merge: resolve conflicts with upstream/main (Gemini 3→3.1 mappings)

2026-02-25 00:38:39 +08:00
parent 58f21e4b3a 516f8f287c
commit 8365a8328b
8 changed files with 172 additions and 34 deletions
--- a/backend/internal/pkg/geminicli/constants.go
+++ b/backend/internal/pkg/geminicli/constants.go
@@ -38,10 +38,8 @@ const (
 	// GeminiCLIOAuthClientID/Secret are the public OAuth client credentials used by Google Gemini CLI.
 	// They enable the "login without creating your own OAuth client" experience, but Google may
 	// restrict which scopes are allowed for this client.
-	GeminiCLIOAuthClientID = "681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com"
-	// GeminiCLIOAuthClientSecret is intentionally not embedded in this repository.
-	// If you rely on the built-in Gemini CLI OAuth client, you MUST provide its client_secret via config/env.
-	GeminiCLIOAuthClientSecret = ""
+	GeminiCLIOAuthClientID     = "681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com"
+	GeminiCLIOAuthClientSecret = "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"

 	// GeminiCLIOAuthClientSecretEnv is the environment variable name for the built-in client secret.
 	GeminiCLIOAuthClientSecretEnv = "GEMINI_CLI_OAUTH_CLIENT_SECRET"
--- a/backend/internal/pkg/geminicli/oauth_test.go
+++ b/backend/internal/pkg/geminicli/oauth_test.go
@@ -408,11 +408,10 @@ func TestBuildAuthorizationURL_WithProjectID(t *testing.T) {
 	}
 }

-func TestBuildAuthorizationURL_OAuthConfigError(t *testing.T) {
-	// 不设置环境变量，也不提供 client 凭据，EffectiveOAuthConfig 应该报错
+func TestBuildAuthorizationURL_UsesBuiltinSecretFallback(t *testing.T) {
 	t.Setenv(GeminiCLIOAuthClientSecretEnv, "")

-	_, err := BuildAuthorizationURL(
+	authURL, err := BuildAuthorizationURL(
 		OAuthConfig{},
 		"test-state",
 		"test-challenge",
@@ -420,8 +419,11 @@ func TestBuildAuthorizationURL_OAuthConfigError(t *testing.T) {
 		"",
 		"code_assist",
 	)
-	if err == nil {
-		t.Error("当 EffectiveOAuthConfig 失败时，BuildAuthorizationURL 应该返回错误")
+	if err != nil {
+		t.Fatalf("BuildAuthorizationURL() 不应报错: %v", err)
+	}
+	if !strings.Contains(authURL, "client_id="+GeminiCLIOAuthClientID) {
+		t.Errorf("应使用内置 Gemini CLI client_id，实际 URL: %s", authURL)
 	}
 }

@@ -685,15 +687,17 @@ func TestEffectiveOAuthConfig_WhitespaceTriming(t *testing.T) {
 }

 func TestEffectiveOAuthConfig_NoEnvSecret(t *testing.T) {
-	// 不设置环境变量且不提供凭据，应该报错
 	t.Setenv(GeminiCLIOAuthClientSecretEnv, "")

-	_, err := EffectiveOAuthConfig(OAuthConfig{}, "code_assist")
-	if err == nil {
-		t.Error("没有内置 secret 且未提供凭据时应该报错")
+	cfg, err := EffectiveOAuthConfig(OAuthConfig{}, "code_assist")
+	if err != nil {
+		t.Fatalf("不设置环境变量时应回退到内置 secret，实际报错: %v", err)
 	}
-	if !strings.Contains(err.Error(), GeminiCLIOAuthClientSecretEnv) {
-		t.Errorf("错误消息应提及环境变量 %s，实际: %v", GeminiCLIOAuthClientSecretEnv, err)
+	if strings.TrimSpace(cfg.ClientSecret) == "" {
+		t.Error("ClientSecret 不应为空")
+	}
+	if cfg.ClientID != GeminiCLIOAuthClientID {
+		t.Errorf("ClientID 应回退为内置客户端 ID，实际: %q", cfg.ClientID)
 	}
 }