npm - @bjesuiter/codex-switcher - Versions diffs - 1.7.3 → 1.7.4 - Mend

@bjesuiter/codex-switcher 1.7.3 → 1.7.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -6,15 +6,12 @@ Switch the coding-agents [pi](https://pi.dev/), [codex](https://developers.opena
 ## Latest Changes
-### 1.7.3
+### 1.7.4
 #### Fixes
-- Add recovery for OAuth callback port conflicts (`127.0.0.1:1455`) during login/relogin:
-  - detect `EADDRINUSE` as a port-in-use condition
-  - prompt to kill the existing listener and retry, switch to device flow, or cancel
-  - show detected PID/command details when available before confirmation
-- Improve callback server startup diagnostics by exposing startup error reason/code details, making port/listen failures easier to troubleshoot.
+- Detect Cloudflare/bot-protection HTML challenge responses during OAuth device flow startup and token polling, and report an explicit `cloudflare_challenge` reason instead of only a generic HTTP 403.
+- When that challenge is detected, show a clear workaround: retry without `--device-flow` to use browser/manual callback flow.
 see full changelog here: https://github.com/bjesuiter/codex-switcher/blob/main/CHANGELOG.md

package/cdx.mjs CHANGED Viewed

@@ -15,7 +15,7 @@ import { generatePKCE } from "@openauthjs/openauth/pkce";
 import http from "node:http";
 //#region package.json
-var version = "1.7.3";
+var version = "1.7.4";
 //#endregion
 //#region lib/platform/path-resolver.ts
@@ -1036,6 +1036,46 @@ const truncateForLog = (value, maxLength = 300) => {
 	if (value.length <= maxLength) return value;
 	return `${value.slice(0, maxLength)}…`;
 };
+const isCloudflareChallengeResponse = (headers, bodyText) => {
+	if (headers.get("cf-mitigated")?.toLowerCase() === "challenge") return true;
+	if (!bodyText) return false;
+	return [
+		/<title>Just a moment\.\.\.<\/title>/i,
+		/Enable JavaScript and cookies to continue/i,
+		/challenge-platform/i,
+		/_cf_chl_opt/i
+	].some((pattern) => pattern.test(bodyText));
+};
+const parseOAuthErrorResponse = async (res) => {
+	let rawBody;
+	try {
+		rawBody = await res.text();
+	} catch {
+		rawBody = void 0;
+	}
+	const failureReason = isCloudflareChallengeResponse(res.headers, rawBody) ? "cloudflare_challenge" : void 0;
+	if (!rawBody) return { ...failureReason ? { failureReason } : {} };
+	const trimmed = rawBody.trim();
+	if (!trimmed) return { ...failureReason ? { failureReason } : {} };
+	try {
+		const json = JSON.parse(trimmed);
+		return {
+			...json.error ? { oauthError: json.error } : {},
+			...typeof json.interval === "number" ? { interval: json.interval } : {},
+			responseBody: truncateForLog(JSON.stringify({
+				...json.error ? { error: json.error } : {},
+				...json.error_description ? { error_description: json.error_description } : {},
+				...typeof json.interval === "number" ? { interval: json.interval } : {}
+			})),
+			...failureReason ? { failureReason } : {}
+		};
+	} catch {
+		return {
+			responseBody: failureReason === "cloudflare_challenge" ? "Cloudflare challenge response detected (HTML page)" : truncateForLog(trimmed),
+			...failureReason ? { failureReason } : {}
+		};
+	}
+};
 const startDeviceAuthorizationFlow = async () => {
 	try {
 		const res = await fetch(DEVICE_CODE_URL, {
@@ -1047,28 +1087,14 @@ const startDeviceAuthorizationFlow = async () => {
 			})
 		});
 		if (!res.ok) {
-			let oauthError;
-			let responseBody;
-			try {
-				const json = await res.json();
-				oauthError = json.error;
-				responseBody = truncateForLog(JSON.stringify({
-					...json.error ? { error: json.error } : {},
-					...json.error_description ? { error_description: json.error_description } : {}
-				}));
-			} catch {
-				try {
-					responseBody = truncateForLog(await res.text());
-				} catch {
-					responseBody = void 0;
-				}
-			}
