fix: replace log.Fatal with proper error returns in client constructors (#327)

* fix: replace log.Fatal with proper error returns in client constructors

Replace all log.Fatal calls in client constructor functions with proper
error returns to allow library users to handle errors gracefully instead
of crashing the entire application.

Changes:
- Updated NewOAuthClientCredentials to return (*Client, error)
- Updated NewOAuth to return (*Client, error)
- Updated NewOAuthWithCode to return (*Client, string, error)
- Updated NewOAuthWithRefreshToken to return (*Client, string, error)
- Updated NewOAuthbearerToken to return (*Client, error)
- Updated NewBasicAuth to return (*Client, error)
- Updated injectClient to return (*Client, error)
- Removed unused log import
- Updated all test files to handle the new error returns

This ensures the library behaves as a proper library and doesn't force
the calling application to exit on authentication errors.

Fixes #326

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* fix: add error context wrapping in OAuth client constructors

Improve error diagnostics by wrapping errors returned from injectClient
with additional context in NewOAuthWithCode and NewOAuthWithRefreshToken.
This creates a clearer error chain for callers to inspect and debug.

Changes:
- Wrap injectClient error in NewOAuthWithCode with "failed to create client"
- Wrap injectClient error in NewOAuthWithRefreshToken with "failed to create client"

This addresses review feedback from @gemini-code-assist.

* deprecate: mark NewOAuth as deprecated due to stdin/stdout usage

The NewOAuth function uses stdin/stdout directly, making it unsuitable
for non-interactive environments such as web servers and background jobs.

This marks the function as deprecated and recommends using NewOAuthWithCode
instead, where users can obtain the authorization code through their own
UI/CLI implementation.

This addresses the design concern raised in review feedback from
@gemini-code-assist.

---------

Co-authored-by: Claude <noreply@anthropic.com>

Author: ktrysmt

client.go

@@ -6,7 +6,6 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
-	"log"
 	"mime/multipart"
 	"net/http"
 	"net/url"
@@ -63,16 +62,16 @@ type auth struct {
 
 type Response struct {
 	*http.Response `json:"-"`
-	Size     int           `json:"size"`
-	Page     int           `json:"page"`
-	Pagelen  int           `json:"pagelen"`
-	Next     string        `json:"next"`
-	Previous string        `json:"previous"`
-	Values   []interface{} `json:"values"`
+	Size           int           `json:"size"`
+	Page           int           `json:"page"`
+	Pagelen        int           `json:"pagelen"`
+	Next           string        `json:"next"`
+	Previous       string        `json:"previous"`
+	Values         []interface{} `json:"values"`
 }
 
 // Uses the Client Credentials Grant oauth2 flow to authenticate to Bitbucket
-func NewOAuthClientCredentials(i, s string) *Client {
+func NewOAuthClientCredentials(i, s string) (*Client, error) {
 	a := &auth{appID: i, secret: s}
 	ctx := context.Background()
 	conf := &clientcredentials.Config{
@@ -83,14 +82,20 @@ func NewOAuthClientCredentials(i, s string) *Client {
 
 	tok, err := conf.Token(ctx)
 	if err != nil {
-		log.Fatal(err)
+		return nil, fmt.Errorf("failed to obtain token: %w", err)
 	}
 	a.token = *tok
 	return injectClient(a)
 
 }
 
-func NewOAuth(i, s string) *Client {
+// NewOAuth performs an interactive OAuth flow using stdin/stdout.
+//
+// Deprecated: This function uses stdin/stdout directly, making it unsuitable for
+// non-interactive environments (e.g., web servers, background jobs). Instead, use
+// NewOAuthWithCode after obtaining the authorization code through your own UI/CLI.
+// You can generate the authorization URL using oauth2.Config.AuthCodeURL() directly.
+func NewOAuth(i, s string) (*Client, error) {
 	a := &auth{appID: i, secret: s}
 	ctx := context.Background()
 	conf := &oauth2.Config{
@@ -111,19 +116,19 @@ func NewOAuth(i, s string) *Client {
 	var code string
 	fmt.Printf("Enter the code in the return URL: ")
 	if _, err := fmt.Scan(&code); err != nil {
-		log.Fatal(err)
+		return nil, fmt.Errorf("failed to read authorization code: %w", err)
 	}
 	tok, err := conf.Exchange(ctx, code)
 	if err != nil {
-		log.Fatal(err)
+		return nil, fmt.Errorf("failed to exchange authorization code: %w", err)
 	}
 	a.token = *tok
 	return injectClient(a)
 }
 
