Codex accounts: 6h auto-refresh, manual refresh, manual switch (#48)
Auto refresh - New refreshCodexAccount(index) calls https://auth.openai.com/oauth/token with grant_type=refresh_token and persists rotated tokens back to ~/.codex-accounts/{N}/auth.json. JWT's subscription_active_until reflects the latest plan state OpenAI hands back. - startCodexAccountRefreshLoop() runs every 6h (first run delayed 60s after boot to keep startup snappy). Hooked into main()/shutdown() alongside the existing claude token refresh loop. Manual controls (Settings → 계정 → Codex) - "갱신" button per row: forces an immediate refresh for that account. - "전체 갱신" button: refreshes all codex accounts in sequence. - "전환" button: writes data/codex-rotation-state.json so the next codex spawn picks the chosen account. Active account marked with a green- bordered card and "사용중" badge. Endpoints - POST /api/settings/accounts/codex/{i}/refresh - POST /api/settings/accounts/codex/refresh-all - PUT /api/settings/accounts/codex/current { index } - GET /api/settings/accounts now also returns codexCurrentIndex. Why JWTs cache subscription state at issue-time. When a Pro plan lapses or a user upgrades/downgrades, the dashboard kept showing stale data until the user logged in again. Periodic refresh + explicit "갱신" button keeps the displayed state honest, and the manual switch unblocks the user when rotation lands on a known-bad account. Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -256,6 +256,42 @@ export function getActiveCodexAuthPath(): string | null {
|
||||
return getCodexAuthPath();
|
||||
}
|
||||
|
||||
/** Currently active codex account index (after rotation). */
|
||||
export function getCurrentCodexAccountIndex(): number {
|
||||
return accounts.length === 0 ? 0 : currentIndex;
|
||||
}
|
||||
|
||||
/** Manually switch the active codex account. Clears its rate-limit cooldown. */
|
||||
export function setCurrentCodexAccountIndex(targetIndex: number): void {
|
||||
if (accounts.length === 0) {
|
||||
throw new Error('codex token rotation: no accounts loaded');
|
||||
}
|
||||
if (
|
||||
!Number.isInteger(targetIndex) ||
|
||||
targetIndex < 0 ||
|
||||
targetIndex >= accounts.length
|
||||
) {
|
||||
throw new Error(
|
||||
`codex switch: index ${targetIndex} out of range [0..${accounts.length - 1}]`,
|
||||
);
|
||||
}
|
||||
if (targetIndex === currentIndex) return;
|
||||
const previous = currentIndex;
|
||||
currentIndex = targetIndex;
|
||||
// Clear rate-limit on the chosen account so rotation logic doesn't bounce it.
|
||||
accounts[targetIndex].rateLimitedUntil = null;
|
||||
saveCodexState();
|
||||
logger.info(
|
||||
{
|
||||
transition: 'rotation:manual-switch',
|
||||
fromIndex: previous,
|
||||
toIndex: currentIndex,
|
||||
totalAccounts: accounts.length,
|
||||
},
|
||||
`Codex switched manually to account #${currentIndex + 1}/${accounts.length}`,
|
||||
);
|
||||
}
|
||||
|
||||
export function getCodexAuthPath(
|
||||
accountIndex: number = currentIndex,
|
||||
): string | null {
|
||||
|
||||
@@ -59,6 +59,10 @@ import { startWebDashboardServer } from './web-dashboard-server.js';
|
||||
import { Channel, NewMessage, RegisteredGroup } from './types.js';
|
||||
import { logger } from './logger.js';
|
||||
import { initCodexTokenRotation } from './codex-token-rotation.js';
|
||||
import {
|
||||
startCodexAccountRefreshLoop,
|
||||
stopCodexAccountRefreshLoop,
|
||||
} from './settings-store.js';
|
||||
import {
|
||||
hasAvailableClaudeToken,
|
||||
initTokenRotation,
|
||||
@@ -245,6 +249,7 @@ async function main(): Promise<void> {
|
||||
initTokenRotation();
|
||||
initCodexTokenRotation();
|
||||
startTokenRefreshLoop();
|
||||
startCodexAccountRefreshLoop();
|
||||
|
||||
runtimeState.loadState();
|
||||
|
||||
@@ -254,6 +259,7 @@ async function main(): Promise<void> {
|
||||
const shutdown = async (signal: string) => {
|
||||
logger.info({ signal }, 'Shutdown signal received');
