chuan/CLIProxyAPI
1
0
Fork 0
mirror of https://github.com/router-for-me/CLIProxyAPI.git synced 2026-02-03 04:50:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

v6 version first commit

Browse Source
This commit is contained in:
Luis Pater
2025-09-22 01:40:24 +08:00
parent d42384cdb7
commit 4999fce7f4
171 changed files with 7626 additions and 7494 deletions
Download Patch File Download Diff File Expand all files Collapse all files

162
internal/cmd/anthropic_login.go
View File

@@ -1,169 +1,47 @@
// Package cmd provides command-line interface functionality for the CLI Proxy API.
// It implements the main application commands including login/authentication
// and server startup, handling the complete user onboarding and service lifecycle.
package cmd
import (
"context"
"fmt"
"net/http"
"errors"
"os"
"strings"
"time"
"github.com/luispater/CLIProxyAPI/v5/internal/auth/claude"
"github.com/luispater/CLIProxyAPI/v5/internal/browser"
"github.com/luispater/CLIProxyAPI/v5/internal/client"
"github.com/luispater/CLIProxyAPI/v5/internal/config"
"github.com/luispater/CLIProxyAPI/v5/internal/misc"
"github.com/luispater/CLIProxyAPI/v5/internal/util"
"github.com/router-for-me/CLIProxyAPI/v6/internal/auth/claude"
"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth"
log "github.com/sirupsen/logrus"
)
// DoClaudeLogin handles the Claude OAuth login process for Anthropic Claude services.
// It initializes the OAuth flow, opens the user's browser for authentication,
// waits for the callback, exchanges the authorization code for tokens,
// and saves the authentication information to a file.
//
// Parameters:
// - cfg: The application configuration
// - options: The login options containing browser preferences
// DoClaudeLogin triggers the Claude OAuth flow through the shared authentication manager.
func DoClaudeLogin(cfg *config.Config, options *LoginOptions) {
if options == nil {
options = &LoginOptions{}
}
ctx := context.Background()
manager := newAuthManager()
log.Info("Initializing Claude authentication...")
// Generate PKCE codes
pkceCodes, err := claude.GeneratePKCECodes()
if err != nil {
log.Fatalf("Failed to generate PKCE codes: %v", err)
return
authOpts := &sdkAuth.LoginOptions{
NoBrowser: options.NoBrowser,
Metadata: map[string]string{},
Prompt: options.Prompt,
}
// Generate random state parameter
state, err := misc.GenerateRandomState()
_, savedPath, err := manager.Login(context.Background(), "claude", cfg, authOpts)
if err != nil {
log.Fatalf("Failed to generate state parameter: %v", err)
return
}
// Initialize OAuth server
oauthServer := claude.NewOAuthServer(54545)
// Start OAuth callback server
if err = oauthServer.Start(); err != nil {
if strings.Contains(err.Error(), "already in use") {
authErr := claude.NewAuthenticationError(claude.ErrPortInUse, err)
var authErr *claude.AuthenticationError
if errors.As(err, &authErr) {
log.Error(claude.GetUserFriendlyMessage(authErr))
os.Exit(13) // Exit code 13 for port-in-use error
}
authErr := claude.NewAuthenticationError(claude.ErrServerStartFailed, err)
log.Fatalf("Failed to start OAuth callback server: %v", authErr)
return
}
defer func() {
if err = oauthServer.Stop(ctx); err != nil {
