426e9eeabd
Voice Workbench / headless workbench (mocked backends) (push) Has been cancelled
Voice Workbench / real acoustic lane (nightly, provisioned only) (push) Has been cancelled
ci / test (push) Has been cancelled
ci / lint-and-format (push) Has been cancelled
ci / build (push) Has been cancelled
ci / dev-startup (push) Has been cancelled
gitleaks / gitleaks (push) Has been cancelled
Markdown Links / Relative Markdown Links (push) Has been cancelled
Quality (Extended) / Homepage Build (PR smoke) (push) Has been cancelled
Quality (Extended) / Comment-only diff guard (push) Has been cancelled
Quality (Extended) / Format + Type Safety Ratchet (push) Has been cancelled
Quality (Extended) / Develop Gate (secret scan + UI determinism) (push) Has been cancelled
Quality (Extended) / Develop Gate (lint) (push) Has been cancelled
Chat shell gestures / Chat shell gesture + parity e2e (push) Has been cancelled
Cloud Gateway Discord / Test (push) Has been cancelled
Benchmark Bridge Tests / benchmark (bunx @biomejs/biome check packages/lifeops-bench/src, benchmark-lint) (push) Has been cancelled
Benchmark Bridge Tests / benchmark (bunx vitest run --config packages/lifeops-bench/vitest.config.ts --root packages/lifeops-bench --passWithNoTests, benchmark-tests) (push) Has been cancelled
Build Agent Image / build-and-push (push) Has been cancelled
Dev Smoke / bun run dev onboarding chat (push) Has been cancelled
Dev Smoke / Vite HMR dependency-level smoke (push) Has been cancelled
Electrobun Submodule Guard / electrobun gitlink is fetchable (push) Has been cancelled
Publish @elizaos/example-code / check_npm (push) Has been cancelled
Publish @elizaos/example-code / publish_npm (push) Has been cancelled
Publish @elizaos/plugin-elizacloud / verify_version (push) Has been cancelled
Publish @elizaos/plugin-elizacloud / publish_npm (push) Has been cancelled
Sandbox Live Smoke / Sandbox live smoke (push) Has been cancelled
Snap Build & Test / Build Snap (amd64) (push) Has been cancelled
Snap Build & Test / Build Snap (arm64) (push) Has been cancelled
Test Packaging / elizaos CLI global-install smoke (node + bun) (push) Has been cancelled
Cloud Gateway Webhook / Test (push) Has been cancelled
Cloud Tests / lint-and-types (push) Has been cancelled
Cloud Tests / unit-tests (push) Has been cancelled
Cloud Tests / integration-tests (push) Has been cancelled
Cloud Tests / e2e-tests (push) Has been cancelled
CodeQL Advanced / Analyze (javascript-typescript) (push) Has been cancelled
Deploy Apps Worker (Product 2) / Determine environment (push) Has been cancelled
Deploy Apps Worker (Product 2) / Deploy apps worker to apps-control host (${{ needs.determine-env.outputs.environment }}) (push) Has been cancelled
Deploy Eliza Provisioning Worker / Determine environment (push) Has been cancelled
Deploy Eliza Provisioning Worker / Deploy worker to Hetzner host (${{ needs.determine-env.outputs.environment }} @ ${{ needs.determine-env.outputs.deployment_sha }}) (push) Has been cancelled
Dev Smoke / Classify changed paths (push) Has been cancelled
supply-chain / sbom (push) Has been cancelled
supply-chain / vulnerability-scan (push) Has been cancelled
Build, Push & Deploy to Phala Cloud / build-and-push (push) Has been cancelled
Test Packaging / Validate Packaging Configs (push) Has been cancelled
Test Packaging / Build & Test PyPI Package (push) Has been cancelled
