fix(oauth): derive oauth.json from state dir
This commit is contained in:
Peter Steinberger
@@ -25,6 +25,7 @@ import {
|
||||
import type { ThinkLevel, VerboseLevel } from "../auto-reply/thinking.js";
|
||||
import { formatToolAggregate } from "../auto-reply/tool-meta.js";
|
||||
import type { ClawdbotConfig } from "../config/config.js";
|
||||
import { resolveOAuthPath } from "../config/paths.js";
|
||||
import { getMachineDisplayName } from "../infra/machine-name.js";
|
||||
import { createSubsystemLogger } from "../logging.js";
|
||||
import { splitMediaFromOutput } from "../media/parse.js";
|
||||
@@ -32,7 +33,7 @@ import {
|
||||
type enqueueCommand,
|
||||
enqueueCommandInLane,
|
||||
} from "../process/command-queue.js";
|
||||
import { CONFIG_DIR, resolveUserPath } from "../utils.js";
|
||||
import { resolveUserPath } from "../utils.js";
|
||||
import { resolveClawdbotAgentDir } from "./agent-paths.js";
|
||||
import type { BashElevatedDefaults } from "./bash-tools.js";
|
||||
import { DEFAULT_MODEL, DEFAULT_PROVIDER } from "./defaults.js";
|
||||
@@ -106,7 +107,6 @@ type EmbeddedRunWaiter = {
|
||||
const EMBEDDED_RUN_WAITERS = new Map<string, Set<EmbeddedRunWaiter>>();
|
||||
|
||||
const OAUTH_FILENAME = "oauth.json";
|
||||
const DEFAULT_OAUTH_DIR = path.join(CONFIG_DIR, "credentials");
|
||||
let oauthStorageConfigured = false;
|
||||
|
||||
type OAuthStorage = Record<string, OAuthCredentials>;
|
||||
@@ -140,9 +140,7 @@ export function buildEmbeddedSandboxInfo(
|
||||
}
|
||||
|
||||
function resolveClawdbotOAuthPath(): string {
|
||||
const overrideDir =
|
||||
process.env.CLAWDBOT_OAUTH_DIR?.trim() || DEFAULT_OAUTH_DIR;
|
||||
return path.join(resolveUserPath(overrideDir), OAUTH_FILENAME);
|
||||
return resolveOAuthPath();
|
||||
}
|
||||
|
||||
function loadOAuthStorageAt(pathname: string): OAuthStorage | null {
|
||||
|
||||
52
src/commands/onboard-auth.test.ts
Normal file
52
src/commands/onboard-auth.test.ts
Normal file
@@ -0,0 +1,52 @@
|
||||
import fs from "node:fs/promises";
|
||||
import os from "node:os";
|
||||
import path from "node:path";
|
||||
|
||||
import type { OAuthCredentials } from "@mariozechner/pi-ai";
|
||||
import { afterEach, describe, expect, it } from "vitest";
|
||||
|
||||
import { resolveOAuthPath } from "../config/paths.js";
|
||||
import { writeOAuthCredentials } from "./onboard-auth.js";
|
||||
|
||||
describe("writeOAuthCredentials", () => {
|
||||
const previousStateDir = process.env.CLAWDBOT_STATE_DIR;
|
||||
let tempStateDir: string | null = null;
|
||||
|
||||
afterEach(async () => {
|
||||
if (tempStateDir) {
|
||||
await fs.rm(tempStateDir, { recursive: true, force: true });
|
||||
tempStateDir = null;
|
||||
}
|
||||
if (previousStateDir === undefined) {
|
||||
delete process.env.CLAWDBOT_STATE_DIR;
|
||||
} else {
|
||||
process.env.CLAWDBOT_STATE_DIR = previousStateDir;
|
||||
}
|
||||
delete process.env.CLAWDBOT_OAUTH_DIR;
|
||||
});
|
||||
|
||||
it("writes oauth.json under CLAWDBOT_STATE_DIR/credentials", async () => {
|
||||
tempStateDir = await fs.mkdtemp(path.join(os.tmpdir(), "clawdbot-oauth-"));
|
||||
process.env.CLAWDBOT_STATE_DIR = tempStateDir;
|
||||
|
||||
const creds = {
|
||||
refresh: "refresh-token",
|
||||
access: "access-token",
|
||||
expires: Date.now() + 60_000,
|
||||
} satisfies OAuthCredentials;
|
||||
|
||||
await writeOAuthCredentials("anthropic", creds);
|
||||
|
||||
const oauthPath = resolveOAuthPath();
|
||||
expect(oauthPath).toBe(
|
||||
path.join(tempStateDir, "credentials", "oauth.json"),
|
||||
);
|
||||
|
||||
const raw = await fs.readFile(oauthPath, "utf8");
|
||||
