opencode-qwencode-auth 1.0.0

package/src/index.ts

@@ -0,0 +1,217 @@
+/**
+ * OpenCode Qwen Auth Plugin
+ *
+ * Plugin de autenticação OAuth para Qwen, baseado no qwen-code.
+ * Implementa Device Flow (RFC 8628) para autenticação.
+ */
+
+import { existsSync } from 'node:fs';
+import { spawn } from 'node:child_process';
+
+import { QWEN_PROVIDER_ID, QWEN_API_CONFIG, QWEN_MODELS } from './constants.js';
+import type { QwenCredentials } from './types.js';
+import {
+  loadCredentials,
+  saveCredentials,
+  getCredentialsPath,
+  isCredentialsExpired,
+} from './plugin/auth.js';
+import {
+  generatePKCE,
+  requestDeviceAuthorization,
+  pollDeviceToken,
+  tokenResponseToCredentials,
+  refreshAccessToken,
+} from './qwen/oauth.js';
+
+// ============================================
+// Helpers
+// ============================================
+
+function getBaseUrl(resourceUrl?: string): string {
+  if (!resourceUrl) return QWEN_API_CONFIG.baseUrl;
+  if (resourceUrl.startsWith('http')) {
+    return resourceUrl.endsWith('/v1') ? resourceUrl : `${resourceUrl}/v1`;
+  }
+  return `https://${resourceUrl}/v1`;
+}
+
+function openBrowser(url: string): void {
+  try {
+    const platform = process.platform;
+    const command = platform === 'darwin' ? 'open' : platform === 'win32' ? 'rundll32' : 'xdg-open';
+    const args = platform === 'win32' ? ['url.dll,FileProtocolHandler', url] : [url];
+    const child = spawn(command, args, { stdio: 'ignore', detached: true });
+    child.unref?.();
+  } catch {
+    // Ignore errors
+  }
+}
+
+export function checkExistingCredentials(): QwenCredentials | null {
+  const credPath = getCredentialsPath();
+  if (existsSync(credPath)) {
+    const creds = loadCredentials();
+    if (creds && !isCredentialsExpired(creds)) {
+      return creds;
+    }
+  }
+  return null;
+}
+
+// ============================================
+// Plugin Principal
+// ============================================
+
+export const QwenAuthPlugin = async (_input: unknown) => {
+  return {
+    auth: {
+      provider: QWEN_PROVIDER_ID,
+
+      loader: async (
+        getAuth: () => Promise<{ type: string; access?: string; refresh?: string; expires?: number }>,
+        provider: { models?: Record<string, { cost?: { input: number; output: number } }> }
+      ) => {
+        const auth = await getAuth();
+
+        // Se não é OAuth, tentar carregar credenciais do qwen-code
+        if (!auth || auth.type !== 'oauth') {
+          const creds = checkExistingCredentials();
+          if (creds) {
+            return {
+              apiKey: creds.accessToken,
+              baseURL: getBaseUrl(creds.resourceUrl),
+            };
+          }
+          return null;
+        }
+
+        // Zerar custo dos modelos (gratuito via OAuth)
+        if (provider?.models) {
+          for (const model of Object.values(provider.models)) {
+            if (model) model.cost = { input: 0, output: 0 };
+          }
+        }
+
+        let accessToken = auth.access;
+
+        // Refresh se expirado
+        if (accessToken && auth.expires && Date.now() > auth.expires - 30000 && auth.refresh) {
+          try {
+            const refreshed = await refreshAccessToken(auth.refresh);
+            accessToken = refreshed.accessToken;
+            saveCredentials(refreshed);
+          } catch (e) {
+            console.error('[Qwen] Token refresh failed:', e);
+          }
+        }
+
+        // Fallback para credenciais do qwen-code
+        if (!accessToken) {
+          const creds = checkExistingCredentials();
+          if (creds) accessToken = creds.accessToken;
+        }
+
+        if (!accessToken) return null;
+
+        const creds = loadCredentials();
+        return {
+          apiKey: accessToken,
+          baseURL: getBaseUrl(creds?.resourceUrl),
+        };
+      },
+
+      methods: [
+        {
+          type: 'oauth',
+          label: 'Qwen Code (qwen.ai OAuth)',
+          authorize: async () => {
+            const { verifier, challenge } = generatePKCE();
+
+            try {
+              const deviceAuth = await requestDeviceAuthorization(challenge);
+              openBrowser(deviceAuth.verification_uri_complete);
+
+              const POLLING_MARGIN_MS = 3000;
+
+              return {
+                url: deviceAuth.verification_uri_complete,
+                instructions: `Código: ${deviceAuth.user_code}`,
+                method: 'auto' as const,
+                callback: async () => {
+                  const startTime = Date.now();
+                  const timeoutMs = deviceAuth.expires_in * 1000;
+                  let interval = 5000;
+
+                  while (Date.now() - startTime < timeoutMs) {
+                    await Bun.sleep(interval + POLLING_MARGIN_MS);
+
+                    try {
+                      const tokenResponse = await pollDeviceToken(deviceAuth.device_code, verifier);
+
+                      if (tokenResponse) {
+                        const credentials = tokenResponseToCredentials(tokenResponse);
+                        saveCredentials(credentials);
+
+                        return {
+                          type: 'success' as const,
+                          access: credentials.accessToken,
+                          refresh: credentials.refreshToken || '',
+                          expires: credentials.expiryDate || Date.now() + 3600000,
+                        };
+                      }
+                    } catch (e) {
+                      const msg = e instanceof Error ? e.message : '';
+                      if (msg.includes('slow_down')) {
+                        interval = Math.min(interval + 5000, 15000);
+                      } else if (!msg.includes('authorization_pending')) {
+                        return { type: 'failed' as const };
+                      }
+                    }
+                  }
+
+                  return { type: 'failed' as const };
+                },
+              };
+            } catch (e) {
+              const msg = e instanceof Error ? e.message : 'Erro desconhecido';
+              return {
+                url: '',
+                instructions: `Erro: ${msg}`,
+                method: 'auto' as const,
+                callback: async () => ({ type: 'failed' as const }),
+              };
+            }
+          },
+        },
+      ],
+    },
+
+    config: async (config: Record<string, unknown>) => {
+      const providers = (config.provider as Record<string, unknown>) || {};
+
+      providers[QWEN_PROVIDER_ID] = {
+        npm: '@ai-sdk/openai-compatible',
+        name: 'Qwen Code',
+        options: { baseURL: QWEN_API_CONFIG.baseUrl },
+        models: Object.fromEntries(
+          Object.entries(QWEN_MODELS).map(([id, m]) => [
+            id,
+            {
+              id: m.id,
+              name: m.name,
+              reasoning: false,
+              limit: { context: m.contextWindow, output: m.maxOutput },
+              cost: m.cost,
+              modalities: { input: ['text'], output: ['text'] },
+            },
+          ])
+        ),
+      };
+
+      config.provider = providers;
+    },
+  };
+};
+
+export default QwenAuthPlugin;

