fix providers

Author: jaberjaber23

Cargo.lock

@@ -18,7 +18,7 @@ members = [
 ]
 
 [workspace.package]
-version = "0.2.1"
+version = "0.2.2"
 edition = "2021"
 license = "Apache-2.0 OR MIT"
 repository = "https://github.com/RightNow-AI/openfang"

Cargo.toml

@@ -109,6 +109,7 @@ pub async fn auth(
         || path == "/api/integrations/available"
         || path == "/api/integrations/health"
         || path.starts_with("/api/cron/")
+        || path.starts_with("/api/providers/github-copilot/oauth/")
     {
         return next.run(request).await;
     }

crates/openfang-api/src/middleware.rs

@@ -8703,3 +8703,153 @@ fn validate_webhook_token(headers: &axum::http::HeaderMap, token_env: &str) -> b
     }
     provided.as_bytes().ct_eq(expected.as_bytes()).into()
 }
+
+// ══════════════════════════════════════════════════════════════════════
+// GitHub Copilot OAuth Device Flow
+// ══════════════════════════════════════════════════════════════════════
+
+/// State for an in-progress device flow.
+struct CopilotFlowState {
+    device_code: String,
+    interval: u64,
+    expires_at: Instant,
+}
+
+/// Active device flows, keyed by poll_id. Auto-expire after the flow's TTL.
+static COPILOT_FLOWS: LazyLock<DashMap<String, CopilotFlowState>> = LazyLock::new(DashMap::new);
+
+/// POST /api/providers/github-copilot/oauth/start
+///
+/// Initiates a GitHub device flow for Copilot authentication.
+/// Returns a user code and verification URI that the user visits in their browser.
+pub async fn copilot_oauth_start() -> impl IntoResponse {
+    // Clean up expired flows first
+    COPILOT_FLOWS.retain(|_, state| state.expires_at > Instant::now());
+
+    match openfang_runtime::copilot_oauth::start_device_flow().await {
+        Ok(resp) => {
+            let poll_id = uuid::Uuid::new_v4().to_string();
+
+            COPILOT_FLOWS.insert(
+                poll_id.clone(),
+                CopilotFlowState {
+                    device_code: resp.device_code,
+                    interval: resp.interval,
+                    expires_at: Instant::now()
+                        + std::time::Duration::from_secs(resp.expires_in),
+                },
+            );
+
+            (
+                StatusCode::OK,
+                Json(serde_json::json!({
+                    "user_code": resp.user_code,
+                    "verification_uri": resp.verification_uri,
+                    "poll_id": poll_id,
+                    "expires_in": resp.expires_in,
+                    "interval": resp.interval,
+                })),
+            )
+        }
+        Err(e) => (
+            StatusCode::INTERNAL_SERVER_ERROR,
+            Json(serde_json::json!({ "error": e })),
+        ),
+    }
+}
+
+/// GET /api/providers/github-copilot/oauth/poll/{poll_id}
+///
+/// Poll the status of a GitHub device flow.
+/// Returns `pending`, `complete`, `expired`, `denied`, or `error`.
+/// On `complete`, saves the token to secrets.env and sets GITHUB_TOKEN.
+pub async fn copilot_oauth_poll(
+    State(state): State<Arc<AppState>>,
+    Path(poll_id): Path<String>,
