afcfbb458d
* fix(gemini): Google One 强制使用内置 OAuth client + 自动获取 project_id + UI 优化 ## 后端改动 ### 1. Google One 强制使用内置 Gemini CLI OAuth Client **问题**: - Google One 之前允许使用自定义 OAuth client,导致认证流程不稳定 - 与 Code Assist 的行为不一致 **解决方案**: - 修改 `gemini_oauth_service.go`: Google One 现在与 Code Assist 一样强制使用内置 client (L122-135) - 更新 `gemini_oauth_client.go`: ExchangeCode 和 RefreshToken 方法支持强制内置 client (L31-44, L77-86) - 简化 `geminicli/oauth.go`: Google One scope 选择逻辑 (L187-190) - 标记 `geminicli/constants.go`: DefaultGoogleOneScopes 为 DEPRECATED (L30-33) - 更新测试用例以反映新行为 **OAuth 类型对比**: | OAuth类型 | Client来源 | Scopes | Redirect URI | |-----------|-----------|--------|-----------------| | code_assist | 内置 Gemini CLI | DefaultCodeAssistScopes | https://codeassist.google.com/authcode | | google_one | 内置 Gemini CLI (新) | DefaultCodeAssistScopes | https://codeassist.google.com/authcode | | ai_studio | 必须自定义 | DefaultAIStudioScopes | http://localhost:1455/auth/callback | ### 2. Google One 自动获取 project_id **问题**: - Google One 个人账号测试模型时返回 403/404 错误 - 原因:cloudaicompanion API 需要 project_id,但个人账号无需手动创建 GCP 项目 **解决方案**: - 修改 `gemini_oauth_service.go`: OAuth 流程中自动调用 fetchProjectID - Google 通过 LoadCodeAssist API 自动分配 project_id - 与 Gemini CLI 行为保持一致 - 后端根据 project_id 自动选择正确的 API 端点 **影响**: - Google One 账号现在可以正常使用(需要重新授权) - Code Assist 和 AI Studio 账号不受影响 ### 3. 修复 Gemini 测试账号无内容输出问题 **问题**: - 测试 Gemini 账号时只显示"测试成功",没有显示 AI 响应内容 - 原因:processGeminiStream 在检查到 finishReason 时立即返回,跳过了内容提取 **解决方案**: - 修改 `account_test_service.go`: 调整逻辑顺序,先提取内容再检查是否完成 - 确保最后一个 chunk 的内容也能被正确显示 **影响**: - 所有 Gemini 账号类型(API Key、OAuth)的测试现在都会显示完整响应内容 - 用户可以看到流式输出效果 ## 前端改动 ### 1. 修复图标宽度压缩问题 **问题**: - 账户类型选择按钮中的图标在某些情况下会被压缩变形 **解决方案**: - 修改 `CreateAccountModal.vue`: 为所有平台图标容器添加 `shrink-0` 类 - 确保 Anthropic、OpenAI、Gemini、Antigravity 图标保持固定 8×8 尺寸 (32px × 32px) ### 2. 优化重新授权界面 **问题**: - 重新授权时显示三个可点击的授权类型选择按钮,可能导致用户误切换到不兼容的授权方式 **解决方案**: - 修改 `ReAuthAccountModal.vue` (admin 和普通用户版本): - 将可点击的授权类型选择按钮改为只读信息展示框 - 根据账号的 `credentials.oauth_type` 动态显示对应图标和文本 - 删除 `geminiAIStudioOAuthEnabled` 状态和 `handleSelectGeminiOAuthType` 方法 - 防止用户误操作 ## 测试验证 - ✅ 所有后端单元测试通过 - ✅ OAuth client 选择逻辑正确 - ✅ Google One 和 Code Assist 行为一致 - ✅ 测试账号显示完整响应内容 - ✅ UI 图标显示正常 - ✅ 重新授权界面只读展示正确 * fix(lint): 修复 golangci-lint 错误信息格式问题 - 将错误信息改为小写开头以符合 Go 代码规范 - 修复 ST1005: error strings should not be capitalized
114 lines
3.9 KiB
Go
114 lines
3.9 KiB
Go
package geminicli
|
|
|
|
import (
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
func TestEffectiveOAuthConfig_GoogleOne(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
input OAuthConfig
|
|
oauthType string
|
|
wantClientID string
|
|
wantScopes string
|
|
wantErr bool
|
|
}{
|
|
{
|
|
name: "Google One with built-in client (empty config)",
|
|
input: OAuthConfig{},
|
|
oauthType: "google_one",
|
|
wantClientID: GeminiCLIOAuthClientID,
|
|
wantScopes: DefaultCodeAssistScopes,
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "Google One always uses built-in client (even if custom credentials passed)",
|
|
input: OAuthConfig{
|
|
ClientID: "custom-client-id",
|
|
ClientSecret: "custom-client-secret",
|
|
},
|
|
oauthType: "google_one",
|
|
wantClientID: "custom-client-id",
