wyxrouter 0.4.71

package/src/app/api/oauth/[provider]/[action]/route.js

@@ -0,0 +1,343 @@
+import { NextResponse } from "next/server";
+import { 
+  getProvider, 
+  generateAuthData, 
+  exchangeTokens, 
+  requestDeviceCode, 
+  pollForToken 
+} from "@/lib/oauth/providers";
+import { createProviderConnection } from "@/models";
+import {
+  startCodexProxy,
+  stopCodexProxy,
+  registerCodexSession,
+  getCodexSessionStatus,
+  clearCodexSession,
+  startXaiProxy,
+  stopXaiProxy,
+  registerXaiSession,
+  getXaiSessionStatus,
+  clearXaiSession,
+} from "@/lib/oauth/utils/server";
+
+async function completeXaiManualCode(code, state) {
+  const session = state ? getXaiSessionStatus(state) : null;
+  if (!session) {
+    throw new Error("xAI OAuth session not found; restart the login flow and paste the code again");
+  }
+  if (!code) throw new Error("Missing xAI authorization code");
+
+  try {
+    const tokenData = await exchangeTokens(
+      "xai",
+      code,
+      session.redirectUri,
+      session.codeVerifier,
+      state
+    );
+    const connection = await createProviderConnection({
+      provider: "xai",
+      authType: "oauth",
+      ...tokenData,
+      expiresAt: tokenData.expiresIn
+        ? new Date(Date.now() + tokenData.expiresIn * 1000).toISOString()
+        : null,
+      testStatus: "active",
+    });
+    clearXaiSession(state);
+    stopXaiProxy();
+    return {
+      id: connection.id,
+      provider: connection.provider,
+      email: connection.email,
+      displayName: connection.displayName,
+    };
+  } catch (err) {
+    clearXaiSession(state);
+    stopXaiProxy();
+    throw err;
+  }
+}
+
+/**
+ * Dynamic OAuth API Route
+ * Handles: authorize, exchange, device-code, poll
+ */
+
+// GET /api/oauth/[provider]/authorize - Generate auth URL
+// GET /api/oauth/[provider]/device-code - Request device code (for device_code flow)
+export async function GET(request, { params }) {
+  try {
+    const { provider, action } = await params;
+    const { searchParams } = new URL(request.url);
+
+    if (action === "authorize") {
+      const redirectUri = searchParams.get("redirect_uri") || "http://localhost:8080/callback";
+      // Collect provider-specific meta params (e.g. gitlab passes baseUrl, clientId, clientSecret)
+      const reservedParams = new Set(["redirect_uri"]);
+      const meta = {};
+      searchParams.forEach((value, key) => { if (!reservedParams.has(key)) meta[key] = value; });
+      const authData = await generateAuthData(provider, redirectUri, Object.keys(meta).length ? meta : undefined);
+      return NextResponse.json(authData);
+    }
+
+    if (action === "start-proxy") {
+      if (!["codex", "xai"].includes(provider)) {
+        return NextResponse.json({ error: "Proxy only supported for codex/xai" }, { status: 400 });
+      }
+      const appPort = searchParams.get("app_port");
+      if (!appPort) {
+        return NextResponse.json({ error: "Missing app_port" }, { status: 400 });
+      }
+      const state = searchParams.get("state");
+      const codeVerifier = searchParams.get("code_verifier");
+      const redirectUri = searchParams.get("redirect_uri");
+      const result = provider === "xai"
+        ? await startXaiProxy(Number(appPort))
+        : await startCodexProxy(Number(appPort));
+      let serverSide = false;
+      if (result.success && state && codeVerifier && redirectUri) {
+        serverSide = provider === "xai"
+          ? registerXaiSession({ state, codeVerifier, redirectUri })
+          : registerCodexSession({ state, codeVerifier, redirectUri });
+      }
+      return NextResponse.json({ ...result, serverSide });
+    }
+
+    if (action === "poll-status") {
+      if (!["codex", "xai"].includes(provider)) {
+        return NextResponse.json({ error: "Poll only supported for codex/xai" }, { status: 400 });
+      }
+      const state = searchParams.get("state");
+      if (!state) {
+        return NextResponse.json({ error: "Missing state" }, { status: 400 });
+      }
+      const session = provider === "xai" ? getXaiSessionStatus(state) : getCodexSessionStatus(state);
+      if (!session) return NextResponse.json({ status: "unknown" });
+      if (session.status === "done" || session.status === "error") {
+        const payload = { ...session };
+        if (provider === "xai") clearXaiSession(state);
