|
| 1 | +import { resolveExpiresAtMsFromDurationSeconds } from "openclaw/plugin-sdk/number-runtime"; |
1 | 2 | import { resolveOAuthClientConfig } from "./oauth.credentials.js"; |
2 | 3 | import { fetchWithTimeout } from "./oauth.http.js"; |
3 | 4 | import { resolveGoogleOAuthIdentity, resolveGooglePersonalOAuthIdentity } from "./oauth.project.js"; |
4 | 5 | import { isGeminiCliPersonalOAuth } from "./oauth.settings.js"; |
5 | 6 | import { REDIRECT_URI, TOKEN_URL, type GeminiCliOAuthCredentials } from "./oauth.shared.js"; |
6 | 7 | |
| 8 | +const TOKEN_EXPIRY_BUFFER_MS = 5 * 60 * 1000; |
| 9 | + |
7 | 10 | async function requestTokenGrant(body: URLSearchParams): Promise<{ |
8 | 11 | access_token?: string; |
9 | 12 | refresh_token?: string; |
@@ -31,11 +34,11 @@ async function requestTokenGrant(body: URLSearchParams): Promise<{
|
31 | 34 | }; |
32 | 35 | } |
33 | 36 | |
34 | | -function resolveExpiresInMs(value: unknown): number { |
35 | | -if (typeof value !== "number" || !Number.isFinite(value) || value <= 0) { |
36 | | -return 0; |
37 | | -} |
38 | | -return Math.trunc(value * 1000); |
| 37 | +function resolveTokenExpiresAt(value: unknown): number { |
| 38 | +return ( |
| 39 | +resolveExpiresAtMsFromDurationSeconds(value, { bufferMs: TOKEN_EXPIRY_BUFFER_MS }) ?? |
| 40 | + Date.now() - TOKEN_EXPIRY_BUFFER_MS |
| 41 | +); |
39 | 42 | } |
40 | 43 | |
41 | 44 | async function buildGeminiCliCredentials(params: { |
@@ -70,8 +73,7 @@ async function buildGeminiCliCredentials(params: {
|
70 | 73 | // already-stored identity binding instead of failing token renewal. |
71 | 74 | } |
72 | 75 | |
73 | | -const expiresInMs = resolveExpiresInMs(params.tokenResponse.expires_in); |
74 | | -const expiresAt = Date.now() + expiresInMs - 5 * 60 * 1000; |
| 76 | +const expiresAt = resolveTokenExpiresAt(params.tokenResponse.expires_in); |
75 | 77 | |
76 | 78 | return { |
77 | 79 | refresh: params.tokenResponse.refresh_token ?? params.refreshTokenFallback ?? "", |
|