fix: add authentication to repo.get request (#98)

Author: WipeAir

src/dispatch/controller.ts

@@ -88,10 +88,19 @@ export const dispatchControllerFactory: () => Promise<RequestHandler> =
 			// If it's not present, we need to resolve the default branch.
 			let enrichedTargetRef = body.target.ref;
 			if (!enrichedTargetRef) {
-				enrichedTargetRef = await getRepositoryDefaultBranch({
-					owner: body.target.owner,
-					repo: body.target.repo,
-				});
+				try {
+					enrichedTargetRef = await getRepositoryDefaultBranch({
+						owner: body.target.owner,
+						repo: body.target.repo,
+					});
+				} catch (e) {
+					_reqLogger.warn({ error: e }, "Failed to resolve default branch");
+
+					return res
+						.status(400)
+						.header("content-type", responseContentType)
+						.json({ error: "Failed to resolve default branch" });
+				}
 			}
 
 			// Map the body to the policy input.

src/dispatch/github.ts

@@ -116,10 +116,21 @@ async function resolveAccessToken(id: RepositoryIdentity): Promise<string> {
 export async function getRepositoryDefaultBranch(
 	id: RepositoryIdentity,
 ): Promise<string> {
+	// We need to fetch the metadata of the repository, which might be private.
+	// Therefore, we also need the access token.
+	const token = await resolveAccessToken({
+		owner: id.owner,
+		repo: id.repo,
+	});
+
 	try {
-		const { data } = await _baseOctokit.rest.repos.get({
-			owner: id.owner,
-			repo: id.repo,
+		const data = await runOctokit(token, async (octokit) => {
+			const { data } = await octokit.rest.repos.get({
+				owner: id.owner,
+				repo: id.repo,
+			});
+
+			return data;
 		});
 
 		return data.default_branch;