summaryrefslogtreecommitdiffhomepage
path: root/packages/opencode/src/auth/index.ts
diff options
context:
space:
mode:
Diffstat (limited to 'packages/opencode/src/auth/index.ts')
-rw-r--r--packages/opencode/src/auth/index.ts99
1 files changed, 97 insertions, 2 deletions
diff --git a/packages/opencode/src/auth/index.ts b/packages/opencode/src/auth/index.ts
index 9174745fd..5b4b5120f 100644
--- a/packages/opencode/src/auth/index.ts
+++ b/packages/opencode/src/auth/index.ts
@@ -1,2 +1,97 @@
-export * as Auth from "./auth"
-export { OAUTH_DUMMY_KEY } from "./auth"
+import path from "path"
+import { Effect, Layer, Record, Result, Schema, Context } from "effect"
+import { zod } from "@/util/effect-zod"
+import { Global } from "../global"
+import { AppFileSystem } from "@opencode-ai/shared/filesystem"
+
+export const OAUTH_DUMMY_KEY = "opencode-oauth-dummy-key"
+
+const file = path.join(Global.Path.data, "auth.json")
+
+const fail = (message: string) => (cause: unknown) => new AuthError({ message, cause })
+
+export class Oauth extends Schema.Class<Oauth>("OAuth")({
+ type: Schema.Literal("oauth"),
+ refresh: Schema.String,
+ access: Schema.String,
+ expires: Schema.Number,
+ accountId: Schema.optional(Schema.String),
+ enterpriseUrl: Schema.optional(Schema.String),
+}) {}
+
+export class Api extends Schema.Class<Api>("ApiAuth")({
+ type: Schema.Literal("api"),
+ key: Schema.String,
+ metadata: Schema.optional(Schema.Record(Schema.String, Schema.String)),
+}) {}
+
+export class WellKnown extends Schema.Class<WellKnown>("WellKnownAuth")({
+ type: Schema.Literal("wellknown"),
+ key: Schema.String,
+ token: Schema.String,
+}) {}
+
+const _Info = Schema.Union([Oauth, Api, WellKnown]).annotate({ discriminator: "type", identifier: "Auth" })
+export const Info = Object.assign(_Info, { zod: zod(_Info) })
+export type Info = Schema.Schema.Type<typeof _Info>
+
+export class AuthError extends Schema.TaggedErrorClass<AuthError>()("AuthError", {
+ message: Schema.String,
+ cause: Schema.optional(Schema.Defect),
+}) {}
+
+export interface Interface {
+ readonly get: (providerID: string) => Effect.Effect<Info | undefined, AuthError>
+ readonly all: () => Effect.Effect<Record<string, Info>, AuthError>
+ readonly set: (key: string, info: Info) => Effect.Effect<void, AuthError>
+ readonly remove: (key: string) => Effect.Effect<void, AuthError>
+}
+
+export class Service extends Context.Service<Service, Interface>()("@opencode/Auth") {}
+
+export const layer = Layer.effect(
+ Service,
+ Effect.gen(function* () {
+ const fsys = yield* AppFileSystem.Service
+ const decode = Schema.decodeUnknownOption(Info)
+
+ const all = Effect.fn("Auth.all")(function* () {
+ if (process.env.OPENCODE_AUTH_CONTENT) {
+ try {
+ return JSON.parse(process.env.OPENCODE_AUTH_CONTENT)
+ } catch (err) {}
+ }
+
+ const data = (yield* fsys.readJson(file).pipe(Effect.orElseSucceed(() => ({})))) as Record<string, unknown>
+ return Record.filterMap(data, (value) => Result.fromOption(decode(value), () => undefined))
+ })
+
+ const get = Effect.fn("Auth.get")(function* (providerID: string) {
+ return (yield* all())[providerID]
+ })
+
+ const set = Effect.fn("Auth.set")(function* (key: string, info: Info) {
+ const norm = key.replace(/\/+$/, "")
+ const data = yield* all()
+ if (norm !== key) delete data[key]
+ delete data[norm + "/"]
+ yield* fsys
+ .writeJson(file, { ...data, [norm]: info }, 0o600)
+ .pipe(Effect.mapError(fail("Failed to write auth data")))
+ })
+
+ const remove = Effect.fn("Auth.remove")(function* (key: string) {
+ const norm = key.replace(/\/+$/, "")
+ const data = yield* all()
+ delete data[key]
+ delete data[norm]
+ yield* fsys.writeJson(file, data, 0o600).pipe(Effect.mapError(fail("Failed to write auth data")))
+ })
+
+ return Service.of({ get, all, set, remove })
+ }),
+)
+
+export const defaultLayer = layer.pipe(Layer.provide(AppFileSystem.defaultLayer))
+
+export * as Auth from "."