( ctx context.Context, userID uuid.UUID, origin string, )
| 4285 | } |
| 4286 | |
| 4287 | func (api *API) resolveChatGitAccessToken( |
| 4288 | ctx context.Context, |
| 4289 | userID uuid.UUID, |
| 4290 | origin string, |
| 4291 | ) (*string, error) { |
| 4292 | origin = strings.TrimSpace(origin) |
| 4293 | |
| 4294 | // If we have an origin, find the specific matching config first. |
| 4295 | // This ensures multi-provider setups (github.com + GHE) get the |
| 4296 | // correct token. |
| 4297 | if origin != "" { |
| 4298 | for _, config := range api.ExternalAuthConfigs { |
| 4299 | if config.Regex == nil || !config.Regex.MatchString(origin) { |
| 4300 | continue |
| 4301 | } |
| 4302 | //nolint:gocritic // System access needed to read external auth |
| 4303 | // links when called from the gitsync worker (chatd context). |
| 4304 | link, err := api.Database.GetExternalAuthLink(dbauthz.AsSystemRestricted(ctx), |
| 4305 | database.GetExternalAuthLinkParams{ |
| 4306 | ProviderID: config.ID, |
| 4307 | UserID: userID, |
| 4308 | }, |
| 4309 | ) |
| 4310 | if err != nil { |
| 4311 | continue |
| 4312 | } |
| 4313 | //nolint:gocritic // System context carried through for token refresh. |
| 4314 | refreshed, refreshErr := config.RefreshToken(dbauthz.AsSystemRestricted(ctx), api.Database, link) |
| 4315 | if refreshErr == nil { |
| 4316 | link = refreshed |
| 4317 | } |
| 4318 | token := strings.TrimSpace(link.OAuthAccessToken) |
| 4319 | if token != "" { |
| 4320 | return ptr.Ref(token), nil |
| 4321 | } |
| 4322 | } |
| 4323 | } |
| 4324 | |
| 4325 | // Fallback: iterate all external auth configs. |
| 4326 | // Used when origin is empty (inline refresh from HTTP handler) |
| 4327 | // or when the origin-specific lookup above failed. |
| 4328 | configs := make(map[string]*externalauth.Config) |
| 4329 | providerIDs := []string{} |
| 4330 | for _, config := range api.ExternalAuthConfigs { |
| 4331 | providerIDs = append(providerIDs, config.ID) |
| 4332 | configs[config.ID] = config |
| 4333 | } |
| 4334 | |
| 4335 | seen := map[string]struct{}{} |
| 4336 | for _, providerID := range providerIDs { |
| 4337 | if _, ok := seen[providerID]; ok { |
| 4338 | continue |
| 4339 | } |
| 4340 | seen[providerID] = struct{}{} |
| 4341 | |
| 4342 | //nolint:gocritic // System access needed to read external auth |
| 4343 | // links when called from the gitsync worker (chatd context). |
| 4344 | link, err := api.Database.GetExternalAuthLink( |
no test coverage detected