mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
1659c4a629
## Summary Stacked on #26706. Adds the shared auth/system-proxy contract that later platform resolver PRs plug into. This PR moves Codex-owned auth and startup HTTP clients through a common route-aware boundary, but does not yet add Windows or macOS system proxy resolution. The default path remains unchanged when `respect_system_proxy` is absent or disabled. ## Implementation - Adds `codex-client/src/outbound_proxy.rs` with the shared route-selection model: - `OutboundProxyConfig`; - `ClientRouteClass`; - `RouteFailureClass`; - `build_reqwest_client_for_route`. - Preserves the existing reqwest/default-client behavior when no route config is supplied. - Uses the fixed MVP routing policy when route config is supplied: platform system/PAC/WPAD discovery, then explicit env proxy variables, then direct connection. - Keeps platform-specific system discovery behind the shared client boundary. This PR provides the contract and fallback behavior; later resolver PRs plug in Windows and macOS discovery. - Adds `login::AuthRouteConfig` so auth call sites depend on a small policy type instead of platform resolver details. - Maps the resolved `Config.respect_system_proxy` boolean into `AuthRouteConfig` for auth-owned clients. - Wires the route config through browser login, device-code login, access-token login, login status, logout/revoke, token refresh, API-key exchange, app-server account login, TUI/app startup, cloud-config bootstrap, cloud tasks, plugin auth, and exec startup config loading. ## End-user behavior - No behavior changes by default. - When `respect_system_proxy = true`, auth-owned clients opt into the shared route-aware client path. - On platforms without a resolver implementation in this PR, system discovery is unavailable and the route-aware path falls back to explicit env proxy handling, then direct connection. - Custom CA handling remains separate from proxy route selection and still runs through the shared client builder. - No proxy URLs, PAC contents, or resolved platform details are exposed through the public config surface introduced here. ## Tests Adds or updates coverage for: - preserving default auth-client fallback behavior when no route config is provided; - injected environment-proxy fallback without mutating process environment; - existing login-server E2E flows using explicit `auth_route_config: None` to guard unchanged default behavior; - updated auth manager, login, logout, cloud-config, startup, and plugin-auth call sites passing route config explicitly.
50 lines
1.9 KiB
Rust
50 lines
1.9 KiB
Rust
mod chatgpt_cloudflare_cookies;
|
|
mod chatgpt_hosts;
|
|
mod custom_ca;
|
|
mod default_client;
|
|
mod error;
|
|
mod outbound_proxy;
|
|
mod request;
|
|
mod retry;
|
|
mod sse;
|
|
mod telemetry;
|
|
mod transport;
|
|
|
|
pub use crate::chatgpt_cloudflare_cookies::with_chatgpt_cloudflare_cookie_store;
|
|
pub use crate::chatgpt_hosts::is_allowed_chatgpt_host;
|
|
pub use crate::custom_ca::BuildCustomCaTransportError;
|
|
/// Test-only subprocess hook for custom CA coverage.
|
|
///
|
|
/// This stays public only so the `custom_ca_probe` binary target can reuse the shared helper. It
|
|
/// is hidden from normal docs because ordinary callers should use
|
|
/// [`build_reqwest_client_with_custom_ca`] instead.
|
|
#[doc(hidden)]
|
|
pub use crate::custom_ca::build_reqwest_client_for_subprocess_tests;
|
|
pub use crate::custom_ca::build_reqwest_client_with_custom_ca;
|
|
pub use crate::custom_ca::maybe_build_rustls_client_config_with_custom_ca;
|
|
pub use crate::default_client::CodexHttpClient;
|
|
pub use crate::default_client::CodexRequestBuilder;
|
|
pub use crate::error::StreamError;
|
|
pub use crate::error::TransportError;
|
|
pub use crate::outbound_proxy::BuildRouteAwareHttpClientError;
|
|
pub use crate::outbound_proxy::ClientRouteClass;
|
|
pub use crate::outbound_proxy::OutboundProxyConfig;
|
|
pub use crate::outbound_proxy::RouteFailureClass;
|
|
pub use crate::outbound_proxy::build_reqwest_client_for_route;
|
|
pub use crate::request::EncodedJsonBody;
|
|
pub use crate::request::PreparedRequestBody;
|
|
pub use crate::request::Request;
|
|
pub use crate::request::RequestBody;
|
|
pub use crate::request::RequestCompression;
|
|
pub use crate::request::Response;
|
|
pub use crate::retry::RetryOn;
|
|
pub use crate::retry::RetryPolicy;
|
|
pub use crate::retry::backoff;
|
|
pub use crate::retry::run_with_retry;
|
|
pub use crate::sse::sse_stream;
|
|
pub use crate::telemetry::RequestTelemetry;
|
|
pub use crate::transport::ByteStream;
|
|
pub use crate::transport::HttpTransport;
|
|
pub use crate::transport::ReqwestTransport;
|
|
pub use crate::transport::StreamResponse;
|