Add GitHub token support for private repo installs

aminland · aminland · commit 0878d0ca8cf9 · 2025-11-30T05:18:03.000-05:00
diff --git a/bin/relay-dedup b/bin/relay-dedup
@@ -7,9 +7,13 @@ const fs = require("fs");
 const binaryPath = path.join(__dirname, "relay-dedup-binary");
 
 if (!fs.existsSync(binaryPath)) {
-  console.error(
-    "relay-dedup binary not found. Please run: npm run postinstall"
-  );
+  console.error("Error: relay-dedup binary not found.\n");
+  console.error("This is likely because the postinstall script failed to download it.");
+  console.error("This is a private repo - you need GitHub authentication.\n");
+  console.error("Fix:");
+  console.error("  1. Install GitHub CLI and run: gh auth login");
+  console.error("  2. Reinstall: pnpm install relay-dedup\n");
+  console.error("Or set GITHUB_TOKEN environment variable before installing.");
   process.exit(1);
 }
 
diff --git a/scripts/postinstall.js b/scripts/postinstall.js
@@ -40,13 +40,52 @@ function getVersion() {
 	return pkg.version;
 }
 
-function httpsGet(url) {
+function getGitHubToken() {
+	// Check environment variables first
+	if (process.env.GITHUB_TOKEN) return process.env.GITHUB_TOKEN;
+	if (process.env.GH_TOKEN) return process.env.GH_TOKEN;
+
+	// Try gh CLI (GitHub's official CLI)
+	try {
+		const token = execSync("gh auth token", {
+			encoding: "utf8",
+			stdio: ["pipe", "pipe", "pipe"],
+		}).trim();
+		if (token && token.startsWith("gh")) {
+			return token;
+		}
+	} catch {
+		// gh CLI not installed or not logged in
+	}
+
+	return null;
+}
+
+function httpsGet(url, token = null, isBinaryDownload = false) {
 	return new Promise((resolve, reject) => {
+		const headers = { "User-Agent": "relay-dedup-installer" };
+
+		// Add auth header for private repos
+		if (token) {
+			headers["Authorization"] = `token ${token}`;
+		}
+
+		// For downloading binary assets from API URL
+		if (isBinaryDownload) {
+			headers["Accept"] = "application/octet-stream";
+		}
+
 		https
-			.get(url, { headers: { "User-Agent": "relay-dedup-installer" } }, (res) => {
-				// Follow redirects
+			.get(url, { headers }, (res) => {
+				// Follow redirects (don't pass token to external domains like S3)
 				if (res.statusCode === 301 || res.statusCode === 302) {
-					return httpsGet(res.headers.location).then(resolve).catch(reject);
+					const redirectUrl = res.headers.location;
+					const sameOrigin =
+						redirectUrl.includes("github.com") ||
+						redirectUrl.includes("api.github.com");
+					return httpsGet(redirectUrl, sameOrigin ? token : null, isBinaryDownload)
+						.then(resolve)
+						.catch(reject);
 				}
 				if (res.statusCode !== 200) {
 					reject(new Error(`HTTP ${res.statusCode}: ${url}`));
@@ -61,17 +100,52 @@ function httpsGet(url) {
 	});
 }
 
+async function getAssetUrl(version, assetName, token) {
+	// For private repos, we need to use the API to get the asset download URL
+	const apiUrl = `https://api.github.com/repos/${REPO}/releases/tags/v${version}`;
+
+	const response = await httpsGet(apiUrl, token);
+	const release = JSON.parse(response.toString());
+
+	if (!release.assets) {
+		throw new Error(`No assets found in release v${version}`);
+	}
+
+	const asset = release.assets.find((a) => a.name === assetName);
+	if (!asset) {
+		const available = release.assets.map((a) => a.name).join(", ");
+		throw new Error(`Asset ${assetName} not found. Available: ${available}`);
+	}
+
+	// Return the API URL for downloading (works for private repos)
+	return asset.url;
+}
+
 async function downloadBinary() {
 	const target = getTarget();
 	const version = getVersion();
+	const token = getGitHubToken();
 	const assetName = `${BINARY_NAME}-${target}.tar.gz`;
-	const url = `https://github.com/${REPO}/releases/download/v${version}/${assetName}`;
 
 	console.log(`Downloading ${BINARY_NAME} v${version} for ${getPlatformKey()}...`);
-	console.log(`  ${url}`);
+
+	if (!token) {
+		console.error(`\nError: No GitHub token found.`);
+		console.error(`\nThis is a private repo. You need either:`);
+		console.error(`  1. GitHub CLI: Install and run 'gh auth login'`);
+		console.error(`  2. Environment variable: export GITHUB_TOKEN=ghp_your_token`);
+		console.error(`\nThen reinstall: pnpm install`);
+		process.exit(1);
+	}
+
+	console.log(`  (using GitHub token for authentication)`);
 
 	try {
-		const tarGz = await httpsGet(url);
+		// Get the asset download URL from the API
+		const assetUrl = await getAssetUrl(version, assetName, token);
+		console.log(`  ${assetUrl}`);
+
+		const tarGz = await httpsGet(assetUrl, token, true);
 
 		// Extract tar.gz
 		const tar = zlib.gunzipSync(tarGz);
@@ -90,13 +164,12 @@ async function downloadBinary() {
 
 		console.log(`✓ Installed ${BINARY_NAME} to ${binaryPath}`);
 	} catch (error) {
+		console.error(`\nError: Failed to download binary for ${getPlatformKey()}`);
+		console.error(`  ${error.message}`);
 		if (error.message.includes("404")) {
-			console.error(`\nError: No prebuilt binary found for ${getPlatformKey()}`);
-			console.error(`Release v${version} may not exist or may not have binaries yet.`);
-			console.error(`\nYou can build from source with: cargo build --release`);
-		} else {
-			console.error(`\nError downloading binary: ${error.message}`);
+			console.error(`\nRelease v${version} may not exist or may not have binaries for your platform.`);
 		}
+		console.error(`\nYou can build from source with: cargo build --release`);
 		process.exit(1);
 	}
 }
