feat: upstream authentication improvements #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

jrepp merged 10 commits into main from feature/upstream-auth-fixes

Nov 10, 2025

docs/architecture/rfc-002-github-oauth-multi-tenancy.md

-Original file line number
+Diff line change
@@ Expand Up @@
 . [GitHub OAuth2 Token Types](https://docs.github.com/en/authentication)
 . [GitHub Enterprise Authentication](https://docs.github.com/en/enterprise-server/authentication)
 . [RFC-001: Secure Multi-Tenant Cache](secure-multi-tenant-rfc.md)
-. [PR #7: Upstream Authentication Improvements](https://github.com/jrepp/github-cache-daemon/pull/7)
+. [PR #7: Upstream Authentication Improvements](https://github.com/jrepp/goblet/pull/7)
 . [Isolation Strategies](../security/isolation-strategies.md)
     ---
@@ Expand Down @@

goblet-server/main.go

-Original file line number
+Diff line change
@@ Expand Up / @@ -331,10 +331,12 @@ func main() { @@
     	}
     	config := &goblet.ServerConfig{
-    		LocalDiskCacheRoot:         *cacheRoot,
-    		URLCanonializer:            urlCanonicalizer,
-    		RequestAuthorizer:          authorizer,
-    		TokenSource:                ts,
+    		LocalDiskCacheRoot: *cacheRoot,
+    		URLCanonializer:    urlCanonicalizer,
+    		RequestAuthorizer:  authorizer,
+    		TokenSource: func(upstreamURL *url.URL) (*oauth2.Token, error) {
+    			return ts.Token()
+    		},
     		ErrorReporter:              er,
     		RequestLogger:              rl,
     		LongRunningOperationLogger: lrol,
@@ Expand Down @@

goblet.go

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -66,7 +66,7 @@ type ServerConfig struct {
  
    	RequestAuthorizer func(*http.Request) error

    	TokenSource oauth2.TokenSource

    	TokenSource func(upstreamURL *url.URL) (*oauth2.Token, error)

    	ErrorReporter func(*http.Request, error)

managed_repository.go

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -131,7 +131,7 @@ func (r *managedRepository) lsRefsUpstream(command []*gitprotocolio.ProtocolV2Re
  
    	if err != nil {

    		return nil, status.Errorf(codes.Internal, "cannot construct a request object: %v", err)

    	}

    	t, err := r.config.TokenSource.Token()

    	t, err := r.config.TokenSource(r.upstreamURL)

    	if err != nil {

    		return nil, status.Errorf(codes.Internal, "cannot obtain an OAuth2 access token for the server: %v", err)

    	}

    @@ -325,7 +325,7 @@ func (r *managedRepository) fetchUpstream() (err error) {
  
    	defer r.mu.Unlock()

    	if splitGitFetch {

    		// Fetch heads and changes first.

    		t, err = r.config.TokenSource.Token()

    		t, err = r.config.TokenSource(r.upstreamURL)

    		if err != nil {

    			err = status.Errorf(codes.Internal, "cannot obtain an OAuth2 access token for the server: %v", err)

    			return err

    @@ -337,7 +337,7 @@ func (r *managedRepository) fetchUpstream() (err error) {
  
    		}

    	}

    	if err == nil {

    		t, err = r.config.TokenSource.Token()

    		t, err = r.config.TokenSource(r.upstreamURL)

    		if err != nil {

    			err = status.Errorf(codes.Internal, "cannot obtain an OAuth2 access token for the server: %v", err)

    			return err

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: upstream authentication improvements #7

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!