+			const { oauthError, responseBody, failureReason } = await parseOAuthErrorResponse(res);
 			return {
 				type: "failed",
-				error: `Device code request failed with HTTP ${res.status} ${res.statusText}`,
+				error: failureReason === "cloudflare_challenge" ? "Device code request was blocked by a Cloudflare challenge response." : `Device code request failed with HTTP ${res.status} ${res.statusText}`,
 				status: res.status,
 				...oauthError ? { oauthError } : {},
-				...responseBody ? { responseBody } : {}
+				...responseBody ? { responseBody } : {},
+				...failureReason ? { failureReason } : {}
 			};
 		}
 		const json = await res.json();
@@ -1121,25 +1147,7 @@ const pollDeviceAuthorizationToken = async (deviceCode) => {
 				idToken: json.id_token
 			};
 		}
-		let errorCode;
-		let interval;
-		let responseBody;
-		try {
-			const json = await res.json();
-			errorCode = json.error;
-			interval = json.interval;
-			responseBody = truncateForLog(JSON.stringify({
-				...json.error ? { error: json.error } : {},
-				...json.error_description ? { error_description: json.error_description } : {},
-				...typeof json.interval === "number" ? { interval: json.interval } : {}
-			}));
-		} catch {
-			try {
-				responseBody = truncateForLog(await res.text());
-			} catch {
-				responseBody = void 0;
-			}
-		}
+		const { oauthError: errorCode, interval, responseBody, failureReason } = await parseOAuthErrorResponse(res);
 		if (errorCode === "authorization_pending") return {
 			type: "pending",
 			interval: typeof interval === "number" && interval > 0 ? interval : 5
@@ -1152,10 +1160,11 @@ const pollDeviceAuthorizationToken = async (deviceCode) => {
 		if (errorCode === "expired_token") return { type: "expired" };
 		return {
 			type: "failed",
-			error: `Device token polling failed with HTTP ${res.status} ${res.statusText}`,
+			error: failureReason === "cloudflare_challenge" ? "Device token polling was blocked by a Cloudflare challenge response." : `Device token polling failed with HTTP ${res.status} ${res.statusText}`,
 			status: res.status,
 			...errorCode ? { oauthError: errorCode } : {},
-			...responseBody ? { responseBody } : {}
+			...responseBody ? { responseBody } : {},
+			...failureReason ? { failureReason } : {}
 		};
 	} catch (error) {
 		return {
@@ -1561,6 +1570,10 @@ const runDeviceOAuthFlow = async (useSpinner) => {
 		if (typeof deviceFlowResult.status === "number") p.log.error(`HTTP status: ${deviceFlowResult.status}`);
 		if (deviceFlowResult.oauthError) p.log.error(`OAuth error: ${deviceFlowResult.oauthError}`);
 		if (deviceFlowResult.responseBody) p.log.error(`Response: ${deviceFlowResult.responseBody}`);
+		if (deviceFlowResult.failureReason === "cloudflare_challenge") {
+			p.log.warning("Detected Cloudflare challenge on auth.openai.com.");
+			p.log.info("Retry without --device-flow to use browser/manual callback flow.");
+		}
 		return null;
 	}
 	const deviceFlow = deviceFlowResult.flow;
@@ -1610,6 +1623,10 @@ const runDeviceOAuthFlow = async (useSpinner) => {
 			if (typeof pollResult.status === "number") p.log.error(`HTTP status: ${pollResult.status}`);
 			if (pollResult.oauthError) p.log.error(`OAuth error: ${pollResult.oauthError}`);
 			if (pollResult.responseBody) p.log.error(`Response: ${pollResult.responseBody}`);
+			if (pollResult.failureReason === "cloudflare_challenge") {
+				p.log.warning("Detected Cloudflare challenge on auth.openai.com.");
+				p.log.info("Retry without --device-flow to use browser/manual callback flow.");
+			}
 		}
 		return null;
 	}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bjesuiter/codex-switcher",
-  "version": "1.7.3",
+  "version": "1.7.4",
   "type": "module",
   "description": "CLI tool to switch between multiple OpenAI accounts for OpenCode",
   "bin": {