Skip to content

fix(updater): use GitHub atom feed for Beta lookup, dodge API rate limit#350

Merged
appergb merged 1 commit into
betafrom
fix/beta-fetch-via-atom
May 8, 2026
Merged

fix(updater): use GitHub atom feed for Beta lookup, dodge API rate limit#350
appergb merged 1 commit into
betafrom
fix/beta-fetch-via-atom

Conversation

@appergb
Copy link
Copy Markdown
Collaborator

@appergb appergb commented May 8, 2026
edited by github-actions Bot
Loading

User description

Root cause

用户在 Beta-2 build 上点「加入 Beta 渠道」开关时显示「获取 Beta 版本信息失败」。现场 curl 实测:

```
HTTP/2 403
x-ratelimit-limit: 60
x-ratelimit-remaining: 0
{"message":"API rate limit exceeded for 103.62.49.154. ..."}
```

`api.github.com` 未认证调用是 60 req/h/IP——我之前 debug 调用 + 用户切 toggle 几次,同 IP 池就被耗尽了。在公司/家庭共享出口下,多个用户的 OpenLess 实例共用同一额度,更容易撞。

Fix

换成 `https://github.com/appergb/openless/releases.atom\`(公开 RSS,CDN cache,无 API rate limit)。

  • atom feed 不显式标 `prerelease`,但项目约定 tag 后缀 `-beta-tauri` 必为 Beta,过滤后缀就够了
  • timeout 10s → 15s
  • 提取 `parse_latest_beta_from_atom` 纯函数,加两个 unit test:
    • 混合 stable + beta 时返回 Beta entry → ✅ pass
    • 全 stable 时返回 None → ✅ pass

Frontend not touched

JS 端 `invoke('fetch_latest_beta_release')` 签名 / 错误展示完全没动。Beta-3 build 装上后用户切 toggle 就直接生效。

Why atom over keeping API but adding auth

需要 GITHUB_TOKEN 注入到客户端——把任何 token 打进每个用户的 build 都不合理(公开二进制、token 要么暴露要么共享)。Atom feed 是无认证 + 无 rate limit 的天然解。

PR Type

Bug fix, Tests

Description

  • Replace API call with Atom feed to avoid rate limit

  • Increase timeout from 10s to 15s

  • Parse feed with string matching, no XML lib

  • Add tests for Beta tag detection

Diagram Walkthrough

flowchart LR
  node1["api.github.com/releases (REST)"]
  node2["github.com/releases.atom (RSS)"]
  node3["parse_latest_beta_from_atom"]
  node4["LatestBetaRelease"]
  node1 -- "rate limit 60/h → 403" --> node2
  node2 -- "fetch & parse" --> node3
  node3 -- "filter by -beta-tauri suffix" --> node4
Loading

File Walkthrough
Relevant files
Bug fix
commands.rs
Replace API with Atom feed for Beta release lookup             

openless-all/app/src-tauri/src/commands.rs

  • Replaced GitHub REST API call with Atom feed to avoid 60 req/h/IP rate
    limit
  • Increased HTTP timeout from 10s to 15s for cross‑border networks
  • Implemented parse_latest_beta_from_atom and extract_between for
    lightweight XML parsing
  • Added unit tests: one for beta tag found, one for stable‑only feed
    returning none
 +98/-43 

fix(updater): use GitHub atom feed for Beta lookup, dodge API rate limit
4d1a7b4 
用户报「获取 Beta 版本信息失败」根因:fetch_latest_beta_release 调
api.github.com/repos/.../releases,未认证 60 req/h/IP。多次切 Beta toggle
+ 同 IP 共享配额(公司/家庭网络后),轻易撞 403 rate limit exceeded。
现场实测 IP 已耗尽:x-ratelimit-remaining: 0。

修法:换成 GitHub releases.atom(公开 RSS feed,CDN cache,无 API rate limit)。

具体改动:
- fetch_latest_beta_release 端点从 api.github.com 改成 github.com/.../releases.atom
- 提取一个纯函数 parse_latest_beta_from_atom 做字符串解析(不引 XML 库——
  feed 格式稳定,找 /releases/tag/ 锚点抓 tag 即可),方便单测
- atom feed 不显式标 prerelease,但项目约定 tag 后缀 `-beta-tauri` 就是 Beta,
  过滤后缀已足够
- timeout 从 10s 提到 15s,给跨境网络更多余地
- 加 2 个 unit test:(1) 混合 stable+beta 时返回 Beta entry;(2) 全 stable
  时返回 None。两个 test 都已 pass

不改前端:JS 端调用签名 / 错误展示路径不变,下次 Beta-3 release 出来后用户
装上即生效。
@appergb appergb merged commit e358c20 into beta May 8, 2026
3 checks passed
@appergb appergb deleted the fix/beta-fetch-via-atom branch May 8, 2026 01:47
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 8, 2026

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
🧪 PR contains tests
🔒 No security concerns identified
⚡ No major issues detected

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Review effort 2/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@appergb