Make sure to use the isGithubUrl

Author: akirk

packages/playground/blueprints/src/lib/v1/compile.ts

@@ -85,8 +85,9 @@ export interface CompileBlueprintV1Options {
 	streamBundledFile?: StreamBundledFile;
 	/**
 	 * Additional headers to pass to git operations.
+	 * A function that returns headers based on the URL being accessed.
 	 */
-	gitAdditionalHeaders?: Record<string, string>;
+	gitAdditionalHeaders?: (url: string) => Record<string, string>;
 	/**
 	 * Additional steps to add to the blueprint.
 	 */
@@ -522,8 +523,9 @@ interface CompileStepArgsOptions {
 	streamBundledFile?: StreamBundledFile;
 	/**
 	 * Additional headers to pass to git operations.
+	 * A function that returns headers based on the URL being accessed.
 	 */
-	gitAdditionalHeaders?: Record<string, string>;
+	gitAdditionalHeaders?: (url: string) => Record<string, string>;
 }
 
 /**

packages/playground/blueprints/src/lib/v1/resources.ts

@@ -164,7 +164,7 @@ export abstract class Resource<T extends File | Directory> {
 			progress?: ProgressTracker;
 			corsProxy?: string;
 			streamBundledFile?: StreamBundledFile;
-			gitAdditionalHeaders?: Record<string, string>;
+			gitAdditionalHeaders?: (url: string) => Record<string, string>;
 		}
 	): Resource<File | Directory> {
 		let resource: Resource<File | Directory>;
@@ -561,15 +561,15 @@ export class GitDirectoryResource extends Resource<Directory> {
 	private reference: GitDirectoryReference;
 	private options?: {
 		corsProxy?: string;
-		additionalHeaders?: Record<string, string>;
+		additionalHeaders?: (url: string) => Record<string, string>;
 	};
 
 	constructor(
 		reference: GitDirectoryReference,
 		_progress?: ProgressTracker,
 		options?: {
 			corsProxy?: string;
-			additionalHeaders?: Record<string, string>;
+			additionalHeaders?: (url: string) => Record<string, string>;
 		}
 	) {
 		super();

packages/playground/client/src/index.ts

@@ -87,8 +87,9 @@ export interface StartPlaygroundOptions {
 	corsProxy?: string;
 	/**
 	 * Additional headers to pass to git operations.
+	 * A function that returns headers based on the URL being accessed.
 	 */
-	gitAdditionalHeaders?: Record<string, string>;
+	gitAdditionalHeaders?: (url: string) => Record<string, string>;
 	/**
 	 * The version of the SQLite driver to use.
 	 * Defaults to the latest development version.

packages/playground/storage/src/lib/git-sparse-checkout.ts

@@ -42,6 +42,19 @@ export class GitAuthenticationError extends Error {
 	}
 }
 
+export type GitAdditionalHeaders = (url: string) => Record<string, string>;
+
+function resolveGitHeaders(
+	url: string,
+	headers?: GitAdditionalHeaders
+): Record<string, string> {
+	if (!headers || typeof headers !== 'function') {
+		return {};
+	}
+
+	return headers(url);
+}
+
 /**
  * Downloads specific files from a git repository.
  * It uses the git protocol over HTTP to fetch the files. It only uses
@@ -79,20 +92,24 @@ export async function sparseCheckout(
 	filesPaths: string[],
 	options?: {
 		withObjects?: boolean;
-		additionalHeaders?: Record<string, string>;
+		additionalHeaders?: GitAdditionalHeaders;
 	}
 ): Promise<SparseCheckoutResult> {
 	const treesPack = await fetchWithoutBlobs(
 		repoUrl,
 		commitHash,
-		options?.additionalHeaders
+		resolveGitHeaders(repoUrl, options?.additionalHeaders)
 	);
 	const objects = await resolveObjects(treesPack.idx, commitHash, filesPaths);
 
 	const blobOids = filesPaths.map((path) => objects[path].oid);
 	const blobsPack =
 		blobOids.length > 0
-			? await fetchObjects(repoUrl, blobOids, options?.additionalHeaders)
+			? await fetchObjects(
+					repoUrl,
+					blobOids,
+					resolveGitHeaders(repoUrl, options?.additionalHeaders)
+			  )
 			: null;
 
