zfc/sub2api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
sub2api/backend/internal/pkg/geminicli/constants.go
win 088a508e60
Some checks failed
CI / test (push) Failing after 1m33s
Details
CI / golangci-lint (push) Failing after 6s
Details
Security Scan / backend-security (push) Failing after 5s
Details
Security Scan / frontend-security (push) Failing after 6s
Details
fix: Gemini CLI 指纹全面修复 
- User-Agent: GeminiCLI/0.1.5 → GeminiCLI/0.33.1/{model} ({platform}; {arch})
  格式、版本、大小写全部对齐真实 Gemini CLI 0.33.1
- 新增 x-goog-api-client: gl-node/24.13.1 (匹配 google-auth-library DefaultTransporter)
- ideType: ANTIGRAVITY → IDE_UNSPECIFIED (修复身份泄露,真实 Gemini CLI 用 IDE_UNSPECIFIED)
- Token 交换/刷新: 添加 google-api-nodejs-client UA + x-goog-api-client
- 版本号可通过环境变量 GEMINI_CLI_VERSION 覆盖
2026-03-27 13:07:18 +08:00

100 lines
4.4 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Package geminicli provides helpers for interacting with Gemini CLI tools.
package geminicli
import (
"fmt"
"os"
"runtime"
"time"
)
const (
AIStudioBaseURL = "https://generativelanguage.googleapis.com"
GeminiCliBaseURL = "https://cloudcode-pa.googleapis.com"
AuthorizeURL = "https://accounts.google.com/o/oauth2/v2/auth"
TokenURL = "https://oauth2.googleapis.com/token"
// AIStudioOAuthRedirectURI is the default redirect URI used for AI Studio OAuth.
// This matches the "copy/paste callback URL" flow used by OpenAI OAuth in this project.
// Note: You still need to register this redirect URI in your Google OAuth client
// unless you use an OAuth client type that permits localhost redirect URIs.
AIStudioOAuthRedirectURI = "http://localhost:1455/auth/callback"
// DefaultScopes for Code Assist (includes cloud-platform for API access plus userinfo scopes)
// Required by Google's Code Assist API.
DefaultCodeAssistScopes = "https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"
// DefaultScopes for AI Studio (uses generativelanguage API with OAuth)
// Reference: https://ai.google.dev/gemini-api/docs/oauth
// For regular Google accounts, supports API calls to generativelanguage.googleapis.com
// Note: Google Auth platform currently documents the OAuth scope as
// https://www.googleapis.com/auth/generative-language.retriever (often with cloud-platform).
DefaultAIStudioScopes = "https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/generative-language.retriever"
// DefaultGoogleOneScopes (DEPRECATED, no longer used)
// Google One now always uses the built-in Gemini CLI client with DefaultCodeAssistScopes.
// This constant is kept for backward compatibility but is not actively used.
DefaultGoogleOneScopes = "https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/generative-language.retriever https://www.googleapis.com/auth/drive.readonly https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"
// GeminiCLIRedirectURI is the redirect URI used by Gemini CLI for Code Assist OAuth.
GeminiCLIRedirectURI = "https://codeassist.google.com/authcode"
// GeminiCLIOAuthClientID/Secret are the public OAuth client credentials used by Google Gemini CLI.
// They enable the "login without creating your own OAuth client" experience, but Google may
// restrict which scopes are allowed for this client.
GeminiCLIOAuthClientID = "681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com"
GeminiCLIOAuthClientSecret = "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"
// GeminiCLIOAuthClientSecretEnv is the environment variable name for the built-in client secret.
GeminiCLIOAuthClientSecretEnv = "GEMINI_CLI_OAUTH_CLIENT_SECRET"
SessionTTL = 30 * time.Minute
// GeminiCLIUserAgent 静态回退值(不含 model
// 优先使用 GetGeminiCLIUserAgent(model) 获取完整格式
GeminiCLIUserAgent = "GeminiCLI/0.33.1"
// FakeNodeVersion 模拟真实 Gemini CLI 的 Node.js 版本
// 用于 x-goog-api-client 和 token exchange User-Agent
FakeNodeVersion = "24.13.1"
// GoogleAuthLibraryUA 模拟 google-auth-library 的 User-Agent
// 真实 Gemini CLI token exchange 由 google-auth-library 发起
GoogleAuthLibraryUA = "google-api-nodejs-client"
)
// defaultGeminiCLIVersion 可通过环境变量 GEMINI_CLI_VERSION 覆盖
var defaultGeminiCLIVersion = "0.33.1"
func init() {
if v := os.Getenv("GEMINI_CLI_VERSION"); v != "" {
defaultGeminiCLIVersion = v
}
}
// GetGeminiCLIUserAgent 返回匹配真实 Gemini CLI 格式的 User-Agent
// 真实格式: GeminiCLI/{version}/{model} ({platform}; {arch})
// 示例: GeminiCLI/0.33.1/gemini-2.5-pro (darwin; arm64)
func GetGeminiCLIUserAgent(model ...string) string {
m := "unknown"
if len(model) > 0 && model[0] != "" {
m = model[0]
}
return fmt.Sprintf("GeminiCLI/%s/%s (%s; %s)",
defaultGeminiCLIVersion, m, runtime.GOOS, runtime.GOARCH)
}
// GetGeminiCLIGoogAPIClient 返回 x-goog-api-client 头的值
// 真实 Gemini CLI 通过 google-auth-library DefaultTransporter 自动注入:
// gl-node/{nodeVersion}
func GetGeminiCLIGoogAPIClient() string {
return fmt.Sprintf("gl-node/%s", FakeNodeVersion)
}
// GetGeminiCLITokenExchangeUA 返回 token exchange/refresh 时的 User-Agent
// 真实 Gemini CLI 使用 google-auth-library 发起 token 交换
func GetGeminiCLITokenExchangeUA() string {
return GoogleAuthLibraryUA
}
Reference in New Issue View Git Blame Copy Permalink