add basic http transport for oauth

burmudar · burmudar · commit 61e017231af7 · 2025-12-08T12:30:24.000+02:00
diff --git a/cmd/src/login.go b/cmd/src/login.go
@@ -2,7 +2,6 @@ package main
 
 import (
 	"context"
-	"encoding/json"
 	"flag"
 	"fmt"
 	"io"
@@ -14,8 +13,6 @@ import (
 	"github.com/sourcegraph/src-cli/internal/cmderrors"
 	"github.com/sourcegraph/src-cli/internal/keyring"
 	"github.com/sourcegraph/src-cli/internal/oauthdevice"
-
-	"github.com/sourcegraph/sourcegraph/lib/errors"
 )
 
 func init() {
@@ -137,14 +134,14 @@ func loginCmd(ctx context.Context, p loginParams) error {
 	cfg.Endpoint = endpointArg
 
 	if p.useDeviceFlow {
-		resp, err := runDeviceFlow(ctx, endpointArg, out, p.deviceFlowClient)
+		token, err := runDeviceFlow(ctx, endpointArg, out, p.deviceFlowClient)
 		if err != nil {
 			printProblem(fmt.Sprintf("Device flow authentication failed: %s", err))
 			fmt.Fprintln(out, createAccessTokenMessage)
 			return cmderrors.ExitCode1
 		}
 
-		if err := oauthdevice.StoreToken(secretStore, &resp.Token); err != nil {
+		if err := oauthdevice.StoreToken(secretStore, token); err != nil {
 			printProblem(fmt.Sprintf("Failed to store token in keyring store: %s", err))
 			return cmderrors.ExitCode1
 		}
@@ -198,10 +195,7 @@ func loginCmd(ctx context.Context, p loginParams) error {
 	return nil
 }
 
-func storeToken(store *keyring.Store, token *oauthdevice.Token) error {
-}
-
-func runDeviceFlow(ctx context.Context, endpoint string, out io.Writer, client oauthdevice.Client) (*oauthdevice.TokenResponse, error) {
+func runDeviceFlow(ctx context.Context, endpoint string, out io.Writer, client oauthdevice.Client) (*oauthdevice.Token, error) {
 	authResp, err := client.Start(ctx, endpoint, nil)
 	if err != nil {
 		return nil, err
@@ -222,10 +216,10 @@ func runDeviceFlow(ctx context.Context, endpoint string, out io.Writer, client o
 		interval = 5 * time.Second
 	}
 
-	tokenResp, err := client.Poll(ctx, endpoint, authResp.DeviceCode, interval, authResp.ExpiresIn)
+	resp, err := client.Poll(ctx, endpoint, authResp.DeviceCode, interval, authResp.ExpiresIn)
 	if err != nil {
 		return nil, err
 	}
 
-	return tokenResp, nil
+	return resp.Token(endpoint), nil
 }
diff --git a/internal/oauthdevice/device_flow.go b/internal/oauthdevice/device_flow.go
@@ -380,6 +380,15 @@ func (t *TokenResponse) Token(endpoint string) *Token {
 	}
 }
 
+func (t *Token) HasExpired() bool {
+	return time.Now().After(t.ExpiresAt)
+}
+
+func (t *Token) ExpiringIn(d time.Duration) bool {
+	future := time.Now().Add(d)
+	return future.After(t.ExpiresAt)
+}
+
 func StoreToken(store *keyring.Store, token *Token) error {
 	data, err := json.Marshal(token)
 	if err != nil {
diff --git a/internal/oauthdevice/http_transport.go b/internal/oauthdevice/http_transport.go
@@ -0,0 +1,49 @@
+package oauthdevice
+
+import (
+	"context"
+	"net/http"
+	"time"
+)
+
+var _ http.Transport
+
+var _ http.RoundTripper = (*Transport)(nil)
+
+type Transport struct {
+	Base  http.RoundTripper
+	token *Token
+}
+
+// RoundTrip implements http.RoundTripper.
+func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) {
+	ctx := req.Context()
+	token, err := maybeRefresh(ctx, t.token)
+	if err != nil {
+		return nil, err
+	}
+	t.token = token
+
+	req2 := req.Clone(req.Context())
+	req2.Header.Set("Authorization", "Bearer "+t.token.AccessToken)
+
+	if t.Base != nil {
+		return t.Base.RoundTrip(req2)
+	}
+	return http.DefaultTransport.RoundTrip(req2)
+}
+
+func maybeRefresh(ctx context.Context, token *Token) (*Token, error) {
+	// token has NOT expired or NOT about to expire in 30s
+	if !(token.HasExpired() || token.ExpiringIn(time.Duration(30)*time.Second)) {
+		return token, nil
+	}
+	client := NewClient(DefaultClientID)
+
+	resp, err := client.Refresh(ctx, token)
+	if err != nil {
+		return nil, err
+	}
+
+	return resp.Token(token.Endpoint), nil
+}