|
||||
stopTokenRefreshLoop();
|
||||
stopCodexAccountRefreshLoop();
|
||||
if (leaseRecoveryTimer) {
|
||||
clearInterval(leaseRecoveryTimer);
|
||||
leaseRecoveryTimer = null;
|
||||
|
||||
@@ -277,6 +277,136 @@ export function updateModelConfig(
|
||||
return getModelConfig();
|
||||
}
|
||||
|
||||
const CODEX_OAUTH_TOKEN_URL = 'https://auth.openai.com/oauth/token';
|
||||
const CODEX_OAUTH_CLIENT_ID = 'app_EMoamEEZ73f0CkXaXp7hrann';
|
||||
|
||||
interface CodexAuthFile {
|
||||
auth_mode?: string;
|
||||
OPENAI_API_KEY?: string | null;
|
||||
tokens?: {
|
||||
id_token?: string;
|
||||
access_token?: string;
|
||||
refresh_token?: string;
|
||||
account_id?: string;
|
||||
};
|
||||
last_refresh?: string;
|
||||
}
|
||||
|
||||
function readCodexAuthFile(file: string): CodexAuthFile | null {
|
||||
return readJson<CodexAuthFile>(file);
|
||||
}
|
||||
|
||||
function writeCodexAuthFile(file: string, data: CodexAuthFile): void {
|
||||
const tempPath = `${file}.tmp`;
|
||||
fs.writeFileSync(tempPath, `${JSON.stringify(data, null, 2)}\n`, {
|
||||
mode: 0o600,
|
||||
});
|
||||
fs.renameSync(tempPath, file);
|
||||
}
|
||||
|
||||
export async function refreshCodexAccount(
|
||||
index: number,
|
||||
): Promise<CodexAccountSummary> {
|
||||
const file = codexAuthPath(index);
|
||||
if (!fs.existsSync(file)) {
|
||||
throw new Error(`codex auth.json not found for index ${index}`);
|
||||
}
|
||||
const data = readCodexAuthFile(file);
|
||||
const refreshToken = data?.tokens?.refresh_token;
|
||||
if (!refreshToken) {
|
||||
throw new Error(`codex account #${index} has no refresh_token`);
|
||||
}
|
||||
|
||||
const body = new URLSearchParams({
|
||||
grant_type: 'refresh_token',
|
||||
refresh_token: refreshToken,
|
||||
client_id: CODEX_OAUTH_CLIENT_ID,
|
||||
});
|
||||
|
||||
const res = await fetch(CODEX_OAUTH_TOKEN_URL, {
|
||||
method: 'POST',
|
||||
headers: { 'content-type': 'application/x-www-form-urlencoded' },
|
||||
body: body.toString(),
|
||||
});
|
||||
|
||||
if (!res.ok) {
|
||||
const text = await res.text().catch(() => '');
|
||||
throw new Error(
|
||||
`codex refresh failed (#${index}): ${res.status} ${text.slice(0, 200)}`,
|
||||
);
|
||||
}
|
||||
|
||||
const payload = (await res.json()) as {
|
||||
access_token?: string;
|
||||
id_token?: string;
|
||||
refresh_token?: string;
|
||||
};
|
||||
|
||||
const updated: CodexAuthFile = {
|
||||
...(data ?? {}),
|
||||
tokens: {
|
||||
...(data?.tokens ?? {}),
|
||||
id_token: payload.id_token ?? data?.tokens?.id_token,
|
||||
access_token: payload.access_token ?? data?.tokens?.access_token,
|
||||
refresh_token: payload.refresh_token ?? refreshToken,
|
||||
},
|
||||
last_refresh: new Date().toISOString(),
|
||||
};
|
||||
writeCodexAuthFile(file, updated);
|
||||
|
||||
const summary = readCodexAccount(index);
|
||||
if (!summary)
|
||||
throw new Error('failed to re-read codex account after refresh');
|
||||
return summary;
|
||||
}
|
||||
|
||||
export async function refreshAllCodexAccounts(): Promise<{
|
||||
refreshed: number[];
|
||||
failed: Array<{ index: number; error: string }>;
|
||||
}> {
|
||||
const refreshed: number[] = [];
|
||||
const failed: Array<{ index: number; error: string }> = [];
|
||||
const accounts = listCodexAccounts();
|
||||
for (const acc of accounts) {
|
||||
try {
|
||||
await refreshCodexAccount(acc.index);
|
||||
refreshed.push(acc.index);
|
||||
} catch (err) {
|
||||
failed.push({
|
||||
index: acc.index,
|
||||
error: err instanceof Error ? err.message : String(err),
|
||||
});
|
||||
}
|
||||
}
|
||||
return { refreshed, failed };
|
||||
}
|
||||
|
||||
const CODEX_REFRESH_INTERVAL_MS = 6 * 60 * 60 * 1000;
|
||||
let codexRefreshTimer: ReturnType<typeof setInterval> | null = null;
|
||||
|
||||
export function startCodexAccountRefreshLoop(): void {
|
||||
if (codexRefreshTimer) return;
|
||||
// Stagger first refresh so server boot isn't slowed.
