use installation token for github auth

camila314 · camila314 · commit 86f1d08febee · 2025-01-21T18:37:17.000-06:00
diff --git a/src/auth/github.rs b/src/auth/github.rs
@@ -194,4 +194,47 @@ impl GithubClient {
 
         Ok(body)
     }
+
+    pub async fn get_installation(&self, token: &str) -> Result<serde_json::Value, ApiError> {
+        let client = Client::new();
+        let resp = match client
+            .get("https://api.github.com/installation/repositories")
+            .header("Accept", HeaderValue::from_str("application/json").unwrap())
+            .header("User-Agent", "geode_index")
+            .bearer_auth(token)
+            .send()
+            .await
+        {
+            Err(e) => {
+                log::info!("{}", e);
+                return Err(ApiError::InternalError);
+            }
+            Ok(r) => r,
+        };
+
+        if !resp.status().is_success() {
+            return Err(ApiError::InternalError);
+        }
+
+        let body = match resp.json::<serde_json::Value>().await {
+            Err(e) => {
+                log::error!("{}", e);
+                return Err(ApiError::InternalError);
+            }
+            Ok(b) => b,
+        };
+
+        let repos = match body.get("repositories").and_then(|r| r.as_array()) {
+            None => {
+                return Err(ApiError::InternalError);
+            },
+            Some(r) => r,
+        };
+
+        if repos.len() != 1 {
+            return Err(ApiError::InternalError);
+        }
+
+        repos[0].get("owner").ok_or(ApiError::InternalError).cloned()
+    }
 }
diff --git a/src/endpoints/auth/github.rs b/src/endpoints/auth/github.rs
@@ -199,8 +199,13 @@ pub async fn github_token_login(
         data.github_client_secret.to_string(),
     );
 
-    let user = client.get_user(&json.token).await
-        .map_err(|_| ApiError::BadRequest(format!("Invalid access token: {}", json.token)))?;
+    let user = match client.get_user(&json.token).await {
+        Err(_) => client.get_installation(&json.token).await.map_err(|_|
+            ApiError::BadRequest(format!("Invalid access token: {}", json.token))
+        )?,
+
+        Ok(u) => u
+    };
 
     let mut pool = data.db.acquire().await.or(Err(ApiError::DbAcquireError))?;
     let mut transaction = pool.begin().await.or(Err(ApiError::TransactionError))?;