log.Warnf("Failed to stop OAuth server: %v", err)
}
}()
// Initialize Claude auth service
anthropicAuth := claude.NewClaudeAuth(cfg)
// Generate authorization URL
authURL, state, err := anthropicAuth.GenerateAuthURL(state, pkceCodes)
if err != nil {
log.Fatalf("Failed to generate authorization URL: %v", err)
return
}
// Open browser or display URL
if !options.NoBrowser {
log.Info("Opening browser for authentication...")
// Check if browser is available
if !browser.IsAvailable() {
log.Warn("No browser available on this system")
util.PrintSSHTunnelInstructions(54545)
log.Infof("Please manually open this URL in your browser:\n\n%s\n", authURL)
} else {
if err = browser.OpenURL(authURL); err != nil {
authErr := claude.NewAuthenticationError(claude.ErrBrowserOpenFailed, err)
log.Warn(claude.GetUserFriendlyMessage(authErr))
util.PrintSSHTunnelInstructions(54545)
log.Infof("Please manually open this URL in your browser:\n\n%s\n", authURL)
// Log platform info for debugging
platformInfo := browser.GetPlatformInfo()
log.Debugf("Browser platform info: %+v", platformInfo)
} else {
log.Debug("Browser opened successfully")
if authErr.Type == claude.ErrPortInUse.Type {
os.Exit(claude.ErrPortInUse.Code)
}
return
}
} else {
util.PrintSSHTunnelInstructions(54545)
log.Infof("Please open this URL in your browser:\n\n%s\n", authURL)
}
log.Info("Waiting for authentication callback...")
// Wait for OAuth callback
result, err := oauthServer.WaitForCallback(5 * time.Minute)
if err != nil {
if strings.Contains(err.Error(), "timeout") {
authErr := claude.NewAuthenticationError(claude.ErrCallbackTimeout, err)
log.Error(claude.GetUserFriendlyMessage(authErr))
} else {
log.Errorf("Authentication failed: %v", err)
}
log.Fatalf("Claude authentication failed: %v", err)
return
}
if result.Error != "" {
oauthErr := claude.NewOAuthError(result.Error, "", http.StatusBadRequest)
log.Error(claude.GetUserFriendlyMessage(oauthErr))
return
if savedPath != "" {
log.Infof("Authentication saved to %s", savedPath)
}
// Validate state parameter
if result.State != state {
authErr := claude.NewAuthenticationError(claude.ErrInvalidState, fmt.Errorf("expected %s, got %s", state, result.State))
log.Error(claude.GetUserFriendlyMessage(authErr))
return
}
log.Debug("Authorization code received, exchanging for tokens...")
// Exchange authorization code for tokens
authBundle, err := anthropicAuth.ExchangeCodeForTokens(ctx, result.Code, state, pkceCodes)
if err != nil {
authErr := claude.NewAuthenticationError(claude.ErrCodeExchangeFailed, err)
log.Errorf("Failed to exchange authorization code for tokens: %v", authErr)
log.Debug("This may be due to network issues or invalid authorization code")
return
}
// Create token storage
tokenStorage := anthropicAuth.CreateTokenStorage(authBundle)
// Initialize Claude client
anthropicClient := client.NewClaudeClient(cfg, tokenStorage)
// Save token storage
if err = anthropicClient.SaveTokenToFile(); err != nil {
log.Fatalf("Failed to save authentication tokens: %v", err)
return
}
log.Info("Authentication successful!")
if authBundle.APIKey != "" {
log.Info("API key obtained and saved")
}
log.Info("You can now use Claude services through this CLI")
log.Info("Claude authentication successful!")
}

