fix: extended api host to have a oauth url

Author: atharva1051

pkg/http/server.go

@@ -6,7 +6,6 @@ import (
 	"io"
 	"log/slog"
 	"net/http"
-	"net/url"
 	"os"
 	"os/signal"
 	"slices"
@@ -129,12 +128,11 @@ func RunHTTPServer(cfg ServerConfig) error {
 		ResourcePath: cfg.ResourcePath,
 	}
 	if cfg.Host != "" {
-		u := &url.URL{
-			Scheme: "https",
-			Host:   cfg.Host,
-			Path:   "/login/oauth",
+		oauthURL, err := apiHost.OAuthURL(ctx)
+		if err != nil {
+			return fmt.Errorf("failed to get OAuth URL: %w", err)
 		}
-		oauthCfg.AuthorizationServer = u.String()
+		oauthCfg.AuthorizationServer = oauthURL.String()
 	}
 
 	serverOptions := []HandlerOption{}

pkg/scopes/fetcher_test.go

@@ -28,6 +28,9 @@ func (t testAPIHostResolver) UploadURL(_ context.Context) (*url.URL, error) {
 func (t testAPIHostResolver) RawURL(_ context.Context) (*url.URL, error) {
 	return nil, nil
 }
+func (t testAPIHostResolver) OAuthURL(_ context.Context) (*url.URL, error) {
+	return nil, nil
+}
 
 func TestParseScopeHeader(t *testing.T) {
 	tests := []struct {

pkg/utils/api.go

@@ -14,13 +14,15 @@ type APIHostResolver interface {
 	GraphqlURL(ctx context.Context) (*url.URL, error)
 	UploadURL(ctx context.Context) (*url.URL, error)
 	RawURL(ctx context.Context) (*url.URL, error)
+	OAuthURL(ctx context.Context) (*url.URL, error)
 }
 
 type APIHost struct {
 	restURL   *url.URL
 	gqlURL    *url.URL
 	uploadURL *url.URL
 	rawURL    *url.URL
+	oauthURL  *url.URL
 }
 
 var _ APIHostResolver = APIHost{}
@@ -52,6 +54,10 @@ func (a APIHost) RawURL(_ context.Context) (*url.URL, error) {
 	return a.rawURL, nil
 }
 
+func (a APIHost) OAuthURL(_ context.Context) (*url.URL, error) {
+	return a.oauthURL, nil
+}
+
 func newDotcomHost() (APIHost, error) {
 	baseRestURL, err := url.Parse("https://api.github.com/")
 	if err != nil {
@@ -73,11 +79,17 @@ func newDotcomHost() (APIHost, error) {
 		return APIHost{}, fmt.Errorf("failed to parse dotcom Raw URL: %w", err)
 	}
 
+	oauthURL, err := url.Parse("https://github.com/login/oauth")
+	if err != nil {
+		return APIHost{}, fmt.Errorf("failed to parse dotcom OAuth URL: %w", err)
+	}
+
 	return APIHost{
 		restURL:   baseRestURL,
 		gqlURL:    gqlURL,
 		uploadURL: uploadURL,
 		rawURL:    rawURL,
+		oauthURL:  oauthURL,
 	}, nil
 }
 
@@ -112,11 +124,17 @@ func newGHECHost(hostname string) (APIHost, error) {
 		return APIHost{}, fmt.Errorf("failed to parse GHEC Raw URL: %w", err)
 	}
 
+	oauthURL, err := url.Parse(fmt.Sprintf("https://%s/login/oauth", u.Hostname()))
+	if err != nil {
+		return APIHost{}, fmt.Errorf("failed to parse GHEC OAuth URL: %w", err)
+	}
+
 	return APIHost{
 		restURL:   restURL,
 		gqlURL:    gqlURL,
 		uploadURL: uploadURL,
 		rawURL:    rawURL,
+		oauthURL:  oauthURL,
 	}, nil
 }
 
@@ -164,11 +182,17 @@ func newGHESHost(hostname string) (APIHost, error) {
 		return APIHost{}, fmt.Errorf("failed to parse GHES Raw URL: %w", err)
 	}
 