|
|
wantScopes: DefaultCodeAssistScopes, // Uses code assist scopes even with custom client
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "Google One with built-in client and custom scopes (should filter restricted scopes)",
|
|
input: OAuthConfig{
|
|
Scopes: "https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/generative-language.retriever https://www.googleapis.com/auth/drive.readonly",
|
|
},
|
|
oauthType: "google_one",
|
|
wantClientID: GeminiCLIOAuthClientID,
|
|
wantScopes: "https://www.googleapis.com/auth/cloud-platform",
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "Google One with built-in client and only restricted scopes (should fallback to default)",
|
|
input: OAuthConfig{
|
|
Scopes: "https://www.googleapis.com/auth/generative-language.retriever https://www.googleapis.com/auth/drive.readonly",
|
|
},
|
|
oauthType: "google_one",
|
|
wantClientID: GeminiCLIOAuthClientID,
|
|
wantScopes: DefaultCodeAssistScopes,
|
|
wantErr: false,
|
|
},
|
|
{
|
|
name: "Code Assist with built-in client",
|
|
input: OAuthConfig{},
|
|
oauthType: "code_assist",
|
|
wantClientID: GeminiCLIOAuthClientID,
|
|
wantScopes: DefaultCodeAssistScopes,
|
|
wantErr: false,
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got, err := EffectiveOAuthConfig(tt.input, tt.oauthType)
|
|
if (err != nil) != tt.wantErr {
|
|
t.Errorf("EffectiveOAuthConfig() error = %v, wantErr %v", err, tt.wantErr)
|
|
return
|
|
}
|
|
if err != nil {
|
|
return
|
|
}
|
|
if got.ClientID != tt.wantClientID {
|
|
t.Errorf("EffectiveOAuthConfig() ClientID = %v, want %v", got.ClientID, tt.wantClientID)
|
|
}
|
|
if got.Scopes != tt.wantScopes {
|
|
t.Errorf("EffectiveOAuthConfig() Scopes = %v, want %v", got.Scopes, tt.wantScopes)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestEffectiveOAuthConfig_ScopeFiltering(t *testing.T) {
|
|
// Test that Google One with built-in client filters out restricted scopes
|
|
cfg, err := EffectiveOAuthConfig(OAuthConfig{
|
|
Scopes: "https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/generative-language.retriever https://www.googleapis.com/auth/drive.readonly https://www.googleapis.com/auth/userinfo.profile",
|
|
}, "google_one")
|
|
|
|
if err != nil {
|
|
t.Fatalf("EffectiveOAuthConfig() error = %v", err)
|
|
}
|
|
|
|
// Should only contain cloud-platform, userinfo.email, and userinfo.profile
|
|
// Should NOT contain generative-language or drive scopes
|
|
if strings.Contains(cfg.Scopes, "generative-language") {
|
|
t.Errorf("Scopes should not contain generative-language when using built-in client, got: %v", cfg.Scopes)
|
|
}
|
|
if strings.Contains(cfg.Scopes, "drive") {
|
|
t.Errorf("Scopes should not contain drive when using built-in client, got: %v", cfg.Scopes)
|
|
}
|
|
if !strings.Contains(cfg.Scopes, "cloud-platform") {
|
|
t.Errorf("Scopes should contain cloud-platform, got: %v", cfg.Scopes)
|
|
}
|
|
if !strings.Contains(cfg.Scopes, "userinfo.email") {
|
|
t.Errorf("Scopes should contain userinfo.email, got: %v", cfg.Scopes)
|
|
}
|
|
if !strings.Contains(cfg.Scopes, "userinfo.profile") {
|
|
t.Errorf("Scopes should contain userinfo.profile, got: %v", cfg.Scopes)
|
|
}
|
|
}
|