support pat or app credentials

deno.jsonc

@@ -14,7 +14,7 @@
   "imports": {
     "@cliffy/command": "jsr:@cliffy/command@^1.0.0-rc.7",
     "@db/mongo": "jsr:@db/mongo@^0.33.0",
-    "@justinmchase/github-api": "jsr:@justinmchase/github-api@^0.5.11",
+    "@justinmchase/github-api": "jsr:@justinmchase/[email protected].13",
     "@justinmchase/serializable": "jsr:@justinmchase/serializable@^0.3.13",
     "@justinmchase/type": "jsr:@justinmchase/type@^0.2.4",
     "@oak/oak": "jsr:@oak/oak@^17.1.3",

src/controllers/github.controller.ts

@@ -7,7 +7,7 @@ import type {
   GitHubInstallationEvent,
   GitHubPingEvent,
 } from "@justinmchase/github-api";
-import type { GitHubService } from "../services/github/mod.ts";
+import type { GitHubService } from "../services/github.service.ts";
 import type { IContext, IState } from "../context.ts";
 import type { Controller } from "./controller.ts";
 import type { ILogger } from "../logging/mod.ts";

src/services/github/mod.ts → src/services/github.service.ts

@@ -1,38 +1,31 @@
-import { api, GitHubApplication, GitHubClient } from "@justinmchase/github-api";
-import { SignatureError } from "../../errors/signature.error.ts";
-import { hmacCreateKey, hmacVerify } from "../../util/hmac.ts";
-import { MemoryCache } from "../../util/cache.ts";
+import { credentials, GitHubClient } from "@justinmchase/github-api";
+import type { GitHubCredentialProvider } from "@justinmchase/github-api";
+import { SignatureError } from "../errors/signature.error.ts";
+import { hmacCreateKey, hmacVerify } from "../util/hmac.ts";
+import { MemoryCache } from "../util/cache.ts";
 import type { Request } from "@oak/oak/request";
-import type { ILogger } from "../../logging/mod.ts";
+import type { ILogger } from "../logging/mod.ts";
 
-export interface IGitHubConfig {
-  githubAppId: number;
-  githubPrivateKey: string;
+type GitHubConfig = {
+  githubAppId?: number;
+  githubPrivateKey?: string;
+  githubPat?: string;
   githubWebhookSecret?: string;
-}
+};
 
 export class GitHubService {
-  private readonly app: GitHubApplication;
   private readonly cache = new MemoryCache();
   constructor(
-    appId: number,
-    privateKey: string,
-    private readonly secret?: CryptoKey,
+    private readonly credentialProvider: GitHubCredentialProvider,
+    private readonly webhookKey?: CryptoKey,
   ) {
-    this.app = new GitHubApplication(
-      appId,
-      privateKey,
-    );
   }
 
   public static async create(
     log: ILogger,
-    config: IGitHubConfig,
+    config: GitHubConfig,
   ): Promise<GitHubService> {
     const { githubAppId, githubPrivateKey, githubWebhookSecret } = config;
-    const secret = githubWebhookSecret
-      ? await hmacCreateKey(githubWebhookSecret)
-      : undefined;
 
     log.debug(
       "github_service",
@@ -43,23 +36,26 @@ export class GitHubService {
         githubWebhookSecret: !!githubWebhookSecret,
       },
     );
+    const credentialProvider = credentials(config);
+    const secret = githubWebhookSecret
+      ? await hmacCreateKey(githubWebhookSecret)
+      : undefined;
     return new GitHubService(
-      githubAppId,
-      githubPrivateKey,
+      credentialProvider,
       secret,
     );
   }
 
   public async verify(req: Request) {
-    if (this.secret) {
+    if (this.webhookKey) {
       const signature = req.headers.get("X-Hub-Signature-256");
       if (!signature) {
         throw new SignatureError("invalid signature");
       }
       const [, sig] = signature.split("=");
       const bytes = await req.body.arrayBuffer();
       const verified = await hmacVerify(
-        this.secret,
+        this.webhookKey,
         sig,
         bytes,
       );
@@ -72,18 +68,8 @@ export class GitHubService {
   public async token(installationId: number): Promise<string> {
     return await this.cache.get(
       `installation_token_${installationId}`,
-      async () => {
-        const jwt = await this.app.jwt();
-        const client = new GitHubClient({
-          accessToken: jwt,
-        });
-        const result = await api.app.installations.accessTokens({
-          installationId,
-          client,
-        });
-        const { token } = result;
-        return token;
-      },
+      async () =>
+        await this.credentialProvider.installationToken(installationId),
     );
   }
 

src/services/mod.ts

@@ -1,2 +1,2 @@
-export * from "./github/mod.ts";
-export * from "./mongo/mod.ts";
+export * from "./github.service.ts";
+export * from "./mongo.service.ts";