+	oauthURL, err := url.Parse(fmt.Sprintf("%s://%s/login/oauth", u.Scheme, u.Hostname()))
+	if err != nil {
+		return APIHost{}, fmt.Errorf("failed to parse GHES OAuth URL: %w", err)
+	}
+
 	return APIHost{
 		restURL:   restURL,
 		gqlURL:    gqlURL,
 		uploadURL: uploadURL,
 		rawURL:    rawURL,
+		oauthURL:  oauthURL,
 	}, nil
 }
 

pkg/utils/api_test.go

@@ -0,0 +1,140 @@
+package utils //nolint:revive //TODO: figure out a better name for this package
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestOAuthURL(t *testing.T) {
+	ctx := context.Background()
+
+	tests := []struct {
+		name           string
+		host           string
+		expectedOAuth  string
+		expectError    bool
+		errorSubstring string
+	}{
+		{
+			name:          "dotcom (empty host)",
+			host:          "",
+			expectedOAuth: "https://github.com/login/oauth",
+		},
+		{
+			name:          "dotcom (explicit github.com)",
+			host:          "https://github.com",
+			expectedOAuth: "https://github.com/login/oauth",
+		},
+		{
+			name:          "GHEC with HTTPS",
+			host:          "https://acme.ghe.com",
+			expectedOAuth: "https://acme.ghe.com/login/oauth",
+		},
+		{
+			name:           "GHEC with HTTP (should error)",
+			host:           "http://acme.ghe.com",
+			expectError:    true,
+			errorSubstring: "GHEC URL must be HTTPS",
+		},
+		{
+			name:          "GHES with HTTPS",
+			host:          "https://ghes.example.com",
+			expectedOAuth: "https://ghes.example.com/login/oauth",
+		},
+		{
+			name:          "GHES with HTTP",
+			host:          "http://ghes.example.com",
+			expectedOAuth: "http://ghes.example.com/login/oauth",
+		},
+		{
+			name:          "GHES with HTTP and custom port (port stripped - not supported yet)",
+			host:          "http://ghes.local:8080",
+			expectedOAuth: "http://ghes.local/login/oauth", // Port is stripped ref: ln222 api.go comment
+		},
+		{
+			name:          "GHES with HTTPS and custom port (port stripped - not supported yet)",
+			host:          "https://ghes.local:8443",
+			expectedOAuth: "https://ghes.local/login/oauth", // Port is stripped ref: ln222 api.go comment
+		},
+		{
+			name:           "host without scheme (should error)",
+			host:           "ghes.example.com",
+			expectError:    true,
+			errorSubstring: "host must have a scheme",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			apiHost, err := NewAPIHost(tt.host)
+
+			if tt.expectError {
+				require.Error(t, err)
+				if tt.errorSubstring != "" {
+					assert.Contains(t, err.Error(), tt.errorSubstring)
+				}
+				return
+			}
+
+			require.NoError(t, err)
+			require.NotNil(t, apiHost)
+
+			oauthURL, err := apiHost.OAuthURL(ctx)
+			require.NoError(t, err)
+			require.NotNil(t, oauthURL)
+
+			assert.Equal(t, tt.expectedOAuth, oauthURL.String())
+		})
+	}
+}
+
+func TestAPIHost_AllURLsHaveConsistentScheme(t *testing.T) {
+	ctx := context.Background()
+
+	tests := []struct {
+		name           string
+		host           string
+		expectedScheme string
+	}{
+		{
+			name:           "GHES with HTTPS",
+			host:           "https://ghes.example.com",
+			expectedScheme: "https",
+		},
+		{
+			name:           "GHES with HTTP",
+			host:           "http://ghes.example.com",
+			expectedScheme: "http",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			apiHost, err := NewAPIHost(tt.host)
+			require.NoError(t, err)
+
+			restURL, err := apiHost.BaseRESTURL(ctx)
+			require.NoError(t, err)
+			assert.Equal(t, tt.expectedScheme, restURL.Scheme, "REST URL scheme should match")
+
+			gqlURL, err := apiHost.GraphqlURL(ctx)
+			require.NoError(t, err)
+			assert.Equal(t, tt.expectedScheme, gqlURL.Scheme, "GraphQL URL scheme should match")
+
+			uploadURL, err := apiHost.UploadURL(ctx)
+			require.NoError(t, err)
+			assert.Equal(t, tt.expectedScheme, uploadURL.Scheme, "Upload URL scheme should match")
+
+			rawURL, err := apiHost.RawURL(ctx)
+			require.NoError(t, err)
+			assert.Equal(t, tt.expectedScheme, rawURL.Scheme, "Raw URL scheme should match")
+
+			oauthURL, err := apiHost.OAuthURL(ctx)
+			require.NoError(t, err)
+			assert.Equal(t, tt.expectedScheme, oauthURL.Scheme, "OAuth URL scheme should match")
+		})
+	}
+}