forked from farhoodlabs/paperclip
Chris Farhood
d1d592d793
Token-free requests follow redirects normally to support renamed/transferred GitHub repos. Manual redirect policy is only needed when a PAT is attached, to prevent the bearer token from being forwarded to attacker-controlled redirect targets.
30 lines
1.1 KiB
TypeScript
30 lines
1.1 KiB
TypeScript
import { unprocessable } from "../errors.js";
|
|
|
|
function isGitHubDotCom(hostname: string) {
|
|
const h = hostname.toLowerCase();
|
|
return h === "github.com" || h === "www.github.com";
|
|
}
|
|
|
|
export function gitHubApiBase(hostname: string) {
|
|
return isGitHubDotCom(hostname) ? "https://api.github.com" : `https://${hostname}/api/v3`;
|
|
}
|
|
|
|
export function resolveRawGitHubUrl(hostname: string, owner: string, repo: string, ref: string, filePath: string) {
|
|
const p = filePath.replace(/^\/+/, "");
|
|
return isGitHubDotCom(hostname)
|
|
? `https://raw.githubusercontent.com/${owner}/${repo}/${ref}/${p}`
|
|
: `https://${hostname}/raw/${owner}/${repo}/${ref}/${p}`;
|
|
}
|
|
|
|
export async function ghFetch(url: string, init?: RequestInit, authToken?: string): Promise<Response> {
|
|
const headers = new Headers(init?.headers);
|
|
if (authToken) {
|
|
headers.set("Authorization", `Bearer ${authToken}`);
|
|
}
|
|
try {
|
|
return await fetch(url, { ...init, headers, redirect: authToken ? "manual" : "follow" });
|
|
} catch {
|
|
throw unprocessable(`Could not connect to ${new URL(url).hostname} — ensure the URL points to a GitHub or GitHub Enterprise instance`);
|
|
}
|
|
}
|