@zhafron/opencode-iflow-auth 1.0.0

package/dist/plugin/config/loader.js

@@ -0,0 +1,110 @@
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';
+import { join, dirname } from 'node:path';
+import { homedir } from 'node:os';
+import { AccountSelectionStrategySchema, IFlowAuthMethodSchema, IFlowConfigSchema, DEFAULT_CONFIG } from './schema.js';
+import * as logger from '../logger.js';
+function getConfigDir() {
+    const platform = process.platform;
+    if (platform === 'win32') {
+        return join(process.env.APPDATA || join(homedir(), 'AppData', 'Roaming'), 'opencode');
+    }
+    const xdgConfig = process.env.XDG_CONFIG_HOME || join(homedir(), '.config');
+    return join(xdgConfig, 'opencode');
+}
+export function getConfigPath() {
+    return join(getConfigDir(), 'iflow.json');
+}
+function ensureUserConfigTemplate() {
+    const path = getConfigPath();
+    if (!existsSync(path)) {
+        try {
+            mkdirSync(dirname(path), { recursive: true });
+            writeFileSync(path, JSON.stringify(DEFAULT_CONFIG, null, 2), 'utf-8');
+            logger.log(`Created default config template at ${path}`);
+        }
+        catch (error) {
+            logger.warn(`Failed to create config template at ${path}: ${String(error)}`);
+        }
+    }
+}
+function loadConfigFile(path) {
+    try {
+        if (!existsSync(path)) {
+            return null;
+        }
+        const content = readFileSync(path, 'utf-8');
+        const rawConfig = JSON.parse(content);
+        const result = IFlowConfigSchema.partial().safeParse(rawConfig);
+        if (!result.success) {
+            const issues = result.error.issues.map((i) => `${i.path.join('.')}: ${i.message}`).join(', ');
+            logger.warn(`Config validation error at ${path}: ${issues}`);
+            return null;
+        }
+        return result.data;
+    }
+    catch (error) {
+        if (error instanceof SyntaxError) {
+            logger.warn(`Invalid JSON in config file ${path}: ${error.message}`);
+        }
+        else {
+            logger.warn(`Failed to load config file ${path}: ${String(error)}`);
+        }
+        return null;
+    }
+}
+function mergeConfigs(base, override) {
+    return {
+        ...base,
+        ...override
+    };
+}
+function parseBooleanEnv(value, fallback) {
+    if (value === undefined) {
+        return fallback;
+    }
+    if (value === '1' || value === 'true') {
+        return true;
+    }
+    if (value === '0' || value === 'false') {
+        return false;
+    }
+    return fallback;
+}
+function parseNumberEnv(value, fallback) {
+    if (value === undefined) {
+        return fallback;
+    }
+    const parsed = Number(value);
+    if (isNaN(parsed)) {
+        return fallback;
+    }
+    return parsed;
+}
+function applyEnvOverrides(config) {
+    const env = process.env;
+    return {
+        ...config,
+        default_auth_method: env.IFLOW_DEFAULT_AUTH_METHOD
+            ? IFlowAuthMethodSchema.catch('oauth').parse(env.IFLOW_DEFAULT_AUTH_METHOD)
+            : config.default_auth_method,
+        account_selection_strategy: env.IFLOW_ACCOUNT_SELECTION_STRATEGY
+            ? AccountSelectionStrategySchema.catch('round-robin').parse(env.IFLOW_ACCOUNT_SELECTION_STRATEGY)
+            : config.account_selection_strategy,
+        auth_server_port_start: parseNumberEnv(env.IFLOW_AUTH_SERVER_PORT_START, config.auth_server_port_start),
+        auth_server_port_range: parseNumberEnv(env.IFLOW_AUTH_SERVER_PORT_RANGE, config.auth_server_port_range),
+        max_request_iterations: parseNumberEnv(env.IFLOW_MAX_REQUEST_ITERATIONS, config.max_request_iterations),
+        request_timeout_ms: parseNumberEnv(env.IFLOW_REQUEST_TIMEOUT_MS, config.request_timeout_ms),
+        enable_log_api_request: parseBooleanEnv(env.IFLOW_ENABLE_LOG_API_REQUEST, config.enable_log_api_request)
+    };
+}
+export function loadConfig() {
+    ensureUserConfigTemplate();
+    let config = { ...DEFAULT_CONFIG };
+    const userConfigPath = getConfigPath();
+    const userConfig = loadConfigFile(userConfigPath);
+    if (userConfig) {
+        config = mergeConfigs(config, userConfig);
+    }
+    config = applyEnvOverrides(config);
+    return config;
+}

package/dist/plugin/config/schema.d.ts

@@ -0,0 +1,35 @@
+import { z } from 'zod';
+export declare const AccountSelectionStrategySchema: z.ZodEnum<["sticky", "round-robin"]>;
+export type AccountSelectionStrategy = z.infer<typeof AccountSelectionStrategySchema>;
+export declare const IFlowAuthMethodSchema: z.ZodEnum<["oauth", "apikey"]>;
+export type IFlowAuthMethod = z.infer<typeof IFlowAuthMethodSchema>;
+export declare const IFlowConfigSchema: z.ZodObject<{
+    $schema: z.ZodOptional<z.ZodString>;
+    default_auth_method: z.ZodDefault<z.ZodEnum<["oauth", "apikey"]>>;
+    account_selection_strategy: z.ZodDefault<z.ZodEnum<["sticky", "round-robin"]>>;
+    auth_server_port_start: z.ZodDefault<z.ZodNumber>;
+    auth_server_port_range: z.ZodDefault<z.ZodNumber>;
+    max_request_iterations: z.ZodDefault<z.ZodNumber>;
+    request_timeout_ms: z.ZodDefault<z.ZodNumber>;
+    enable_log_api_request: z.ZodDefault<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    default_auth_method: "oauth" | "apikey";
+    account_selection_strategy: "sticky" | "round-robin";
+    auth_server_port_start: number;
+    auth_server_port_range: number;
+    max_request_iterations: number;
+    request_timeout_ms: number;
+    enable_log_api_request: boolean;
+    $schema?: string | undefined;
+}, {
+    $schema?: string | undefined;
+    default_auth_method?: "oauth" | "apikey" | undefined;
+    account_selection_strategy?: "sticky" | "round-robin" | undefined;
+    auth_server_port_start?: number | undefined;
+    auth_server_port_range?: number | undefined;
+    max_request_iterations?: number | undefined;
+    request_timeout_ms?: number | undefined;
+    enable_log_api_request?: boolean | undefined;
+}>;
+export type IFlowConfig = z.infer<typeof IFlowConfigSchema>;
+export declare const DEFAULT_CONFIG: IFlowConfig;

package/dist/plugin/config/schema.js

@@ -0,0 +1,22 @@
+import { z } from 'zod';
+export const AccountSelectionStrategySchema = z.enum(['sticky', 'round-robin']);
+export const IFlowAuthMethodSchema = z.enum(['oauth', 'apikey']);
+export const IFlowConfigSchema = z.object({
+    $schema: z.string().optional(),
+    default_auth_method: IFlowAuthMethodSchema.default('oauth'),
+    account_selection_strategy: AccountSelectionStrategySchema.default('round-robin'),
+    auth_server_port_start: z.number().min(1024).max(65535).default(8087),
+    auth_server_port_range: z.number().min(1).max(100).default(10),
+    max_request_iterations: z.number().min(10).max(1000).default(50),
+    request_timeout_ms: z.number().min(60000).max(600000).default(300000),
+    enable_log_api_request: z.boolean().default(false)
+});
+export const DEFAULT_CONFIG = {
+    default_auth_method: 'oauth',
+    account_selection_strategy: 'round-robin',
+    auth_server_port_start: 8087,
+    auth_server_port_range: 10,
+    max_request_iterations: 50,
+    request_timeout_ms: 300000,
+    enable_log_api_request: false
+};

