refactor(auth): enhance useAuthCommand to include history management and improve error handling in QwenOAuth2Client

fix: character encoding corruption when executing the /copy command on Windows. (#1069 )
Co-authored-by: linda <hxn@163.com>
2025-12-27 20:19:14 +00:00 · 2025-11-20 14:16:04 +08:00 · 2025-11-20 10:23:17 +08:00 · 2025-11-20 10:09:12 +08:00
12 changed files with 110 additions and 66 deletions
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "@qwen-code/qwen-code",
-  "version": "0.2.2",
+  "version": "0.2.3",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "@qwen-code/qwen-code",
-      "version": "0.2.2",
+      "version": "0.2.3",
      "workspaces": [
        "packages/*"
      ],
@@ -16024,7 +16024,7 @@
    },
    "packages/cli": {
      "name": "@qwen-code/qwen-code",
-      "version": "0.2.2",
+      "version": "0.2.3",
      "dependencies": {
        "@google/genai": "1.16.0",
        "@iarna/toml": "^2.2.5",
@@ -16139,7 +16139,7 @@
    },
    "packages/core": {
      "name": "@qwen-code/qwen-code-core",
-      "version": "0.2.2",
+      "version": "0.2.3",
      "hasInstallScript": true,
      "dependencies": {
        "@google/genai": "1.16.0",
@@ -16278,7 +16278,7 @@
    },
    "packages/test-utils": {
      "name": "@qwen-code/qwen-code-test-utils",
-      "version": "0.2.2",
+      "version": "0.2.3",
      "dev": true,
      "license": "Apache-2.0",
      "devDependencies": {
@@ -16290,7 +16290,7 @@
    },
    "packages/vscode-ide-companion": {
      "name": "qwen-code-vscode-ide-companion",
-      "version": "0.2.2",
+      "version": "0.2.3",
      "license": "LICENSE",
      "dependencies": {
        "@modelcontextprotocol/sdk": "^1.15.1",
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@qwen-code/qwen-code",
-  "version": "0.2.2",
+  "version": "0.2.3",
  "engines": {
    "node": ">=20.0.0"
  },
@@ -13,7 +13,7 @@
    "url": "git+https://github.com/QwenLM/qwen-code.git"
  },
  "config": {
-    "sandboxImageUri": "ghcr.io/qwenlm/qwen-code:0.2.2"
+    "sandboxImageUri": "ghcr.io/qwenlm/qwen-code:0.2.3"
  },
  "scripts": {
    "start": "cross-env node scripts/start.js",
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@qwen-code/qwen-code",
-  "version": "0.2.2",
+  "version": "0.2.3",
  "description": "Qwen Code",
  "repository": {
    "type": "git",
@@ -25,7 +25,7 @@
    "dist"
  ],
  "config": {
-    "sandboxImageUri": "ghcr.io/qwenlm/qwen-code:0.2.2"
+    "sandboxImageUri": "ghcr.io/qwenlm/qwen-code:0.2.3"
  },
  "dependencies": {
    "@google/genai": "1.16.0",
--- a/packages/cli/src/ui/AppContainer.tsx
+++ b/packages/cli/src/ui/AppContainer.tsx
@@ -353,7 +353,7 @@ export const AppContainer = (props: AppContainerProps) => {
    handleAuthSelect,
    openAuthDialog,
    cancelAuthentication,
-  } = useAuthCommand(settings, config);
+  } = useAuthCommand(settings, config, historyManager.addItem);

  const { proQuotaRequest, handleProQuotaChoice } = useQuotaAndFallback({
    config,
--- a/packages/cli/src/ui/auth/useAuth.ts
+++ b/packages/cli/src/ui/auth/useAuth.ts
@@ -4,23 +4,28 @@
 * SPDX-License-Identifier: Apache-2.0
 */

-import { useState, useCallback, useEffect } from 'react';
-import type { LoadedSettings, SettingScope } from '../../config/settings.js';
 import type { Config } from '@qwen-code/qwen-code-core';
 import {
+  AuthEvent,
  AuthType,
  clearCachedCredentialFile,
  getErrorMessage,
  logAuth,
-  AuthEvent,
 } from '@qwen-code/qwen-code-core';
-import { AuthState } from '../types.js';
-import { useQwenAuth } from '../hooks/useQwenAuth.js';
+import { useCallback, useEffect, useState } from 'react';
+import type { LoadedSettings, SettingScope } from '../../config/settings.js';
 import type { OpenAICredentials } from '../components/OpenAIKeyPrompt.js';
+import { useQwenAuth } from '../hooks/useQwenAuth.js';
+import { AuthState, MessageType } from '../types.js';
+import type { HistoryItem } from '../types.js';

 export type { QwenAuthState } from '../hooks/useQwenAuth.js';

-export const useAuthCommand = (settings: LoadedSettings, config: Config) => {
+export const useAuthCommand = (
+  settings: LoadedSettings,
+  config: Config,
+  addItem: (item: Omit<HistoryItem, 'id'>, timestamp: number) => void,
+) => {
  const unAuthenticated =
    settings.merged.security?.auth?.selectedType === undefined;

