mirror of
https://github.com/router-for-me/CLIProxyAPI.git
synced 2026-02-18 12:20:52 +08:00
Merge pull request #1543 from sususu98/feat/gemini-cli-google-one
feat(gemini-cli): add Google One login and improve auto-discovery
This commit is contained in:
Luis Pater
GitHub
@@ -4,8 +4,10 @@ import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/fs"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
@@ -186,15 +188,21 @@ func (s *FileTokenStore) readAuthFile(path, baseDir string) (*cliproxyauth.Auth,
|
||||
if provider == "" {
|
||||
provider = "unknown"
|
||||
}
|
||||
if provider == "antigravity" {
|
||||
if provider == "antigravity" || provider == "gemini" {
|
||||
projectID := ""
|
||||
if pid, ok := metadata["project_id"].(string); ok {
|
||||
projectID = strings.TrimSpace(pid)
|
||||
}
|
||||
if projectID == "" {
|
||||
accessToken := ""
|
||||
if token, ok := metadata["access_token"].(string); ok {
|
||||
accessToken = strings.TrimSpace(token)
|
||||
accessToken := extractAccessToken(metadata)
|
||||
// For gemini type, the stored access_token is likely expired (~1h lifetime).
|
||||
// Refresh it using the long-lived refresh_token before querying.
|
||||
if provider == "gemini" {
|
||||
if tokenMap, ok := metadata["token"].(map[string]any); ok {
|
||||
if refreshed, errRefresh := refreshGeminiAccessToken(tokenMap, http.DefaultClient); errRefresh == nil {
|
||||
accessToken = refreshed
|
||||
}
|
||||
}
|
||||
}
|
||||
if accessToken != "" {
|
||||
fetchedProjectID, errFetch := FetchAntigravityProjectID(context.Background(), accessToken, http.DefaultClient)
|
||||
@@ -304,6 +312,67 @@ func (s *FileTokenStore) baseDirSnapshot() string {
|
||||
return s.baseDir
|
||||
}
|
||||
|
||||
func extractAccessToken(metadata map[string]any) string {
|
||||
if at, ok := metadata["access_token"].(string); ok {
|
||||
if v := strings.TrimSpace(at); v != "" {
|
||||
return v
|
||||
}
|
||||
}
|
||||
if tokenMap, ok := metadata["token"].(map[string]any); ok {
|
||||
if at, ok := tokenMap["access_token"].(string); ok {
|
||||
if v := strings.TrimSpace(at); v != "" {
|
||||
return v
|
||||
}
|
||||
}
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func refreshGeminiAccessToken(tokenMap map[string]any, httpClient *http.Client) (string, error) {
|
||||
refreshToken, _ := tokenMap["refresh_token"].(string)
|
||||
clientID, _ := tokenMap["client_id"].(string)
|
||||
clientSecret, _ := tokenMap["client_secret"].(string)
|
||||
tokenURI, _ := tokenMap["token_uri"].(string)
|
||||
|
||||
if refreshToken == "" || clientID == "" || clientSecret == "" {
|
||||
return "", fmt.Errorf("missing refresh credentials")
|
||||
}
|
||||
if tokenURI == "" {
|
||||
tokenURI = "https://oauth2.googleapis.com/token"
|
||||
}
|
||||
|
||||
data := url.Values{
|
||||
"grant_type": {"refresh_token"},
|
||||
"refresh_token": {refreshToken},
|
||||
"client_id": {clientID},
|
||||
"client_secret": {clientSecret},
|
||||
}
|
||||
|
||||
resp, err := httpClient.PostForm(tokenURI, data)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("refresh request: %w", err)
|
||||
}
|
||||
defer func() { _ = resp.Body.Close() }()
|
||||
|
||||
body, _ := io.ReadAll(resp.Body)
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
return "", fmt.Errorf("refresh failed: status %d", resp.StatusCode)
|
||||
}
|
||||
|
||||
var result map[string]any
|
||||
if errUnmarshal := json.Unmarshal(body, &result); errUnmarshal != nil {
|
||||
return "", fmt.Errorf("decode refresh response: %w", errUnmarshal)
|
||||
}
|
||||
|
||||
newAccessToken, _ := result["access_token"].(string)
|
||||
if newAccessToken == "" {
|
||||
return "", fmt.Errorf("no access_token in refresh response")
|
||||
}
|
||||
|
||||
tokenMap["access_token"] = newAccessToken
|
||||
return newAccessToken, nil
|
||||
}
|
||||
|
||||
// jsonEqual compares two JSON blobs by parsing them into Go objects and deep comparing.
|
||||
func jsonEqual(a, b []byte) bool {
|
||||
var objA any
|
||||
|
||||
80
sdk/auth/filestore_test.go
Normal file
80
sdk/auth/filestore_test.go
Normal file
@@ -0,0 +1,80 @@
|
||||
package auth
|
||||
|
||||
import "testing"
|
||||
|
||||
func TestExtractAccessToken(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
metadata map[string]any
|
||||
expected string
|
||||
}{
|
||||
{
|
||||
"antigravity top-level access_token",
|
||||
map[string]any{"access_token": "tok-abc"},
|
||||
"tok-abc",
|
||||
},
|
||||
{
|
||||
"gemini nested token.access_token",
|
||||
map[string]any{
|
||||
"token": map[string]any{"access_token": "tok-nested"},
|
||||
},
|
||||
"tok-nested",
|
||||
},
|
||||
{
|
||||
"top-level takes precedence over nested",
|
||||
map[string]any{
|
||||
"access_token": "tok-top",
|
||||
"token": map[string]any{"access_token": "tok-nested"},
|
||||
},
|
||||
"tok-top",
|
||||
},
|
||||
{
|
||||
"empty metadata",
|
||||
map[string]any{},
|
||||
"",
|
||||
},
|
||||
{
|
||||
"whitespace-only access_token",
|
||||
map[string]any{"access_token": " "},
|
||||
"",
|
||||
},
|
||||
{
|
||||
"wrong type access_token",
|
||||
map[string]any{"access_token": 12345},
|
||||
"",
|
||||
},
|
||||
{
|
||||
"token is not a map",
|
||||
map[string]any{"token": "not-a-map"},
|
||||
"",
|
||||
},
|
||||
{
|
||||
"nested whitespace-only",
|
||||
map[string]any{
|
||||
"token": map[string]any{"access_token": " "},
|
||||
},
|
||||
"",
|
||||
},
|
||||
{
|
||||
"fallback to nested when top-level empty",
|
||||
map[string]any{
|
||||
"access_token": "",
|
||||
"token": map[string]any{"access_token": "tok-fallback"},
|
||||
},
|
||||
"tok-fallback",
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
tt := tt
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
got := extractAccessToken(tt.metadata)
|
||||
if got != tt.expected {
|
||||
t.Errorf("extractAccessToken() = %q, want %q", got, tt.expected)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user