mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
a803790a10
## Summary - Add `codex-model-provider` as the runtime home for model-provider behavior that does not belong in `codex-core`, `codex-login`, or `codex-api`. - The new crate wraps configured `ModelProviderInfo` in a `ModelProvider` trait object that can resolve the API provider config, provider-scoped auth manager, and request auth provider for each call. - This centralizes provider auth behavior in one place today, and gives us an extension point for future provider-specific auth, model listing, request setup, and related runtime behavior. ## Tests Ran tests manually to make sure that provider auth under different configs still work as expected. --------- Co-authored-by: pakrym-oai <pakrym@openai.com>
65 lines
1.9 KiB
Rust
65 lines
1.9 KiB
Rust
use std::sync::Arc;
|
|
|
|
use codex_api::SharedAuthProvider;
|
|
use codex_login::AuthManager;
|
|
use codex_login::CodexAuth;
|
|
use codex_model_provider_info::ModelProviderInfo;
|
|
|
|
use crate::bearer_auth_provider::BearerAuthProvider;
|
|
|
|
/// Returns the provider-scoped auth manager when this provider uses command-backed auth.
|
|
///
|
|
/// Providers without custom auth continue using the caller-supplied base manager, when present.
|
|
pub(crate) fn auth_manager_for_provider(
|
|
auth_manager: Option<Arc<AuthManager>>,
|
|
provider: &ModelProviderInfo,
|
|
) -> Option<Arc<AuthManager>> {
|
|
match provider.auth.clone() {
|
|
Some(config) => Some(AuthManager::external_bearer_only(config)),
|
|
None => auth_manager,
|
|
}
|
|
}
|
|
|
|
fn bearer_auth_provider_from_auth(
|
|
auth: Option<&CodexAuth>,
|
|
provider: &ModelProviderInfo,
|
|
) -> codex_protocol::error::Result<BearerAuthProvider> {
|
|
if let Some(api_key) = provider.api_key()? {
|
|
return Ok(BearerAuthProvider {
|
|
token: Some(api_key),
|
|
account_id: None,
|
|
is_fedramp_account: false,
|
|
});
|
|
}
|
|
|
|
if let Some(token) = provider.experimental_bearer_token.clone() {
|
|
return Ok(BearerAuthProvider {
|
|
token: Some(token),
|
|
account_id: None,
|
|
is_fedramp_account: false,
|
|
});
|
|
}
|
|
|
|
if let Some(auth) = auth {
|
|
let token = auth.get_token()?;
|
|
Ok(BearerAuthProvider {
|
|
token: Some(token),
|
|
account_id: auth.get_account_id(),
|
|
is_fedramp_account: auth.is_fedramp_account(),
|
|
})
|
|
} else {
|
|
Ok(BearerAuthProvider {
|
|
token: None,
|
|
account_id: None,
|
|
is_fedramp_account: false,
|
|
})
|
|
}
|
|
}
|
|
|
|
pub(crate) fn resolve_provider_auth(
|
|
auth: Option<&CodexAuth>,
|
|
provider: &ModelProviderInfo,
|
|
) -> codex_protocol::error::Result<SharedAuthProvider> {
|
|
Ok(Arc::new(bearer_auth_provider_from_auth(auth, provider)?))
|
|
}
|