search

octokit / octokit.js

The all-batteries-included GitHub SDK for Browsers, Node.js, and Deno.
MIT License
6.85k stars 1k forks source link

[BUG]: 401. Message: Must authenticate to access this API. (GitHub Enterprise) #2709

Open hegdeashwin opened 1 week ago

hegdeashwin commented 1 week ago

What happened?

GItHub Octokit throws 401 error with GitHub App. Here is the code looks like

import dotenv from 'dotenv'
import fs from 'fs'
import http from 'http'
import { Octokit, App } from 'octokit'
import { createNodeMiddleware } from '@octokit/webhooks'
import { createAppAuth } from "@octokit/auth-app";

// Load environment variables from .env file
dotenv.config()

// Set configured values
const { APP_ID, ENTERPRISE_HOSTNAME, GITHUB_TOKEN, PRIVATE_KEY_PATH, WEBHOOK_SECRET, CLIENT_ID, CLIENT_SECRET } = process.env

const PRIVATE_KEY = fs.readFileSync(PRIVATE_KEY_PATH, 'utf8')

// Create an authenticated Octokit client authenticated as a GitHub App
const app = new App({
  appId: APP_ID,
  privateKey: PRIVATE_KEY,
  webhooks: {
    secret: WEBHOOK_SECRET
  },
  ...(ENTERPRISE_HOSTNAME && {
    Octokit: Octokit.defaults({
      auth: GITHUB_TOKEN,
      baseUrl: `https://${ENTERPRISE_HOSTNAME}/api/v3`
    })
  })
})

app.webhooks.on('pull_request.opened', async ({ octokit, payload }) => {
  try {
    await octokit.rest.pulls.createReviewComment({
      owner: payload.repository.owner.login,
      repo: payload.repository.name,
      issue_number: payload.pull_request.number,
      body: "Add new code review comment"
    })
  } catch (error) {
    if (error.response) {
      console.error(`Error! Status 3: ${error.response.status}. Message: ${error.response.data.message}`)
    } else {
      console.error(error)
    }
  }

  try {
    const response = await octokit.rest.pulls.listFiles({
      owner: payload.repository.owner.login,
      repo: payload.repository.name,
      issue_number: payload.pull_request.number
    })
    console.log('Response: ', JSON.stringify(response))
  } catch (error) {
    if (error.response) {
      console.error(`Error! Status 4: ${error.response.status}. Message: ${error.response.data.message}`)
    } else {
      console.error(error)
    }
  }

  try {
    await octokit.rest.pulls.requestReviewers({
      owner: payload.repository.owner.login,
      repo: payload.repository.name,
      issue_number: payload.pull_request.number,
      reviewers: ["user1"]
    })
  } catch (error) {
    if (error.response) {
      console.error(`Error! Status 5: ${error.response.status}. Message: ${error.response.data.message}`)
    } else {
      console.error(error)
    }
  }
})

app.webhooks.onError((error) => {
  if (error.name === 'AggregateError') {
    console.log(`Error processing request: ${error.event}`)
  } else {
    console.log(error)
  }
})

// Launch a web server to listen for GitHub webhooks
const port = process.env.PORT || 3004
const path = '/api/webhook'
const localWebhookUrl = `http://localhost:${port}${path}`

// See https://github.com/octokit/webhooks.js/#createnodemiddleware for all options
const middleware = createNodeMiddleware(app.webhooks, { path })

http.createServer(middleware).listen(port, () => {
  console.log(`Server is listening for events at: ${localWebhookUrl}`)
  console.log('Press Ctrl + C to quit.')
})

Note -

All the values for APP_ID, ENTERPRISE_HOSTNAME, GITHUB_TOKEN, PRIVATE_KEY_PATH, WEBHOOK_SECRET seems to be correct and verified.

Versions

Node v18, Octokit v4.0.2

Relevant log output

Error! Status 3: 401. Message: Must authenticate to access this API.
Error! Status 4: 401. Message: Must authenticate to access this API.
Error! Status 5: 401. Message: Must authenticate to access this API.

Without try catch:

AggregateError: 
    HttpError: Unauthorized. "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments" failed most likely due to lack of authentication. Reason: "installation" key missing in webhook event payload
        at file:///Users/user1/Documents/project/mytestapp/node_modules/octokit/node_modules/@octokit/request/dist-bundle/index.js:106:21
        at async requestWithGraphqlErrorHandling (file:///Users/user1/Documents/project/mytestapp/node_modules/octokit/node_modules/@octokit/plugin-retry/dist-bundle/index.js:36:20)
        at async Job.doExecute (/Users/user1/Documents/project/mytestapp/node_modules/bottleneck/light.js:405:18)
    at file:///Users/user1/Documents/project/mytestapp/node_modules/@octokit/webhooks/dist-bundle/index.js:416:19
    at async middleware (file:///Users/user1/Documents/project/mytestapp/node_modules/@octokit/webhooks/dist-bundle/index.js:604:5) {
  event: {
    id: '6fdae3a0-3d0d-11ef-833a-9857aeba7dcd',
    name: 'pull_request',
    payload: {
      action: 'opened',
      number: 62,
      pull_request: [Object],
      repository: [Object],
      enterprise: [Object],
      sender: [Object]
    }
  },
  errors: [
    RequestError [HttpError]: Unauthorized. "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments" failed most likely due to lack of authentication. Reason: "installation" key missing in webhook event payload
        at file:///Users/user1/Documents/project/mytestapp/node_modules/octokit/node_modules/@octokit/request/dist-bundle/index.js:106:21
        at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
        at async requestWithGraphqlErrorHandling (file:///Users/user1/Documents/project/mytestapp/node_modules/octokit/node_modules/@octokit/plugin-retry/dist-bundle/index.js:36:20)
        at async Job.doExecute (/Users/user1/Documents/project/mytestapp/node_modules/bottleneck/light.js:405:18) {
      status: 401,
      request: [Object],
      response: [Object],
      event: [Object]
    }
  ]
}

Code of Conduct

github-actions[bot] commented 1 week ago

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

hegdeashwin commented 1 week ago

Observations - octokit.rest.issues.createComment, octokit.rest.issues.setLabels, GET /repos/{owner}/{repo}/pulls/{pull_number}/files and POST /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers are working fine.

But octokit.rest.pulls.createReviewComment is failing with 401 error

gr2m commented 1 week ago

Sorry I thought I responded to your issue

auth: GITHUB_TOKEN,

I think this is the issue, it's not needed and probably overides the authentication of the octokit instance passed to the webhook handlers