Add proxy support for the github webhook (#1083)

* Add proxy support for the github webhook

- Introduced `PROXY_SECRET` in gitbook-manifest.yaml for proxy authentication.
- Updated createAppInstallationAccessToken to conditionally include proxy headers.
- Modified getRepositoryAuth to accept isProxied parameter.
- Enhanced triggerImport and triggerExport to pass isProxied flag.
- Implemented logic to determine proxy status in handleImportDispatchForSpaces.

* linting

* Remove PROXY_SECRET from secrets and update proxy token header to enable proxy

* changeset

Author: conico974

.changeset/big-needles-know.md

@@ -0,0 +1,5 @@
+---
+'@gitbook/integration-github': patch
+---
+
+Fix proxy for the webhook endpoint

integrations/github/src/api.ts

@@ -165,13 +165,19 @@ export async function createAppInstallationAccessToken(
     context: GithubRuntimeContext,
     appJWT: string,
     installationId: number,
+    isProxied?: boolean,
 ): Promise<string> {
     const { token } = await githubAPI<{ token: string; expires_at: string }>(
         context,
         { access_token: appJWT, expires_at: 0 },
         {
             method: 'POST',
             path: `/app/installations/${installationId}/access_tokens`,
+            additionalHeaders: isProxied
+                ? {
+                      'X-Gitbook-Proxy-Enabled': 'true',
+                  }
+                : {},
         },
     );
 
@@ -220,6 +226,10 @@ async function githubAPI<T>(
          * @default true
          */
         walkPagination?: boolean;
+        /**
+         * Additional headers to add to the request
+         */
+        additionalHeaders?: Record<string, string>;
     },
 ): Promise<T> {
     const {
@@ -229,6 +239,7 @@ async function githubAPI<T>(
         params,
         listProperty = '',
         walkPagination = true,
+        additionalHeaders = {},
     } = request;
 
     const credentials = tokenCredentials || extractTokenCredentialsOrThrow(context);
@@ -240,6 +251,7 @@ async function githubAPI<T>(
     const options = {
         method,
         body: body ? JSON.stringify(body) : undefined,
+        headers: additionalHeaders,
     };
 
     const response = await requestGitHubAPI(context, credentials, url, options);

integrations/github/src/provider.ts

@@ -53,6 +53,7 @@ export function getRepositoryUrl(config: GitHubSpaceConfiguration, withExtension
 export async function getRepositoryAuth(
     context: GithubRuntimeContext,
     config: GitHubSpaceConfiguration,
+    isProxied: boolean,
 ) {
     assertIsDefined(config.installation, { label: 'config.installation', statusCode: 400 });
 
@@ -61,6 +62,7 @@ export async function getRepositoryAuth(
         context,
         appJWT,
         config.installation,
+        isProxied,
     );
 
     return {

integrations/github/src/sync.ts

@@ -51,11 +51,18 @@ export async function triggerImport(
          * in the same order on GitBook and on the remote repository.
          */
         eventTimestamp?: Date;
+
+        isProxied?: boolean;
     } = {},
 ) {
     const { api } = context;
-    const { force = false, updateGitInfo = false, standalone, eventTimestamp } = options;
-
+    const {
+        force = false,
+        updateGitInfo = false,
+        standalone,
+        eventTimestamp,
+        isProxied = false,
+    } = options;
     const spaceId =
         typeof spaceInstallation.space === 'string'
             ? spaceInstallation.space
@@ -72,7 +79,7 @@ export async function triggerImport(
 
     logger.info(`Initiating an import from GitHub to GitBook space ${spaceId}`);
 
-    const auth = await getRepositoryAuth(context, config);
+    const auth = await getRepositoryAuth(context, config, isProxied);
     const repoTreeURL = getGitTreeURL(config);
 
     const urlWithAuth = new URL(getRepositoryUrl(config, true));
@@ -136,7 +143,7 @@ export async function triggerExport(
 
     const { data: revision } = await api.spaces.getCurrentRevision(spaceId);
 
-    const auth = await getRepositoryAuth(context, config);
+    const auth = await getRepositoryAuth(context, config, false);
     const repoTreeURL = getGitTreeURL(config);
 
     const urlWithAuth = new URL(getRepositoryUrl(config, true));

integrations/github/src/tasks.ts

@@ -71,6 +71,19 @@ export async function handleImportDispatchForSpaces(
                         spaceInstallation.integration,
                         spaceInstallation.installation,
                     );
+                let isProxied = context.environment.installation?.network?.proxy || false;
+
+                // The webhook is under the root of the integration, so we don't have access to the installation
+                // We need to fetch it to know if we need to proxy the requests
+                if (!context.environment.installation) {
+                    const { data: installation } =
+                        await context.api.integrations.getIntegrationInstallationById(
+                            spaceInstallation.integration,
+                            spaceInstallation.installation,
+                        );
+
+                    isProxied = installation.network?.proxy || false;
+                }
 
                 // Set the token in the duplicated context to be used by the API client
                 const installationContext: GithubRuntimeContext = {
@@ -93,6 +106,7 @@ export async function handleImportDispatchForSpaces(
                           }
                         : undefined,
                     eventTimestamp,
+                    isProxied,
                 });
             } catch (error) {
                 logger.error(