Auth: Add input validation for instance URL

vscode/src/services/AuthMenus.ts

@@ -1,6 +1,7 @@
 import * as vscode from 'vscode'
 
 import { isDotCom, LOCAL_APP_URL } from '@sourcegraph/cody-shared'
+import { isSourcegraphToken } from './AuthProvider'
 
 interface LoginMenuItem {
     id: string
@@ -60,6 +61,13 @@ export async function showInstanceURLInputBox(title: string): Promise<string | u
         placeHolder: 'https://sourcegraph.example.com',
         password: false,
         ignoreFocusOut: true,
+        // valide input to ensure the user is not entering a token as URL
+        validateInput: (value: string) => {
+            if (isSourcegraphToken(value)) {
+                return 'Invalid input. Please enter a valid URL'
+            }
+            return null
+        },
     })
 
     if (typeof result === 'string') {

vscode/src/services/AuthProvider.ts

@@ -31,6 +31,9 @@ import { telemetryRecorder } from './telemetry-v2'
 type Listener = (authStatus: AuthStatus) => void
 type Unsubscribe = () => void
 
+const sourcegraphTokenRegex = /sgp_[a-zA-Z0-9]+_[a-zA-Z0-9]+/
+export const isSourcegraphToken = (text: string): boolean => sourcegraphTokenRegex.test(text)
+
 export class AuthProvider {
     private endpointHistory: string[] = []
 
@@ -447,21 +450,30 @@ export function isNetworkError(error: Error): boolean {
 }
 
 function formatURL(uri: string): string | null {
-    if (!uri) {
-        return null
-    }
-    // Check if the URI is in the correct URL format
-    // Add missing https:// if needed
-    if (!uri.startsWith('http')) {
-        uri = `https://${uri}`
-    }
     try {
+        if (!uri) {
+            return null
+        }
+
+        // Check if the URI is a sourcegraph token
+        if (isSourcegraphToken(uri)) {
+            const errorMsg = 'Token is not a valid URL'
+            void vscode.window.showErrorMessage(errorMsg)
+            throw new Error(errorMsg)
+        }
+
+        // Check if the URI is in the correct URL format
+        // Add missing https:// if needed
+        if (!uri.startsWith('http')) {
+            uri = `https://${uri}`
+        }
+
         const endpointUri = new URL(uri)
         return endpointUri.href
-    } catch {
-        console.error('Invalid URL')
+    } catch (error) {
+        console.error('Invalid URL: ', error)
+        return null
     }
-    return null
 }
 
 async function showAuthResultMessage(

vscode/src/services/LocalStorageProvider.ts

@@ -4,6 +4,7 @@ import type { Memento } from 'vscode'
 import type { ChatHistory, ChatInputHistory, UserLocalHistory } from '@sourcegraph/cody-shared'
 
 import type { AuthStatus } from '../chat/protocol'
+import { isSourcegraphToken } from './AuthProvider'
 
 type ChatHistoryKey = `${string}-${string}`
 type AccountKeyedChatHistory = {
@@ -62,6 +63,12 @@ class LocalStorage {
         if (!endpoint) {
             return
         }
+        // Do not save sourcegraph tokens as the last used endpoint
+        // Clear last used endpoint if it is a sourcegraph token
+        if (isSourcegraphToken(endpoint)) {
+            this.deleteEndpoint()
+            return
+        }
         try {
             const uri = new URL(endpoint).href
             await this.storage.update(this.LAST_USED_ENDPOINT, uri)