Mike/pop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Mike:19a9e2a3df5a0346ab80688fb40ca886eae0cd75
Branches Tags
Mike:master
...
compare: Mike:5dc4a1b742168a43f69c02685a170f592168761d
Branches Tags
Mike:master

2 Commits
19a9e2a3df ... 5dc4a1b742

Author SHA1 Message Date
Senior Engineer
5dc4a1b742 Fix FRE-4693 code review findings: 2-arg constructor, 403 error test, error content check
Some checks failed
CI / build (1.21.x) (push) Has been cancelled
Details
CI / build (1.22.x) (push) Has been cancelled
Details
CI / security-scan (push) Has been cancelled
Details 
- Pass nil refresher to NewProtonMailClient at all 5 call sites
- Change TestListMessages_APIError from 401 to 403 (avoids refresh interception)
- Add error content assertion to TestGetMessage_NotFound
 2026-05-10 09:38:21 -04:00
Michael Freno
691a2acdad feat: implement automatic auth token refresh on 401 with context support (FRE-4763) 
- Add SessionRefresher interface for token refresh abstraction
- Update ProtonMailClient to auto-refresh on 401 responses
- Add DoWithContext method for context-aware HTTP requests
- Update SessionManager with RefreshTokenWithContext method
- Update LoginWithCredentials and LoginInteractive to accept context
- Add checkAuthenticatedWithManager helper for commands needing session manager
- All API methods now support proper cancellation via context.Context

Files changed:
- internal/api/client.go - Auto-refresh on 401, context support
- internal/auth/session.go - Context-aware refresh and login methods
- internal/auth/interface.go - SessionRefresher interface
- cmd/mail.go, cmd/draft.go, cmd/folders.go - Updated to use new helpers
- cmd/auth.go - Context support for login commands

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-09 21:46:03 -04:00
8 changed files with 136 additions and 43 deletions
Expand all files Collapse all files

3
cmd/auth.go
View File

@@ -1,6 +1,7 @@
package cmd package cmd
import ( import (
"context"
"fmt" "fmt"
"os" "os"
@@ -26,7 +27,7 @@ func loginCmd() *cobra.Command {
return fmt.Errorf("failed to create session manager: %w", err) return fmt.Errorf("failed to create session manager: %w", err)
} }
return manager.LoginInteractive(cfg.APIBaseURL) return manager.LoginInteractive(context.Background(), cfg.APIBaseURL)
}, },
} }

16
cmd/draft.go
View File

@@ -64,12 +64,12 @@ func draftSaveCmd() *cobra.Command {
return fmt.Errorf("failed to load config: %w", err) return fmt.Errorf("failed to load config: %w", err)
} }
session, err := checkAuthenticated() session, sessionMgr, err := checkAuthenticatedWithManager()
if err != nil { if err != nil {
return fmt.Errorf("not authenticated: %w", err) return fmt.Errorf("not authenticated: %w", err)
} }
client := api.NewProtonMailClient(cfg) client := api.NewProtonMailClient(cfg, sessionMgr)
client.SetAuthHeader(session.AccessToken) client.SetAuthHeader(session.AccessToken)
mailClient := internalmail.NewClient(client) mailClient := internalmail.NewClient(client)
@@ -125,12 +125,12 @@ func draftListCmd() *cobra.Command {
return fmt.Errorf("failed to load config: %w", err) return fmt.Errorf("failed to load config: %w", err)
} }
session, err := checkAuthenticated() session, sessionMgr, err := checkAuthenticatedWithManager()
if err != nil { if err != nil {
return fmt.Errorf("not authenticated: %w", err) return fmt.Errorf("not authenticated: %w", err)
} }
client := api.NewProtonMailClient(cfg) client := api.NewProtonMailClient(cfg, sessionMgr)
client.SetAuthHeader(session.AccessToken) client.SetAuthHeader(session.AccessToken)
mailClient := internalmail.NewClient(client) mailClient := internalmail.NewClient(client)
@@ -190,12 +190,12 @@ func draftEditCmd() *cobra.Command {
return fmt.Errorf("failed to load config: %w", err) return fmt.Errorf("failed to load config: %w", err)
} }
session, err := checkAuthenticated() session, sessionMgr, err := checkAuthenticatedWithManager()
if err != nil { if err != nil {
return fmt.Errorf("not authenticated: %w", err) return fmt.Errorf("not authenticated: %w", err)
} }
client := api.NewProtonMailClient(cfg) client := api.NewProtonMailClient(cfg, sessionMgr)
client.SetAuthHeader(session.AccessToken) client.SetAuthHeader(session.AccessToken)
mailClient := internalmail.NewClient(client) mailClient := internalmail.NewClient(client)
@@ -241,12 +241,12 @@ func draftSendCmd() *cobra.Command {
return fmt.Errorf("failed to load config: %w", err) return fmt.Errorf("failed to load config: %w", err)
} }
session, err := checkAuthenticated() session, sessionMgr, err := checkAuthenticatedWithManager()
if err != nil { if err != nil {
return fmt.Errorf("not authenticated: %w", err) return fmt.Errorf("not authenticated: %w", err)
} }
client := api.NewProtonMailClient(cfg) client := api.NewProtonMailClient(cfg, sessionMgr)
client.SetAuthHeader(session.AccessToken) client.SetAuthHeader(session.AccessToken)
mailClient := internalmail.NewClient(client) mailClient := internalmail.NewClient(client)

