Skip to content

refactor(api): unified GitLab REST API client and lint fixes #17

Closed
#18
#368
Closed
refactor(api): unified GitLab REST API client and lint fixes#17
#18
#368
@polaz

Description

@polaz
polaz
opened on Jan 18, 2026

Summary

Introduces a unified GitLab REST API client, OAuth session storage backends, and fixes all ESLint errors.

Changes

Unified GitLab REST API Client

  • Add src/utils/gitlab-api.ts - unified client for GitLab API calls
  • Centralized URL building with base URL from config
  • Query parameters serialization with undefined/null filtering
  • Request body encoding (JSON or form-urlencoded)
  • Automatic GID cleanup from responses
  • Handle 204 No Content responses correctly
  • Type-safe request/response handling

OAuth Session Storage Backends

New pluggable storage architecture for OAuth sessions:

  • Memory Backend (default) - In-memory storage, sessions lost on restart
  • File Backend - JSON file-based persistence with configurable save interval
  • PostgreSQL Backend - Production-grade storage via Prisma ORM

Storage selection via environment:
```bash
OAUTH_STORAGE_TYPE=memory|file|postgresql
OAUTH_STORAGE_FILE_PATH=./data/oauth-sessions.json
OAUTH_STORAGE_POSTGRESQL_URL=postgresql://...
```

OAuth Flow Implementation (Dual Flow Support)

Authorization Code Flow (for Claude.ai Custom Connectors):

  1. Client redirects to `/authorize` with `redirect_uri`
  2. Server redirects to GitLab OAuth
  3. GitLab redirects back to `/oauth/callback`
  4. Server exchanges code for tokens
  5. Server redirects to client with authorization code
  6. Client exchanges code at `/token` endpoint

Device Flow (for CLI clients, Claude Desktop):

  1. Client requests `/authorize` without `redirect_uri`
  2. Server returns device code and verification URL
  3. User visits GitLab, enters device code
  4. Client polls `/oauth/poll` for completion
  5. Server exchanges GitLab token for MCP session token

Flow auto-selection based on `redirect_uri` presence in authorization request.

New OAuth Endpoints

  • `/oauth/callback` - GitLab OAuth callback handler
  • `/oauth/poll` - Device flow polling endpoint
  • `/register` - Dynamic client registration (RFC 7591)

Registry Refactoring

  • Refactor labels, wiki, variables, milestones registries
  • Use new gitlab-api utility for cleaner request handling
  • Consistent pattern across all entity registries

Lint Fixes

  • Fix unnecessary type assertion in gitlab-api.ts
  • Fix Prisma type resolution with explicit interfaces (GenericPrismaClient pattern)
  • Fix logger mocks in integration and unit tests
  • All 101 errors resolved with proper typing, zero eslint-disable comments

Benefits

  • Cleaner, more consistent API calls
  • Type-safe request/response handling
  • Centralized error handling
  • Production-ready OAuth session persistence
  • Support for both web and CLI OAuth flows
  • Zero lint errors

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions