@pikoloo/codex-proxy 1.1.0 → 1.2.2

package/src/cli/account.js

@@ -0,0 +1,236 @@
+#!/usr/bin/env node
+
+import { createInterface } from 'readline/promises';
+import { stdin, stdout } from 'process';
+import { spawn } from 'child_process';
+import net from 'net';
+
+import {
+    OAUTH_CONFIG,
+    generatePKCE,
+    generateState,
+    getAuthorizationUrl,
+    extractCodeFromInput,
+    exchangeCodeForTokens,
+    extractAccountInfo
+} from '../oauth.js';
+import {
+    ACCOUNT_FILE,
+    getActiveAccount,
+    listAccounts,
+    refreshActiveAccount,
+    removeAccount,
+    setConfiguredAccount
+} from '../account-manager.js';
+
+const DEFAULT_PORT = 8081;
+
+function createRL() {
+    return createInterface({ input: stdin, output: stdout });
+}
+
+function openBrowser(url) {
+    const platform = process.platform;
+    let command;
+    let args;
+
+    if (platform === 'darwin') {
+        command = 'open';
+        args = [url];
+    } else if (platform === 'win32') {
+        command = 'cmd';
+        args = ['/c', 'start', '', url.replace(/&/g, '^&')];
+    } else {
+        command = 'xdg-open';
+        args = [url];
+    }
+
+    const child = spawn(command, args, { stdio: 'ignore', detached: true });
+    child.on('error', () => {
+        console.log('\nCould not open browser automatically.');
+        console.log('Please open this URL manually:', url);
+    });
+    child.unref();
+}
+
+function isServerRunning(port) {
+    return new Promise((resolve) => {
+        const socket = new net.Socket();
+        socket.setTimeout(1000);
+        socket.on('connect', () => {
+            socket.destroy();
+            resolve(true);
+        });
+        socket.on('timeout', () => {
+            socket.destroy();
+            resolve(false);
+        });
+        socket.on('error', () => {
+            socket.destroy();
+            resolve(false);
+        });
+        socket.connect(port, 'localhost');
+    });
+}
+
+async function ensureServerStopped(port) {
+    if (await isServerRunning(port)) {
+        console.error(`
+Error: Proxy server is currently running on port ${port}.
+
+Please stop the server before changing the configured account from the CLI.
+Use the dashboard while the server is running.
+`);
+        process.exit(1);
+    }
+}
+
+function buildAccount(tokens) {
+    const accountInfo = extractAccountInfo(tokens.accessToken);
+    return {
+        email: accountInfo?.email || 'unknown',
+        accountId: accountInfo?.accountId,
+        planType: accountInfo?.planType || 'free',
+        accessToken: tokens.accessToken,
+        refreshToken: tokens.refreshToken,
+        idToken: tokens.idToken,
+        expiresAt: accountInfo?.expiresAt || (Date.now() + tokens.expiresIn * 1000),
+        addedAt: new Date().toISOString(),
+        lastUsed: null
+    };
+}
+
+async function addAccount(rl, { noBrowser }) {
+    console.log(noBrowser ? '\n=== Configure Account (No-Browser Mode) ===\n' : '\n=== Configure Account ===\n');
+
+    const { verifier } = generatePKCE();
+    const state = generateState();
+    const url = getAuthorizationUrl(verifier, state, OAUTH_CONFIG.callbackPort);
+
+    if (noBrowser) {
+        console.log('Copy this URL and open it in a browser on another device:\n');
+    } else {
+        console.log('Opening browser for ChatGPT sign-in...');
+        console.log('(If the browser does not open, copy this URL manually)\n');
+        openBrowser(url);
+    }
+
+    console.log(`   ${url}\n`);
+    console.log('After signing in, paste the full callback URL or authorization code.\n');
+
+    const input = await rl.question('Callback URL or authorization code: ');
+
+    try {
