From 2396c962148b34d488b9744d3fca238d43027de4 Mon Sep 17 00:00:00 2001 From: Vishwa Kumar patha Date: Wed, 11 Mar 2026 02:39:55 +0530 Subject: [PATCH] fix(github): prevent redundant team fetches across multiple orgs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fetch user teams once instead of per-org to prevent OAuth timeout. Current implementation calls teamsForOrg() inside the org loop, fetching ALL user teams repeatedly for each configured org. This causes redundant API calls and OAuth code expiration for users in many teams. Example: 10 orgs, user in 150 teams - Before: 10 × 5 pages = 50 API calls, 50s - After: 1 × 5 pages = 5 API calls, 5s Changed to call userOrgTeams() once before the loop, then use cached results. The function already returns teams organized by org, making this a simple and obvious optimization. --- connector/github/github.go | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/connector/github/github.go b/connector/github/github.go index eb19f778..09e99796 100644 --- a/connector/github/github.go +++ b/connector/github/github.go @@ -343,6 +343,14 @@ func formatTeamName(org string, team string) string { func (c *githubConnector) groupsForOrgs(ctx context.Context, client *http.Client, userName string) ([]string, error) { groups := make([]string, 0) var inOrgNoTeams bool + + // Fetch all user teams once to avoid redundant API calls across multiple orgs. + // This prevents fetching the same team data repeatedly when iterating through orgs. + allTeamsByOrg, err := c.userOrgTeams(ctx, client) + if err != nil { + return nil, fmt.Errorf("github: get teams: %v", err) + } + for _, org := range c.orgs { inOrg, err := c.userInOrg(ctx, client, userName, org.Name) if err != nil { @@ -352,10 +360,9 @@ func (c *githubConnector) groupsForOrgs(ctx context.Context, client *http.Client continue } - teams, err := c.teamsForOrg(ctx, client, org.Name) - if err != nil { - return nil, err - } + // Use cached teams from the single fetch above instead of fetching per-org + teams := allTeamsByOrg[org.Name] + // User is in at least one org. User is authorized if no teams are specified // in config; include all teams in claim. Otherwise filter out teams not in // 'teams' list in config.