Add GitHub token support for private repo installs

Author: aminland

scripts/postinstall.js

@@ -40,13 +40,40 @@ function getVersion() {
 	return pkg.version;
 }
 
-function httpsGet(url) {
+function getGitHubToken() {
+	// Check environment variables (in order of preference)
+	return (
+		process.env.GITHUB_TOKEN ||
+		process.env.GH_TOKEN ||
+		process.env.GITHUB_PAT ||
+		null
+	);
+}
+
+function httpsGet(url, token = null) {
 	return new Promise((resolve, reject) => {
+		const headers = { "User-Agent": "relay-dedup-installer" };
+
+		// Add auth header for private repos
+		if (token) {
+			headers["Authorization"] = `token ${token}`;
+		}
+
+		// For GitHub release assets, we need to accept the binary
+		if (url.includes("github.com") && url.includes("/releases/download/")) {
+			headers["Accept"] = "application/octet-stream";
+		}
+
 		https
-			.get(url, { headers: { "User-Agent": "relay-dedup-installer" } }, (res) => {
-				// Follow redirects
+			.get(url, { headers }, (res) => {
+				// Follow redirects (pass token only for same-origin redirects)
 				if (res.statusCode === 301 || res.statusCode === 302) {
-					return httpsGet(res.headers.location).then(resolve).catch(reject);
+					const redirectUrl = res.headers.location;
+					// Don't pass token to external domains (like S3)
+					const sameOrigin = redirectUrl.includes("github.com");
+					return httpsGet(redirectUrl, sameOrigin ? token : null)
+						.then(resolve)
+						.catch(reject);
 				}
 				if (res.statusCode !== 200) {
 					reject(new Error(`HTTP ${res.statusCode}: ${url}`));
@@ -64,14 +91,18 @@ function httpsGet(url) {
 async function downloadBinary() {
 	const target = getTarget();
 	const version = getVersion();
+	const token = getGitHubToken();
 	const assetName = `${BINARY_NAME}-${target}.tar.gz`;
 	const url = `https://github.com/${REPO}/releases/download/v${version}/${assetName}`;
 
 	console.log(`Downloading ${BINARY_NAME} v${version} for ${getPlatformKey()}...`);
 	console.log(`  ${url}`);
+	if (token) {
+		console.log(`  (using GitHub token for authentication)`);
+	}
 
 	try {
-		const tarGz = await httpsGet(url);
+		const tarGz = await httpsGet(url, token);
 
 		// Extract tar.gz
 		const tar = zlib.gunzipSync(tarGz);
@@ -93,6 +124,11 @@ async function downloadBinary() {
 		if (error.message.includes("404")) {
 			console.error(`\nError: No prebuilt binary found for ${getPlatformKey()}`);
 			console.error(`Release v${version} may not exist or may not have binaries yet.`);
+			if (!token) {
+				console.error(`\nThis is a private repo - you need to set GITHUB_TOKEN:`);
+				console.error(`  export GITHUB_TOKEN=ghp_your_token_here`);
+				console.error(`  pnpm install`);
+			}
 			console.error(`\nYou can build from source with: cargo build --release`);
 		} else {
 			console.error(`\nError downloading binary: ${error.message}`);