+) -> impl IntoResponse {
+    let flow = match COPILOT_FLOWS.get(&poll_id) {
+        Some(f) => f,
+        None => {
+            return (
+                StatusCode::NOT_FOUND,
+                Json(serde_json::json!({"status": "not_found", "error": "Unknown poll_id"})),
+            )
+        }
+    };
+
+    if flow.expires_at <= Instant::now() {
+        drop(flow);
+        COPILOT_FLOWS.remove(&poll_id);
+        return (
+            StatusCode::OK,
+            Json(serde_json::json!({"status": "expired"})),
+        );
+    }
+
+    let device_code = flow.device_code.clone();
+    drop(flow);
+
+    match openfang_runtime::copilot_oauth::poll_device_flow(&device_code).await {
+        openfang_runtime::copilot_oauth::DeviceFlowStatus::Pending => (
+            StatusCode::OK,
+            Json(serde_json::json!({"status": "pending"})),
+        ),
+        openfang_runtime::copilot_oauth::DeviceFlowStatus::Complete { access_token } => {
+            // Save to secrets.env
+            let secrets_path = state.kernel.config.home_dir.join("secrets.env");
+            if let Err(e) = write_secret_env(&secrets_path, "GITHUB_TOKEN", &access_token) {
+                return (
+                    StatusCode::INTERNAL_SERVER_ERROR,
+                    Json(serde_json::json!({"status": "error", "error": format!("Failed to save token: {e}")})),
+                );
+            }
+
+            // Set in current process
+            std::env::set_var("GITHUB_TOKEN", access_token.as_str());
+
+            // Refresh auth detection
+            state
+                .kernel
+                .model_catalog
+                .write()
+                .unwrap_or_else(|e| e.into_inner())
+                .detect_auth();
+
+            // Clean up flow state
+            COPILOT_FLOWS.remove(&poll_id);
+
+            (
+                StatusCode::OK,
+                Json(serde_json::json!({"status": "complete"})),
+            )
+        }
+        openfang_runtime::copilot_oauth::DeviceFlowStatus::SlowDown { new_interval } => {
+            // Update interval
+            if let Some(mut f) = COPILOT_FLOWS.get_mut(&poll_id) {
+                f.interval = new_interval;
+            }
+            (
+                StatusCode::OK,
+                Json(serde_json::json!({"status": "pending", "interval": new_interval})),
+            )
+        }
+        openfang_runtime::copilot_oauth::DeviceFlowStatus::Expired => {
+            COPILOT_FLOWS.remove(&poll_id);
+            (
+                StatusCode::OK,
+                Json(serde_json::json!({"status": "expired"})),
+            )
+        }
+        openfang_runtime::copilot_oauth::DeviceFlowStatus::AccessDenied => {
+            COPILOT_FLOWS.remove(&poll_id);
+            (
+                StatusCode::OK,
+                Json(serde_json::json!({"status": "denied"})),
+            )
+        }
+        openfang_runtime::copilot_oauth::DeviceFlowStatus::Error(e) => (
+            StatusCode::OK,
+            Json(serde_json::json!({"status": "error", "error": e})),
+        ),
+    }
+}

