fdcbf7aacf
提取 proxyurl.Parse() 公共包,将分散在 6 处的代理 URL 验证逻辑 统一收敛,确保无效代理配置在创建时立即失败,永不静默回退直连。 主要变更: - 新增 proxyurl 包:统一 TrimSpace → url.Parse → Host 校验 → Scheme 白名单 - socks5:// 自动升级为 socks5h://,防止 DNS 泄漏(大小写不敏感) - antigravity: http.ProxyURL → proxyutil.ConfigureTransportProxy 支持 SOCKS5 - openai_oauth: 删除 newOpenAIOAuthHTTPClient,收编至 httpclient.GetClient - 移除未使用的 ProxyStrict 字段(fail-fast 已是全局默认行为) - 补充 15 个 proxyurl 测试 + pricing/usage fail-fast 测试
117 lines
3.7 KiB
Go
117 lines
3.7 KiB
Go
package repository
|
||
|
||
import (
|
||
"context"
|
||
"net/http"
|
||
"net/url"
|
||
"strings"
|
||
"time"
|
||
|
||
infraerrors "github.com/Wei-Shaw/sub2api/internal/pkg/errors"
|
||
"github.com/Wei-Shaw/sub2api/internal/pkg/openai"
|
||
"github.com/Wei-Shaw/sub2api/internal/service"
|
||
"github.com/imroc/req/v3"
|
||
)
|
||
|
||
// NewOpenAIOAuthClient creates a new OpenAI OAuth client
|
||
func NewOpenAIOAuthClient() service.OpenAIOAuthClient {
|
||
return &openaiOAuthService{tokenURL: openai.TokenURL}
|
||
}
|
||
|
||
type openaiOAuthService struct {
|
||
tokenURL string
|
||
}
|
||
|
||
func (s *openaiOAuthService) ExchangeCode(ctx context.Context, code, codeVerifier, redirectURI, proxyURL, clientID string) (*openai.TokenResponse, error) {
|
||
client, err := createOpenAIReqClient(proxyURL)
|
||
if err != nil {
|
||
return nil, infraerrors.Newf(http.StatusBadGateway, "OPENAI_OAUTH_CLIENT_INIT_FAILED", "create HTTP client: %v", err)
|
||
}
|
||
|
||
if redirectURI == "" {
|
||
redirectURI = openai.DefaultRedirectURI
|
||
}
|
||
clientID = strings.TrimSpace(clientID)
|
||
if clientID == "" {
|
||
clientID = openai.ClientID
|
||
}
|
||
|
||
formData := url.Values{}
|
||
formData.Set("grant_type", "authorization_code")
|
||
formData.Set("client_id", clientID)
|
||
formData.Set("code", code)
|
||
formData.Set("redirect_uri", redirectURI)
|
||
formData.Set("code_verifier", codeVerifier)
|
||
|
||
var tokenResp openai.TokenResponse
|
||
|
||
resp, err := client.R().
|
||
SetContext(ctx).
|
||
SetHeader("User-Agent", "codex-cli/0.91.0").
|
||
SetFormDataFromValues(formData).
|
||
SetSuccessResult(&tokenResp).
|
||
Post(s.tokenURL)
|
||
|
||
if err != nil {
|
||
return nil, infraerrors.Newf(http.StatusBadGateway, "OPENAI_OAUTH_REQUEST_FAILED", "request failed: %v", err)
|
||
}
|
||
|
||
if !resp.IsSuccessState() {
|
||
return nil, infraerrors.Newf(http.StatusBadGateway, "OPENAI_OAUTH_TOKEN_EXCHANGE_FAILED", "token exchange failed: status %d, body: %s", resp.StatusCode, resp.String())
|
||
}
|
||
|
||
return &tokenResp, nil
|
||
}
|
||
|
||
func (s *openaiOAuthService) RefreshToken(ctx context.Context, refreshToken, proxyURL string) (*openai.TokenResponse, error) {
|
||
return s.RefreshTokenWithClientID(ctx, refreshToken, proxyURL, "")
|
||
}
|
||
|
||
func (s *openaiOAuthService) RefreshTokenWithClientID(ctx context.Context, refreshToken, proxyURL string, clientID string) (*openai.TokenResponse, error) {
|
||
// 调用方应始终传入正确的 client_id;为兼容旧数据,未指定时默认使用 OpenAI ClientID
|
||
clientID = strings.TrimSpace(clientID)
|
||
if clientID == "" {
|
||
clientID = openai.ClientID
|
||
}
|
||
return s.refreshTokenWithClientID(ctx, refreshToken, proxyURL, clientID)
|
||
}
|
||
|
||
func (s *openaiOAuthService) refreshTokenWithClientID(ctx context.Context, refreshToken, proxyURL, clientID string) (*openai.TokenResponse, error) {
|
||
client, err := createOpenAIReqClient(proxyURL)
|
||
if err != nil {
|
||
return nil, infraerrors.Newf(http.StatusBadGateway, "OPENAI_OAUTH_CLIENT_INIT_FAILED", "create HTTP client: %v", err)
|
||
}
|
||
|
||
formData := url.Values{}
|
||
formData.Set("grant_type", "refresh_token")
|
||
formData.Set("refresh_token", refreshToken)
|
||
formData.Set("client_id", clientID)
|
||
formData.Set("scope", openai.RefreshScopes)
|
||
|
||
var tokenResp openai.TokenResponse
|
||
|
||
resp, err := client.R().
|
||
SetContext(ctx).
|
||
SetHeader("User-Agent", "codex-cli/0.91.0").
|
||
SetFormDataFromValues(formData).
|
||
SetSuccessResult(&tokenResp).
|
||
Post(s.tokenURL)
|
||
|
||
if err != nil {
|
||
return nil, infraerrors.Newf(http.StatusBadGateway, "OPENAI_OAUTH_REQUEST_FAILED", "request failed: %v", err)
|
||
}
|
||
|
||
if !resp.IsSuccessState() {
|
||
return nil, infraerrors.Newf(http.StatusBadGateway, "OPENAI_OAUTH_TOKEN_REFRESH_FAILED", "token refresh failed: status %d, body: %s", resp.StatusCode, resp.String())
|
||
}
|
||
|
||
return &tokenResp, nil
|
||
}
|
||
|
||
func createOpenAIReqClient(proxyURL string) (*req.Client, error) {
|
||
return getSharedReqClient(reqClientOptions{
|
||
ProxyURL: proxyURL,
|
||
Timeout: 120 * time.Second,
|
||
})
|
||
}
|