rebuild branch

2026-02-03 04:50:52 +08:00 · 2025-09-25 10:32:48 +08:00
parent 3f69254f43
commit f5dc380b63
214 changed files with 39377 additions and 0 deletions
--- a/internal/util/provider.go
+++ b/internal/util/provider.go
@@ -0,0 +1,143 @@
+// Package util provides utility functions used across the CLIProxyAPI application.
+// These functions handle common tasks such as determining AI service providers
+// from model names and managing HTTP proxies.
+package util
+
+import (
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/registry"
+)
+
+// GetProviderName determines all AI service providers capable of serving a registered model.
+// It first queries the global model registry to retrieve the providers backing the supplied model name.
+// When the model has not been registered yet, it falls back to legacy string heuristics to infer
+// potential providers.
+//
+// Supported providers include (but are not limited to):
+//   - "gemini" for Google's Gemini family
+//   - "codex" for OpenAI GPT-compatible providers
+//   - "claude" for Anthropic models
+//   - "qwen" for Alibaba's Qwen models
+//   - "openai-compatibility" for external OpenAI-compatible providers
+//
+// Parameters:
+//   - modelName: The name of the model to identify providers for.
+//   - cfg: The application configuration containing OpenAI compatibility settings.
+//
+// Returns:
+//   - []string: All provider identifiers capable of serving the model, ordered by preference.
+func GetProviderName(modelName string, cfg *config.Config) []string {
+	if modelName == "" {
+		return nil
+	}
+
+	providers := make([]string, 0, 4)
+	seen := make(map[string]struct{})
+
+	appendProvider := func(name string) {
+		if name == "" {
+			return
+		}
+		if _, exists := seen[name]; exists {
+			return
+		}
+		seen[name] = struct{}{}
+		providers = append(providers, name)
+	}
+
+	for _, provider := range registry.GetGlobalRegistry().GetModelProviders(modelName) {
+		appendProvider(provider)
+	}
+
+	if len(providers) > 0 {
+		return providers
+	}
+
+	return providers
+}
+
+// IsOpenAICompatibilityAlias checks if the given model name is an alias
+// configured for OpenAI compatibility routing.
+//
+// Parameters:
+//   - modelName: The model name to check
+//   - cfg: The application configuration containing OpenAI compatibility settings
+//
+// Returns:
+//   - bool: True if the model name is an OpenAI compatibility alias, false otherwise
+func IsOpenAICompatibilityAlias(modelName string, cfg *config.Config) bool {
+	if cfg == nil {
+		return false
+	}
+
+	for _, compat := range cfg.OpenAICompatibility {
+		for _, model := range compat.Models {
+			if model.Alias == modelName {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+// GetOpenAICompatibilityConfig returns the OpenAI compatibility configuration
+// and model details for the given alias.
+//
+// Parameters:
+//   - alias: The model alias to find configuration for
+//   - cfg: The application configuration containing OpenAI compatibility settings
+//
+// Returns:
+//   - *config.OpenAICompatibility: The matching compatibility configuration, or nil if not found
+//   - *config.OpenAICompatibilityModel: The matching model configuration, or nil if not found
+func GetOpenAICompatibilityConfig(alias string, cfg *config.Config) (*config.OpenAICompatibility, *config.OpenAICompatibilityModel) {
+	if cfg == nil {
+		return nil, nil
+	}
+
+	for _, compat := range cfg.OpenAICompatibility {
+		for _, model := range compat.Models {
+			if model.Alias == alias {
+				return &compat, &model
+			}
+		}
+	}
+	return nil, nil
+}
+
+// InArray checks if a string exists in a slice of strings.
+// It iterates through the slice and returns true if the target string is found,
+// otherwise it returns false.
+//
+// Parameters:
+//   - hystack: The slice of strings to search in
+//   - needle: The string to search for
+//
+// Returns:
+//   - bool: True if the string is found, false otherwise
+func InArray(hystack []string, needle string) bool {
+	for _, item := range hystack {
+		if needle == item {
+			return true
+		}
+	}
+	return false
+}
+
+// HideAPIKey obscures an API key for logging purposes, showing only the first and last few characters.
+//
+// Parameters:
+//   - apiKey: The API key to hide.
+//
+// Returns:
+//   - string: The obscured API key.
