auth

package
v6.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 30, 2025 License: MIT Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ProviderRefreshLead 

func ProviderRefreshLead(provider string, runtime any) *time.Duration

func RegisterRefreshLeadProvider 

func RegisterRefreshLeadProvider(provider string, factory func() *time.Duration)

func SetQuotaCooldownDisabled added in v6.2.28 

func SetQuotaCooldownDisabled(disable bool)

SetQuotaCooldownDisabled toggles quota cooldown scheduling globally.

Types

type Auth 

type Auth struct {
	// ID uniquely identifies the auth record across restarts.
	ID string `json:"id"`
	// Provider is the upstream provider key (e.g. "gemini", "claude").
	Provider string `json:"provider"`
	// FileName stores the relative or absolute path of the backing auth file.
	FileName string `json:"-"`
	// Storage holds the token persistence implementation used during login flows.
	Storage baseauth.TokenStorage `json:"-"`
	// Label is an optional human readable label for logging.
	Label string `json:"label,omitempty"`
	// Status is the lifecycle status managed by the AuthManager.
	Status Status `json:"status"`
	// StatusMessage holds a short description for the current status.
	StatusMessage string `json:"status_message,omitempty"`
	// Disabled indicates the auth is intentionally disabled by operator.
	Disabled bool `json:"disabled"`
	// Unavailable flags transient provider unavailability (e.g. quota exceeded).
	Unavailable bool `json:"unavailable"`
	// ProxyURL overrides the global proxy setting for this auth if provided.
	ProxyURL string `json:"proxy_url,omitempty"`
	// Attributes stores provider specific metadata needed by executors (immutable configuration).
	Attributes map[string]string `json:"attributes,omitempty"`
	// Metadata stores runtime mutable provider state (e.g. tokens, cookies).
	Metadata map[string]any `json:"metadata,omitempty"`
	// Quota captures recent quota information for load balancers.
	Quota QuotaState `json:"quota"`
	// LastError stores the last failure encountered while executing or refreshing.
	LastError *Error `json:"last_error,omitempty"`
	// CreatedAt is the creation timestamp in UTC.
	CreatedAt time.Time `json:"created_at"`
	// UpdatedAt is the last modification timestamp in UTC.
	UpdatedAt time.Time `json:"updated_at"`
	// LastRefreshedAt records the last successful refresh time in UTC.
	LastRefreshedAt time.Time `json:"last_refreshed_at"`
	// NextRefreshAfter is the earliest time a refresh should retrigger.
	NextRefreshAfter time.Time `json:"next_refresh_after"`
	// NextRetryAfter is the earliest time a retry should retrigger.
	NextRetryAfter time.Time `json:"next_retry_after"`
	// ModelStates tracks per-model runtime availability data.
	ModelStates map[string]*ModelState `json:"model_states,omitempty"`

	// Runtime carries non-serialisable data used during execution (in-memory only).
	Runtime any `json:"-"`
}

Auth encapsulates the runtime state and metadata associated with a single credential.

func (*Auth) AccountInfo 

func (a *Auth) AccountInfo() (string, string)

func (*Auth) Clone 

func (a *Auth) Clone() *Auth

Clone shallow copies the Auth structure, duplicating maps to avoid accidental mutation.

func (*Auth) ExpirationTime 

func (a *Auth) ExpirationTime() (time.Time, bool)

ExpirationTime attempts to extract the credential expiration timestamp from metadata. It inspects common keys such as "expired", "expire", "expires_at", and also nested "token" objects to remain compatible with legacy auth file formats.

type Error 

type Error struct {
	// Code is a short machine readable identifier.
	Code string `json:"code,omitempty"`
	// Message is a human readable description of the failure.
	Message string `json:"message"`
	// Retryable indicates whether a retry might fix the issue automatically.
	Retryable bool `json:"retryable"`
	// HTTPStatus optionally records an HTTP-like status code for the error.
	HTTPStatus int `json:"http_status,omitempty"`
}

Error describes an authentication related failure in a provider agnostic format.

func (*Error) Error 

func (e *Error) Error() string

Error implements the error interface.

func (*Error) StatusCode 

func (e *Error) StatusCode() int

StatusCode implements optional status accessor for manager decision making.

type Hook 

type Hook interface {
	// OnAuthRegistered fires when a new auth is registered.
	OnAuthRegistered(ctx context.Context, auth *Auth)
	// OnAuthUpdated fires when an existing auth changes state.
	OnAuthUpdated(ctx context.Context, auth *Auth)
	// OnResult fires when execution result is recorded.
	OnResult(ctx context.Context, result Result)
}

Hook captures lifecycle callbacks for observing auth changes.