+        else clearCodexSession(state);
+        return NextResponse.json(payload);
+      }
+      return NextResponse.json({ status: session.status });
+    }
+
+    if (action === "stop-proxy") {
+      if (!["codex", "xai"].includes(provider)) {
+        return NextResponse.json({ error: "Proxy only supported for codex/xai" }, { status: 400 });
+      }
+      if (provider === "xai") stopXaiProxy();
+      else stopCodexProxy();
+      return NextResponse.json({ success: true });
+    }
+
+    if (action === "device-code") {
+      const providerData = getProvider(provider);
+      if (providerData.flowType !== "device_code") {
+        return NextResponse.json({ error: "Provider does not support device code flow" }, { status: 400 });
+      }
+
+      const authData = await generateAuthData(provider, null);
+      const startUrl = searchParams.get("start_url");
+      const region = searchParams.get("region");
+      const authMethod = searchParams.get("auth_method");
+      const deviceOptions = provider === "kiro"
+        ? {
+            ...(startUrl ? { startUrl } : {}),
+            ...(region ? { region } : {}),
+            ...(authMethod ? { authMethod } : {}),
+          }
+        : undefined;
+      
+      // Providers that don't use PKCE for device code
+      const noPkceDeviceProviders = ["github", "kiro", "kimi-coding", "kilocode", "codebuddy", "qoder"];
+      let deviceData;
+      if (noPkceDeviceProviders.includes(provider)) {
+        deviceData = await requestDeviceCode(provider, undefined, deviceOptions);
+      } else {
+        // Qwen and other PKCE providers
+        deviceData = await requestDeviceCode(provider, authData.codeChallenge, deviceOptions);
+      }
+
+      return NextResponse.json({
+        ...deviceData,
+        // Prefer the verifier the provider's requestDeviceCode generated for
+        // itself (qoder rolls its own PKCE pair); fall back to the generic one.
+        codeVerifier: deviceData.codeVerifier || authData.codeVerifier,
+      });
+    }
+
+    return NextResponse.json({ error: "Unknown action" }, { status: 400 });
+  } catch (error) {
+    console.log("OAuth GET error:", error);
+    return NextResponse.json({ error: error.message }, { status: 500 });
+  }
+}
+
+// POST /api/oauth/[provider]/exchange - Exchange code for tokens and save
+// POST /api/oauth/[provider]/poll - Poll for token (device_code flow)
+export async function POST(request, { params }) {
+  try {
+    const { provider, action } = await params;
+    let body;
+    try {
+      body = await request.json();
+    } catch {
+      return NextResponse.json({ error: "Invalid or empty request body" }, { status: 400 });
+    }
+
+    if (action === "exchange") {
+      const { code, redirectUri, codeVerifier, state, meta } = body;
+
+      // Detect if "code" is actually a raw JWT access token (starts with eyJ)
+      if (code && code.startsWith("eyJ") && code.includes(".")) {
+        const { extractCodexAccountInfo } = await import("@/lib/oauth/providers");
+        const info = extractCodexAccountInfo(code);
+
+        // Also decode JWT directly for ChatGPT website tokens which use
+        // top-level account_id/plan_type instead of nested openai auth claims
+        let directPayload = {};
+        try {
+          const b64 = code.split(".")[1].replace(/-/g, "+").replace(/_/g, "/");
+          const padded = b64 + "=".repeat((4 - b64.length % 4) % 4);
+          directPayload = JSON.parse(Buffer.from(padded, "base64").toString("utf8"));
+        } catch {}
+
+        const accountId = info.chatgptAccountId || directPayload.account_id;
+        const planType = info.chatgptPlanType || directPayload.plan_type;
+        const email = info.email || directPayload.email;
+
+        const providerSpecificData = { authMethod: "access_token" };
+        if (accountId) providerSpecificData.chatgptAccountId = accountId;
+        if (planType) providerSpecificData.chatgptPlanType = planType;
+
+        const connection = await createProviderConnection({
+          provider,
+          authType: "access_token",
+          accessToken: code,
+          email: email || null,
+          providerSpecificData,
+          testStatus: "active",
+        });
+
+        return NextResponse.json({
+          success: true,
+          connection: {
