mirror of
https://github.com/githubhjs/CLIProxyAPIPlus.git
synced 2026-07-13 10:05:21 +00:00
feat(auth): add GitHub Copilot authentication and API integration
Add complete GitHub Copilot support including: - Device flow OAuth authentication via GitHub's official client ID - Token management with automatic caching (25 min TTL) - OpenAI-compatible API executor for api.githubcopilot.com - 16 model definitions (GPT-5 variants, Claude variants, Gemini, Grok, Raptor) - CLI login command via -github-copilot-login flag - SDK authenticator and refresh registry integration Enables users to authenticate with their GitHub Copilot subscription and use it as a backend provider alongside existing providers.
This commit is contained in:
@@ -62,6 +62,7 @@ func main() {
|
|||||||
var iflowCookie bool
|
var iflowCookie bool
|
||||||
var noBrowser bool
|
var noBrowser bool
|
||||||
var antigravityLogin bool
|
var antigravityLogin bool
|
||||||
|
var githubCopilotLogin bool
|
||||||
var projectID string
|
var projectID string
|
||||||
var vertexImport string
|
var vertexImport string
|
||||||
var configPath string
|
var configPath string
|
||||||
@@ -76,6 +77,7 @@ func main() {
|
|||||||
flag.BoolVar(&iflowCookie, "iflow-cookie", false, "Login to iFlow using Cookie")
|
flag.BoolVar(&iflowCookie, "iflow-cookie", false, "Login to iFlow using Cookie")
|
||||||
flag.BoolVar(&noBrowser, "no-browser", false, "Don't open browser automatically for OAuth")
|
flag.BoolVar(&noBrowser, "no-browser", false, "Don't open browser automatically for OAuth")
|
||||||
flag.BoolVar(&antigravityLogin, "antigravity-login", false, "Login to Antigravity using OAuth")
|
flag.BoolVar(&antigravityLogin, "antigravity-login", false, "Login to Antigravity using OAuth")
|
||||||
|
flag.BoolVar(&githubCopilotLogin, "github-copilot-login", false, "Login to GitHub Copilot using device flow")
|
||||||
flag.StringVar(&projectID, "project_id", "", "Project ID (Gemini only, not required)")
|
flag.StringVar(&projectID, "project_id", "", "Project ID (Gemini only, not required)")
|
||||||
flag.StringVar(&configPath, "config", DefaultConfigPath, "Configure File Path")
|
flag.StringVar(&configPath, "config", DefaultConfigPath, "Configure File Path")
|
||||||
flag.StringVar(&vertexImport, "vertex-import", "", "Import Vertex service account key JSON file")
|
flag.StringVar(&vertexImport, "vertex-import", "", "Import Vertex service account key JSON file")
|
||||||
@@ -436,6 +438,9 @@ func main() {
|
|||||||
} else if antigravityLogin {
|
} else if antigravityLogin {
|
||||||
// Handle Antigravity login
|
// Handle Antigravity login
|
||||||
cmd.DoAntigravityLogin(cfg, options)
|
cmd.DoAntigravityLogin(cfg, options)
|
||||||
|
} else if githubCopilotLogin {
|
||||||
|
// Handle GitHub Copilot login
|
||||||
|
cmd.DoGitHubCopilotLogin(cfg, options)
|
||||||
} else if codexLogin {
|
} else if codexLogin {
|
||||||
// Handle Codex login
|
// Handle Codex login
|
||||||
cmd.DoCodexLogin(cfg, options)
|
cmd.DoCodexLogin(cfg, options)
|
||||||
|
|||||||
@@ -0,0 +1,301 @@
|
|||||||
|
// Package copilot provides authentication and token management for GitHub Copilot API.
|
||||||
|
// It handles the OAuth2 device flow for secure authentication with the Copilot API.
|
||||||
|
package copilot
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
"io"
|
||||||
|
"net/http"
|
||||||
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
|
||||||
|
"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
// copilotAPITokenURL is the endpoint for getting Copilot API tokens from GitHub token.
|
||||||
|
copilotAPITokenURL = "https://api.github.com/copilot_internal/v2/token"
|
||||||
|
// copilotAPIEndpoint is the base URL for making API requests.
|
||||||
|
copilotAPIEndpoint = "https://api.githubcopilot.com"
|
||||||
|
)
|
||||||
|
|
||||||
|
// CopilotAPIToken represents the Copilot API token response.
|
||||||
|
type CopilotAPIToken struct {
|
||||||
|
// Token is the JWT token for authenticating with the Copilot API.
|
||||||
|
Token string `json:"token"`
|
||||||
|
// ExpiresAt is the Unix timestamp when the token expires.
|
||||||
|
ExpiresAt int64 `json:"expires_at"`
|
||||||
|
// Endpoints contains the available API endpoints.
|
||||||
|
Endpoints struct {
|
||||||
|
API string `json:"api"`
|
||||||
|
Proxy string `json:"proxy"`
|
||||||
|
OriginTracker string `json:"origin-tracker"`
|
||||||
|
Telemetry string `json:"telemetry"`
|
||||||
|
} `json:"endpoints,omitempty"`
|
||||||
|
// ErrorDetails contains error information if the request failed.
|
||||||
|
ErrorDetails *struct {
|
||||||
|
URL string `json:"url"`
|
||||||
|
Message string `json:"message"`
|
||||||
|
DocumentationURL string `json:"documentation_url"`
|
||||||
|
} `json:"error_details,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// CopilotAuth handles GitHub Copilot authentication flow.
|
||||||
|
// It provides methods for device flow authentication and token management.
|
||||||
|
type CopilotAuth struct {
|
||||||
|
httpClient *http.Client
|
||||||
|
deviceClient *DeviceFlowClient
|
||||||
|
cfg *config.Config
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewCopilotAuth creates a new CopilotAuth service instance.
|
||||||
|
// It initializes an HTTP client with proxy settings from the provided configuration.
|
||||||
|
func NewCopilotAuth(cfg *config.Config) *CopilotAuth {
|
||||||
|
return &CopilotAuth{
|
||||||
|
httpClient: util.SetProxy(&cfg.SDKConfig, &http.Client{Timeout: 30 * time.Second}),
|
||||||
|
deviceClient: NewDeviceFlowClient(cfg),
|
||||||
|
cfg: cfg,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// StartDeviceFlow initiates the device flow authentication.
|
||||||
|
// Returns the device code response containing the user code and verification URI.
|
||||||
|
func (c *CopilotAuth) StartDeviceFlow(ctx context.Context) (*DeviceCodeResponse, error) {
|
||||||
|
return c.deviceClient.RequestDeviceCode(ctx)
|
||||||
|
}
|
||||||
|
|
||||||
|
// WaitForAuthorization polls for user authorization and returns the auth bundle.
|
||||||
|
func (c *CopilotAuth) WaitForAuthorization(ctx context.Context, deviceCode *DeviceCodeResponse) (*CopilotAuthBundle, error) {
|
||||||
|
tokenData, err := c.deviceClient.PollForToken(ctx, deviceCode)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Fetch the GitHub username
|
||||||
|
username, err := c.deviceClient.FetchUserInfo(ctx, tokenData.AccessToken)
|
||||||
|
if err != nil {
|
||||||
|
log.Warnf("copilot: failed to fetch user info: %v", err)
|
||||||
|
username = "unknown"
|
||||||
|
}
|
||||||
|
|
||||||
|
return &CopilotAuthBundle{
|
||||||
|
TokenData: tokenData,
|
||||||
|
Username: username,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetCopilotAPIToken exchanges a GitHub access token for a Copilot API token.
|
||||||
|
// This token is used to make authenticated requests to the Copilot API.
|
||||||
|
func (c *CopilotAuth) GetCopilotAPIToken(ctx context.Context, githubAccessToken string) (*CopilotAPIToken, error) {
|
||||||
|
if githubAccessToken == "" {
|
||||||
|
return nil, NewAuthenticationError(ErrTokenExchangeFailed, fmt.Errorf("github access token is empty"))
|
||||||
|
}
|
||||||
|
|
||||||
|
req, err := http.NewRequestWithContext(ctx, http.MethodGet, copilotAPITokenURL, nil)
|
||||||
|
if err != nil {
|
||||||
|
return nil, NewAuthenticationError(ErrTokenExchangeFailed, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
req.Header.Set("Authorization", "token "+githubAccessToken)
|
||||||
|
req.Header.Set("Accept", "application/json")
|
||||||
|
req.Header.Set("User-Agent", "GithubCopilot/1.0")
|
||||||
|
req.Header.Set("Editor-Version", "vscode/1.100.0")
|
||||||
|
req.Header.Set("Editor-Plugin-Version", "copilot/1.300.0")
|
||||||
|
|
||||||
|
resp, err := c.httpClient.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return nil, NewAuthenticationError(ErrTokenExchangeFailed, err)
|
||||||
|
}
|
||||||
|
defer func() {
|
||||||
|
if errClose := resp.Body.Close(); errClose != nil {
|
||||||
|
log.Errorf("copilot api token: close body error: %v", errClose)
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
bodyBytes, err := io.ReadAll(resp.Body)
|
||||||
|
if err != nil {
|
||||||
|
return nil, NewAuthenticationError(ErrTokenExchangeFailed, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices {
|
||||||
|
return nil, NewAuthenticationError(ErrTokenExchangeFailed,
|
||||||
|
fmt.Errorf("status %d: %s", resp.StatusCode, string(bodyBytes)))
|
||||||
|
}
|
||||||
|
|
||||||
|
var apiToken CopilotAPIToken
|
||||||
|
if err = json.Unmarshal(bodyBytes, &apiToken); err != nil {
|
||||||
|
return nil, NewAuthenticationError(ErrTokenExchangeFailed, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if apiToken.Token == "" {
|
||||||
|
return nil, NewAuthenticationError(ErrTokenExchangeFailed, fmt.Errorf("empty copilot api token"))
|
||||||
|
}
|
||||||
|
|
||||||
|
return &apiToken, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// ValidateToken checks if a GitHub access token is valid by attempting to fetch user info.
