vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-08 07:41:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ca200eb480fd59dbd09becf65ce97062f6e5fa27
openclaw/extensions/google/oauth.project.ts
hugh.li 9dd449045a fix(google-gemini-cli-auth): fix Gemini CLI OAuth failures on Windows (#40729) 
* fix(google-gemini-cli-auth): fix Gemini CLI OAuth failures on Windows

Two issues prevented Gemini CLI OAuth from working on Windows:

1. resolveGeminiCliDirs: the first candidate `dirname(dirname(resolvedPath))`
   can resolve to an unrelated ancestor directory (e.g. the nvm root
   `C:\Users\<user>\AppData\Local\nvm`) when gemini is installed via nvm.
   The subsequent `findFile` recursive search (depth 10) then picks up an
   `oauth2.js` from a completely different package (e.g.
   `discord-api-types/payloads/v10/oauth2.js`), which naturally does not
   contain Google OAuth credentials, causing silent extraction failure.

   Fix: validate candidate directories before including them — only keep
   candidates that contain a `package.json` or a `node_modules/@google/
   gemini-cli-core` subdirectory.

2. resolvePlatform: returns "WINDOWS" on win32, but Google's loadCodeAssist
   API rejects it as an invalid Platform enum value (400 INVALID_ARGUMENT),
   just like it rejects "LINUX".

   Fix: use "PLATFORM_UNSPECIFIED" for all non-macOS platforms.

