Refactor authentication system to consolidate auth flow and remove provider-based commands

🤖 Generated with [OpenCode](https://opencode.ai) Co-Authored-By: OpenCode <noreply@opencode.ai>
2026-03-31 06:12:26 +00:00 · 2025-06-11 00:21:46 -04:00
parent b8e7d06356
commit 83eb61fd5f
12 changed files with 312 additions and 239 deletions
--- a/packages/opencode/src/auth/anthropic.ts
+++ b/packages/opencode/src/auth/anthropic.ts
@@ -1,13 +1,10 @@
 import { generatePKCE } from "@openauthjs/openauth/pkce"
-import { Global } from "../global"
-import path from "path"
 import fs from "fs/promises"
+import { Auth } from "./index"

 export namespace AuthAnthropic {
  const CLIENT_ID = "9d1c250a-e61b-44d9-88ed-5944d1962f5e"

-  const filepath = path.join(Global.Path.data, "auth", "anthropic.json")
-
  export async function authorize() {
    const pkce = await generatePKCE()
    const url = new URL("https://claude.ai/oauth/authorize", import.meta.url)
@@ -48,16 +45,17 @@ export namespace AuthAnthropic {
      }),
    })
    if (!result.ok) throw new ExchangeFailed()
-    const file = Bun.file(filepath)
-    await Bun.write(file, result)
-    await fs.chmod(file.name!, 0o600)
+    const json = await result.json()
+    await Auth.set("anthropic", {
+      type: "oauth",
+      refresh: json.refresh_token as string,
+      expires: Date.now() + json.expires_in * 1000,
+    })
  }

  export async function access() {
-    const file = Bun.file(filepath)
-    const result = await file.json().catch(() => ({}))
-    if (!result) return
-    const refresh = result.refresh_token
+    const info = await Auth.get("anthropic")
+    if (!info || info.type !== "oauth") return
    const response = await fetch(
      "https://console.anthropic.com/v1/oauth/token",
      {
@@ -67,14 +65,18 @@ export namespace AuthAnthropic {
        },
        body: JSON.stringify({
          grant_type: "refresh_token",
-          refresh_token: refresh,
+          refresh_token: info.refresh,
          client_id: CLIENT_ID,
        }),
      },
    )
    if (!response.ok) return
    const json = await response.json()
-    await Bun.write(file, JSON.stringify(json))
+    await Auth.set("anthropic", {
+      type: "oauth",
+      refresh: json.refresh_token as string,
+      expires: Date.now() + json.expires_in * 1000,
+    })
    return json.access_token as string
  }

--- a/packages/opencode/src/auth/index.ts
+++ b/packages/opencode/src/auth/index.ts
@@ -0,0 +1,50 @@
+import path from "path"
+import { Global } from "../global"
+import fs from "fs/promises"
+import { z } from "zod"
+
+export namespace Auth {
+  export const Oauth = z.object({
+    type: z.literal("oauth"),
+    refresh: z.string(),
+    expires: z.number(),
+  })
+
+  export const Api = z.object({
+    type: z.literal("api"),
+    key: z.string(),
+  })
+
+  export const Info = z.discriminatedUnion("type", [Oauth, Api])
+  export type Info = z.infer<typeof Info>
+
+  const filepath = path.join(Global.Path.data, "auth.json")
+
+  export async function get(providerID: string) {
+    const file = Bun.file(filepath)
+    return file
+      .json()
+      .catch(() => ({}))
+      .then((x) => x[providerID] as Info | undefined)
+  }
+
+  export async function all(): Promise<Record<string, Info>> {
+    const file = Bun.file(filepath)
+    return file.json().catch(() => ({}))
+  }
+
+  export async function set(key: string, info: Info) {
+    const file = Bun.file(filepath)
+    const data = await all()
+    await Bun.write(file, JSON.stringify({ ...data, [key]: info }, null, 2))
+    await fs.chmod(file.name!, 0o600)
+  }
+
+  export async function remove(key: string) {
+    const file = Bun.file(filepath)
+    const data = await all()
+    delete data[key]
+    await Bun.write(file, JSON.stringify(data, null, 2))
+    await fs.chmod(file.name!, 0o600)
+  }
+}
--- a/packages/opencode/src/auth/keys.ts
+++ b/packages/opencode/src/auth/keys.ts
@@ -1,22 +0,0 @@
-import path from "path"
-import { Global } from "../global"
-import fs from "fs/promises"
-
-export namespace AuthKeys {
-  const filepath = path.join(Global.Path.data, "auth", "keys.json")
-
-  export async function get() {
-    const file = Bun.file(filepath)
-    return file
-      .json()
-      .catch(() => ({}))
-      .then((x) => x as Record<string, string>)
-  }
-
-  export async function set(key: string, value: string) {
-    const file = Bun.file(filepath)
-    const env = await get()
-    await Bun.write(file, JSON.stringify({ ...env, [key]: value }))
-    await fs.chmod(file.name!, 0o600)
-  }
-}