package/dist/plugin/errors.d.ts

@@ -0,0 +1,14 @@
+export declare class IFlowAuthError extends Error {
+    code: string;
+    constructor(message: string, code: string);
+}
+export declare class IFlowTokenRefreshError extends IFlowAuthError {
+    constructor(message: string);
+}
+export declare class IFlowApiKeyInvalidError extends IFlowAuthError {
+    constructor(message: string);
+}
+export declare class IFlowRateLimitError extends IFlowAuthError {
+    retryAfter: number;
+    constructor(message: string, retryAfter: number);
+}

package/dist/plugin/errors.js

@@ -0,0 +1,25 @@
+export class IFlowAuthError extends Error {
+    code;
+    constructor(message, code) {
+        super(message);
+        this.code = code;
+        this.name = 'IFlowAuthError';
+    }
+}
+export class IFlowTokenRefreshError extends IFlowAuthError {
+    constructor(message) {
+        super(message, 'TOKEN_REFRESH_FAILED');
+    }
+}
+export class IFlowApiKeyInvalidError extends IFlowAuthError {
+    constructor(message) {
+        super(message, 'API_KEY_INVALID');
+    }
+}
+export class IFlowRateLimitError extends IFlowAuthError {
+    retryAfter;
+    constructor(message, retryAfter) {
+        super(message, 'RATE_LIMIT');
+        this.retryAfter = retryAfter;
+    }
+}

package/dist/plugin/logger.d.ts

@@ -0,0 +1,8 @@
+export declare function log(message: string, ...args: unknown[]): void;
+export declare function error(message: string, ...args: unknown[]): void;
+export declare function warn(message: string, ...args: unknown[]): void;
+export declare function debug(message: string, ...args: unknown[]): void;
+export declare function logApiRequest(data: any, timestamp: string): void;
+export declare function logApiResponse(data: any, timestamp: string): void;
+export declare function logApiError(requestData: any, responseData: any, timestamp: string): void;
+export declare function getTimestamp(): string;

package/dist/plugin/logger.js

@@ -0,0 +1,63 @@
+import { appendFileSync, mkdirSync, writeFileSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+const getLogDir = () => {
+    const platform = process.platform;
+    const base = platform === 'win32'
+        ? join(process.env.APPDATA || join(homedir(), 'AppData', 'Roaming'), 'opencode')
+        : join(process.env.XDG_CONFIG_HOME || join(homedir(), '.config'), 'opencode');
+    return join(base, 'iflow-logs');
+};
+const writeToFile = (level, message, ...args) => {
+    try {
+        const dir = getLogDir();
+        mkdirSync(dir, { recursive: true });
+        const path = join(dir, 'plugin.log');
+        const timestamp = new Date().toISOString();
+        const content = `[${timestamp}] ${level}: ${message} ${args.map((a) => (typeof a === 'object' ? JSON.stringify(a) : String(a))).join(' ')}\n`;
+        appendFileSync(path, content);
+    }
+    catch (e) { }
+};
+const writeApiLog = (type, data, timestamp, isError = false) => {
+    try {
+        const dir = getLogDir();
+        mkdirSync(dir, { recursive: true });
+        const prefix = isError ? 'error_' : '';
+        const filename = `${prefix}${timestamp}_${type}.json`;
+        const path = join(dir, filename);
+        const content = JSON.stringify(data, null, 2);
+        writeFileSync(path, content);
+    }
+    catch (e) { }
+};
+export function log(message, ...args) {
+    writeToFile('INFO', message, ...args);
+}
+export function error(message, ...args) {
+    writeToFile('ERROR', message, ...args);
+}
+export function warn(message, ...args) {
+    writeToFile('WARN', message, ...args);
+}
+export function debug(message, ...args) {
+    if (process.env.DEBUG) {
+        writeToFile('DEBUG', message, ...args);
+    }
+}
+export function logApiRequest(data, timestamp) {
+    writeApiLog('request', data, timestamp);
+}
+export function logApiResponse(data, timestamp) {
+    writeApiLog('response', data, timestamp);
+}
+export function logApiError(requestData, responseData, timestamp) {
+    writeApiLog('request', requestData, timestamp, true);
+    writeApiLog('response', responseData, timestamp, true);
+    const errorType = responseData.status ? `HTTP ${responseData.status}` : 'Network Error';
+    const email = requestData.email || 'unknown';
+    error(`${errorType} on ${email} - See error_${timestamp}_request.json`);
+}
+export function getTimestamp() {
+    return new Date().toISOString().replace(/[:.]/g, '-');
+}