+        const { code, state: extractedState, port } = extractCodeFromInput(input);
+        if (extractedState && extractedState !== state) {
+            throw new Error('OAuth state mismatch. Refusing to exchange the authorization code.');
+        }
+
+        console.log('\nExchanging authorization code for tokens...');
+        const tokens = await exchangeCodeForTokens(code, verifier, port || OAUTH_CONFIG.callbackPort);
+        const account = buildAccount(tokens);
+        setConfiguredAccount(account);
+        console.log(`\nConfigured account: ${account.email}`);
+    } catch (error) {
+        console.error(`\nAuthentication failed: ${error.message}`);
+        process.exitCode = 1;
+    }
+}
+
+function showAccount() {
+    const { account } = listAccounts();
+    if (!account) {
+        console.log('\nNo account configured.');
+        console.log(`Config file: ${ACCOUNT_FILE}`);
+        return;
+    }
+
+    console.log('\nConfigured account:');
+    console.log(`  Email: ${account.email}`);
+    console.log(`  Plan: ${account.planType}`);
+    console.log(`  Token: ${account.tokenExpired ? 'expired' : 'valid'}`);
+    console.log(`  Config file: ${ACCOUNT_FILE}`);
+}
+
+async function verifyAccount() {
+    const account = getActiveAccount();
+    if (!account) {
+        console.log('No account configured.');
+        return;
+    }
+
+    const result = await refreshActiveAccount();
+    console.log(result.success ? `OK: ${account.email}` : `Failed: ${result.message}`);
+    if (!result.success) process.exitCode = 1;
+}
+
+async function removeConfiguredAccount(rl) {
+    const account = getActiveAccount();
+    if (!account) {
+        console.log('No account configured.');
+        return;
+    }
+
+    const confirm = await rl.question(`Remove configured account ${account.email}? [y/N]: `);
+    if (confirm.toLowerCase() !== 'y') {
+        console.log('Cancelled.');
+        return;
+    }
+
+    const result = removeAccount();
+    console.log(result.message);
+}
+
+function showHelp() {
+    console.log(`
+Usage:
+  codex-proxy account add               Configure account (opens browser)
+  codex-proxy account add --no-browser  Configure account manually
+  codex-proxy account show              Show configured account
+  codex-proxy account verify            Refresh and verify configured account
+  codex-proxy account remove            Remove configured account
+  codex-proxy account clear             Remove configured account
+  codex-proxy account help              Show this help
+
+Adding or importing an account replaces the existing local account.
+`);
+}
+
+async function main() {
+    const args = process.argv.slice(2);
+    const command = args[0] || 'help';
+    const noBrowser = args.includes('--no-browser');
+    const port = parseInt(args.find(a => a.startsWith('--port='))?.split('=')[1]) || DEFAULT_PORT;
+    const rl = createRL();
+
+    try {
+        switch (command) {
+            case 'add':
+                await ensureServerStopped(port);
+                await addAccount(rl, { noBrowser });
+                break;
+            case 'show':
+                showAccount();
+                break;
+            case 'verify':
+                await verifyAccount();
+                break;
+            case 'remove':
+            case 'clear':
+                await ensureServerStopped(port);
+                await removeConfiguredAccount(rl);
+                break;
+            case 'help':
+            default:
+                showHelp();
+                break;
+        }
+    } finally {
+        rl.close();
+    }
+}
+
+main().catch((error) => {
+    console.error('Error:', error.message);
+    process.exit(1);
+});

