chore: Move GitHub logic out of the frontend

[amanape]

This PR replaces and simplifies #6286

Give a summary of what the PR does, explaining any non-trivial design decisions

Frontend

• Store github_token in the settings file store on the server
• Do not store github_token on the frontend
• Repurpose the React auth context to include githubTokenIsSet instead
• Remove GitHub refresh logic from the frontend

Backend

• Create GitHubTokenMiddleware to retrieve and set the github_token from the settings file store to the request state object
• GitHub token-dependent endpoints now require request.state.github_token instead of "X-GitHub-Token" header
• Check if token is valid (by making a call to /user) when POST /settings is called with a github_token

Common

• Extend the settings type to include github_token, unset_github_token, and github_token_is_set properties

UI

• Instead of a separate GitHub token modal, pressing the "Connect GitHub" button opens the existing account settings modal

To run this PR locally, use the following command:

docker run -it --rm   -p 3000:3000   -v /var/run/docker.sock:/var/run/docker.sock   --add-host host.docker.internal:host-gateway   -e SANDBOX_RUNTIME_CONTAINER_IMAGE=docker.all-hands.dev/all-hands-ai/runtime:5c693aa-nikolaik   --name openhands-app-5c693aa   docker.all-hands.dev/all-hands-ai/openhands:5c693aa

[enyst]

This is a big PR, but the backend looks good to me. I had a question about those redundant values saved in Settings. IMHO only github_token is needed, and we can compute the rest. We can compute them in the BE if you want, so that nothing changes for FE, we just don't save them.

If you feel strongly that they need saved, okay, but please note that then it's a bit more difficult to remove them later, because they will be on users' machines.

[rbren]

Haven't confirmed that this is specific to your branch, but if I try and start a session with no settings, I just get a 400 error instead of the settings modal opening.

Ideally if we load the page and there are no settings, the modal just opens automatically

Similarly, trying to connect a GitHub account without settings set causes a hard-to-diagnose error. FE says 401, backend logs say:

17:51:19 - openhands:WARNING: settings.py:105 - Invalid token: Error calling function `llm_api_key_serializer`: TypeError: Object of type 'NoneType' is not JSON serializable

[rbren]

Just tried latest and got a wild rush of toasts

[enyst]

Maybe good for a follow-up, rather than add to this large PR, but can we use SecretStr inline with llm_api_key and other secrets, rather than str for github_token?

[rbren]

yeah that seems like a good idea. I hate to extend this PR further but maybe it's worth doing now. Up to you @amanape

[amanape]

Will follow-up

[enyst]

Thank you, I like that we have a solution for this trick!

[enyst]

Nit: this catches Exception, and it can be for other reasons than the token. In fact, it seems that at line 65 we already failed because of the token, if that was the cause. Maybe we can send some other response here, because it might be confusing

[amanape]

Will follow-up