package/dist/plugin/server.d.ts

@@ -0,0 +1,7 @@
+import type { IFlowOAuthTokenResult } from '../iflow/oauth';
+export interface OAuthServerResult {
+    url: string;
+    redirectUri: string;
+    waitForAuth: () => Promise<IFlowOAuthTokenResult>;
+}
+export declare function startOAuthServer(authUrl: string, state: string, redirectUri: string, portStart: number, portRange: number): Promise<OAuthServerResult>;

package/dist/plugin/server.js

@@ -0,0 +1,98 @@
+import { createServer } from 'node:http';
+import { exchangeOAuthCode } from '../iflow/oauth';
+export async function startOAuthServer(authUrl, state, redirectUri, portStart, portRange) {
+    let resolveAuth;
+    let rejectAuth;
+    let timeoutHandle;
+    const authPromise = new Promise((resolve, reject) => {
+        resolveAuth = resolve;
+        rejectAuth = reject;
+    });
+    let server = null;
+    let actualPort = portStart;
+    const handler = async (req, res) => {
+        const url = new URL(req.url || '', `http://localhost:${actualPort}`);
+        if (url.pathname === '/oauth2callback') {
+            const code = url.searchParams.get('code');
+            const returnedState = url.searchParams.get('state');
+            const error = url.searchParams.get('error');
+            if (error) {
+                res.writeHead(400, { 'Content-Type': 'text/html; charset=utf-8' });
+                res.end(`<html><body><h1>Authorization failed: ${error}</h1></body></html>`);
+                clearTimeout(timeoutHandle);
+                rejectAuth(new Error(`Authorization failed: ${error}`));
+                setTimeout(() => server?.close(), 1000);
+                return;
+            }
+            if (!code || !returnedState) {
+                res.writeHead(400, { 'Content-Type': 'text/html; charset=utf-8' });
+                res.end('<html><body><h1>Error: Missing code or state</h1></body></html>');
+                clearTimeout(timeoutHandle);
+                rejectAuth(new Error('Missing code or state in callback'));
+                setTimeout(() => server?.close(), 1000);
+                return;
+            }
+            if (returnedState !== state) {
+                res.writeHead(400, { 'Content-Type': 'text/html; charset=utf-8' });
+                res.end('<html><body><h1>Error: State mismatch</h1></body></html>');
+                clearTimeout(timeoutHandle);
+                rejectAuth(new Error('State mismatch'));
+                setTimeout(() => server?.close(), 1000);
+                return;
+            }
+            try {
+                const result = await exchangeOAuthCode(code, redirectUri);
+                res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
+                res.end(`<html><body><h1>Authentication successful!</h1><p>Account: ${result.email}</p><p>You can close this window.</p></body></html>`);
+                clearTimeout(timeoutHandle);
+                setTimeout(() => {
+                    resolveAuth(result);
+                    setTimeout(() => server?.close(), 1000);
+                }, 100);
+            }
+            catch (error) {
+                res.writeHead(500, { 'Content-Type': 'text/html; charset=utf-8' });
+                res.end(`<html><body><h1>Error: ${error.message}</h1></body></html>`);
+                clearTimeout(timeoutHandle);
+                rejectAuth(error);
+                setTimeout(() => server?.close(), 1000);
+            }
+        }
+        else {
+            res.writeHead(204);
+            res.end();
+        }
+    };
+    for (let port = portStart; port < portStart + portRange; port++) {
+        try {
+            server = createServer(handler);
+            await new Promise((resolve, reject) => {
+                server.listen(port, '0.0.0.0', () => {
+                    actualPort = port;
+                    resolve();
+                });
+                server.on('error', reject);
+            });
+            break;
+        }
+        catch (error) {
+            if (error.code !== 'EADDRINUSE' || port === portStart + portRange - 1) {
+                throw error;
+            }
+        }
+    }
+    if (!server) {
+        throw new Error('Failed to start OAuth callback server');
+    }
+    timeoutHandle = setTimeout(() => {
+        if (server?.listening) {
+            rejectAuth(new Error('OAuth timeout: No response after 10 minutes'));
+            server.close();
+        }
+    }, 10 * 60 * 1000);
+    return {
+        url: authUrl,
+        redirectUri,
+        waitForAuth: () => authPromise
+    };
+}