|
||||||
|
func (c *CopilotAuth) ValidateToken(ctx context.Context, accessToken string) (bool, string, error) {
|
||||||
|
if accessToken == "" {
|
||||||
|
return false, "", nil
|
||||||
|
}
|
||||||
|
|
||||||
|
username, err := c.deviceClient.FetchUserInfo(ctx, accessToken)
|
||||||
|
if err != nil {
|
||||||
|
return false, "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
return true, username, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateTokenStorage creates a new CopilotTokenStorage from auth bundle.
|
||||||
|
func (c *CopilotAuth) CreateTokenStorage(bundle *CopilotAuthBundle) *CopilotTokenStorage {
|
||||||
|
return &CopilotTokenStorage{
|
||||||
|
AccessToken: bundle.TokenData.AccessToken,
|
||||||
|
TokenType: bundle.TokenData.TokenType,
|
||||||
|
Scope: bundle.TokenData.Scope,
|
||||||
|
Username: bundle.Username,
|
||||||
|
Type: "github-copilot",
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// LoadAndValidateToken loads a token from storage and validates it.
|
||||||
|
// Returns the storage if valid, or an error if the token is invalid or expired.
|
||||||
|
func (c *CopilotAuth) LoadAndValidateToken(ctx context.Context, storage *CopilotTokenStorage) (bool, error) {
|
||||||
|
if storage == nil || storage.AccessToken == "" {
|
||||||
|
return false, fmt.Errorf("no token available")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check if we can still use the GitHub token to get a Copilot API token
|
||||||
|
apiToken, err := c.GetCopilotAPIToken(ctx, storage.AccessToken)
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check if the API token is expired
|
||||||
|
if apiToken.ExpiresAt > 0 && time.Now().Unix() >= apiToken.ExpiresAt {
|
||||||
|
return false, fmt.Errorf("copilot api token expired")
|
||||||
|
}
|
||||||
|
|
||||||
|
return true, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetAPIEndpoint returns the Copilot API endpoint URL.
|
||||||
|
func (c *CopilotAuth) GetAPIEndpoint() string {
|
||||||
|
return copilotAPIEndpoint
|
||||||
|
}
|
||||||
|
|
||||||
|
// MakeAuthenticatedRequest creates an authenticated HTTP request to the Copilot API.
|
||||||
|
func (c *CopilotAuth) MakeAuthenticatedRequest(ctx context.Context, method, url string, body io.Reader, apiToken *CopilotAPIToken) (*http.Request, error) {
|
||||||
|
req, err := http.NewRequestWithContext(ctx, method, url, body)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to create request: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
req.Header.Set("Authorization", "Bearer "+apiToken.Token)
|
||||||
|
req.Header.Set("Content-Type", "application/json")
|
||||||
|
req.Header.Set("Accept", "application/json")
|
||||||
|
req.Header.Set("User-Agent", "GithubCopilot/1.0")
|
||||||
|
req.Header.Set("Editor-Version", "vscode/1.100.0")
|
||||||
|
req.Header.Set("Editor-Plugin-Version", "copilot/1.300.0")
|
||||||
|
req.Header.Set("Openai-Intent", "conversation-panel")
|
||||||
|
req.Header.Set("Copilot-Integration-Id", "vscode-chat")
|
||||||
|
|
||||||
|
return req, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// CachedAPIToken manages caching of Copilot API tokens.
|
||||||
|
type CachedAPIToken struct {
|
||||||
|
Token *CopilotAPIToken
|
||||||
|
ExpiresAt time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
// IsExpired checks if the cached token has expired.
|
||||||
|
func (c *CachedAPIToken) IsExpired() bool {
|
||||||
|
if c.Token == nil {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
// Add a 5-minute buffer before expiration
|
||||||
|
return time.Now().Add(5 * time.Minute).After(c.ExpiresAt)
|
||||||
|
}
|
||||||
|
|
||||||
|
// TokenManager handles caching and refreshing of Copilot API tokens.
|
||||||
|
type TokenManager struct {
|
||||||
|
auth *CopilotAuth
|
||||||
|
githubToken string
|
||||||
|
cachedToken *CachedAPIToken
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewTokenManager creates a new token manager for handling Copilot API tokens.
|
||||||
|
func NewTokenManager(auth *CopilotAuth, githubToken string) *TokenManager {
|
||||||
|
return &TokenManager{
|
||||||
|
auth: auth,
|
||||||
|
githubToken: githubToken,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetToken returns a valid Copilot API token, refreshing if necessary.
|
||||||
|
func (tm *TokenManager) GetToken(ctx context.Context) (*CopilotAPIToken, error) {
|
||||||
|
if tm.cachedToken != nil && !tm.cachedToken.IsExpired() {
|
||||||
|
return tm.cachedToken.Token, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Fetch a new API token
|
||||||
|
apiToken, err := tm.auth.GetCopilotAPIToken(ctx, tm.githubToken)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Cache the token
|
||||||
|
expiresAt := time.Now().Add(30 * time.Minute) // Default 30 min cache
|
||||||
|
if apiToken.ExpiresAt > 0 {
|
||||||
|
expiresAt = time.Unix(apiToken.ExpiresAt, 0)
|
||||||
|
}
|
||||||
|
|
||||||
|
tm.cachedToken = &CachedAPIToken{
|
||||||
|
Token: apiToken,
|
||||||
|
ExpiresAt: expiresAt,
|
||||||
|
}
|
||||||
|
|
||||||
|
return apiToken, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetAuthorizationHeader returns the authorization header value for API requests.
|
||||||
|
func (tm *TokenManager) GetAuthorizationHeader(ctx context.Context) (string, error) {
|
||||||
|
token, err := tm.GetToken(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
return "Bearer " + token.Token, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// UpdateGitHubToken updates the GitHub access token used for getting API tokens.
|
||||||
|
func (tm *TokenManager) UpdateGitHubToken(githubToken string) {
|
||||||
|
tm.githubToken = githubToken
|
||||||
|
tm.cachedToken = nil // Invalidate cache
|
||||||
|
}
|
||||||
|
|
||||||
|
// BuildChatCompletionURL builds the URL for chat completions API.
|
||||||
|
func BuildChatCompletionURL() string {
|
||||||
|
return copilotAPIEndpoint + "/chat/completions"
|
||||||
|
}
|
||||||
|
|
||||||
|
// BuildModelsURL builds the URL for listing available models.
|
||||||
|
func BuildModelsURL() string {
|
||||||
|
return copilotAPIEndpoint + "/models"
|
||||||
|
}
|
||||||
|
|
||||||
|
// ExtractBearerToken extracts the bearer token from an Authorization header.
|
||||||
|
func ExtractBearerToken(authHeader string) string {
|
||||||
|
if strings.HasPrefix(authHeader, "Bearer ") {
|
||||||
|
return strings.TrimPrefix(authHeader, "Bearer ")
|
||||||
|
}
|
||||||
|
if strings.HasPrefix(authHeader, "token ") {
|
||||||
|
return strings.TrimPrefix(authHeader, "token ")
|
||||||
|
}
|
||||||
|
return authHeader
|
||||||
|
}
|
||||||
@@ -0,0 +1,183 @@
|
|||||||
|
package copilot
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"net/http"
|
||||||
|
)
|
||||||
|
|
||||||
|
// OAuthError represents an OAuth-specific error.
|
||||||
|
type OAuthError struct {
|
||||||
|
// Code is the OAuth error code.
|
||||||
|
Code string `json:"error"`
|
||||||
|
// Description is a human-readable description of the error.
|
||||||
|
Description string `json:"error_description,omitempty"`
|
||||||
|
// URI is a URI identifying a human-readable web page with information about the error.
|
||||||
|
URI string `json:"error_uri,omitempty"`
|
||||||
|
// StatusCode is the HTTP status code associated with the error.
|
||||||
|
StatusCode int `json:"-"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// Error returns a string representation of the OAuth error.
|
||||||
|
func (e *OAuthError) Error() string {
|
||||||
|
if e.Description != "" {
|
||||||
|
return fmt.Sprintf("OAuth error %s: %s", e.Code, e.Description)
|
||||||
|
}
|
||||||
|
return fmt.Sprintf("OAuth error: %s", e.Code)
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewOAuthError creates a new OAuth error with the specified code, description, and status code.
|
||||||
|
func NewOAuthError(code, description string, statusCode int) *OAuthError {
|
||||||
|
return &OAuthError{
|
||||||
|
Code: code,
|
||||||
|
Description: description,
|
||||||
|
StatusCode: statusCode,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// AuthenticationError represents authentication-related errors.
|
||||||
|
type AuthenticationError struct {
|
||||||
|
// Type is the type of authentication error.
|
||||||
|
Type string `json:"type"`
|
||||||
|
// Message is a human-readable message describing the error.
|
||||||
|
Message string `json:"message"`
|
||||||
|
// Code is the HTTP status code associated with the error.
|
||||||
|
Code int `json:"code"`
|
||||||
|
// Cause is the underlying error that caused this authentication error.
|
||||||
|
Cause error `json:"-"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// Error returns a string representation of the authentication error.
|
||||||
|
func (e *AuthenticationError) Error() string {
|
||||||
|
if e.Cause != nil {
|
||||||
|
return fmt.Sprintf("%s: %s (caused by: %v)", e.Type, e.Message, e.Cause)
|
||||||
|
}
|
||||||
|
return fmt.Sprintf("%s: %s", e.Type, e.Message)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Common authentication error types for GitHub Copilot device flow.
|
||||||
|
var (
|
||||||
|
// ErrDeviceCodeFailed represents an error when requesting the device code fails.
|
||||||
|
ErrDeviceCodeFailed = &AuthenticationError{
|
||||||
|
Type: "device_code_failed",
|
||||||
|
Message: "Failed to request device code from GitHub",
|
||||||
|
Code: http.StatusBadRequest,
|
||||||
|
}
|
||||||
|
|
||||||
|
// ErrDeviceCodeExpired represents an error when the device code has expired.