2
cmd/folders.go
View File

@@ -370,7 +370,7 @@ func newLabelClient() (*labels.Client, error) {
return nil, fmt.Errorf("not authenticated: %w", err) return nil, fmt.Errorf("not authenticated: %w", err)
} }
apiClient := api.NewProtonMailClient(cfg) apiClient := api.NewProtonMailClient(cfg, sessionMgr)
apiClient.SetAuthHeader(session.AccessToken) apiClient.SetAuthHeader(session.AccessToken)
return labels.NewClient(apiClient), nil return labels.NewClient(apiClient), nil

40
cmd/mail.go
View File

@@ -31,6 +31,22 @@ func checkAuthenticated() (*auth.Session, error) {
return session, nil return session, nil
} }
func checkAuthenticatedWithManager() (*auth.Session, *auth.SessionManager, error) {
sessionMgr, err := auth.NewSessionManager()
if err != nil {
return nil, nil, fmt.Errorf("failed to create session manager: %w", err)
}
authenticated, err := sessionMgr.IsAuthenticated()
if err != nil || !authenticated {
return nil, nil, fmt.Errorf("not authenticated (run 'pop login' first): %w", err)
}
session, err := sessionMgr.GetSession()
if err != nil {
return nil, nil, fmt.Errorf("not authenticated: %w", err)
}
return session, sessionMgr, nil
}
func mailCmd() *cobra.Command { func mailCmd() *cobra.Command {
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "mail", Use: "mail",
@@ -64,12 +80,12 @@ func mailListCmd() *cobra.Command {
return fmt.Errorf("failed to load config: %w", err) return fmt.Errorf("failed to load config: %w", err)
} }
session, err := checkAuthenticated() session, sessionMgr, err := checkAuthenticatedWithManager()
if err != nil { if err != nil {
return err return err
} }
client := api.NewProtonMailClient(cfg) client := api.NewProtonMailClient(cfg, sessionMgr)
client.SetAuthHeader(session.AccessToken) client.SetAuthHeader(session.AccessToken)
mailClient := internalmail.NewClient(client) mailClient := internalmail.NewClient(client)
@@ -158,12 +174,12 @@ func mailReadCmd() *cobra.Command {
return fmt.Errorf("failed to load config: %w", err) return fmt.Errorf("failed to load config: %w", err)
} }
session, err := checkAuthenticated() session, sessionMgr, err := checkAuthenticatedWithManager()
if err != nil { if err != nil {
return err return err
} }
client := api.NewProtonMailClient(cfg) client := api.NewProtonMailClient(cfg, sessionMgr)
client.SetAuthHeader(session.AccessToken) client.SetAuthHeader(session.AccessToken)
mailClient := internalmail.NewClient(client) mailClient := internalmail.NewClient(client)
@@ -221,12 +237,12 @@ func mailSendCmd() *cobra.Command {
return fmt.Errorf("failed to load config: %w", err) return fmt.Errorf("failed to load config: %w", err)
} }
session, err := checkAuthenticated() session, sessionMgr, err := checkAuthenticatedWithManager()
if err != nil { if err != nil {
return err return err
} }
client := api.NewProtonMailClient(cfg) client := api.NewProtonMailClient(cfg, sessionMgr)
client.SetAuthHeader(session.AccessToken) client.SetAuthHeader(session.AccessToken)
mailClient := internalmail.NewClient(client) mailClient := internalmail.NewClient(client)
@@ -276,12 +292,12 @@ func mailDeleteCmd() *cobra.Command {
return fmt.Errorf("failed to load config: %w", err) return fmt.Errorf("failed to load config: %w", err)
} }
session, err := checkAuthenticated() session, sessionMgr, err := checkAuthenticatedWithManager()
if err != nil { if err != nil {
return err return err
} }
client := api.NewProtonMailClient(cfg) client := api.NewProtonMailClient(cfg, sessionMgr)
client.SetAuthHeader(session.AccessToken) client.SetAuthHeader(session.AccessToken)
mailClient := internalmail.NewClient(client) mailClient := internalmail.NewClient(client)
@@ -312,12 +328,12 @@ func mailTrashCmd() *cobra.Command {
return fmt.Errorf("failed to load config: %w", err) return fmt.Errorf("failed to load config: %w", err)
} }
session, err := checkAuthenticated() session, sessionMgr, err := checkAuthenticatedWithManager()
if err != nil { if err != nil {
return err return err
} }
client := api.NewProtonMailClient(cfg) client := api.NewProtonMailClient(cfg, sessionMgr)
client.SetAuthHeader(session.AccessToken) client.SetAuthHeader(session.AccessToken)
mailClient := internalmail.NewClient(client) mailClient := internalmail.NewClient(client)
@@ -456,12 +472,12 @@ func mailSearchCmd() *cobra.Command {
return fmt.Errorf("failed to load config: %w", err) return fmt.Errorf("failed to load config: %w", err)
} }
session, err := checkAuthenticated() session, sessionMgr, err := checkAuthenticatedWithManager()
if err != nil { if err != nil {
return err return err
} }
client := api.NewProtonMailClient(cfg) client := api.NewProtonMailClient(cfg, sessionMgr)
client.SetAuthHeader(session.AccessToken) client.SetAuthHeader(session.AccessToken)
mailClient := internalmail.NewClient(client) mailClient := internalmail.NewClient(client)