16
internal/cmd/auth_manager.go Normal file
View File

@@ -0,0 +1,16 @@
package cmd
import (
sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth"
)
func newAuthManager() *sdkAuth.Manager {
store := sdkAuth.NewFileTokenStore()
manager := sdkAuth.NewManager(store,
sdkAuth.NewGeminiAuthenticator(),
sdkAuth.NewCodexAuthenticator(),
sdkAuth.NewClaudeAuthenticator(),
sdkAuth.NewQwenAuthenticator(),
)
return manager
}

4
internal/cmd/gemini-web_auth.go
View File

@@ -10,8 +10,8 @@ import (
"path/filepath"
"strings"
"github.com/luispater/CLIProxyAPI/v5/internal/auth/gemini"
"github.com/luispater/CLIProxyAPI/v5/internal/config"
"github.com/router-for-me/CLIProxyAPI/v6/internal/auth/gemini"
"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
log "github.com/sirupsen/logrus"
)

96
internal/cmd/login.go
View File

@@ -1,100 +1,58 @@
// Package cmd provides command-line interface functionality for the CLI Proxy API.
// It implements the main application commands including login/authentication
// and server startup, handling the complete user onboarding and service lifecycle.
package cmd
import (
"context"
"os"
"errors"
"github.com/luispater/CLIProxyAPI/v5/internal/auth/gemini"
"github.com/luispater/CLIProxyAPI/v5/internal/client"
"github.com/luispater/CLIProxyAPI/v5/internal/config"
"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth"
log "github.com/sirupsen/logrus"
)
// DoLogin handles the entire user login and setup process for Google Gemini services.
// It authenticates the user, sets up the user's project, checks API enablement,
// and saves the token for future use.
//
// Parameters:
// - cfg: The application configuration
// - projectID: The Google Cloud Project ID to use (optional)
// - options: The login options containing browser preferences
// DoLogin handles Google Gemini authentication using the shared authentication manager.
func DoLogin(cfg *config.Config, projectID string, options *LoginOptions) {
if options == nil {
options = &LoginOptions{}
}
var err error
var ts gemini.GeminiTokenStorage
manager := newAuthManager()
metadata := map[string]string{}
if projectID != "" {
ts.ProjectID = projectID
metadata["project_id"] = projectID
}
// Initialize an authenticated HTTP client. This will trigger the OAuth flow if necessary.
clientCtx := context.Background()
log.Info("Initializing Google authentication...")
geminiAuth := gemini.NewGeminiAuth()
httpClient, errGetClient := geminiAuth.GetAuthenticatedClient(clientCtx, &ts, cfg, options.NoBrowser)
if errGetClient != nil {
log.Fatalf("failed to get authenticated client: %v", errGetClient)
return
authOpts := &sdkAuth.LoginOptions{
NoBrowser: options.NoBrowser,
ProjectID: projectID,
Metadata: metadata,
Prompt: options.Prompt,
}
log.Info("Authentication successful.")
// Initialize the API client.
cliClient := client.NewGeminiCLIClient(httpClient, &ts, cfg)
// Perform the user setup process.
err = cliClient.SetupUser(clientCtx, ts.Email, projectID)
_, savedPath, err := manager.Login(context.Background(), "gemini", cfg, authOpts)
if err != nil {
// Handle the specific case where a project ID is required but not provided.
if err.Error() == "failed to start user onboarding, need define a project id" {
log.Error("Failed to start user onboarding: A project ID is required.")
// Fetch and display the user's available projects to help them choose one.
project, errGetProjectList := cliClient.GetProjectList(clientCtx)
if errGetProjectList != nil {
log.Fatalf("Failed to get project list: %v", err)
} else {
log.Infof("Your account %s needs to specify a project ID.", ts.Email)
var selectionErr *sdkAuth.ProjectSelectionError
if errors.As(err, &selectionErr) {
log.Error(selectionErr.Error())
projects := selectionErr.ProjectsDisplay()
if len(projects) > 0 {
log.Info("========================================================================")
for _, p := range project.Projects {
for _, p := range projects {
log.Infof("Project ID: %s", p.ProjectID)
log.Infof("Project Name: %s", p.Name)
log.Info("------------------------------------------------------------------------")
}
log.Infof("Please run this command to login again with a specific project:\n\n%s --login --project_id <project_id>\n", os.Args[0])
log.Info("Please rerun the login command with --project_id <project_id>.")
}
} else {
log.Fatalf("Failed to complete user setup: %v", err)
}
return // Exit after handling the error.
}
// If setup is successful, proceed to check API status and save the token.
auto := projectID == ""
cliClient.SetIsAuto(auto)
// If the project was not automatically selected, check if the Cloud AI API is enabled.
if !cliClient.IsChecked() && !cliClient.IsAuto() {
isChecked, checkErr := cliClient.CheckCloudAPIIsEnabled()
if checkErr != nil {
log.Fatalf("Failed to check if Cloud AI API is enabled: %v", checkErr)
return
}
cliClient.SetIsChecked(isChecked)
// If the check fails (returns false), the CheckCloudAPIIsEnabled function
// will have already printed instructions, so we can just exit.
if !isChecked {
log.Fatal("Failed to check if Cloud AI API is enabled. If you encounter an error message, please create an issue.")
return
}
log.Fatalf("Gemini authentication failed: %v", err)
return
}
// Save the successfully obtained and verified token to a file.
err = cliClient.SaveTokenToFile()
if err != nil {
log.Fatalf("Failed to save token to file: %v", err)
if savedPath != "" {
log.Infof("Authentication saved to %s", savedPath)
}
log.Info("Gemini authentication successful!")
}

