feat(gemini): 优化 OAuth 和配额展示

主要改进： - 修复 google_one OAuth scopes 配置问题 - 添加 Gemini 账号配额展示组件 - 优化 Code Assist 类型检测逻辑 - 添加 OAuth 测试用例
2026-01-03 06:32:04 -08:00
parent 26438f7232
commit 26106eb0ac
11 changed files with 363 additions and 109 deletions
--- a/backend/internal/pkg/geminicli/codeassist_types.go
+++ b/backend/internal/pkg/geminicli/codeassist_types.go
@@ -1,5 +1,10 @@
 package geminicli

+import (
+	"bytes"
+	"encoding/json"
+)
+
 // LoadCodeAssistRequest matches done-hub's internal Code Assist call.
 type LoadCodeAssistRequest struct {
 	Metadata LoadCodeAssistMetadata `json:"metadata"`
@@ -11,12 +16,51 @@ type LoadCodeAssistMetadata struct {
 	PluginType string `json:"pluginType"`
 }

+type TierInfo struct {
+	ID string `json:"id"`
+}
+
+// UnmarshalJSON supports both legacy string tiers and object tiers.
+func (t *TierInfo) UnmarshalJSON(data []byte) error {
+	data = bytes.TrimSpace(data)
+	if len(data) == 0 || string(data) == "null" {
+		return nil
+	}
+	if data[0] == '"' {
+		var id string
+		if err := json.Unmarshal(data, &id); err != nil {
+			return err
+		}
+		t.ID = id
+		return nil
+	}
+	type alias TierInfo
+	var decoded alias
+	if err := json.Unmarshal(data, &decoded); err != nil {
+		return err
+	}
+	*t = TierInfo(decoded)
+	return nil
+}
+
 type LoadCodeAssistResponse struct {
-	CurrentTier             string        `json:"currentTier,omitempty"`
+	CurrentTier             *TierInfo     `json:"currentTier,omitempty"`
+	PaidTier                *TierInfo     `json:"paidTier,omitempty"`
 	CloudAICompanionProject string        `json:"cloudaicompanionProject,omitempty"`
 	AllowedTiers            []AllowedTier `json:"allowedTiers,omitempty"`
 }

+// GetTier extracts tier ID, prioritizing paidTier over currentTier
+func (r *LoadCodeAssistResponse) GetTier() string {
+	if r.PaidTier != nil && r.PaidTier.ID != "" {
+		return r.PaidTier.ID
+	}
+	if r.CurrentTier != nil {
+		return r.CurrentTier.ID
+	}
+	return ""
+}
+
 type AllowedTier struct {
 	ID        string `json:"id"`
 	IsDefault bool   `json:"isDefault,omitempty"`
--- a/backend/internal/pkg/geminicli/constants.go
+++ b/backend/internal/pkg/geminicli/constants.go
@@ -1,5 +1,3 @@
-// Package geminicli provides OAuth authentication and API client functionality
-// for Google's Gemini AI services, supporting both AI Studio and Code Assist endpoints.
 package geminicli

 import "time"
@@ -29,7 +27,9 @@ const (
 	DefaultAIStudioScopes = "https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/generative-language.retriever"

 	// DefaultScopes for Google One (personal Google accounts with Gemini access)
-	// Includes generative-language for Gemini API access and drive.readonly for storage tier detection
+	// Only used when a custom OAuth client is configured. When using the built-in Gemini CLI client,
+	// Google One uses DefaultCodeAssistScopes (same as code_assist) because the built-in client
+	// cannot request restricted scopes like generative-language.retriever or drive.readonly.
 	DefaultGoogleOneScopes = "https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/generative-language.retriever https://www.googleapis.com/auth/drive.readonly https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"

 	// GeminiCLIRedirectURI is the redirect URI used by Gemini CLI for Code Assist OAuth.
--- a/backend/internal/pkg/geminicli/oauth.go
+++ b/backend/internal/pkg/geminicli/oauth.go
@@ -181,19 +181,23 @@ func EffectiveOAuthConfig(cfg OAuthConfig, oauthType string) (OAuthConfig, error
 				effective.Scopes = DefaultAIStudioScopes
 			}
 		case "google_one":
-			// Google One accounts need generative-language scope for Gemini API access
-			// and drive.readonly scope for storage tier detection
-			effective.Scopes = DefaultGoogleOneScopes
+			// Google One uses built-in Gemini CLI client (same as code_assist)
+			// Built-in client can't request restricted scopes like generative-language.retriever
+			if isBuiltinClient {
+				effective.Scopes = DefaultCodeAssistScopes
+			} else {
+				effective.Scopes = DefaultGoogleOneScopes
+			}
 		default:
 			// Default to Code Assist scopes
 			effective.Scopes = DefaultCodeAssistScopes
 		}
-	} else if oauthType == "ai_studio" && isBuiltinClient {
+	} else if (oauthType == "ai_studio" || oauthType == "google_one") && isBuiltinClient {
 		// If user overrides scopes while still using the built-in client, strip restricted scopes.
 		parts := strings.Fields(effective.Scopes)
 		filtered := make([]string, 0, len(parts))
 		for _, s := range parts {
-			if strings.Contains(s, "generative-language") {
+			if hasRestrictedScope(s) {
 				continue
 			}
 			filtered = append(filtered, s)
@@ -219,6 +223,11 @@ func EffectiveOAuthConfig(cfg OAuthConfig, oauthType string) (OAuthConfig, error
 	return effective, nil
 }