 	const fetchedPaths: Record<string, any> = {};
@@ -197,12 +214,12 @@ const FULL_SHA_REGEX = /^[0-9a-f]{40}$/i;
 export async function listGitFiles(
 	repoUrl: string,
 	commitHash: string,
-	additionalHeaders?: Record<string, string>
+	additionalHeaders?: GitAdditionalHeaders
 ): Promise<GitFileTree[]> {
 	const treesPack = await fetchWithoutBlobs(
 		repoUrl,
 		commitHash,
-		additionalHeaders
+		resolveGitHeaders(repoUrl, additionalHeaders)
 	);
 	const rootTree = await resolveAllObjects(treesPack.idx, commitHash);
 	if (!rootTree?.object) {
@@ -222,7 +239,7 @@ export async function listGitFiles(
 export async function resolveCommitHash(
 	repoUrl: string,
 	ref: GitRef,
-	additionalHeaders?: Record<string, string>
+	additionalHeaders?: GitAdditionalHeaders
 ) {
 	const parsed = await parseGitRef(repoUrl, ref);
 	if (parsed.resolvedOid) {
@@ -268,7 +285,7 @@ function gitTreeToFileTree(tree: GitTree): GitFileTree[] {
 export async function listGitRefs(
 	repoUrl: string,
 	fullyQualifiedBranchPrefix: string,
-	additionalHeaders?: Record<string, string>
+	additionalHeaders?: GitAdditionalHeaders
 ) {
 	const packbuffer = Buffer.from(
 		(await collect([
@@ -289,7 +306,7 @@ export async function listGitRefs(
 			'content-type': 'application/x-git-upload-pack-request',
 			'Content-Length': `${packbuffer.length}`,
 			'Git-Protocol': 'version=2',
-			...additionalHeaders,
+			...resolveGitHeaders(repoUrl, additionalHeaders),
 		},
 		body: packbuffer as any,
 	});
@@ -418,7 +435,7 @@ async function parseGitRef(
 async function fetchRefOid(
 	repoUrl: string,
 	refname: string,
-	additionalHeaders?: Record<string, string>
+	additionalHeaders?: GitAdditionalHeaders
 ) {
 	const refs = await listGitRefs(repoUrl, refname, additionalHeaders);
 	const candidates = [refname, `${refname}^{}`];

packages/playground/website/src/github/git-auth-helpers.ts

@@ -7,29 +7,37 @@ const KNOWN_CORS_PROXY_URLS = [
 ];
 
 export function isGitHubUrl(url: string): boolean {
-	if (url.includes('github.com')) {
-		return true;
-	}
 	for (const corsProxyUrl of KNOWN_CORS_PROXY_URLS) {
-		if (
-			url.startsWith(corsProxyUrl) &&
-			url.substring(corsProxyUrl.length).includes('github.com')
-		) {
-			return true;
+		if (url.startsWith(corsProxyUrl)) {
+			url = url.substring(corsProxyUrl.length);
+			break;
 		}
 	}
-	return false;
+
+	try {
+		const urlObj = new URL(url);
+		const hostname = urlObj.hostname;
+		return hostname === 'github.com';
+	} catch {
+		return false;
+	}
 }
 
-export function createGitHubAuthHeaders(): Record<string, string> {
+export function createGitHubAuthHeaders(): (
+	url: string
+) => Record<string, string> {
 	const token = oAuthState.value.token;
-	if (!token) {
-		return {};
-	}
 
-	return {
-		Authorization: `Basic ${btoa(`${token}:`)}`,
-		// Tell the CORS proxy to forward the Authorization header
-		'X-Cors-Proxy-Allowed-Request-Headers': 'Authorization',
+	return (url: string) => {
+		if (!token || !isGitHubUrl(url)) {
+			return {};
+		}
+
+		const headers = {
+			Authorization: `Basic ${btoa(`${token}:`)}`,
+			// Tell the CORS proxy to forward the Authorization header
+			'X-Cors-Proxy-Allowed-Request-Headers': 'Authorization',
+		};
+		return headers;
 	};
 }