package/src/direct-api.js

@@ -41,8 +41,7 @@ function parseResetTime(response, errorText) {
 /**
  * Send a streaming request to ChatGPT API
  */
-export async function* sendMessageStream(anthropicRequest, accessToken, accountId, accountRotator = null, currentEmail = null) {
-    const modelId = anthropicRequest.model;
+export async function* sendMessageStream(anthropicRequest, accessToken, accountId) {
     const request = convertAnthropicToResponsesAPI(anthropicRequest);
     
     const response = await fetch(API_URL, {
@@ -60,17 +59,11 @@ export async function* sendMessageStream(anthropicRequest, accessToken, accountI
         const errorText = await response.text();
         
         if (response.status === 401) {
-            if (accountRotator && currentEmail) {
-                accountRotator.markInvalid(currentEmail, 'Token expired or revoked');
-            }
             throw new Error('AUTH_EXPIRED: Token expired or revoked. Please re-authenticate.');
         }
         
         if (response.status === 429) {
             const resetMs = parseResetTime(response, errorText);
-            if (accountRotator && currentEmail) {
-                accountRotator.markRateLimited(currentEmail, resetMs, modelId);
-            }
             throw new Error(`RATE_LIMITED:${resetMs}:${errorText}`);
         }
         
@@ -117,6 +110,11 @@ export async function sendMessage(anthropicRequest, accessToken, accountId) {
         if (response.status === 401) {
             throw new Error('AUTH_EXPIRED: Token expired or revoked. Please re-authenticate.');
         }
+
+        if (response.status === 429) {
+            const resetMs = parseResetTime(response, errorText);
+            throw new Error(`RATE_LIMITED:${resetMs}:${errorText}`);
+        }
         
         throw new Error(`API_ERROR: ${response.status} - ${errorText}`);
     }
@@ -161,4 +159,4 @@ export default {
     sendMessageStream,
     sendMessage,
     parseResetTime
-};
+};

package/src/index.js

@@ -5,7 +5,7 @@
 
 import { startServer } from './server.js';
 import { logger } from './utils/logger.js';
-import { getStatus, ACCOUNTS_FILE } from './account-manager.js';
+import { getStatus, ACCOUNT_FILE } from './account-manager.js';
 
 const PORT = Number(process.env.PORT || 8081);
 const HOST = process.env.HOST || '127.0.0.1';
@@ -14,19 +14,19 @@ startServer({ port: PORT, host: HOST });
 
 console.log(`
 ╔══════════════════════════════════════════════════════════════╗
-║                 Codex Claude Proxy v1.1.0                    ║
+	║                 Codex Claude Proxy v1.2.2                    ║
 ║                   (Direct API Mode)                          ║
 ╠══════════════════════════════════════════════════════════════╣
 ║  Server:   http://${HOST}:${PORT}                          ║
 ║  WebUI:    http://${HOST}:${PORT}                          ║
 ║  Health:   http://${HOST}:${PORT}/health                   ║
-║  Accounts: http://${HOST}:${PORT}/accounts                 ║
+	║  Account:  http://${HOST}:${PORT}/account                  ║
 ║  Logs:     http://${HOST}:${PORT}/api/logs/stream          ║
 ╠══════════════════════════════════════════════════════════════╣
 ║  Features:                                                   ║
 ║    ✓ Native tool calling support                             ║
 ║    ✓ Real-time streaming                                     ║
-║    ✓ Multi-account management                                ║
+	║    ✓ Single-account local mode                               ║
 ║    ✓ OpenAI & Anthropic API compatibility                    ║
 ╠══════════════════════════════════════════════════════════════╣
 ║  Support:                                                    ║
@@ -36,11 +36,11 @@ console.log(`
 `);
 
 const status = getStatus();
-logger.info(`Accounts: ${status.total} total, Active: ${status.active || 'None'}`);
+logger.info(`Account configured: ${status.active || 'None'}`);
 
 if (status.total === 0) {
-  logger.warn(`No accounts configured. Open http://${HOST}:${PORT} to add one.`);
+  logger.warn(`No account configured. Open http://${HOST}:${PORT} to add one.`);
 }
 
