From e6bd2225cd227a53f547d3a3ddc7c059ddcf58a4 Mon Sep 17 00:00:00 2001 From: agent Date: Tue, 14 Apr 2026 19:40:37 +0800 Subject: [PATCH] =?UTF-8?q?fix(desktop):=20=E8=A7=A3=E6=9E=90=20Google=20O?= =?UTF-8?q?Auth=20=E5=AE=A2=E6=88=B7=E7=AB=AF=E6=96=87=E4=BB=B6=E8=B7=AF?= =?UTF-8?q?=E5=BE=84=E5=B9=B6=E6=9B=B4=E6=96=B0=E7=A4=BA=E4=BE=8B=E4=B8=8E?= =?UTF-8?q?=E8=AF=B4=E6=98=8E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 2 ++ apps/desktop/src-tauri/src/main.rs | 52 ++++++++++++++++++++++++++---- deploy/.env.example | 3 +- 3 files changed, 49 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 9290a64..89af08c 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,8 @@ cargo run -p secrets-desktop - `apps/desktop/src-tauri/tauri.conf.json` 中 `build.frontendDist` 指向 `apps/desktop/dist` - 当前仓库会直接提交 `apps/desktop/dist/` 下的桌面端静态资源 - 因此新机器 clone 后,无需额外前端构建步骤即可启动 desktop +- Google Desktop OAuth 的 `client_secret_*.json` **不会入库** +- 新机器需要自行提供该文件,并通过 `GOOGLE_OAUTH_CLIENT_FILE` 指向它;推荐使用绝对路径 ## 当前能力 diff --git a/apps/desktop/src-tauri/src/main.rs b/apps/desktop/src-tauri/src/main.rs index 77b9c98..0411763 100644 --- a/apps/desktop/src-tauri/src/main.rs +++ b/apps/desktop/src-tauri/src/main.rs @@ -929,14 +929,52 @@ fn apply_mcp_config_to_all() -> AnyResult<()> { Ok(()) } +fn workspace_root() -> PathBuf { + PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("../../..") +} + +fn default_google_oauth_client_filename() -> &'static str { + "client_secret_738964258008-0svfo4g7ta347iedrf6r9see87a8u3hn.apps.googleusercontent.com.json" +} + +fn resolve_google_oauth_client_path() -> AnyResult { + let configured = std::env::var("GOOGLE_OAUTH_CLIENT_FILE").ok(); + let mut candidates = Vec::new(); + let repo_root = workspace_root(); + + if let Some(raw_path) = configured.as_deref().map(str::trim).filter(|value| !value.is_empty()) { + let path = PathBuf::from(raw_path); + if path.is_absolute() { + candidates.push(path); + } else { + if let Ok(cwd) = std::env::current_dir() { + candidates.push(cwd.join(&path)); + } + candidates.push(repo_root.join(&path)); + } + } else { + candidates.push(repo_root.join(default_google_oauth_client_filename())); + } + + candidates.dedup(); + + candidates.into_iter().find(|path| path.exists()).with_context(|| { + let configured_hint = configured + .as_deref() + .map(str::trim) + .filter(|value| !value.is_empty()) + .map(|value| format!("当前 GOOGLE_OAUTH_CLIENT_FILE={value}。")) + .unwrap_or_else(|| "当前未设置 GOOGLE_OAUTH_CLIENT_FILE。".to_string()); + format!( + "google oauth client file not found. {} 请把 {} 放到仓库根目录,或把 GOOGLE_OAUTH_CLIENT_FILE 设置为该文件的绝对路径", + configured_hint, + default_google_oauth_client_filename(), + ) + }) +} + fn load_google_desktop_client() -> AnyResult { - let configured = std::env::var("GOOGLE_OAUTH_CLIENT_FILE") - .map(PathBuf::from) - .unwrap_or_else(|_| { - PathBuf::from(env!("CARGO_MANIFEST_DIR")) - .join("../../..") - .join("client_secret_738964258008-0svfo4g7ta347iedrf6r9see87a8u3hn.apps.googleusercontent.com.json") - }); + let configured = resolve_google_oauth_client_path()?; let raw = fs::read_to_string(&configured) .with_context(|| format!("failed to read {}", configured.display()))?; let parsed: GoogleDesktopClientFile = diff --git a/deploy/.env.example b/deploy/.env.example index c7a462f..9999b9d 100644 --- a/deploy/.env.example +++ b/deploy/.env.example @@ -19,7 +19,8 @@ SECRETS_DAEMON_URL=http://127.0.0.1:9515/mcp # ─── Google OAuth ───────────────────────────────────────────────────── # 桌面端优先从这个 installed client JSON 读取 Desktop OAuth 配置 -GOOGLE_OAUTH_CLIENT_FILE=./client_secret_738964258008-0svfo4g7ta347iedrf6r9see87a8u3hn.apps.googleusercontent.com.json +# 推荐填写绝对路径;若使用相对路径,则以仓库根目录为基准解析 +GOOGLE_OAUTH_CLIENT_FILE=/absolute/path/to/client_secret_738964258008-0svfo4g7ta347iedrf6r9see87a8u3hn.apps.googleusercontent.com.json # 若仍无法换 token(仅提供端口代理、无系统代理):可取消注释并改为本机代理地址 # HTTPS_PROXY=http://127.0.0.1:7890 # NO_PROXY=localhost,127.0.0.1