@@ -117,8 +122,17 @@ export const useAuthCommand = (settings: LoadedSettings, config: Config) => {
      // Log authentication success
      const authEvent = new AuthEvent(authType, 'manual', 'success');
      logAuth(config, authEvent);
+
+      // Show success message
+      addItem(
+        {
+          type: MessageType.INFO,
+          text: `Authenticated successfully with ${authType} credentials.`,
+        },
+        Date.now(),
+      );
    },
-    [settings, handleAuthFailure, config],
+    [settings, handleAuthFailure, config, addItem],
  );

  const performAuth = useCallback(
--- a/packages/cli/src/ui/utils/commandUtils.test.ts
+++ b/packages/cli/src/ui/utils/commandUtils.test.ts
@@ -13,6 +13,7 @@ import {
  isSlashCommand,
  copyToClipboard,
  getUrlOpenCommand,
+  CodePage,
 } from './commandUtils.js';

 // Mock child_process
@@ -188,7 +189,10 @@ describe('commandUtils', () => {

        await copyToClipboard(testText);

-        expect(mockSpawn).toHaveBeenCalledWith('clip', []);
+        expect(mockSpawn).toHaveBeenCalledWith('cmd', [
+          '/c',
+          `chcp ${CodePage.UTF8} >nul && clip`,
+        ]);
        expect(mockChild.stdin.write).toHaveBeenCalledWith(testText);
        expect(mockChild.stdin.end).toHaveBeenCalled();
      });
--- a/packages/cli/src/ui/utils/commandUtils.ts
+++ b/packages/cli/src/ui/utils/commandUtils.ts
@@ -7,6 +7,23 @@
 import type { SpawnOptions } from 'node:child_process';
 import { spawn } from 'node:child_process';

+/**
+ * Common Windows console code pages (CP) used for encoding conversions.
+ *
+ * @remarks
+ * - `UTF8` (65001): Unicode (UTF-8) — recommended for cross-language scripts.
+ * - `GBK` (936): Simplified Chinese — default on most Chinese Windows systems.
+ * - `BIG5` (950): Traditional Chinese.
+ * - `LATIN1` (1252): Western European — default on many Western systems.
+ */
+export const CodePage = {
+  UTF8: 65001,
+  GBK: 936,
+  BIG5: 950,
+  LATIN1: 1252,
+} as const;
+
+export type CodePage = (typeof CodePage)[keyof typeof CodePage];
 /**
 * Checks if a query string potentially represents an '@' command.
 * It triggers if the query starts with '@' or contains '@' preceded by whitespace
@@ -80,7 +97,7 @@ export const copyToClipboard = async (text: string): Promise<void> => {

  switch (process.platform) {
    case 'win32':
-      return run('clip', []);
+      return run('cmd', ['/c', `chcp ${CodePage.UTF8} >nul && clip`]);
    case 'darwin':
      return run('pbcopy', []);
    case 'linux':
--- a/packages/core/package.json
+++ b/packages/core/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@qwen-code/qwen-code-core",
-  "version": "0.2.2",
+  "version": "0.2.3",
  "description": "Qwen Code Core",
  "repository": {
    "type": "git",
--- a/packages/core/src/qwen/qwenOAuth2.test.ts
+++ b/packages/core/src/qwen/qwenOAuth2.test.ts
@@ -623,14 +623,16 @@ describe('QwenOAuth2Client', () => {
    });

    it('should handle authorization_pending with HTTP 400 according to RFC 8628', async () => {
+      const errorData = {
+        error: 'authorization_pending',
+        error_description: 'The authorization request is still pending',
+      };
      const mockResponse = {
        ok: false,
        status: 400,
        statusText: 'Bad Request',
-        json: async () => ({
-          error: 'authorization_pending',
-          error_description: 'The authorization request is still pending',
-        }),
+        text: async () => JSON.stringify(errorData),
+        json: async () => errorData,
      };

      vi.mocked(global.fetch).mockResolvedValue(mockResponse as Response);
@@ -646,14 +648,16 @@ describe('QwenOAuth2Client', () => {
    });

    it('should handle slow_down with HTTP 429 according to RFC 8628', async () => {
+      const errorData = {
+        error: 'slow_down',
+        error_description: 'The client is polling too frequently',
+      };
      const mockResponse = {
        ok: false,
        status: 429,
        statusText: 'Too Many Requests',
-        json: async () => ({
-          error: 'slow_down',
-          error_description: 'The client is polling too frequently',
-        }),
+        text: async () => JSON.stringify(errorData),
+        json: async () => errorData,
      };

      vi.mocked(global.fetch).mockResolvedValue(mockResponse as Response);
@@ -1993,14 +1997,16 @@ describe('Enhanced Error Handling and Edge Cases', () => {
    });