package/dist/plugin/storage.d.ts

@@ -0,0 +1,4 @@
+import type { AccountStorage } from './types';
+export declare function getStoragePath(): string;
+export declare function loadAccounts(): Promise<AccountStorage>;
+export declare function saveAccounts(storage: AccountStorage): Promise<void>;

package/dist/plugin/storage.js

@@ -0,0 +1,91 @@
+import { promises as fs } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { randomBytes } from 'node:crypto';
+import { homedir } from 'node:os';
+import lockfile from 'proper-lockfile';
+import * as logger from './logger';
+const LOCK_OPTIONS = {
+    stale: 10000,
+    retries: { retries: 5, minTimeout: 100, maxTimeout: 1000, factor: 2 }
+};
+function getBaseDir() {
+    const platform = process.platform;
+    if (platform === 'win32') {
+        return join(process.env.APPDATA || join(homedir(), 'AppData', 'Roaming'), 'opencode');
+    }
+    const xdgConfig = process.env.XDG_CONFIG_HOME || join(homedir(), '.config');
+    return join(xdgConfig, 'opencode');
+}
+export function getStoragePath() {
+    return join(getBaseDir(), 'iflow-accounts.json');
+}
+async function withLock(path, fn) {
+    try {
+        await fs.mkdir(dirname(path), { recursive: true });
+    }
+    catch (error) {
+        logger.error(`Failed to create directory ${dirname(path)}`, error);
+        throw error;
+    }
+    try {
+        await fs.access(path);
+    }
+    catch {
+        try {
+            await fs.writeFile(path, '{}');
+        }
+        catch (error) {
+            logger.error(`Failed to initialize file ${path}`, error);
+            throw error;
+        }
+    }
+    let release = null;
+    try {
+        release = await lockfile.lock(path, LOCK_OPTIONS);
+        return await fn();
+    }
+    catch (error) {
+        logger.error(`File lock failed for ${path}`, error);
+        throw error;
+    }
+    finally {
+        if (release) {
+            try {
+                await release();
+            }
+            catch (error) {
+                logger.warn(`Failed to release lock for ${path}`, error);
+            }
+        }
+    }
+}
+export async function loadAccounts() {
+    const path = getStoragePath();
+    return withLock(path, async () => {
+        try {
+            const content = await fs.readFile(path, 'utf-8');
+            const parsed = JSON.parse(content);
+            if (!parsed || !Array.isArray(parsed.accounts)) {
+                return { version: 1, accounts: [], activeIndex: -1 };
+            }
+            return parsed;
+        }
+        catch {
+            return { version: 1, accounts: [], activeIndex: -1 };
+        }
+    });
+}
+export async function saveAccounts(storage) {
+    const path = getStoragePath();
+    try {
+        await withLock(path, async () => {
+            const tmp = `${path}.${randomBytes(6).toString('hex')}.tmp`;
+            await fs.writeFile(tmp, JSON.stringify(storage, null, 2));
+            await fs.rename(tmp, path);
+        });
+    }
+    catch (error) {
+        logger.error(`Failed to save accounts to ${path}`, error);
+        throw error;
+    }
+}

package/dist/plugin/token.d.ts

@@ -0,0 +1,3 @@
+import type { IFlowAuthDetails } from './types';
+export declare function accessTokenExpired(expiresAt: number): boolean;
+export declare function refreshAccessToken(auth: IFlowAuthDetails): Promise<IFlowAuthDetails>;

