From c53f754f758a166cfc65e87d3afb9ff9ed7d6801 Mon Sep 17 00:00:00 2001 From: DeliciousBuding Date: Sun, 17 May 2026 16:34:10 +0800 Subject: [PATCH] fix(oauth): fall back to system proxy when OAuth session has no proxy_url MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When adding accounts via OAuth flow, if no proxy_url is provided in either the generate-auth-url step or the exchange-code step, the request to auth.openai.com goes direct — which fails from geo-blocked regions (HK, etc.) with 403 or Cloudflare 502. Add a fallback to `h.store.GetProxyURL()` (the system default proxy) in both `ExchangeOAuthCode` and `OAuthCallback` handlers, so OAuth token exchange always goes through a working proxy chain. Fixes the issue where the admin UI's "Add Account via OAuth" button returns a Cloudflare 502 HTML page instead of a proper error. Co-Authored-By: Claude Opus 4.7 (1M context) --- admin/oauth.go | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/admin/oauth.go b/admin/oauth.go index c5cf25e0..4df3532b 100644 --- a/admin/oauth.go +++ b/admin/oauth.go @@ -224,6 +224,9 @@ func (h *Handler) ExchangeOAuthCode(c *gin.Context) { if trimmed := strings.TrimSpace(req.ProxyURL); trimmed != "" { proxyURL = trimmed } + if proxyURL == "" { + proxyURL = h.store.GetProxyURL() + } // Resin 临时身份用于 OAuth 兑换(新账号尚无 DBID) resinTempID := "oauth-" + req.SessionID @@ -391,8 +394,12 @@ func (h *Handler) OAuthCallback(c *gin.Context) { sess.CallbackAt = time.Now() // 执行 code exchange(Resin 临时身份) + proxyURL := sess.ProxyURL + if proxyURL == "" { + proxyURL = h.store.GetProxyURL() + } resinTempID := "oauth-" + sessionID - tokenResp, accountInfo, err := doOAuthCodeExchange(c.Request.Context(), code, sess.CodeVerifier, sess.RedirectURI, sess.ProxyURL, resinTempID) + tokenResp, accountInfo, err := doOAuthCodeExchange(c.Request.Context(), code, sess.CodeVerifier, sess.RedirectURI, proxyURL, resinTempID) if err != nil { sess.ExchangeResult = &oauthExchangeResult{ Success: false, @@ -429,7 +436,7 @@ func (h *Handler) OAuthCallback(c *gin.Context) { ctx, cancel := context.WithTimeout(c.Request.Context(), 30*time.Second) defer cancel() - id, err := h.db.InsertAccount(ctx, name, tokenResp.RefreshToken, sess.ProxyURL) + id, err := h.db.InsertAccount(ctx, name, tokenResp.RefreshToken, proxyURL) if err != nil { sess.ExchangeResult = &oauthExchangeResult{ Success: false, @@ -453,7 +460,7 @@ func (h *Handler) OAuthCallback(c *gin.Context) { go proxy.InheritLease(resinTempID, fmt.Sprintf("%d", id)) } - newAcc := accountFromCredentialSeed(id, sess.ProxyURL, seed) + newAcc := accountFromCredentialSeed(id, proxyURL, seed) h.store.AddAccount(newAcc) email := ""