Skip to content

chore: instrument additional github api calls #11824

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jan 26, 2024
Merged

chore: instrument additional github api calls #11824

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ff9959f
chore: instrument additional githubapi calls
Emyrk Jan 25, 2024
67c272a
fix: github changing emails should update coder emails on login
Emyrk Jan 25, 2024
23ef0e7
Revert "fix: github changing emails should update coder emails on login"
Emyrk Jan 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 25 additions & 21 deletions cli/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1773,12 +1773,6 @@ func configureGithubOAuth2(instrument *promoauth.Factory, accessURL *url.URL, cl
Slug: parts[1],
})
}
createClient := func(client *http.Client) (*github.Client, error) {
if enterpriseBaseURL != "" {
return github.NewEnterpriseClient(enterpriseBaseURL, "", client)
}
return github.NewClient(client), nil
}

endpoint := xgithub.Endpoint
if enterpriseBaseURL != "" {
Expand All @@ -1800,40 +1794,50 @@ func configureGithubOAuth2(instrument *promoauth.Factory, accessURL *url.URL, cl
}
}

instrumentedOauth := instrument.NewGithub("github-login", &oauth2.Config{
ClientID: clientID,
ClientSecret: clientSecret,
Endpoint: endpoint,
RedirectURL: redirectURL.String(),
Scopes: []string{
"read:user",
"read:org",
"user:email",
},
})

createClient := func(client *http.Client, source promoauth.Oauth2Source) (*github.Client, error) {
client = instrumentedOauth.InstrumentHTTPClient(client, source)
if enterpriseBaseURL != "" {
return github.NewEnterpriseClient(enterpriseBaseURL, "", client)
}
return github.NewClient(client), nil
}

return &coderd.GithubOAuth2Config{
OAuth2Config: instrument.NewGithub("github-login", &oauth2.Config{
ClientID: clientID,
ClientSecret: clientSecret,
Endpoint: endpoint,
RedirectURL: redirectURL.String(),
Scopes: []string{
"read:user",
"read:org",
"user:email",
},
}),
OAuth2Config: instrumentedOauth,
AllowSignups: allowSignups,
AllowEveryone: allowEveryone,
AllowOrganizations: allowOrgs,
AllowTeams: allowTeams,
AuthenticatedUser: func(ctx context.Context, client *http.Client) (*github.User, error) {
api, err := createClient(client)
api, err := createClient(client, promoauth.SourceGitAPIAuthUser)
if err != nil {
return nil, err
}
user, _, err := api.Users.Get(ctx, "")
return user, err
},
ListEmails: func(ctx context.Context, client *http.Client) ([]*github.UserEmail, error) {
api, err := createClient(client)
api, err := createClient(client, promoauth.SourceGitAPIListEmails)
if err != nil {
return nil, err
}
emails, _, err := api.Users.ListEmails(ctx, &github.ListOptions{})
return emails, err
},
ListOrganizationMemberships: func(ctx context.Context, client *http.Client) ([]*github.Membership, error) {
api, err := createClient(client)
api, err := createClient(client, promoauth.SourceGitAPIOrgMemberships)
if err != nil {
return nil, err
}
Expand All @@ -1846,7 +1850,7 @@ func configureGithubOAuth2(instrument *promoauth.Factory, accessURL *url.URL, cl
return memberships, err
},
TeamMembership: func(ctx context.Context, client *http.Client, org, teamSlug, username string) (*github.Membership, error) {
api, err := createClient(client)
api, err := createClient(client, promoauth.SourceGitAPITeamMemberships)
if err != nil {
return nil, err
}
Expand Down
14 changes: 12 additions & 2 deletions coderd/promoauth/oauth2.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,11 @@ const (
SourceTokenSource Oauth2Source = "TokenSource"
SourceAppInstallations Oauth2Source = "AppInstallations"
SourceAuthorizeDevice Oauth2Source = "AuthorizeDevice"

SourceGitAPIAuthUser Oauth2Source = "GitAPIAuthUser"
SourceGitAPIListEmails Oauth2Source = "GitAPIListEmails"
SourceGitAPIOrgMemberships Oauth2Source = "GitAPIOrgMemberships"
SourceGitAPITeamMemberships Oauth2Source = "GitAPITeamMemberships"
)

// OAuth2Config exposes a subset of *oauth2.Config functions for easier testing.
Expand Down Expand Up @@ -209,6 +214,12 @@ func (c *Config) TokenSource(ctx context.Context, token *oauth2.Token) oauth2.To
return c.underlying.TokenSource(c.wrapClient(ctx, SourceTokenSource), token)
}

func (c *Config) InstrumentHTTPClient(hc *http.Client, source Oauth2Source) *http.Client {
// The new tripper will instrument every request made by the oauth2 client.
hc.Transport = newInstrumentedTripper(c, source, hc.Transport)
return hc
}

// wrapClient is the only way we can accurately instrument the oauth2 client.
// This is because method calls to the 'OAuth2Config' interface are not 1:1 with
// network requests.
Expand All @@ -229,8 +240,7 @@ func (c *Config) oauthHTTPClient(ctx context.Context, source Oauth2Source) *http
cli = hc
}

// The new tripper will instrument every request made by the oauth2 client.
cli.Transport = newInstrumentedTripper(c, source, cli.Transport)
cli = c.InstrumentHTTPClient(cli, source)
return cli
}

Expand Down