oh-my-claude-sisyphus 1.10.0 → 1.10.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agents/definitions.js +1 -1
- package/dist/agents/model-lists.d.ts +26 -0
- package/dist/agents/model-lists.d.ts.map +1 -0
- package/dist/agents/model-lists.js +62 -0
- package/dist/agents/model-lists.js.map +1 -0
- package/dist/agents/orchestrator-sisyphus.js +1 -1
- package/dist/auth/index.d.ts +10 -0
- package/dist/auth/index.d.ts.map +1 -0
- package/dist/auth/index.js +13 -0
- package/dist/auth/index.js.map +1 -0
- package/dist/auth/manager.d.ts +54 -0
- package/dist/auth/manager.d.ts.map +1 -0
- package/dist/auth/manager.js +248 -0
- package/dist/auth/manager.js.map +1 -0
- package/dist/auth/oauth-google.d.ts +47 -0
- package/dist/auth/oauth-google.d.ts.map +1 -0
- package/dist/auth/oauth-google.js +280 -0
- package/dist/auth/oauth-google.js.map +1 -0
- package/dist/auth/oauth-openai.d.ts +46 -0
- package/dist/auth/oauth-openai.d.ts.map +1 -0
- package/dist/auth/oauth-openai.js +264 -0
- package/dist/auth/oauth-openai.js.map +1 -0
- package/dist/auth/pkce.d.ts +14 -0
- package/dist/auth/pkce.d.ts.map +1 -0
- package/dist/auth/pkce.js +35 -0
- package/dist/auth/pkce.js.map +1 -0
- package/dist/auth/storage.d.ts +52 -0
- package/dist/auth/storage.d.ts.map +1 -0
- package/dist/auth/storage.js +230 -0
- package/dist/auth/storage.js.map +1 -0
- package/dist/auth/types.d.ts +76 -0
- package/dist/auth/types.d.ts.map +1 -0
- package/dist/auth/types.js +5 -0
- package/dist/auth/types.js.map +1 -0
- package/dist/cli/index.js +0 -0
- package/dist/features/auto-update.d.ts +20 -0
- package/dist/features/auto-update.d.ts.map +1 -1
- package/dist/features/auto-update.js +35 -0
- package/dist/features/auto-update.js.map +1 -1
- package/dist/features/builtin-skills/skills.js +2 -2
- package/dist/hooks/bridge.d.ts.map +1 -1
- package/dist/hooks/bridge.js +26 -1
- package/dist/hooks/bridge.js.map +1 -1
- package/dist/hooks/persistent-mode/index.d.ts.map +1 -1
- package/dist/hooks/persistent-mode/index.js +126 -4
- package/dist/hooks/persistent-mode/index.js.map +1 -1
- package/dist/hooks/preemptive-compaction/index.js +2 -2
- package/dist/hooks/preemptive-compaction/index.js.map +1 -1
- package/dist/hooks/thinking-block-validator/index.d.ts +3 -34
- package/dist/hooks/thinking-block-validator/index.d.ts.map +1 -1
- package/dist/hooks/thinking-block-validator/index.js +21 -70
- package/dist/hooks/thinking-block-validator/index.js.map +1 -1
- package/dist/installer/hooks.d.ts +2 -2
- package/dist/installer/hooks.d.ts.map +1 -1
- package/dist/installer/hooks.js +85 -2
- package/dist/installer/hooks.js.map +1 -1
- package/dist/installer/index.js +3 -3
- package/dist/providers/index.d.ts +8 -0
- package/dist/providers/index.d.ts.map +1 -0
- package/dist/providers/index.js +10 -0
- package/dist/providers/index.js.map +1 -0
- package/dist/providers/registry.d.ts +29 -0
- package/dist/providers/registry.d.ts.map +1 -0
- package/dist/providers/registry.js +162 -0
- package/dist/providers/registry.js.map +1 -0
- package/dist/providers/router.d.ts +40 -0
- package/dist/providers/router.d.ts.map +1 -0
- package/dist/providers/router.js +88 -0
- package/dist/providers/router.js.map +1 -0
- package/dist/providers/types.d.ts +92 -0
- package/dist/providers/types.d.ts.map +1 -0
- package/dist/providers/types.js +27 -0
- package/dist/providers/types.js.map +1 -0
- package/dist/tools/ast-tools.d.ts +3 -3
- package/dist/tools/ast-tools.d.ts.map +1 -1
- package/dist/tools/ast-tools.js +205 -104
- package/dist/tools/ast-tools.js.map +1 -1
- package/package.json +1 -1
- package/scripts/install.sh +70 -3
- package/scripts/uninstall.sh +116 -3
|
@@ -0,0 +1,280 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Google OAuth 2.0 implementation for consumer Google accounts
|
|
3
|
+
*
|
|
4
|
+
* Uses the same OAuth flow as Gemini CLI
|
|
5
|
+
*/
|
|
6
|
+
import * as http from 'http';
|
|
7
|
+
import * as net from 'net';
|
|
8
|
+
import { exec } from 'child_process';
|
|
9
|
+
import { URL, URLSearchParams } from 'url';
|
|
10
|
+
import { generatePKCE, verifyState } from './pkce.js';
|
|
11
|
+
/**
|
|
12
|
+
* Open URL in default browser (cross-platform)
|
|
13
|
+
*/
|
|
14
|
+
function openBrowser(url) {
|
|
15
|
+
const platform = process.platform;
|
|
16
|
+
let command;
|
|
17
|
+
if (platform === 'darwin') {
|
|
18
|
+
command = `open "${url}"`;
|
|
19
|
+
}
|
|
20
|
+
else if (platform === 'win32') {
|
|
21
|
+
command = `start "" "${url}"`;
|
|
22
|
+
}
|
|
23
|
+
else {
|
|
24
|
+
// Linux and others
|
|
25
|
+
command = `xdg-open "${url}"`;
|
|
26
|
+
}
|
|
27
|
+
exec(command, (error) => {
|
|
28
|
+
if (error) {
|
|
29
|
+
console.log('Could not open browser automatically.');
|
|
30
|
+
console.log(`Please visit: ${url}`);
|
|
31
|
+
}
|
|
32
|
+
});
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* Google OAuth configuration
|
|
36
|
+
* These are the same credentials used by Gemini CLI
|
|
37
|
+
*/
|
|
38
|
+
export const GOOGLE_OAUTH_CONFIG = {
|
|
39
|
+