package/src/plugin/auth.ts

@@ -0,0 +1,114 @@
+/**
+ * Qwen Credentials Management
+ *
+ * Handles loading, saving, and validating credentials
+ */
+
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';
+
+import type { QwenCredentials } from '../types.js';
+import { refreshAccessToken, isCredentialsExpired } from '../qwen/oauth.js';
+
+/**
+ * Get the path to the credentials file
+ * Uses the same location as qwen-code for compatibility
+ */
+export function getCredentialsPath(): string {
+  const homeDir = homedir();
+  return join(homeDir, '.qwen', 'oauth_creds.json');
+}
+
+/**
+ * Get the OpenCode auth store path
+ */
+export function getOpenCodeAuthPath(): string {
+  const homeDir = homedir();
+  return join(homeDir, '.local', 'share', 'opencode', 'auth.json');
+}
+
+/**
+ * Load existing Qwen credentials if available
+ * Supports qwen-code format with expiry_date and resource_url
+ */
+export function loadCredentials(): QwenCredentials | null {
+  const credPath = getCredentialsPath();
+
+  if (!existsSync(credPath)) {
+    return null;
+  }
+
+  try {
+    const data = readFileSync(credPath, 'utf-8');
+    const parsed = JSON.parse(data);
+
+    // Handle qwen-code format and variations
+    if (parsed.access_token || parsed.accessToken) {
+      return {
+        accessToken: parsed.access_token || parsed.accessToken,
+        tokenType: parsed.token_type || parsed.tokenType || 'Bearer',
+        refreshToken: parsed.refresh_token || parsed.refreshToken,
+        resourceUrl: parsed.resource_url || parsed.resourceUrl,
+        // qwen-code uses expiry_date, fallback to expires_at for compatibility
+        expiryDate: parsed.expiry_date || parsed.expiresAt || parsed.expires_at,
+        scope: parsed.scope,
+      };
+    }
+
+    return null;
+  } catch (error) {
+    console.error('Error loading Qwen credentials:', error);
+    return null;
+  }
+}
+
+/**
+ * Save credentials to file in qwen-code compatible format
+ */
+export function saveCredentials(credentials: QwenCredentials): void {
+  const credPath = getCredentialsPath();
+  const dir = join(homedir(), '.qwen');
+
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+
+  // Save in qwen-code format for compatibility
+  const data = {
+    access_token: credentials.accessToken,
+    token_type: credentials.tokenType || 'Bearer',
+    refresh_token: credentials.refreshToken,
+    resource_url: credentials.resourceUrl,
+    expiry_date: credentials.expiryDate,
+    scope: credentials.scope,
+  };
+
+  writeFileSync(credPath, JSON.stringify(data, null, 2));
+}
+
+/**
+ * Get valid credentials, refreshing if necessary
+ */
+export async function getValidCredentials(): Promise<QwenCredentials | null> {
+  let credentials = loadCredentials();
+
+  if (!credentials) {
+    return null;
+  }
+
+  if (isCredentialsExpired(credentials) && credentials.refreshToken) {
+    try {
+      credentials = await refreshAccessToken(credentials.refreshToken);
+      saveCredentials(credentials);
+    } catch (error) {
+      console.error('Failed to refresh token:', error);
+      return null;
+    }
+  }
+
+  return credentials;
+}
+
+// Re-export isCredentialsExpired for convenience
+export { isCredentialsExpired } from '../qwen/oauth.js';

