openclaw/gogcli
openclaw/gogcli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity
feature/sheets-format-command
gogcli/internal/googleapi/client.go

136 lines
3.8 KiB
Go
Raw Permalink Blame History

package googleapi
import (
"context"
"crypto/tls"
"errors"
"fmt"
"log/slog"
"net/http"
"time"
"github.com/99designs/keyring"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
"google.golang.org/api/option"
"github.com/steipete/gogcli/internal/config"
"github.com/steipete/gogcli/internal/googleauth"
"github.com/steipete/gogcli/internal/secrets"
)
const defaultHTTPTimeout = 30 * time.Second
var (
readClientCredentials = config.ReadClientCredentials
openSecretsStore = secrets.OpenDefault
)
func tokenSourceForAccount(ctx context.Context, service googleauth.Service, email string) (oauth2.TokenSource, error) {
var creds config.ClientCredentials
if c, err := readClientCredentials(); err != nil {
return nil, fmt.Errorf("read credentials: %w", err)
} else {
creds = c
}
var requiredScopes []string
if scopes, err := googleauth.Scopes(service); err != nil {
return nil, fmt.Errorf("resolve scopes: %w", err)
} else {
requiredScopes = scopes
}
return tokenSourceForAccountScopes(ctx, string(service), email, creds.ClientID, creds.ClientSecret, requiredScopes)
}
func tokenSourceForAccountScopes(ctx context.Context, serviceLabel string, email string, clientID string, clientSecret string, requiredScopes []string) (oauth2.TokenSource, error) {
var store secrets.Store
if s, err := openSecretsStore(); err != nil {
return nil, fmt.Errorf("open secrets store: %w", err)
} else {
store = s
}
var tok secrets.Token
if t, err := store.GetToken(email); err != nil {
if errors.Is(err, keyring.ErrKeyNotFound) {
return nil, &AuthRequiredError{Service: serviceLabel, Email: email, Cause: err}
}
return nil, fmt.Errorf("get token for %s: %w", email, err)
} else {
tok = t
}
cfg := oauth2.Config{
ClientID: clientID,
ClientSecret: clientSecret,
Endpoint: google.Endpoint,
Scopes: requiredScopes,
}
// Ensure refresh-token exchanges don't hang forever.
ctx = context.WithValue(ctx, oauth2.HTTPClient, &http.Client{Timeout: defaultHTTPTimeout})
return cfg.TokenSource(ctx, &oauth2.Token{RefreshToken: tok.RefreshToken}), nil
}
func optionsForAccount(ctx context.Context, service googleauth.Service, email string) ([]option.ClientOption, error) {
scopes, err := googleauth.Scopes(service)
if err != nil {
return nil, fmt.Errorf("resolve scopes: %w", err)
}
return optionsForAccountScopes(ctx, string(service), email, scopes)
}
func optionsForAccountScopes(ctx context.Context, serviceLabel string, email string, scopes []string) ([]option.ClientOption, error) {
slog.Debug("creating client options with custom scopes", "serviceLabel", serviceLabel, "email", email)
var creds config.ClientCredentials
var ts oauth2.TokenSource
if serviceAccountTS, saPath, ok, err := tokenSourceForServiceAccountScopes(ctx, email, scopes); err != nil {
return nil, fmt.Errorf("service account token source: %w", err)
} else if ok {
slog.Debug("using service account credentials", "email", email, "path", saPath)
ts = serviceAccountTS
} else {
if c, err := readClientCredentials(); err != nil {
return nil, fmt.Errorf("read credentials: %w", err)
} else {
creds = c
}
if tokenSource, err := tokenSourceForAccountScopes(ctx, serviceLabel, email, creds.ClientID, creds.ClientSecret, scopes); err != nil {
return nil, fmt.Errorf("token source: %w", err)
} else {
ts = tokenSource
}
}
baseTransport := &http.Transport{
TLSClientConfig: &tls.Config{
MinVersion: tls.VersionTLS12,
},
}
// Wrap with retry logic for 429 and 5xx errors
retryTransport := NewRetryTransport(&oauth2.Transport{
Source: ts,
Base: baseTransport,
})
c := &http.Client{
Transport: retryTransport,
Timeout: defaultHTTPTimeout,
}
slog.Debug("client options with custom scopes created successfully", "serviceLabel", serviceLabel, "email", email)
return []option.ClientOption{option.WithHTTPClient(c)}, nil
}
Reference in New Issue View Git Blame Copy Permalink