+func hasRestrictedScope(scope string) bool {
+	return strings.HasPrefix(scope, "https://www.googleapis.com/auth/generative-language") ||
+		strings.HasPrefix(scope, "https://www.googleapis.com/auth/drive")
+}
+
 func BuildAuthorizationURL(cfg OAuthConfig, state, codeChallenge, redirectURI, projectID, oauthType string) (string, error) {
 	effectiveCfg, err := EffectiveOAuthConfig(cfg, oauthType)
 	if err != nil {
--- a/backend/internal/pkg/geminicli/oauth_test.go
+++ b/backend/internal/pkg/geminicli/oauth_test.go
@@ -0,0 +1,113 @@
+package geminicli
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestEffectiveOAuthConfig_GoogleOne(t *testing.T) {
+	tests := []struct {
+		name         string
+		input        OAuthConfig
+		oauthType    string
+		wantClientID string
+		wantScopes   string
+		wantErr      bool
+	}{
+		{
+			name:         "Google One with built-in client (empty config)",
+			input:        OAuthConfig{},
+			oauthType:    "google_one",
+			wantClientID: GeminiCLIOAuthClientID,
+			wantScopes:   DefaultCodeAssistScopes,
+			wantErr:      false,
+		},
+		{
+			name: "Google One with custom client",
+			input: OAuthConfig{
+				ClientID:     "custom-client-id",
+				ClientSecret: "custom-client-secret",
+			},
+			oauthType:    "google_one",
+			wantClientID: "custom-client-id",
+			wantScopes:   DefaultGoogleOneScopes,
+			wantErr:      false,
+		},
+		{
+			name: "Google One with built-in client and custom scopes (should filter restricted scopes)",
+			input: OAuthConfig{
+				Scopes: "https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/generative-language.retriever https://www.googleapis.com/auth/drive.readonly",
+			},
+			oauthType:    "google_one",
+			wantClientID: GeminiCLIOAuthClientID,
+			wantScopes:   "https://www.googleapis.com/auth/cloud-platform",
+			wantErr:      false,
+		},
+		{
+			name: "Google One with built-in client and only restricted scopes (should fallback to default)",
+			input: OAuthConfig{
+				Scopes: "https://www.googleapis.com/auth/generative-language.retriever https://www.googleapis.com/auth/drive.readonly",
+			},
+			oauthType:    "google_one",
+			wantClientID: GeminiCLIOAuthClientID,
+			wantScopes:   DefaultCodeAssistScopes,
+			wantErr:      false,
+		},
+		{
+			name:         "Code Assist with built-in client",
+			input:        OAuthConfig{},
+			oauthType:    "code_assist",
+			wantClientID: GeminiCLIOAuthClientID,
+			wantScopes:   DefaultCodeAssistScopes,
+			wantErr:      false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := EffectiveOAuthConfig(tt.input, tt.oauthType)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("EffectiveOAuthConfig() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if err != nil {
+				return
+			}
+			if got.ClientID != tt.wantClientID {
+				t.Errorf("EffectiveOAuthConfig() ClientID = %v, want %v", got.ClientID, tt.wantClientID)
+			}
+			if got.Scopes != tt.wantScopes {
+				t.Errorf("EffectiveOAuthConfig() Scopes = %v, want %v", got.Scopes, tt.wantScopes)
+			}
+		})
+	}
+}
+
+func TestEffectiveOAuthConfig_ScopeFiltering(t *testing.T) {
+	// Test that Google One with built-in client filters out restricted scopes
+	cfg, err := EffectiveOAuthConfig(OAuthConfig{
+		Scopes: "https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/generative-language.retriever https://www.googleapis.com/auth/drive.readonly https://www.googleapis.com/auth/userinfo.profile",
+	}, "google_one")
+
+	if err != nil {
+		t.Fatalf("EffectiveOAuthConfig() error = %v", err)
+	}
+
+	// Should only contain cloud-platform, userinfo.email, and userinfo.profile
+	// Should NOT contain generative-language or drive scopes
+	if strings.Contains(cfg.Scopes, "generative-language") {
+		t.Errorf("Scopes should not contain generative-language when using built-in client, got: %v", cfg.Scopes)
+	}
+	if strings.Contains(cfg.Scopes, "drive") {
+		t.Errorf("Scopes should not contain drive when using built-in client, got: %v", cfg.Scopes)
+	}
+	if !strings.Contains(cfg.Scopes, "cloud-platform") {
+		t.Errorf("Scopes should contain cloud-platform, got: %v", cfg.Scopes)
+	}
+	if !strings.Contains(cfg.Scopes, "userinfo.email") {
+		t.Errorf("Scopes should contain userinfo.email, got: %v", cfg.Scopes)
+	}
+	if !strings.Contains(cfg.Scopes, "userinfo.profile") {
+		t.Errorf("Scopes should contain userinfo.profile, got: %v", cfg.Scopes)
+	}
+}