Test Packaging / PyPI on Python ${{ matrix.python }} (push) Has been cancelled
Test Packaging / Pack & Test JS Tarballs (push) Has been cancelled
UI Fixture E2E / ui-fixture-e2e (push) Has been cancelled
UI Fixture E2E / fixture-e2e (push) Has been cancelled
UI Story Gate / story-gate (push) Has been cancelled
vault-ci / test (macos-latest) (push) Has been cancelled
vault-ci / test (ubuntu-latest) (push) Has been cancelled
vault-ci / test (windows-latest) (push) Has been cancelled
vault-ci / app-core wiring tests (push) Has been cancelled
verify-patches / verify patches/CHECKSUMS.sha256 (push) Has been cancelled
Voice Benchmark Smoke / voice-emotion fixture smoke (push) Has been cancelled
Voice Benchmark Smoke / voiceagentbench fixture smoke (push) Has been cancelled
Voice Benchmark Smoke / voicebench-quality unit smoke (push) Has been cancelled
Voice Benchmark Smoke / voicebench TypeScript unit (no audio) (push) Has been cancelled
Voice Benchmark Smoke / voice bench smoke summary (push) Has been cancelled
Windows CI / windows ([bun run --cwd packages/app-core test bun run --cwd packages/elizaos test bun run --cwd packages/cloud/shared test], app-and-cli) (push) Has been cancelled
Windows CI / windows ([bun run --cwd packages/scenario-runner test bun run --cwd packages/vault test bun run --cwd packages/security test bun run --cwd plugins/plugin-coding-tools test], framework-packages) (push) Has been cancelled
Windows CI / windows ([bun run --cwd plugins/plugin-elizacloud test bun run --cwd plugins/plugin-discord test bun run --cwd plugins/plugin-anthropic test bun run --cwd plugins/plugin-openai test bun run --cwd plugins/plugin-app-control test bun run --cwd plugins/pl… (push) Has been cancelled
Windows CI / windows ([node packages/scripts/run-turbo.mjs run build --filter=@elizaos/core --filter=@elizaos/shared --filter=@elizaos/agent --concurrency=4 node packages/scripts/run-bash-linux-only.mjs scripts/verify-riscv64-buildpaths.sh node packages/scripts/run… (push) Has been cancelled
Windows CI / windows ([node packages/scripts/run-turbo.mjs run typecheck --filter=@elizaos/core --filter=@elizaos/shared --filter=@elizaos/cloud-shared --concurrency=4 bun run --cwd packages/core test bun run --cwd packages/shared test], core-runtime, 75) (push) Has been cancelled
137 lines
4.7 KiB
JavaScript
137 lines
4.7 KiB
JavaScript
/**
|
|
* Interactive credential flows the console can drive end-to-end: the Eliza
|
|
* Cloud device-code login and a Google OAuth loopback flow. Everything else
|
|
* in the catalog is paste-a-token.
|
|
*
|
|
* Cloud login speaks the same protocol as ElizaCloudClient.startCliLogin /
|
|
* waitForCliLogin in packages/cloud/sdk/src/client.ts (POST
|
|
* /api/auth/cli-session, then poll /api/auth/cli-session/:id until
|
|
* `authenticated`), reimplemented over bare fetch so the console keeps zero
|
|
* workspace imports and works in a half-built checkout — protocol drift there
|
|
* is an API-versioning event, not a refactor hazard.
|
|
*
|
|
* The Google flow leans on the console being an HTTP server already: the
|
|
* redirect URI is the console's own /oauth/google/callback route, so no
|
|
* second loopback listener is needed. It requests offline access and returns
|
|
* a refresh token (GOOGLE_OAUTH_REFRESH_TOKEN) plus a fresh calendar access
|
|
* token (GOOGLE_CALENDAR_ACCESS_TOKEN) — the two vars the live suites gate on.
