mirror of
https://gh.wpcy.net/https://github.com/discourse/discourse.git
synced 2026-06-19 07:43:46 +08:00
36a8a51ef0
GitHub oneboxes and the discourse-github plugin talked to GitHub's REST
and
GraphQL API with no rate-limit awareness. On busy instances this
exhausted
GitHub's limits (60 requests/hour unauthenticated, 5000 authenticated),
and
because there was no backoff every render kept hitting GitHub and
re-failing
-- which GitHub's docs warn can get an integration banned. The recently
added PR-status onebox multiplied the number of calls and made it far
worse.
GitHub access was also fragmented: the core onebox engines used OpenURI,
the
discourse-github plugin used Octokit, and the discourse-ai bot tools
used
FinalDestination::HTTP -- three HTTP stacks, three tokens, and
inconsistent
(or entirely missing) error and rate-limit handling.
This introduces a single client, Discourse::GithubApi, that every GitHub
data-API request now flows through. It is built on Faraday with the
SSRF-safe
FinalDestination adapter and:
- authenticates per token (Bearer) and returns plain string-keyed Hashes
(get/post) or raw bodies (raw_get) -- one response shape, no
Octokit/Sawyer
- only ever sends the access token to api.github.com and
raw.githubusercontent.com, rejecting any other absolute URL, so a
user-derived path can never leak a token to an arbitrary host
- backs off on rate limits both reactively (403/429) and proactively
(when
X-RateLimit-Remaining hits 0), honouring Retry-After /
X-RateLimit-Reset,
via a shared Redis flag (GithubRateLimit) keyed per token so each
token's
budget and the shared unauthenticated/IP budget back off independently
- short-circuits while backing off without ever sleeping, so onebox
rendering
and post baking degrade to a plain link instead of blocking a request
- caches ETags and sends If-None-Match, so unchanged resources return
304s
that do not count against the rate limit
Every caller was moved onto it:
- the 6 core GitHub onebox engines, via a slimmed
Onebox::Mixins::GithubApi
adapter that keeps their public methods and translates client errors
back
to the OpenURI::HTTPError vocabulary they already rescue (engines
unchanged)
- the github_blob raw.githubusercontent.com fetch
- the discourse-github plugin (badges, linkback, permalinks, token
validator),
which no longer uses the octokit and sawyer gems (they stay in the
Gemfile for
the discourse-code-review official plugin, which still depends on them)
- the discourse-ai bot's GitHub tools (search code, diff, file content,
search files)
Also adds a GithubOneboxBackoff admin problem check that surfaces while
one of
the onebox token identities is backing off -- scoped to the tokens
resolved by
Onebox::GithubAccess (each configured github_onebox_access_tokens entry
plus the
unauthenticated client) so a backoff on the AI bot or linkback token is
not
misattributed to onebox. Its message points admins at the relevant
setting with
the {{setting:...}} link marker, which problem-check messages now expand
too.
Onebox token resolution is centralised in Onebox::GithubAccess, and the
onebox
cache TTL for transient GitHub failures is shortened so they recover
quickly.
GitHub OAuth login, theme git-clone, the inbound webhook, and the
Oneboxer
FinalDestination URL-resolution special-cases for github.com are
intentionally
out of scope -- they are different concerns, not the rate-limited data
API.
|
||
|---|---|---|
| .. | ||
| add_reviewable_note_spec.rb | ||
| assign_spec.rb | ||
| close_topic_spec.rb | ||
| create_artifact_spec.rb | ||
| create_image_spec.rb | ||
| db_schema_spec.rb | ||
| delete_topic_spec.rb | ||
| discourse_meta_search_spec.rb | ||
| edit_category_spec.rb | ||
| edit_image_spec.rb | ||
| edit_post_spec.rb | ||
| edit_tags_spec.rb | ||
| flag_post_spec.rb | ||
| github_diff_spec.rb | ||
| github_file_content_spec.rb | ||
| github_search_code_spec.rb | ||
| github_search_files_spec.rb | ||
| google_spec.rb | ||
| grant_badge_spec.rb | ||
| image_spec.rb | ||
| javascript_evaluator_spec.rb | ||
| list_categories_spec.rb | ||
| list_reviewables_spec.rb | ||
| list_tags_spec.rb | ||
| lock_post_spec.rb | ||
| mark_as_solved_spec.rb | ||
| mcp_spec.rb | ||
| move_posts_spec.rb | ||
| perform_reviewable_action_spec.rb | ||
| random_picker_spec.rb | ||
| read_artifact_spec.rb | ||
| read_spec.rb | ||
| researcher_spec.rb | ||
| search_settings_spec.rb | ||
| search_spec.rb | ||
| search_uploaded_documents_spec.rb | ||
| set_slow_mode_spec.rb | ||
| set_topic_timer_spec.rb | ||
| setting_context_spec.rb | ||
| summarize_spec.rb | ||
| time_spec.rb | ||
| tool_spec.rb | ||
| unlist_topic_spec.rb | ||
| update_artifact_spec.rb | ||
| web_browser_spec.rb | ||
