github.com/google/osv-scalibr@v0.4.1/veles/secrets/github/github.go

github.com/google/osv-scalibr@v0.4.1/veles/secrets/github/github.go (about)

     1  // Copyright 2025 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package github implements the logic to detect Github tokens
    16  package github
    17  
    18  import "time"
    19  
    20  const (
    21  	// githubAPIBaseURL is the base URL for Github API.
    22  	githubAPIBaseURL = "https://api.github.com"
    23  	// validationTimeout is timeout for API validation requests.
    24  	validationTimeout = 10 * time.Second
    25  
    26  	// S2SValidationEndpoint is endpoint for app s2s token validation.
    27  	S2SValidationEndpoint = "/installation/repositories"
    28  	// UserValidationEndpoint is endpoint for user token validation.
    29  	UserValidationEndpoint = "/user"
    30  )
    31  
    32  // apiHeaders returns the HTTP headers required by GitHub API for validating tokens.
    33  func apiHeaders(token string) map[string]string {
    34  	return map[string]string{
    35  		"Authorization":        "Bearer " + token,
    36  		"Accept":               "application/vnd.github+json",
    37  		"X-GitHub-Api-Version": "2022-11-28",
    38  	}
    39  }
    40  
    41  // AppRefreshToken contains a Github App refresh token
    42  type AppRefreshToken struct {
    43  	Token string
    44  }
    45  
    46  // AppServerToServerToken contains a Github App server to server token
    47  type AppServerToServerToken struct {
    48  	Token string
    49  }
    50  
    51  // AppUserToServerToken contains a user to server token
    52  //
    53  // A Github App User to Server token is a temporary, secure credential that allows a GitHub App
    54  // to perform actions on the platform on behalf of a user
    55  type AppUserToServerToken struct {
    56  	Token string
    57  }
    58  
    59  // ClassicPersonalAccessToken contains a Github classic personal access token
    60  type ClassicPersonalAccessToken struct {
    61  	Token string
    62  }
    63  
    64  // FineGrainedPersonalAccessToken contains a Github fine-grained personal access token
    65  type FineGrainedPersonalAccessToken struct {
    66  	Token string
    67  }
    68  
    69  // OAuthToken contains an oauth token
    70  type OAuthToken struct {
    71  	Token string
    72  }