+func HideAPIKey(apiKey string) string {
+	if len(apiKey) > 8 {
+		return apiKey[:4] + "..." + apiKey[len(apiKey)-4:]
+	} else if len(apiKey) > 4 {
+		return apiKey[:2] + "..." + apiKey[len(apiKey)-2:]
+	} else if len(apiKey) > 2 {
+		return apiKey[:1] + "..." + apiKey[len(apiKey)-1:]
+	}
+	return apiKey
+}
--- a/internal/util/proxy.go
+++ b/internal/util/proxy.go
@@ -0,0 +1,52 @@
+// Package util provides utility functions for the CLI Proxy API server.
+// It includes helper functions for proxy configuration, HTTP client setup,
+// log level management, and other common operations used across the application.
+package util
+
+import (
+	"context"
+	"net"
+	"net/http"
+	"net/url"
+
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	log "github.com/sirupsen/logrus"
+	"golang.org/x/net/proxy"
+)
+
+// SetProxy configures the provided HTTP client with proxy settings from the configuration.
+// It supports SOCKS5, HTTP, and HTTPS proxies. The function modifies the client's transport
+// to route requests through the configured proxy server.
+func SetProxy(cfg *config.Config, httpClient *http.Client) *http.Client {
+	var transport *http.Transport
+	// Attempt to parse the proxy URL from the configuration.
+	proxyURL, errParse := url.Parse(cfg.ProxyURL)
+	if errParse == nil {
+		// Handle different proxy schemes.
+		if proxyURL.Scheme == "socks5" {
+			// Configure SOCKS5 proxy with optional authentication.
+			username := proxyURL.User.Username()
+			password, _ := proxyURL.User.Password()
+			proxyAuth := &proxy.Auth{User: username, Password: password}
+			dialer, errSOCKS5 := proxy.SOCKS5("tcp", proxyURL.Host, proxyAuth, proxy.Direct)
+			if errSOCKS5 != nil {
+				log.Errorf("create SOCKS5 dialer failed: %v", errSOCKS5)
+				return httpClient
+			}
+			// Set up a custom transport using the SOCKS5 dialer.
+			transport = &http.Transport{
+				DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
+					return dialer.Dial(network, addr)
+				},
+			}
+		} else if proxyURL.Scheme == "http" || proxyURL.Scheme == "https" {
+			// Configure HTTP or HTTPS proxy.
+			transport = &http.Transport{Proxy: http.ProxyURL(proxyURL)}
+		}
+	}
+	// If a new transport was created, apply it to the HTTP client.
+	if transport != nil {
+		httpClient.Transport = transport
+	}
+	return httpClient
+}
--- a/internal/util/ssh_helper.go
+++ b/internal/util/ssh_helper.go
@@ -0,0 +1,135 @@
+// Package util provides helper functions for SSH tunnel instructions and network-related tasks.
+// This includes detecting the appropriate IP address and printing commands
+// to help users connect to the local server from a remote machine.
+package util
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"strings"
+	"time"
+
+	log "github.com/sirupsen/logrus"
+)
+
+var ipServices = []string{
+	"https://api.ipify.org",
+	"https://ifconfig.me/ip",
+	"https://icanhazip.com",
+	"https://ipinfo.io/ip",
+}
+
+// getPublicIP attempts to retrieve the public IP address from a list of external services.
+// It iterates through the ipServices and returns the first successful response.
+//
+// Returns:
+//   - string: The public IP address as a string
+//   - error: An error if all services fail, nil otherwise
+func getPublicIP() (string, error) {
+	for _, service := range ipServices {
+		ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
+		defer cancel()
+		req, err := http.NewRequestWithContext(ctx, "GET", service, nil)
+		if err != nil {
+			log.Debugf("Failed to create request to %s: %v", service, err)
+			continue
+		}
+
+		resp, err := http.DefaultClient.Do(req)
+		if err != nil {
+			log.Debugf("Failed to get public IP from %s: %v", service, err)
+			continue
+		}
+		defer func() {
+			if closeErr := resp.Body.Close(); closeErr != nil {
+				log.Warnf("Failed to close response body from %s: %v", service, closeErr)
+			}
+		}()
+
+		if resp.StatusCode != http.StatusOK {
+			log.Debugf("bad status code from %s: %d", service, resp.StatusCode)
+			continue
+		}
+
+		ip, err := io.ReadAll(resp.Body)
+		if err != nil {
+			log.Debugf("Failed to read response body from %s: %v", service, err)
+			continue
+		}
+		return strings.TrimSpace(string(ip)), nil
+	}
+	return "", fmt.Errorf("all IP services failed")
+}
+
+// getOutboundIP retrieves the preferred outbound IP address of this machine.
