning:** Storing personal access tokens in a plaintext file is a security risk. If this file is ever exposed, your accounts could be compromised. For better security, consider using environment variables or a dedicated secrets management tool to handle these credentials. + +## Usage + +Make sure the scripts are executable before running them: +```bash +chmod +x github_access_scripts/check_repo_access.sh +chmod +x github_access_scripts/list_user_repos.sh +``` + +### `check_repo_access.sh` + +This script checks if a specific user has collaborator access to a single, specified repository. + +**Command:** +```bash +./github_access_scripts/check_repo_access.sh +``` + +**Example:** +```bash +./github_access_scripts/check_repo_access.sh DARKenergem saravanakumardb/vv-note-mcp-agent-intern-naman +``` + +### `list_user_repos.sh` + +This script attempts to list all repositories a given user has access to, by scanning through the repositories of the accounts listed in `accounts.json`. + +**Note:** This script has limitations. It only checks for access on repositories that the authenticated users (from `accounts.json`) are members of. It may not find all repositories a user has access to if they have access to repos outside of those organizations/users. For checking access to a *specific* repository, `check_repo_access.sh` is more reliable. + +**Command:** +```bash +./github_access_scripts/list_user_repos.sh +``` + +**Example:** +```bash +./github_access_scripts/list_user_repos.sh DARKenergem +``` diff --git a/github_access_scripts/check_repo_access.sh b/github_access_scripts/check_repo_access.sh new file mode 100755 index 0000000..fe87566 --- /dev/null +++ b/github_access_scripts/check_repo_access.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +# Check if GITHUB_USER_NAME and REPO_FULL_NAME are provided +if [ -z "$1" ] || [ -z "$2" ]; then + echo "Usage: $0 " + echo "Example: $0 DARKenergem saravanakumardb/vv-note-mcp-agent-intern-naman" + exit 1 +fi + +GITHUB_USER_NAME="$1" +REPO_FULL_NAME="$2" +ACCOUNTS_FILE="accounts.json" + +# Check if accounts.json exists +if [ ! -f "$ACCOUNTS_FILE" ]; then + echo "Error: $ACCOUNTS_FILE not found." + exit 1 +fi + +# Use the first account in accounts.json for authentication +USER=$(jq -r '.[0].user' "$ACCOUNTS_FILE") +TOKEN=$(jq -r '.[0].token' "$ACCOUNTS_FILE") + +echo "Checking access for $GITHUB_USER_NAME on repo $REPO_FULL_NAME using account $USER" + +# Get collaborators for the repo +COLLABORATORS=$(curl -s -H "Authorization: token $TOKEN" "https://api.github.com/repos/$REPO_FULL_NAME/collaborators" | jq -r '.[].login') + +if echo "$COLLABORATORS" | grep -q "$GITHUB_USER_NAME"; then + echo " - $GITHUB_USER_NAME has access to $REPO_FULL_NAME" +else + echo " - $GITHUB_USER_NAME does not have access to $REPO_FULL_NAME" +fi diff --git a/github_access_scripts/list_user_repos.sh b/github_access_scripts/list_user_repos.sh new file mode 100755 index 0000000..3af03e5 --- /dev/null +++ b/github_access_scripts/list_user_repos.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +# Check if GITHUB_USER_NAME is provided +if [ -z "$1" ]; then + echo "Usage: $0 " + exit 1 +fi + +GITHUB_USER_NAME="$1" +ACCOUNTS_FILE="accounts.json" + +# Check if accounts.json exists +if [ ! -f "$ACCOUNTS_FILE" ]; then + echo "Error: $ACCOUNTS_FILE not found." + exit 1 +fi + +# Loop through each account in accounts.json +jq -c '.