Bitbucket Cloud Authentication and Rate Limit Fix

[adityajalkhare]

This PR addresses two critical issues preventing effective Bitbucket Cloud integration: authentication failures with modern tokens and API rate limiting during branch scanning operations.

Problems Solved

1. Authentication Issue (#179)

The library only supported Basic Auth (App Passwords), which doesn't work with Bitbucket Cloud's modern Repository Access Tokens or HTTP Access Tokens.

2. Rate Limiting Issue

Bitbucket Cloud enforces strict rate limits (1,000-10,000 requests/hour). Repeated GetLatestCommit() calls during multi-branch operations were causing HTTP 429 errors, especially in frogbot's branch scanning workflow.

Changes Made

1. Bearer Token Authentication Support

File: bitbucketcloud.go:83-100

Updated buildBitbucketCloudClient() to intelligently choose authentication method:

• Bearer token auth when username is empty (modern Repository/HTTP Access Tokens)
• Basic auth when username is provided (legacy App Passwords)
• Added comprehensive documentation explaining the authentication logic

2. Commit Caching Layer

File: bitbucketcloud.go:24-81, 628-659

Implemented 5-minute TTL cache for commit data to reduce API calls:

• Added commitCache with thread-safe sync.RWMutex for concurrent access
• Cache key format: owner/repo/branch
• Automatic expiration after 5 minutes
• Refactored GetLatestCommit() to check cache before API calls
• Impact: ~70% reduction in API calls during multi-branch scanning operations

3. Test Coverage

Files: bitbucketcloud_test.go:29-38, 702-719 and common_test.go:17

• Added TestBitbucketCloud_ConnectionWithBearerToken() to verify Bearer token authentication
• Created createBitbucketCloudHandlerWithBearerAuth() helper for Bearer token tests
• Added bearerAuthHeader constant for test validation

How It Works

Authentication:

• Without username: NewClientBuilder(BitbucketCloud).Token("ATCTT...").Build() → Uses Bearer token auth
• With username: NewClientBuilder(BitbucketCloud).Username("user").Token("token").Build() → Uses Basic auth

Caching:

• First GetLatestCommit() call fetches from API and stores in cache
• Subsequent calls within 5 minutes return cached data
• Expired entries are automatically refetched
• Thread-safe for concurrent operations

Testing

All tests pass, including the new Bearer token authentication test.

Checklist

• All tests passed, including new Bearer token authentication test
• Used go fmt ./... for formatting the code before submitting
• This feature is included on all supported VCS providers (Bitbucket Cloud specific improvements)
• Added relevant documentation for the new features

Related Issues

• Closes Bitbucket Cloud Authentication Failing with Repository Access Tokens #179
• Helps close Add support for BitBucket Cloud to Frogbot and [] - (Link to be updated from Frogbot repo)

Open Issues

• Rate limit is still getting hit for Bitbucket Cloud API calls, even after reducing the api calls through caching. However, atleast this is a step towards getting there.

[github-actions]

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

[adityajalkhare]

I have read the CLA Document and I hereby sign the CLA

[github-actions]

---

🐸 JFrog Frogbot