Extract shared HTTP response body read helpers to httputil package by lpcox · Pull Request #8346 · github/gh-aw-mcpg · GitHub
Skip to content

Extract shared HTTP response body read helpers to httputil package#8346

Merged
lpcox merged 3 commits into
mainfrom
lpcox-fix-http-response-dedup-8320
Jun 30, 2026
Merged

Extract shared HTTP response body read helpers to httputil package#8346
lpcox merged 3 commits into
mainfrom
lpcox-fix-http-response-dedup-8320

Conversation

@lpcox

@lpcox lpcox commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator

Summary

Fixes #8320

Deduplicates the HTTP response body read + status check pattern that was independently implemented in three files.

Changes

New helpers (internal/httputil/response.go)

  • ReadResponseBody(resp, context) — Reads the full body, closes it, and returns an error if status ≥ 400. Used by proxy and collaborator call sites.
  • ReadResponseBodyStrict(resp, expectedStatus, context) — Reads the full body, closes it, and returns an error (including the body text) if the status doesn't match exactly. Used by the OIDC call site which checks != 200 and includes the body in error messages.

Refactored call sites

File Before After
internal/proxy/proxy.go defer Close + ReadAll + >= 400 check httputil.ReadResponseBody
internal/githubhttp/collaborator.go defer Close + ReadAll + >= 400 check httputil.ReadResponseBody
internal/oidc/provider.go defer Close + ReadAll + != 200 check (body in error) httputil.ReadResponseBodyStrict

Test updates

  • Added comprehensive tests for both new helpers in internal/httputil/response_test.go
  • Updated existing test assertions in collaborator_test.go and provider_test.go to match the slightly different error message format from the shared helpers

Deduplicate the read-body-and-check-status pattern that was independently
implemented in three files:
- internal/proxy/proxy.go (>= 400 check)
- internal/githubhttp/collaborator.go (>= 400 check)
- internal/oidc/provider.go (exact 200 check with body in error)

Add two helpers in internal/httputil/response.go:
- ReadResponseBody: reads body, closes it, errors on status >= 400
- ReadResponseBodyStrict: reads body, closes it, errors on status != expected
  (includes body in error message for diagnostics)

Refactor all three call sites to use the shared helpers and update
corresponding tests to match the new error message format.

Fixes #8320

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 30, 2026 13:28
GitHub Advanced Security started work on behalf of lpcox June 30, 2026 13:28 View session
GitHub Advanced Security finished work on behalf of lpcox June 30, 2026 13:29

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses issue #8320 by deduplicating repeated “read HTTP response body + close + status check” logic across the proxy, GitHub collaborator permission client, and OIDC provider, consolidating it into shared helpers under internal/httputil.

Changes:

  • Added shared response body helpers: ReadResponseBody (status >= 400) and ReadResponseBodyStrict (exact expected status, includes body in error).
  • Refactored proxy, collaborator permission fetching, and OIDC token fetching to use the shared helpers.
  • Added/updated unit tests to cover the new helpers and align existing tests with the new error formats.
Show a summary per file
File Description
internal/httputil/response.go Introduces shared response-body read + status-check helpers.
internal/httputil/response_test.go Adds unit coverage for both new helper variants and read-error cases.
internal/proxy/proxy.go Switches REST enrichment call path to use the shared helper.
internal/githubhttp/collaborator.go Switches collaborator permission fetch to use the shared helper and updates logging.
internal/githubhttp/collaborator_test.go Updates assertions for new shared-helper error message formats.
internal/oidc/provider.go Switches OIDC response reading/status validation to strict shared helper.
internal/oidc/provider_test.go Updates assertions to match shared-helper error message wording.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 7/7 changed files
  • Comments generated: 4
  • Review effort level: Low

Comment thread internal/httputil/response.go
Comment thread internal/httputil/response.go
Comment thread internal/oidc/provider.go
Comment on lines 13 to 17
"net/http"

"github.com/github/gh-aw-mcpg/internal/httputil"
"net/url"
"strings"
Comment thread internal/oidc/provider.go
Comment on lines +124 to 127
body, err := httputil.ReadResponseBodyStrict(resp, http.StatusOK, "OIDC token request")
if err != nil {
return "", time.Time{}, fmt.Errorf("failed to read OIDC token response: %w", err)
return "", time.Time{}, err
}
@lpcox

lpcox commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator Author

@copilot address review feedback

lpcox and others added 2 commits June 30, 2026 06:37
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
GitHub Advanced Security started work on behalf of lpcox June 30, 2026 13:38 View session
GitHub Advanced Security started work on behalf of lpcox June 30, 2026 13:38 View session
GitHub Advanced Security finished work on behalf of lpcox June 30, 2026 13:38
GitHub Advanced Security finished work on behalf of lpcox June 30, 2026 13:38
@lpcox lpcox merged commit 98faff3 into main Jun 30, 2026
24 checks passed
@lpcox lpcox deleted the lpcox-fix-http-response-dedup-8320 branch June 30, 2026 13:41

Copilot AI commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[duplicate-code] Duplicate Code Pattern: HTTP Response Body Read and GitHub API Status Check

3 participants