clientId: '681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com',
|
|
40
|
+
clientSecret: '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',
|
|
41
|
+
authUrl: 'https://accounts.google.com/o/oauth2/auth',
|
|
42
|
+
tokenUrl: 'https://oauth2.googleapis.com/token',
|
|
43
|
+
redirectUri: 'http://localhost:45289', // Will be updated with dynamic port
|
|
44
|
+
scopes: ['https://www.googleapis.com/auth/cloud-platform'],
|
|
45
|
+
};
|
|
46
|
+
/**
|
|
47
|
+
* Find an available port for the OAuth callback
|
|
48
|
+
*/
|
|
49
|
+
async function findAvailablePort(startPort = 45289) {
|
|
50
|
+
return new Promise((resolve, reject) => {
|
|
51
|
+
const server = net.createServer();
|
|
52
|
+
server.unref();
|
|
53
|
+
server.on('error', (err) => {
|
|
54
|
+
if (err.code === 'EADDRINUSE') {
|
|
55
|
+
// Try next port
|
|
56
|
+
findAvailablePort(startPort + 1).then(resolve).catch(reject);
|
|
57
|
+
}
|
|
58
|
+
else {
|
|
59
|
+
reject(err);
|
|
60
|
+
}
|
|
61
|
+
});
|
|
62
|
+
server.listen(startPort, '127.0.0.1', () => {
|
|
63
|
+
const address = server.address();
|
|
64
|
+
server.close(() => resolve(address.port));
|
|
65
|
+
});
|
|
66
|
+
});
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* Google OAuth handler
|
|
70
|
+
*/
|
|
71
|
+
export class GoogleOAuth {
|
|
72
|
+
config;
|
|
73
|
+
constructor(config = GOOGLE_OAUTH_CONFIG) {
|
|
74
|
+
this.config = config;
|
|
75
|
+
}
|
|
76
|
+
/**
|
|
77
|
+
* Generate the authorization URL for the OAuth flow
|
|
78
|
+
*/
|
|
79
|
+
getAuthorizationUrl(pkce, redirectUri) {
|
|
80
|
+
const params = new URLSearchParams({
|
|
81
|
+
response_type: 'code',
|
|
82
|
+
client_id: this.config.clientId,
|
|
83
|
+
redirect_uri: redirectUri,
|
|
84
|
+
scope: this.config.scopes.join(' '),
|
|
85
|
+
code_challenge: pkce.codeChallenge,
|
|
86
|
+
code_challenge_method: 'S256',
|
|
87
|
+
access_type: 'offline',
|
|
88
|
+
prompt: 'consent',
|
|
89
|
+
state: pkce.state,
|
|
90
|
+
});
|
|
91
|
+
return `${this.config.authUrl}?${params.toString()}`;
|
|
92
|
+
}
|
|
93
|
+
/**
|
|
94
|
+
* Exchange authorization code for tokens
|
|
95
|
+
*/
|
|
96
|
+
async exchangeCodeForTokens(code, codeVerifier, redirectUri) {
|
|
97
|
+
const response = await fetch(this.config.tokenUrl, {
|
|
98
|
+
method: 'POST',
|
|
99
|
+
headers: {
|
|
100
|
+
'Content-Type': 'application/x-www-form-urlencoded',
|
|
101
|
+
},
|
|
102
|
+
body: new URLSearchParams({
|
|
103
|
+
grant_type: 'authorization_code',
|
|
104
|
+
code,
|
|
105
|
+
redirect_uri: redirectUri,
|
|
106
|
+
client_id: this.config.clientId,
|
|
107
|
+
client_secret: this.config.clientSecret || '',
|
|
108
|
+
code_verifier: codeVerifier,
|
|
109
|
+
}),
|
|
110
|
+
});
|
|
111
|
+
if (!response.ok) {
|
|
112
|
+
const error = await response.text();
|
|
113
|
+
throw new Error(`Token exchange failed: ${error}`);
|
|
114
|
+
}
|
|
115
|
+
const data = await response.json();
|
|
116
|
+
return {
|
|
117
|
+
accessToken: data.access_token,
|
|
118
|
+
refreshToken: data.refresh_token,
|
|
119
|
+
idToken: data.id_token,
|
|
120
|
+
expiresAt: Date.now() + (data.expires_in * 1000),
|
|
121
|
+
tokenType: data.token_type,
|
|
122
|
+
};
|
|
123
|
+
}
|
|
124
|
+
/**
|
|
125
|
+
* Refresh tokens using refresh token
|
|
126
|
+
*/
|
|
127
|
+
async refreshTokens(refreshToken) {
|
|
128
|
+
const response = await fetch(this.config.tokenUrl, {
|
|
129
|
+
method: 'POST',
|
|
130
|
+
headers: {
|
|
131
|
+
'Content-Type': 'application/x-www-form-urlencoded',
|
|
132
|
+
},
|
|
133
|
+
body: new URLSearchParams({
|
|
134
|
+
grant_type: 'refresh_token',
|
|
135
|
+
refresh_token: refreshToken,
|
|
136
|
+
client_id: this.config.clientId,
|
|
137
|
+
client_secret: this.config.clientSecret || '',
|
|
138
|
+
}),
|
|
139
|
+
});
|
|
140
|
+
if (!response.ok) {
|
|
141
|
+
const error = await response.text();
|
|
142
|
+
throw new Error(`Token refresh failed: ${error}`);
|
|
143
|
+
}
|
|
144
|
+
const data = await response.json();
|
|
145
|
+
return {
|
|
146
|
+
accessToken: data.access_token,
|
|
147
|
+
refreshToken: data.refresh_token || refreshToken,
|
|
148
|
+
idToken: data.id_token,
|
|
149
|
+
expiresAt: Date.now() + (data.expires_in * 1000),
|
|
150
|
+
tokenType: data.token_type,
|
|
151
|
+
};
|
|
152
|
+
}
|
|
153
|
+
/**
|
|
154
|
+
* Get user info from Google
|
|
155
|
+
*/
|
|
156
|
+
async getUserInfo(accessToken) {
|
|
157
|
+
try {
|
|
158
|
+
const response = await fetch('https://www.googleapis.com/oauth2/v2/userinfo', {
|
|
159
|
+
headers: {
|
|
160
|
+
Authorization: `Bearer ${accessToken}`,
|
|
161
|
+
},
|
|
162
|
+
});
|
|
163
|
+
if (response.ok) {
|
|
164
|
+
const data = await response.json();
|
|
165
|
+
return { email: data.email };
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
catch {
|
|
169
|
+
// Ignore errors
|
|
170
|
+
}
|
|
171
|
+
return {};
|
|
172
|
+
}
|
|
173
|
+
/**
|
|
174
|
+
* Run the full OAuth authentication flow
|
|
175
|
+
* Opens a browser and waits for callback
|
|
176
|
+
*/
|
|
177
