mirror of
https://github.com/openai/codex.git
synced 2026-05-02 12:21:26 +03:00
6fff9955f1
## Summary - split `models-manager` out of `core` and add `ModelsManagerConfig` plus `Config::to_models_manager_config()` so model metadata paths stop depending on `core::Config` - move login-owned/auth-owned code out of `core` into `codex-login`, move model provider config into `codex-model-provider-info`, move API bridge mapping into `codex-api`, move protocol-owned types/impls into `codex-protocol`, and move response debug helpers into a dedicated `response-debug-context` crate - move feedback tag emission into `codex-feedback`, relocate tests to the crates that now own the code, and keep broad temporary re-exports so this PR avoids a giant import-only rewrite ## Major moves and decisions - created `codex-models-manager` as the owner for model cache/catalog/config/model info logic, including the new `ModelsManagerConfig` struct - created `codex-model-provider-info` as the owner for provider config parsing/defaults and kept temporary `codex-login`/`codex-core` re-exports for old import paths - moved `api_bridge` error mapping + `CoreAuthProvider` into `codex-api`, while `codex-login::api_bridge` temporarily re-exports those symbols and keeps the `auth_provider_from_auth` wrapper - moved `auth_env_telemetry` and `provider_auth` ownership to `codex-login` - moved `CodexErr` ownership to `codex-protocol::error`, plus `StreamOutput`, `bytes_to_string_smart`, and network policy helpers to protocol-owned modules - created `codex-response-debug-context` for `extract_response_debug_context`, `telemetry_transport_error_message`, and related response-debug plumbing instead of leaving that behavior in `core` - moved `FeedbackRequestTags`, `emit_feedback_request_tags`, and `emit_feedback_request_tags_with_auth_env` to `codex-feedback` - deferred removal of temporary re-exports and the mechanical import rewrites to a stacked follow-up PR so this PR stays reviewable ## Test moves - moved auth refresh coverage from `core/tests/suite/auth_refresh.rs` to `login/tests/suite/auth_refresh.rs` - moved text encoding coverage from `core/tests/suite/text_encoding_fix.rs` to `protocol/src/exec_output_tests.rs` - moved model info override coverage from `core/tests/suite/model_info_overrides.rs` to `models-manager/src/model_info_overrides_tests.rs` --------- Co-authored-by: Codex <noreply@openai.com>
171 lines
5.0 KiB
Rust
171 lines
5.0 KiB
Rust
use base64::Engine;
|
|
use chrono::DateTime;
|
|
use chrono::Utc;
|
|
use codex_protocol::auth::PlanType;
|
|
use serde::Deserialize;
|
|
use serde::Serialize;
|
|
use serde::de::DeserializeOwned;
|
|
use thiserror::Error;
|
|
|
|
#[derive(Deserialize, Serialize, Clone, Debug, PartialEq, Default)]
|
|
pub struct TokenData {
|
|
/// Flat info parsed from the JWT in auth.json.
|
|
#[serde(
|
|
deserialize_with = "deserialize_id_token",
|
|
serialize_with = "serialize_id_token"
|
|
)]
|
|
pub id_token: IdTokenInfo,
|
|
|
|
/// This is a JWT.
|
|
pub access_token: String,
|
|
|
|
pub refresh_token: String,
|
|
|
|
pub account_id: Option<String>,
|
|
}
|
|
|
|
/// Flat subset of useful claims in id_token from auth.json.
|
|
#[derive(Debug, Clone, PartialEq, Eq, Default, Serialize, Deserialize)]
|
|
pub struct IdTokenInfo {
|
|
pub email: Option<String>,
|
|
/// The ChatGPT subscription plan type
|
|
/// (e.g., "free", "plus", "pro", "business", "enterprise", "edu").
|
|
/// (Note: values may vary by backend.)
|
|
pub chatgpt_plan_type: Option<PlanType>,
|
|
/// ChatGPT user identifier associated with the token, if present.
|
|
pub chatgpt_user_id: Option<String>,
|
|
/// Organization/workspace identifier associated with the token, if present.
