fix(desktop): 解析 Google OAuth 客户端文件路径并更新示例与说明

2026-04-14 19:40:37 +08:00
parent 328962706b
commit e6bd2225cd
3 changed files with 49 additions and 8 deletions
--- a/README.md
+++ b/README.md
@@ -27,6 +27,8 @@ cargo run -p secrets-desktop
 - `apps/desktop/src-tauri/tauri.conf.json` 中 `build.frontendDist` 指向 `apps/desktop/dist`
 - 当前仓库会直接提交 `apps/desktop/dist/` 下的桌面端静态资源
 - 因此新机器 clone 后，无需额外前端构建步骤即可启动 desktop
+- Google Desktop OAuth 的 `client_secret_*.json` **不会入库**
+- 新机器需要自行提供该文件，并通过 `GOOGLE_OAUTH_CLIENT_FILE` 指向它；推荐使用绝对路径

 ## 当前能力

--- a/apps/desktop/src-tauri/src/main.rs
+++ b/apps/desktop/src-tauri/src/main.rs
@@ -929,14 +929,52 @@ fn apply_mcp_config_to_all() -> AnyResult<()> {
    Ok(())
 }

+fn workspace_root() -> PathBuf {
+    PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("../../..")
+}
+
+fn default_google_oauth_client_filename() -> &'static str {
+    "client_secret_738964258008-0svfo4g7ta347iedrf6r9see87a8u3hn.apps.googleusercontent.com.json"
+}
+
+fn resolve_google_oauth_client_path() -> AnyResult<PathBuf> {
+    let configured = std::env::var("GOOGLE_OAUTH_CLIENT_FILE").ok();
+    let mut candidates = Vec::new();
+    let repo_root = workspace_root();
+
+    if let Some(raw_path) = configured.as_deref().map(str::trim).filter(|value| !value.is_empty()) {
+        let path = PathBuf::from(raw_path);
+        if path.is_absolute() {
+            candidates.push(path);
+        } else {
+            if let Ok(cwd) = std::env::current_dir() {
+                candidates.push(cwd.join(&path));
+            }
+            candidates.push(repo_root.join(&path));
+        }
+    } else {
+        candidates.push(repo_root.join(default_google_oauth_client_filename()));
+    }
+
+    candidates.dedup();
+
+    candidates.into_iter().find(|path| path.exists()).with_context(|| {
+        let configured_hint = configured
+            .as_deref()
+            .map(str::trim)
+            .filter(|value| !value.is_empty())
+            .map(|value| format!("当前 GOOGLE_OAUTH_CLIENT_FILE={value}。"))
+            .unwrap_or_else(|| "当前未设置 GOOGLE_OAUTH_CLIENT_FILE。".to_string());
+        format!(
+            "google oauth client file not found. {} 请把 {} 放到仓库根目录，或把 GOOGLE_OAUTH_CLIENT_FILE 设置为该文件的绝对路径",
+            configured_hint,
+            default_google_oauth_client_filename(),
+        )
+    })
+}
+
 fn load_google_desktop_client() -> AnyResult<GoogleDesktopClient> {
-    let configured = std::env::var("GOOGLE_OAUTH_CLIENT_FILE")
-        .map(PathBuf::from)
-        .unwrap_or_else(|_| {
-            PathBuf::from(env!("CARGO_MANIFEST_DIR"))
-                .join("../../..")
-                .join("client_secret_738964258008-0svfo4g7ta347iedrf6r9see87a8u3hn.apps.googleusercontent.com.json")
-        });
+    let configured = resolve_google_oauth_client_path()?;
    let raw = fs::read_to_string(&configured)
        .with_context(|| format!("failed to read {}", configured.display()))?;
    let parsed: GoogleDesktopClientFile =
--- a/deploy/.env.example
+++ b/deploy/.env.example
@@ -19,7 +19,8 @@ SECRETS_DAEMON_URL=http://127.0.0.1:9515/mcp

 # ─── Google OAuth ─────────────────────────────────────────────────────
 # 桌面端优先从这个 installed client JSON 读取 Desktop OAuth 配置
-GOOGLE_OAUTH_CLIENT_FILE=./client_secret_738964258008-0svfo4g7ta347iedrf6r9see87a8u3hn.apps.googleusercontent.com.json
+# 推荐填写绝对路径；若使用相对路径，则以仓库根目录为基准解析
+GOOGLE_OAUTH_CLIENT_FILE=/absolute/path/to/client_secret_738964258008-0svfo4g7ta347iedrf6r9see87a8u3hn.apps.googleusercontent.com.json
 # 若仍无法换 token（仅提供端口代理、无系统代理）：可取消注释并改为本机代理地址
 # HTTPS_PROXY=http://127.0.0.1:7890
 # NO_PROXY=localhost,127.0.0.1