PuzzleScript icon indicating copy to clipboard operation
PuzzleScript copied to clipboard
verified publisher icon increpare

ALL puzzles on puzzlescript.net are broken due to missing auth token for github

Open JasonVanceMiller opened this issue 3 months ago • 7 comments

It looks like github changed their gist api such that it now requires an auth token to fetch from a public repo. All puzzles on https://www.puzzlescript.net/Gallery/index.html give a 401:

Image

This fails at least as early as the request to: https://api.github.com/gists/cfdcc6e23f1fb3e9de2fd42fafaf4d4c

For example curling the gist for enigmash fails without adding -H "Authorization: Bearer [Personal Github Token]"

curl -L -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/gists/cfdcc6e23f1fb3e9de2fd42fafaf4d4c

{ "message": "Requires authentication", "documentation_url": "https://docs.github.com/rest", "status": "401" }

Adding the following line to the website source for githubHTTPClient fixed it:

var githubURL = 'https://api.github.com/gists/'+id;

var githubHTTPClient = new XMLHttpRequest();
githubHTTPClient.open('GET', githubURL);
>> githubHTTPClient.setRequestHeader('Authorization','Bearer ' + 'github_pat_XXXXXXXXXXXXXXXX');

This fix seems incomplete on its own, working for some games not others. The others are breaking in subtle ways that requires an expert's eye.

JasonVanceMiller avatar Sep 16 '25 02:09 JasonVanceMiller

I hate dependencies!!!

I can confirm that PS Next suffers from the same problem. I assume the same will be true of all other forks (except PuzzleScript, which has no gallery).

  1. I cannot immediately find anything about this issue. Do you know of any docs?
  2. For now I shall wait until increpare finds a solution for PS, and then merge it into PS Next.
  3. Or I could simply import all the games into PS Next and the problem (and the dependency) goes away. Sounds attractive.

david-pfx avatar Sep 16 '25 06:09 david-pfx

Maybe I'll have to push the requests to be server-side to avoid leaking tokens? That'd be annoying...hmm...I'm not very experienced with this stuff...

(Thanks for the report)

increpare avatar Sep 16 '25 07:09 increpare

The documentation still says:

You can read public gists anonymously, but you must be signed into GitHub to create gists. To read or write gists on a user's behalf, you need the gist OAuth scope and a token. For more information, see Scopes for OAuth apps.

( https://docs.github.com/en/rest/gists/gists?apiVersion=2022-11-28 )

increpare avatar Sep 16 '25 07:09 increpare

I should try find the config page of the puzzlescript app/oauth thing to see if new permissions have been added 🙃

increpare avatar Sep 16 '25 07:09 increpare

Releveant documentation:

https://docs.github.com/en/rest/gists/gists?apiVersion=2022-11-28#get-a-gist

At the top of the page it says

You can read public gists anonymously, but you must be signed into GitHub to create gists.

But when I run

curl -L \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/gists/79543dee97fb5aaab6a267de31e186b3

I get

  "message": "Requires authentication",
  "documentation_url": "https://docs.github.com/rest",
  "status": "401"
}%

lol

increpare avatar Sep 16 '25 09:09 increpare

issue on github dev community https://github.com/orgs/community/discussions/173621 - feel welcome to go there and upvote the issue if this affects you - that might improve response/visibibility of the issue to GitHub.

increpare avatar Sep 16 '25 09:09 increpare

I've fixed the issue my moving it to the server, which is annoying for other people. I'll revert back if they fix it (especially if this results in me hitting rate limits), but given the severity of the issue, I'll put this up quickly. (gist_proxy.py)

I'll leave the issue open for now in case something happens/somebody finds a better fix.

increpare avatar Sep 16 '25 10:09 increpare