Skip to content

Support GITHUB_TOKEN env var for GitHub API requests to avoid rate limiting (403) #281

Description

@FanXingChunShui

Problem

When the Java extension fetches Lombok version tags from GitHub, it makes unauthenticated requests to https://api.github.com/repos/projectlombok/lombok/tags. This is subject to GitHub unauthenticated rate limit of 60 requests per hour per IP.

In shared network environments (corporate NAT, VPN, etc.), this limit is easily hit, causing jdtls to fail with:

Language server jdtls: Failed to get Lombok jar path: Failed to fetch Lombok versions from projectlombok/lombok: Failed to fetch GitHub tags: failed to fetch https://api.github.com/repos/projectlombok/lombok/tags: status code 403 Forbidden

Root Cause

In src/util.rs - get_latest_versions_from_tag(), the HTTP request is built without any Authorization header:

pub fn get_latest_versions_from_tag(repo: &str) -> zed::Result<(String, Option<String>)> {
    let tags_response_body = serde_json::from_slice::<Value>(
        &fetch(
            &HttpRequest::builder()
                .method(HttpMethod::Get)
                .url(format!("https://api.github.com/repos/{repo}/tags"))
                .build()?,
        )
        .map_err(|err| format!("{TAG_RETRIEVAL_ERROR}: {err}"))?
        .body,
    )
}

Even when users set GITHUB_TOKEN in their environment, this function does not read it, so the request always goes unauthenticated (limit: 60/hr instead of 5000/hr).

Proposed Solution

Read the GITHUB_TOKEN environment variable and include it as an Authorization header when making GitHub API requests:

let mut request = HttpRequest::builder()
    .method(HttpMethod::Get)
    .url(format!("https://api.github.com/repos/{repo}/tags"));

if let Ok(token) = std::env::var("GITHUB_TOKEN") {
    request = request.header("Authorization", format!("token {}", token));
}

let response = fetch(request.build()?)
    .map_err(|err| format!("{TAG_RETRIEVAL_ERROR}: {err}"))?;

This would apply to all calls through get_latest_versions_from_tag(), covering Lombok, jdtls, and any other component fetched from GitHub.

Workaround

Users can manually download Lombok and specify the jar path in settings:

"lsp": {
  "jdtls": {
    "settings": {
      "lombok_jar": "/path/to/lombok.jar"
    }
  }
}

But supporting GITHUB_TOKEN would be a more seamless experience and benefit all GitHub API calls in the extension.

Environment

  • Zed Java extension: v6.8.21
  • OS: Linux
  • Network: Corporate shared IP

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions