hedgequantx 2.6.68 → 2.6.69

package/src/services/ai/oauth-qwen.js

@@ -0,0 +1,279 @@
+/**
+ * Qwen OAuth Authentication (Device Flow)
+ * 
+ * Implements OAuth 2.0 Device Authorization Grant for Qwen Chat subscription.
+ * Based on the public OAuth flow used by Qwen Code CLI.
+ * 
+ * Data source: Qwen OAuth API (https://chat.qwen.ai/api/v1/oauth2)
+ */
+
+const crypto = require('crypto');
+const https = require('https');
+
+// Public OAuth Client ID (from Qwen CLI)
+const CLIENT_ID = 'f0304373b74a44d2b584a3fb70ca9e56';
+const DEVICE_CODE_URL = 'https://chat.qwen.ai/api/v1/oauth2/device/code';
+const TOKEN_URL = 'https://chat.qwen.ai/api/v1/oauth2/token';
+const SCOPES = 'openid profile email model.completion';
+const GRANT_TYPE = 'urn:ietf:params:oauth:grant-type:device_code';
+
+/**
+ * Generate PKCE code verifier and challenge
+ * @returns {Object} { verifier: string, challenge: string }
+ */
+const generatePKCE = () => {
+  const verifier = crypto.randomBytes(32)
+    .toString('base64')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=/g, '');
+  
+  const challenge = crypto.createHash('sha256')
+    .update(verifier)
+    .digest('base64')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=/g, '');
+  
+  return { verifier, challenge };
+};
+
+/**
+ * Make HTTPS request
+ */
+const makeRequest = (urlStr, options) => {
+  return new Promise((resolve, reject) => {
+    const url = new URL(urlStr);
+    const req = https.request({
+      hostname: url.hostname,
+      port: url.port || 443,
+      path: url.pathname + url.search,
+      method: options.method || 'POST',
+      headers: options.headers || {}
+    }, (res) => {
+      let data = '';
+      res.on('data', chunk => data += chunk);
+      res.on('end', () => {
+        try {
+          const json = JSON.parse(data);
+          if (res.statusCode >= 200 && res.statusCode < 300) {
+            resolve(json);
+          } else {
+            resolve({ ...json, statusCode: res.statusCode }); // Return error response for polling
+          }
+        } catch (e) {
+          reject(new Error(`Invalid JSON response: ${data.substring(0, 200)}`));
+        }
+      });
+    });
+    
+    req.on('error', reject);
+    
+    if (options.body) {
+      req.write(options.body);
+    }
+    req.end();
+  });
+};
+
+/**
+ * Initiate device authorization flow
+ * @returns {Promise<Object>} { deviceCode, userCode, verificationUri, verificationUriComplete, expiresIn, interval, verifier }
+ */
+const initiateDeviceFlow = async () => {
+  try {
+    const pkce = generatePKCE();
+    
+    const body = new URLSearchParams({
+      client_id: CLIENT_ID,
+      scope: SCOPES,
+      code_challenge: pkce.challenge,
+      code_challenge_method: 'S256'
+    }).toString();
+    
+    const response = await makeRequest(DEVICE_CODE_URL, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded',
+        'Accept': 'application/json'
+      },
+      body
+    });
+    
+    if (!response.device_code) {
+      return {
+        type: 'failed',
+        error: 'Device code not found in response'
+      };
+    }
+    
+    return {
+      type: 'success',
+      deviceCode: response.device_code,
+      userCode: response.user_code,
+      verificationUri: response.verification_uri,
+      verificationUriComplete: response.verification_uri_complete,
+      expiresIn: response.expires_in,
+      interval: response.interval || 5,
+      verifier: pkce.verifier
+    };
+  } catch (error) {
+    return {
+      type: 'failed',
+      error: error.message
+    };
+  }
+};
+
+/**
+ * Poll for token (single attempt)
+ * @param {string} deviceCode - Device code from initiateDeviceFlow
+ * @param {string} verifier - PKCE code verifier
+ * @returns {Promise<Object>}
+ */
+const pollForToken = async (deviceCode, verifier) => {
+  try {
+    const body = new URLSearchParams({
+      grant_type: GRANT_TYPE,
+      client_id: CLIENT_ID,
+      device_code: deviceCode,
+      code_verifier: verifier
+    }).toString();
+    
+    const response = await makeRequest(TOKEN_URL, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded',
+        'Accept': 'application/json'
+      },
+      body
+    });
+    
+    // Check for polling errors (RFC 8628)
+    if (response.error) {
+      switch (response.error) {
+        case 'authorization_pending':
+          return { type: 'pending' };
+        case 'slow_down':
+          return { type: 'slow_down' };
+        case 'expired_token':
+          return { type: 'failed', error: 'Device code expired. Please restart authentication.' };
+        case 'access_denied':
+          return { type: 'failed', error: 'Authorization denied by user.' };
+        default:
+          return { type: 'failed', error: response.error_description || response.error };
+      }
+    }
+    
+    // Success
+    if (response.access_token) {
+      return {
+        type: 'success',
+        access: response.access_token,
+        refresh: response.refresh_token,
+        resourceUrl: response.resource_url,
+        expires: Date.now() + (response.expires_in * 1000)
+      };
+    }
+    
+    return { type: 'pending' };
+  } catch (error) {
+    return {
+      type: 'failed',
+      error: error.message
+    };
+  }
+};
+
+/**
+ * Refresh access token using refresh token
+ * @param {string} refreshTokenValue - The refresh token
+ * @returns {Promise<Object>}
+ */
+const refreshToken = async (refreshTokenValue) => {
+  try {
+    const body = new URLSearchParams({
+      grant_type: 'refresh_token',
+      refresh_token: refreshTokenValue,
+      client_id: CLIENT_ID
+    }).toString();
+    
+    const response = await makeRequest(TOKEN_URL, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded',
+        'Accept': 'application/json'
+      },
+      body
+    });
+    
+    if (response.error) {
+      return {
+        type: 'failed',
+        error: response.error_description || response.error
+      };
+    }
+    
+    return {
+      type: 'success',
+      access: response.access_token,
+      refresh: response.refresh_token,
+      resourceUrl: response.resource_url,
+      expires: Date.now() + (response.expires_in * 1000)
+    };
+  } catch (error) {
+    return {
+      type: 'failed',
+      error: error.message
+    };
+  }
+};
+
+/**
+ * Get valid access token (refresh if expired)
+ * @param {Object} oauthData - OAuth data { access, refresh, expires }
+ * @returns {Promise<Object>}
+ */
+const getValidToken = async (oauthData) => {
+  if (!oauthData || !oauthData.refresh) {
+    return null;
+  }
+  
+  const expirationBuffer = 5 * 60 * 1000; // 5 minutes
+  if (oauthData.expires && oauthData.expires > Date.now() + expirationBuffer) {
+    return {
+      ...oauthData,
+      refreshed: false
+    };
+  }
+  
+  const result = await refreshToken(oauthData.refresh);
+  if (result.type === 'success') {
+    return {
+      access: result.access,
+      refresh: result.refresh,
+      expires: result.expires,
+      refreshed: true
+    };
+  }
+  
+  return null;
+};
+
+/**
+ * Check if credentials are OAuth tokens
+ */
+const isOAuthCredentials = (credentials) => {
+  return credentials && credentials.oauth && credentials.oauth.refresh;
+};
+
+module.exports = {
+  CLIENT_ID,
+  SCOPES,
+  generatePKCE,
+  initiateDeviceFlow,
+  pollForToken,
+  refreshToken,
+  getValidToken,
+  isOAuthCredentials
+};