package/src/plugin/client.ts

@@ -0,0 +1,217 @@
+/**
+ * Qwen API Client
+ *
+ * OpenAI-compatible client for making API calls to Qwen
+ */
+
+import { QWEN_API_CONFIG, QWEN_MODELS } from '../constants.js';
+import type {
+  QwenCredentials,
+  ChatCompletionRequest,
+  ChatCompletionResponse,
+  StreamChunk
+} from '../types.js';
+import { getValidCredentials, loadCredentials, isCredentialsExpired } from './auth.js';
+
+/**
+ * QwenClient - Makes authenticated API calls to Qwen
+ */
+export class QwenClient {
+  private credentials: QwenCredentials | null = null;
+  private debug: boolean;
+
+  constructor(options: { debug?: boolean } = {}) {
+    this.debug = options.debug || process.env.OPENCODE_QWEN_DEBUG === '1';
+  }
+
+  /**
+   * Get the API base URL from credentials or fallback to default
+   */
+  private getBaseUrl(): string {
+    if (this.credentials?.resourceUrl) {
+      // resourceUrl from qwen-code is just the host, need to add protocol and path
+      const resourceUrl = this.credentials.resourceUrl;
+      if (resourceUrl.startsWith('http')) {
+        return resourceUrl.endsWith('/v1') ? resourceUrl : `${resourceUrl}/v1`;
+      }
+      return `https://${resourceUrl}/v1`;
+    }
+    return QWEN_API_CONFIG.baseUrl;
+  }
+
+  /**
+   * Get the chat completions endpoint
+   */
+  private getChatEndpoint(): string {
+    return `${this.getBaseUrl()}/chat/completions`;
+  }
+
+  /**
+   * Initialize the client with credentials
+   */
+  async initialize(): Promise<boolean> {
+    this.credentials = await getValidCredentials();
+    return this.credentials !== null;
+  }
+
+  /**
+   * Set credentials directly
+   */
+  setCredentials(credentials: QwenCredentials): void {
+    this.credentials = credentials;
+  }
+
+  /**
+   * Get the authorization header
+   */
+  private getAuthHeader(): string {
+    if (!this.credentials) {
+      throw new Error('Not authenticated. Please run the OAuth flow first.');
+    }
+    return `Bearer ${this.credentials.accessToken}`;
+  }
+
+  /**
+   * Log debug information
+   */
+  private log(...args: unknown[]): void {
+    if (this.debug) {
+      console.log('[Qwen Client]', ...args);
+    }
+  }
+
+  /**
+   * Make a chat completion request
+   */
+  async chatCompletion(request: ChatCompletionRequest): Promise<ChatCompletionResponse> {
+    if (!this.credentials) {
+      const initialized = await this.initialize();
+      if (!initialized) {
+        throw new Error('No valid Qwen credentials found. Please authenticate first.');
+      }
+    }
+
+    this.log('Chat completion request:', JSON.stringify(request, null, 2));
+
+    const response = await fetch(this.getChatEndpoint(), {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Authorization': this.getAuthHeader(),
+        'Accept': 'application/json',
+      },
+      body: JSON.stringify(request),
+    });
+
+    if (!response.ok) {
+      const errorText = await response.text();
+      this.log('API Error:', response.status, errorText);
+      throw new Error(`Qwen API error: ${response.status} - ${errorText}`);
+    }
+
+    const data = await response.json();
+    this.log('Chat completion response:', JSON.stringify(data, null, 2));
+
+    return data as ChatCompletionResponse;
+  }
+
+  /**
+   * Make a streaming chat completion request
+   */
+  async *chatCompletionStream(request: ChatCompletionRequest): AsyncGenerator<StreamChunk> {
+    if (!this.credentials) {
+      const initialized = await this.initialize();
+      if (!initialized) {
+        throw new Error('No valid Qwen credentials found. Please authenticate first.');
+      }
+    }
+
+    const streamRequest = { ...request, stream: true };
+    this.log('Streaming chat completion request:', JSON.stringify(streamRequest, null, 2));
+
+    const response = await fetch(this.getChatEndpoint(), {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Authorization': this.getAuthHeader(),
+        'Accept': 'text/event-stream',
+      },
+      body: JSON.stringify(streamRequest),
+    });
+
+    if (!response.ok) {
+      const errorText = await response.text();
+      this.log('API Error:', response.status, errorText);
+      throw new Error(`Qwen API error: ${response.status} - ${errorText}`);
+    }
+
+    const reader = response.body?.getReader();
+    if (!reader) {
+      throw new Error('No response body');
+    }
+
+    const decoder = new TextDecoder();
+    let buffer = '';
+
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+
+      buffer += decoder.decode(value, { stream: true });
+      const lines = buffer.split('\n');
+      buffer = lines.pop() || '';
+
+      for (const line of lines) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed === 'data: [DONE]') continue;
+        if (!trimmed.startsWith('data: ')) continue;
+
+        try {
+          const json = trimmed.slice(6);
+          const chunk = JSON.parse(json) as StreamChunk;
+          this.log('Stream chunk:', JSON.stringify(chunk, null, 2));
+          yield chunk;
+        } catch (e) {
+          this.log('Failed to parse chunk:', trimmed, e);
+        }
+      }
+    }
+  }
+
+  /**
+   * List available models
+   */
+  async listModels(): Promise<Array<{ id: string; object: string; created: number }>> {
+    return Object.values(QWEN_MODELS).map(model => ({
+      id: model.id,
+      object: 'model',
+      created: Date.now(),
+    }));
+  }
+
+  /**
+   * Check if authenticated
+   */
+  isAuthenticated(): boolean {
+    const creds = loadCredentials();
+    return creds !== null && !isCredentialsExpired(creds);
+  }
+
+  /**
+   * Get current credentials info
+   */
+  getCredentialsInfo(): { authenticated: boolean; expiryDate?: number; resourceUrl?: string } {
+    const creds = loadCredentials();
+    if (!creds) {
+      return { authenticated: false };
+    }
+    return {
+      authenticated: !isCredentialsExpired(creds),
+      expiryDate: creds.expiryDate,
+      resourceUrl: creds.resourceUrl,
+    };
+  }
+}
+
+// Export singleton instance
+export const qwenClient = new QwenClient();

package/src/plugin/utils.ts

@@ -0,0 +1,17 @@
+/**
+ * Plugin Utilities
+ */
+
+/**
+ * Open URL in browser
+ */
+export async function openBrowser(url: string): Promise<void> {
+  try {
+    // Dynamic import for ESM compatibility
+    const open = await import('open');
+    await open.default(url);
+  } catch (error) {
+    // Fallback to console instruction
+    console.log(`\nPlease open this URL in your browser:\n${url}\n`);
+  }
+}