Skip to content

Commit ff9959f

Browse files
EmyrkEmyrk
committed
chore: instrument additional githubapi calls
This only affects github as a login source, not external auth.
1 parent 0befc08 commit ff9959f

File tree

2 files changed

+37
-23
lines changed

2 files changed

+37
-23
lines changed

cli/server.go

+25-21
Original file line numberDiff line numberDiff line change
@@ -1773,12 +1773,6 @@ func configureGithubOAuth2(instrument *promoauth.Factory, accessURL *url.URL, cl
17731773
Slug: parts[1],
17741774
})
17751775
}
1776-
createClient := func(client *http.Client) (*github.Client, error) {
1777-
if enterpriseBaseURL != "" {
1778-
return github.NewEnterpriseClient(enterpriseBaseURL, "", client)
1779-
}
1780-
return github.NewClient(client), nil
1781-
}
17821776

17831777
endpoint := xgithub.Endpoint
17841778
if enterpriseBaseURL != "" {
@@ -1800,40 +1794,50 @@ func configureGithubOAuth2(instrument *promoauth.Factory, accessURL *url.URL, cl
18001794
}
18011795
}
18021796

1797+
instrumentedOauth := instrument.NewGithub("github-login", &oauth2.Config{
1798+
ClientID: clientID,
1799+
ClientSecret: clientSecret,
1800+
Endpoint: endpoint,
1801+
RedirectURL: redirectURL.String(),
1802+
Scopes: []string{
1803+
"read:user",
1804+
"read:org",
1805+
"user:email",
1806+
},
1807+
})
1808+
1809+
createClient := func(client *http.Client, source promoauth.Oauth2Source) (*github.Client, error) {
1810+
client = instrumentedOauth.InstrumentHTTPClient(client, source)
1811+
if enterpriseBaseURL != "" {
1812+
return github.NewEnterpriseClient(enterpriseBaseURL, "", client)
1813+
}
1814+
return github.NewClient(client), nil
1815+
}
1816+
18031817
return &coderd.GithubOAuth2Config{
1804-
OAuth2Config: instrument.NewGithub("github-login", &oauth2.Config{
1805-
ClientID: clientID,
1806-
ClientSecret: clientSecret,
1807-
Endpoint: endpoint,
1808-
RedirectURL: redirectURL.String(),
1809-
Scopes: []string{
1810-
"read:user",
1811-
"read:org",
1812-
"user:email",
1813-
},
1814-
}),
1818+
OAuth2Config: instrumentedOauth,
18151819
AllowSignups: allowSignups,
18161820
AllowEveryone: allowEveryone,
18171821
AllowOrganizations: allowOrgs,
18181822
AllowTeams: allowTeams,
18191823
AuthenticatedUser: func(ctx context.Context, client *http.Client) (*github.User, error) {
1820-
api, err := createClient(client)
1824+
api, err := createClient(client, promoauth.SourceGitAPIAuthUser)
18211825
if err != nil {
18221826
return nil, err
18231827
}
18241828
user, _, err := api.Users.Get(ctx, "")
18251829
return user, err
18261830
},
18271831
ListEmails: func(ctx context.Context, client *http.Client) ([]*github.UserEmail, error) {
1828-
api, err := createClient(client)
1832+
api, err := createClient(client, promoauth.SourceGitAPIListEmails)
18291833
if err != nil {
18301834
return nil, err
18311835
}
18321836
emails, _, err := api.Users.ListEmails(ctx, &github.ListOptions{})
18331837
return emails, err
18341838
},
18351839
ListOrganizationMemberships: func(ctx context.Context, client *http.Client) ([]*github.Membership, error) {
1836-
api, err := createClient(client)
1840+
api, err := createClient(client, promoauth.SourceGitAPIOrgMemberships)
18371841
if err != nil {
18381842
return nil, err
18391843
}
@@ -1846,7 +1850,7 @@ func configureGithubOAuth2(instrument *promoauth.Factory, accessURL *url.URL, cl
18461850
return memberships, err
18471851
},
18481852
TeamMembership: func(ctx context.Context, client *http.Client, org, teamSlug, username string) (*github.Membership, error) {
1849-
api, err := createClient(client)
1853+
api, err := createClient(client, promoauth.SourceGitAPITeamMemberships)
18501854
if err != nil {
18511855
return nil, err
18521856
}

coderd/promoauth/oauth2.go

+12-2
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,11 @@ const (
1919
SourceTokenSource Oauth2Source = "TokenSource"
2020
SourceAppInstallations Oauth2Source = "AppInstallations"
2121
SourceAuthorizeDevice Oauth2Source = "AuthorizeDevice"
22+
23+
SourceGitAPIAuthUser Oauth2Source = "GitAPIAuthUser"
24+
SourceGitAPIListEmails Oauth2Source = "GitAPIListEmails"
25+
SourceGitAPIOrgMemberships Oauth2Source = "GitAPIOrgMemberships"
26+
SourceGitAPITeamMemberships Oauth2Source = "GitAPITeamMemberships"
2227
)
2328

2429
// OAuth2Config exposes a subset of *oauth2.Config functions for easier testing.
@@ -209,6 +214,12 @@ func (c *Config) TokenSource(ctx context.Context, token *oauth2.Token) oauth2.To
209214
return c.underlying.TokenSource(c.wrapClient(ctx, SourceTokenSource), token)
210215
}
211216

217+
func (c *Config) InstrumentHTTPClient(hc *http.Client, source Oauth2Source) *http.Client {
218+
// The new tripper will instrument every request made by the oauth2 client.
219+
hc.Transport = newInstrumentedTripper(c, source, hc.Transport)
220+
return hc
221+
}
222+
212223
// wrapClient is the only way we can accurately instrument the oauth2 client.
213224
// This is because method calls to the 'OAuth2Config' interface are not 1:1 with
214225
// network requests.
@@ -229,8 +240,7 @@ func (c *Config) oauthHTTPClient(ctx context.Context, source Oauth2Source) *http
229240
cli = hc
230241
}
231242

232-
// The new tripper will instrument every request made by the oauth2 client.
233-
cli.Transport = newInstrumentedTripper(c, source, cli.Transport)
243+
cli = c.InstrumentHTTPClient(cli, source)
234244
return cli
235245
}
236246

0 commit comments

Comments
 (0)