+            id: connection.id,
+            provider: connection.provider,
+            email: connection.email,
+            displayName: connection.displayName,
+          }
+        });
+      }
+
+      // Cline uses authorization_code without PKCE
+      const noPkceExchangeProviders = ["cline"];
+      if (!code || !redirectUri || (!codeVerifier && !noPkceExchangeProviders.includes(provider))) {
+        return NextResponse.json({ error: "Missing required fields" }, { status: 400 });
+      }
+
+      // Exchange code for tokens (meta carries provider-specific params, e.g. gitlab clientId/baseUrl)
+      const tokenData = await exchangeTokens(provider, code, redirectUri, codeVerifier, state, meta);
+
+      // Save to database
+      const connection = await createProviderConnection({
+        provider,
+        authType: "oauth",
+        ...tokenData,
+        expiresAt: tokenData.expiresIn 
+          ? new Date(Date.now() + tokenData.expiresIn * 1000).toISOString() 
+          : null,
+        testStatus: "active",
+      });
+
+      return NextResponse.json({ 
+        success: true, 
+        connection: {
+          id: connection.id,
+          provider: connection.provider,
+          email: connection.email,
+          displayName: connection.displayName,
+        }
+      });
+    }
+
+    if (action === "poll") {
+      const { deviceCode, codeVerifier, extraData } = body;
+
+      if (!deviceCode) {
+        return NextResponse.json({ error: "Missing device code" }, { status: 400 });
+      }
+
+      // Providers that don't use PKCE for device code
+      const noPkceProviders = ["github", "kimi-coding", "kilocode", "codebuddy"];
+      let result;
+      if (noPkceProviders.includes(provider)) {
+        result = await pollForToken(provider, deviceCode);
+      } else if (provider === "kiro") {
+        // Kiro needs extraData (clientId, clientSecret) from device code response
+        result = await pollForToken(provider, deviceCode, null, extraData);
+      } else if (provider === "qoder") {
+        // Qoder needs both the PKCE verifier (codeVerifier) and the machineId
+        // captured at device-code time (extraData._qoderMachineId) so
+        // mapTokens can persist it for COSY signing.
+        if (!codeVerifier) {
+          return NextResponse.json({ error: "Missing code verifier" }, { status: 400 });
+        }
+        result = await pollForToken(provider, deviceCode, codeVerifier, extraData);
+      } else {
+        // Qwen and other PKCE providers
+        if (!codeVerifier) {
+          return NextResponse.json({ error: "Missing code verifier" }, { status: 400 });
+        }
+        result = await pollForToken(provider, deviceCode, codeVerifier);
+      }
+
+      if (result.success) {
+        // Save to database
+        const connection = await createProviderConnection({
+          provider,
+          authType: "oauth",
+          ...result.tokens,
+          expiresAt: result.tokens.expiresIn 
+            ? new Date(Date.now() + result.tokens.expiresIn * 1000).toISOString() 
+            : null,
+          testStatus: "active",
+        });
+
+        return NextResponse.json({ 
+          success: true, 
+          connection: {
+            id: connection.id,
+            provider: connection.provider,
+          }
+        });
+      }
+
+      // Still pending or error - don't create connection for pending states
+      const isPending = result.pending || result.error === "authorization_pending" || result.error === "slow_down";
+      
+      return NextResponse.json({
+        success: false,
+        error: result.error,
+        errorDescription: result.errorDescription,
+        pending: isPending,
+      });
+    }
+
+    if (action === "manual-code") {
+      if (provider !== "xai") {
+        return NextResponse.json({ error: "Manual code only supported for xai" }, { status: 400 });
+      }
+      const { code, state } = body;
+      const connection = await completeXaiManualCode(String(code || "").trim(), String(state || "").trim());
+      return NextResponse.json({ success: true, connection });
+    }
+
+    return NextResponse.json({ error: "Unknown action" }, { status: 400 });
+  } catch (error) {
+    console.log("OAuth POST error:", error);
+    return NextResponse.json({ error: error.message }, { status: 500 });
+  }
+}