|
||||||
|
ErrDeviceCodeExpired = &AuthenticationError{
|
||||||
|
Type: "device_code_expired",
|
||||||
|
Message: "Device code has expired. Please try again.",
|
||||||
|
Code: http.StatusGone,
|
||||||
|
}
|
||||||
|
|
||||||
|
// ErrAuthorizationPending represents a pending authorization state (not an error, used for polling).
|
||||||
|
ErrAuthorizationPending = &AuthenticationError{
|
||||||
|
Type: "authorization_pending",
|
||||||
|
Message: "Authorization is pending. Waiting for user to authorize.",
|
||||||
|
Code: http.StatusAccepted,
|
||||||
|
}
|
||||||
|
|
||||||
|
// ErrSlowDown represents a request to slow down polling.
|
||||||
|
ErrSlowDown = &AuthenticationError{
|
||||||
|
Type: "slow_down",
|
||||||
|
Message: "Polling too frequently. Slowing down.",
|
||||||
|
Code: http.StatusTooManyRequests,
|
||||||
|
}
|
||||||
|
|
||||||
|
// ErrAccessDenied represents an error when the user denies authorization.
|
||||||
|
ErrAccessDenied = &AuthenticationError{
|
||||||
|
Type: "access_denied",
|
||||||
|
Message: "User denied authorization",
|
||||||
|
Code: http.StatusForbidden,
|
||||||
|
}
|
||||||
|
|
||||||
|
// ErrTokenExchangeFailed represents an error when token exchange fails.
|
||||||
|
ErrTokenExchangeFailed = &AuthenticationError{
|
||||||
|
Type: "token_exchange_failed",
|
||||||
|
Message: "Failed to exchange device code for access token",
|
||||||
|
Code: http.StatusBadRequest,
|
||||||
|
}
|
||||||
|
|
||||||
|
// ErrPollingTimeout represents an error when polling times out.
|
||||||
|
ErrPollingTimeout = &AuthenticationError{
|
||||||
|
Type: "polling_timeout",
|
||||||
|
Message: "Timeout waiting for user authorization",
|
||||||
|
Code: http.StatusRequestTimeout,
|
||||||
|
}
|
||||||
|
|
||||||
|
// ErrUserInfoFailed represents an error when fetching user info fails.
|
||||||
|
ErrUserInfoFailed = &AuthenticationError{
|
||||||
|
Type: "user_info_failed",
|
||||||
|
Message: "Failed to fetch GitHub user information",
|
||||||
|
Code: http.StatusBadRequest,
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
// NewAuthenticationError creates a new authentication error with a cause based on a base error.
|
||||||
|
func NewAuthenticationError(baseErr *AuthenticationError, cause error) *AuthenticationError {
|
||||||
|
return &AuthenticationError{
|
||||||
|
Type: baseErr.Type,
|
||||||
|
Message: baseErr.Message,
|
||||||
|
Code: baseErr.Code,
|
||||||
|
Cause: cause,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// IsAuthenticationError checks if an error is an authentication error.
|
||||||
|
func IsAuthenticationError(err error) bool {
|
||||||
|
var authenticationError *AuthenticationError
|
||||||
|
ok := errors.As(err, &authenticationError)
|
||||||
|
return ok
|
||||||
|
}
|
||||||
|
|
||||||
|
// IsOAuthError checks if an error is an OAuth error.
|
||||||
|
func IsOAuthError(err error) bool {
|
||||||
|
var oAuthError *OAuthError
|
||||||
|
ok := errors.As(err, &oAuthError)
|
||||||
|
return ok
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetUserFriendlyMessage returns a user-friendly error message based on the error type.
|
||||||
|
func GetUserFriendlyMessage(err error) string {
|
||||||
|
switch {
|
||||||
|
case IsAuthenticationError(err):
|
||||||
|
var authErr *AuthenticationError
|
||||||
|
errors.As(err, &authErr)
|
||||||
|
switch authErr.Type {
|
||||||
|
case "device_code_failed":
|
||||||
|
return "Failed to start GitHub authentication. Please check your network connection and try again."
|
||||||
|
case "device_code_expired":
|
||||||
|
return "The authentication code has expired. Please try again."
|
||||||
|
case "authorization_pending":
|
||||||
|
return "Waiting for you to authorize the application on GitHub."
|
||||||
|
case "slow_down":
|
||||||
|
return "Please wait a moment before trying again."
|
||||||
|
case "access_denied":
|
||||||
|
return "Authentication was cancelled or denied."
|
||||||
|
case "token_exchange_failed":
|
||||||
|
return "Failed to complete authentication. Please try again."
|
||||||
|
case "polling_timeout":
|
||||||
|
return "Authentication timed out. Please try again."
|
||||||
|
case "user_info_failed":
|
||||||
|
return "Failed to get your GitHub account information. Please try again."
|
||||||
|
default:
|
||||||
|
return "Authentication failed. Please try again."
|
||||||
|
}
|
||||||
|
case IsOAuthError(err):
|
||||||
|
var oauthErr *OAuthError
|
||||||
|
errors.As(err, &oauthErr)
|
||||||
|
switch oauthErr.Code {
|
||||||
|
case "access_denied":
|
||||||
|
return "Authentication was cancelled or denied."
|
||||||
|
case "invalid_request":
|
||||||
|
return "Invalid authentication request. Please try again."
|
||||||
|
case "server_error":
|
||||||
|
return "GitHub server error. Please try again later."
|
||||||
|
default:
|
||||||
|
return fmt.Sprintf("Authentication failed: %s", oauthErr.Description)
|
||||||
|
}
|
||||||
|
default:
|
||||||
|
return "An unexpected error occurred. Please try again."
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,259 @@
|
|||||||
|
package copilot
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
"io"
|
||||||
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
|
||||||
|
"github.com/router-for-me/CLIProxyAPI/v6/internal/util"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
// copilotClientID is GitHub's Copilot CLI OAuth client ID.
|
||||||
|
copilotClientID = "Iv1.b507a08c87ecfe98"
|
||||||
|
// copilotDeviceCodeURL is the endpoint for requesting device codes.
|
||||||
|
copilotDeviceCodeURL = "https://github.com/login/device/code"
|
||||||
|
// copilotTokenURL is the endpoint for exchanging device codes for tokens.
|
||||||
|
copilotTokenURL = "https://github.com/login/oauth/access_token"
|
||||||
|
// copilotUserInfoURL is the endpoint for fetching GitHub user information.
|
||||||
|
copilotUserInfoURL = "https://api.github.com/user"
|
||||||
|
// defaultPollInterval is the default interval for polling token endpoint.
|
||||||
|
defaultPollInterval = 5 * time.Second
|
||||||
|
// maxPollDuration is the maximum time to wait for user authorization.
|
||||||
|
maxPollDuration = 15 * time.Minute
|
||||||
|
)
|
||||||
|
|
||||||
|
// DeviceFlowClient handles the OAuth2 device flow for GitHub Copilot.
|
||||||
|
type DeviceFlowClient struct {
|
||||||
|
httpClient *http.Client
|
||||||
|
cfg *config.Config
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewDeviceFlowClient creates a new device flow client.
|
||||||
|
func NewDeviceFlowClient(cfg *config.Config) *DeviceFlowClient {
|
||||||
|
client := &http.Client{Timeout: 30 * time.Second}
|
||||||
|
if cfg != nil {
|
||||||
|
client = util.SetProxy(&cfg.SDKConfig, client)
|
||||||
|
}
|
||||||
|
return &DeviceFlowClient{
|
||||||
|
httpClient: client,
|
||||||
|
cfg: cfg,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// RequestDeviceCode initiates the device flow by requesting a device code from GitHub.
|
||||||
|
func (c *DeviceFlowClient) RequestDeviceCode(ctx context.Context) (*DeviceCodeResponse, error) {
|
||||||
|
data := url.Values{}
|
||||||
|
data.Set("client_id", copilotClientID)
|
||||||
|
data.Set("scope", "user:email")
|
||||||
|
|
||||||
|
req, err := http.NewRequestWithContext(ctx, http.MethodPost, copilotDeviceCodeURL, strings.NewReader(data.Encode()))
|
||||||
|
if err != nil {
|
||||||
|
return nil, NewAuthenticationError(ErrDeviceCodeFailed, err)
|
||||||
|
}
|
||||||
|
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||||
|
req.Header.Set("Accept", "application/json")
|
||||||
|
|
||||||
|
resp, err := c.httpClient.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return nil, NewAuthenticationError(ErrDeviceCodeFailed, err)
|
||||||
|
}
|
||||||
|
defer func() {
|
||||||
|
if errClose := resp.Body.Close(); errClose != nil {
|
||||||
|
log.Errorf("copilot device code: close body error: %v", errClose)
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices {
|
||||||
|
bodyBytes, _ := io.ReadAll(resp.Body)
|
||||||
|
return nil, NewAuthenticationError(ErrDeviceCodeFailed, fmt.Errorf("status %d: %s", resp.StatusCode, string(bodyBytes)))
|
||||||
|
}
|
||||||
|
|
||||||
|
var deviceCode DeviceCodeResponse
|
||||||
|
if err = json.NewDecoder(resp.Body).Decode(&deviceCode); err != nil {
|
||||||
|
return nil, NewAuthenticationError(ErrDeviceCodeFailed, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return &deviceCode, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// PollForToken polls the token endpoint until the user authorizes or the device code expires.