const parsed = JSON.parse(raw) as Record<string, OAuthCredentials>;
|
||||
expect(parsed.anthropic).toMatchObject({
|
||||
refresh: "refresh-token",
|
||||
access: "access-token",
|
||||
});
|
||||
});
|
||||
});
|
||||
@@ -6,15 +6,15 @@ import { discoverAuthStorage } from "@mariozechner/pi-coding-agent";
|
||||
|
||||
import { resolveClawdbotAgentDir } from "../agents/agent-paths.js";
|
||||
import type { ClawdbotConfig } from "../config/config.js";
|
||||
import { CONFIG_DIR } from "../utils.js";
|
||||
import { resolveOAuthPath } from "../config/paths.js";
|
||||
|
||||
export async function writeOAuthCredentials(
|
||||
provider: OAuthProvider,
|
||||
creds: OAuthCredentials,
|
||||
): Promise<void> {
|
||||
const dir = path.join(CONFIG_DIR, "credentials");
|
||||
const filePath = resolveOAuthPath();
|
||||
const dir = path.dirname(filePath);
|
||||
await fs.mkdir(dir, { recursive: true, mode: 0o700 });
|
||||
const filePath = path.join(dir, "oauth.json");
|
||||
let storage: Record<string, OAuthCredentials> = {};
|
||||
try {
|
||||
const raw = await fs.readFile(filePath, "utf8");
|
||||
|
||||
30
src/config/paths.test.ts
Normal file
30
src/config/paths.test.ts
Normal file
@@ -0,0 +1,30 @@
|
||||
import { describe, expect, it } from "vitest";
|
||||
|
||||
import { resolveOAuthDir, resolveOAuthPath } from "./paths.js";
|
||||
|
||||
describe("oauth paths", () => {
|
||||
it("prefers CLAWDBOT_OAUTH_DIR over CLAWDBOT_STATE_DIR", () => {
|
||||
const env = {
|
||||
CLAWDBOT_OAUTH_DIR: "/custom/oauth",
|
||||
CLAWDBOT_STATE_DIR: "/custom/state",
|
||||
} as NodeJS.ProcessEnv;
|
||||
|
||||
expect(resolveOAuthDir(env, "/custom/state")).toBe("/custom/oauth");
|
||||
expect(resolveOAuthPath(env, "/custom/state")).toBe(
|
||||
"/custom/oauth/oauth.json",
|
||||
);
|
||||
});
|
||||
|
||||
it("derives oauth path from CLAWDBOT_STATE_DIR when unset", () => {
|
||||
const env = {
|
||||
CLAWDBOT_STATE_DIR: "/custom/state",
|
||||
} as NodeJS.ProcessEnv;
|
||||
|
||||
expect(resolveOAuthDir(env, "/custom/state")).toBe(
|
||||
"/custom/state/credentials",
|
||||
);
|
||||
expect(resolveOAuthPath(env, "/custom/state")).toBe(
|
||||
"/custom/state/credentials/oauth.json",
|
||||
);
|
||||
});
|
||||
});
|
||||
@@ -1,6 +1,6 @@
|
||||
import os from "node:os";
|
||||
import path from "node:path";
|
||||
|
||||
import { resolveUserPath } from "../utils.js";
|
||||
import type { ClawdbotConfig } from "./types.js";
|
||||
|
||||
/**
|
||||
@@ -52,6 +52,32 @@ export const CONFIG_PATH_CLAWDBOT = resolveConfigPath();
|
||||
|
||||
export const DEFAULT_GATEWAY_PORT = 18789;
|
||||
|
||||
const OAUTH_FILENAME = "oauth.json";
|
||||
|
||||
/**
|
||||
* OAuth credentials storage directory.
|
||||
*
|
||||
* Precedence:
|
||||
* - `CLAWDBOT_OAUTH_DIR` (explicit override)
|
||||
* - `CLAWDBOT_STATE_DIR/credentials` (canonical server/default)
|
||||
* - `~/.clawdbot/credentials` (legacy default)
|
||||
*/
|
||||
export function resolveOAuthDir(
|
||||
env: NodeJS.ProcessEnv = process.env,
|
||||
stateDir: string = resolveStateDir(env, os.homedir),
|
||||
): string {
|
||||
const override = env.CLAWDBOT_OAUTH_DIR?.trim();
|
||||
if (override) return resolveUserPath(override);
|
||||
return path.join(stateDir, "credentials");
|
||||
}
|
||||
|
||||
export function resolveOAuthPath(
|
||||
env: NodeJS.ProcessEnv = process.env,
|
||||
stateDir: string = resolveStateDir(env, os.homedir),
|
||||
): string {
|
||||
return path.join(resolveOAuthDir(env, stateDir), OAUTH_FILENAME);
|
||||
}
|
||||
|
||||
export function resolveGatewayPort(
|
||||
cfg?: ClawdbotConfig,
|
||||
env: NodeJS.ProcessEnv = process.env,
|
||||
|
||||
Reference in New Issue
Block a user