 // NewOAuthWithCode finishes the OAuth handshake with a given code
 // and returns a *Client
-func NewOAuthWithCode(i, s, c string) (*Client, string) {
+func NewOAuthWithCode(i, s, c string) (*Client, string, error) {
 	a := &auth{appID: i, secret: s}
 	ctx := context.Background()
 	conf := &oauth2.Config{
@@ -134,15 +139,19 @@ func NewOAuthWithCode(i, s, c string) (*Client, string) {
 
 	tok, err := conf.Exchange(ctx, c)
 	if err != nil {
-		log.Fatal(err)
+		return nil, "", fmt.Errorf("failed to exchange authorization code: %w", err)
 	}
 	a.token = *tok
-	return injectClient(a), tok.AccessToken
+	client, err := injectClient(a)
+	if err != nil {
+		return nil, "", fmt.Errorf("failed to create client: %w", err)
+	}
+	return client, tok.AccessToken, nil
 }
 
 // NewOAuthWithRefreshToken obtains a new access token with a given refresh token
 // and returns a *Client
-func NewOAuthWithRefreshToken(i, s, rt string) (*Client, string) {
+func NewOAuthWithRefreshToken(i, s, rt string) (*Client, string, error) {
 	a := &auth{appID: i, secret: s}
 	ctx := context.Background()
 	conf := &oauth2.Config{
@@ -156,26 +165,30 @@ func NewOAuthWithRefreshToken(i, s, rt string) (*Client, string) {
 	})
 	tok, err := tokenSource.Token()
 	if err != nil {
-		log.Fatal(err)
+		return nil, "", fmt.Errorf("failed to refresh token: %w", err)
 	}
 	a.token = *tok
-	return injectClient(a), tok.AccessToken
+	client, err := injectClient(a)
+	if err != nil {
+		return nil, "", fmt.Errorf("failed to create client: %w", err)
+	}
+	return client, tok.AccessToken, nil
 }
 
-func NewOAuthbearerToken(t string) *Client {
+func NewOAuthbearerToken(t string) (*Client, error) {
 	a := &auth{bearerToken: t}
 	return injectClient(a)
 }
 
-func NewBasicAuth(u, p string) *Client {
+func NewBasicAuth(u, p string) (*Client, error) {
 	a := &auth{user: u, password: p}
 	return injectClient(a)
 }
 
-func injectClient(a *auth) *Client {
+func injectClient(a *auth) (*Client, error) {
 	bitbucketUrl, err := apiBaseUrl()
 	if err != nil {
-		log.Fatalf("invalid bitbucket url")
+		return nil, fmt.Errorf("invalid bitbucket url: %w", err)
 	}
 	c := &Client{Auth: a, Pagelen: DEFAULT_PAGE_LENGTH, MaxDepth: DEFAULT_MAX_DEPTH,
 		apiBaseURL: bitbucketUrl, LimitPages: DEFAULT_LIMIT_PAGES}
@@ -193,14 +206,14 @@ func injectClient(a *auth) *Client {
 		DeployKeys:         &DeployKeys{c: c},
 	}
 	c.Users = &Users{
-		c: c,
+		c:       c,
 		SSHKeys: &SSHKeys{c: c},
 	}
 	c.User = &User{c: c}
 	c.Teams = &Teams{c: c}
 	c.Workspaces = &Workspace{c: c, Repositories: c.Repositories, Permissions: &Permission{c: c}}
 	c.HttpClient = new(http.Client)
-	return c
+	return c, nil
 }
 
 func (c *Client) GetOAuthToken() oauth2.Token {

teams.go

@@ -35,7 +35,6 @@ func (t *Teams) Repositories(teamname string) (interface{}, error) {
 }
 
 func (t *Teams) Projects(teamname string) (interface{}, error) {
-        urlStr := t.c.requestUrl("/teams/%s/projects/", teamname)
-        return t.c.execute("GET", urlStr, "")
+	urlStr := t.c.requestUrl("/teams/%s/projects/", teamname)
+	return t.c.execute("GET", urlStr, "")
 }
-

tests/branchrestrictions_test.go

@@ -32,7 +32,10 @@ func setup(t *testing.T) *bitbucket.Client {
 		t.Error("BITBUCKET_TEST_REPOSLUG is empty.")
 	}
 
-	c := bitbucket.NewBasicAuth(user, pass)
+	c, err := bitbucket.NewBasicAuth(user, pass)
+	if err != nil {
+		t.Fatal(err)
+	}
 	return c
 }
 

tests/client_test.go

@@ -8,7 +8,10 @@ import (
 
 func TestClientNewBasicAuth(t *testing.T) {
 
-	c := bitbucket.NewBasicAuth("example", "password")
+	c, err := bitbucket.NewBasicAuth("example", "password")
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	r := reflect.ValueOf(c)
 

tests/deploykeys_test.go

@@ -29,7 +29,10 @@ func TestDeployKey(t *testing.T) {
 		t.Error("BITBUCKET_TEST_REPOSLUG is empty.")
 	}
 
-	c := bitbucket.NewBasicAuth(user, pass)
+	c, err := bitbucket.NewBasicAuth(user, pass)
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	var deployKeyResourceId int
 
@@ -121,7 +124,10 @@ func TestDeployKeyWithComment(t *testing.T) {
 		t.Error("BITBUCKET_TEST_REPOSLUG is empty.")
 	}
 