|
|
*/
|
|
|
|
import crypto from "node:crypto";
|
|
|
|
export const DEFAULT_CLOUD_BASE_URL = "https://elizacloud.ai";
|
|
|
|
const GOOGLE_AUTH_URL = "https://accounts.google.com/o/oauth2/v2/auth";
|
|
const GOOGLE_TOKEN_URL = "https://oauth2.googleapis.com/token";
|
|
const GOOGLE_SCOPES = [
|
|
"https://www.googleapis.com/auth/calendar",
|
|
"https://www.googleapis.com/auth/userinfo.email",
|
|
].join(" ");
|
|
|
|
/** Pending interactive flows keyed by opaque state token. */
|
|
const pendingFlows = new Map();
|
|
|
|
export async function startCloudLogin({
|
|
baseUrl = DEFAULT_CLOUD_BASE_URL,
|
|
} = {}) {
|
|
const response = await fetch(`${baseUrl}/api/auth/cli-session`, {
|
|
method: "POST",
|
|
headers: { "Content-Type": "application/json" },
|
|
body: JSON.stringify({ client: "eliza-test-console" }),
|
|
});
|
|
if (!response.ok) {
|
|
throw new Error(`cloud cli-session failed: HTTP ${response.status}`);
|
|
}
|
|
const { sessionId, browserUrl } = await response.json();
|
|
return { sessionId, browserUrl };
|
|
}
|
|
|
|
export async function pollCloudLogin({
|
|
sessionId,
|
|
baseUrl = DEFAULT_CLOUD_BASE_URL,
|
|
}) {
|
|
const response = await fetch(`${baseUrl}/api/auth/cli-session/${sessionId}`);
|
|
if (!response.ok) {
|
|
throw new Error(`cloud cli-session poll failed: HTTP ${response.status}`);
|
|
}
|
|
return response.json();
|
|
}
|
|
|
|
export function startGoogleFlow({ clientId, clientSecret, redirectUri }) {
|
|
const state = crypto.randomBytes(24).toString("hex");
|
|
pendingFlows.set(state, {
|
|
provider: "google",
|
|
clientId,
|
|
clientSecret,
|
|
redirectUri,
|
|
createdAt: Date.now(),
|
|
result: null,
|
|
});
|
|
// Flows are single-use and short-lived; sweep anything older than 10 min.
|
|
for (const [key, flow] of pendingFlows) {
|
|
if (Date.now() - flow.createdAt > 600_000) pendingFlows.delete(key);
|
|
}
|
|
const url = new URL(GOOGLE_AUTH_URL);
|
|
url.searchParams.set("client_id", clientId);
|
|
url.searchParams.set("redirect_uri", redirectUri);
|
|
url.searchParams.set("response_type", "code");
|
|
url.searchParams.set("scope", GOOGLE_SCOPES);
|
|
url.searchParams.set("access_type", "offline");
|
|
url.searchParams.set("prompt", "consent");
|
|
url.searchParams.set("state", state);
|
|
return { authorizeUrl: url.toString(), state };
|
|
}
|
|
|
|
export async function completeGoogleFlow({ state, code }) {
|
|
const flow = pendingFlows.get(state);
|
|
if (!flow) throw new Error("unknown or expired OAuth state");
|
|
pendingFlows.delete(state);
|
|
const body = new URLSearchParams({
|
|
client_id: flow.clientId,
|
|
client_secret: flow.clientSecret,
|
|
code,
|
|
grant_type: "authorization_code",
|
|
redirect_uri: flow.redirectUri,
|
|
});
|
|
const response = await fetch(GOOGLE_TOKEN_URL, {
|
|
method: "POST",
|
|
headers: { "Content-Type": "application/x-www-form-urlencoded" },
|
|
body: body.toString(),
|
|
});
|
|
const payload = await response.json();
|
|
if (!response.ok || !payload.access_token) {
|
|
throw new Error(
|
|
`google token exchange failed: HTTP ${response.status} ${JSON.stringify(payload).slice(0, 300)}`,
|
|
);
|
|
}
|
|
return {
|
|
refreshToken: payload.refresh_token ?? null,
|
|
accessToken: payload.access_token,
|
|
expiresIn: payload.expires_in,
|
|
};
|
|
}
|
|
|
|
/** Mint a fresh access token from a saved refresh token. */
|
|
export async function refreshGoogleAccessToken({
|
|
clientId,
|
|
clientSecret,
|
|
refreshToken,
|
|
}) {
|
|
const body = new URLSearchParams({
|
|
client_id: clientId,
|
|
client_secret: clientSecret,
|
|
refresh_token: refreshToken,
|
|
grant_type: "refresh_token",
|
|
});
|
|
const response = await fetch(GOOGLE_TOKEN_URL, {
|
|
method: "POST",
|
|
headers: { "Content-Type": "application/x-www-form-urlencoded" },
|
|
body: body.toString(),
|
|
});
|
|
const payload = await response.json();
|
|
if (!response.ok || !payload.access_token) {
|
|
throw new Error(`google refresh failed: HTTP ${response.status}`);
|
|
}
|
|
return { accessToken: payload.access_token, expiresIn: payload.expires_in };
|
|
}
|