fix(browser-session): resolve repo id from HTML page for private repos#111
Open
sevastyanovio wants to merge 1 commit into
Open
fix(browser-session): resolve repo id from HTML page for private repos#111sevastyanovio wants to merge 1 commit into
sevastyanovio wants to merge 1 commit into
Conversation
The browser-session strategy looked up the repository id via api.github.com, which only accepts token auth. With cookie-based credentials (the usual browser-session case) that returns 404 on private repositories, so every upload failed with "Cannot access repository. Session may have expired." When authenticating by cookie, fall back to reading the id from the repository's HTML page (the octolytics-dimension-repository_id meta tag), which the same cookie can load. Token-based callers keep using the REST API. Adds unit coverage for the fallback success path, a page without the marker, and the both-rejected auth-failure case.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The
browser-sessionstrategy fails on private repositories with:getRepositoryId()looks up the repo id viahttps://api.github.com/repos/{owner}/{repo}, but the REST API only accepts token auth — a session cookie is rejected. For a private repo that returns404, so the upload aborts before it starts.Reproduced directly:
The subsequent
upload/policies/assets+confirmcalls hitgithub.com(the web host), where the cookie is the correct auth — so only the repo-id lookup was on the wrong host/auth. (Public repos work today only because the unauthenticated API call returns 200.)Fix
When authenticating by cookie, fall back to reading the id from the repository's HTML page (
octolytics-dimension-repository_idmeta tag), which the same cookie can load. Token-based callers keep using the REST API unchanged.Minimal, additive: the API path stays the default, so public-repo and token flows are untouched; the HTML fallback only triggers when the API rejects a cookie.
Tests
npm run test:unit→ 317 passing. Added coverage for:UploadError(REPO_ID_FETCH_FAILED)AuthenticationErrornpm run typecheckandeslintclean.