package/src/app/api/oauth/codebuddy/bulk-import/[jobId]/cancel/route.js

@@ -0,0 +1,19 @@
+import { NextResponse } from "next/server";
+import { getCodeBuddyBulkImportManager } from "@/lib/oauth/services/codebuddyBulkImportManager";
+
+export const dynamic = "force-dynamic";
+
+export async function POST(_request, { params }) {
+  const { jobId } = await params;
+  const manager = getCodeBuddyBulkImportManager();
+  const job = manager.cancelJob(jobId);
+
+  if (!job) {
+    return NextResponse.json({ error: "Bulk import job not found" }, { status: 404 });
+  }
+
+  return NextResponse.json({
+    success: true,
+    job,
+  });
+}

package/src/app/api/oauth/codebuddy/bulk-import/[jobId]/manual/[workerId]/route.js

@@ -0,0 +1,30 @@
+import { NextResponse } from "next/server";
+import { getCodeBuddyBulkImportManager } from "@/lib/oauth/services/codebuddyBulkImportManager";
+
+export const dynamic = "force-dynamic";
+
+export async function POST(_request, { params }) {
+  const { jobId, workerId } = await params;
+  const manager = getCodeBuddyBulkImportManager();
+  const result = await manager.openManualSession(jobId, workerId);
+
+  if (!result) {
+    return NextResponse.json({ error: "Bulk import job not found" }, { status: 404 });
+  }
+
+  if (!result.ok) {
+    return NextResponse.json(
+      {
+        error: result.error || "Manual session not found for this worker",
+        job: result.job,
+      },
+      { status: 404 }
+    );
+  }
+
+  return NextResponse.json({
+    success: true,
+    job: result.job,
+    account: result.account,
+  });
+}

package/src/app/api/oauth/codebuddy/bulk-import/[jobId]/route.js

@@ -0,0 +1,23 @@
+import { NextResponse } from "next/server";
+import { buildLookupResponse, getCodeBuddyBulkImportManager } from "@/lib/oauth/services/codebuddyBulkImportManager";
+
+export const dynamic = "force-dynamic";
+
+export async function GET(_request, { params }) {
+  const { jobId } = await params;
+  const manager = getCodeBuddyBulkImportManager();
+  const job = await manager.getJobWithPreview(jobId);
+
+  if (!job) {
+    return NextResponse.json({
+      success: false,
+      ...buildLookupResponse(null, { stale: true }),
+      error: "Bulk import job not found",
+    }, { status: 404 });
+  }
+
+  return NextResponse.json({
+    success: true,
+    ...buildLookupResponse(job),
+  });
+}

package/src/app/api/oauth/codebuddy/bulk-import/latest/route.js

@@ -0,0 +1,25 @@
+import { NextResponse } from "next/server";
+import { buildLookupResponse, getCodeBuddyBulkImportManager } from "@/lib/oauth/services/codebuddyBulkImportManager";
+
+export const dynamic = "force-dynamic";
+
+export async function GET(request) {
+  const manager = getCodeBuddyBulkImportManager();
+  const searchParams = new URL(request.url).searchParams;
+  const scope = searchParams.get("scope");
+  const includeRecentTerminal = scope === "recent" || scope === "recoverable" || scope === "all";
+  const job = await manager.getLatestJobWithPreview({ includeRecentTerminal });
+
+  if (!job) {
+    return NextResponse.json({
+      success: false,
+      ...buildLookupResponse(null),
+      error: "Bulk import job not found",
+    }, { status: 404 });
+  }
+
+  return NextResponse.json({
+    success: true,
+    ...buildLookupResponse(job),
+  });
+}

package/src/app/api/oauth/codebuddy/bulk-import/route.js

@@ -0,0 +1,49 @@
+import { NextResponse } from "next/server";
+import { getCodeBuddyBulkImportManager, parseCodeBuddyBulkAccounts } from "@/lib/oauth/services/codebuddyBulkImportManager";
+
+export const dynamic = "force-dynamic";
+
+export async function POST(request) {
+  try {
+    const body = await request.json();
+    const accounts = Array.isArray(body?.accounts) ? body.accounts : [];
+    const { parsed, invalidLines } = parseCodeBuddyBulkAccounts(accounts);
+
+    if (!parsed.length) {
+      return NextResponse.json(
+        { error: "At least one account entry is required" },
+        { status: 400 }
+      );
+    }
+
+    if (invalidLines.length > 0) {
+      return NextResponse.json(
+        {
+          error: "Invalid account format. Use one account per line: gmail@example.com|password",
+          invalidLines,
+        },
+        { status: 400 }
+      );
+    }
+
+    const manager = getCodeBuddyBulkImportManager();
+    const job = await manager.startJob({
+      accounts,
+      concurrency: body?.concurrency,
+    });
+
+    return NextResponse.json({
+      success: true,
+      job,
+    });
+  } catch (error) {
+    const status = Array.isArray(error?.invalidLines) ? 400 : 500;
+    return NextResponse.json(
+      {
+        error: error?.error || error?.message || "Failed to start CodeBuddy bulk import",
+        ...(Array.isArray(error?.invalidLines) ? { invalidLines: error.invalidLines } : {}),
+      },
+      { status }
+    );
+  }
+}

