GitHub auth: removal of unauthorized user tokens
This commit is contained in:
Thaddee Tyl
parent
a54a247f16
commit
fe279e4a75
|
|
@ -118,16 +118,31 @@ function sendTokenToAllServers(token) {
|
|||
var reqRemaining = new Map();
|
||||
var lowestReqRemaining = Infinity, lowestReqRemainingToken;
|
||||
|
||||
// token: client token as a string.
|
||||
// reqs: number of requests remaining.
|
||||
function setReqRemaining(token, reqs) {
|
||||
// Set lowestReqRemaining* variables if the token / requests remaining
|
||||
// combination passed as a parameter is lower than previously registered.
|
||||
function setLowestReqRemaining(token, reqs) {
|
||||
if (reqs <= lowestReqRemaining) {
|
||||
lowestReqRemaining = reqs;
|
||||
lowestReqRemainingToken = token;
|
||||
}
|
||||
}
|
||||
|
||||
// token: client token as a string.
|
||||
// reqs: number of requests remaining.
|
||||
function setReqRemaining(token, reqs) {
|
||||
setLowestReqRemaining(token, reqs);
|
||||
reqRemaining.set(token, reqs);
|
||||
}
|
||||
|
||||
function rmReqRemaining(token) {
|
||||
reqRemaining.delete(token);
|
||||
if (lowestReqRemainingToken === token) {
|
||||
lowestReqRemaining = Infinity;
|
||||
lowestReqRemainingToken = undefined;
|
||||
reqRemaining.forEach(setLowestReqRemaining);
|
||||
}
|
||||
}
|
||||
|
||||
function addGithubToken(token) {
|
||||
setReqRemaining(token, Infinity);
|
||||
// Insert it only if it is not registered yet.
|
||||
|
|
@ -136,6 +151,15 @@ function addGithubToken(token) {
|
|||
}
|
||||
}
|
||||
|
||||
function rmGithubToken(token) {
|
||||
rmReqRemaining(token);
|
||||
// Remove it only if it is in there.
|
||||
var idx = githubUserTokens.data.indexOf(token);
|
||||
if (idx >= 0) {
|
||||
githubUserTokens.data.splice(idx, 1);
|
||||
}
|
||||
}
|
||||
|
||||
// Personal tokens allow access to GitHub private repositories.
|
||||
// You can manage your personal GitHub token at
|
||||
// <https://github.com/settings/tokens>.
|
||||
|
|
@ -143,7 +167,8 @@ if (serverSecrets && serverSecrets.gh_token) {
|
|||
addGithubToken(serverSecrets.gh_token);
|
||||
}
|
||||
|
||||
// Modify headers, return a URL (or an object to be used by request()).
|
||||
// Act like request(), but tweak headers and query to avoid hitting a rate
|
||||
// limit.
|
||||
function githubRequest(request, url, query, cb) {
|
||||
query = query || {};
|
||||
// A special User-Agent is required:
|
||||
|
|
@ -152,11 +177,11 @@ function githubRequest(request, url, query, cb) {
|
|||
'User-Agent': 'Shields.io',
|
||||
'Accept': 'application/vnd.github.v3+json',
|
||||
};
|
||||
var token;
|
||||
var githubToken;
|
||||
|
||||
if (lowestReqRemainingToken != null && lowestReqRemaining > 0) {
|
||||
token = lowestReqRemainingToken;
|
||||
headers['Authorization'] = 'token ' + token;
|
||||
githubToken = lowestReqRemainingToken;
|
||||
headers['Authorization'] = 'token ' + githubToken;
|
||||
} else if (serverSecrets && serverSecrets.gh_client_id) {
|
||||
// Using our OAuth App secret grants us 5000 req/hour
|
||||
// instead of the standard 60 req/hour.
|
||||
|
|
@ -167,9 +192,13 @@ function githubRequest(request, url, query, cb) {
|
|||
var qs = querystring.stringify(query);
|
||||
if (qs) { url += '?' + qs; }
|
||||
request(url, {headers: headers}, function(err, res, buffer) {
|
||||
if (token != null) {
|
||||
var remaining = +res.headers['x-ratelimit-remaining'];
|
||||
setReqRemaining(token, remaining);
|
||||
if (githubToken != null) {
|
||||
if (res.statusCode === 401) { // Unauthorized.
|
||||
rmGithubToken(githubToken);
|
||||
} else {
|
||||
var remaining = +res.headers['x-ratelimit-remaining'];
|
||||
setReqRemaining(githubToken, remaining);
|
||||
}
|
||||
}
|
||||
cb(err, res, buffer);
|
||||
});
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user