|
||||||
|
func (c *DeviceFlowClient) PollForToken(ctx context.Context, deviceCode *DeviceCodeResponse) (*CopilotTokenData, error) {
|
||||||
|
if deviceCode == nil {
|
||||||
|
return nil, NewAuthenticationError(ErrTokenExchangeFailed, fmt.Errorf("device code is nil"))
|
||||||
|
}
|
||||||
|
|
||||||
|
interval := time.Duration(deviceCode.Interval) * time.Second
|
||||||
|
if interval < defaultPollInterval {
|
||||||
|
interval = defaultPollInterval
|
||||||
|
}
|
||||||
|
|
||||||
|
deadline := time.Now().Add(maxPollDuration)
|
||||||
|
if deviceCode.ExpiresIn > 0 {
|
||||||
|
codeDeadline := time.Now().Add(time.Duration(deviceCode.ExpiresIn) * time.Second)
|
||||||
|
if codeDeadline.Before(deadline) {
|
||||||
|
deadline = codeDeadline
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
ticker := time.NewTicker(interval)
|
||||||
|
defer ticker.Stop()
|
||||||
|
|
||||||
|
for {
|
||||||
|
select {
|
||||||
|
case <-ctx.Done():
|
||||||
|
return nil, NewAuthenticationError(ErrPollingTimeout, ctx.Err())
|
||||||
|
case <-ticker.C:
|
||||||
|
if time.Now().After(deadline) {
|
||||||
|
return nil, ErrPollingTimeout
|
||||||
|
}
|
||||||
|
|
||||||
|
token, err := c.exchangeDeviceCode(ctx, deviceCode.DeviceCode)
|
||||||
|
if err != nil {
|
||||||
|
var authErr *AuthenticationError
|
||||||
|
if IsAuthenticationError(err) {
|
||||||
|
if ok := (err.(*AuthenticationError)); ok != nil {
|
||||||
|
authErr = ok
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if authErr != nil {
|
||||||
|
switch authErr.Type {
|
||||||
|
case ErrAuthorizationPending.Type:
|
||||||
|
// Continue polling
|
||||||
|
continue
|
||||||
|
case ErrSlowDown.Type:
|
||||||
|
// Increase interval and continue
|
||||||
|
interval += 5 * time.Second
|
||||||
|
ticker.Reset(interval)
|
||||||
|
continue
|
||||||
|
case ErrDeviceCodeExpired.Type:
|
||||||
|
return nil, err
|
||||||
|
case ErrAccessDenied.Type:
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return token, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// exchangeDeviceCode attempts to exchange the device code for an access token.
|
||||||
|
func (c *DeviceFlowClient) exchangeDeviceCode(ctx context.Context, deviceCode string) (*CopilotTokenData, error) {
|
||||||
|
data := url.Values{}
|
||||||
|
data.Set("client_id", copilotClientID)
|
||||||
|
data.Set("device_code", deviceCode)
|
||||||
|
data.Set("grant_type", "urn:ietf:params:oauth:grant-type:device_code")
|
||||||
|
|
||||||
|
req, err := http.NewRequestWithContext(ctx, http.MethodPost, copilotTokenURL, strings.NewReader(data.Encode()))
|
||||||
|
if err != nil {
|
||||||
|
return nil, NewAuthenticationError(ErrTokenExchangeFailed, err)
|
||||||
|
}
|
||||||
|
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||||
|
req.Header.Set("Accept", "application/json")
|
||||||
|
|
||||||
|
resp, err := c.httpClient.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return nil, NewAuthenticationError(ErrTokenExchangeFailed, err)
|
||||||
|
}
|
||||||
|
defer func() {
|
||||||
|
if errClose := resp.Body.Close(); errClose != nil {
|
||||||
|
log.Errorf("copilot token exchange: close body error: %v", errClose)
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
bodyBytes, err := io.ReadAll(resp.Body)
|
||||||
|
if err != nil {
|
||||||
|
return nil, NewAuthenticationError(ErrTokenExchangeFailed, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// GitHub returns 200 for both success and error cases in device flow
|
||||||
|
// Check for OAuth error response first
|
||||||
|
var oauthResp struct {
|
||||||
|
Error string `json:"error"`
|
||||||
|
ErrorDescription string `json:"error_description"`
|
||||||
|
AccessToken string `json:"access_token"`
|
||||||
|
TokenType string `json:"token_type"`
|
||||||
|
Scope string `json:"scope"`
|
||||||
|
}
|
||||||
|
|
||||||
|
if err = json.Unmarshal(bodyBytes, &oauthResp); err != nil {
|
||||||
|
return nil, NewAuthenticationError(ErrTokenExchangeFailed, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if oauthResp.Error != "" {
|
||||||
|
switch oauthResp.Error {
|
||||||
|
case "authorization_pending":
|
||||||
|
return nil, ErrAuthorizationPending
|
||||||
|
case "slow_down":
|
||||||
|
return nil, ErrSlowDown
|
||||||
|
case "expired_token":
|
||||||
|
return nil, ErrDeviceCodeExpired
|
||||||
|
case "access_denied":
|
||||||
|
return nil, ErrAccessDenied
|
||||||
|
default:
|
||||||
|
return nil, NewOAuthError(oauthResp.Error, oauthResp.ErrorDescription, resp.StatusCode)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if oauthResp.AccessToken == "" {
|
||||||
|
return nil, NewAuthenticationError(ErrTokenExchangeFailed, fmt.Errorf("empty access token"))
|
||||||
|
}
|
||||||
|
|
||||||
|
return &CopilotTokenData{
|
||||||
|
AccessToken: oauthResp.AccessToken,
|
||||||
|
TokenType: oauthResp.TokenType,
|
||||||
|
Scope: oauthResp.Scope,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// FetchUserInfo retrieves the GitHub username for the authenticated user.
|
||||||
|
func (c *DeviceFlowClient) FetchUserInfo(ctx context.Context, accessToken string) (string, error) {
|
||||||
|
if accessToken == "" {
|
||||||
|
return "", NewAuthenticationError(ErrUserInfoFailed, fmt.Errorf("access token is empty"))
|
||||||
|
}
|
||||||
|
|
||||||
|
req, err := http.NewRequestWithContext(ctx, http.MethodGet, copilotUserInfoURL, nil)
|
||||||
|
if err != nil {
|
||||||
|
return "", NewAuthenticationError(ErrUserInfoFailed, err)
|
||||||
|
}
|
||||||
|
req.Header.Set("Authorization", "Bearer "+accessToken)
|
||||||
|
req.Header.Set("Accept", "application/json")
|
||||||
|
req.Header.Set("User-Agent", "CLIProxyAPI")
|
||||||
|
|
||||||
|
resp, err := c.httpClient.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return "", NewAuthenticationError(ErrUserInfoFailed, err)
|
||||||
|
}
|
||||||
|
defer func() {
|
||||||
|
if errClose := resp.Body.Close(); errClose != nil {
|
||||||
|
log.Errorf("copilot user info: close body error: %v", errClose)
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices {
|
||||||
|
bodyBytes, _ := io.ReadAll(resp.Body)
|
||||||
|
return "", NewAuthenticationError(ErrUserInfoFailed, fmt.Errorf("status %d: %s", resp.StatusCode, string(bodyBytes)))
|
||||||
|
}
|
||||||
|
|
||||||
|
var userInfo struct {
|
||||||
|
Login string `json:"login"`
|
||||||
|
}
|
||||||
|
if err = json.NewDecoder(resp.Body).Decode(&userInfo); err != nil {
|
||||||
|
return "", NewAuthenticationError(ErrUserInfoFailed, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if userInfo.Login == "" {
|
||||||
|
return "", NewAuthenticationError(ErrUserInfoFailed, fmt.Errorf("empty username"))
|
||||||
|
}
|
||||||
|
|
||||||
|
return userInfo.Login, nil
|
||||||
|
}
|
||||||
@@ -0,0 +1,93 @@
|
|||||||
|
// Package copilot provides authentication and token management functionality
|
||||||
|
// for GitHub Copilot AI services. It handles OAuth2 device flow token storage,
|
||||||
|
// serialization, and retrieval for maintaining authenticated sessions with the Copilot API.
|
||||||
|
package copilot
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
|
||||||
|
"github.com/router-for-me/CLIProxyAPI/v6/internal/misc"
|
||||||
|
)
|
||||||
|
|
||||||
|
// CopilotTokenStorage stores OAuth2 token information for GitHub Copilot API authentication.
|
||||||
|
// It maintains compatibility with the existing auth system while adding Copilot-specific fields
|
||||||
|
// for managing access tokens and user account information.
|
||||||
|
type CopilotTokenStorage struct {
|
||||||
|
// AccessToken is the OAuth2 access token used for authenticating API requests.
|
||||||
|
AccessToken string `json:"access_token"`
|
||||||
|
// TokenType is the type of token, typically "bearer".
|
||||||
|
TokenType string `json:"token_type"`
|
||||||
|
// Scope is the OAuth2 scope granted to the token.
|
||||||
|
Scope string `json:"scope"`
|
||||||
|
// ExpiresAt is the timestamp when the access token expires (if provided).
|
||||||
|
ExpiresAt string `json:"expires_at,omitempty"`
|
||||||
|
// Username is the GitHub username associated with this token.
|
||||||
|
Username string `json:"username"`
|
||||||
|
// Type indicates the authentication provider type, always "github-copilot" for this storage.
|
||||||
|
Type string `json:"type"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// CopilotTokenData holds the raw OAuth token response from GitHub.
|
||||||
|
type CopilotTokenData struct {
|
||||||
|
// AccessToken is the OAuth2 access token.
|
||||||
|
AccessToken string `json:"access_token"`
|
||||||
|
// TokenType is the type of token, typically "bearer".
|
||||||
|
TokenType string `json:"token_type"`
|
||||||
|
// Scope is the OAuth2 scope granted to the token.
|
||||||
|
Scope string `json:"scope"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// CopilotAuthBundle bundles authentication data for storage.
|
||||||
|
type CopilotAuthBundle struct {
|
||||||
|
// TokenData contains the OAuth token information.
|
||||||
|
TokenData *CopilotTokenData
|
||||||
|
// Username is the GitHub username.
|
||||||
|
Username string
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeviceCodeResponse represents GitHub's device code response.
|
||||||
|
type DeviceCodeResponse struct {
|
||||||
|
// DeviceCode is the device verification code.