170
internal/cmd/openai_login.go
View File

@@ -1,178 +1,54 @@
// Package cmd provides command-line interface functionality for the CLI Proxy API.
// It implements the main application commands including login/authentication
// and server startup, handling the complete user onboarding and service lifecycle.
package cmd
import (
"context"
"fmt"
"net/http"
"errors"
"os"
"strings"
"time"
"github.com/luispater/CLIProxyAPI/v5/internal/auth/codex"
"github.com/luispater/CLIProxyAPI/v5/internal/browser"
"github.com/luispater/CLIProxyAPI/v5/internal/client"
"github.com/luispater/CLIProxyAPI/v5/internal/config"
"github.com/luispater/CLIProxyAPI/v5/internal/misc"
"github.com/luispater/CLIProxyAPI/v5/internal/util"
"github.com/router-for-me/CLIProxyAPI/v6/internal/auth/codex"
"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth"
log "github.com/sirupsen/logrus"
)
// LoginOptions contains options for the Codex login process.
// LoginOptions contains options for the login processes.
type LoginOptions struct {
// NoBrowser indicates whether to skip opening the browser automatically.
NoBrowser bool
// Prompt allows the caller to provide interactive input when needed.
Prompt func(prompt string) (string, error)
}
// DoCodexLogin handles the Codex OAuth login process for OpenAI Codex services.
// It initializes the OAuth flow, opens the user's browser for authentication,
// waits for the callback, exchanges the authorization code for tokens,
// and saves the authentication information to a file.
//
// Parameters:
// - cfg: The application configuration
// - options: The login options containing browser preferences
// DoCodexLogin triggers the Codex OAuth flow through the shared authentication manager.
func DoCodexLogin(cfg *config.Config, options *LoginOptions) {
if options == nil {
options = &LoginOptions{}
}
ctx := context.Background()
manager := newAuthManager()
log.Info("Initializing Codex authentication...")
// Generate PKCE codes
pkceCodes, err := codex.GeneratePKCECodes()
if err != nil {
log.Fatalf("Failed to generate PKCE codes: %v", err)
return
authOpts := &sdkAuth.LoginOptions{
NoBrowser: options.NoBrowser,
Metadata: map[string]string{},
Prompt: options.Prompt,
}
// Generate random state parameter
state, err := misc.GenerateRandomState()
_, savedPath, err := manager.Login(context.Background(), "codex", cfg, authOpts)
if err != nil {
log.Fatalf("Failed to generate state parameter: %v", err)
return
}
// Initialize OAuth server
oauthServer := codex.NewOAuthServer(1455)
// Start OAuth callback server
if err = oauthServer.Start(); err != nil {
if strings.Contains(err.Error(), "already in use") {
authErr := codex.NewAuthenticationError(codex.ErrPortInUse, err)
var authErr *codex.AuthenticationError
if errors.As(err, &authErr) {
log.Error(codex.GetUserFriendlyMessage(authErr))
os.Exit(13) // Exit code 13 for port-in-use error
}
authErr := codex.NewAuthenticationError(codex.ErrServerStartFailed, err)
log.Fatalf("Failed to start OAuth callback server: %v", authErr)
return
}
defer func() {
if err = oauthServer.Stop(ctx); err != nil {
log.Warnf("Failed to stop OAuth server: %v", err)
}
}()
// Initialize Codex auth service
openaiAuth := codex.NewCodexAuth(cfg)
// Generate authorization URL
authURL, err := openaiAuth.GenerateAuthURL(state, pkceCodes)
if err != nil {
log.Fatalf("Failed to generate authorization URL: %v", err)
return
}
// Open browser or display URL
if !options.NoBrowser {
log.Info("Opening browser for authentication...")
// Check if browser is available
if !browser.IsAvailable() {
log.Warn("No browser available on this system")
util.PrintSSHTunnelInstructions(1455)
log.Infof("Please manually open this URL in your browser:\n\n%s\n", authURL)
} else {
if err = browser.OpenURL(authURL); err != nil {
authErr := codex.NewAuthenticationError(codex.ErrBrowserOpenFailed, err)
log.Warn(codex.GetUserFriendlyMessage(authErr))
util.PrintSSHTunnelInstructions(1455)
log.Infof("Please manually open this URL in your browser:\n\n%s\n", authURL)
// Log platform info for debugging
platformInfo := browser.GetPlatformInfo()
log.Debugf("Browser platform info: %+v", platformInfo)
} else {
log.Debug("Browser opened successfully")
if authErr.Type == codex.ErrPortInUse.Type {
os.Exit(codex.ErrPortInUse.Code)
}
return
}
} else {
util.PrintSSHTunnelInstructions(1455)
log.Infof("Please open this URL in your browser:\n\n%s\n", authURL)
}
log.Info("Waiting for authentication callback...")
// Wait for OAuth callback
result, err := oauthServer.WaitForCallback(5 * time.Minute)
if err != nil {
if strings.Contains(err.Error(), "timeout") {
authErr := codex.NewAuthenticationError(codex.ErrCallbackTimeout, err)
log.Error(codex.GetUserFriendlyMessage(authErr))
} else {
log.Errorf("Authentication failed: %v", err)
}
log.Fatalf("Codex authentication failed: %v", err)
return
}
if result.Error != "" {
oauthErr := codex.NewOAuthError(result.Error, "", http.StatusBadRequest)
log.Error(codex.GetUserFriendlyMessage(oauthErr))
return
if savedPath != "" {
log.Infof("Authentication saved to %s", savedPath)
}
// Validate state parameter
if result.State != state {
authErr := codex.NewAuthenticationError(codex.ErrInvalidState, fmt.Errorf("expected %s, got %s", state, result.State))
log.Error(codex.GetUserFriendlyMessage(authErr))
return
}
log.Debug("Authorization code received, exchanging for tokens...")
// Exchange authorization code for tokens
authBundle, err := openaiAuth.ExchangeCodeForTokens(ctx, result.Code, pkceCodes)
if err != nil {
authErr := codex.NewAuthenticationError(codex.ErrCodeExchangeFailed, err)
log.Errorf("Failed to exchange authorization code for tokens: %v", authErr)
log.Debug("This may be due to network issues or invalid authorization code")
return
}
// Create token storage
tokenStorage := openaiAuth.CreateTokenStorage(authBundle)
// Initialize Codex client
openaiClient, err := client.NewCodexClient(cfg, tokenStorage)
if err != nil {
log.Fatalf("Failed to initialize Codex client: %v", err)
return
}
// Save token storage
if err = openaiClient.SaveTokenToFile(); err != nil {
log.Fatalf("Failed to save authentication tokens: %v", err)
return
}
log.Info("Authentication successful!")
if authBundle.APIKey != "" {
log.Info("API key obtained and saved")
}
log.Info("You can now use Codex services through this CLI")
log.Info("Codex authentication successful!")
}