|
+
async authenticate() {
|
|
178
|
+
// Find available port
|
|
179
|
+
const port = await findAvailablePort();
|
|
180
|
+
const redirectUri = `http://localhost:${port}`;
|
|
181
|
+
const pkce = generatePKCE();
|
|
182
|
+
const authUrl = this.getAuthorizationUrl(pkce, redirectUri);
|
|
183
|
+
return new Promise((resolve) => {
|
|
184
|
+
const server = http.createServer(async (req, res) => {
|
|
185
|
+
const url = new URL(req.url, `http://localhost:${port}`);
|
|
186
|
+
// Handle the root callback (Google redirects to root)
|
|
187
|
+
if (url.pathname === '/' || url.pathname === '/callback') {
|
|
188
|
+
const code = url.searchParams.get('code');
|
|
189
|
+
const returnedState = url.searchParams.get('state');
|
|
190
|
+
const error = url.searchParams.get('error');
|
|
191
|
+
// Handle errors
|
|
192
|
+
if (error) {
|
|
193
|
+
res.writeHead(400, { 'Content-Type': 'text/html' });
|
|
194
|
+
res.end(`
|
|
195
|
+
<html>
|
|
196
|
+
<body style="font-family: system-ui; padding: 40px; text-align: center;">
|
|
197
|
+
<h1>Authentication Failed</h1>
|
|
198
|
+
<p>Error: ${error}</p>
|
|
199
|
+
<p>You can close this window.</p>
|
|
200
|
+
</body>
|
|
201
|
+
</html>
|
|
202
|
+
`);
|
|
203
|
+
server.close();
|
|
204
|
+
resolve({ success: false, error });
|
|
205
|
+
return;
|
|
206
|
+
}
|
|
207
|
+
// Verify state
|
|
208
|
+
if (!returnedState || !verifyState(pkce.state, returnedState)) {
|
|
209
|
+
res.writeHead(400, { 'Content-Type': 'text/html' });
|
|
210
|
+
res.end(`
|
|
211
|
+
<html>
|
|
212
|
+
<body style="font-family: system-ui; padding: 40px; text-align: center;">
|
|
213
|
+
<h1>Authentication Failed</h1>
|
|
214
|
+
<p>State mismatch - possible CSRF attack.</p>
|
|
215
|
+
<p>You can close this window.</p>
|
|
216
|
+
</body>
|
|
217
|
+
</html>
|
|
218
|
+
`);
|
|
219
|
+
server.close();
|
|
220
|
+
resolve({ success: false, error: 'State mismatch' });
|
|
221
|
+
return;
|
|
222
|
+
}
|
|
223
|
+
// Exchange code for tokens
|
|
224
|
+
if (code) {
|
|
225
|
+
try {
|
|
226
|
+
const tokens = await this.exchangeCodeForTokens(code, pkce.codeVerifier, redirectUri);
|
|
227
|
+
// Get user email
|
|
228
|
+
const { email } = await this.getUserInfo(tokens.accessToken);
|
|
229
|
+
res.writeHead(200, { 'Content-Type': 'text/html' });
|
|
230
|
+
res.end(`
|
|
231
|
+
<html>
|
|
232
|
+
<body style="font-family: system-ui; padding: 40px; text-align: center;">
|
|
233
|
+
<h1>Authentication Successful!</h1>
|
|
234
|
+
<p>You are now connected to Google${email ? ` as ${email}` : ''}.</p>
|
|
235
|
+
<p>You can close this window and return to the terminal.</p>
|
|
236
|
+
</body>
|
|
237
|
+
</html>
|
|
238
|
+
`);
|
|
239
|
+
server.close();
|
|
240
|
+
resolve({ success: true, tokens, email });
|
|
241
|
+
}
|
|
242
|
+
catch (err) {
|
|
243
|
+
res.writeHead(500, { 'Content-Type': 'text/html' });
|
|
244
|
+
res.end(`
|
|
245
|
+
<html>
|
|
246
|
+
<body style="font-family: system-ui; padding: 40px; text-align: center;">
|
|
247
|
+
<h1>Authentication Failed</h1>
|
|
248
|
+
<p>Error: ${err instanceof Error ? err.message : 'Unknown error'}</p>
|
|
249
|
+
<p>You can close this window.</p>
|
|
250
|
+
</body>
|
|
251
|
+
</html>
|
|
252
|
+
`);
|
|
253
|
+
server.close();
|
|
254
|
+
resolve({ success: false, error: err instanceof Error ? err.message : 'Unknown error' });
|
|
255
|
+
}
|
|
256
|
+
}
|
|
257
|
+
}
|
|
258
|
+
});
|
|
259
|
+
// Start server
|
|
260
|
+
server.listen(port, '127.0.0.1', () => {
|
|
261
|
+
console.log('\nOpening browser for Google authentication...');
|
|
262
|
+
console.log(`If the browser doesn't open, visit: ${authUrl}\n`);
|
|
263
|
+
// Try to open browser
|
|
264
|
+
openBrowser(authUrl);
|
|
265
|
+
});
|
|
266
|
+
// Timeout after 5 minutes
|
|
267
|
+
setTimeout(() => {
|
|
268
|
+
server.close();
|
|
269
|
+
resolve({ success: false, error: 'Authentication timeout (5 minutes)' });
|
|
270
|
+
}, 5 * 60 * 1000);
|
|
271
|
+
});
|
|
272
|
+
}
|
|
273
|
+
}
|
|
274
|
+
/**
|
|
275
|
+
* Create Google OAuth handler instance
|
|
276
|
+
*/
|
|
277
|
+
export function createGoogleOAuth() {
|
|
278
|
+
return new GoogleOAuth();
|
|
279
|
+
}
|
|
280
|
+
//# sourceMappingURL=oauth-google.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oauth-google.js","sourceRoot":"","sources":["../../src/auth/oauth-google.