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager orchestrates auth lifecycle, selection, execution, and persistence.

func NewManager 

func NewManager(store Store, selector Selector, hook Hook) *Manager

NewManager constructs a manager with optional custom selector and hook.

func (*Manager) Execute 

func (m *Manager) Execute(ctx context.Context, providers []string, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error)

Execute performs a non-streaming execution using the configured selector and executor. It supports multiple providers for the same model and round-robins the starting provider per model.

func (*Manager) ExecuteCount 

func (m *Manager) ExecuteCount(ctx context.Context, providers []string, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error)

ExecuteCount performs a non-streaming execution using the configured selector and executor. It supports multiple providers for the same model and round-robins the starting provider per model.

func (*Manager) ExecuteStream 

func (m *Manager) ExecuteStream(ctx context.Context, providers []string, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (<-chan cliproxyexecutor.StreamChunk, error)

ExecuteStream performs a streaming execution using the configured selector and executor. It supports multiple providers for the same model and round-robins the starting provider per model.

func (*Manager) GetByID 

func (m *Manager) GetByID(id string) (*Auth, bool)

func (*Manager) InjectCredentials 

func (m *Manager) InjectCredentials(req *http.Request, authID string) error

InjectCredentials delegates per-provider HTTP request preparation when supported. If the registered executor for the auth provider implements RequestPreparer, it will be invoked to modify the request (e.g., add headers).

func (*Manager) List 

func (m *Manager) List() []*Auth

List returns all auth entries currently known by the manager.

func (*Manager) Load 

func (m *Manager) Load(ctx context.Context) error

Load resets manager state from the backing store.

func (*Manager) MarkResult 

func (m *Manager) MarkResult(ctx context.Context, result Result)

MarkResult records an execution result and notifies hooks.

func (*Manager) Register 

func (m *Manager) Register(ctx context.Context, auth *Auth) (*Auth, error)

Register inserts a new auth entry into the manager.

func (*Manager) RegisterExecutor 

func (m *Manager) RegisterExecutor(executor ProviderExecutor)

RegisterExecutor registers a provider executor with the manager.

func (*Manager) SetRoundTripperProvider 

func (m *Manager) SetRoundTripperProvider(p RoundTripperProvider)

SetRoundTripperProvider register a provider that returns a per-auth RoundTripper.

func (*Manager) SetStore 

func (m *Manager) SetStore(store Store)

SetStore swaps the underlying persistence store.

func (*Manager) StartAutoRefresh 

func (m *Manager) StartAutoRefresh(parent context.Context, interval time.Duration)

StartAutoRefresh launches a background loop that evaluates auth freshness every few seconds and triggers refresh operations when required. Only one loop is kept alive; starting a new one cancels the previous run.

func (*Manager) StopAutoRefresh 

func (m *Manager) StopAutoRefresh()

StopAutoRefresh cancels the background refresh loop, if running.

func (*Manager) UnregisterExecutor added in v6.2.33 

func (m *Manager) UnregisterExecutor(provider string)

UnregisterExecutor removes the executor associated with the provider key.

func (*Manager) Update 

func (m *Manager) Update(ctx context.Context, auth *Auth) (*Auth, error)

Update replaces an existing auth entry and notifies hooks.

type ModelState 

type ModelState struct {
	// Status reflects the lifecycle status for this model.
	Status Status `json:"status"`
	// StatusMessage provides an optional short description of the status.
	StatusMessage string `json:"status_message,omitempty"`
	// Unavailable mirrors whether the model is temporarily blocked for retries.
	Unavailable bool `json:"unavailable"`
	// NextRetryAfter defines the per-model retry time.
	NextRetryAfter time.Time `json:"next_retry_after"`
	// LastError records the latest error observed for this model.
	LastError *Error `json:"last_error,omitempty"`
	// Quota retains quota information if this model hit rate limits.
	Quota QuotaState `json:"quota"`
	// UpdatedAt tracks the last update timestamp for this model state.
	UpdatedAt time.Time `json:"updated_at"`
}

ModelState captures the execution state for a specific model under an auth entry.

func (*ModelState) Clone 

func (m *ModelState) Clone() *ModelState

Clone duplicates a model state including nested error details.

type NoopHook 

type NoopHook struct{}

NoopHook provides optional hook defaults.

func (NoopHook) OnAuthRegistered 

func (NoopHook) OnAuthRegistered(context.Context, *Auth)