 // Expose config path in logs for convenience
-logger.info(`Accounts config: ${ACCOUNTS_FILE}`);
+logger.info(`Account config: ${ACCOUNT_FILE}`);

package/src/middleware/credentials.js

@@ -1,19 +1,18 @@
 /**
  * Credentials Middleware
- * Resolves and validates the active account credentials,
+ * Resolves and validates the configured account credentials,
  * auto-refreshing tokens when they are expired or expiring soon.
  */
 
 import {
   getActiveAccount,
   refreshAccountToken,
-  isTokenExpiredOrExpiringSoon,
-  loadAccounts
+  isTokenExpiredOrExpiringSoon
 } from '../account-manager.js';
 import { logger } from '../utils/logger.js';
 
 /**
- * Resolves the active account credentials, refreshing the token if needed.
+ * Resolves the configured account credentials, refreshing the token if needed.
  * Returns null if no valid account is available.
  *
  * @returns {Promise<{accessToken: string, accountId: string, email: string}|null>}
@@ -22,7 +21,7 @@ export async function getCredentialsOrError() {
   const account = getActiveAccount();
 
   if (!account) {
-    logger.info('No active account found');
+    logger.info('No configured account found');
     return null;
   }
 
@@ -61,56 +60,16 @@ export async function getCredentialsOrError() {
   };
 }
 
-/**
- * Get credentials for a specific account by email.
- * @param {string} email
- * @returns {Promise<{accessToken: string, accountId: string, email: string}|null>}
- */
-export async function getCredentialsForAccount(email) {
-  const data = loadAccounts();
-  const account = data.accounts.find(a => a.email === email);
-
-  if (!account) {
-    return null;
-  }
-
-  if (!account.accessToken || !account.accountId) {
-    return null;
-  }
-
-  if (isTokenExpiredOrExpiringSoon(account)) {
-    const result = await refreshAccountToken(account.email);
-    if (!result.success) {
-      return null;
-    }
-    const refreshedData = loadAccounts();
-    const refreshedAccount = refreshedData.accounts.find(a => a.email === email);
-    if (!refreshedAccount) return null;
-
-    return {
-      accessToken: refreshedAccount.accessToken,
-      accountId: refreshedAccount.accountId,
-      email: refreshedAccount.email
-    };
-  }
-
-  return {
-    accessToken: account.accessToken,
-    accountId: account.accountId,
-    email: account.email
-  };
-}
-
 /**
  * Sends a 401 authentication error response.
  * @param {import('express').Response} res
  * @param {string} [message]
  */
-export function sendAuthError(res, message = 'No active account with valid credentials. Add an account via /accounts/add') {
+export function sendAuthError(res, message = 'No configured account with valid credentials. Add an account via /account/add') {
   return res.status(401).json({
     type: 'error',
     error: { type: 'authentication_error', message }
   });
 }
 
-export default { getCredentialsOrError, getCredentialsForAccount, sendAuthError };
+export default { getCredentialsOrError, sendAuthError };

package/src/oauth.js

@@ -115,7 +115,7 @@ function getAuthorizationUrl(verifier, state, port) {
         id_token_add_organizations: 'true',
         codex_cli_simplified_flow: 'true',
         originator: 'codex_cli_rs',
-        prompt: 'login', // Force login screen for multi-account support
+        prompt: 'login',
         max_age: '0'      // Force re-authentication
     });
     
@@ -624,6 +624,7 @@ export function extractCodeFromInput(input) {
                 throw new Error('No authorization code found in URL');
             }
 
+            const port = Number(url.port);
             return { code, state, port: Number.isInteger(port) && port > 0 ? port : null };
         } catch (e) {
             if (e.message.includes('OAuth error') || e.message.includes('No authorization code')) {

package/src/routes/{accounts-route.js → account-route.js}

@@ -1,36 +1,19 @@
 /**
- * Accounts Route
- * Handles all /accounts/* endpoints:
- *   GET    /accounts
- *   GET    /accounts/status
- *   GET    /accounts/quota
- *   GET    /accounts/quota/all
- *   POST   /accounts/add
- *   POST   /accounts/add/manual
- *   POST   /accounts/switch
- *   POST   /accounts/import
- *   POST   /accounts/refresh
- *   POST   /accounts/refresh/all
- *   POST   /accounts/:email/refresh
- *   POST   /accounts/oauth/cleanup
- *   DELETE /accounts/:email
+ * Account Route
+ * Handles single-account management endpoints.
  */
 
