From 83286ff7580014c345faec6b1c280524c681f8b3 Mon Sep 17 00:00:00 2001
From: daimond113 <72147841+daimond113@users.noreply.github.com>
Date: Mon, 12 Aug 2024 23:16:26 +0200
Subject: [PATCH] fix: overwrite request headers

---
 src/cli/commands/auth/login.rs |  2 +-
 src/source/pesde/mod.rs        | 27 +++++++++++++++++++++++----
 src/source/wally/mod.rs        | 27 +++++++++++++++++++++++----
 3 files changed, 47 insertions(+), 9 deletions(-)

diff --git a/src/cli/commands/auth/login.rs b/src/cli/commands/auth/login.rs
index d40feeb..b451777 100644
--- a/src/cli/commands/auth/login.rs
+++ b/src/cli/commands/auth/login.rs
@@ -20,7 +20,7 @@ pub struct LoginCommand {
     /// The index to use. Defaults to `default`, or the configured default index if current directory doesn't have a manifest
     #[arg(short, long)]
     index: Option<String>,
-    
+
     /// The token to use for authentication, skipping login
     #[arg(short, long, conflicts_with = "index")]
     token: Option<String>,
diff --git a/src/source/pesde/mod.rs b/src/source/pesde/mod.rs
index 9080d3a..01b8c0c 100644
--- a/src/source/pesde/mod.rs
+++ b/src/source/pesde/mod.rs
@@ -7,7 +7,7 @@ use std::{
 
 use gix::Url;
 use relative_path::RelativePathBuf;
-use reqwest::header::ACCEPT;
+use reqwest::header::{HeaderMap, ACCEPT, AUTHORIZATION};
 use serde::{Deserialize, Serialize};
 
 use pkg_ref::PesdePackageRef;
@@ -275,14 +275,29 @@ impl PackageSource for PesdePackageSource {
             .replace("{PACKAGE_VERSION}", &pkg_ref.version.to_string())
             .replace("{PACKAGE_TARGET}", &pkg_ref.target.to_string());
 
-        let mut response = reqwest.get(url).header(ACCEPT, "application/octet-stream");
+        let mut headers = HeaderMap::new();
+        headers.insert(
+            ACCEPT,
+            "application/octet-stream"
+                .parse()
+                .map_err(|e| errors::DownloadError::InvalidHeaderValue("Accept".to_string(), e))?,
+        );
 
         if let Some(token) = project.auth_config.get_token(&self.repo_url) {
             log::debug!("using token for pesde package download");
-            response = response.header("Authorization", token);
+            headers.insert(
+                AUTHORIZATION,
+                token.parse().map_err(|e| {
+                    errors::DownloadError::InvalidHeaderValue("Authorization".to_string(), e)
+                })?,
+            );
         }
 
-        let response = response.send()?.error_for_status()?;
+        let response = reqwest
+            .get(url)
+            .headers(headers)
+            .send()?
+            .error_for_status()?;
         let bytes = response.bytes()?;
 
         let mut decoder = flate2::read::GzDecoder::new(bytes.as_ref());
@@ -506,5 +521,9 @@ pub mod errors {
         /// Error writing index file
         #[error("error reading index file")]
         ReadIndex(#[source] std::io::Error),
+
+        /// A header value was invalid
+        #[error("invalid header {0} value")]
+        InvalidHeaderValue(String, #[source] reqwest::header::InvalidHeaderValue),
     }
 }
diff --git a/src/source/wally/mod.rs b/src/source/wally/mod.rs
index d77c946..9e586da 100644
--- a/src/source/wally/mod.rs
+++ b/src/source/wally/mod.rs
@@ -5,6 +5,7 @@ use std::{
 
 use gix::Url;
 use relative_path::RelativePathBuf;
+use reqwest::header::{HeaderMap, AUTHORIZATION};
 use serde::Deserialize;
 use tempfile::tempdir;
 
@@ -177,19 +178,33 @@ impl PackageSource for WallyPackageSource {
             pkg_ref.version
         );
 
-        let mut response = reqwest.get(url).header(
+        let mut headers = HeaderMap::new();
+        headers.insert(
             "Wally-Version",
             std::env::var("PESDE_WALLY_VERSION")
                 .as_deref()
-                .unwrap_or("0.3.2"),
+                .unwrap_or("0.3.2")
+                .parse()
+                .map_err(|e| {
+                    errors::DownloadError::InvalidHeaderValue("Wally-Version".to_string(), e)
+                })?,
         );
 
         if let Some(token) = project.auth_config.get_token(&self.repo_url) {
             log::debug!("using token for wally package download");
-            response = response.header("Authorization", token);
+            headers.insert(
+                AUTHORIZATION,
+                token.parse().map_err(|e| {
+                    errors::DownloadError::InvalidHeaderValue("Authorization".to_string(), e)
+                })?,
+            );
         }
 
-        let response = response.send()?.error_for_status()?;
+        let response = reqwest
+            .get(url)
+            .headers(headers)
+            .send()?
+            .error_for_status()?;
         let bytes = response.bytes()?;
 
         let mut archive = zip::ZipArchive::new(std::io::Cursor::new(bytes))?;
@@ -340,5 +355,9 @@ pub mod errors {
         /// Error writing index file
         #[error("error writing index file")]
         WriteIndex(#[source] std::io::Error),
+
+        /// A header value was invalid
+        #[error("invalid header {0} value")]
+        InvalidHeaderValue(String, #[source] reqwest::header::InvalidHeaderValue),
     }
 }