|
|
pub chatgpt_account_id: Option<String>,
|
|
pub raw_jwt: String,
|
|
}
|
|
|
|
impl IdTokenInfo {
|
|
pub fn get_chatgpt_plan_type(&self) -> Option<String> {
|
|
self.chatgpt_plan_type.as_ref().map(|t| match t {
|
|
PlanType::Known(plan) => plan.display_name().to_string(),
|
|
PlanType::Unknown(s) => s.clone(),
|
|
})
|
|
}
|
|
|
|
pub fn get_chatgpt_plan_type_raw(&self) -> Option<String> {
|
|
self.chatgpt_plan_type.as_ref().map(|t| match t {
|
|
PlanType::Known(plan) => plan.raw_value().to_string(),
|
|
PlanType::Unknown(s) => s.clone(),
|
|
})
|
|
}
|
|
|
|
pub fn is_workspace_account(&self) -> bool {
|
|
matches!(
|
|
self.chatgpt_plan_type,
|
|
Some(PlanType::Known(plan)) if plan.is_workspace_account()
|
|
)
|
|
}
|
|
}
|
|
|
|
#[derive(Deserialize)]
|
|
struct IdClaims {
|
|
#[serde(default)]
|
|
email: Option<String>,
|
|
#[serde(rename = "https://api.openai.com/profile", default)]
|
|
profile: Option<ProfileClaims>,
|
|
#[serde(rename = "https://api.openai.com/auth", default)]
|
|
auth: Option<AuthClaims>,
|
|
}
|
|
|
|
#[derive(Deserialize)]
|
|
struct ProfileClaims {
|
|
#[serde(default)]
|
|
email: Option<String>,
|
|
}
|
|
|
|
#[derive(Deserialize)]
|
|
struct AuthClaims {
|
|
#[serde(default)]
|
|
chatgpt_plan_type: Option<PlanType>,
|
|
#[serde(default)]
|
|
chatgpt_user_id: Option<String>,
|
|
#[serde(default)]
|
|
user_id: Option<String>,
|
|
#[serde(default)]
|
|
chatgpt_account_id: Option<String>,
|
|
}
|
|
|
|
#[derive(Deserialize)]
|
|
struct StandardJwtClaims {
|
|
#[serde(default)]
|
|
exp: Option<i64>,
|
|
}
|
|
|
|
#[derive(Debug, Error)]
|
|
pub enum IdTokenInfoError {
|
|
#[error("invalid ID token format")]
|
|
InvalidFormat,
|
|
#[error(transparent)]
|
|
Base64(#[from] base64::DecodeError),
|
|
#[error(transparent)]
|
|
Json(#[from] serde_json::Error),
|
|
}
|
|
|
|
fn decode_jwt_payload<T: DeserializeOwned>(jwt: &str) -> Result<T, IdTokenInfoError> {
|
|
// JWT format: header.payload.signature
|
|
let mut parts = jwt.split('.');
|
|
let (_header_b64, payload_b64, _sig_b64) = match (parts.next(), parts.next(), parts.next()) {
|
|
(Some(h), Some(p), Some(s)) if !h.is_empty() && !p.is_empty() && !s.is_empty() => (h, p, s),
|
|
_ => return Err(IdTokenInfoError::InvalidFormat),
|
|
};
|
|
|
|
let payload_bytes = base64::engine::general_purpose::URL_SAFE_NO_PAD.decode(payload_b64)?;
|
|
let claims = serde_json::from_slice(&payload_bytes)?;
|
|
Ok(claims)
|
|
}
|
|
|
|
pub fn parse_jwt_expiration(jwt: &str) -> Result<Option<DateTime<Utc>>, IdTokenInfoError> {
|
|
let claims: StandardJwtClaims = decode_jwt_payload(jwt)?;
|
|
Ok(claims
|
|
.exp
|
|
.and_then(|exp| DateTime::<Utc>::from_timestamp(exp, 0)))
|
|
}
|
|
|
|
pub fn parse_chatgpt_jwt_claims(jwt: &str) -> Result<IdTokenInfo, IdTokenInfoError> {
|
|
let claims: IdClaims = decode_jwt_payload(jwt)?;
|
|
let email = claims
|
|
.email
|
|
.or_else(|| claims.profile.and_then(|profile| profile.email));
|
|
|
|
match claims.auth {
|
|
Some(auth) => Ok(IdTokenInfo {
|
|
email,
|
|
raw_jwt: jwt.to_string(),
|
|
chatgpt_plan_type: auth.chatgpt_plan_type,
|
|
chatgpt_user_id: auth.chatgpt_user_id.or(auth.user_id),
|
|
chatgpt_account_id: auth.chatgpt_account_id,
|
|
}),
|
|
None => Ok(IdTokenInfo {
|
|
email,
|
|
raw_jwt: jwt.to_string(),
|
|
chatgpt_plan_type: None,
|
|
chatgpt_user_id: None,
|
|
chatgpt_account_id: None,
|
|
}),
|
|
}
|
|
}
|
|
|
|
fn deserialize_id_token<'de, D>(deserializer: D) -> Result<IdTokenInfo, D::Error>
|
|
where
|
|
D: serde::Deserializer<'de>,
|
|
{
|
|
let s = String::deserialize(deserializer)?;
|
|
parse_chatgpt_jwt_claims(&s).map_err(serde::de::Error::custom)
|
|
}
|
|
|
|
fn serialize_id_token<S>(id_token: &IdTokenInfo, serializer: S) -> Result<S::Ok, S::Error>
|
|
where
|
|
S: serde::Serializer,
|
|
{
|
|
serializer.serialize_str(&id_token.raw_jwt)
|
|
}
|
|
|
|
#[cfg(test)]
|
|
#[path = "token_data_tests.rs"]
|
|
mod tests;
|