 import {
   getActiveAccount,
-  setActiveAccount,
   removeAccount,
   listAccounts,
   refreshActiveAccount,
-  refreshAccountToken,
-  refreshAllAccounts,
   importFromCodex,
-  getStatus,
+  updateAccountQuota,
+  getAccountQuota,
   loadAccounts,
   saveAccounts,
-  updateAccountAuth,
-  updateAccountQuota,
-  getAccountQuota
+  updateAccountAuth
 } from '../account-manager.js';
 
 import {
@@ -51,17 +34,14 @@ import {
 
 import { logger } from '../utils/logger.js';
 
-// Tracks active OAuth callback servers keyed by port
 const activeCallbackServers = new Map();
 
-// ─── Route Handlers ──────────────────────────────────────────────────────────
-
-export function handleListAccounts(req, res) {
+export function handleGetAccount(req, res) {
   res.json(listAccounts());
 }
 
 export function handleAccountStatus(req, res) {
-  res.json(getStatus());
+  res.json(listAccounts());
 }
 
 export function handleOAuthCleanup(req, res) {
@@ -69,17 +49,15 @@ export function handleOAuthCleanup(req, res) {
     try { callback.abort(); } catch { /* ignore */ }
   }
   activeCallbackServers.clear();
-  res.json({ success: true, message: 'OAuth servers cleaned up' });
+  res.json({ success: true, message: 'OAuth server cleaned up' });
 }
 
 export async function handleAddAccount(req, res) {
   const { port } = req.body || {};
   const callbackPort = port || OAUTH_CONFIG.callbackPort;
-
   const { verifier } = generatePKCE();
   const state = generateState();
 
-  // Close any existing server on this port
   if (activeCallbackServers.has(callbackPort)) {
     const existing = activeCallbackServers.get(callbackPort);
     if (existing.abort) existing.abort();
@@ -100,7 +78,6 @@ export async function handleAddAccount(req, res) {
   }
 
   const oauthUrl = getAuthorizationUrl(verifier, state, actualPort);
-
   activeCallbackServers.set(actualPort, serverResult);
 
   serverResult.promise
@@ -110,8 +87,8 @@ export async function handleAddAccount(req, res) {
         return exchangeCodeForTokens(result.code, verifier, actualPort)
           .then(async tokens => {
             const accountInfo = _buildAccountInfo(tokens);
-            await _upsertAccount(accountInfo);
-            logger.info(`Added account: ${accountInfo.email}`);
+            await _replaceAccount(accountInfo);
+            logger.info(`Configured account: ${accountInfo.email}`);
           });
       }
     })
@@ -150,54 +127,30 @@ export async function handleAddAccountManual(req, res) {
     const tokens = await exchangeCodeForTokens(extractedCode, codeVerifier, callbackPort);
     const accountInfo = _buildAccountInfo(tokens);
 
-    await _upsertAccount(accountInfo);
+    await _replaceAccount(accountInfo);
     const callback = activeCallbackServers.get(callbackPort);
     if (callback?.abort) callback.abort();
     activeCallbackServers.delete(callbackPort);
-    logger.info(`Added account via manual OAuth: ${accountInfo.email}`);
-    res.json({ success: true, message: `Account ${accountInfo.email} added successfully` });
+    logger.info(`Configured account via manual OAuth: ${accountInfo.email}`);
+    res.json({ success: true, message: `Account ${accountInfo.email} configured successfully` });
   } catch (err) {
     logger.error(`Manual OAuth failed: ${err.message}`);
     res.status(400).json({ success: false, error: err.message });
   }
 }
 