OnAuthRegistered implements Hook.

func (NoopHook) OnAuthUpdated 

func (NoopHook) OnAuthUpdated(context.Context, *Auth)

OnAuthUpdated implements Hook.

func (NoopHook) OnResult 

func (NoopHook) OnResult(context.Context, Result)

OnResult implements Hook.

type ProviderExecutor 

type ProviderExecutor interface {
	// Identifier returns the provider key handled by this executor.
	Identifier() string
	// Execute handles non-streaming execution and returns the provider response payload.
	Execute(ctx context.Context, auth *Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error)
	// ExecuteStream handles streaming execution and returns a channel of provider chunks.
	ExecuteStream(ctx context.Context, auth *Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (<-chan cliproxyexecutor.StreamChunk, error)
	// Refresh attempts to refresh provider credentials and returns the updated auth state.
	Refresh(ctx context.Context, auth *Auth) (*Auth, error)
	// CountTokens returns the token count for the given request.
	CountTokens(ctx context.Context, auth *Auth, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, error)
}

ProviderExecutor defines the contract required by Manager to execute provider calls.

type QuotaState 

type QuotaState struct {
	// Exceeded indicates the credential recently hit a quota error.
	Exceeded bool `json:"exceeded"`
	// Reason provides an optional provider specific human readable description.
	Reason string `json:"reason,omitempty"`
	// NextRecoverAt is when the credential may become available again.
	NextRecoverAt time.Time `json:"next_recover_at"`
	// BackoffLevel stores the progressive cooldown exponent used for rate limits.
	BackoffLevel int `json:"backoff_level,omitempty"`
}

QuotaState contains limiter tracking data for a credential.

type RefreshEvaluator 

type RefreshEvaluator interface {
	ShouldRefresh(now time.Time, auth *Auth) bool
}

RefreshEvaluator allows runtime state to override refresh decisions.

type RequestPreparer 

type RequestPreparer interface {
	PrepareRequest(req *http.Request, auth *Auth) error
}

RequestPreparer is an optional interface that provider executors can implement to mutate outbound HTTP requests with provider credentials.

type Result 

type Result struct {
	// AuthID references the auth that produced this result.
	AuthID string
	// Provider is copied for convenience when emitting hooks.
	Provider string
	// Model is the upstream model identifier used for the request.
	Model string
	// Success marks whether the execution succeeded.
	Success bool
	// Error describes the failure when Success is false.
	Error *Error
}

Result captures execution outcome used to adjust auth state.

type RoundRobinSelector 

type RoundRobinSelector struct {
	// contains filtered or unexported fields
}

RoundRobinSelector provides a simple provider scoped round-robin selection strategy.

func (*RoundRobinSelector) Pick 

func (s *RoundRobinSelector) Pick(ctx context.Context, provider, model string, opts cliproxyexecutor.Options, auths []*Auth) (*Auth, error)

Pick selects the next available auth for the provider in a round-robin manner.

type RoundTripperProvider 

type RoundTripperProvider interface {
	RoundTripperFor(auth *Auth) http.RoundTripper
}

RoundTripperProvider defines a minimal provider of per-auth HTTP transports.

type Selector 

type Selector interface {
	Pick(ctx context.Context, provider, model string, opts cliproxyexecutor.Options, auths []*Auth) (*Auth, error)
}

Selector chooses an auth candidate for execution.

type Status 

type Status string

Status represents the lifecycle state of an Auth entry. 

const (
	// StatusUnknown means the auth state could not be determined.
	StatusUnknown Status = "unknown"
	// StatusActive indicates the auth is valid and ready for execution.
	StatusActive Status = "active"
	// StatusPending indicates the auth is waiting for an external action, such as MFA.
	StatusPending Status = "pending"
	// StatusRefreshing indicates the auth is undergoing a refresh flow.
	StatusRefreshing Status = "refreshing"
	// StatusError indicates the auth is temporarily unavailable due to errors.
	StatusError Status = "error"
	// StatusDisabled marks the auth as intentionally disabled.
	StatusDisabled Status = "disabled"
)

type Store 

type Store interface {
	// List returns all auth records stored in the backend.
	List(ctx context.Context) ([]*Auth, error)
	// Save persists the provided auth record, replacing any existing one with same ID.
	Save(ctx context.Context, auth *Auth) (string, error)
	// Delete removes the auth record identified by id.
	Delete(ctx context.Context, id string) error
}

Store abstracts persistence of Auth state across restarts.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.