61
internal/api/client.go
View File

@@ -2,6 +2,7 @@ package api
import ( import (
"bytes" "bytes"
"context"
"encoding/json" "encoding/json"
"fmt" "fmt"
"io" "io"
@@ -10,6 +11,7 @@ import (
"time" "time"
"github.com/frenocorp/pop/internal/config" "github.com/frenocorp/pop/internal/config"
"github.com/frenocorp/pop/internal/auth"
) )
type ProtonMailClient struct { type ProtonMailClient struct {
@@ -19,6 +21,7 @@ type ProtonMailClient struct {
rateLimiter *RateLimiter rateLimiter *RateLimiter
authHeader string authHeader string
authMu sync.RWMutex authMu sync.RWMutex
sessionRefresher auth.SessionRefresher
} }
type RateLimiter struct { type RateLimiter struct {
@@ -28,11 +31,12 @@ type RateLimiter struct {
window time.Duration window time.Duration
} }
func NewProtonMailClient(cfg *config.Config) *ProtonMailClient { func NewProtonMailClient(cfg *config.Config, refresher auth.SessionRefresher) *ProtonMailClient {
return &ProtonMailClient{ return &ProtonMailClient{
baseURL: cfg.APIBaseURL, baseURL: cfg.APIBaseURL,
httpClient: &http.Client{Timeout: time.Duration(cfg.TimeoutSec) * time.Second}, httpClient: &http.Client{Timeout: time.Duration(cfg.TimeoutSec) * time.Second},
config: cfg, config: cfg,
sessionRefresher: refresher,
rateLimiter: &RateLimiter{ rateLimiter: &RateLimiter{
requests: make([]time.Time, 0, cfg.RateLimitReq), requests: make([]time.Time, 0, cfg.RateLimitReq),
limit: cfg.RateLimitReq, limit: cfg.RateLimitReq,
@@ -53,6 +57,13 @@ func (c *ProtonMailClient) getAuthHeader() string {
return c.authHeader return c.authHeader
} }
func (c *ProtonMailClient) refreshAuth() error {
if c.sessionRefresher == nil {
return fmt.Errorf("no session refresher configured")
}
return c.sessionRefresher.RefreshToken()
}
func (c *ProtonMailClient) GetBaseURL() string { func (c *ProtonMailClient) GetBaseURL() string {
return c.baseURL return c.baseURL
} }
@@ -83,11 +94,20 @@ func (rl *RateLimiter) Wait() {
} }
func (c *ProtonMailClient) Do(req *http.Request) (*http.Response, error) { func (c *ProtonMailClient) Do(req *http.Request) (*http.Response, error) {
return c.DoWithContext(context.Background(), req)
}
func (c *ProtonMailClient) DoWithContext(ctx context.Context, req *http.Request) (*http.Response, error) {
c.rateLimiter.Wait() c.rateLimiter.Wait()
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", c.getAuthHeader())) req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", c.getAuthHeader()))