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,GAAG,MAAM,KAAK,CAAC;AAC3B,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,GAAG,EAAE,eAAe,EAAE,MAAM,KAAK,CAAC;AAG3C,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAEtD;;GAEG;AACH,SAAS,WAAW,CAAC,GAAW;IAC9B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,IAAI,OAAe,CAAC;IAEpB,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,GAAG,SAAS,GAAG,GAAG,CAAC;IAC5B,CAAC;SAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChC,OAAO,GAAG,aAAa,GAAG,GAAG,CAAC;IAChC,CAAC;SAAM,CAAC;QACN,mBAAmB;QACnB,OAAO,GAAG,aAAa,GAAG,GAAG,CAAC;IAChC,CAAC;IAED,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;QACtB,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;YACrD,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,EAAE,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAgB;IAC9C,QAAQ,EAAE,0EAA0E;IACpF,YAAY,EAAE,qCAAqC;IACnD,OAAO,EAAE,2CAA2C;IACpD,QAAQ,EAAE,qCAAqC;IAC/C,WAAW,EAAE,wBAAwB,EAAE,oCAAoC;IAC3E,MAAM,EAAE,CAAC,gDAAgD,CAAC;CAC3D,CAAC;AAEF;;GAEG;AACH,KAAK,UAAU,iBAAiB,CAAC,YAAoB,KAAK;IACxD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC;QAClC,MAAM,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;YAChD,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC9B,gBAAgB;gBAChB,iBAAiB,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAC/D,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,WAAW,EAAE,GAAG,EAAE;YACzC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAqB,CAAC;YACpD,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,WAAW;IACd,MAAM,CAAc;IAE5B,YAAY,SAAsB,mBAAmB;QACnD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,IAAc,EAAE,WAAmB;QACrD,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,aAAa,EAAE,MAAM;YACrB,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC/B,YAAY,EAAE,WAAW;YACzB,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;YACnC,cAAc,EAAE,IAAI,CAAC,aAAa;YAClC,qBAAqB,EAAE,MAAM;YAC7B,WAAW,EAAE,SAAS;YACtB,MAAM,EAAE,SAAS;YACjB,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IACvD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,qBAAqB,CACzB,IAAY,EACZ,YAAoB,EACpB,WAAmB;QAEnB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YACjD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,YAAY,EAAE,WAAW;gBACzB,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAC/B,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE;gBAC7C,aAAa,EAAE,YAAY;aAC5B,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,0BAA0B,KAAK,EAAE,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAM/B,CAAC;QAEF,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,YAAY,EAAE,IAAI,CAAC,aAAa;YAChC,OAAO,EAAE,IAAI,CAAC,QAAQ;YACtB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;YAChD,SAAS,EAAE,IAAI,CAAC,UAAU;SAC3B,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,YAAoB;QACtC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YACjD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,UAAU,EAAE,eAAe;gBAC3B,aAAa,EAAE,YAAY;gBAC3B,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAC/B,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE;aAC9C,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAM/B,CAAC;QAEF,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,YAAY,EAAE,IAAI,CAAC,aAAa,IAAI,YAAY;YAChD,OAAO,EAAE,IAAI,CAAC,QAAQ;YACtB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;YAChD,SAAS,EAAE,IAAI,CAAC,UAAU;SAC3B,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,WAAmB;QACnC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,+CAA+C,EAAE;gBAC5E,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,WAAW,EAAE;iBACvC;aACF,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAwB,CAAC;gBACzD,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC;YAC/B,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,gBAAgB;QAClB,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY;QAChB,sBAAsB;QACtB,MAAM,IAAI,GAAG,MAAM,iBAAiB,EAAE,CAAC;QACvC,MAAM,WAAW,GAAG,oBAAoB,IAAI,EAAE,CAAC;QAE/C,MAAM,IAAI,GAAG,YAAY,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QAE5D,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;gBAClD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAI,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC;gBAE1D,sDAAsD;gBACtD,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;oBACzD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAC1C,MAAM,aAAa,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;oBACpD,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;oBAE5C,gBAAgB;oBAChB,IAAI,KAAK,EAAE,CAAC;wBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;wBACpD,GAAG,CAAC,GAAG,CAAC;;;;8BAIU,KAAK;;;;aAItB,CAAC,CAAC;wBACH,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;wBACnC,OAAO;oBACT,CAAC;oBAED,eAAe;oBACf,IAAI,CAAC,aAAa,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC;wBAC9D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;wBACpD,GAAG,CAAC,GAAG,CAAC;;;;;;;;aAQP,CAAC,CAAC;wBACH,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;wBACrD,OAAO;oBACT,CAAC;oBAED,2BAA2B;oBAC3B,IAAI,IAAI,EAAE,CAAC;wBACT,IAAI,CAAC;4BACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAC7C,IAAI,EACJ,IAAI,CAAC,YAAY,EACjB,WAAW,CACZ,CAAC;4BAEF,iBAAiB;4BACjB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;4BAE7D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;4BACpD,GAAG,CAAC,GAAG,CAAC;;;;wDAIkC,KAAK,CAAC,CAAC,CAAC,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE;;;;eAIpE,CAAC,CAAC;4BACH,MAAM,CAAC,KAAK,EAAE,CAAC;4BACf,OAAO,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;wBAC5C,CAAC;wBAAC,OAAO,GAAG,EAAE,CAAC;4BACb,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;4BACpD,GAAG,CAAC,GAAG,CAAC;;;;gCAIU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;;;;eAIrE,CAAC,CAAC;4BACH,MAAM,CAAC,KAAK,EAAE,CAAC;4BACf,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;wBAC3F,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,eAAe;YACf,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;gBACpC,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;gBAC9D,OAAO,CAAC,GAAG,CAAC,uCAAuC,OAAO,IAAI,CAAC,CAAC;gBAEhE,sBAAsB;gBACtB,WAAW,CAAC,OAAO,CAAC,CAAC;YACvB,CAAC,CAAC,CAAC;YAEH,0BAA0B;YAC1B,UAAU,CAAC,GAAG,EAAE;gBACd,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC,CAAC;YAC3E,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACpB,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,IAAI,WAAW,EAAE,CAAC;AAC3B,CAAC"}
