Merge pull request #490 from IanShaw027/fix/gemini-oauth-registered-user

fix(gemini): 修复已注册用户 OAuth 授权问题并增强错误提示
2026-02-05 22:37:20 +08:00
parent ae1934f7db 7b46bbb628
commit 571d1479a4
4 changed files with 307 additions and 6 deletions
--- a/backend/internal/pkg/googleapi/error.go
+++ b/backend/internal/pkg/googleapi/error.go
@@ -0,0 +1,109 @@
+// Package googleapi provides helpers for Google-style API responses.
+package googleapi
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+)
+
+// ErrorResponse represents a Google API error response
+type ErrorResponse struct {
+	Error ErrorDetail `json:"error"`
+}
+
+// ErrorDetail contains the error details from Google API
+type ErrorDetail struct {
+	Code    int               `json:"code"`
+	Message string            `json:"message"`
+	Status  string            `json:"status"`
+	Details []json.RawMessage `json:"details,omitempty"`
+}
+
+// ErrorDetailInfo contains additional error information
+type ErrorDetailInfo struct {
+	Type     string            `json:"@type"`
+	Reason   string            `json:"reason,omitempty"`
+	Domain   string            `json:"domain,omitempty"`
+	Metadata map[string]string `json:"metadata,omitempty"`
+}
+
+// ErrorHelp contains help links
+type ErrorHelp struct {
+	Type  string     `json:"@type"`
+	Links []HelpLink `json:"links,omitempty"`
+}
+
+// HelpLink represents a help link
+type HelpLink struct {
+	Description string `json:"description"`
+	URL         string `json:"url"`
+}
+
+// ParseError parses a Google API error response and extracts key information
+func ParseError(body string) (*ErrorResponse, error) {
+	var errResp ErrorResponse
+	if err := json.Unmarshal([]byte(body), &errResp); err != nil {
+		return nil, fmt.Errorf("failed to parse error response: %w", err)
+	}
+	return &errResp, nil
+}
+
+// ExtractActivationURL extracts the API activation URL from error details
+func ExtractActivationURL(body string) string {
+	var errResp ErrorResponse
+	if err := json.Unmarshal([]byte(body), &errResp); err != nil {
+		return ""
+	}
+
+	// Check error details for activation URL
+	for _, detailRaw := range errResp.Error.Details {
+		// Parse as ErrorDetailInfo
+		var info ErrorDetailInfo
+		if err := json.Unmarshal(detailRaw, &info); err == nil {
+			if info.Metadata != nil {
+				if activationURL, ok := info.Metadata["activationUrl"]; ok && activationURL != "" {
+					return activationURL
+				}
+			}
+		}
+
+		// Parse as ErrorHelp
+		var help ErrorHelp
+		if err := json.Unmarshal(detailRaw, &help); err == nil {
+			for _, link := range help.Links {
+				if strings.Contains(link.Description, "activation") ||
+					strings.Contains(link.Description, "API activation") ||
+					strings.Contains(link.URL, "/apis/api/") {
+					return link.URL
+				}
+			}
+		}
+	}
+
+	return ""
+}
+
+// IsServiceDisabledError checks if the error is a SERVICE_DISABLED error
+func IsServiceDisabledError(body string) bool {
+	var errResp ErrorResponse
+	if err := json.Unmarshal([]byte(body), &errResp); err != nil {
+		return false
+	}
+
+	// Check if it's a 403 PERMISSION_DENIED with SERVICE_DISABLED reason
+	if errResp.Error.Code != 403 || errResp.Error.Status != "PERMISSION_DENIED" {
+		return false
+	}
+
+	for _, detailRaw := range errResp.Error.Details {
+		var info ErrorDetailInfo
+		if err := json.Unmarshal(detailRaw, &info); err == nil {
+			if info.Reason == "SERVICE_DISABLED" {
+				return true
+			}
+		}
+	}
+
+	return false
+}
--- a/backend/internal/pkg/googleapi/error_test.go
+++ b/backend/internal/pkg/googleapi/error_test.go
@@ -0,0 +1,143 @@
+package googleapi
+
+import (
+	"testing"
+)
+
+func TestExtractActivationURL(t *testing.T) {
+	// Test case from the user's error message
+	errorBody := `{
+		"error": {
+			"code": 403,
+			"message": "Gemini for Google Cloud API has not been used in project project-6eca5881-ab73-4736-843 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudaicompanion.googleapis.com/overview?project=project-6eca5881-ab73-4736-843 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
+			"status": "PERMISSION_DENIED",
+			"details": [
+				{
+					"@type": "type.googleapis.com/google.rpc.ErrorInfo",
+					"reason": "SERVICE_DISABLED",
+					"domain": "googleapis.com",
+					"metadata": {
+						"service": "cloudaicompanion.googleapis.com",
+						"activationUrl": "https://console.developers.google.com/apis/api/cloudaicompanion.googleapis.com/overview?project=project-6eca5881-ab73-4736-843",
+						"consumer": "projects/project-6eca5881-ab73-4736-843",
+						"serviceTitle": "Gemini for Google Cloud API",
+						"containerInfo": "project-6eca5881-ab73-4736-843"
+					}
+				},
+				{
+					"@type": "type.googleapis.com/google.rpc.LocalizedMessage",
+					"locale": "en-US",
+					"message": "Gemini for Google Cloud API has not been used in project project-6eca5881-ab73-4736-843 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudaicompanion.googleapis.com/overview?project=project-6eca5881-ab73-4736-843 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry."