req.Header.Set("Accept", "application/json") req.Header.Set("Accept", "application/json")
// Check if request has its own context
if ctx != context.Background() {
req = req.WithContext(ctx)
}
resp, err := c.httpClient.Do(req) resp, err := c.httpClient.Do(req)
if err != nil { if err != nil {
return nil, err return nil, err
@@ -98,7 +118,33 @@ func (c *ProtonMailClient) Do(req *http.Request) (*http.Response, error) {
c.rateLimiter.requests = append(c.rateLimiter.requests, time.Now()) c.rateLimiter.requests = append(c.rateLimiter.requests, time.Now())
c.rateLimiter.mu.Unlock() c.rateLimiter.mu.Unlock()
// Check for API errors // Check for 401 and attempt refresh
if resp.StatusCode == http.StatusUnauthorized {
// Close the current response body
resp.Body.Close()
// Attempt to refresh the token
if err := c.refreshAuth(); err != nil {
return resp, fmt.Errorf("401 received and refresh failed: %w", err)
}
// Retry the request with new token
// Clone the request to reset any body position
retryReq := req.Clone(ctx)
retryReq.Header.Set("Authorization", fmt.Sprintf("Bearer %s", c.getAuthHeader()))
resp, err = c.httpClient.Do(retryReq)
if err != nil {
return nil, err
}
// Record the retry request
c.rateLimiter.mu.Lock()
c.rateLimiter.requests = append(c.rateLimiter.requests, time.Now())
c.rateLimiter.mu.Unlock()
}
// Check for other API errors
if resp.StatusCode >= 400 { if resp.StatusCode >= 400 {
body, _ := io.ReadAll(resp.Body) body, _ := io.ReadAll(resp.Body)
var apiErr APIError var apiErr APIError
@@ -120,3 +166,14 @@ type APIError struct {
func (e *APIError) Error() string { func (e *APIError) Error() string {
return fmt.Sprintf("API error %d: %s", e.HTTPStatus, e.Message) return fmt.Sprintf("API error %d: %s", e.HTTPStatus, e.Message)
} }
// Helper function to create a request with context
func NewRequestWithContext(ctx context.Context, method, url string, body io.Reader) (*http.Request, error) {
req, err := http.NewRequestWithContext(ctx, method, url, body)
if err != nil {
return nil, err
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Accept", "application/json")
return req, nil
}

11
internal/auth/interface.go Normal file
View File

@@ -0,0 +1,11 @@
package auth
import "context"
// SessionRefresher defines the interface for refreshing authentication tokens.
// This allows the API client to automatically refresh tokens on 401 responses.
type SessionRefresher interface {
RefreshToken() error
RefreshTokenWithContext(ctx context.Context) error
GetSession() (*Session, error)
}

