ai-zero-token 2.0.9 → 2.0.10

package/dist/server/app.js

@@ -19,6 +19,9 @@ import { createGatewayContext } from "../core/context.js";
 import { isTransientHttpError, requestText } from "../core/providers/http-client.js";
 import { streamOpenAICodex } from "../core/providers/openai-codex/chat.js";
 import { generateChatGPTWebImage } from "../core/providers/openai-codex/chatgpt-web-image.js";
+import {
+  startOpenAICodexLogin
+} from "../core/providers/openai-codex/oauth.js";
 const packageRoot = path.dirname(fileURLToPath(new URL("../../package.json", import.meta.url)));
 const adminUiDistDir = path.join(packageRoot, "admin-ui", "dist");
 const adminUiIndexPath = path.join(adminUiDistDir, "index.html");
@@ -187,6 +190,13 @@ const profileImportSchema = z.object({
 const runtimeRefreshSchema = z.object({
   staleOnly: z.boolean().optional()
 });
+const oauthManualSchema = z.object({
+  loginId: z.string().min(1),
+  input: z.string().min(1)
+});
+const oauthCancelSchema = z.object({
+  loginId: z.string().min(1)
+});
 const profileExportSchema = z.object({
   profileId: z.string().min(1).optional(),
   profileIds: z.array(z.string().min(1)).optional(),
@@ -1397,6 +1407,20 @@ function createApp(params) {
   const ctx = createGatewayContext();
   const gatewayRequestLogs = [];
   const codexResponseProfileBindings = /* @__PURE__ */ new Map();
+  let pendingOAuthLogin = null;
+  function clearPendingOAuthLogin(loginId) {
+    if (!pendingOAuthLogin || loginId && pendingOAuthLogin.id !== loginId) {
+      return;
+    }
+    pendingOAuthLogin.session.close();
+    pendingOAuthLogin = null;
+  }
+  async function saveCompletedOAuthLogin(profile) {
+    await ctx.authService.saveLoggedInProfile(profile);
+    await ctx.authService.syncActiveProfileQuota("openai-codex", {
+      suppressErrors: true
+    });
+  }
   function rememberCodexResponseProfile(responseId, profile) {
     codexResponseProfileBindings.set(responseId, {
       profileId: profile.profileId,
@@ -1645,10 +1669,66 @@ function createApp(params) {
     };
   });
   app.post("/_gateway/admin/login", async (request) => {
-    await ctx.authService.login("openai-codex");
-    await ctx.authService.syncActiveProfileQuota("openai-codex", {
-      suppressErrors: true
-    });
+    clearPendingOAuthLogin();
+    const session = await startOpenAICodexLogin();
+    const loginId = randomUUID();
+    pendingOAuthLogin = {
+      id: loginId,
+      session,
+      createdAt: Date.now()
+    };
+    const code = await session.waitForCode(6e4);
+    if (!code) {
+      return {
+        login: {
+          status: "manual_required",
+          loginId,
+          message: "60 \u79D2\u5185\u6CA1\u6709\u6536\u5230 OAuth \u81EA\u52A8\u56DE\u8C03\u3002\u53EF\u4EE5\u7C98\u8D34\u6D4F\u89C8\u5668\u5730\u5740\u680F\u91CC\u7684\u5B8C\u6574\u56DE\u8C03 URL \u6216 authorization code \u7EE7\u7EED\u767B\u5F55\u3002"
+        },
+        config: await buildAdminConfig(request)
+      };
+    }
+    try {
+      const profile = await session.completeWithCode(code);
+      await saveCompletedOAuthLogin(profile);
+      return buildAdminConfig(request);
+    } finally {
+      clearPendingOAuthLogin(loginId);
+    }
+  });
+  app.post("/_gateway/admin/login/manual", async (request, reply) => {
+    const parsed = oauthManualSchema.safeParse(request.body);
+    if (!parsed.success) {
+      reply.code(400);
+      return {
+        error: {
+          type: "validation_error",
+          message: parsed.error.issues[0]?.message ?? "\u8BF7\u6C42\u4F53\u683C\u5F0F\u9519\u8BEF"
+        }
+      };
+    }
+    if (!pendingOAuthLogin || pendingOAuthLogin.id !== parsed.data.loginId) {
+      reply.code(404);
+      return {
+        error: {
+          type: "oauth_login_not_found",
+          message: "\u6CA1\u6709\u627E\u5230\u7B49\u5F85\u4E2D\u7684 OAuth \u767B\u5F55\uFF0C\u8BF7\u91CD\u65B0\u70B9\u51FB\u767B\u5F55\u3002"
+        }
+      };
+    }
+    try {
+      const profile = await pendingOAuthLogin.session.completeWithInput(parsed.data.input);
+      await saveCompletedOAuthLogin(profile);
+      return buildAdminConfig(request);
+    } finally {
+      clearPendingOAuthLogin(parsed.data.loginId);
+    }
+  });
+  app.post("/_gateway/admin/login/cancel", async (request) => {
+    const parsed = oauthCancelSchema.safeParse(request.body);
+    if (parsed.success) {
+      clearPendingOAuthLogin(parsed.data.loginId);
+    }
     return buildAdminConfig(request);
   });
   app.post("/_gateway/admin/logout", async (request) => {

package/docs/DESKTOP_RELEASE.md

@@ -2,6 +2,15 @@
 
 This project ships the desktop app with Electron. The desktop main process starts the existing local Fastify gateway and loads the React management UI served by that gateway.
 
+## 2.0.10 Release Notes
+
+Version `2.0.10` improves OAuth login recovery and Codex auth freshness:
+
+- Desktop OAuth login can continue with a pasted callback URL or authorization code when automatic callback capture times out.
+- The local OAuth callback listener binds both IPv4 and IPv6 loopback addresses for browser redirect compatibility.
+- Applying an account to local Codex refreshes the profile first so the written `auth.json` includes a current `id_token`.
+- Saved `id_token` values are checked for expiry and account identity before use.
+
 ## 2.0.9 Release Notes
 
 Version `2.0.9` clarifies automatic account rotation eligibility and tightens Codex auth refresh handling:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ai-zero-token",
-  "version": "2.0.9",
+  "version": "2.0.10",
   "description": "Local-first OpenAI-compatible AI CLI and gateway with Codex OAuth, multi-account management, and gpt-image-2 image generation/editing.",
   "license": "MIT",
   "author": "AI Zero Token Contributors",