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* OpenAI OAuth 2.0 implementation for ChatGPT Plus/Pro subscriptions
|
|
3
|
+
*
|
|
4
|
+
* Uses the same OAuth flow as OpenAI's Codex CLI
|
|
5
|
+
*/
|
|
6
|
+
import type { OAuthTokens, OAuthConfig } from '../providers/types.js';
|
|
7
|
+
import type { OAuthResult, PKCEData } from './types.js';
|
|
8
|
+
/**
|
|
9
|
+
* OpenAI OAuth configuration
|
|
10
|
+
* These are the same credentials used by OpenAI's Codex CLI
|
|
11
|
+
*/
|
|
12
|
+
export declare const OPENAI_OAUTH_CONFIG: OAuthConfig;
|
|
13
|
+
/**
|
|
14
|
+
* OpenAI OAuth handler
|
|
15
|
+
*/
|
|
16
|
+
export declare class OpenAIOAuth {
|
|
17
|
+
private config;
|
|
18
|
+
constructor(config?: OAuthConfig);
|
|
19
|
+
/**
|
|
20
|
+
* Generate the authorization URL for the OAuth flow
|
|
21
|
+
*/
|
|
22
|
+
getAuthorizationUrl(pkce: PKCEData): string;
|
|
23
|
+
/**
|
|
24
|
+
* Exchange authorization code for tokens
|
|
25
|
+
*/
|
|
26
|
+
exchangeCodeForTokens(code: string, codeVerifier: string): Promise<OAuthTokens>;
|
|
27
|
+
/**
|
|
28
|
+
* Refresh tokens using refresh token
|
|
29
|
+
*/
|
|
30
|
+
refreshTokens(refreshToken: string): Promise<OAuthTokens>;
|
|
31
|
+
/**
|
|
32
|
+
* Exchange ID token for an API key (optional)
|
|
33
|
+
* This can be used if you want a traditional API key instead of OAuth tokens
|
|
34
|
+
*/
|
|
35
|
+
exchangeForApiKey(idToken: string): Promise<string>;
|
|
36
|
+
/**
|
|
37
|
+
* Run the full OAuth authentication flow
|
|
38
|
+
* Opens a browser and waits for callback
|
|
39
|
+
*/
|
|
40
|
+
authenticate(): Promise<OAuthResult>;
|
|
41
|
+
}
|
|
42
|
+
/**
|
|
43
|
+
* Create OpenAI OAuth handler instance
|
|
44
|
+
*/
|
|
45
|
+
export declare function createOpenAIOAuth(): OpenAIOAuth;
|
|
46
|
+
//# sourceMappingURL=oauth-openai.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oauth-openai.d.ts","sourceRoot":"","sources":["../../src/auth/oauth-openai.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACtE,OAAO,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AA2BxD;;;GAGG;AACH,eAAO,MAAM,mBAAmB,EAAE,WAMjC,CAAC;AAEF;;GAEG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAc;gBAEhB,MAAM,GAAE,WAAiC;IAIrD;;OAEG;IACH,mBAAmB,CAAC,IAAI,EAAE,QAAQ,GAAG,MAAM;IAgB3C;;OAEG;IACG,qBAAqB,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAqCrF;;OAEG;IACG,aAAa,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAmC/D;;;OAGG;IACG,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAwBzD;;;OAGG;IACG,YAAY,IAAI,OAAO,CAAC,WAAW,CAAC;CA+G3C;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,WAAW,CAE/C"}
|
|
@@ -0,0 +1,264 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* OpenAI OAuth 2.0 implementation for ChatGPT Plus/Pro subscriptions
|
|
3
|
+
*
|
|
4
|
+
* Uses the same OAuth flow as OpenAI's Codex CLI
|
|
5
|
+
*/
|
|
6
|
+
import * as http from 'http';
|
|
7
|
+
import { exec } from 'child_process';
|
|
8
|
+
import { URL, URLSearchParams } from 'url';
|
|
9
|
+
import { generatePKCE, verifyState } from './pkce.js';
|
|
10
|
+
/**
|
|
11
|
+
* Open URL in default browser (cross-platform)
|
|
12
|
+
*/
|
|
13
|
+
function openBrowser(url) {
|
|
14
|
+
const platform = process.platform;
|
|
15
|
+
let command;
|
|
16
|
+
if (platform === 'darwin') {
|
|
17
|
+
command = `open "${url}"`;
|
|
18
|
+
}
|
|
19
|
+
else if (platform === 'win32') {
|
|
20
|
+
command = `start "" "${url}"`;
|
|
21
|
+
}
|
|
22
|
+
else {
|
|
23
|
+
// Linux and others
|
|
24
|
+
command = `xdg-open "${url}"`;
|
|
25
|
+
}
|
|
26
|
+
exec(command, (error) => {
|
|
27
|
+
if (error) {
|
|
28
|
+
console.log('Could not open browser automatically.');
|
|
29
|
+
console.log(`Please visit: ${url}`);
|
|
30
|
+
}
|
|
31
|
+
});
|
|
32
|
+
}
|
|
33
|
+
/**
|
|
34
|
+
* OpenAI OAuth configuration
|
|
35
|
+
* These are the same credentials used by OpenAI's Codex CLI
|
|
36
|
+
*/
|
|
37
|
+
export const OPENAI_OAUTH_CONFIG = {
|
|
38
|
+
clientId: 'app_EMoamEEZ73f0CkXaXp7hrann',
|
|
39
|
+
authUrl: 'https://auth.openai.com/oauth/authorize',
|
|
40
|
+
tokenUrl: 'https://auth.openai.com/oauth/token',
|
|
41
|
+
redirectUri: 'http://localhost:1455/auth/callback',
|
|
42
|
+
scopes: ['openid', 'profile', 'email', 'offline_access'],
|
|
43
|
+
};
|
|
44
|
+
/**
|
|
45
|
+
* OpenAI OAuth handler
|
|
46
|
+
*/
|
|
47
|
+
export class OpenAIOAuth {
|
|
48
|
+
config;
|
|
49
|
+