|
||||||
|
DeviceCode string `json:"device_code"`
|
||||||
|
// UserCode is the code the user must enter at the verification URI.
|
||||||
|
UserCode string `json:"user_code"`
|
||||||
|
// VerificationURI is the URL where the user should enter the code.
|
||||||
|
VerificationURI string `json:"verification_uri"`
|
||||||
|
// ExpiresIn is the number of seconds until the device code expires.
|
||||||
|
ExpiresIn int `json:"expires_in"`
|
||||||
|
// Interval is the minimum number of seconds to wait between polling requests.
|
||||||
|
Interval int `json:"interval"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// SaveTokenToFile serializes the Copilot token storage to a JSON file.
|
||||||
|
// This method creates the necessary directory structure and writes the token
|
||||||
|
// data in JSON format to the specified file path for persistent storage.
|
||||||
|
//
|
||||||
|
// Parameters:
|
||||||
|
// - authFilePath: The full path where the token file should be saved
|
||||||
|
//
|
||||||
|
// Returns:
|
||||||
|
// - error: An error if the operation fails, nil otherwise
|
||||||
|
func (ts *CopilotTokenStorage) SaveTokenToFile(authFilePath string) error {
|
||||||
|
misc.LogSavingCredentials(authFilePath)
|
||||||
|
ts.Type = "github-copilot"
|
||||||
|
if err := os.MkdirAll(filepath.Dir(authFilePath), 0700); err != nil {
|
||||||
|
return fmt.Errorf("failed to create directory: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
f, err := os.Create(authFilePath)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to create token file: %w", err)
|
||||||
|
}
|
||||||
|
defer func() {
|
||||||
|
_ = f.Close()
|
||||||
|
}()
|
||||||
|
|
||||||
|
if err = json.NewEncoder(f).Encode(ts); err != nil {
|
||||||
|
return fmt.Errorf("failed to write token to file: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
@@ -6,7 +6,7 @@ import (
|
|||||||
|
|
||||||
// newAuthManager creates a new authentication manager instance with all supported
|
// newAuthManager creates a new authentication manager instance with all supported
|
||||||
// authenticators and a file-based token store. It initializes authenticators for
|
// authenticators and a file-based token store. It initializes authenticators for
|
||||||
// Gemini, Codex, Claude, and Qwen providers.
|
// Gemini, Codex, Claude, Qwen, IFlow, Antigravity, and GitHub Copilot providers.
|
||||||
//
|
//
|
||||||
// Returns:
|
// Returns:
|
||||||
// - *sdkAuth.Manager: A configured authentication manager instance
|
// - *sdkAuth.Manager: A configured authentication manager instance
|
||||||
@@ -19,6 +19,7 @@ func newAuthManager() *sdkAuth.Manager {
|
|||||||
sdkAuth.NewQwenAuthenticator(),
|
sdkAuth.NewQwenAuthenticator(),
|
||||||
sdkAuth.NewIFlowAuthenticator(),
|
sdkAuth.NewIFlowAuthenticator(),
|
||||||
sdkAuth.NewAntigravityAuthenticator(),
|
sdkAuth.NewAntigravityAuthenticator(),
|
||||||
|
sdkAuth.NewGitHubCopilotAuthenticator(),
|
||||||
)
|
)
|
||||||
return manager
|
return manager
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,44 @@
|
|||||||
|
package cmd
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
|
||||||
|
sdkAuth "github.com/router-for-me/CLIProxyAPI/v6/sdk/auth"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
)
|
||||||
|
|
||||||
|
// DoGitHubCopilotLogin triggers the OAuth device flow for GitHub Copilot and saves tokens.
|
||||||
|
// It initiates the device flow authentication, displays the user code for the user to enter
|
||||||
|
// at GitHub's verification URL, and waits for authorization before saving the tokens.
|
||||||
|
//
|
||||||
|
// Parameters:
|
||||||
|
// - cfg: The application configuration containing proxy and auth directory settings
|
||||||
|
// - options: Login options including browser behavior settings
|
||||||
|
func DoGitHubCopilotLogin(cfg *config.Config, options *LoginOptions) {
|
||||||
|
if options == nil {
|
||||||
|
options = &LoginOptions{}
|
||||||
|
}
|
||||||
|
|
||||||
|
manager := newAuthManager()
|
||||||
|
authOpts := &sdkAuth.LoginOptions{
|
||||||
|
NoBrowser: options.NoBrowser,
|
||||||
|
Metadata: map[string]string{},
|
||||||
|
Prompt: options.Prompt,
|
||||||
|
}
|
||||||
|
|
||||||
|
record, savedPath, err := manager.Login(context.Background(), "github-copilot", cfg, authOpts)
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("GitHub Copilot authentication failed: %v", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if savedPath != "" {
|
||||||
|
fmt.Printf("Authentication saved to %s\n", savedPath)
|
||||||
|
}
|
||||||
|
if record != nil && record.Label != "" {
|
||||||
|
fmt.Printf("Authenticated as %s\n", record.Label)
|
||||||
|
}
|
||||||
|
fmt.Println("GitHub Copilot authentication successful!")
|
||||||
|
}
|
||||||
@@ -984,3 +984,187 @@ func GetIFlowModels() []*ModelInfo {
|
|||||||
}
|
}
|
||||||
return models
|
return models
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// GetGitHubCopilotModels returns the available models for GitHub Copilot.
|
||||||
|
// These models are available through the GitHub Copilot API at api.githubcopilot.com.
|
||||||
|
func GetGitHubCopilotModels() []*ModelInfo {
|
||||||
|
now := int64(1732752000) // 2024-11-27
|
||||||
|
return []*ModelInfo{
|
||||||
|
{
|
||||||
|
ID: "gpt-4.1",
|
||||||
|
Object: "model",
|
||||||
|
Created: now,
|
||||||
|
OwnedBy: "github-copilot",
|
||||||
|
Type: "github-copilot",
|
||||||
|
DisplayName: "GPT-4.1",
|
||||||
|
Description: "OpenAI GPT-4.1 via GitHub Copilot",
|
||||||
|
ContextLength: 128000,
|
||||||
|
MaxCompletionTokens: 16384,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ID: "gpt-5",
|
||||||
|
Object: "model",
|
||||||
|
Created: now,
|
||||||
|
OwnedBy: "github-copilot",
|
||||||
|
Type: "github-copilot",
|
||||||
|
DisplayName: "GPT-5",
|
||||||
|
Description: "OpenAI GPT-5 via GitHub Copilot",
|
||||||
|
ContextLength: 200000,
|
||||||
|
MaxCompletionTokens: 32768,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ID: "gpt-5-mini",
|
||||||
|
Object: "model",
|
||||||
|
Created: now,
|
||||||
|
OwnedBy: "github-copilot",
|
||||||
|
Type: "github-copilot",
|
||||||
|
DisplayName: "GPT-5 Mini",
|
||||||
|
Description: "OpenAI GPT-5 Mini via GitHub Copilot",
|
||||||
|
ContextLength: 128000,
|
||||||
|
MaxCompletionTokens: 16384,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ID: "gpt-5-codex",
|
||||||
|
Object: "model",
|
||||||
|
Created: now,
|
||||||
|
OwnedBy: "github-copilot",
|
||||||
|
Type: "github-copilot",
|
||||||
|
DisplayName: "GPT-5 Codex",
|
||||||
|
Description: "OpenAI GPT-5 Codex via GitHub Copilot",
|
||||||
|
ContextLength: 200000,
|
||||||
|
MaxCompletionTokens: 32768,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ID: "gpt-5.1",
|
||||||
|
Object: "model",
|
||||||
|
Created: now,
|
||||||
|
OwnedBy: "github-copilot",
|
||||||
|
Type: "github-copilot",
|
||||||
|
DisplayName: "GPT-5.1",
|
||||||
|
Description: "OpenAI GPT-5.1 via GitHub Copilot",
|
||||||
|
ContextLength: 200000,
|
||||||
|
MaxCompletionTokens: 32768,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ID: "gpt-5.1-codex",
|
||||||
|
Object: "model",
|
||||||
|
Created: now,
|
||||||
|
OwnedBy: "github-copilot",
|
||||||
|
Type: "github-copilot",
|
||||||
|
DisplayName: "GPT-5.1 Codex",
|
||||||
|
Description: "OpenAI GPT-5.1 Codex via GitHub Copilot",
|
||||||
|
ContextLength: 200000,
|
||||||
|
MaxCompletionTokens: 32768,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ID: "gpt-5.1-codex-mini",
|
||||||
|
Object: "model",
|
||||||
|
Created: now,
|
||||||
|
OwnedBy: "github-copilot",
|
||||||
|
Type: "github-copilot",
|
||||||
|
DisplayName: "GPT-5.1 Codex Mini",
|
||||||
|
Description: "OpenAI GPT-5.1 Codex Mini via GitHub Copilot",
|
||||||
|
ContextLength: 128000,
|
||||||
|
MaxCompletionTokens: 16384,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ID: "claude-haiku-4.5",
|
||||||
|
Object: "model",
|
||||||
|
Created: now,
|
||||||
|
OwnedBy: "github-copilot",
|
||||||
|
Type: "github-copilot",
|
||||||
|
DisplayName: "Claude Haiku 4.5",
|
||||||
|
Description: "Anthropic Claude Haiku 4.5 via GitHub Copilot",
|
||||||
|
ContextLength: 200000,
|
||||||
|
MaxCompletionTokens: 64000,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ID: "claude-opus-4.1",