-export function handleSwitchAccount(req, res) {
-  const { email } = req.body || {};
-  if (!email) {
-    return res.status(400).json({ success: false, message: 'Email is required' });
-  }
-  const result = setActiveAccount(email);
-  if (result.success) {
-    logger.info(`Switched to account: ${email}`);
-  }
-  res.json(result);
-}
-
 export async function handleRefreshAccount(req, res) {
-  const email = decodeURIComponent(req.params.email);
-  const result = await refreshAccountToken(email);
+  const result = await refreshActiveAccount();
   if (result.success) {
-    logger.info(`Refreshed token for: ${email}`);
+    logger.info(result.message);
   }
   res.json(result);
 }
 
-export async function handleRefreshAllAccounts(req, res) {
-  const result = await refreshAllAccounts();
-  res.json(result);
-}
-
-export async function handleRefreshActiveAccount(req, res) {
-  const result = await refreshActiveAccount();
-  res.json(result);
-}
-
 export function handleRemoveAccount(req, res) {
-  const email = decodeURIComponent(req.params.email);
-  const result = removeAccount(email);
+  const result = removeAccount();
   if (result.success) {
-    logger.info(`Removed account: ${email}`);
+    logger.info(result.message);
   }
   res.json(result);
 }
@@ -208,15 +161,13 @@ export function handleImportAccount(req, res) {
 }
 
 export async function handleGetQuota(req, res) {
-  const { email, refresh } = req.query;
-  const account = email
-    ? loadAccounts().accounts.find(a => a.email === email)
-    : getActiveAccount();
+  const { refresh } = req.query;
+  const account = getActiveAccount();
 
   if (!account) {
     return res.status(404).json({
       success: false,
-      error: email ? `Account not found: ${email}` : 'No active account'
+      error: 'No account configured'
     });
   }
 
@@ -248,48 +199,17 @@ export async function handleGetQuota(req, res) {
   }
 }
 
-export async function handleGetAllQuotas(req, res) {
-  const { accounts: accountList } = listAccounts();
-  const results = [];
-
-  for (const account of accountList) {
-    try {
-      const quota = await getAccountQuota(account.email);
-      results.push({ email: account.email, quota: quota || null });
-    } catch {
-      results.push({ email: account.email, quota: null });
-    }
-  }
-
-  res.json({ accounts: results });
-}
-
-// ─── Helpers ─────────────────────────────────────────────────────────────────
-
-/**
- * Inserts or updates an account in the persisted accounts store,
- * and sets it as the active account.
- * @param {object} accountInfo
- */
-async function _upsertAccount(accountInfo) {
+async function _replaceAccount(accountInfo) {
   if (!accountInfo?.email) {
     throw new Error('OAuth response did not include account email');
   }
 
   const data = loadAccounts();
-  const existingIndex = data.accounts.findIndex(a => a.email === accountInfo.email);
-
-  if (existingIndex >= 0) {
-    data.accounts[existingIndex] = { ...data.accounts[existingIndex], ...accountInfo };
-  } else {
-    data.accounts.push(accountInfo);
-  }
-
+  data.accounts = [accountInfo];
   data.activeAccount = accountInfo.email;
   saveAccounts(data);
   updateAccountAuth(accountInfo);
-  
-  // Fetch initial quota immediately
+
   try {
     const quotaData = await fetchAccountQuota(accountInfo.accessToken, accountInfo.accountId);
     updateAccountQuota(accountInfo.email, quotaData);
@@ -316,17 +236,13 @@ function _buildAccountInfo(tokens) {
 }
 
 export default {
-  handleListAccounts,
+  handleGetAccount,
   handleAccountStatus,
   handleOAuthCleanup,
   handleAddAccount,
   handleAddAccountManual,
-  handleSwitchAccount,
   handleRefreshAccount,
-  handleRefreshAllAccounts,
-  handleRefreshActiveAccount,
   handleRemoveAccount,
   handleImportAccount,
-  handleGetQuota,
-  handleGetAllQuotas
+  handleGetQuota
 };