Skip to content

refactor(auth): simplify OAuth providers and extract shared utilities#85

Merged
appleboy merged 3 commits intomainfrom
auth
Mar 8, 2026
Merged

refactor(auth): simplify OAuth providers and extract shared utilities#85
appleboy merged 3 commits intomainfrom
auth

Conversation

@appleboy
Copy link
Copy Markdown
Member

@appleboy appleboy commented Mar 8, 2026

Summary

  • Add provider name constants to replace stringly-typed dispatch in OAuth provider switch statements
  • Store API URLs in the apiURL struct field for all OAuth providers (GitHub, Microsoft now consistent with Gitea, GitLab)
  • Extract util.TruncateString to deduplicate body-preview truncation in auth/http_api.go and token/http_api.go
  • Unmarshal JSON response once instead of twice on HTTP API error paths
  • Handle previously-ignored io.ReadAll error in fetchJSON

Test plan

  • All existing tests pass (go test ./internal/auth/... ./internal/token/... ./internal/util/...)
  • New TestTruncateString covers edge cases (empty, exact length, truncation, zero max)
  • Linter passes with zero issues

🤖 Generated with Claude Code

@appleboy @claude
refactor(auth): simplify OAuth providers and extract shared utilities
9e378ff 
- Add provider name constants to replace string literals in switch dispatch
- Store API URLs in struct field for all OAuth providers consistently
- Extract TruncateString utility to deduplicate body-preview truncation
- Unmarshal JSON response once instead of twice on error paths
- Handle io.ReadAll error in fetchJSON instead of silently ignoring it

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings March 8, 2026 04:15
@codecov
Copy link
Copy Markdown

codecov bot commented Mar 8, 2026

Codecov Report

❌ Patch coverage is 76.19048% with 10 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
internal/token/http_api.go 0.00% 6 Missing ⚠️
internal/auth/oauth_provider.go 88.23% 1 Missing and 1 partial ⚠️
internal/auth/http_api.go 91.66% 1 Missing ⚠️
internal/auth/oauth_github.go 50.00% 0 Missing and 1 partial ⚠️

📢 Thoughts on this report? Let us know!

Copilot AI reviewed Mar 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR refactors the OAuth provider implementation to reduce stringly-typed branching and centralize provider API endpoints, while also deduplicating HTTP error body preview truncation across auth/token HTTP API providers.

Changes:

  • Introduces exported OAuth provider name constants and uses them in provider constructors and switch statements.
  • Standardizes OAuth provider user-info endpoints via an apiURL field (now set consistently for GitHub/Microsoft as well).
  • Extracts util.TruncateString and uses it for bounded response-body previews; simplifies auth/http_api.go by unmarshalling the JSON body only once, and improves fetchJSON error handling on non-200 responses.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
internal/util/string.go Adds TruncateString helper used to truncate HTTP body previews.
internal/util/string_test.go Adds unit tests for TruncateString.
internal/token/http_api.go Replaces inline body-preview truncation with util.TruncateString.
internal/auth/http_api.go Unmarshals once and uses util.TruncateString for non-JSON/unknown error bodies.
internal/auth/oauth_provider.go Adds provider constants, sets apiURL for GitHub/Microsoft, and handles io.ReadAll errors on non-OK responses.
internal/auth/oauth_github.go Uses p.apiURL for GitHub API calls (including /emails).
internal/auth/oauth_microsoft.go Uses p.apiURL for Microsoft Graph /me call.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

internal/util/string.go Outdated
Comment on lines +3 to +8
// TruncateString truncates s to maxLen characters and appends "..." if truncated.
func TruncateString(s string, maxLen int) string {
if len(s) <= maxLen {
return s
}
return s[:maxLen] + "..."
Copy link

Copilot AI Mar 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TruncateString will panic when maxLen is negative (s[:maxLen]). Since this is an exported util, either guard maxLen <= 0 (and define the behavior) or explicitly document/enforce that maxLen must be non-negative to avoid runtime panics.

Copilot uses AI. Check for mistakes.
appleboy and others added 2 commits March 8, 2026 12:27
@appleboy
Merge remote-tracking branch 'origin/main' into auth
6f9c74d
@appleboy @claude
fix(util): handle negative maxLen and multibyte runes in TruncateString
32d3a3f 
- Guard against negative or zero maxLen to prevent runtime panic
- Use rune-based slicing instead of byte-based to avoid splitting multibyte UTF-8 characters
- Add tests for negative maxLen, multibyte runes, and mixed-character strings
- Update inaccurate apiURL struct comment in OAuthProvider

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@appleboy appleboy merged commit c23e6a9 into main Mar 8, 2026
7 of 15 checks passed
@appleboy appleboy deleted the auth branch March 8, 2026 04:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@appleboy