mirror of
https://github.com/QwenLM/qwen-code.git
synced 2025-12-19 09:33:53 +00:00
Gaurav
GitHub
@@ -16,10 +16,15 @@ import crypto from 'crypto';
|
||||
import * as net from 'net';
|
||||
import open from 'open';
|
||||
import path from 'node:path';
|
||||
import { promises as fs, existsSync, readFileSync } from 'node:fs';
|
||||
import { promises as fs } from 'node:fs';
|
||||
import * as os from 'os';
|
||||
import { Config } from '../config/config.js';
|
||||
import { getErrorMessage } from '../utils/errors.js';
|
||||
import {
|
||||
cacheGoogleAccount,
|
||||
getCachedGoogleAccount,
|
||||
clearCachedGoogleAccount,
|
||||
} from '../utils/user_account.js';
|
||||
import { AuthType } from '../core/contentGenerator.js';
|
||||
import readline from 'node:readline';
|
||||
|
||||
@@ -50,7 +55,6 @@ const SIGN_IN_FAILURE_URL =
|
||||
|
||||
const GEMINI_DIR = '.gemini';
|
||||
const CREDENTIAL_FILENAME = 'oauth_creds.json';
|
||||
const GOOGLE_ACCOUNT_ID_FILENAME = 'google_account_id';
|
||||
|
||||
/**
|
||||
* An Authentication URL for updating the credentials of a Oauth2Client
|
||||
@@ -78,13 +82,10 @@ export async function getOauthClient(
|
||||
// If there are cached creds on disk, they always take precedence
|
||||
if (await loadCachedCredentials(client)) {
|
||||
// Found valid cached credentials.
|
||||
// Check if we need to retrieve Google Account ID
|
||||
if (!getCachedGoogleAccountId()) {
|
||||
// Check if we need to retrieve Google Account ID or Email
|
||||
if (!getCachedGoogleAccount()) {
|
||||
try {
|
||||
const googleAccountId = await getRawGoogleAccountId(client);
|
||||
if (googleAccountId) {
|
||||
await cacheGoogleAccountId(googleAccountId);
|
||||
}
|
||||
await fetchAndCacheUserInfo(client);
|
||||
} catch {
|
||||
// Non-fatal, continue with existing auth.
|
||||
}
|
||||
@@ -237,10 +238,7 @@ async function authWithWeb(client: OAuth2Client): Promise<OauthWebLogin> {
|
||||
client.setCredentials(tokens);
|
||||
// Retrieve and cache Google Account ID during authentication
|
||||
try {
|
||||
const googleAccountId = await getRawGoogleAccountId(client);
|
||||
if (googleAccountId) {
|
||||
await cacheGoogleAccountId(googleAccountId);
|
||||
}
|
||||
await fetchAndCacheUserInfo(client);
|
||||
} catch (error) {
|
||||
console.error(
|
||||
'Failed to retrieve Google Account ID during authentication:',
|
||||
@@ -326,80 +324,46 @@ function getCachedCredentialPath(): string {
|
||||
return path.join(os.homedir(), GEMINI_DIR, CREDENTIAL_FILENAME);
|
||||
}
|
||||
|
||||
function getGoogleAccountIdCachePath(): string {
|
||||
return path.join(os.homedir(), GEMINI_DIR, GOOGLE_ACCOUNT_ID_FILENAME);
|
||||
}
|
||||
|
||||
async function cacheGoogleAccountId(googleAccountId: string): Promise<void> {
|
||||
const filePath = getGoogleAccountIdCachePath();
|
||||
await fs.mkdir(path.dirname(filePath), { recursive: true });
|
||||
await fs.writeFile(filePath, googleAccountId, 'utf-8');
|
||||
}
|
||||
|
||||
export function getCachedGoogleAccountId(): string | null {
|
||||
try {
|
||||
const filePath = getGoogleAccountIdCachePath();
|
||||
if (existsSync(filePath)) {
|
||||
return readFileSync(filePath, 'utf-8').trim() || null;
|
||||
}
|
||||
return null;
|
||||
} catch (error) {
|
||||
console.debug('Error reading cached Google Account ID:', error);
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
export async function clearCachedCredentialFile() {
|
||||
try {
|
||||
await fs.rm(getCachedCredentialPath(), { force: true });
|
||||
// Clear the Google Account ID cache when credentials are cleared
|
||||
await fs.rm(getGoogleAccountIdCachePath(), { force: true });
|
||||
await clearCachedGoogleAccount();
|
||||
} catch (_) {
|
||||
/* empty */
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves the authenticated user's Google Account ID from Google's UserInfo API.
|
||||
* @param client - The authenticated OAuth2Client
|
||||
* @returns The user's Google Account ID or null if not available
|
||||
*/
|
||||
export async function getRawGoogleAccountId(
|
||||
client: OAuth2Client,
|
||||
): Promise<string | null> {
|
||||
async function fetchAndCacheUserInfo(client: OAuth2Client): Promise<void> {
|
||||
try {
|
||||
// 1. Get a new Access Token including the id_token
|
||||
const refreshedTokens = await new Promise<Credentials | null>(
|
||||
(resolve, reject) => {
|
||||
client.refreshAccessToken((err, tokens) => {
|
||||
if (err) {
|
||||
return reject(err);
|
||||
}
|
||||
resolve(tokens ?? null);
|
||||
});
|
||||
const { token } = await client.getAccessToken();
|
||||
if (!token) {
|
||||
return;
|
||||
}
|
||||
|
||||
const response = await fetch(
|
||||
'https://www.googleapis.com/oauth2/v2/userinfo',
|
||||
{
|
||||
headers: {
|
||||
Authorization: `Bearer ${token}`,
|
||||
},
|
||||
},
|
||||
);
|
||||
|
||||
if (!refreshedTokens?.id_token) {
|
||||
console.warn('No id_token obtained after refreshing tokens.');
|
||||
return null;
|
||||
if (!response.ok) {
|
||||
console.error(
|
||||
'Failed to fetch user info:',
|
||||
response.status,
|
||||
response.statusText,
|
||||
);
|
||||
return;
|
||||
}
|
||||
|
||||
// 2. Verify the ID token to securely get the user's Google Account ID.
|
||||
const ticket = await client.verifyIdToken({
|
||||
idToken: refreshedTokens.id_token,
|
||||
audience: OAUTH_CLIENT_ID,
|
||||
});
|
||||
|
||||
const payload = ticket.getPayload();
|
||||
if (!payload?.sub) {
|
||||
console.warn('Could not extract sub claim from verified ID token.');
|
||||
return null;
|
||||
const userInfo = await response.json();
|
||||
if (userInfo.email) {
|
||||
await cacheGoogleAccount(userInfo.email);
|
||||
}
|
||||
|
||||
return payload.sub;
|
||||
} catch (error) {
|
||||
console.error('Error retrieving or verifying Google Account ID:', error);
|
||||
return null;
|
||||
console.error('Error retrieving user info:', error);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user