103
internal/cmd/qwen_login.go
View File

@@ -1,95 +1,54 @@
// Package cmd provides command-line interface functionality for the CLI Proxy API.
// It implements the main application commands including login/authentication
// and server startup, handling the complete user onboarding and service lifecycle.
package cmd
import (
"context"
"errors"
"fmt"
"os"
"github.com/luispater/CLIProxyAPI/v5/internal/auth/qwen"
"github.com/luispater/CLIProxyAPI/v5/internal/browser"
"github.com/luispater/CLIProxyAPI/v5/internal/client"
"github.com/luispater/CLIProxyAPI/v5/internal/config"
"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth"
log "github.com/sirupsen/logrus"
)
// DoQwenLogin handles the Qwen OAuth login process for Alibaba Qwen services.
// It initializes the OAuth flow, opens the user's browser for authentication,
// waits for the callback, exchanges the authorization code for tokens,
// and saves the authentication information to a file.
//
// Parameters:
// - cfg: The application configuration
// - options: The login options containing browser preferences
// DoQwenLogin handles the Qwen device flow using the shared authentication manager.
func DoQwenLogin(cfg *config.Config, options *LoginOptions) {
if options == nil {
options = &LoginOptions{}
}
ctx := context.Background()
manager := newAuthManager()
log.Info("Initializing Qwen authentication...")
// Initialize Qwen auth service
qwenAuth := qwen.NewQwenAuth(cfg)
// Generate authorization URL
deviceFlow, err := qwenAuth.InitiateDeviceFlow(ctx)
if err != nil {
log.Fatalf("Failed to generate authorization URL: %v", err)
return
}
authURL := deviceFlow.VerificationURIComplete
// Open browser or display URL
if !options.NoBrowser {
log.Info("Opening browser for authentication...")
// Check if browser is available
if !browser.IsAvailable() {
log.Warn("No browser available on this system")
log.Infof("Please manually open this URL in your browser:\n\n%s\n", authURL)
} else {
if err = browser.OpenURL(authURL); err != nil {
log.Infof("Please manually open this URL in your browser:\n\n%s\n", authURL)
// Log platform info for debugging
platformInfo := browser.GetPlatformInfo()
log.Debugf("Browser platform info: %+v", platformInfo)
} else {
log.Debug("Browser opened successfully")
}
promptFn := options.Prompt
if promptFn == nil {
promptFn = func(prompt string) (string, error) {
fmt.Println()
fmt.Println(prompt)
var value string
_, err := fmt.Scanln(&value)
return value, err
}
} else {
log.Infof("Please open this URL in your browser:\n\n%s\n", authURL)
}
log.Info("Waiting for authentication...")
tokenData, err := qwenAuth.PollForToken(deviceFlow.DeviceCode, deviceFlow.CodeVerifier)
authOpts := &sdkAuth.LoginOptions{
NoBrowser: options.NoBrowser,
Metadata: map[string]string{},
Prompt: promptFn,
}
_, savedPath, err := manager.Login(context.Background(), "qwen", cfg, authOpts)
if err != nil {
fmt.Printf("Authentication failed: %v\n", err)
os.Exit(1)
}
// Create token storage
tokenStorage := qwenAuth.CreateTokenStorage(tokenData)
// Initialize Qwen client
qwenClient := client.NewQwenClient(cfg, tokenStorage)
fmt.Println("\nPlease input your email address or any alias:")
var email string
_, _ = fmt.Scanln(&email)
tokenStorage.Email = email
// Save token storage
if err = qwenClient.SaveTokenToFile(); err != nil {
log.Fatalf("Failed to save authentication tokens: %v", err)
var emailErr *sdkAuth.EmailRequiredError
if errors.As(err, &emailErr) {
log.Error(emailErr.Error())
return
}
log.Fatalf("Qwen authentication failed: %v", err)
return
}
log.Info("Authentication successful!")
log.Info("You can now use Qwen services through this CLI")
if savedPath != "" {
log.Infof("Authentication saved to %s", savedPath)
}
log.Info("Qwen authentication successful!")
}