|
||||||
|
Object: "model",
|
||||||
|
Created: now,
|
||||||
|
OwnedBy: "github-copilot",
|
||||||
|
Type: "github-copilot",
|
||||||
|
DisplayName: "Claude Opus 4.1",
|
||||||
|
Description: "Anthropic Claude Opus 4.1 via GitHub Copilot",
|
||||||
|
ContextLength: 200000,
|
||||||
|
MaxCompletionTokens: 32000,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ID: "claude-opus-4.5",
|
||||||
|
Object: "model",
|
||||||
|
Created: now,
|
||||||
|
OwnedBy: "github-copilot",
|
||||||
|
Type: "github-copilot",
|
||||||
|
DisplayName: "Claude Opus 4.5",
|
||||||
|
Description: "Anthropic Claude Opus 4.5 via GitHub Copilot",
|
||||||
|
ContextLength: 200000,
|
||||||
|
MaxCompletionTokens: 64000,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ID: "claude-sonnet-4",
|
||||||
|
Object: "model",
|
||||||
|
Created: now,
|
||||||
|
OwnedBy: "github-copilot",
|
||||||
|
Type: "github-copilot",
|
||||||
|
DisplayName: "Claude Sonnet 4",
|
||||||
|
Description: "Anthropic Claude Sonnet 4 via GitHub Copilot",
|
||||||
|
ContextLength: 200000,
|
||||||
|
MaxCompletionTokens: 64000,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ID: "claude-sonnet-4.5",
|
||||||
|
Object: "model",
|
||||||
|
Created: now,
|
||||||
|
OwnedBy: "github-copilot",
|
||||||
|
Type: "github-copilot",
|
||||||
|
DisplayName: "Claude Sonnet 4.5",
|
||||||
|
Description: "Anthropic Claude Sonnet 4.5 via GitHub Copilot",
|
||||||
|
ContextLength: 200000,
|
||||||
|
MaxCompletionTokens: 64000,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ID: "gemini-2.5-pro",
|
||||||
|
Object: "model",
|
||||||
|
Created: now,
|
||||||
|
OwnedBy: "github-copilot",
|
||||||
|
Type: "github-copilot",
|
||||||
|
DisplayName: "Gemini 2.5 Pro",
|
||||||
|
Description: "Google Gemini 2.5 Pro via GitHub Copilot",
|
||||||
|
ContextLength: 1048576,
|
||||||
|
MaxCompletionTokens: 65536,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ID: "gemini-3-pro",
|
||||||
|
Object: "model",
|
||||||
|
Created: now,
|
||||||
|
OwnedBy: "github-copilot",
|
||||||
|
Type: "github-copilot",
|
||||||
|
DisplayName: "Gemini 3 Pro",
|
||||||
|
Description: "Google Gemini 3 Pro via GitHub Copilot",
|
||||||
|
ContextLength: 1048576,
|
||||||
|
MaxCompletionTokens: 65536,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ID: "grok-code-fast-1",
|
||||||
|
Object: "model",
|
||||||
|
Created: now,
|
||||||
|
OwnedBy: "github-copilot",
|
||||||
|
Type: "github-copilot",
|
||||||
|
DisplayName: "Grok Code Fast 1",
|
||||||
|
Description: "xAI Grok Code Fast 1 via GitHub Copilot",
|
||||||
|
ContextLength: 128000,
|
||||||
|
MaxCompletionTokens: 16384,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ID: "raptor-mini",
|
||||||
|
Object: "model",
|
||||||
|
Created: now,
|
||||||
|
OwnedBy: "github-copilot",
|
||||||
|
Type: "github-copilot",
|
||||||
|
DisplayName: "Raptor Mini",
|
||||||
|
Description: "Raptor Mini via GitHub Copilot",
|
||||||
|
ContextLength: 128000,
|
||||||
|
MaxCompletionTokens: 16384,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -0,0 +1,354 @@
|
|||||||
|
package executor
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bufio"
|
||||||
|
"bytes"
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
"io"
|
||||||
|
"net/http"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/google/uuid"
|
||||||
|
copilotauth "github.com/router-for-me/CLIProxyAPI/v6/internal/auth/copilot"
|
||||||
|
"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
|
||||||
|
cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
|
||||||
|
cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor"
|
||||||
|
sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
"github.com/tidwall/sjson"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
githubCopilotBaseURL = "https://api.githubcopilot.com"
|
||||||
|
githubCopilotChatPath = "/chat/completions"
|
||||||
|
githubCopilotAuthType = "github-copilot"
|
||||||
|
githubCopilotTokenCacheTTL = 25 * time.Minute
|
||||||
|
)
|
||||||
|
|
||||||
|
// GitHubCopilotExecutor handles requests to the GitHub Copilot API.
|
||||||
|
type GitHubCopilotExecutor struct {
|
||||||
|
cfg *config.Config
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewGitHubCopilotExecutor constructs a new executor instance.
|
||||||
|
func NewGitHubCopilotExecutor(cfg *config.Config) *GitHubCopilotExecutor {
|
||||||
|
return &GitHubCopilotExecutor{cfg: cfg}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Identifier implements ProviderExecutor.
|
||||||
|
func (e *GitHubCopilotExecutor) Identifier() string { return githubCopilotAuthType }
|
||||||
|
|
||||||
|
// PrepareRequest implements ProviderExecutor.
|
||||||
|
func (e *GitHubCopilotExecutor) PrepareRequest(_ *http.Request, _ *cliproxyauth.Auth) error {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Execute handles non-streaming requests to GitHub Copilot.
|
||||||
|
func (e *GitHubCopilotExecutor) Execute(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (resp cliproxyexecutor.Response, err error) {
|
||||||
|
apiToken, errToken := e.ensureAPIToken(ctx, auth)
|
||||||
|
if errToken != nil {
|
||||||
|
return resp, errToken
|
||||||
|
}
|
||||||
|
|
||||||
|
reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth)
|
||||||
|
defer reporter.trackFailure(ctx, &err)
|
||||||
|
|
||||||
|
from := opts.SourceFormat
|
||||||
|
to := sdktranslator.FromString("openai")
|
||||||
|
body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), false)
|
||||||
|
body = e.normalizeModel(req.Model, body)
|
||||||
|
body = applyPayloadConfig(e.cfg, req.Model, body)
|
||||||
|
body, _ = sjson.SetBytes(body, "stream", false)
|
||||||
|
|
||||||
|
url := githubCopilotBaseURL + githubCopilotChatPath
|
||||||
|
httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body))
|
||||||
|
if err != nil {
|
||||||
|
return resp, err
|
||||||
|
}
|
||||||
|
e.applyHeaders(httpReq, apiToken)
|
||||||
|
|
||||||
|
var authID, authLabel, authType, authValue string
|
||||||
|
if auth != nil {
|
||||||
|
authID = auth.ID
|
||||||
|
authLabel = auth.Label
|
||||||
|
authType, authValue = auth.AccountInfo()
|
||||||
|
}
|
||||||
|
recordAPIRequest(ctx, e.cfg, upstreamRequestLog{
|
||||||
|
URL: url,
|
||||||
|
Method: http.MethodPost,
|
||||||
|
Headers: httpReq.Header.Clone(),
|
||||||
|
Body: body,
|
||||||
|
Provider: e.Identifier(),
|
||||||
|
AuthID: authID,
|
||||||
|
AuthLabel: authLabel,
|
||||||
|
AuthType: authType,
|
||||||
|
AuthValue: authValue,
|
||||||
|
})
|
||||||
|
|
||||||
|
httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0)
|
||||||
|
httpResp, err := httpClient.Do(httpReq)
|
||||||
|
if err != nil {
|
||||||
|
recordAPIResponseError(ctx, e.cfg, err)
|
||||||
|
return resp, err
|
||||||
|
}
|
||||||
|
defer func() {
|
||||||
|
if errClose := httpResp.Body.Close(); errClose != nil {
|
||||||
|
log.Errorf("github-copilot executor: close response body error: %v", errClose)
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone())
|
||||||
|
|
||||||
|
if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices {
|
||||||
|
data, _ := io.ReadAll(httpResp.Body)
|
||||||
|
appendAPIResponseChunk(ctx, e.cfg, data)
|
||||||
|
log.Debugf("github-copilot executor: upstream error status: %d, body: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data))
|
||||||
|
err = statusErr{code: httpResp.StatusCode, msg: string(data)}
|
||||||
|
return resp, err
|
||||||
|
}
|
||||||
|
|
||||||
|
data, err := io.ReadAll(httpResp.Body)
|
||||||
|
if err != nil {
|
||||||
|
recordAPIResponseError(ctx, e.cfg, err)
|
||||||
|
return resp, err
|
||||||
|
}
|
||||||
|
appendAPIResponseChunk(ctx, e.cfg, data)
|
||||||
|
|
||||||
|
detail := parseOpenAIUsage(data)
|
||||||
|
if detail.TotalTokens > 0 {
|
||||||
|
reporter.publish(ctx, detail)
|
||||||
|
}
|
||||||
|
|
||||||
|
var param any
|
||||||
|
converted := sdktranslator.TranslateNonStream(ctx, to, from, req.Model, bytes.Clone(opts.OriginalRequest), body, data, ¶m)
|
||||||
|
resp = cliproxyexecutor.Response{Payload: []byte(converted)}
|
||||||
|
reporter.ensurePublished(ctx)
|
||||||
|
return resp, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// ExecuteStream handles streaming requests to GitHub Copilot.