+// It uses a UDP connection to a public DNS server to determine the local IP
+// address that would be used for outbound traffic.
+//
+// Returns:
+//   - string: The outbound IP address as a string
+//   - error: An error if the IP address cannot be determined, nil otherwise
+func getOutboundIP() (string, error) {
+	conn, err := net.Dial("udp", "8.8.8.8:80")
+	if err != nil {
+		return "", err
+	}
+	defer func() {
+		if closeErr := conn.Close(); closeErr != nil {
+			log.Warnf("Failed to close UDP connection: %v", closeErr)
+		}
+	}()
+
+	localAddr, ok := conn.LocalAddr().(*net.UDPAddr)
+	if !ok {
+		return "", fmt.Errorf("could not assert UDP address type")
+	}
+
+	return localAddr.IP.String(), nil
+}
+
+// GetIPAddress attempts to find the best-available IP address.
+// It first tries to get the public IP address, and if that fails,
+// it falls back to getting the local outbound IP address.
+//
+// Returns:
+//   - string: The determined IP address (preferring public IPv4)
+func GetIPAddress() string {
+	publicIP, err := getPublicIP()
+	if err == nil {
+		log.Debugf("Public IP detected: %s", publicIP)
+		return publicIP
+	}
+	log.Warnf("Failed to get public IP, falling back to outbound IP: %v", err)
+	outboundIP, err := getOutboundIP()
+	if err == nil {
+		log.Debugf("Outbound IP detected: %s", outboundIP)
+		return outboundIP
+	}
+	log.Errorf("Failed to get any IP address: %v", err)
+	return "127.0.0.1" // Fallback
+}
+
+// PrintSSHTunnelInstructions detects the IP address and prints SSH tunnel instructions
+// for the user to connect to the local OAuth callback server from a remote machine.
+//
+// Parameters:
+//   - port: The local port number for the SSH tunnel
+func PrintSSHTunnelInstructions(port int) {
+	ipAddress := GetIPAddress()
+	border := "================================================================================"
+	log.Infof("To authenticate from a remote machine, an SSH tunnel may be required.")
+	fmt.Println(border)
+	fmt.Println("  Run one of the following commands on your local machine (NOT the server):")
+	fmt.Println()
+	fmt.Printf("  # Standard SSH command (assumes SSH port 22):\n")
+	fmt.Printf("  ssh -L %d:127.0.0.1:%d root@%s -p 22\n", port, port, ipAddress)
+	fmt.Println()
+	fmt.Printf("  # If using an SSH key (assumes SSH port 22):\n")
+	fmt.Printf("  ssh -i <path_to_your_key> -L %d:127.0.0.1:%d root@%s -p 22\n", port, port, ipAddress)
+	fmt.Println()
+	fmt.Println("  NOTE: If your server's SSH port is not 22, please modify the '-p 22' part accordingly.")
+	fmt.Println(border)
+}
--- a/internal/util/translator.go
+++ b/internal/util/translator.go
@@ -0,0 +1,372 @@
+// Package util provides utility functions for the CLI Proxy API server.
+// It includes helper functions for JSON manipulation, proxy configuration,
+// and other common operations used across the application.
+package util
+
+import (
+	"bytes"
+	"fmt"
+
+	"github.com/tidwall/gjson"
+	"github.com/tidwall/sjson"
+)
+
+// Walk recursively traverses a JSON structure to find all occurrences of a specific field.
+// It builds paths to each occurrence and adds them to the provided paths slice.
+//
+// Parameters:
+//   - value: The gjson.Result object to traverse
+//   - path: The current path in the JSON structure (empty string for root)
+//   - field: The field name to search for
+//   - paths: Pointer to a slice where found paths will be stored
+//
+// The function works recursively, building dot-notation paths to each occurrence
+// of the specified field throughout the JSON structure.