378
internal/cmd/run.go
View File

@@ -1,381 +1,31 @@
// Package cmd provides command-line interface functionality for the CLI Proxy API.
// It implements the main application commands including service startup, authentication
// client management, and graceful shutdown handling. The package handles loading
// authentication tokens, creating client pools, starting the API server, and monitoring
// configuration changes through file watchers.
package cmd
import (
"context"
"encoding/json"
"io/fs"
"os"
"errors"
"os/signal"
"path/filepath"
"strings"
"sync"
"syscall"
"time"
"github.com/luispater/CLIProxyAPI/v5/internal/api"
"github.com/luispater/CLIProxyAPI/v5/internal/auth/claude"
"github.com/luispater/CLIProxyAPI/v5/internal/auth/codex"
"github.com/luispater/CLIProxyAPI/v5/internal/auth/gemini"
"github.com/luispater/CLIProxyAPI/v5/internal/auth/qwen"
"github.com/luispater/CLIProxyAPI/v5/internal/client"
"github.com/luispater/CLIProxyAPI/v5/internal/config"
"github.com/luispater/CLIProxyAPI/v5/internal/interfaces"
"github.com/luispater/CLIProxyAPI/v5/internal/misc"
"github.com/luispater/CLIProxyAPI/v5/internal/util"
"github.com/luispater/CLIProxyAPI/v5/internal/watcher"
"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
"github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy"
log "github.com/sirupsen/logrus"
"github.com/tidwall/gjson"
)
// StartService initializes and starts the main API proxy service.
// It loads all available authentication tokens, creates a pool of clients,
// starts the API server, and handles graceful shutdown signals.
// The function performs the following operations:
// 1. Walks through the authentication directory to load all JSON token files
// 2. Creates authenticated clients based on token types (gemini, codex, claude, qwen)
// 3. Initializes clients with API keys if provided in configuration
// 4. Starts the API server with the client pool
// 5. Sets up file watching for configuration and authentication directory changes
// 6. Implements background token refresh for Codex, Claude, and Qwen clients
// 7. Handles graceful shutdown on SIGINT or SIGTERM signals
//
// Parameters:
// - cfg: The application configuration containing settings like port, auth directory, API keys
// - configPath: The path to the configuration file for watching changes
// StartService builds and runs the proxy service using the exported SDK.
func StartService(cfg *config.Config, configPath string) {
// Track the current active clients for graceful shutdown persistence.
var activeClients map[string]interfaces.Client
var activeClientsMu sync.RWMutex
// Create a pool of API clients, one for each token file found.
cliClients := make(map[string]interfaces.Client)
successfulAuthCount := 0
// Ensure the auth directory exists before walking it.
if info, statErr := os.Stat(cfg.AuthDir); statErr != nil {
if os.IsNotExist(statErr) {
if mkErr := os.MkdirAll(cfg.AuthDir, 0755); mkErr != nil {
log.Fatalf("failed to create auth directory %s: %v", cfg.AuthDir, mkErr)
}
log.Infof("created missing auth directory: %s", cfg.AuthDir)
} else {
log.Fatalf("error checking auth directory %s: %v", cfg.AuthDir, statErr)
}
} else if !info.IsDir() {
log.Fatalf("auth path exists but is not a directory: %s", cfg.AuthDir)
}
err := filepath.Walk(cfg.AuthDir, func(path string, info fs.FileInfo, err error) error {
if err != nil {
return err
}
// Process only JSON files in the auth directory to load authentication tokens.
if !info.IsDir() && strings.HasSuffix(info.Name(), ".json") {
misc.LogCredentialSeparator()
log.Debugf("Loading token from: %s", path)
data, errReadFile := util.ReadAuthFilePreferSnapshot(path)
if errReadFile != nil {
return errReadFile
}
// Determine token type from JSON data, defaulting to "gemini" if not specified.
tokenType := ""
typeResult := gjson.GetBytes(data, "type")
if typeResult.Exists() {
tokenType = typeResult.String()
}
clientCtx := context.Background()
if tokenType == "gemini" {
var ts gemini.GeminiTokenStorage
if err = json.Unmarshal(data, &ts); err == nil {
// For each valid Gemini token, create an authenticated client.
log.Info("Initializing gemini authentication for token...")
geminiAuth := gemini.NewGeminiAuth()
httpClient, errGetClient := geminiAuth.GetAuthenticatedClient(clientCtx, &ts, cfg)
if errGetClient != nil {
// Log fatal will exit, but we return the error for completeness.
log.Fatalf("failed to get authenticated client for token %s: %v", path, errGetClient)
return errGetClient
}
log.Info("Authentication successful.")
// Add the new client to the pool.