|
||||||
|
func (e *GitHubCopilotExecutor) ExecuteStream(ctx context.Context, auth *cliproxyauth.Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (stream <-chan cliproxyexecutor.StreamChunk, err error) {
|
||||||
|
apiToken, errToken := e.ensureAPIToken(ctx, auth)
|
||||||
|
if errToken != nil {
|
||||||
|
return nil, errToken
|
||||||
|
}
|
||||||
|
|
||||||
|
reporter := newUsageReporter(ctx, e.Identifier(), req.Model, auth)
|
||||||
|
defer reporter.trackFailure(ctx, &err)
|
||||||
|
|
||||||
|
from := opts.SourceFormat
|
||||||
|
to := sdktranslator.FromString("openai")
|
||||||
|
body := sdktranslator.TranslateRequest(from, to, req.Model, bytes.Clone(req.Payload), true)
|
||||||
|
body = e.normalizeModel(req.Model, body)
|
||||||
|
body = applyPayloadConfig(e.cfg, req.Model, body)
|
||||||
|
body, _ = sjson.SetBytes(body, "stream", true)
|
||||||
|
// Enable stream options for usage stats in stream
|
||||||
|
body, _ = sjson.SetBytes(body, "stream_options.include_usage", true)
|
||||||
|
|
||||||
|
url := githubCopilotBaseURL + githubCopilotChatPath
|
||||||
|
httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body))
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
e.applyHeaders(httpReq, apiToken)
|
||||||
|
|
||||||
|
var authID, authLabel, authType, authValue string
|
||||||
|
if auth != nil {
|
||||||
|
authID = auth.ID
|
||||||
|
authLabel = auth.Label
|
||||||
|
authType, authValue = auth.AccountInfo()
|
||||||
|
}
|
||||||
|
recordAPIRequest(ctx, e.cfg, upstreamRequestLog{
|
||||||
|
URL: url,
|
||||||
|
Method: http.MethodPost,
|
||||||
|
Headers: httpReq.Header.Clone(),
|
||||||
|
Body: body,
|
||||||
|
Provider: e.Identifier(),
|
||||||
|
AuthID: authID,
|
||||||
|
AuthLabel: authLabel,
|
||||||
|
AuthType: authType,
|
||||||
|
AuthValue: authValue,
|
||||||
|
})
|
||||||
|
|
||||||
|
httpClient := newProxyAwareHTTPClient(ctx, e.cfg, auth, 0)
|
||||||
|
httpResp, err := httpClient.Do(httpReq)
|
||||||
|
if err != nil {
|
||||||
|
recordAPIResponseError(ctx, e.cfg, err)
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
recordAPIResponseMetadata(ctx, e.cfg, httpResp.StatusCode, httpResp.Header.Clone())
|
||||||
|
|
||||||
|
if httpResp.StatusCode < http.StatusOK || httpResp.StatusCode >= http.StatusMultipleChoices {
|
||||||
|
data, readErr := io.ReadAll(httpResp.Body)
|
||||||
|
if errClose := httpResp.Body.Close(); errClose != nil {
|
||||||
|
log.Errorf("github-copilot executor: close response body error: %v", errClose)
|
||||||
|
}
|
||||||
|
if readErr != nil {
|
||||||
|
recordAPIResponseError(ctx, e.cfg, readErr)
|
||||||
|
return nil, readErr
|
||||||
|
}
|
||||||
|
appendAPIResponseChunk(ctx, e.cfg, data)
|
||||||
|
log.Debugf("github-copilot executor: upstream error status: %d, body: %s", httpResp.StatusCode, summarizeErrorBody(httpResp.Header.Get("Content-Type"), data))
|
||||||
|
err = statusErr{code: httpResp.StatusCode, msg: string(data)}
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
out := make(chan cliproxyexecutor.StreamChunk)
|
||||||
|
stream = out
|
||||||
|
|
||||||
|
go func() {
|
||||||
|
defer close(out)
|
||||||
|
defer func() {
|
||||||
|
if errClose := httpResp.Body.Close(); errClose != nil {
|
||||||
|
log.Errorf("github-copilot executor: close response body error: %v", errClose)
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
scanner := bufio.NewScanner(httpResp.Body)
|
||||||
|
scanner.Buffer(nil, 20_971_520)
|
||||||
|
var param any
|
||||||
|
|
||||||
|
for scanner.Scan() {
|
||||||
|
line := scanner.Bytes()
|
||||||
|
appendAPIResponseChunk(ctx, e.cfg, line)
|
||||||
|
|
||||||
|
// Parse SSE data
|
||||||
|
if bytes.HasPrefix(line, dataTag) {
|
||||||
|
data := bytes.TrimSpace(line[5:])
|
||||||
|
if bytes.Equal(data, []byte("[DONE]")) {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if detail, ok := parseOpenAIStreamUsage(line); ok {
|
||||||
|
reporter.publish(ctx, detail)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
chunks := sdktranslator.TranslateStream(ctx, to, from, req.Model, bytes.Clone(opts.OriginalRequest), body, bytes.Clone(line), ¶m)
|
||||||
|
for i := range chunks {
|
||||||
|
out <- cliproxyexecutor.StreamChunk{Payload: []byte(chunks[i])}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if errScan := scanner.Err(); errScan != nil {
|
||||||
|
recordAPIResponseError(ctx, e.cfg, errScan)
|
||||||
|
reporter.publishFailure(ctx)
|
||||||
|
out <- cliproxyexecutor.StreamChunk{Err: errScan}
|
||||||
|
} else {
|
||||||
|
reporter.ensurePublished(ctx)
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
return stream, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// CountTokens is not supported for GitHub Copilot.
|
||||||
|
func (e *GitHubCopilotExecutor) CountTokens(_ context.Context, _ *cliproxyauth.Auth, _ cliproxyexecutor.Request, _ cliproxyexecutor.Options) (cliproxyexecutor.Response, error) {
|
||||||
|
return cliproxyexecutor.Response{}, statusErr{code: http.StatusNotImplemented, msg: "count tokens not supported for github-copilot"}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Refresh validates the GitHub token is still working.
|
||||||
|
// GitHub OAuth tokens don't expire traditionally, so we just validate.
|
||||||
|
func (e *GitHubCopilotExecutor) Refresh(ctx context.Context, auth *cliproxyauth.Auth) (*cliproxyauth.Auth, error) {
|
||||||
|
if auth == nil {
|
||||||
|
return nil, statusErr{code: http.StatusUnauthorized, msg: "missing auth"}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get the GitHub access token
|
||||||
|
accessToken := metaStringValue(auth.Metadata, "access_token")
|
||||||
|
if accessToken == "" {
|
||||||
|
return auth, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Validate the token can still get a Copilot API token
|
||||||
|
copilotAuth := copilotauth.NewCopilotAuth(e.cfg)
|
||||||
|
_, err := copilotAuth.GetCopilotAPIToken(ctx, accessToken)
|
||||||
|
if err != nil {
|
||||||
|
return nil, statusErr{code: http.StatusUnauthorized, msg: fmt.Sprintf("github-copilot token validation failed: %v", err)}
|
||||||
|
}
|
||||||
|
|
||||||
|
return auth, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// ensureAPIToken gets or refreshes the Copilot API token.
|
||||||
|
func (e *GitHubCopilotExecutor) ensureAPIToken(ctx context.Context, auth *cliproxyauth.Auth) (string, error) {
|
||||||
|
if auth == nil {
|
||||||
|
return "", statusErr{code: http.StatusUnauthorized, msg: "missing auth"}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check for cached API token
|
||||||
|
if cachedToken := metaStringValue(auth.Metadata, "copilot_api_token"); cachedToken != "" {
|
||||||
|
if expiresAt := tokenExpiry(auth.Metadata); expiresAt.After(time.Now().Add(5 * time.Minute)) {
|
||||||
|
return cachedToken, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get the GitHub access token
|
||||||
|
accessToken := metaStringValue(auth.Metadata, "access_token")
|
||||||
|
if accessToken == "" {
|
||||||
|
return "", statusErr{code: http.StatusUnauthorized, msg: "missing github access token"}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get a new Copilot API token
|
||||||
|
copilotAuth := copilotauth.NewCopilotAuth(e.cfg)
|
||||||
|
apiToken, err := copilotAuth.GetCopilotAPIToken(ctx, accessToken)
|
||||||
|
if err != nil {
|
||||||
|
return "", statusErr{code: http.StatusUnauthorized, msg: fmt.Sprintf("failed to get copilot api token: %v", err)}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Cache the token in metadata (will be persisted on next save)
|
||||||
|
if auth.Metadata == nil {
|
||||||
|
auth.Metadata = make(map[string]any)
|
||||||
|
}
|
||||||
|
auth.Metadata["copilot_api_token"] = apiToken.Token
|
||||||
|
if apiToken.ExpiresAt > 0 {
|
||||||
|
auth.Metadata["expired"] = time.Unix(apiToken.ExpiresAt, 0).Format(time.RFC3339)
|
||||||
|
} else {
|
||||||
|
auth.Metadata["expired"] = time.Now().Add(githubCopilotTokenCacheTTL).Format(time.RFC3339)
|
||||||
|
}
|
||||||
|
|
||||||
|
return apiToken.Token, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// applyHeaders sets the required headers for GitHub Copilot API requests.
|
||||||
|
func (e *GitHubCopilotExecutor) applyHeaders(r *http.Request, apiToken string) {
|
||||||
|
r.Header.Set("Content-Type", "application/json")
|
||||||
|
r.Header.Set("Authorization", "Bearer "+apiToken)
|
||||||
|
r.Header.Set("Accept", "application/json")
|
||||||
|
r.Header.Set("User-Agent", "GithubCopilot/1.0")
|
||||||
|
r.Header.Set("Editor-Version", "vscode/1.100.0")
|
||||||
|
r.Header.Set("Editor-Plugin-Version", "copilot/1.300.0")
|
||||||
|
r.Header.Set("Openai-Intent", "conversation-panel")
|
||||||
|
r.Header.Set("Copilot-Integration-Id", "vscode-chat")
|
||||||
|
r.Header.Set("X-Request-Id", uuid.NewString())
|
||||||
|
}
|
||||||
|
|
||||||
|
// normalizeModel ensures the model name is correct for the API.