-	c := bitbucket.NewBasicAuth(user, pass)
+	c, err := bitbucket.NewBasicAuth(user, pass)
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	var deployKeyResourceId int
 
@@ -220,7 +226,10 @@ func TestListDeployKeys(t *testing.T) {
 		t.Error("BITBUCKET_TEST_REPOSLUG is empty.")
 	}
 
-	c := bitbucket.NewBasicAuth(user, pass)
+	c, err := bitbucket.NewBasicAuth(user, pass)
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	var deployKeyResourceId1 int
 	var deployKeyResourceId2 int

tests/diff_test.go

@@ -23,7 +23,10 @@ func TestDiff(t *testing.T) {
 		t.Error("BITBUCKET_TEST_PASSWORD is empty.")
 	}
 
-	c := bitbucket.NewBasicAuth(user, pass)
+	c, err := bitbucket.NewBasicAuth(user, pass)
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	spec := "master..develop"
 
@@ -59,7 +62,10 @@ func TestGetDiffStat(t *testing.T) {
 		t.Error("BITBUCKET_TEST_PASSWORD is empty.")
 	}
 
-	c := bitbucket.NewBasicAuth(user, pass)
+	c, err := bitbucket.NewBasicAuth(user, pass)
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	spec := "master..develop"
 
@@ -95,7 +101,10 @@ func TestGetDiffStatWithFields(t *testing.T) {
 		t.Error("BITBUCKET_TEST_PASSWORD is empty.")
 	}
 
-	c := bitbucket.NewBasicAuth(user, pass)
+	c, err := bitbucket.NewBasicAuth(user, pass)
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	spec := "master..develop"
 

tests/environment_test.go

@@ -28,7 +28,10 @@ func TestListEnvironments(t *testing.T) {
 		t.Error("BITBUCKET_TEST_REPOSLUG is empty.")
 	}
 
-	c := bitbucket.NewBasicAuth(user, pass)
+	c, err := bitbucket.NewBasicAuth(user, pass)
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	opt := &bitbucket.RepositoryEnvironmentsOptions{
 		Owner:    owner,
@@ -65,7 +68,10 @@ func TestEndToEndEnvironments(t *testing.T) {
 		t.Error("BITBUCKET_TEST_REPOSLUG is empty.")
 	}
 
-	c := bitbucket.NewBasicAuth(user, pass)
+	c, err := bitbucket.NewBasicAuth(user, pass)
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	opt := &bitbucket.RepositoryEnvironmentOptions{
 		Owner:           owner,

tests/list_test.go

@@ -14,7 +14,10 @@ func TestList(t *testing.T) {
 	pass := os.Getenv("BITBUCKET_TEST_PASSWORD")
 	owner := os.Getenv("BITBUCKET_TEST_OWNER")
 
-	c := bitbucket.NewBasicAuth(user, pass)
+	c, err := bitbucket.NewBasicAuth(user, pass)
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	opt := &bitbucket.RepositoriesOptions{
 		Owner: owner,

tests/project_test.go

@@ -18,7 +18,11 @@ func getClient(t *testing.T) *bitbucket.Client {
 		t.Error("BITBUCKET_TEST_PASSWORD is empty.")
 	}
 
-	return bitbucket.NewBasicAuth(user, pass)
+	c, err := bitbucket.NewBasicAuth(user, pass)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return c
 }
 
 func getOwner(t *testing.T) string {

tests/repositories_test.go

@@ -26,7 +26,10 @@ func TestListForAccount(t *testing.T) {
 		t.Error("BITBUCKET_TEST_REPOSLUG is empty.")
 	}
 
-	c := bitbucket.NewBasicAuth(user, pass)
+	c, err := bitbucket.NewBasicAuth(user, pass)
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	repositories, err := c.Repositories.ListForAccount(&bitbucket.RepositoriesOptions{
 		Owner: owner,
@@ -66,7 +69,10 @@ func TestListForAccountWithKeyword(t *testing.T) {
 		t.Error("BITBUCKET_TEST_REPOSLUG is empty.")
 	}
 
-	c := bitbucket.NewBasicAuth(user, pass)
+	c, err := bitbucket.NewBasicAuth(user, pass)
+	if err != nil {
+		t.Fatal(err)
+	}
 	t.Run("only keyword", func(t *testing.T) {
 		repositories, err := c.Repositories.ListForAccount(&bitbucket.RepositoriesOptions{
 			Owner:   owner,
@@ -129,7 +135,10 @@ func TestListForTeam(t *testing.T) {
 		t.Error("BITBUCKET_TEST_REPOSLUG is empty.")
 	}
 
-	c := bitbucket.NewBasicAuth(user, pass)
+	c, err := bitbucket.NewBasicAuth(user, pass)
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	//goland:noinspection GoDeprecation
 	repositories, err := c.Repositories.ListForTeam(&bitbucket.RepositoriesOptions{