+func Walk(value gjson.Result, path, field string, paths *[]string) {
+	switch value.Type {
+	case gjson.JSON:
+		// For JSON objects and arrays, iterate through each child
+		value.ForEach(func(key, val gjson.Result) bool {
+			var childPath string
+			if path == "" {
+				childPath = key.String()
+			} else {
+				childPath = path + "." + key.String()
+			}
+			if key.String() == field {
+				*paths = append(*paths, childPath)
+			}
+			Walk(val, childPath, field, paths)
+			return true
+		})
+	case gjson.String, gjson.Number, gjson.True, gjson.False, gjson.Null:
+		// Terminal types - no further traversal needed
+	}
+}
+
+// RenameKey renames a key in a JSON string by moving its value to a new key path
+// and then deleting the old key path.
+//
+// Parameters:
+//   - jsonStr: The JSON string to modify
+//   - oldKeyPath: The dot-notation path to the key that should be renamed
+//   - newKeyPath: The dot-notation path where the value should be moved to
+//
+// Returns:
+//   - string: The modified JSON string with the key renamed
+//   - error: An error if the operation fails
+//
+// The function performs the rename in two steps:
+// 1. Sets the value at the new key path
+// 2. Deletes the old key path
+func RenameKey(jsonStr, oldKeyPath, newKeyPath string) (string, error) {
+	value := gjson.Get(jsonStr, oldKeyPath)
+
+	if !value.Exists() {
+		return "", fmt.Errorf("old key '%s' does not exist", oldKeyPath)
+	}
+
+	interimJson, err := sjson.SetRaw(jsonStr, newKeyPath, value.Raw)
+	if err != nil {
+		return "", fmt.Errorf("failed to set new key '%s': %w", newKeyPath, err)
+	}
+
+	finalJson, err := sjson.Delete(interimJson, oldKeyPath)
+	if err != nil {
+		return "", fmt.Errorf("failed to delete old key '%s': %w", oldKeyPath, err)
+	}
+
+	return finalJson, nil
+}
+
+// FixJSON converts non-standard JSON that uses single quotes for strings into
+// RFC 8259-compliant JSON by converting those single-quoted strings to
+// double-quoted strings with proper escaping.
+//
+// Examples:
+//
+//	{'a': 1, 'b': '2'}      => {"a": 1, "b": "2"}
+//	{"t": 'He said "hi"'} => {"t": "He said \"hi\""}
+//
+// Rules:
+//   - Existing double-quoted JSON strings are preserved as-is.
+//   - Single-quoted strings are converted to double-quoted strings.
+//   - Inside converted strings, any double quote is escaped (\").
+//   - Common backslash escapes (\n, \r, \t, \b, \f, \\) are preserved.
+//   - \' inside single-quoted strings becomes a literal ' in the output (no
+//     escaping needed inside double quotes).
+//   - Unicode escapes (\uXXXX) inside single-quoted strings are forwarded.
+//   - The function does not attempt to fix other non-JSON features beyond quotes.
+func FixJSON(input string) string {
+	var out bytes.Buffer
+
+	inDouble := false
+	inSingle := false
+	escaped := false // applies within the current string state
+
+	// Helper to write a rune, escaping double quotes when inside a converted
+	// single-quoted string (which becomes a double-quoted string in output).
