Models: add Qwen Portal OAuth support

src/providers/qwen-portal-oauth.test.ts

@@ -0,0 +1,78 @@
+import { describe, expect, it, vi, afterEach } from "vitest";
+
+import { refreshQwenPortalCredentials } from "./qwen-portal-oauth.js";
+
+const originalFetch = globalThis.fetch;
+
+afterEach(() => {
+  vi.unstubAllGlobals();
+  globalThis.fetch = originalFetch;
+});
+
+describe("refreshQwenPortalCredentials", () => {
+  it("refreshes tokens with a new access token", async () => {
+    const fetchSpy = vi.fn().mockResolvedValue({
+      ok: true,
+      status: 200,
+      json: async () => ({
+        access_token: "new-access",
+        refresh_token: "new-refresh",
+        expires_in: 3600,
+      }),
+    });
+    vi.stubGlobal("fetch", fetchSpy);
+
+    const result = await refreshQwenPortalCredentials({
+      access: "old-access",
+      refresh: "old-refresh",
+      expires: Date.now() - 1000,
+    });
+
+    expect(fetchSpy).toHaveBeenCalledWith(
+      "https://chat.qwen.ai/api/v1/oauth2/token",
+      expect.objectContaining({
+        method: "POST",
+      }),
+    );
+    expect(result.access).toBe("new-access");
+    expect(result.refresh).toBe("new-refresh");
+    expect(result.expires).toBeGreaterThan(Date.now());
+  });
+
+  it("keeps refresh token when refresh response omits it", async () => {
+    const fetchSpy = vi.fn().mockResolvedValue({
+      ok: true,
+      status: 200,
+      json: async () => ({
+        access_token: "new-access",
+        expires_in: 1800,
+      }),
+    });
+    vi.stubGlobal("fetch", fetchSpy);
+
+    const result = await refreshQwenPortalCredentials({
+      access: "old-access",
+      refresh: "old-refresh",
+      expires: Date.now() - 1000,
+    });
+
+    expect(result.refresh).toBe("old-refresh");
+  });
+
+  it("errors when refresh token is invalid", async () => {
+    const fetchSpy = vi.fn().mockResolvedValue({
+      ok: false,
+      status: 400,
+      text: async () => "invalid_grant",
+    });
+    vi.stubGlobal("fetch", fetchSpy);
+
+    await expect(
+      refreshQwenPortalCredentials({
+        access: "old-access",
+        refresh: "old-refresh",
+        expires: Date.now() - 1000,
+      }),
+    ).rejects.toThrow("Qwen OAuth refresh token expired or invalid");
+  });
+});

src/providers/qwen-portal-oauth.ts

@@ -0,0 +1,53 @@
+import type { OAuthCredentials } from "@mariozechner/pi-ai";
+
+const QWEN_OAUTH_BASE_URL = "https://chat.qwen.ai";
+const QWEN_OAUTH_TOKEN_ENDPOINT = `${QWEN_OAUTH_BASE_URL}/api/v1/oauth2/token`;
+const QWEN_OAUTH_CLIENT_ID = "f0304373b74a44d2b584a3fb70ca9e56";
+
+export async function refreshQwenPortalCredentials(
+  credentials: OAuthCredentials,
+): Promise<OAuthCredentials> {
+  if (!credentials.refresh?.trim()) {
+    throw new Error("Qwen OAuth refresh token missing; re-authenticate.");
+  }
+
+  const response = await fetch(QWEN_OAUTH_TOKEN_ENDPOINT, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+      Accept: "application/json",
+    },
+    body: new URLSearchParams({
+      grant_type: "refresh_token",
+      refresh_token: credentials.refresh,
+      client_id: QWEN_OAUTH_CLIENT_ID,
+    }),
+  });
+
+  if (!response.ok) {
+    const text = await response.text();
+    if (response.status === 400) {
+      throw new Error(
+        "Qwen OAuth refresh token expired or invalid. Re-authenticate with `clawdbot models auth login --provider qwen-portal`.",
+      );
+    }
+    throw new Error(`Qwen OAuth refresh failed: ${text || response.statusText}`);
+  }
+
+  const payload = (await response.json()) as {
+    access_token?: string;
+    refresh_token?: string;
+    expires_in?: number;
+  };
+
+  if (!payload.access_token || !payload.expires_in) {
+    throw new Error("Qwen OAuth refresh response missing access token.");
+  }
+
+  return {
+    ...credentials,
+    access: payload.access_token,
+    refresh: payload.refresh_token || credentials.refresh,
+    expires: Date.now() + payload.expires_in * 1000,
+  };
+}