constructor(config = OPENAI_OAUTH_CONFIG) {
|
|
50
|
+
this.config = config;
|
|
51
|
+
}
|
|
52
|
+
/**
|
|
53
|
+
* Generate the authorization URL for the OAuth flow
|
|
54
|
+
*/
|
|
55
|
+
getAuthorizationUrl(pkce) {
|
|
56
|
+
const params = new URLSearchParams({
|
|
57
|
+
response_type: 'code',
|
|
58
|
+
client_id: this.config.clientId,
|
|
59
|
+
redirect_uri: this.config.redirectUri,
|
|
60
|
+
scope: this.config.scopes.join(' '),
|
|
61
|
+
code_challenge: pkce.codeChallenge,
|
|
62
|
+
code_challenge_method: 'S256',
|
|
63
|
+
id_token_add_organizations: 'true',
|
|
64
|
+
codex_cli_simplified_flow: 'true',
|
|
65
|
+
state: pkce.state,
|
|
66
|
+
});
|
|
67
|
+
return `${this.config.authUrl}?${params.toString()}`;
|
|
68
|
+
}
|
|
69
|
+
/**
|
|
70
|
+
* Exchange authorization code for tokens
|
|
71
|
+
*/
|
|
72
|
+
async exchangeCodeForTokens(code, codeVerifier) {
|
|
73
|
+
const response = await fetch(this.config.tokenUrl, {
|
|
74
|
+
method: 'POST',
|
|
75
|
+
headers: {
|
|
76
|
+
'Content-Type': 'application/x-www-form-urlencoded',
|
|
77
|
+
},
|
|
78
|
+
body: new URLSearchParams({
|
|
79
|
+
grant_type: 'authorization_code',
|
|
80
|
+
code,
|
|
81
|
+
redirect_uri: this.config.redirectUri,
|
|
82
|
+
client_id: this.config.clientId,
|
|
83
|
+
code_verifier: codeVerifier,
|
|
84
|
+
}),
|
|
85
|
+
});
|
|
86
|
+
if (!response.ok) {
|
|
87
|
+
const error = await response.text();
|
|
88
|
+
throw new Error(`Token exchange failed: ${error}`);
|
|
89
|
+
}
|
|
90
|
+
const data = await response.json();
|
|
91
|
+
return {
|
|
92
|
+
accessToken: data.access_token,
|
|
93
|
+
refreshToken: data.refresh_token,
|
|
94
|
+
idToken: data.id_token,
|
|
95
|
+
expiresAt: Date.now() + (data.expires_in * 1000),
|
|
96
|
+
tokenType: data.token_type,
|
|
97
|
+
};
|
|
98
|
+
}
|
|
99
|
+
/**
|
|
100
|
+
* Refresh tokens using refresh token
|
|
101
|
+
*/
|
|
102
|
+
async refreshTokens(refreshToken) {
|
|
103
|
+
const response = await fetch(this.config.tokenUrl, {
|
|
104
|
+
method: 'POST',
|
|
105
|
+
headers: {
|
|
106
|
+
'Content-Type': 'application/x-www-form-urlencoded',
|
|
107
|
+
},
|
|
108
|
+
body: new URLSearchParams({
|
|
109
|
+
grant_type: 'refresh_token',
|
|
110
|
+
refresh_token: refreshToken,
|
|
111
|
+
client_id: this.config.clientId,
|
|
112
|
+
}),
|
|
113
|
+
});
|
|
114
|
+
if (!response.ok) {
|
|
115
|
+
const error = await response.text();
|
|
116
|
+
throw new Error(`Token refresh failed: ${error}`);
|
|
117
|
+
}
|
|
118
|
+
const data = await response.json();
|
|
119
|
+
return {
|
|
120
|
+
accessToken: data.access_token,
|
|
121
|
+
refreshToken: data.refresh_token || refreshToken,
|
|
122
|
+
idToken: data.id_token,
|
|
123
|
+
expiresAt: Date.now() + (data.expires_in * 1000),
|
|
124
|
+
tokenType: data.token_type,
|
|
125
|
+
};
|
|
126
|
+
}
|
|
127
|
+
/**
|
|
128
|
+
* Exchange ID token for an API key (optional)
|
|
129
|
+
* This can be used if you want a traditional API key instead of OAuth tokens
|
|
130
|
+
*/
|
|
131
|
+
async exchangeForApiKey(idToken) {
|
|
132
|
+
const response = await fetch(this.config.tokenUrl, {
|
|
133
|
+
method: 'POST',
|
|
134
|
+
headers: {
|
|
135
|
+
'Content-Type': 'application/x-www-form-urlencoded',
|
|
136
|
+
},
|
|
137
|
+
body: new URLSearchParams({
|
|
138
|
+
grant_type: 'urn:ietf:params:oauth:grant-type:token-exchange',
|
|
139
|
+
requested_token: 'openai-api-key',
|
|
140
|
+
subject_token: idToken,
|
|
141
|
+
subject_token_type: 'urn:ietf:params:oauth:token-type:id_token',
|
|
142
|
+
client_id: this.config.clientId,
|
|
143
|
+
}),
|
|
144
|
+
});
|
|
145
|
+
if (!response.ok) {
|
|
146
|
+
const error = await response.text();
|
|
147
|
+
throw new Error(`API key exchange failed: ${error}`);
|
|
148
|
+
}
|
|
149
|
+
const data = await response.json();
|
|
150
|
+
return data.access_token;
|
|
151
|
+
}
|
|
152
|
+
/**
|
|
153
|
+
* Run the full OAuth authentication flow
|
|
154
|
+
* Opens a browser and waits for callback
|
|
155
|
+
*/
|
|
156
|
+
async authenticate() {
|
|
157
|
+
const pkce = generatePKCE();
|
|
158
|
+
const authUrl = this.getAuthorizationUrl(pkce);
|
|
159
|
+
return new Promise((resolve) => {
|
|
160
|
+
const server = http.createServer(async (req, res) => {
|
|
161
|
+
const url = new URL(req.url, `http://localhost:1455`);
|
|
162
|
+
if (url.pathname === '/auth/callback') {
|
|
163
|
+
const code = url.searchParams.get('code');
|
|
164
|
+
const returnedState = url.searchParams.get('state');
|
|
165
|
+
const error = url.searchParams.get('error');
|
|
166
|
+
// Handle errors
|
|
167
|
+
if (error) {
|
|
168
|
+
res.writeHead(400, { 'Content-Type': 'text/html' });
|
|
169
|
+
res.end(`
|
|
170
|
+
<html>
|
|
171
|
+
<body style="font-family: system-ui; padding: 40px; text-align: center;">
|
|
172
|
+
<h1>Authentication Failed</h1>
|
|
173
|
+
<p>Error: ${error}</p>
|
|
174
|
+
<p>You can close this window.</p>
|
|
175
|
+
</body>
|
|
176
|
+
</html>
|
|
177
|
+
`);
|
|
178
|
+
server.close();
|
|
179
|
+