cliClient := client.NewGeminiCLIClient(httpClient, &ts, cfg)
cliClients[path] = cliClient
successfulAuthCount++
}
} else if tokenType == "codex" {
var ts codex.CodexTokenStorage
if err = json.Unmarshal(data, &ts); err == nil {
// For each valid Codex token, create an authenticated client.
log.Info("Initializing codex authentication for token...")
codexClient, errGetClient := client.NewCodexClient(cfg, &ts)
if errGetClient != nil {
// Log fatal will exit, but we return the error for completeness.
log.Fatalf("failed to get authenticated client for token %s: %v", path, errGetClient)
return errGetClient
}
log.Info("Authentication successful.")
cliClients[path] = codexClient
successfulAuthCount++
}
} else if tokenType == "claude" {
var ts claude.ClaudeTokenStorage
if err = json.Unmarshal(data, &ts); err == nil {
// For each valid Claude token, create an authenticated client.
log.Info("Initializing claude authentication for token...")
claudeClient := client.NewClaudeClient(cfg, &ts)
log.Info("Authentication successful.")
cliClients[path] = claudeClient
successfulAuthCount++
}
} else if tokenType == "qwen" {
var ts qwen.QwenTokenStorage
if err = json.Unmarshal(data, &ts); err == nil {
// For each valid Qwen token, create an authenticated client.
log.Info("Initializing qwen authentication for token...")
qwenClient := client.NewQwenClient(cfg, &ts, path)
log.Info("Authentication successful.")
cliClients[path] = qwenClient
successfulAuthCount++
}
} else if tokenType == "gemini-web" {
var ts gemini.GeminiWebTokenStorage
if err = json.Unmarshal(data, &ts); err == nil {
log.Info("Initializing gemini web authentication for token...")
geminiWebClient, errClient := client.NewGeminiWebClient(cfg, &ts, path)
if errClient != nil {
log.Errorf("failed to create gemini web client for token %s: %v", path, errClient)
return errClient
}
if geminiWebClient.IsReady() {
log.Info("Authentication successful.")
geminiWebClient.EnsureRegistered()
} else {
log.Info("Client created. Authentication pending (background retry in progress).")
}
cliClients[path] = geminiWebClient
successfulAuthCount++
}
}
}
return nil
})
service, err := cliproxy.NewBuilder().
WithConfig(cfg).
WithConfigPath(configPath).
Build()
if err != nil {
log.Fatalf("Error walking auth directory: %v", err)
log.Fatalf("failed to build proxy service: %v", err)
}
apiKeyClients, glAPIKeyCount, claudeAPIKeyCount, codexAPIKeyCount, openAICompatCount := watcher.BuildAPIKeyClients(cfg)
ctx, cancel := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
defer cancel()
totalNewClients := len(cliClients) + len(apiKeyClients)
log.Infof("full client load complete - %d clients (%d auth files + %d GL API keys + %d Claude API keys + %d Codex keys + %d OpenAI-compat)",
totalNewClients,
successfulAuthCount,
glAPIKeyCount,
claudeAPIKeyCount,
codexAPIKeyCount,
openAICompatCount,
)
// Combine file-based and API key-based clients for the initial server setup
allClients := clientsToSlice(cliClients)
allClients = append(allClients, clientsToSlice(apiKeyClients)...)
// Initialize activeClients map for shutdown persistence
{
combined := make(map[string]interfaces.Client, len(cliClients)+len(apiKeyClients))
for k, v := range cliClients {
combined[k] = v
}
for k, v := range apiKeyClients {
combined[k] = v
}
activeClientsMu.Lock()
activeClients = combined
activeClientsMu.Unlock()
}
// Create and start the API server with the pool of clients in a separate goroutine.
apiServer := api.NewServer(cfg, allClients, configPath)
log.Infof("Starting API server on port %d", cfg.Port)
// Start the API server in a goroutine so it doesn't block the main thread.
go func() {
if err = apiServer.Start(); err != nil {
log.Fatalf("API server failed to start: %v", err)
}
}()
// Give the server a moment to start up before proceeding.
time.Sleep(100 * time.Millisecond)
log.Info("API server started successfully")
// Setup file watcher for config and auth directory changes to enable hot-reloading.
fileWatcher, errNewWatcher := watcher.NewWatcher(configPath, cfg.AuthDir, func(newClients map[string]interfaces.Client, newCfg *config.Config) {
// Update the API server with new clients and configuration when files change.
apiServer.UpdateClients(newClients, newCfg)
// Keep an up-to-date snapshot for graceful shutdown persistence.
activeClientsMu.Lock()
activeClients = newClients
activeClientsMu.Unlock()
})
if errNewWatcher != nil {
log.Fatalf("failed to create file watcher: %v", errNewWatcher)
}
// Set initial state for the watcher with current configuration and clients.
fileWatcher.SetConfig(cfg)