crates/openfang-api/src/routes.rs

@@ -452,6 +452,15 @@ pub async fn build_router(
         )
         .route("/api/models/{*id}", axum::routing::get(routes::get_model))
         .route("/api/providers", axum::routing::get(routes::list_providers))
+        // Copilot OAuth (must be before parametric {name} routes)
+        .route(
+            "/api/providers/github-copilot/oauth/start",
+            axum::routing::post(routes::copilot_oauth_start),
+        )
+        .route(
+            "/api/providers/github-copilot/oauth/poll/{poll_id}",
+            axum::routing::get(routes::copilot_oauth_poll),
+        )
         .route(
             "/api/providers/{name}/key",
             axum::routing::post(routes::set_provider_key).delete(routes::delete_provider_key),

crates/openfang-api/src/server.rs

@@ -2884,6 +2884,21 @@ <h4>LLM Providers</h4>
                   <template x-if="p.auth_status !== 'configured' && p.api_key_env">
                     <div class="text-xs text-dim mt-2">Or set <code style="color:var(--accent-light);background:var(--bg);padding:1px 4px;border-radius:2px" x-text="p.api_key_env"></code> in your environment and restart</div>
                   </template>
+                  <!-- Copilot OAuth button -->
+                  <template x-if="p.id === 'github-copilot' && p.auth_status !== 'configured'">
+                    <div class="mt-2">
+                      <button class="btn btn-primary btn-sm" @click="startCopilotOAuth()" :disabled="copilotOAuth.polling" x-show="!copilotOAuth.userCode">Login with GitHub</button>
+                      <div x-show="copilotOAuth.userCode" class="mt-2">
+                        <div class="text-sm">Visit <a :href="copilotOAuth.verificationUri" target="_blank" x-text="copilotOAuth.verificationUri" style="color:var(--accent-light)"></a> and enter:</div>
+                        <div style="font-size:24px;font-weight:bold;letter-spacing:4px;margin:8px 0;color:var(--accent-light)" x-text="copilotOAuth.userCode"></div>
+                        <div class="text-xs text-dim"><span class="spinner" style="width:10px;height:10px;border-width:2px;display:inline-block;vertical-align:middle"></span> Waiting for authorization...</div>
+                      </div>
+                    </div>
+                  </template>
+                  <!-- Claude Code install hint -->
+                  <template x-if="p.id === 'claude-code' && p.auth_status !== 'configured'">
+                    <div class="mt-2 text-xs text-dim">Install: <code style="color:var(--accent-light);background:var(--bg);padding:1px 4px;border-radius:2px">npm install -g @anthropic-ai/claude-code</code></div>
+                  </template>
                   <!-- Actions for configured providers -->
                   <template x-if="p.auth_status === 'configured'">
                     <div class="flex gap-2 mt-2">

crates/openfang-api/static/index_body.html

@@ -19,6 +19,7 @@ function settingsPage() {
     providerUrlSaving: {},
     providerTesting: {},
     providerTestResults: {},
+    copilotOAuth: { polling: false, userCode: '', verificationUri: '', pollId: '', interval: 5 },
     loading: true,
     loadError: '',
 
@@ -368,6 +369,54 @@ function settingsPage() {
       }
     },
 
+    async startCopilotOAuth() {
+      this.copilotOAuth.polling = true;
+      this.copilotOAuth.userCode = '';
+      try {
+        var resp = await OpenFangAPI.post('/api/providers/github-copilot/oauth/start', {});
+        this.copilotOAuth.userCode = resp.user_code;
+        this.copilotOAuth.verificationUri = resp.verification_uri;
+        this.copilotOAuth.pollId = resp.poll_id;
+        this.copilotOAuth.interval = resp.interval || 5;
+        window.open(resp.verification_uri, '_blank');
+        this.pollCopilotOAuth();
+      } catch(e) {
+        OpenFangToast.error('Failed to start Copilot login: ' + e.message);
+        this.copilotOAuth.polling = false;
+      }
+    },
+
+    pollCopilotOAuth() {
+      var self = this;
+      setTimeout(async function() {
+        if (!self.copilotOAuth.pollId) return;
+        try {
+          var resp = await OpenFangAPI.get('/api/providers/github-copilot/oauth/poll/' + self.copilotOAuth.pollId);
+          if (resp.status === 'complete') {
+            OpenFangToast.success('GitHub Copilot authenticated successfully!');
+            self.copilotOAuth = { polling: false, userCode: '', verificationUri: '', pollId: '', interval: 5 };
+            await self.loadProviders();
+            await self.loadModels();
+          } else if (resp.status === 'pending') {
+            if (resp.interval) self.copilotOAuth.interval = resp.interval;
+            self.pollCopilotOAuth();
+          } else if (resp.status === 'expired') {
+            OpenFangToast.error('Device code expired. Please try again.');
+            self.copilotOAuth = { polling: false, userCode: '', verificationUri: '', pollId: '', interval: 5 };
+          } else if (resp.status === 'denied') {
+            OpenFangToast.error('Access denied by user.');
+            self.copilotOAuth = { polling: false, userCode: '', verificationUri: '', pollId: '', interval: 5 };
+          } else {
+            OpenFangToast.error('OAuth error: ' + (resp.error || resp.status));
+            self.copilotOAuth = { polling: false, userCode: '', verificationUri: '', pollId: '', interval: 5 };
+          }
+        } catch(e) {
+          OpenFangToast.error('Poll error: ' + e.message);
+          self.copilotOAuth = { polling: false, userCode: '', verificationUri: '', pollId: '', interval: 5 };
+        }
+      }, self.copilotOAuth.interval * 1000);
+    },
+
     async testProvider(provider) {
       this.providerTesting[provider.id] = true;
       this.providerTestResults[provider.id] = null;