package/src/services/ai/providers/index.js

@@ -66,12 +66,22 @@ const PROVIDERS = {
   
   openai: {
     id: 'openai',
-    name: 'OPENAI (GPT-4)',
-    description: 'Direct connection to GPT-4',
+    name: 'OPENAI (GPT-4/5)',
+    description: 'Plus/Pro or API Key',
     category: 'direct',
     models: [], // Fetched from API at runtime
     defaultModel: null, // Will use first model from API
     options: [
+      {
+        id: 'oauth_plus',
+        label: 'PLUS/PRO SUBSCRIPTION (OAUTH)',
+        description: [
+          'Login with your ChatGPT account',
+          'Unlimited with your plan'
+        ],
+        fields: ['oauth'],
+        authType: 'oauth'
+      },
       {
         id: 'api_key',
         label: 'API KEY (PAY-PER-USE)',
@@ -89,11 +99,21 @@ const PROVIDERS = {
   gemini: {
     id: 'gemini',
     name: 'GEMINI (GOOGLE)',
-    description: 'Direct connection to Gemini',
+    description: 'Advanced or API Key',
     category: 'direct',
     models: [], // Fetched from API at runtime
     defaultModel: null, // Will use first model from API
     options: [
+      {
+        id: 'oauth_advanced',
+        label: 'ADVANCED SUBSCRIPTION (OAUTH)',
+        description: [
+          'Login with your Google account',
+          'Unlimited with your plan'
+        ],
+        fields: ['oauth'],
+        authType: 'oauth'
+      },
       {
         id: 'api_key',
         label: 'API KEY (FREE TIER)',
@@ -243,15 +263,47 @@ const PROVIDERS = {
     endpoint: 'https://api.together.xyz/v1'
   },
 
+  iflow: {
+    id: 'iflow',
+    name: 'IFLOW',
+    description: 'Subscription (OAuth)',
+    category: 'direct',
+    models: [], // Fetched from API at runtime
+    defaultModel: null, // Will use first model from API
+    options: [
+      {
+        id: 'oauth_sub',
+        label: 'SUBSCRIPTION (OAUTH)',
+        description: [
+          'Login with your iFlow account',
+          'Access to DeepSeek, Kimi, GLM & more'
+        ],
+        fields: ['oauth'],
+        authType: 'oauth'
+      }
+    ],
+    endpoint: 'https://api.iflow.com/v1'
+  },
+
 
   qwen: {
     id: 'qwen',
     name: 'QWEN (ALIBABA)',
-    description: 'Alibaba\'s top AI model',
+    description: 'Chat subscription or API Key',
     category: 'direct',
     models: [], // Fetched from API at runtime
     defaultModel: null, // Will use first model from API
     options: [
+      {
+        id: 'oauth_chat',
+        label: 'CHAT SUBSCRIPTION (OAUTH)',
+        description: [
+          'Login with your Qwen account',
+          'Unlimited with your plan'
+        ],
+        fields: ['oauth'],
+        authType: 'oauth'
+      },
       {
         id: 'api_key',
         label: 'API KEY (DASHSCOPE)',