resolve({ success: false, error });
|
|
180
|
+
return;
|
|
181
|
+
}
|
|
182
|
+
// Verify state
|
|
183
|
+
if (!returnedState || !verifyState(pkce.state, returnedState)) {
|
|
184
|
+
res.writeHead(400, { 'Content-Type': 'text/html' });
|
|
185
|
+
res.end(`
|
|
186
|
+
<html>
|
|
187
|
+
<body style="font-family: system-ui; padding: 40px; text-align: center;">
|
|
188
|
+
<h1>Authentication Failed</h1>
|
|
189
|
+
<p>State mismatch - possible CSRF attack.</p>
|
|
190
|
+
<p>You can close this window.</p>
|
|
191
|
+
</body>
|
|
192
|
+
</html>
|
|
193
|
+
`);
|
|
194
|
+
server.close();
|
|
195
|
+
resolve({ success: false, error: 'State mismatch' });
|
|
196
|
+
return;
|
|
197
|
+
}
|
|
198
|
+
// Exchange code for tokens
|
|
199
|
+
if (code) {
|
|
200
|
+
try {
|
|
201
|
+
const tokens = await this.exchangeCodeForTokens(code, pkce.codeVerifier);
|
|
202
|
+
// Extract email from ID token if available
|
|
203
|
+
let email;
|
|
204
|
+
if (tokens.idToken) {
|
|
205
|
+
try {
|
|
206
|
+
const payload = JSON.parse(Buffer.from(tokens.idToken.split('.')[1], 'base64').toString());
|
|
207
|
+
email = payload.email;
|
|
208
|
+
}
|
|
209
|
+
catch {
|
|
210
|
+
// Ignore ID token parsing errors
|
|
211
|
+
}
|
|
212
|
+
}
|
|
213
|
+
res.writeHead(200, { 'Content-Type': 'text/html' });
|
|
214
|
+
res.end(`
|
|
215
|
+
<html>
|
|
216
|
+
<body style="font-family: system-ui; padding: 40px; text-align: center;">
|
|
217
|
+
<h1>Authentication Successful!</h1>
|
|
218
|
+
<p>You are now connected to OpenAI${email ? ` as ${email}` : ''}.</p>
|
|
219
|
+
<p>You can close this window and return to the terminal.</p>
|
|
220
|
+
</body>
|
|
221
|
+
</html>
|
|
222
|
+
`);
|
|
223
|
+
server.close();
|
|
224
|
+
resolve({ success: true, tokens, email });
|
|
225
|
+
}
|
|
226
|
+
catch (err) {
|
|
227
|
+
res.writeHead(500, { 'Content-Type': 'text/html' });
|
|
228
|
+
res.end(`
|
|
229
|
+
<html>
|
|
230
|
+
<body style="font-family: system-ui; padding: 40px; text-align: center;">
|
|
231
|
+
<h1>Authentication Failed</h1>
|
|
232
|
+
<p>Error: ${err instanceof Error ? err.message : 'Unknown error'}</p>
|
|
233
|
+
<p>You can close this window.</p>
|
|
234
|
+
</body>
|
|
235
|
+
</html>
|
|
236
|
+
`);
|
|
237
|
+
server.close();
|
|
238
|
+
resolve({ success: false, error: err instanceof Error ? err.message : 'Unknown error' });
|
|
239
|
+
}
|
|
240
|
+
}
|
|
241
|
+
}
|
|
242
|
+
});
|
|
243
|
+
// Start server
|
|
244
|
+
server.listen(1455, '127.0.0.1', () => {
|
|
245
|
+
console.log('\nOpening browser for OpenAI authentication...');
|
|
246
|
+
console.log(`If the browser doesn't open, visit: ${authUrl}\n`);
|
|
247
|
+
// Try to open browser
|
|
248
|
+
openBrowser(authUrl);
|
|
249
|
+
});
|
|
250
|
+
// Timeout after 5 minutes
|
|
251
|
+
setTimeout(() => {
|
|
252
|
+
server.close();
|
|
253
|
+
resolve({ success: false, error: 'Authentication timeout (5 minutes)' });
|
|
254
|
+
}, 5 * 60 * 1000);
|
|
255
|
+
});
|
|
256
|
+
}
|
|
257
|
+
}
|
|
258
|
+
/**
|
|
259
|
+
* Create OpenAI OAuth handler instance
|
|
260
|
+
*/
|
|
261
|
+
export function createOpenAIOAuth() {
|
|
262
|
+
return new OpenAIOAuth();
|
|
263
|
+
}
|
|
264
|
+
//# sourceMappingURL=oauth-openai.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oauth-openai.js","sourceRoot":"","sources":["../../src/auth/oauth-openai.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,GAAG,EAAE,eAAe,EAAE,MAAM,KAAK,CAAC;AAG3C,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAEtD;;GAEG;AACH,SAAS,WAAW,CAAC,GAAW;IAC9B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,IAAI,OAAe,CAAC;IAEpB,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,GAAG,SAAS,GAAG,GAAG,CAAC;IAC5B,CAAC;SAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChC,OAAO,GAAG,aAAa,GAAG,GAAG,CAAC;IAChC,CAAC;SAAM,CAAC;QACN,mBAAmB;QACnB,OAAO,GAAG,aAAa,GAAG,GAAG,CAAC;IAChC,CAAC;IAED,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;QACtB,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;YACrD,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,EAAE,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAgB;IAC9C,QAAQ,EAAE,8BAA8B;IACxC,OAAO,EAAE,yCAAyC;IAClD,QAAQ,EAAE,qCAAqC;IAC/C,WAAW,EAAE,qCAAqC;IAClD,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,gBAAgB,CAAC;CACzD,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,WAAW;IACd,MAAM,CAAc;IAE5B,YAAY,SAAsB,mBAAmB;QACnD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,IAAc;QAChC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,aAAa,EAAE,MAAM;YACrB,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC/B,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;YACrC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;YACnC,cAAc,EAAE,IAAI,CAAC,aAAa;YAClC,qBAAqB,EAAE,MAAM;YAC7B,0BAA0B,EAAE,MAAM;YAClC,yBAAyB,EAAE,MAAM;YACjC,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IACvD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,qBAAqB,CAAC,IAAY,EAAE,YAAoB;QAC5D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YACjD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