Add authentication support for protected file downloads (Issue #22)

[thromel]

Summary

Implements Issue #22: Add Ability to Download Password/Cookie Protected Files

This feature enables downloading files that require authentication by supporting multiple authentication methods.

Authentication Types Supported

Type	Description
None	No authentication (default)
Basic Auth	Username/password credentials (Base64 encoded)
Bearer Token	OAuth-style bearer tokens
Cookies	Session cookies for authenticated sites
Custom Headers	JSON dictionary of arbitrary HTTP headers

Changes

New Files

File	Purpose
Models/AuthenticationType.cs	Enum defining 5 authentication types
Helpers/HttpRequestAuthenticator.cs	Static helper to apply auth to HTTP requests
Tests/Services/HttpRequestAuthenticatorTests.cs	19 unit tests for auth helper
Migrations/AddDownloadAuthentication.cs	EF Core migration for new columns

Modified Files

File	Changes
Models/FileDownloadQueueItem.cs	Added 6 authentication properties
Services/DownloadQueueService.cs	Apply auth at 5 HTTP request points
Components/Download/DownloadFromDirectLink.razor	Auth settings UI in expandable panel

Implementation Details

Data Model

Added to FileDownloadQueueItem:

• AuthType - Enum specifying auth method
• AuthUsername / AuthPassword - For Basic Auth
• AuthBearerToken - For Bearer tokens
• AuthCookies - For cookie-based auth
• AuthCustomHeaders - JSON string for custom headers

HTTP Request Integration

Authentication is applied at 5 points in DownloadQueueService:

1. Initial GET request
2. Resume request
3. Range support check (HEAD)
4. Parallel download HEAD
5. Chunk download GET

Test plan

• All unit tests pass (19 new tests for HttpRequestAuthenticator)
• Manual testing with httpbin.org authentication endpoints
• UI verification with Playwright
• Database migration applies correctly

Security Notes

• Credentials stored in SQLite (acceptable for self-hosted application)
• Password fields use masked input (InputType.Password)
• No credentials logged in error messages

[gemini-code-assist]

Summary of Changes

Hello @thromel, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the file download functionality by enabling support for protected files. It introduces a robust system for handling various authentication types, ensuring that the application can securely access resources that require credentials, tokens, or custom headers. The changes span data modeling, core download logic, a new authentication helper, and user interface elements, providing a complete solution for authenticated downloads.

Highlights

• New Authentication Support: Introduced support for multiple authentication methods for file downloads, including Basic Auth, Bearer Token, Cookies, and Custom Headers, enabling downloads from protected sources.
• Authentication Helper: Implemented a dedicated HttpRequestAuthenticator helper to consistently apply authentication details to HTTP requests across the download service.
• Data Model and UI Updates: Updated the FileDownloadQueueItem data model to store authentication-related properties and added a user interface in DownloadFromDirectLink.razor for configuring these settings.
• Integrated Download Logic: Integrated authentication settings into the DownloadQueueService at all critical HTTP request points, ensuring authenticated access during initial downloads, resume operations, range checks, and parallel chunk downloads.
• Comprehensive Unit Testing: Included comprehensive unit tests for the HttpRequestAuthenticator to ensure correct application of various authentication schemes and handle edge cases.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a comprehensive authentication mechanism for file downloads, supporting Basic Auth, Bearer Tokens, Cookies, and Custom Headers. The implementation is well-structured, with a dedicated HttpRequestAuthenticator helper, corresponding model changes, and UI components for configuration. The changes are thoroughly tested with 19 new unit tests covering various authentication scenarios and edge cases. The authentication logic is correctly integrated into all relevant parts of the download process, including initial requests, retries, and parallel chunk downloads.

My review focuses on a minor refactoring opportunity in the new unit tests to improve conciseness and maintainability. Overall, this is a high-quality contribution that significantly enhances the application's capabilities.

[gemini-code-assist]

These three tests for the HasAuthentication property can be consolidated into a single, more concise [Theory] test. This improves readability and maintainability by reducing code duplication and covering all cases in one place.

        [Theory]
        [InlineData(AuthenticationType.BasicAuth, true)]
        [InlineData(AuthenticationType.BearerToken, true)]
        [InlineData(AuthenticationType.Cookie, true)]
        [InlineData(AuthenticationType.CustomHeaders, true)]
        [InlineData(AuthenticationType.None, false)]
        public void HasAuthentication_ReturnsCorrectValue_ForAuthType(AuthenticationType authType, bool expected)
        {
            // Arrange
            var queueItem = new FileDownloadQueueItem
            {
                AuthType = authType
            };

            // Assert
            Assert.Equal(expected, queueItem.HasAuthentication);
        }