[]' "$ACCOUNTS_FILE" | while read -r account; do + USER=$(echo "$account" | jq -r '.user') + TOKEN=$(echo "$account" | jq -r '.token') + + echo "Scanning repos for account: $USER" + + # Get all repos for the user + REPOS=$(curl -s -H "Authorization: token $TOKEN" "https://api.github.com/user/repos?type=all&per_page=100" | jq -r '.[].full_name') + + for REPO in $REPOS; do + # Get collaborators for each repo + COLLABORATORS=$(curl -s -H "Authorization: token $TOKEN" "https://api.github.com/repos/$REPO/collaborators" | jq -r '.[].login') + if echo "$COLLABORATORS" | grep -q "$GITHUB_USER_NAME"; then + echo " - $GITHUB_USER_NAME has access to $REPO" + fi + done +done diff --git a/github_repo_scanners/create_contributor_repo_lists.sh b/github_repo_scanners/create_contributor_repo_lists.sh new file mode 100755 index 0000000..2a460a5 --- /dev/null +++ b/github_repo_scanners/create_contributor_repo_lists.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +ACCOUNTS_FILE="accounts.json" +OUTPUT_DIR="contributor_repos" + +# Check if accounts.json exists +if [ ! -f "$ACCOUNTS_FILE" ]; then + echo "Error: $ACCOUNTS_FILE not found." + exit 1 +fi + +# Create output directory +mkdir -p "$OUTPUT_DIR" + +# Use a temporary directory to store repo lists for each contributor +TMP_DIR=$(mktemp -d) +trap 'rm -rf "$TMP_DIR"' EXIT + +# Loop through each account in accounts.json +jq -c '.[]' "$ACCOUNTS_FILE" | while read -r account; do + USER=$(echo "$account" | jq -r '.user') + TOKEN=$(echo "$account" | jq -r '.token') + + echo "Scanning repos for account: $USER" + + # Get all repos for the user + REPOS=$(curl -s -H "Authorization: token $TOKEN" "https://api.github.com/user/repos?type=all&per_page=100" | jq -r '.[].full_name') + + for REPO in $REPOS; do + echo " - Processing repo: $REPO" + # Get contributors for each repo + CONTRIBUTORS=$(curl -s -H "Authorization: token $TOKEN" "https://api.github.com/repos/$REPO/contributors" | jq -r '.[].login') + + for CONTRIBUTOR in $CONTRIBUTORS; do + # Append the repo to the contributor's list + echo "$REPO" >> "$TMP_DIR/$CONTRIBUTOR" + done + done +done + +# Process the temporary files to create the final JSON files +for contributor_file in "$TMP_DIR"/*; do + CONTRIBUTOR_LOGIN=$(basename "$contributor_file") + echo "Creating JSON for contributor: $CONTRIBUTOR_LOGIN" + + # Sort and unique the repo list, then format as a JSON array + sort -u "$contributor_file" | jq -R . | jq -s . > "$OUTPUT_DIR/${CONTRIBUTOR_LOGIN}.json" +done + +echo "Contributor repository lists have been created in the '$OUTPUT_DIR' directory." diff --git a/github_repo_scanners/create_user_repo_lists.sh b/github_repo_scanners/create_user_repo_lists.sh new file mode 100755 index 0000000..7bc0f8f --- /dev/null +++ b/github_repo_scanners/create_user_repo_lists.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +ACCOUNTS_FILE="accounts.json" + +# Check if accounts.json exists +if [ ! -f "$ACCOUNTS_FILE" ]; then + echo "Error: $ACCOUNTS_FILE not found." + exit 1 +fi + +# Loop through each account in accounts.json +jq -c '.[]' "$ACCOUNTS_FILE" | while read -r account; do + USER=$(echo "$account" | jq -r '.user') + TOKEN=$(echo "$account" | jq -r '.token') + + echo "Fetching repos for account: $USER" + + # Get all repos the user has access to (owner, collaborator, org member) + # and format the output as a JSON array. + curl -s -H "Authorization: token $TOKEN" "https://api.github.com/user/repos?type=all&per_page=100" | \ +jq -r '[.[] | .full_name]' > "${USER}.json" + + echo "Successfully created ${USER}.json" +done + +echo "All user repository lists have been created." +