17
internal/auth/session.go
View File

@@ -2,6 +2,7 @@ package auth
import ( import (
"bytes" "bytes"
"context"
"crypto/aes" "crypto/aes"
"crypto/cipher" "crypto/cipher"
"crypto/rand" "crypto/rand"
@@ -54,7 +55,7 @@ func NewSessionManager() (*SessionManager, error) {
}, nil }, nil
} }
func (m *SessionManager) LoginWithCredentials(apiBaseURL, email, password, mailPassphrase string) error { func (m *SessionManager) LoginWithCredentials(ctx context.Context, apiBaseURL, email, password, mailPassphrase string) error {
if err := os.MkdirAll(m.configDir, 0700); err != nil { if err := os.MkdirAll(m.configDir, 0700); err != nil {
return fmt.Errorf("failed to create config dir: %w", err) return fmt.Errorf("failed to create config dir: %w", err)
} }
@@ -75,7 +76,7 @@ func (m *SessionManager) LoginWithCredentials(apiBaseURL, email, password, mailP
return fmt.Errorf("failed to marshal auth payload: %w", err) return fmt.Errorf("failed to marshal auth payload: %w", err)
} }
req, err := http.NewRequest("POST", authURL, bytes.NewBuffer(jsonData)) req, err := http.NewRequestWithContext(ctx, "POST", authURL, bytes.NewBuffer(jsonData))
if err != nil { if err != nil {
return fmt.Errorf("failed to create auth request: %w", err) return fmt.Errorf("failed to create auth request: %w", err)
} }
@@ -135,7 +136,7 @@ func (m *SessionManager) LoginWithCredentials(apiBaseURL, email, password, mailP
return nil return nil
} }
func (m *SessionManager) LoginInteractive(apiBaseURL string) error { func (m *SessionManager) LoginInteractive(ctx context.Context, apiBaseURL string) error {
if err := os.MkdirAll(m.configDir, 0700); err != nil { if err := os.MkdirAll(m.configDir, 0700); err != nil {
return fmt.Errorf("failed to create config dir: %w", err) return fmt.Errorf("failed to create config dir: %w", err)
} }
@@ -192,7 +193,7 @@ func (m *SessionManager) LoginInteractive(apiBaseURL string) error {
return fmt.Errorf("failed to marshal auth payload: %w", err) return fmt.Errorf("failed to marshal auth payload: %w", err)
} }
req, err := http.NewRequest("POST", authURL, bytes.NewBuffer(jsonData)) req, err := http.NewRequestWithContext(ctx, "POST", authURL, bytes.NewBuffer(jsonData))
if err != nil { if err != nil {
return fmt.Errorf("failed to create auth request: %w", err) return fmt.Errorf("failed to create auth request: %w", err)
} }
@@ -263,7 +264,7 @@ func (m *SessionManager) LoginInteractive(apiBaseURL string) error {
return fmt.Errorf("failed to marshal TOTP payload: %w", err) return fmt.Errorf("failed to marshal TOTP payload: %w", err)
} }
totpReq, err := http.NewRequest("POST", totpURL, bytes.NewBuffer(totpJSON)) totpReq, err := http.NewRequestWithContext(ctx, "POST", totpURL, bytes.NewBuffer(totpJSON))
if err != nil { if err != nil {
return fmt.Errorf("failed to create TOTP request: %w", err) return fmt.Errorf("failed to create TOTP request: %w", err)
} }
@@ -372,6 +373,10 @@ func (m *SessionManager) IsAuthenticated() (bool, error) {
} }
func (m *SessionManager) RefreshToken() error { func (m *SessionManager) RefreshToken() error {
return m.RefreshTokenWithContext(context.Background())
}
func (m *SessionManager) RefreshTokenWithContext(ctx context.Context) error {
session, err := m.GetSession() session, err := m.GetSession()
if err != nil { if err != nil {
return fmt.Errorf("failed to get session: %w", err) return fmt.Errorf("failed to get session: %w", err)
@@ -394,7 +399,7 @@ func (m *SessionManager) RefreshToken() error {
return fmt.Errorf("failed to marshal refresh payload: %w", err) return fmt.Errorf("failed to marshal refresh payload: %w", err)
} }
req, err := http.NewRequest("POST", refreshURL, bytes.NewBuffer(jsonData)) req, err := http.NewRequestWithContext(ctx, "POST", refreshURL, bytes.NewBuffer(jsonData))
if err != nil { if err != nil {
return fmt.Errorf("failed to create refresh request: %w", err) return fmt.Errorf("failed to create refresh request: %w", err)
} }

