GitHub - cleanup octokit auth (#251266)

Refactor auth
2025-12-24 12:19:20 +00:00 · 2025-06-12 12:41:33 +02:00
parent 2eed366084
commit 9913e0238a
4 changed files with 93 additions and 52 deletions
--- a/extensions/github/src/auth.ts
+++ b/extensions/github/src/auth.ts
@@ -3,12 +3,13 @@
 *  Licensed under the MIT License. See License.txt in the project root for license information.
 *--------------------------------------------------------------------------------------------*/

-import { AuthenticationSession, authentication, window } from 'vscode';
+import { AuthenticationSession, EventEmitter, authentication, window } from 'vscode';
 import { Agent, globalAgent } from 'https';
 import { graphql } from '@octokit/graphql/types';
 import { Octokit } from '@octokit/rest';
 import { httpsOverHttp } from 'tunnel';
 import { URL } from 'url';
+import { DisposableStore, sequentialize } from './util.js';

 export class AuthenticationError extends Error { }

@@ -57,35 +58,58 @@ export function getOctokit(): Promise<Octokit> {
 	return _octokit;
 }

-let _octokitGraphql: graphql | undefined;
+export class OctokitService {
+	private _octokitGraphql: graphql | undefined;

-export async function getOctokitGraphql(): Promise<graphql> {
-	if (!_octokitGraphql) {
-		try {
-			const session = await authentication.getSession('github', scopes, { silent: true });
+	private readonly _onDidChangeSessions = new EventEmitter<void>();
+	readonly onDidChangeSessions = this._onDidChangeSessions.event;

-			if (!session) {
-				throw new AuthenticationError('No GitHub authentication session available.');
+	private readonly _disposables = new DisposableStore();
+
+	constructor() {
+		this._disposables.add(this._onDidChangeSessions);
+		this._disposables.add(authentication.onDidChangeSessions(e => {
+			if (e.provider.id === 'github') {
+				this._octokitGraphql = undefined;
+				this._onDidChangeSessions.fire();
 			}
-
-			const token = session.accessToken;
-			const { graphql } = await import('@octokit/graphql');
-
-			_octokitGraphql = graphql.defaults({
-				headers: {
-					authorization: `token ${token}`
-				},
-				request: {
-					agent: getAgent()
-				}
-			});
-
-			return _octokitGraphql;
-		} catch (err) {
-			_octokitGraphql = undefined;
-			throw new AuthenticationError(err.message);
-		}
+		}));
 	}

-	return _octokitGraphql;
+	@sequentialize
+	public async getOctokitGraphql(): Promise<graphql> {
+		if (!this._octokitGraphql) {
+			try {
+				const session = await authentication.getSession('github', scopes, { silent: true });
+
+				if (!session) {
+					throw new AuthenticationError('No GitHub authentication session available.');
+				}
+
+				const token = session.accessToken;
+				const { graphql } = await import('@octokit/graphql');
+
+				this._octokitGraphql = graphql.defaults({
+					headers: {
+						authorization: `token ${token}`
+					},
+					request: {
+						agent: getAgent()
+					}
+				});
+
+				return this._octokitGraphql;
+			} catch (err) {
+				this._octokitGraphql = undefined;
+				throw new AuthenticationError(err.message);
+			}
+		}
+
+		return this._octokitGraphql;
+	}
+
+	dispose(): void {
+		this._octokitGraphql = undefined;
+		this._disposables.dispose();
+	}
 }
--- a/extensions/github/src/branchProtection.ts
+++ b/extensions/github/src/branchProtection.ts
@@ -3,9 +3,9 @@
 *  Licensed under the MIT License. See License.txt in the project root for license information.
 *--------------------------------------------------------------------------------------------*/

-import { authentication, EventEmitter, LogOutputChannel, Memento, Uri, workspace } from 'vscode';
+import { EventEmitter, LogOutputChannel, Memento, Uri, workspace } from 'vscode';
 import { Repository as GitHubRepository, RepositoryRuleset } from '@octokit/graphql-schema';
-import { AuthenticationError, getOctokitGraphql } from './auth.js';
+import { AuthenticationError, OctokitService } from './auth.js';
 import { API, BranchProtection, BranchProtectionProvider, BranchProtectionRule, Repository } from './typings/git.js';
 import { DisposableStore, getRepositoryFromUrl } from './util.js';
 import { TelemetryReporter } from '@vscode/extension-telemetry';
@@ -61,7 +61,7 @@ export class GitHubBranchProtectionProviderManager {