package/src/app/api/oauth/codebuddy/quota-cookie/route.js

@@ -0,0 +1,133 @@
+import { NextResponse } from "next/server";
+import { getProviderConnectionById, updateProviderConnection } from "@/models";
+
+const CODEBUDDY_USAGE_URL = "https://www.codebuddy.ai/billing/meter/get-user-resource";
+const CODEBUDDY_PACKAGE_CODES = [
+  "TCACA_code_001_PqouKr6QWV",
+  "TCACA_code_002_AkiJS3ZHF5",
+  "TCACA_code_006_DbXS0lrypC",
+  "TCACA_code_007_nzdH5h4Nl0",
+  "TCACA_code_003_FAnt7lcmRT",
+  "TCACA_code_008_cfWoLwvjU4",
+  "TCACA_code_009_0XmEQc2xOf",
+];
+
+function formatDate(date) {
+  const pad = (value) => String(value).padStart(2, "0");
+  return `${date.getFullYear()}-${pad(date.getMonth() + 1)}-${pad(date.getDate())} ${pad(date.getHours())}:${pad(date.getMinutes())}:${pad(date.getSeconds())}`;
+}
+
+function buildUsageBody() {
+  const now = new Date();
+  const end = new Date(now);
+  end.setFullYear(end.getFullYear() + 101);
+
+  return {
+    PageNumber: 1,
+    PageSize: 200,
+    ProductCode: "p_tcaca",
+    Status: [0, 3],
+    PackageCodes: CODEBUDDY_PACKAGE_CODES,
+    PackageEndTimeRangeBegin: formatDate(now),
+    PackageEndTimeRangeEnd: formatDate(end),
+  };
+}
+
+function normalizeCookie(cookie) {
+  return String(cookie || "")
+    .split(";")
+    .map((part) => part.trim())
+    .filter(Boolean)
+    .join("; ");
+}
+
+async function probeCodeBuddyQuotaCookie(cookie) {
+  const response = await fetch(CODEBUDDY_USAGE_URL, {
+    method: "POST",
+    headers: {
+      Cookie: cookie,
+      Accept: "application/json, text/plain, */*",
+      "Content-Type": "application/json",
+      "User-Agent": "Mozilla/5.0",
+      "X-Requested-With": "XMLHttpRequest",
+      "X-Domain": "www.codebuddy.ai",
+      Origin: "https://www.codebuddy.ai",
+      Referer: "https://www.codebuddy.ai/profile/usage",
+    },
+    body: JSON.stringify(buildUsageBody()),
+  });
+
+  const text = await response.text();
+  let payload = null;
+  try {
+    payload = text ? JSON.parse(text) : null;
+  } catch {
+    payload = null;
+  }
+
+  if (response.status === 401 || response.status === 403) {
+    return { ok: false, status: response.status, error: "CodeBuddy cookie is not authorized for quota usage." };
+  }
+
+  if (!response.ok) {
+    return { ok: false, status: response.status, error: `CodeBuddy quota endpoint returned ${response.status}.` };
+  }
+
+  const accounts = payload?.Response?.Data?.Accounts || payload?.Accounts || payload?.data?.accounts || [];
+  return {
+    ok: true,
+    status: response.status,
+    accountCount: Array.isArray(accounts) ? accounts.length : 0,
+  };
+}
+
+export async function POST(request) {
+  try {
+    const { cookie, connectionIds } = await request.json();
+    const normalizedCookie = normalizeCookie(cookie);
+    const ids = Array.isArray(connectionIds)
+      ? connectionIds.map((id) => String(id || "").trim()).filter(Boolean)
+      : [];
+
+    if (!normalizedCookie) {
+      return NextResponse.json({ error: "Cookie is required" }, { status: 400 });
+    }
+
+    if (ids.length === 0) {
+      return NextResponse.json({ error: "Select at least one CodeBuddy connection" }, { status: 400 });
+    }
+
+    const probe = await probeCodeBuddyQuotaCookie(normalizedCookie);
+    if (!probe.ok) {
+      return NextResponse.json({ error: probe.error }, { status: probe.status || 400 });
+    }
+
+    let updated = 0;
+    for (const id of ids) {
+      const connection = await getProviderConnectionById(id);
+      if (!connection || connection.provider !== "codebuddy") continue;
+
+      await updateProviderConnection(id, {
+        providerSpecificData: {
+          ...(connection.providerSpecificData || {}),
+          webCookie: normalizedCookie,
+          webCookieCapturedAt: new Date().toISOString(),
+        },
+      });
+      updated += 1;
+    }
+
+    if (updated === 0) {
+      return NextResponse.json({ error: "No CodeBuddy connections were updated" }, { status: 404 });
+    }
+
+    return NextResponse.json({
+      success: true,
+      updated,
+      quotaRecords: probe.accountCount,
+    });
+  } catch (error) {
+    console.error("CodeBuddy quota cookie error:", error);
+    return NextResponse.json({ error: error.message || "Failed to save CodeBuddy quota cookie" }, { status: 500 });
+  }
+}