feat: add auth and addtional requested changes #26 #27
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
2 issues found across 6 files
Prompt for AI agents (all 2 issues)
Understand the root cause of the following 2 issues and fix them.
<file name="pkg/auth/oauth.go">
<violation number="1" location="pkg/auth/oauth.go:120">
fetchToken updates c.token without synchronization, so sharing this OAuthClient through HTTPClient leads to data races when the client is used concurrently.</violation>
</file>
<file name="pkg/auth/oauth_test.go">
<violation number="1" location="pkg/auth/oauth_test.go:357">
Sleeping for 35s here makes this test suite take roughly half a minute to run every time. Please simulate the timeout with a faster failure path (e.g., cancel the context or dial an unreachable address) instead of a long sleep so the test stays fast.</violation>
</file>
Since this is your first cubic review, here's how it works:
- cubic automatically reviews your code and comments on bugs and improvements
- Teach cubic by replying to its comments. cubic learns from your replies and gets better over time
- Ask questions if you need clarification on any suggestion
React with 👍 or 👎 to teach cubic. Mention @cubic-dev-ai to give feedback, ask questions, or re-run the review.
| } | ||
|
|
||
| // Store the token and calculate expiry | ||
| c.token = &tokenResp |
There was a problem hiding this comment.
fetchToken updates c.token without synchronization, so sharing this OAuthClient through HTTPClient leads to data races when the client is used concurrently.
Prompt for AI agents
Address the following comment on pkg/auth/oauth.go at line 120:
<comment>fetchToken updates c.token without synchronization, so sharing this OAuthClient through HTTPClient leads to data races when the client is used concurrently.</comment>
<file context>
@@ -0,0 +1,181 @@
+ }
+
+ // Store the token and calculate expiry
+ c.token = &tokenResp
+ // Subtract 30 seconds from expiry to ensure we refresh before it actually expires
+ expiryDuration := time.Duration(tokenResp.ExpiresIn-30) * time.Second
</file context>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary by cubic
Adds optional OAuth 2.0 client-credentials auth and a configurable API endpoint path to the JUnit client to support secured Fern Platform deployments. Default behavior remains unchanged when OAuth is not configured.
Written for commit 1185754. Summary will update automatically on new commits.