;gBACrC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAC/B,aAAa,EAAE,YAAY;aAC5B,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,0BAA0B,KAAK,EAAE,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAM/B,CAAC;QAEF,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,YAAY,EAAE,IAAI,CAAC,aAAa;YAChC,OAAO,EAAE,IAAI,CAAC,QAAQ;YACtB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;YAChD,SAAS,EAAE,IAAI,CAAC,UAAU;SAC3B,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,YAAoB;QACtC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YACjD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,UAAU,EAAE,eAAe;gBAC3B,aAAa,EAAE,YAAY;gBAC3B,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;aAChC,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAM/B,CAAC;QAEF,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,YAAY,EAAE,IAAI,CAAC,aAAa,IAAI,YAAY;YAChD,OAAO,EAAE,IAAI,CAAC,QAAQ;YACtB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;YAChD,SAAS,EAAE,IAAI,CAAC,UAAU;SAC3B,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,iBAAiB,CAAC,OAAe;QACrC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YACjD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,UAAU,EAAE,iDAAiD;gBAC7D,eAAe,EAAE,gBAAgB;gBACjC,aAAa,EAAE,OAAO;gBACtB,kBAAkB,EAAE,2CAA2C;gBAC/D,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;aAChC,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;QACvD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA8B,CAAC;QAC/D,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY;QAChB,MAAM,IAAI,GAAG,YAAY,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAE/C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;gBAClD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAI,EAAE,uBAAuB,CAAC,CAAC;gBAEvD,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE,CAAC;oBACtC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAC1C,MAAM,aAAa,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;oBACpD,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;oBAE5C,gBAAgB;oBAChB,IAAI,KAAK,EAAE,CAAC;wBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;wBACpD,GAAG,CAAC,GAAG,CAAC;;;;8BAIU,KAAK;;;;aAItB,CAAC,CAAC;wBACH,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;wBACnC,OAAO;oBACT,CAAC;oBAED,eAAe;oBACf,IAAI,CAAC,aAAa,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC;wBAC9D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;wBACpD,GAAG,CAAC,GAAG,CAAC;;;;;;;;aAQP,CAAC,CAAC;wBACH,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;wBACrD,OAAO;oBACT,CAAC;oBAED,2BAA2B;oBAC3B,IAAI,IAAI,EAAE,CAAC;wBACT,IAAI,CAAC;4BACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;4BAEzE,2CAA2C;4BAC3C,IAAI,KAAyB,CAAC;4BAC9B,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gCACnB,IAAI,CAAC;oCACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CACxB,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAC/D,CAAC;oCACF,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;gCACxB,CAAC;gCAAC,MAAM,CAAC;oCACP,iCAAiC;gCACnC,CAAC;4BACH,CAAC;4BAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;4BACpD,GAAG,CAAC,GAAG,CAAC;;;;wDAIkC,KAAK,CAAC,CAAC,CAAC,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE;;;;eAIpE,CAAC,CAAC;4BACH,MAAM,CAAC,KAAK,EAAE,CAAC;4BACf,OAAO,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;wBAC5C,CAAC;wBAAC,OAAO,GAAG,EAAE,CAAC;4BACb,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;4BACpD,GAAG,CAAC,GAAG,CAAC;;;;gCAIU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;;;;eAIrE,CAAC,CAAC;4BACH,MAAM,CAAC,KAAK,EAAE,CAAC;4BACf,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;wBAC3F,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,eAAe;YACf,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;gBACpC,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;gBAC9D,OAAO,CAAC,GAAG,CAAC,uCAAuC,OAAO,IAAI,CAAC,CAAC;gBAEhE,sBAAsB;gBACtB,WAAW,CAAC,OAAO,CAAC,CAAC;YACvB,CAAC,CAAC,CAAC;YAEH,0BAA0B;YAC1B,UAAU,CAAC,GAAG,EAAE;gBACd,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC,CAAC;YAC3E,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACpB,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,IAAI,WAAW,EAAE,CAAC;AAC3B,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* PKCE (Proof Key for Code Exchange) utilities for OAuth 2.0
|
|
3
|
+
*/
|
|
4
|
+
import type { PKCEData } from './types.js';
|
|
5
|
+
/**
|
|
6
|
+
* Generate PKCE code verifier and challenge
|
|
7
|
+
* RFC 7636: https://datatracker.ietf.org/doc/html/rfc7636
|
|
8
|
+
*/
|
|
9
|
+
export declare function generatePKCE(): PKCEData;
|
|
10
|
+
/**
|
|
11
|
+
* Verify that a state matches the expected state
|
|
12
|
+
*/
|
|
13
|
+
export declare function verifyState(expected: string, received: string): boolean;
|
|
14
|
+
//# sourceMappingURL=pkce.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pkce.d.ts","sourceRoot":"","sources":["../../src/auth/pkce.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAE3C;;;GAGG;AACH,wBAAgB,YAAY,IAAI,QAAQ,CAkBvC;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CASvE"}
|