fileWatcher.SetClients(cliClients)
fileWatcher.SetAPIKeyClients(apiKeyClients)
// Start the file watcher in a separate context.
watcherCtx, watcherCancel := context.WithCancel(context.Background())
if errStartWatcher := fileWatcher.Start(watcherCtx); errStartWatcher != nil {
log.Fatalf("failed to start file watcher: %v", errStartWatcher)
}
log.Info("file watcher started for config and auth directory changes")
defer func() {
// Clean up file watcher resources on shutdown.
watcherCancel()
errStopWatcher := fileWatcher.Stop()
if errStopWatcher != nil {
log.Errorf("error stopping file watcher: %v", errStopWatcher)
}
}()
// Set up a channel to listen for OS signals for graceful shutdown.
sigChan := make(chan os.Signal, 1)
signal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM)
// Background token refresh ticker for Codex, Claude, and Qwen clients to handle token expiration.
ctxRefresh, cancelRefresh := context.WithCancel(context.Background())
var wgRefresh sync.WaitGroup
wgRefresh.Add(1)
go func() {
defer wgRefresh.Done()
ticker := time.NewTicker(1 * time.Hour)
defer ticker.Stop()
// Function to check and refresh tokens for all client types before they expire.
checkAndRefresh := func() {
clientSlice := clientsToSlice(cliClients)
for i := 0; i < len(clientSlice); i++ {
if codexCli, ok := clientSlice[i].(*client.CodexClient); ok {
if ts, isCodexTS := codexCli.TokenStorage().(*claude.ClaudeTokenStorage); isCodexTS {
if ts != nil && ts.Expire != "" {
if expTime, errParse := time.Parse(time.RFC3339, ts.Expire); errParse == nil {
if time.Until(expTime) <= 5*24*time.Hour {
log.Debugf("refreshing codex tokens for %s", codexCli.GetEmail())
_ = codexCli.RefreshTokens(ctxRefresh)
}
}
}
}
} else if claudeCli, isOK := clientSlice[i].(*client.ClaudeClient); isOK {
if ts, isCluadeTS := claudeCli.TokenStorage().(*claude.ClaudeTokenStorage); isCluadeTS {
if ts != nil && ts.Expire != "" {
if expTime, errParse := time.Parse(time.RFC3339, ts.Expire); errParse == nil {
if time.Until(expTime) <= 4*time.Hour {
log.Debugf("refreshing claude tokens for %s", claudeCli.GetEmail())
_ = claudeCli.RefreshTokens(ctxRefresh)
}
}
}
}
} else if qwenCli, isQwenOK := clientSlice[i].(*client.QwenClient); isQwenOK {
if ts, isQwenTS := qwenCli.TokenStorage().(*qwen.QwenTokenStorage); isQwenTS {
if ts != nil && ts.Expire != "" {
if expTime, errParse := time.Parse(time.RFC3339, ts.Expire); errParse == nil {
if time.Until(expTime) <= 3*time.Hour {
log.Debugf("refreshing qwen tokens for %s", qwenCli.GetEmail())
_ = qwenCli.RefreshTokens(ctxRefresh)
}
}
}
}
}
}
}
// Initial check on start to refresh tokens if needed.
checkAndRefresh()
for {
select {
case <-ctxRefresh.Done():
log.Debugf("refreshing tokens stopped...")
return
case <-ticker.C:
checkAndRefresh()
}
}
}()
// Main loop to wait for shutdown signal or periodic checks.
for {
select {
case <-sigChan:
log.Debugf("Received shutdown signal. Cleaning up...")
cancelRefresh()
wgRefresh.Wait()
// Stop file watcher early to avoid token save triggering reloads/registrations during shutdown.
watcherCancel()
if errStopWatcher := fileWatcher.Stop(); errStopWatcher != nil {
log.Errorf("error stopping file watcher: %v", errStopWatcher)
}
// Create a context with a timeout for the shutdown process.
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
_ = cancel
// Persist tokens/cookies for all active clients before stopping services.
func() {
activeClientsMu.RLock()
snapshot := make([]interfaces.Client, 0, len(activeClients))
for _, c := range activeClients {
snapshot = append(snapshot, c)
}
activeClientsMu.RUnlock()
for _, c := range snapshot {
misc.LogCredentialSeparator()
// Persist tokens/cookies then unregister/cleanup per client.
_ = c.SaveTokenToFile()
switch u := any(c).(type) {
case interface {
UnregisterClientWithReason(interfaces.UnregisterReason)
}:
u.UnregisterClientWithReason(interfaces.UnregisterReasonShutdown)
case interface{ UnregisterClient() }:
u.UnregisterClient()
}
}
}()
// Stop the API server gracefully.
if err = apiServer.Stop(ctx); err != nil {
log.Debugf("Error stopping API server: %v", err)
}
log.Debugf("Cleanup completed. Exiting...")
os.Exit(0)
case <-time.After(5 * time.Second):
// Periodic check to keep the loop running.
}
err = service.Run(ctx)
if err != nil && !errors.Is(err, context.Canceled) {
log.Fatalf("proxy service exited with error: %v", err)
}
}
func clientsToSlice(clientMap map[string]interfaces.Client) []interfaces.Client {
s := make([]interfaces.Client, 0, len(clientMap))
for _, v := range clientMap {
s = append(s, v)
}
return s
}