* test(google-gemini-cli-auth): keep oauth regressions portable

* chore(changelog): add google gemini cli auth fix note

---------

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
2026-04-04 23:22:36 +09:00

226 lines
6.3 KiB
TypeScript
Raw Blame History

import { fetchWithTimeout } from "./oauth.http.js";
import {
CODE_ASSIST_ENDPOINT_PROD,
LOAD_CODE_ASSIST_ENDPOINTS,
TIER_FREE,
TIER_LEGACY,
TIER_STANDARD,
USERINFO_URL,
} from "./oauth.shared.js";
const LOAD_CODE_ASSIST_METADATA = {
ideType: "IDE_UNSPECIFIED",
platform: "PLATFORM_UNSPECIFIED",
pluginType: "GEMINI",
} as const;
async function getUserEmail(accessToken: string): Promise<string | undefined> {
try {
const response = await fetchWithTimeout(USERINFO_URL, {
headers: { Authorization: `Bearer ${accessToken}` },
});
if (response.ok) {
const data = (await response.json()) as { email?: string };
return data.email;
}
} catch {
// ignore
}
return undefined;
}
function isVpcScAffected(payload: unknown): boolean {
if (!payload || typeof payload !== "object") {
return false;
}
const error = (payload as { error?: unknown }).error;
if (!error || typeof error !== "object") {
return false;
}
const details = (error as { details?: unknown[] }).details;
if (!Array.isArray(details)) {
return false;
}
return details.some(
(item) =>
typeof item === "object" &&
item &&
(item as { reason?: string }).reason === "SECURITY_POLICY_VIOLATED",
);
}
function getDefaultTier(
allowedTiers?: Array<{ id?: string; isDefault?: boolean }>,
): { id?: string } | undefined {
if (!allowedTiers?.length) {
return { id: TIER_LEGACY };
}
return allowedTiers.find((tier) => tier.isDefault) ?? { id: TIER_LEGACY };
}
async function pollOperation(
endpoint: string,
operationName: string,
headers: Record<string, string>,
): Promise<{ done?: boolean; response?: { cloudaicompanionProject?: { id?: string } } }> {
for (let attempt = 0; attempt < 24; attempt += 1) {
await new Promise((resolve) => setTimeout(resolve, 5000));
const response = await fetchWithTimeout(`${endpoint}/v1internal/${operationName}`, {
headers,
});
if (!response.ok) {
continue;
}
const data = (await response.json()) as {
done?: boolean;
response?: { cloudaicompanionProject?: { id?: string } };
};
if (data.done) {
return data;
}
}
throw new Error("Operation polling timeout");
}
export async function resolveGoogleOAuthIdentity(accessToken: string): Promise<{
email?: string;
projectId: string;
}> {
const email = await getUserEmail(accessToken);
const projectId = await discoverProject(accessToken);
return { email, projectId };
}
async function discoverProject(accessToken: string): Promise<string> {
const envProject = process.env.GOOGLE_CLOUD_PROJECT || process.env.GOOGLE_CLOUD_PROJECT_ID;
const headers = {
Authorization: `Bearer ${accessToken}`,
"Content-Type": "application/json",
"User-Agent": "google-api-nodejs-client/9.15.1",
"X-Goog-Api-Client": `gl-node/${process.versions.node}`,
"Client-Metadata": JSON.stringify(LOAD_CODE_ASSIST_METADATA),
};
const loadBody = {
...(envProject ? { cloudaicompanionProject: envProject } : {}),
metadata: {
...LOAD_CODE_ASSIST_METADATA,
...(envProject ? { duetProject: envProject } : {}),
},
};
let data: {
currentTier?: { id?: string };
cloudaicompanionProject?: string | { id?: string };
allowedTiers?: Array<{ id?: string; isDefault?: boolean }>;
} = {};
let activeEndpoint = CODE_ASSIST_ENDPOINT_PROD;
let loadError: Error | undefined;
for (const endpoint of LOAD_CODE_ASSIST_ENDPOINTS) {
try {
const response = await fetchWithTimeout(`${endpoint}/v1internal:loadCodeAssist`, {
method: "POST",
headers,
body: JSON.stringify(loadBody),
});
if (!response.ok) {
const errorPayload = await response.json().catch(() => null);
if (isVpcScAffected(errorPayload)) {
data = { currentTier: { id: TIER_STANDARD } };
activeEndpoint = endpoint;
loadError = undefined;
break;
}
loadError = new Error(`loadCodeAssist failed: ${response.status} ${response.statusText}`);
continue;
}
data = (await response.json()) as typeof data;
activeEndpoint = endpoint;
loadError = undefined;
break;
} catch (err) {
loadError = err instanceof Error ? err : new Error("loadCodeAssist failed", { cause: err });
}
}
const hasLoadCodeAssistData =
Boolean(data.currentTier) ||
Boolean(data.cloudaicompanionProject) ||
Boolean(data.allowedTiers?.length);
if (!hasLoadCodeAssistData && loadError) {
if (envProject) {
return envProject;
}
throw loadError;
}
if (data.currentTier) {
const project = data.cloudaicompanionProject;
if (typeof project === "string" && project) {
return project;
}
if (typeof project === "object" && project?.id) {
return project.id;
}
if (envProject) {
return envProject;
}
throw new Error(
"This account requires GOOGLE_CLOUD_PROJECT or GOOGLE_CLOUD_PROJECT_ID to be set.",
);
}
const tier = getDefaultTier(data.allowedTiers);
const tierId = tier?.id || TIER_FREE;
if (tierId !== TIER_FREE && !envProject) {
throw new Error(
"This account requires GOOGLE_CLOUD_PROJECT or GOOGLE_CLOUD_PROJECT_ID to be set.",
);
}
const onboardBody: Record<string, unknown> = {
tierId,
metadata: {
...LOAD_CODE_ASSIST_METADATA,
},
};
if (tierId !== TIER_FREE && envProject) {
onboardBody.cloudaicompanionProject = envProject;
(onboardBody.metadata as Record<string, unknown>).duetProject = envProject;
}
const onboardResponse = await fetchWithTimeout(`${activeEndpoint}/v1internal:onboardUser`, {
method: "POST",
headers,
body: JSON.stringify(onboardBody),
});
if (!onboardResponse.ok) {
throw new Error(`onboardUser failed: ${onboardResponse.status} ${onboardResponse.statusText}`);
}
let lro = (await onboardResponse.json()) as {
done?: boolean;
name?: string;
response?: { cloudaicompanionProject?: { id?: string } };
};
if (!lro.done && lro.name) {
lro = await pollOperation(activeEndpoint, lro.name, headers);
}
const projectId = lro.response?.cloudaicompanionProject?.id;
if (projectId) {
return projectId;
}
if (envProject) {
return envProject;
}
throw new Error(
"Could not discover or provision a Google Cloud project. Set GOOGLE_CLOUD_PROJECT or GOOGLE_CLOUD_PROJECT_ID.",
);
}
Reference in New Issue View Git Blame Copy Permalink