Documentation
¶
Index ¶
- Constants
- Variables
- func ChatGPTAccountID(token string) string
- func CodexHeaders(accessToken string) http.Header
- func ExpiresWithin(token string, skew time.Duration) bool
- func LabelFromJWT(token string, fallback string) string
- func MaxWaitDuration() time.Duration
- func PollForAuthorization(ctx context.Context, dc *DeviceCodeResponse) (authCode, codeVerifier string, err error)
- func VerificationURL() string
- type ConfigGetter
- type ConfigSaver
- type DeviceCodeResponse
- type Lease
- type Manager
- type PersistFn
- type Pool
- func (p *Pool) Acquire(ctx context.Context) (*Lease, error)
- func (p *Pool) AddCredential(cred models.CodexCredential) error
- func (p *Pool) Credentials() []models.CodexCredential
- func (p *Pool) RemoveCredential(id string) error
- func (p *Pool) SetPriority(id string, priority int) error
- func (p *Pool) UpdateCredentials(creds []models.CodexCredential)
- type TokenPair
Constants ¶
const ( StatusOK = "ok" StatusAuthFailed = "auth_failed" StatusRateLimited = "rate_limited" )
Variables ¶
var ( ErrReloginRequired = errors.New("codex: re-login required") ErrLoginTimeout = errors.New("codex: device login timed out") ErrNoCredentials = errors.New("codex: no healthy credentials available") ErrInvalidJWT = errors.New("codex: invalid JWT format") )
var CodexBaseURL = resolvedCodexBaseURL()
CodexBaseURL is the base URL for Codex Responses API requests. Override with DOWNLINK_CODEX_BASE_URL for testing or alternative deployments.
Functions ¶
func ChatGPTAccountID ¶
ChatGPTAccountID extracts the chatgpt_account_id from the nested auth claim.
func CodexHeaders ¶
CodexHeaders returns the Cloudflare-mitigation headers required for every request to chatgpt.com/backend-api/codex.
func ExpiresWithin ¶
ExpiresWithin returns true when the access token's exp claim falls within skew of now. Returns false (not-expiring) when exp is absent or the token cannot be decoded, so callers never panic on a bad token.
func LabelFromJWT ¶
LabelFromJWT extracts a human-readable label from the token payload.
func MaxWaitDuration ¶
MaxWaitDuration is the maximum time to wait for a device-code login.
func PollForAuthorization ¶
func PollForAuthorization(ctx context.Context, dc *DeviceCodeResponse) (authCode, codeVerifier string, err error)
PollForAuthorization polls until the user completes login or the deadline passes. Returns authorization_code and code_verifier on success.
func VerificationURL ¶
func VerificationURL() string
VerificationURL is the URL the user visits to complete the device-code login.
Types ¶
type ConfigGetter ¶
type ConfigGetter func() *models.ServerConfig
ConfigGetter returns the current in-memory config.
type ConfigSaver ¶
type ConfigSaver func(cfg *models.ServerConfig) error
ConfigSaver is the function the manager calls to atomically persist config.
type DeviceCodeResponse ¶
type DeviceCodeResponse struct {
UserCode string `json:"user_code"`
DeviceAuthID string `json:"device_auth_id"`
Interval flexInt `json:"interval"`
}
DeviceCodeResponse is returned by the usercode endpoint.
func RequestDeviceCode ¶
func RequestDeviceCode(ctx context.Context) (*DeviceCodeResponse, error)
RequestDeviceCode starts the device-code flow and returns the code to show the user.
type Lease ¶
type Lease struct {
CredID string
AccessToken string
Headers http.Header
// contains filtered or unexported fields
}
Lease is a handle to a live credential for a single LLM call. Call one of the Mark* methods when done to update the credential's health state.
func (*Lease) MarkAuthFailed ¶
func (*Lease) MarkRateLimited ¶
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager holds one Pool per openai-codex provider config entry and wires pool persistence back to config.json via the ConfigSaver.
func NewManager ¶
func NewManager(get ConfigGetter, save ConfigSaver) *Manager
NewManager creates a Manager and initialises pools from the current config.
func (*Manager) EnsurePool ¶
EnsurePool creates an empty pool for providerName if one doesn't exist yet.
type PersistFn ¶
type PersistFn func(creds []models.CodexCredential) error
PersistFn is called by the pool whenever credentials need to be persisted.
type Pool ¶
type Pool struct {
// contains filtered or unexported fields
}
Pool manages a set of CodexCredentials for one provider config entry.
func NewPool ¶
func NewPool(creds []models.CodexCredential, persist PersistFn) *Pool
NewPool creates a pool backed by the given credentials and persist function.
func (*Pool) Acquire ¶
Acquire picks the best available credential, refreshing its access token if needed, and returns a Lease. Returns ErrNoCredentials when all credentials are either rate-limited or auth-failed.
The mutex is released before any network I/O (token refresh) to avoid blocking all concurrent callers. After the refresh we re-acquire and re-verify before committing, a double-check latch.
func (*Pool) AddCredential ¶
func (p *Pool) AddCredential(cred models.CodexCredential) error
AddCredential appends a new credential and persists.
func (*Pool) Credentials ¶
func (p *Pool) Credentials() []models.CodexCredential
Credentials returns a snapshot of the current credential list.
func (*Pool) RemoveCredential ¶
RemoveCredential removes a credential by ID and persists.
func (*Pool) SetPriority ¶
SetPriority updates the priority of a credential by ID and persists.
func (*Pool) UpdateCredentials ¶
func (p *Pool) UpdateCredentials(creds []models.CodexCredential)
UpdateCredentials replaces the pool's credential set (e.g. after config reload).
type TokenPair ¶
TokenPair holds the access and refresh tokens.
func ExchangeCode ¶
ExchangeCode exchanges the authorization_code+code_verifier for OAuth tokens.