+	writeConverted := func(r rune) {
+		if r == '"' {
+			out.WriteByte('\\')
+			out.WriteByte('"')
+			return
+		}
+		out.WriteRune(r)
+	}
+
+	runes := []rune(input)
+	for i := 0; i < len(runes); i++ {
+		r := runes[i]
+
+		if inDouble {
+			out.WriteRune(r)
+			if escaped {
+				// end of escape sequence in a standard JSON string
+				escaped = false
+				continue
+			}
+			if r == '\\' {
+				escaped = true
+				continue
+			}
+			if r == '"' {
+				inDouble = false
+			}
+			continue
+		}
+
+		if inSingle {
+			if escaped {
+				// Handle common escape sequences after a backslash within a
+				// single-quoted string
+				escaped = false
+				switch r {
+				case 'n', 'r', 't', 'b', 'f', '/', '"':
+					// Keep the backslash and the character (except for '"' which
+					// rarely appears, but if it does, keep as \" to remain valid)
+					out.WriteByte('\\')
+					out.WriteRune(r)
+				case '\\':
+					out.WriteByte('\\')
+					out.WriteByte('\\')
+				case '\'':
+					// \' inside single-quoted becomes a literal '
+					out.WriteRune('\'')
+				case 'u':
+					// Forward \uXXXX if possible
+					out.WriteByte('\\')
+					out.WriteByte('u')
+					// Copy up to next 4 hex digits if present
+					for k := 0; k < 4 && i+1 < len(runes); k++ {
+						peek := runes[i+1]
+						// simple hex check
+						if (peek >= '0' && peek <= '9') || (peek >= 'a' && peek <= 'f') || (peek >= 'A' && peek <= 'F') {
+							out.WriteRune(peek)
+							i++
+						} else {
+							break
+						}
+					}
+				default:
+					// Unknown escape: preserve the backslash and the char
+					out.WriteByte('\\')
+					out.WriteRune(r)
+				}
+				continue
+			}
+
+			if r == '\\' { // start escape sequence
+				escaped = true
+				continue
+			}
+			if r == '\'' { // end of single-quoted string
+				out.WriteByte('"')
+				inSingle = false
+				continue
+			}
+			// regular char inside converted string; escape double quotes
+			writeConverted(r)
+			continue
+		}
+
+		// Outside any string
+		if r == '"' {
+			inDouble = true
+			out.WriteRune(r)
+			continue
+		}
+		if r == '\'' { // start of non-standard single-quoted string
+			inSingle = true
+			out.WriteByte('"')
+			continue
+		}
+		out.WriteRune(r)
+	}
+
+	// If input ended while still inside a single-quoted string, close it to
+	// produce the best-effort valid JSON.
+	if inSingle {
+		out.WriteByte('"')
+	}
+
+	return out.String()
+}
+
+// SanitizeSchemaForGemini removes JSON Schema fields that are incompatible with Gemini API
+// to prevent "Proto field is not repeating, cannot start list" errors.
+//
+// Parameters:
+//   - schemaJSON: The JSON schema string to sanitize
+//
+// Returns:
+//   - string: The sanitized schema string
+//   - error: An error if the operation fails
+//
+// This function removes the following incompatible fields:
+// - additionalProperties: Not supported in Gemini function declarations
+// - $schema: JSON Schema meta-schema identifier, not needed for API
+// - allOf/anyOf/oneOf: Union type constructs not supported
+// - exclusiveMinimum/exclusiveMaximum: Advanced validation constraints
+// - patternProperties: Advanced property pattern matching
+// - dependencies: Property dependencies not supported
+// - type arrays: Converts ["string", "null"] to just "string"
+func SanitizeSchemaForGemini(schemaJSON string) (string, error) {
+	// Remove top-level incompatible fields
+	fieldsToRemove := []string{
+		"additionalProperties",
+		"$schema",
+		"allOf",
+		"anyOf",
+		"oneOf",
+		"exclusiveMinimum",
+		"exclusiveMaximum",
+		"patternProperties",
+		"dependencies",
+	}
+
+	result := schemaJSON
+	var err error
+
+	for _, field := range fieldsToRemove {
+		result, err = sjson.Delete(result, field)
+		if err != nil {
+			continue // Continue even if deletion fails
+		}
+	}
+
+	// Handle type arrays by converting them to single types
+	result = sanitizeTypeFields(result)
+
+	// Recursively clean nested objects
+	result = cleanNestedSchemas(result)
+
+	return result, nil
+}
+
+// sanitizeTypeFields converts type arrays to single types for Gemini compatibility
+func sanitizeTypeFields(jsonStr string) string {
+	// Parse the JSON to find all "type" fields
+	parsed := gjson.Parse(jsonStr)
+	result := jsonStr
+
+	// Walk through all paths to find type fields
+	var typeFields []string
+	walkForTypeFields(parsed, "", &typeFields)
+
+	// Process each type field
+	for _, path := range typeFields {
+		typeValue := gjson.Get(result, path)
