From 9ce7f37dadfbad21ad9c19e479a33ea2f519e012 Mon Sep 17 00:00:00 2001
From: Tobias Bieniek <tobias@bieniek.cloud>
Date: Tue, 15 Apr 2025 16:05:14 +0200
Subject: [PATCH] GitHub: Use `basic/bearer_auth()` fns from `reqwest`

Turns out we were not applying base64 encoding to our basic auth requests before. Using `.basic_auth()` fixes the issue, which means that we now properly authenticate, while previously we were accidentally running these requests completely unauthenticated, making us subject to the 60 requests per hour rate limit...
---
 crates/crates_io_github/src/lib.rs | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/crates/crates_io_github/src/lib.rs b/crates/crates_io_github/src/lib.rs
index 72a4662b9f9..246da5c13b0 100644
--- a/crates/crates_io_github/src/lib.rs
+++ b/crates/crates_io_github/src/lib.rs
@@ -4,7 +4,7 @@
 extern crate tracing;
 
 use oauth2::AccessToken;
-use reqwest::{self, header};
+use reqwest::{self, header, RequestBuilder};
 
 use serde::de::DeserializeOwned;
 
@@ -54,22 +54,21 @@ impl RealGitHubClient {
     }
 
     /// Does all the nonsense for sending a GET to Github.
-    async fn _request<T>(&self, url: &str, auth: &str) -> Result<T>
+    async fn _request<T, A>(&self, url: &str, apply_auth: A) -> Result<T>
     where
         T: DeserializeOwned,
+        A: Fn(RequestBuilder) -> RequestBuilder,
     {
         let url = format!("https://api.github.com{url}");
         info!("GitHub request: GET {url}");
 
-        let response = self
+        let request = self
             .client
             .get(&url)
             .header(header::ACCEPT, "application/vnd.github.v3+json")
-            .header(header::AUTHORIZATION, auth)
-            .header(header::USER_AGENT, "crates.io (https://crates.io)")
-            .send()
-            .await?
-            .error_for_status()?;
+            .header(header::USER_AGENT, "crates.io (https://crates.io)");
+
+        let response = apply_auth(request).send().await?.error_for_status()?;
 
         let headers = response.headers();
         let remaining = headers.get("x-ratelimit-remaining");
@@ -84,8 +83,7 @@ impl RealGitHubClient {
     where
         T: DeserializeOwned,
     {
-        self._request(url, &format!("Bearer {}", auth.secret()))
-            .await
+        self._request(url, |r| r.bearer_auth(auth.secret())).await
     }
 
     /// Sends a GET to GitHub using basic authentication
@@ -93,7 +91,7 @@ impl RealGitHubClient {
     where
         T: DeserializeOwned,
     {
-        self._request(url, &format!("basic {username}:{password}"))
+        self._request(url, |r| r.basic_auth(username, Some(password)))
             .await
     }
 }