From 638dbc214e5e3bc901540774ff6f1038ba3f2248 Mon Sep 17 00:00:00 2001 From: Chris Brown Date: Fri, 12 Feb 2016 12:23:08 -0800 Subject: [PATCH] do not send the github token to aws [finishes #113566853] --- github.go | 54 +++++++++++++++++++++++++++++++++++++++++++++----- github_test.go | 28 ++++++++++++++++++++++---- 2 files changed, 73 insertions(+), 9 deletions(-) diff --git a/github.go b/github.go index d87a513..7246fa0 100644 --- a/github.go +++ b/github.go @@ -3,12 +3,14 @@ package resource import ( "errors" "io" + "net/http" "net/url" "os" "golang.org/x/oauth2" "github.com/google/go-github/github" + "github.com/xoebus/statham" ) //go:generate counterfeiter . GitHub @@ -42,11 +44,11 @@ func NewGitHubClient(source Source) (*GitHubClient, error) { if source.AccessToken == "" { client = github.NewClient(nil) } else { - ts := oauth2.StaticTokenSource(&oauth2.Token{ - AccessToken: source.AccessToken, - }) - - client = github.NewClient(oauth2.NewClient(oauth2.NoContext, ts)) + var err error + client, err = oauthClient(source) + if err != nil { + return nil, err + } } if source.GitHubAPIURL != "" { @@ -219,3 +221,45 @@ func (g *GitHubClient) GetZipballLink(tag string) (*url.URL, error) { res.Body.Close() return u, nil } + +func oauthClient(source Source) (*github.Client, error) { + ts := oauth2.StaticTokenSource(&oauth2.Token{ + AccessToken: source.AccessToken, + }) + oauthClient := oauth2.NewClient(oauth2.NoContext, ts) + + apiHost := "api.github.com" + if source.GitHubAPIURL != "" { + uri, err := url.Parse(source.GitHubAPIURL) + if err != nil { + return nil, err + } + + apiHost = uri.Host + } + + uploadHost := "uploads.github.com" + if source.GitHubUploadsURL != "" { + uri, err := url.Parse(source.GitHubUploadsURL) + if err != nil { + return nil, err + } + + uploadHost = uri.Host + } + + // The google/go-github library uses the same http.Client to perform + // requests to both github.com and the S3 download API (for downloading + // release assets). We don't want it to user the same OAuth transport for + // both. + transport := statham.NewTransport(http.DefaultTransport, statham.Mapping{ + apiHost: oauthClient.Transport, + uploadHost: oauthClient.Transport, + }) + + httpClient := &http.Client{ + Transport: transport, + } + + return github.NewClient(httpClient), nil +} diff --git a/github_test.go b/github_test.go index ddfdbf4..0f56473 100644 --- a/github_test.go +++ b/github_test.go @@ -32,6 +32,26 @@ var _ = Describe("GitHub Client", func() { server.Close() }) + Context("with bad URLs", func() { + BeforeEach(func() { + source.AccessToken = "hello?" + }) + + It("returns an error if the API URL is bad", func() { + source.GitHubAPIURL = ":" + + _, err := NewGitHubClient(source) + Ω(err).Should(HaveOccurred()) + }) + + It("returns an error if the API URL is bad", func() { + source.GitHubUploadsURL = ":" + + _, err := NewGitHubClient(source) + Ω(err).Should(HaveOccurred()) + }) + }) + Context("with an OAuth Token", func() { BeforeEach(func() { source = Source{ @@ -92,9 +112,9 @@ var _ = Describe("GitHub Client", func() { }` rateLimitHeaders := http.Header(map[string][]string{ - "X-RateLimit-Limit": {"60"}, + "X-RateLimit-Limit": {"60"}, "X-RateLimit-Remaining": {"0"}, - "X-RateLimit-Reset": {"1377013266"}, + "X-RateLimit-Reset": {"1377013266"}, }) server.AppendHandlers( @@ -128,9 +148,9 @@ var _ = Describe("GitHub Client", func() { }` rateLimitHeaders := http.Header(map[string][]string{ - "X-RateLimit-Limit": {"60"}, + "X-RateLimit-Limit": {"60"}, "X-RateLimit-Remaining": {"0"}, - "X-RateLimit-Reset": {"1377013266"}, + "X-RateLimit-Reset": {"1377013266"}, }) server.AppendHandlers(