// Package github provides a client for the GitHub API. // It supports pull request operations, file content retrieval, CI status checks, // and directory listing for both github.com and GitHub Enterprise. package github import ( "context" "errors" "fmt" "io" "net/http" "strconv" "strings" "time" ) const ( defaultBaseURL = "https://api.github.com" userAgent = "review-bot/1.0" // maxResponseBytes limits successful response body reads to 10 MiB. maxResponseBytes = 10 * 1024 * 1024 ) // APIError represents an HTTP error response from the GitHub API. // It carries the status code so callers can distinguish between // different failure modes (e.g. 404 vs 500). type APIError struct { StatusCode int Body string } func (e *APIError) Error() string { body := e.Body if len(body) > 200 { body = body[:200] + "...(truncated)" } return fmt.Sprintf("HTTP %d: %s", e.StatusCode, body) } // IsNotFound reports whether an error is an API 404 response. func IsNotFound(err error) bool { if apiErr, ok := asAPIError(err); ok { return apiErr.StatusCode == http.StatusNotFound } return false } // IsUnauthorized reports whether an error is an API 401 response. func IsUnauthorized(err error) bool { if apiErr, ok := asAPIError(err); ok { return apiErr.StatusCode == http.StatusUnauthorized } return false } func asAPIError(err error) (*APIError, bool) { if err == nil { return nil, false } var target *APIError if errors.As(err, &target) { return target, true } return nil, false } // Client interacts with the GitHub API. // A Client is safe for concurrent use by multiple goroutines. type Client struct { baseURL string token string httpClient *http.Client // retryBackoff defines the delays between retry attempts for 429 responses. // retryBackoff[i] is the delay before attempt i+1 (after attempt i fails). // If nil, defaults to {1s, 2s}. Set to shorter durations in tests via SetRetryBackoff. retryBackoff []time.Duration } // NewClient creates a new GitHub API client. // If baseURL is empty, it defaults to https://api.github.com. // For GitHub Enterprise, pass the API base URL (e.g. https://github.concur.com/api/v3). func NewClient(token, baseURL string) *Client { if baseURL == "" { baseURL = defaultBaseURL } return &Client{ baseURL: strings.TrimRight(baseURL, "/"), token: token, httpClient: &http.Client{ Timeout: 30 * time.Second, CheckRedirect: func(req *http.Request, via []*http.Request) error { if len(via) >= 10 { return fmt.Errorf("stopped after 10 redirects") } // Strip Authorization on cross-host redirect or protocol downgrade (https→http). prev := via[len(via)-1] if req.URL.Host != prev.URL.Host || (prev.URL.Scheme == "https" && req.URL.Scheme == "http") { req.Header.Del("Authorization") } return nil }, }, } } // SetHTTPClient sets the underlying HTTP client used for requests. // This is intended for testing to inject mock transports. func (c *Client) SetHTTPClient(hc *http.Client) { c.httpClient = hc } // SetRetryBackoff configures the retry backoff durations for testing. // In production the default {1s, 2s} applies. func (c *Client) SetRetryBackoff(d []time.Duration) { c.retryBackoff = d } // doRequest performs an HTTP request with retry on 429 rate limit responses. // It respects the Retry-After header when present (capped at maxRetryAfter). // Transport errors (network failures, context cancellation) are not retried. func (c *Client) doRequest(ctx context.Context, method, url string, accept string) ([]byte, error) { const maxAttempts = 3 const maxRetryAfter = 120 * time.Second var backoff []time.Duration if c.retryBackoff != nil { backoff = make([]time.Duration, len(c.retryBackoff)) copy(backoff, c.retryBackoff) } else { backoff = []time.Duration{1 * time.Second, 2 * time.Second} } const maxErrorBodyBytes = 64 * 1024 var lastErr error for attempt := 0; attempt < maxAttempts; attempt++ { if attempt > 0 { var delay time.Duration if attempt-1 < len(backoff) { delay = backoff[attempt-1] } if delay > 0 { timer := time.NewTimer(delay) select { case <-timer.C: case <-ctx.Done(): timer.Stop() return nil, ctx.Err() } } } req, err := http.NewRequestWithContext(ctx, method, url, nil) if err != nil { return nil, fmt.Errorf("create request: %w", err) } if c.token != "" { req.Header.Set("Authorization", "Bearer "+c.token) } req.Header.Set("User-Agent", userAgent) if accept != "" { req.Header.Set("Accept", accept) } else { req.Header.Set("Accept", "application/vnd.github+json") } resp, err := c.httpClient.Do(req) if err != nil { return nil, fmt.Errorf("do request: %w", err) } if resp.StatusCode >= 200 && resp.StatusCode < 300 { body, err := io.ReadAll(io.LimitReader(resp.Body, maxResponseBytes)) resp.Body.Close() if err != nil { return nil, fmt.Errorf("read response body: %w", err) } return body, nil } errBody, _ := io.ReadAll(io.LimitReader(resp.Body, maxErrorBodyBytes)) resp.Body.Close() lastErr = &APIError{StatusCode: resp.StatusCode, Body: string(errBody)} // Retry on 429 rate limit if resp.StatusCode == http.StatusTooManyRequests && attempt < maxAttempts-1 { // Check for Retry-After header and override backoff if present if ra := resp.Header.Get("Retry-After"); ra != "" { if seconds, err := strconv.Atoi(ra); err == nil && seconds > 0 { delay := time.Duration(seconds) * time.Second if delay > maxRetryAfter { delay = maxRetryAfter } if attempt < len(backoff) { backoff[attempt] = delay } } } continue } // Don't retry other errors return nil, lastErr } return nil, lastErr } // doGet is a convenience wrapper for GET requests with the default Accept header. func (c *Client) doGet(ctx context.Context, url string) ([]byte, error) { return c.doRequest(ctx, http.MethodGet, url, "") }