Add scope filtering if challenge is enabled

omgitsads · omgitsads · commit 2b016e5d1b47 · 2026-01-30T15:50:12.000+01:00
diff --git a/pkg/http/handler.go b/pkg/http/handler.go
@@ -211,7 +211,7 @@ func DefaultInventoryFactory(cfg *ServerConfig, t translations.TranslationHelper
 		b = InventoryFiltersForRequest(r, b)
 
 		if cfg.ScopeChallenge {
-			b = b.WithFilter(ScopeChallengeFilter(r, scopeFetcher))
+			b = ScopeChallengeFilter(b, r, scopeFetcher)
 		}
 
 		b.WithServerInstructions()
@@ -243,12 +243,12 @@ func InventoryFiltersForRequest(r *http.Request, builder *inventory.Builder) *in
 	return builder
 }
 
-func ScopeChallengeFilter(r *http.Request, fetcher scopes.FetcherInterface) inventory.ToolFilter {
+func ScopeChallengeFilter(b *inventory.Builder, r *http.Request, fetcher scopes.FetcherInterface) *inventory.Builder {
 	ctx := r.Context()
 
 	tokenInfo, ok := ghcontext.GetTokenInfo(ctx)
 	if !ok || tokenInfo == nil {
-		return nil
+		return b
 	}
 
 	// Fetch token scopes for scope-based tool filtering (PAT tokens only)
@@ -257,11 +257,11 @@ func ScopeChallengeFilter(r *http.Request, fetcher scopes.FetcherInterface) inve
 	if tokenInfo.TokenType == utils.TokenTypePersonalAccessToken {
 		scopesList, err := fetcher.FetchTokenScopes(ctx, tokenInfo.Token)
 		if err != nil {
-			return nil
+			return b
 		}
 
-		return github.CreateToolScopeFilter(scopesList)
+		return b.WithFilter(github.CreateToolScopeFilter(scopesList))
 	}
 
-	return nil
+	return b
 }

Original file line number	Diff line number	Diff line change
`@@ -211,7 +211,7 @@ func DefaultInventoryFactory(cfg *ServerConfig, t translations.TranslationHelper`
`211`	`211`	`b = InventoryFiltersForRequest(r, b)`
`212`	`212`
`213`	`213`	`if cfg.ScopeChallenge {`
`214`		`- b = b.WithFilter(ScopeChallengeFilter(r, scopeFetcher))`
	`214`	`+ b = ScopeChallengeFilter(b, r, scopeFetcher)`
`215`	`215`	`}`
`216`	`216`
`217`	`217`	`b.WithServerInstructions()`
`@@ -243,12 +243,12 @@ func InventoryFiltersForRequest(r http.Request, builder inventory.Builder) *in`
`243`	`243`	`return builder`
`244`	`244`	`}`
`245`	`245`
`246`		`-func ScopeChallengeFilter(r *http.Request, fetcher scopes.FetcherInterface) inventory.ToolFilter {`
	`246`	`+func ScopeChallengeFilter(b inventory.Builder, r http.Request, fetcher scopes.FetcherInterface) *inventory.Builder {`
`247`	`247`	`ctx := r.Context()`
`248`	`248`
`249`	`249`	`tokenInfo, ok := ghcontext.GetTokenInfo(ctx)`
`250`	`250`	`if !ok \|\| tokenInfo == nil {`
`251`		`- return nil`
	`251`	`+ return b`
`252`	`252`	`}`
`253`	`253`
`254`	`254`	`// Fetch token scopes for scope-based tool filtering (PAT tokens only)`
`@@ -257,11 +257,11 @@ func ScopeChallengeFilter(r *http.Request, fetcher scopes.FetcherInterface) inve`
`257`	`257`	`if tokenInfo.TokenType == utils.TokenTypePersonalAccessToken {`
`258`	`258`	`scopesList, err := fetcher.FetchTokenScopes(ctx, tokenInfo.Token)`
`259`	`259`	`if err != nil {`
`260`		`- return nil`
	`260`	`+ return b`
`261`	`261`	`}`
`262`	`262`
`263`		`- return github.CreateToolScopeFilter(scopesList)`
	`263`	`+ return b.WithFilter(github.CreateToolScopeFilter(scopesList))`
`264`	`264`	`}`
`265`	`265`
`266`		`- return nil`
	`266`	`+ return b`
`267`	`267`	`}`