 		if (enabled) {
 			for (const repository of this.gitAPI.repositories) {
-				this.providerDisposables.add(this.gitAPI.registerBranchProtectionProvider(repository.rootUri, new GitHubBranchProtectionProvider(repository, this.globalState, this.logger, this.telemetryReporter)));
+				this.providerDisposables.add(this.gitAPI.registerBranchProtectionProvider(repository.rootUri, new GitHubBranchProtectionProvider(repository, this.globalState, this.octokitService, this.logger, this.telemetryReporter)));
 			}
 		} else {
 			this.providerDisposables.dispose();
@@ -73,11 +73,13 @@ export class GitHubBranchProtectionProviderManager {
 	constructor(
 		private readonly gitAPI: API,
 		private readonly globalState: Memento,
+		private readonly octokitService: OctokitService,
 		private readonly logger: LogOutputChannel,
 		private readonly telemetryReporter: TelemetryReporter) {
 		this.disposables.add(this.gitAPI.onDidOpenRepository(repository => {
 			if (this._enabled) {
-				this.providerDisposables.add(gitAPI.registerBranchProtectionProvider(repository.rootUri, new GitHubBranchProtectionProvider(repository, this.globalState, this.logger, this.telemetryReporter)));
+				this.providerDisposables.add(gitAPI.registerBranchProtectionProvider(repository.rootUri,
+					new GitHubBranchProtectionProvider(repository, this.globalState, this.octokitService, this.logger, this.telemetryReporter)));
 			}
 		}));

@@ -109,20 +111,24 @@ export class GitHubBranchProtectionProvider implements BranchProtectionProvider
 	private branchProtection: BranchProtection[];
 	private readonly globalStateKey = `branchProtection:${this.repository.rootUri.toString()}`;

+	private readonly disposables = new DisposableStore();
+
 	constructor(
 		private readonly repository: Repository,
 		private readonly globalState: Memento,
+		private readonly octokitService: OctokitService,
 		private readonly logger: LogOutputChannel,
-		private readonly telemetryReporter: TelemetryReporter) {
+		private readonly telemetryReporter: TelemetryReporter
+	) {
+		this.disposables.add(this._onDidChangeBranchProtection);
+
 		// Restore branch protection from global state
 		this.branchProtection = this.globalState.get<BranchProtection[]>(this.globalStateKey, []);

 		repository.status().then(() => {
-			authentication.onDidChangeSessions(e => {
-				if (e.provider.id === 'github') {
-					this.updateRepositoryBranchProtection();
-				}
-			});
+			this.disposables.add(this.octokitService.onDidChangeSessions(() => {
+				this.updateRepositoryBranchProtection();
+			}));
 			this.updateRepositoryBranchProtection();
 		});
 	}
@@ -132,7 +138,7 @@ export class GitHubBranchProtectionProvider implements BranchProtectionProvider
 	}

 	private async getRepositoryDetails(owner: string, repo: string): Promise<GitHubRepository> {
-		const graphql = await getOctokitGraphql();
+		const graphql = await this.octokitService.getOctokitGraphql();
 		const { repository } = await graphql<{ repository: GitHubRepository }>(REPOSITORY_QUERY, { owner, repo });

 		return repository;
@@ -142,7 +148,7 @@ export class GitHubBranchProtectionProvider implements BranchProtectionProvider
 		const rulesets: RepositoryRuleset[] = [];

 		let cursor: string | undefined = undefined;
-		const graphql = await getOctokitGraphql();
+		const graphql = await this.octokitService.getOctokitGraphql();

 		while (true) {
 			const { repository } = await graphql<{ repository: GitHubRepository }>(REPOSITORY_RULESETS_QUERY, { owner, repo, cursor });
@@ -241,4 +247,8 @@ export class GitHubBranchProtectionProvider implements BranchProtectionProvider
 				return refName;
 		}
 	}
+
+	dispose(): void {
+		this.disposables.dispose();
+	}
 }
--- a/extensions/github/src/extension.ts
+++ b/extensions/github/src/extension.ts
@@ -17,6 +17,7 @@ import { GitHubBranchProtectionProviderManager } from './branchProtection.js';
 import { GitHubCanonicalUriProvider } from './canonicalUriProvider.js';
 import { VscodeDevShareProvider } from './shareProviders.js';
 import { GitHubSourceControlHistoryItemDetailsProvider } from './historyItemDetailsProvider.js';
+import { OctokitService } from './auth.js';

 export function activate(context: ExtensionContext): void {
 	const disposables: Disposable[] = [];
@@ -35,8 +36,11 @@ export function activate(context: ExtensionContext): void {
 	const telemetryReporter = new TelemetryReporter(aiKey);
 	disposables.push(telemetryReporter);

+	const octokitService = new OctokitService();
+	disposables.push(octokitService);
+
 	disposables.push(initializeGitBaseExtension());
-	disposables.push(initializeGitExtension(context, telemetryReporter, logger));
+	disposables.push(initializeGitExtension(context, octokitService, telemetryReporter, logger));
 }

 function initializeGitBaseExtension(): Disposable {
@@ -84,7 +88,7 @@ function setGitHubContext(gitAPI: API, disposables: DisposableStore) {
 	}
 }

-function initializeGitExtension(context: ExtensionContext, telemetryReporter: TelemetryReporter, logger: LogOutputChannel): Disposable {
+function initializeGitExtension(context: ExtensionContext, octokitService: OctokitService, telemetryReporter: TelemetryReporter, logger: LogOutputChannel): Disposable {
 	const disposables = new DisposableStore();

 	let gitExtension = extensions.getExtension<GitExtension>('vscode.git');
@@ -98,10 +102,10 @@ function initializeGitExtension(context: ExtensionContext, telemetryReporter: Te

 						disposables.add(registerCommands(gitAPI));
 						disposables.add(new GithubCredentialProviderManager(gitAPI));
-						disposables.add(new GitHubBranchProtectionProviderManager(gitAPI, context.globalState, logger, telemetryReporter));
+						disposables.add(new GitHubBranchProtectionProviderManager(gitAPI, context.globalState, octokitService, logger, telemetryReporter));
 						disposables.add(gitAPI.registerPushErrorHandler(new GithubPushErrorHandler(telemetryReporter)));
 						disposables.add(gitAPI.registerRemoteSourcePublisher(new GithubRemoteSourcePublisher(gitAPI)));
-						disposables.add(gitAPI.registerSourceControlHistoryItemDetailsProvider(new GitHubSourceControlHistoryItemDetailsProvider(gitAPI, logger)));
+						disposables.add(gitAPI.registerSourceControlHistoryItemDetailsProvider(new GitHubSourceControlHistoryItemDetailsProvider(gitAPI, octokitService, logger)));
 						disposables.add(new GitHubCanonicalUriProvider(gitAPI));
 						disposables.add(new VscodeDevShareProvider(gitAPI));
 						setGitHubContext(gitAPI, disposables);
--- a/extensions/github/src/historyItemDetailsProvider.ts
+++ b/extensions/github/src/historyItemDetailsProvider.ts
@@ -3,11 +3,11 @@
 *  Licensed under the MIT License. See License.txt in the project root for license information.
 *--------------------------------------------------------------------------------------------*/

-import { authentication, Command, l10n, LogOutputChannel, workspace } from 'vscode';
+import { Command, l10n, LogOutputChannel, workspace } from 'vscode';
 import { Commit, Repository as GitHubRepository, Maybe } from '@octokit/graphql-schema';
 import { API, AvatarQuery, AvatarQueryCommit, Repository, SourceControlHistoryItemDetailsProvider } from './typings/git.js';
 import { DisposableStore, getRepositoryDefaultRemote, getRepositoryDefaultRemoteUrl, getRepositoryFromUrl, groupBy, sequentialize } from './util.js';
-import { AuthenticationError, getOctokitGraphql } from './auth.js';
+import { AuthenticationError, OctokitService } from './auth.js';
 import { getAvatarLink } from './links.js';

 const ISSUE_EXPRESSION = /(([A-Za-z0-9_.\-]+)\/([A-Za-z0-9_.\-]+))?(#|GH-)([1-9][0-9]*)($|\b)/g;
@@ -82,13 +82,16 @@ export class GitHubSourceControlHistoryItemDetailsProvider implements SourceCont
 	private readonly _store = new Map<string, GitHubRepositoryStore>();
 	private readonly _disposables = new DisposableStore();

-	constructor(private readonly _gitAPI: API, private readonly _logger: LogOutputChannel) {
+	constructor(
+		private readonly _gitAPI: API,
+		private readonly _octokitService: OctokitService,
+		private readonly _logger: LogOutputChannel
+	) {
 		this._disposables.add(this._gitAPI.onDidCloseRepository(repository => this._onDidCloseRepository(repository)));

-		this._disposables.add(authentication.onDidChangeSessions(e => {
-			if (e.provider.id === 'github') {
-				this._isUserAuthenticated = true;
-			}
+		this._disposables.add(this._octokitService.onDidChangeSessions(() => {
+			this._isUserAuthenticated = true;
+			this._store.clear();
 		}));

 		this._disposables.add(workspace.onDidChangeConfiguration(e => {
@@ -264,7 +267,7 @@ export class GitHubSourceControlHistoryItemDetailsProvider implements SourceCont
 		this._logger.trace(`[GitHubSourceControlHistoryItemDetailsProvider][_loadAssignableUsers] Querying assignable user(s) for ${descriptor.owner}/${descriptor.repo}.`);

 		try {
-			const graphql = await getOctokitGraphql();
+			const graphql = await this._octokitService.getOctokitGraphql();
 			const { repository } = await graphql<{ repository: GitHubRepository }>(ASSIGNABLE_USERS_QUERY, descriptor);

 			const users: GitHubUser[] = [];
@@ -294,7 +297,7 @@ export class GitHubSourceControlHistoryItemDetailsProvider implements SourceCont
 		this._logger.trace(`[GitHubSourceControlHistoryItemDetailsProvider][_getCommitAuthor] Querying commit author for ${descriptor.owner}/${descriptor.repo}/${commit}.`);

 		try {
-			const graphql = await getOctokitGraphql();
+			const graphql = await this._octokitService.getOctokitGraphql();
 			const { repository } = await graphql<{ repository: GitHubRepository }>(COMMIT_AUTHOR_QUERY, { ...descriptor, commit });

 			const commitAuthor = (repository.object as Commit).author;