de0927289e
- GetAccessToken: add upstream branch to read api_key from credentials - shouldTriggerAntigravitySmartRetry: relax check from IsOAuth to Platform-based - isModelSupportedByAccount/WithContext: replace IsAntigravityModelSupported whitelist with mapAntigravityModel for unified scheduling/forwarding logic - mapAntigravityModel: fix edge case where wildcard target equals request model - Update tests for new behavior and add custom model_mapping test cases
154 lines
4.9 KiB
Go
154 lines
4.9 KiB
Go
package service
|
||
|
||
import (
|
||
"context"
|
||
"errors"
|
||
"log"
|
||
"log/slog"
|
||
"strconv"
|
||
"strings"
|
||
"time"
|
||
)
|
||
|
||
const (
|
||
antigravityTokenRefreshSkew = 3 * time.Minute
|
||
antigravityTokenCacheSkew = 5 * time.Minute
|
||
)
|
||
|
||
// AntigravityTokenCache Token 缓存接口(复用 GeminiTokenCache 接口定义)
|
||
type AntigravityTokenCache = GeminiTokenCache
|
||
|
||
// AntigravityTokenProvider 管理 Antigravity 账户的 access_token
|
||
type AntigravityTokenProvider struct {
|
||
accountRepo AccountRepository
|
||
tokenCache AntigravityTokenCache
|
||
antigravityOAuthService *AntigravityOAuthService
|
||
}
|
||
|
||
func NewAntigravityTokenProvider(
|
||
accountRepo AccountRepository,
|
||
tokenCache AntigravityTokenCache,
|
||
antigravityOAuthService *AntigravityOAuthService,
|
||
) *AntigravityTokenProvider {
|
||
return &AntigravityTokenProvider{
|
||
accountRepo: accountRepo,
|
||
tokenCache: tokenCache,
|
||
antigravityOAuthService: antigravityOAuthService,
|
||
}
|
||
}
|
||
|
||
// GetAccessToken 获取有效的 access_token
|
||
func (p *AntigravityTokenProvider) GetAccessToken(ctx context.Context, account *Account) (string, error) {
|
||
if account == nil {
|
||
return "", errors.New("account is nil")
|
||
}
|
||
if account.Platform != PlatformAntigravity {
|
||
return "", errors.New("not an antigravity account")
|
||
}
|
||
// upstream 类型:直接从 credentials 读取 api_key,不走 OAuth 刷新流程
|
||
if account.Type == AccountTypeUpstream {
|
||
apiKey := account.GetCredential("api_key")
|
||
if apiKey == "" {
|
||
return "", errors.New("upstream account missing api_key in credentials")
|
||
}
|
||
return apiKey, nil
|
||
}
|
||
if account.Type != AccountTypeOAuth {
|
||
return "", errors.New("not an antigravity oauth account")
|
||
}
|
||
|
||
cacheKey := AntigravityTokenCacheKey(account)
|
||
|
||
// 1. 先尝试缓存
|
||
if p.tokenCache != nil {
|
||
if token, err := p.tokenCache.GetAccessToken(ctx, cacheKey); err == nil && strings.TrimSpace(token) != "" {
|
||
return token, nil
|
||
}
|
||
}
|
||
|
||
// 2. 如果即将过期则刷新
|
||
expiresAt := account.GetCredentialAsTime("expires_at")
|
||
needsRefresh := expiresAt == nil || time.Until(*expiresAt) <= antigravityTokenRefreshSkew
|
||
if needsRefresh && p.tokenCache != nil {
|
||
locked, err := p.tokenCache.AcquireRefreshLock(ctx, cacheKey, 30*time.Second)
|
||
if err == nil && locked {
|
||
defer func() { _ = p.tokenCache.ReleaseRefreshLock(ctx, cacheKey) }()
|
||
|
||
// 拿到锁后再次检查缓存(另一个 worker 可能已刷新)
|
||
if token, err := p.tokenCache.GetAccessToken(ctx, cacheKey); err == nil && strings.TrimSpace(token) != "" {
|
||
return token, nil
|
||
}
|
||
|
||
// 从数据库获取最新账户信息
|
||
fresh, err := p.accountRepo.GetByID(ctx, account.ID)
|
||
if err == nil && fresh != nil {
|
||
account = fresh
|
||
}
|
||
expiresAt = account.GetCredentialAsTime("expires_at")
|
||
if expiresAt == nil || time.Until(*expiresAt) <= antigravityTokenRefreshSkew {
|
||
if p.antigravityOAuthService == nil {
|
||
return "", errors.New("antigravity oauth service not configured")
|
||
}
|
||
tokenInfo, err := p.antigravityOAuthService.RefreshAccountToken(ctx, account)
|
||
if err != nil {
|
||
return "", err
|
||
}
|
||
newCredentials := p.antigravityOAuthService.BuildAccountCredentials(tokenInfo)
|
||
for k, v := range account.Credentials {
|
||
if _, exists := newCredentials[k]; !exists {
|
||
newCredentials[k] = v
|
||
}
|
||
}
|
||
account.Credentials = newCredentials
|
||
if updateErr := p.accountRepo.Update(ctx, account); updateErr != nil {
|
||
log.Printf("[AntigravityTokenProvider] Failed to update account credentials: %v", updateErr)
|
||
}
|
||
expiresAt = account.GetCredentialAsTime("expires_at")
|
||
}
|
||
}
|
||
}
|
||
|
||
accessToken := account.GetCredential("access_token")
|
||
if strings.TrimSpace(accessToken) == "" {
|
||
return "", errors.New("access_token not found in credentials")
|
||
}
|
||
|
||
// 3. 存入缓存(验证版本后再写入,避免异步刷新任务与请求线程的竞态条件)
|
||
if p.tokenCache != nil {
|
||
latestAccount, isStale := CheckTokenVersion(ctx, account, p.accountRepo)
|
||
if isStale && latestAccount != nil {
|
||
// 版本过时,使用 DB 中的最新 token
|
||
slog.Debug("antigravity_token_version_stale_use_latest", "account_id", account.ID)
|
||
accessToken = latestAccount.GetCredential("access_token")
|
||
if strings.TrimSpace(accessToken) == "" {
|
||
return "", errors.New("access_token not found after version check")
|
||
}
|
||
// 不写入缓存,让下次请求重新处理
|
||
} else {
|
||
ttl := 30 * time.Minute
|
||
if expiresAt != nil {
|
||
until := time.Until(*expiresAt)
|
||
switch {
|
||
case until > antigravityTokenCacheSkew:
|
||
ttl = until - antigravityTokenCacheSkew
|
||
case until > 0:
|
||
ttl = until
|
||
default:
|
||
ttl = time.Minute
|
||
}
|
||
}
|
||
_ = p.tokenCache.SetAccessToken(ctx, cacheKey, accessToken, ttl)
|
||
}
|
||
}
|
||
|
||
return accessToken, nil
|
||
}
|
||
|
||
func AntigravityTokenCacheKey(account *Account) string {
|
||
projectID := strings.TrimSpace(account.GetCredential("project_id"))
|
||
if projectID != "" {
|
||
return "ag:" + projectID
|
||
}
|
||
return "ag:account:" + strconv.FormatInt(account.ID, 10)
|
||
}
|