GitHub: Use basic/bearer_auth() fns from reqwest (#11014)

Turbo87 · web-flow · commit ce33ac1cbb97 · 2025-04-15T16:41:30.000+02:00
Turns out we were not applying base64 encoding to our basic auth requests before. Using `.basic_auth()` fixes the issue, which means that we now properly authenticate, while previously we were accidentally running these requests completely unauthenticated, making us subject to the 60 requests per hour rate limit...
diff --git a/crates/crates_io_github/src/lib.rs b/crates/crates_io_github/src/lib.rs
@@ -4,7 +4,7 @@
 extern crate tracing;
 
 use oauth2::AccessToken;
-use reqwest::{self, header};
+use reqwest::{self, header, RequestBuilder};
 
 use serde::de::DeserializeOwned;
 
@@ -54,22 +54,21 @@ impl RealGitHubClient {
     }
 
     /// Does all the nonsense for sending a GET to Github.
-    async fn _request<T>(&self, url: &str, auth: &str) -> Result<T>
+    async fn _request<T, A>(&self, url: &str, apply_auth: A) -> Result<T>
     where
         T: DeserializeOwned,
+        A: Fn(RequestBuilder) -> RequestBuilder,
     {
         let url = format!("https://api.github.com{url}");
         info!("GitHub request: GET {url}");
 
-        let response = self
+        let request = self
             .client
             .get(&url)
             .header(header::ACCEPT, "application/vnd.github.v3+json")
-            .header(header::AUTHORIZATION, auth)
-            .header(header::USER_AGENT, "crates.io (https://crates.io)")
-            .send()
-            .await?
-            .error_for_status()?;
+            .header(header::USER_AGENT, "crates.io (https://crates.io)");
+
+        let response = apply_auth(request).send().await?.error_for_status()?;
 
         let headers = response.headers();
         let remaining = headers.get("x-ratelimit-remaining");
@@ -84,16 +83,15 @@ impl RealGitHubClient {
     where
         T: DeserializeOwned,
     {
-        self._request(url, &format!("Bearer {}", auth.secret()))
-            .await
+        self._request(url, |r| r.bearer_auth(auth.secret())).await
     }
 
     /// Sends a GET to GitHub using basic authentication
     pub async fn request_basic<T>(&self, url: &str, username: &str, password: &str) -> Result<T>
     where
         T: DeserializeOwned,
     {
-        self._request(url, &format!("basic {username}:{password}"))
+        self._request(url, |r| r.basic_auth(username, Some(password)))
             .await
     }
 }