package/dist/plugin/token.js

@@ -0,0 +1,26 @@
+import { refreshOAuthToken } from '../iflow/oauth';
+import { decodeRefreshToken, encodeRefreshToken } from './accounts';
+export function accessTokenExpired(expiresAt) {
+    return Date.now() >= expiresAt - 60000;
+}
+export async function refreshAccessToken(auth) {
+    if (auth.authMethod === 'apikey') {
+        return auth;
+    }
+    if (auth.authMethod === 'oauth') {
+        const parts = decodeRefreshToken(auth.refresh);
+        if (!parts.refreshToken) {
+            throw new Error('No refresh token available');
+        }
+        const result = await refreshOAuthToken(parts.refreshToken);
+        return {
+            refresh: encodeRefreshToken({ refreshToken: result.refreshToken, authMethod: 'oauth' }),
+            access: result.accessToken,
+            expires: result.expiresAt,
+            authMethod: 'oauth',
+            apiKey: result.apiKey,
+            email: result.email
+        };
+    }
+    throw new Error(`Unknown auth method: ${auth.authMethod}`);
+}

package/dist/plugin/types.d.ts

@@ -0,0 +1,55 @@
+export type IFlowAuthMethod = 'oauth' | 'apikey';
+export interface IFlowAuthDetails {
+    refresh: string;
+    access: string;
+    expires: number;
+    authMethod: IFlowAuthMethod;
+    apiKey: string;
+    email?: string;
+}
+export interface RefreshParts {
+    refreshToken?: string;
+    authMethod: IFlowAuthMethod;
+}
+export interface ManagedAccount {
+    id: string;
+    email: string;
+    authMethod: IFlowAuthMethod;
+    refreshToken?: string;
+    accessToken?: string;
+    expiresAt?: number;
+    apiKey: string;
+    rateLimitResetTime: number;
+    isHealthy: boolean;
+    unhealthyReason?: string;
+    recoveryTime?: number;
+    lastUsed?: number;
+}
+export interface AccountMetadata {
+    id: string;
+    email: string;
+    authMethod: IFlowAuthMethod;
+    refreshToken?: string;
+    accessToken?: string;
+    expiresAt?: number;
+    apiKey: string;
+    rateLimitResetTime: number;
+    isHealthy: boolean;
+    unhealthyReason?: string;
+    recoveryTime?: number;
+}
+export interface AccountStorage {
+    version: 1;
+    accounts: AccountMetadata[];
+    activeIndex: number;
+}
+export type AccountSelectionStrategy = 'sticky' | 'round-robin';
+export interface IFlowPluginConfig {
+    default_auth_method: IFlowAuthMethod;
+    account_selection_strategy: AccountSelectionStrategy;
+    auth_server_port_start: number;
+    auth_server_port_range: number;
+    max_request_iterations: number;
+    request_timeout_ms: number;
+    enable_log_api_request: boolean;
+}

package/dist/plugin.d.ts

@@ -0,0 +1,32 @@
+export declare const createIFlowPlugin: (id: string) => ({ client, directory }: any) => Promise<{
+    auth: {
+        provider: string;
+        loader: (getAuth: any) => Promise<{
+            apiKey: string;
+            baseURL: string;
+            fetch(input: any, init?: any): Promise<Response>;
+        }>;
+        methods: {
+            id: string;
+            label: string;
+            type: string;
+            authorize: (inputs?: any) => Promise<unknown>;
+        }[];
+    };
+}>;
+export declare const IFlowOAuthPlugin: ({ client, directory }: any) => Promise<{
+    auth: {
+        provider: string;
+        loader: (getAuth: any) => Promise<{
+            apiKey: string;
+            baseURL: string;
+            fetch(input: any, init?: any): Promise<Response>;
+        }>;
+        methods: {
+            id: string;
+            label: string;
+            type: string;
+            authorize: (inputs?: any) => Promise<unknown>;
+        }[];
+    };
+}>;