|
||||||
|
func (e *GitHubCopilotExecutor) normalizeModel(requestedModel string, body []byte) []byte {
|
||||||
|
// Map friendly names to API model names
|
||||||
|
modelMap := map[string]string{
|
||||||
|
"gpt-4.1": "gpt-4.1",
|
||||||
|
"gpt-5": "gpt-5",
|
||||||
|
"gpt-5-mini": "gpt-5-mini",
|
||||||
|
"gpt-5-codex": "gpt-5-codex",
|
||||||
|
"gpt-5.1": "gpt-5.1",
|
||||||
|
"gpt-5.1-codex": "gpt-5.1-codex",
|
||||||
|
"gpt-5.1-codex-mini": "gpt-5.1-codex-mini",
|
||||||
|
"claude-haiku-4.5": "claude-haiku-4.5",
|
||||||
|
"claude-opus-4.1": "claude-opus-4.1",
|
||||||
|
"claude-opus-4.5": "claude-opus-4.5",
|
||||||
|
"claude-sonnet-4": "claude-sonnet-4",
|
||||||
|
"claude-sonnet-4.5": "claude-sonnet-4.5",
|
||||||
|
"gemini-2.5-pro": "gemini-2.5-pro",
|
||||||
|
"gemini-3-pro": "gemini-3-pro",
|
||||||
|
"grok-code-fast-1": "grok-code-fast-1",
|
||||||
|
"raptor-mini": "raptor-mini",
|
||||||
|
}
|
||||||
|
|
||||||
|
if mapped, ok := modelMap[requestedModel]; ok {
|
||||||
|
body, _ = sjson.SetBytes(body, "model", mapped)
|
||||||
|
}
|
||||||
|
|
||||||
|
return body
|
||||||
|
}
|
||||||
@@ -0,0 +1,133 @@
|
|||||||
|
package auth
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/router-for-me/CLIProxyAPI/v6/internal/auth/copilot"
|
||||||
|
"github.com/router-for-me/CLIProxyAPI/v6/internal/browser"
|
||||||
|
"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
|
||||||
|
coreauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
)
|
||||||
|
|
||||||
|
// GitHubCopilotAuthenticator implements the OAuth device flow login for GitHub Copilot.
|
||||||
|
type GitHubCopilotAuthenticator struct{}
|
||||||
|
|
||||||
|
// NewGitHubCopilotAuthenticator constructs a new GitHub Copilot authenticator.
|
||||||
|
func NewGitHubCopilotAuthenticator() Authenticator {
|
||||||
|
return &GitHubCopilotAuthenticator{}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Provider returns the provider key for github-copilot.
|
||||||
|
func (GitHubCopilotAuthenticator) Provider() string {
|
||||||
|
return "github-copilot"
|
||||||
|
}
|
||||||
|
|
||||||
|
// RefreshLead returns nil since GitHub OAuth tokens don't expire in the traditional sense.
|
||||||
|
// The token remains valid until the user revokes it or the Copilot subscription expires.
|
||||||
|
func (GitHubCopilotAuthenticator) RefreshLead() *time.Duration {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Login initiates the GitHub device flow authentication for Copilot access.
|
||||||
|
func (a GitHubCopilotAuthenticator) Login(ctx context.Context, cfg *config.Config, opts *LoginOptions) (*coreauth.Auth, error) {
|
||||||
|
if cfg == nil {
|
||||||
|
return nil, fmt.Errorf("cliproxy auth: configuration is required")
|
||||||
|
}
|
||||||
|
if ctx == nil {
|
||||||
|
ctx = context.Background()
|
||||||
|
}
|
||||||
|
if opts == nil {
|
||||||
|
opts = &LoginOptions{}
|
||||||
|
}
|
||||||
|
|
||||||
|
authSvc := copilot.NewCopilotAuth(cfg)
|
||||||
|
|
||||||
|
// Start the device flow
|
||||||
|
fmt.Println("Starting GitHub Copilot authentication...")
|
||||||
|
deviceCode, err := authSvc.StartDeviceFlow(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("github-copilot: failed to start device flow: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Display the user code and verification URL
|
||||||
|
fmt.Printf("\nTo authenticate, please visit: %s\n", deviceCode.VerificationURI)
|
||||||
|
fmt.Printf("And enter the code: %s\n\n", deviceCode.UserCode)
|
||||||
|
|
||||||
|
// Try to open the browser automatically
|
||||||
|
if !opts.NoBrowser {
|
||||||
|
if browser.IsAvailable() {
|
||||||
|
if errOpen := browser.OpenURL(deviceCode.VerificationURI); errOpen != nil {
|
||||||
|
log.Warnf("Failed to open browser automatically: %v", errOpen)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fmt.Println("Waiting for GitHub authorization...")
|
||||||
|
fmt.Printf("(This will timeout in %d seconds if not authorized)\n", deviceCode.ExpiresIn)
|
||||||
|
|
||||||
|
// Wait for user authorization
|
||||||
|
authBundle, err := authSvc.WaitForAuthorization(ctx, deviceCode)
|
||||||
|
if err != nil {
|
||||||
|
errMsg := copilot.GetUserFriendlyMessage(err)
|
||||||
|
return nil, fmt.Errorf("github-copilot: %s", errMsg)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Verify the token can get a Copilot API token
|
||||||
|
fmt.Println("Verifying Copilot access...")
|
||||||
|
apiToken, err := authSvc.GetCopilotAPIToken(ctx, authBundle.TokenData.AccessToken)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("github-copilot: failed to verify Copilot access - you may not have an active Copilot subscription: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create the token storage
|
||||||
|
tokenStorage := authSvc.CreateTokenStorage(authBundle)
|
||||||
|
|
||||||
|
// Build metadata
|
||||||
|
metadata := map[string]any{
|
||||||
|
"type": "github-copilot",
|
||||||
|
"username": authBundle.Username,
|
||||||
|
"access_token": authBundle.TokenData.AccessToken,
|
||||||
|
"token_type": authBundle.TokenData.TokenType,
|
||||||
|
"scope": authBundle.TokenData.Scope,
|
||||||
|
"timestamp": time.Now().UnixMilli(),
|
||||||
|
"api_endpoint": copilot.BuildChatCompletionURL(),
|
||||||
|
}
|
||||||
|
|
||||||
|
if apiToken.ExpiresAt > 0 {
|
||||||
|
metadata["api_token_expires_at"] = apiToken.ExpiresAt
|
||||||
|
}
|
||||||
|
|
||||||
|
fileName := fmt.Sprintf("github-copilot-%s.json", authBundle.Username)
|
||||||
|
|
||||||
|
fmt.Printf("\nGitHub Copilot authentication successful for user: %s\n", authBundle.Username)
|
||||||
|
|
||||||
|
return &coreauth.Auth{
|
||||||
|
ID: fileName,
|
||||||
|
Provider: a.Provider(),
|
||||||
|
FileName: fileName,
|
||||||
|
Label: authBundle.Username,
|
||||||
|
Storage: tokenStorage,
|
||||||
|
Metadata: metadata,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// RefreshGitHubCopilotToken validates and returns the current token status.
|
||||||
|
// GitHub OAuth tokens don't need traditional refresh - we just validate they still work.
|
||||||
|
func RefreshGitHubCopilotToken(ctx context.Context, cfg *config.Config, storage *copilot.CopilotTokenStorage) error {
|
||||||
|
if storage == nil || storage.AccessToken == "" {
|
||||||
|
return fmt.Errorf("no token available")
|
||||||
|
}
|
||||||
|
|
||||||
|
authSvc := copilot.NewCopilotAuth(cfg)
|
||||||
|
|
||||||
|
// Validate the token can still get a Copilot API token
|
||||||
|
_, err := authSvc.GetCopilotAPIToken(ctx, storage.AccessToken)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("token validation failed: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
@@ -14,6 +14,7 @@ func init() {
|
|||||||
registerRefreshLead("gemini", func() Authenticator { return NewGeminiAuthenticator() })
|
registerRefreshLead("gemini", func() Authenticator { return NewGeminiAuthenticator() })
|
||||||
registerRefreshLead("gemini-cli", func() Authenticator { return NewGeminiAuthenticator() })
|
registerRefreshLead("gemini-cli", func() Authenticator { return NewGeminiAuthenticator() })
|
||||||
registerRefreshLead("antigravity", func() Authenticator { return NewAntigravityAuthenticator() })
|
registerRefreshLead("antigravity", func() Authenticator { return NewAntigravityAuthenticator() })
|
||||||
|
registerRefreshLead("github-copilot", func() Authenticator { return NewGitHubCopilotAuthenticator() })
|
||||||
}
|
}
|
||||||
|
|
||||||
func registerRefreshLead(provider string, factory func() Authenticator) {
|
func registerRefreshLead(provider string, factory func() Authenticator) {
|
||||||
|
|||||||
@@ -351,6 +351,8 @@ func (s *Service) ensureExecutorsForAuth(a *coreauth.Auth) {
|
|||||||
s.coreManager.RegisterExecutor(executor.NewQwenExecutor(s.cfg))
|
s.coreManager.RegisterExecutor(executor.NewQwenExecutor(s.cfg))
|
||||||
case "iflow":
|
case "iflow":
|
||||||
s.coreManager.RegisterExecutor(executor.NewIFlowExecutor(s.cfg))
|
s.coreManager.RegisterExecutor(executor.NewIFlowExecutor(s.cfg))
|
||||||
|
case "github-copilot":
|
||||||
|
s.coreManager.RegisterExecutor(executor.NewGitHubCopilotExecutor(s.cfg))
|
||||||
default:
|
default:
|
||||||
providerKey := strings.ToLower(strings.TrimSpace(a.Provider))
|
providerKey := strings.ToLower(strings.TrimSpace(a.Provider))
|
||||||
if providerKey == "" {
|
if providerKey == "" {
|
||||||
@@ -662,6 +664,8 @@ func (s *Service) registerModelsForAuth(a *coreauth.Auth) {
|
|||||||
models = registry.GetQwenModels()
|
models = registry.GetQwenModels()
|
||||||
case "iflow":
|
case "iflow":
|
||||||
models = registry.GetIFlowModels()
|
models = registry.GetIFlowModels()
|
||||||
|
case "github-copilot":
|
||||||
|
models = registry.GetGitHubCopilotModels()
|
||||||
default:
|
default:
|
||||||
// Handle OpenAI-compatibility providers by name using config
|
// Handle OpenAI-compatibility providers by name using config
|
||||||
if s.cfg != nil {
|
if s.cfg != nil {
|
||||||
|
|||||||
Reference in New Issue
Block a user