actions/cargo-binstall
1
0
Fork 0
mirror of https://github.com/cargo-bins/cargo-binstall.git synced 2025-04-24 14:28:42 +00:00
Code Issues Projects Releases Packages Wiki Activity

Improve use of github token (#1769)

Browse source 
* Add new dep zeroize

* Use Zeroizing to avoid leaking the token

* Optimize gh-auth-token

Spawn it as a task, and only await it
when using GhApiClient

* Fix binstalk-git-repo-api unit tests
This commit is contained in:
Jiahao XU 2024-06-15 15:42:09 +10:00 committed by GitHub
parent e3c8c40806
commit fff6aa8122
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 128 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

1
crates/binstalk-git-repo-api/Cargo.toml
View file

@ -22,6 +22,7 @@ thiserror = "1.0.52"
tokio = { version = "1.35.0", features = ["sync"], default-features = false }
tracing = "0.1.39"
url = "2.3.1"
zeroize = "1.8.1"
[dev-dependencies]
binstalk-downloader = { version = "0.11.3", path = "../binstalk-downloader" }

10
crates/binstalk-git-repo-api/src/gh_api_client.rs
View file

@ -14,6 +14,7 @@ use compact_str::{format_compact, CompactString, ToCompactString};
use tokio::sync::OnceCell;
use tracing::{instrument, Level};
use url::Url;
use zeroize::Zeroizing;
mod common;
mod error;
@ -129,7 +130,7 @@ struct Inner {
release_artifacts: Map<GhRelease, OnceCell<Option<release_artifacts::Artifacts>>>,
retry_after: Mutex<Option<Instant>>,
auth_token: Option<CompactString>,
auth_token: Option<Zeroizing<Box<str>>>,
is_auth_token_valid: AtomicBool,
only_use_restful_api: AtomicBool,
@ -141,7 +142,7 @@ struct Inner {
pub struct GhApiClient(Arc<Inner>);
impl GhApiClient {
pub fn new(client: remote::Client, auth_token: Option<CompactString>) -> Self {
pub fn new(client: remote::Client, auth_token: Option<Zeroizing<Box<str>>>) -> Self {
Self(Arc::new(Inner {
client,
release_artifacts: Default::default(),
@ -184,7 +185,7 @@ impl GhApiClient {
fn get_auth_token(&self) -> Option<&str> {
if self.0.is_auth_token_valid.load(Relaxed) {
self.0.auth_token.as_deref()
self.0.auth_token.as_deref().map(|s| &**s)
} else {
None
}
@ -526,7 +527,8 @@ mod test {
let auth_token = env::var("CI_UNIT_TEST_GITHUB_TOKEN")
.ok()
.map(CompactString::from);
.map(Box::<str>::from)
.map(zeroize::Zeroizing::new);
let gh_client = GhApiClient::new(client.clone(), auth_token.clone());
gh_client.set_only_use_restful_api();