Problem
When the Java extension fetches Lombok version tags from GitHub, it makes unauthenticated requests to https://api.github.com/repos/projectlombok/lombok/tags. This is subject to GitHub unauthenticated rate limit of 60 requests per hour per IP.
In shared network environments (corporate NAT, VPN, etc.), this limit is easily hit, causing jdtls to fail with:
Language server jdtls: Failed to get Lombok jar path: Failed to fetch Lombok versions from projectlombok/lombok: Failed to fetch GitHub tags: failed to fetch https://api.github.com/repos/projectlombok/lombok/tags: status code 403 Forbidden
Root Cause
In src/util.rs - get_latest_versions_from_tag(), the HTTP request is built without any Authorization header:
pub fn get_latest_versions_from_tag(repo: &str) -> zed::Result<(String, Option<String>)> {
let tags_response_body = serde_json::from_slice::<Value>(
&fetch(
&HttpRequest::builder()
.method(HttpMethod::Get)
.url(format!("https://api.github.com/repos/{repo}/tags"))
.build()?,
)
.map_err(|err| format!("{TAG_RETRIEVAL_ERROR}: {err}"))?
.body,
)
}
Even when users set GITHUB_TOKEN in their environment, this function does not read it, so the request always goes unauthenticated (limit: 60/hr instead of 5000/hr).
Proposed Solution
Read the GITHUB_TOKEN environment variable and include it as an Authorization header when making GitHub API requests:
let mut request = HttpRequest::builder()
.method(HttpMethod::Get)
.url(format!("https://api.github.com/repos/{repo}/tags"));
if let Ok(token) = std::env::var("GITHUB_TOKEN") {
request = request.header("Authorization", format!("token {}", token));
}
let response = fetch(request.build()?)
.map_err(|err| format!("{TAG_RETRIEVAL_ERROR}: {err}"))?;
This would apply to all calls through get_latest_versions_from_tag(), covering Lombok, jdtls, and any other component fetched from GitHub.
Workaround
Users can manually download Lombok and specify the jar path in settings:
"lsp": {
"jdtls": {
"settings": {
"lombok_jar": "/path/to/lombok.jar"
}
}
}
But supporting GITHUB_TOKEN would be a more seamless experience and benefit all GitHub API calls in the extension.
Environment
- Zed Java extension: v6.8.21
- OS: Linux
- Network: Corporate shared IP
Problem
When the Java extension fetches Lombok version tags from GitHub, it makes unauthenticated requests to
https://api.github.com/repos/projectlombok/lombok/tags. This is subject to GitHub unauthenticated rate limit of 60 requests per hour per IP.In shared network environments (corporate NAT, VPN, etc.), this limit is easily hit, causing jdtls to fail with:
Root Cause
In
src/util.rs-get_latest_versions_from_tag(), the HTTP request is built without anyAuthorizationheader:Even when users set
GITHUB_TOKENin their environment, this function does not read it, so the request always goes unauthenticated (limit: 60/hr instead of 5000/hr).Proposed Solution
Read the
GITHUB_TOKENenvironment variable and include it as anAuthorizationheader when making GitHub API requests:This would apply to all calls through
get_latest_versions_from_tag(), covering Lombok, jdtls, and any other component fetched from GitHub.Workaround
Users can manually download Lombok and specify the jar path in settings:
But supporting
GITHUB_TOKENwould be a more seamless experience and benefit all GitHub API calls in the extension.Environment