+		if typeValue.IsArray() {
+			// Convert array to single type (prioritize string, then others)
+			arr := typeValue.Array()
+			if len(arr) > 0 {
+				var preferredType string
+				for _, t := range arr {
+					typeStr := t.String()
+					if typeStr == "string" {
+						preferredType = "string"
+						break
+					} else if typeStr == "number" || typeStr == "integer" {
+						preferredType = typeStr
+					} else if preferredType == "" {
+						preferredType = typeStr
+					}
+				}
+				if preferredType != "" {
+					result, _ = sjson.Set(result, path, preferredType)
+				}
+			}
+		}
+	}
+
+	return result
+}
+
+// walkForTypeFields recursively finds all "type" field paths in the JSON
+func walkForTypeFields(value gjson.Result, path string, paths *[]string) {
+	switch value.Type {
+	case gjson.JSON:
+		value.ForEach(func(key, val gjson.Result) bool {
+			var childPath string
+			if path == "" {
+				childPath = key.String()
+			} else {
+				childPath = path + "." + key.String()
+			}
+			if key.String() == "type" {
+				*paths = append(*paths, childPath)
+			}
+			walkForTypeFields(val, childPath, paths)
+			return true
+		})
+	default:
+
+	}
+}
+
+// cleanNestedSchemas recursively removes incompatible fields from nested schema objects
+func cleanNestedSchemas(jsonStr string) string {
+	fieldsToRemove := []string{"allOf", "anyOf", "oneOf", "exclusiveMinimum", "exclusiveMaximum"}
+
+	// Find all nested paths that might contain these fields
+	var pathsToClean []string
+	parsed := gjson.Parse(jsonStr)
+	findNestedSchemaPaths(parsed, "", fieldsToRemove, &pathsToClean)
+
+	result := jsonStr
+	// Remove fields from all found paths
+	for _, path := range pathsToClean {
+		result, _ = sjson.Delete(result, path)
+	}
+
+	return result
+}
+
+// findNestedSchemaPaths recursively finds paths containing incompatible schema fields
+func findNestedSchemaPaths(value gjson.Result, path string, fieldsToFind []string, paths *[]string) {
+	switch value.Type {
+	case gjson.JSON:
+		value.ForEach(func(key, val gjson.Result) bool {
+			var childPath string
+			if path == "" {
+				childPath = key.String()
+			} else {
+				childPath = path + "." + key.String()
+			}
+
+			// Check if this key is one we want to remove
+			for _, field := range fieldsToFind {
+				if key.String() == field {
+					*paths = append(*paths, childPath)
+					break
+				}
+			}
+
+			findNestedSchemaPaths(val, childPath, fieldsToFind, paths)
+			return true
+		})
+	default:
+
+	}
+}
--- a/internal/util/util.go
+++ b/internal/util/util.go
@@ -0,0 +1,66 @@
+// Package util provides utility functions for the CLI Proxy API server.
+// It includes helper functions for logging configuration, file system operations,
+// and other common utilities used throughout the application.
+package util
+
+import (
+	"io/fs"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
+	log "github.com/sirupsen/logrus"
+)
+
+// SetLogLevel configures the logrus log level based on the configuration.
+// It sets the log level to DebugLevel if debug mode is enabled, otherwise to InfoLevel.
+func SetLogLevel(cfg *config.Config) {
+	currentLevel := log.GetLevel()
+	var newLevel log.Level
+	if cfg.Debug {
+		newLevel = log.DebugLevel
+	} else {
+		newLevel = log.InfoLevel
+	}
+
+	if currentLevel != newLevel {
+		log.SetLevel(newLevel)
+		log.Infof("log level changed from %s to %s (debug=%t)", currentLevel, newLevel, cfg.Debug)
+	}
+}
+
+// CountAuthFiles returns the number of JSON auth files located under the provided directory.
+// The function resolves leading tildes to the user's home directory and performs a case-insensitive
+// match on the ".json" suffix so that files saved with uppercase extensions are also counted.
+func CountAuthFiles(authDir string) int {
+	if authDir == "" {
+		return 0
+	}
+	if strings.HasPrefix(authDir, "~") {
+		home, err := os.UserHomeDir()
+		if err != nil {
+			log.Debugf("countAuthFiles: failed to resolve home directory: %v", err)
+			return 0
+		}
+		authDir = filepath.Join(home, authDir[1:])
+	}
+	count := 0
+	walkErr := filepath.WalkDir(authDir, func(path string, d fs.DirEntry, err error) error {
+		if err != nil {
+			log.Debugf("countAuthFiles: error accessing %s: %v", path, err)
+			return nil
+		}
+		if d.IsDir() {
+			return nil
+		}
+		if strings.HasSuffix(strings.ToLower(d.Name()), ".json") {
+			count++
+		}
+		return nil
+	})
+	if walkErr != nil {
+		log.Debugf("countAuthFiles: walk error: %v", walkErr)
+	}
+	return count
+}