From ecd599bfa868096a2a39f2f5c8570b1d631a9b78 Mon Sep 17 00:00:00 2001
From: Jiahao XU <Jiahao_XU@outlook.com>
Date: Tue, 7 Mar 2023 18:48:01 +1100
Subject: [PATCH] Verify syntax of the github token provided in
 `GhApiClient::new` (#870)

Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---
 crates/binstalk-downloader/src/gh_api_client.rs | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/crates/binstalk-downloader/src/gh_api_client.rs b/crates/binstalk-downloader/src/gh_api_client.rs
index be66da7a..649817a6 100644
--- a/crates/binstalk-downloader/src/gh_api_client.rs
+++ b/crates/binstalk-downloader/src/gh_api_client.rs
@@ -7,6 +7,7 @@ use std::{
 
 use compact_str::{CompactString, ToCompactString};
 use tokio::sync::OnceCell;
+use tracing::warn;
 
 use crate::remote;
 
@@ -96,8 +97,21 @@ struct Inner {
 #[derive(Clone, Debug)]
 pub struct GhApiClient(Arc<Inner>);
 
+fn gh_prefixed(token: &str) -> bool {
+    matches!((token.get(0..2), token.get(3..4)), (Some("gh"), Some("_")))
+}
+
 impl GhApiClient {
     pub fn new(client: remote::Client, auth_token: Option<CompactString>) -> Self {
+        let auth_token = auth_token.and_then(|auth_token| {
+            if gh_prefixed(&auth_token) {
+                Some(auth_token)
+            } else {
+                warn!("Invalid auth_token, expected 'gh*_', fallback to unauthorized mode");
+                None
+            }
+        });
+
         Self(Arc::new(Inner {
             client,
             auth_token,