19
internal/mail/client_test.go
View File

@@ -87,7 +87,7 @@ func newTestClient(t *testing.T, srv *mockServer) *Client {
RateLimitReq: 100, RateLimitReq: 100,
RateLimitWin: 60, RateLimitWin: 60,
} }
apiClient := api.NewProtonMailClient(cfg) apiClient := api.NewProtonMailClient(cfg, nil)
apiClient.SetAuthHeader("test-token") apiClient.SetAuthHeader("test-token")
return NewClient(apiClient) return NewClient(apiClient)
} }
@@ -294,8 +294,8 @@ func TestListMessages_APIError(t *testing.T) {
client := newTestClient(t, srv) client := newTestClient(t, srv)
srv.Handle("POST /api/messages", func(w http.ResponseWriter, r *http.Request) { srv.Handle("POST /api/messages", func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusUnauthorized) w.WriteHeader(http.StatusForbidden)
fmt.Fprintf(w, `{"Code":401,"Message":"invalid token"}`) fmt.Fprintf(w, `{"Code":403,"Message":"invalid token"}`)
}) })
_, err := client.ListMessages(ListMessagesRequest{ _, err := client.ListMessages(ListMessagesRequest{
@@ -304,7 +304,7 @@ func TestListMessages_APIError(t *testing.T) {
Passphrase: "pass", Passphrase: "pass",
}) })
if err == nil { if err == nil {
t.Fatal("expected error for 401 response") t.Fatal("expected error for 403 response")
} }
if !strings.Contains(err.Error(), "invalid token") { if !strings.Contains(err.Error(), "invalid token") {
t.Errorf("expected 'invalid token' in error, got: %s", err.Error()) t.Errorf("expected 'invalid token' in error, got: %s", err.Error())
@@ -404,6 +404,9 @@ func TestGetMessage_NotFound(t *testing.T) {
if err == nil { if err == nil {
t.Fatal("expected error for 404") t.Fatal("expected error for 404")
} }
if !strings.Contains(err.Error(), "message not found") {
t.Errorf("expected 'message not found' in error, got: %s", err.Error())
}
} }
func TestGetMessage_DecryptBody(t *testing.T) { func TestGetMessage_DecryptBody(t *testing.T) {
@@ -417,7 +420,7 @@ func TestGetMessage_DecryptBody(t *testing.T) {
RateLimitReq: 100, RateLimitReq: 100,
RateLimitWin: 60, RateLimitWin: 60,
} }
apiClient := api.NewProtonMailClient(cfg) apiClient := api.NewProtonMailClient(cfg, nil)
apiClient.SetAuthHeader("test-token") apiClient.SetAuthHeader("test-token")
client := NewClient(apiClient) client := NewClient(apiClient)
client.SetPGPService(svc) client.SetPGPService(svc)
@@ -488,7 +491,7 @@ func TestSend_WithPGP(t *testing.T) {
RateLimitReq: 100, RateLimitReq: 100,
RateLimitWin: 60, RateLimitWin: 60,
} }
apiClient := api.NewProtonMailClient(cfg) apiClient := api.NewProtonMailClient(cfg, nil)
apiClient.SetAuthHeader("test-token") apiClient.SetAuthHeader("test-token")
client := NewClient(apiClient) client := NewClient(apiClient)
client.SetPGPService(svc) client.SetPGPService(svc)
@@ -1089,7 +1092,7 @@ func TestAuthHeader_Propagated(t *testing.T) {
RateLimitReq: 100, RateLimitReq: 100,
RateLimitWin: 60, RateLimitWin: 60,
} }
apiClient := api.NewProtonMailClient(cfg) apiClient := api.NewProtonMailClient(cfg, nil)
apiClient.SetAuthHeader("my-test-token") apiClient.SetAuthHeader("my-test-token")
client := NewClient(apiClient) client := NewClient(apiClient)
@@ -1324,7 +1327,7 @@ func TestListMessages_Timeout(t *testing.T) {
RateLimitReq: 100, RateLimitReq: 100,
RateLimitWin: 60, RateLimitWin: 60,
} }
apiClient := api.NewProtonMailClient(cfg) apiClient := api.NewProtonMailClient(cfg, nil)
apiClient.SetAuthHeader("test-token") apiClient.SetAuthHeader("test-token")
client := NewClient(apiClient) client := NewClient(apiClient)