+				},
+				{
+					"@type": "type.googleapis.com/google.rpc.Help",
+					"links": [
+						{
+							"description": "Google developers console API activation",
+							"url": "https://console.developers.google.com/apis/api/cloudaicompanion.googleapis.com/overview?project=project-6eca5881-ab73-4736-843"
+						}
+					]
+				}
+			]
+		}
+	}`
+
+	activationURL := ExtractActivationURL(errorBody)
+	expectedURL := "https://console.developers.google.com/apis/api/cloudaicompanion.googleapis.com/overview?project=project-6eca5881-ab73-4736-843"
+
+	if activationURL != expectedURL {
+		t.Errorf("Expected activation URL %s, got %s", expectedURL, activationURL)
+	}
+}
+
+func TestIsServiceDisabledError(t *testing.T) {
+	tests := []struct {
+		name     string
+		body     string
+		expected bool
+	}{
+		{
+			name: "SERVICE_DISABLED error",
+			body: `{
+				"error": {
+					"code": 403,
+					"status": "PERMISSION_DENIED",
+					"details": [
+						{
+							"@type": "type.googleapis.com/google.rpc.ErrorInfo",
+							"reason": "SERVICE_DISABLED"
+						}
+					]
+				}
+			}`,
+			expected: true,
+		},
+		{
+			name: "Other 403 error",
+			body: `{
+				"error": {
+					"code": 403,
+					"status": "PERMISSION_DENIED",
+					"details": [
+						{
+							"@type": "type.googleapis.com/google.rpc.ErrorInfo",
+							"reason": "OTHER_REASON"
+						}
+					]
+				}
+			}`,
+			expected: false,
+		},
+		{
+			name: "404 error",
+			body: `{
+				"error": {
+					"code": 404,
+					"status": "NOT_FOUND"
+				}
+			}`,
+			expected: false,
+		},
+		{
+			name:     "Invalid JSON",
+			body:     `invalid json`,
+			expected: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := IsServiceDisabledError(tt.body)
+			if result != tt.expected {
+				t.Errorf("Expected %v, got %v", tt.expected, result)
+			}
+		})
+	}
+}
+
+func TestParseError(t *testing.T) {
+	errorBody := `{
+		"error": {
+			"code": 403,
+			"message": "API not enabled",
+			"status": "PERMISSION_DENIED"
+		}
+	}`
+
+	errResp, err := ParseError(errorBody)
+	if err != nil {
+		t.Fatalf("Failed to parse error: %v", err)
+	}
+
+	if errResp.Error.Code != 403 {
+		t.Errorf("Expected code 403, got %d", errResp.Error.Code)
+	}
+
+	if errResp.Error.Status != "PERMISSION_DENIED" {
+		t.Errorf("Expected status PERMISSION_DENIED, got %s", errResp.Error.Status)
+	}
+
+	if errResp.Error.Message != "API not enabled" {
+		t.Errorf("Expected message 'API not enabled', got %s", errResp.Error.Message)
+	}
+}
--- a/backend/internal/repository/geminicli_codeassist_client.go
+++ b/backend/internal/repository/geminicli_codeassist_client.go
@@ -6,6 +6,7 @@ import (
 	"time"

 	"github.com/Wei-Shaw/sub2api/internal/pkg/geminicli"
+	"github.com/Wei-Shaw/sub2api/internal/pkg/googleapi"
 	"github.com/Wei-Shaw/sub2api/internal/service"

 	"github.com/imroc/req/v3"
@@ -38,9 +39,20 @@ func (c *geminiCliCodeAssistClient) LoadCodeAssist(ctx context.Context, accessTo
 		return nil, fmt.Errorf("request failed: %w", err)
 	}
 	if !resp.IsSuccessState() {
-		body := geminicli.SanitizeBodyForLogs(resp.String())
-		fmt.Printf("[CodeAssist] LoadCodeAssist failed: status %d, body: %s\n", resp.StatusCode, body)
-		return nil, fmt.Errorf("loadCodeAssist failed: status %d, body: %s", resp.StatusCode, body)
+		body := resp.String()
+		sanitizedBody := geminicli.SanitizeBodyForLogs(body)
+		fmt.Printf("[CodeAssist] LoadCodeAssist failed: status %d, body: %s\n", resp.StatusCode, sanitizedBody)
+
+		// Check if this is a SERVICE_DISABLED error and extract activation URL
+		if googleapi.IsServiceDisabledError(body) {
+			activationURL := googleapi.ExtractActivationURL(body)
+			if activationURL != "" {
+				return nil, fmt.Errorf("gemini API not enabled for this project, please enable it by visiting: %s\n\nAfter enabling the API, wait a few minutes for the changes to propagate, then try again", activationURL)