    it('should handle authorization_pending with correct status', async () => {
+      const errorData = {
+        error: 'authorization_pending',
+        error_description: 'Authorization request is pending',
+      };
      const mockResponse = {
        ok: false,
        status: 400,
        statusText: 'Bad Request',
-        json: vi.fn().mockResolvedValue({
-          error: 'authorization_pending',
-          error_description: 'Authorization request is pending',
-        }),
+        text: vi.fn().mockResolvedValue(JSON.stringify(errorData)),
+        json: vi.fn().mockResolvedValue(errorData),
      };

      vi.mocked(global.fetch).mockResolvedValue(
--- a/packages/core/src/qwen/qwenOAuth2.ts
+++ b/packages/core/src/qwen/qwenOAuth2.ts
@@ -345,44 +345,47 @@ export class QwenOAuth2Client implements IQwenOAuth2Client {
    });

    if (!response.ok) {
-      // Parse the response as JSON to check for OAuth RFC 8628 standard errors
+      // Read response body as text first (can only be read once)
+      const responseText = await response.text();
+
+      // Try to parse as JSON to check for OAuth RFC 8628 standard errors
+      let errorData: ErrorData | null = null;
      try {
-        const errorData = (await response.json()) as ErrorData;
-
-        // According to OAuth RFC 8628, handle standard polling responses
-        if (
-          response.status === 400 &&
-          errorData.error === 'authorization_pending'
-        ) {
-          // User has not yet approved the authorization request. Continue polling.
-          return { status: 'pending' } as DeviceTokenPendingData;
-        }
-
-        if (response.status === 429 && errorData.error === 'slow_down') {
-          // Client is polling too frequently. Return pending with slowDown flag.
-          return {
-            status: 'pending',
-            slowDown: true,
-          } as DeviceTokenPendingData;
-        }
-
-        // Handle other 400 errors (access_denied, expired_token, etc.) as real errors
-
-        // For other errors, throw with proper error information
-        const error = new Error(
-          `Device token poll failed: ${errorData.error || 'Unknown error'} - ${errorData.error_description || 'No details provided'}`,
-        );
-        (error as Error & { status?: number }).status = response.status;
-        throw error;
+        errorData = JSON.parse(responseText) as ErrorData;
      } catch (_parseError) {
-        // If JSON parsing fails, fall back to text response
-        const errorData = await response.text();
+        // If JSON parsing fails, use text response
        const error = new Error(
-          `Device token poll failed: ${response.status} ${response.statusText}. Response: ${errorData}`,
+          `Device token poll failed: ${response.status} ${response.statusText}. Response: ${responseText}`,
        );
        (error as Error & { status?: number }).status = response.status;
        throw error;
      }
+
+      // According to OAuth RFC 8628, handle standard polling responses
+      if (
+        response.status === 400 &&
+        errorData.error === 'authorization_pending'
+      ) {
+        // User has not yet approved the authorization request. Continue polling.
+        return { status: 'pending' } as DeviceTokenPendingData;
+      }
+
+      if (response.status === 429 && errorData.error === 'slow_down') {
+        // Client is polling too frequently. Return pending with slowDown flag.
+        return {
+          status: 'pending',
+          slowDown: true,
+        } as DeviceTokenPendingData;
+      }
+
+      // Handle other 400 errors (access_denied, expired_token, etc.) as real errors
+
+      // For other errors, throw with proper error information
+      const error = new Error(
+        `Device token poll failed: ${errorData.error || 'Unknown error'} - ${errorData.error_description}`,
+      );
+      (error as Error & { status?: number }).status = response.status;
+      throw error;
    }

    return (await response.json()) as DeviceTokenResponse;
--- a/packages/test-utils/package.json
+++ b/packages/test-utils/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@qwen-code/qwen-code-test-utils",
-  "version": "0.2.2",
+  "version": "0.2.3",
  "private": true,
  "main": "src/index.ts",
  "license": "Apache-2.0",
--- a/packages/vscode-ide-companion/package.json
+++ b/packages/vscode-ide-companion/package.json
@@ -2,7 +2,7 @@
  "name": "qwen-code-vscode-ide-companion",
  "displayName": "Qwen Code Companion",
  "description": "Enable Qwen Code with direct access to your VS Code workspace.",
-  "version": "0.2.2",
+  "version": "0.2.3",
  "publisher": "qwenlm",
  "icon": "assets/icon.png",
  "repository": {
Author	SHA1	Message	Date
mingholy.lmh	27b1154529	refactor(auth): enhance useAuthCommand to include history management and improve error handling in QwenOAuth2Client	2025-11-20 14:16:04 +08:00
citlalinda	e1f793b2e0	fix: character encoding corruption when executing the /copy command on Windows. (#1069 ) Co-authored-by: linda <hxn@163.com>	2025-11-20 10:23:17 +08:00
tanzhenxin	3c64f7bff5	chore: pump version to 0.2.3 (#1073 )	2025-11-20 10:09:12 +08:00