+			}
+			return nil, fmt.Errorf("gemini API not enabled for this project, please enable it in the Google Cloud Console at: https://console.cloud.google.com/apis/library/cloudaicompanion.googleapis.com")
+		}
+
+		return nil, fmt.Errorf("loadCodeAssist failed: status %d, body: %s", resp.StatusCode, sanitizedBody)
 	}
 	fmt.Printf("[CodeAssist] LoadCodeAssist success: status %d, response: %+v\n", resp.StatusCode, out)
 	return &out, nil
@@ -67,9 +79,20 @@ func (c *geminiCliCodeAssistClient) OnboardUser(ctx context.Context, accessToken
 		return nil, fmt.Errorf("request failed: %w", err)
 	}
 	if !resp.IsSuccessState() {
-		body := geminicli.SanitizeBodyForLogs(resp.String())
-		fmt.Printf("[CodeAssist] OnboardUser failed: status %d, body: %s\n", resp.StatusCode, body)
-		return nil, fmt.Errorf("onboardUser failed: status %d, body: %s", resp.StatusCode, body)
+		body := resp.String()
+		sanitizedBody := geminicli.SanitizeBodyForLogs(body)
+		fmt.Printf("[CodeAssist] OnboardUser failed: status %d, body: %s\n", resp.StatusCode, sanitizedBody)
+
+		// Check if this is a SERVICE_DISABLED error and extract activation URL
+		if googleapi.IsServiceDisabledError(body) {
+			activationURL := googleapi.ExtractActivationURL(body)
+			if activationURL != "" {
+				return nil, fmt.Errorf("gemini API not enabled for this project, please enable it by visiting: %s\n\nAfter enabling the API, wait a few minutes for the changes to propagate, then try again", activationURL)
+			}
+			return nil, fmt.Errorf("gemini API not enabled for this project, please enable it in the Google Cloud Console at: https://console.cloud.google.com/apis/library/cloudaicompanion.googleapis.com")
+		}
+
+		return nil, fmt.Errorf("onboardUser failed: status %d, body: %s", resp.StatusCode, sanitizedBody)
 	}
 	fmt.Printf("[CodeAssist] OnboardUser success: status %d, response: %+v\n", resp.StatusCode, out)
 	return &out, nil
--- a/backend/internal/service/gemini_oauth_service.go
+++ b/backend/internal/service/gemini_oauth_service.go
@@ -944,6 +944,32 @@ func (s *GeminiOAuthService) fetchProjectID(ctx context.Context, accessToken, pr
 		return strings.TrimSpace(loadResp.CloudAICompanionProject), tierID, nil
 	}

+	// 关键逻辑：对齐 Gemini CLI 对“已注册用户”的处理方式。
+	// 当 LoadCodeAssist 返回了 currentTier / paidTier（表示账号已注册）但没有返回 cloudaicompanionProject 时：
+	// - 不要再调用 onboardUser（通常不会再分配 project_id，且可能触发 INVALID_ARGUMENT）
+	// - 先尝试从 Cloud Resource Manager 获取可用项目；仍失败则提示用户手动填写 project_id
+	if loadResp != nil {
+		registeredTierID := strings.TrimSpace(loadResp.GetTier())
+		if registeredTierID != "" {
+			// 已注册但未返回 cloudaicompanionProject，这在 Google One 用户中较常见：需要用户自行提供 project_id。
+			log.Printf("[GeminiOAuth] User has tier (%s) but no cloudaicompanionProject, trying Cloud Resource Manager...", registeredTierID)
+
+			// Try to get project from Cloud Resource Manager
+			fallback, fbErr := fetchProjectIDFromResourceManager(ctx, accessToken, proxyURL)
+			if fbErr == nil && strings.TrimSpace(fallback) != "" {
+				log.Printf("[GeminiOAuth] Found project from Cloud Resource Manager: %s", fallback)
+				return strings.TrimSpace(fallback), tierID, nil
+			}
+
+			// No project found - user must provide project_id manually
+			log.Printf("[GeminiOAuth] No project found from Cloud Resource Manager, user must provide project_id manually")
+			return "", tierID, fmt.Errorf("user is registered (tier: %s) but no project_id available. Please provide Project ID manually in the authorization form, or create a project at https://console.cloud.google.com", registeredTierID)
+		}
+	}
+
+	// 未检测到 currentTier/paidTier，视为新用户，继续调用 onboardUser
+	log.Printf("[GeminiOAuth] No currentTier/paidTier found, proceeding with onboardUser (tierID: %s)", tierID)
+
 	req := &geminicli.OnboardUserRequest{
 		TierID: tierID,
 		Metadata: geminicli.LoadCodeAssistMetadata{