|
||||
setTimeout(() => {
|
||||
void refreshAllCodexAccounts().catch(() => {
|
||||
/* swallow; per-account errors logged inside */
|
||||
});
|
||||
}, 60_000).unref?.();
|
||||
codexRefreshTimer = setInterval(() => {
|
||||
void refreshAllCodexAccounts().catch(() => {
|
||||
/* swallow */
|
||||
});
|
||||
}, CODEX_REFRESH_INTERVAL_MS);
|
||||
codexRefreshTimer.unref?.();
|
||||
}
|
||||
|
||||
export function stopCodexAccountRefreshLoop(): void {
|
||||
if (codexRefreshTimer) {
|
||||
clearInterval(codexRefreshTimer);
|
||||
codexRefreshTimer = null;
|
||||
}
|
||||
}
|
||||
|
||||
function codexConfigPath(): string {
|
||||
return path.join(os.homedir(), '.codex', 'config.toml');
|
||||
}
|
||||
|
||||
@@ -52,10 +52,16 @@ import {
|
||||
getModelConfig,
|
||||
listClaudeAccounts,
|
||||
listCodexAccounts,
|
||||
refreshAllCodexAccounts,
|
||||
refreshCodexAccount,
|
||||
removeAccountDirectory,
|
||||
updateFastMode,
|
||||
updateModelConfig,
|
||||
} from './settings-store.js';
|
||||
import {
|
||||
getCurrentCodexAccountIndex,
|
||||
setCurrentCodexAccountIndex,
|
||||
} from './codex-token-rotation.js';
|
||||
|
||||
const DEFAULT_STATUS_MAX_AGE_MS = 10 * 60 * 1000;
|
||||
const ROOM_MESSAGE_ID_CACHE_LIMIT = 500;
|
||||
@@ -1340,6 +1346,64 @@ export function createWebDashboardHandler(
|
||||
}
|
||||
}
|
||||
|
||||
{
|
||||
const refreshMatch = url.pathname.match(
|
||||
/^\/api\/settings\/accounts\/codex\/(\d+)\/refresh$/,
|
||||
);
|
||||
if (refreshMatch && request.method === 'POST') {
|
||||
const index = Number.parseInt(refreshMatch[1], 10);
|
||||
try {
|
||||
const updated = await refreshCodexAccount(index);
|
||||
return jsonResponse({ ok: true, account: updated });
|
||||
} catch (err) {
|
||||
const message = err instanceof Error ? err.message : String(err);
|
||||
return jsonResponse({ error: message }, { status: 400 });
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (
|
||||
url.pathname === '/api/settings/accounts/codex/refresh-all' &&
|
||||
request.method === 'POST'
|
||||
) {
|
||||
try {
|
||||
const result = await refreshAllCodexAccounts();
|
||||
return jsonResponse({ ok: true, ...result });
|
||||
} catch (err) {
|
||||
const message = err instanceof Error ? err.message : String(err);
|
||||
return jsonResponse({ error: message }, { status: 500 });
|
||||
}
|
||||
}
|
||||
|
||||
if (
|
||||
url.pathname === '/api/settings/accounts/codex/current' &&
|
||||
request.method === 'PUT'
|
||||
) {
|
||||
let body: { index?: unknown } | null = null;
|
||||
try {
|
||||
body = (await request.json()) as { index?: unknown };
|
||||
} catch {
|
||||
return jsonResponse({ error: 'Invalid JSON body' }, { status: 400 });
|
||||
}
|
||||
const idx = typeof body?.index === 'number' ? body.index : Number.NaN;
|
||||
if (!Number.isInteger(idx)) {
|
||||
return jsonResponse(
|
||||
{ error: 'index must be an integer' },
|
||||
{ status: 400 },
|
||||
);
|
||||
}
|
||||
try {
|
||||
setCurrentCodexAccountIndex(idx);
|
||||
return jsonResponse({
|
||||
ok: true,
|
||||
codexCurrentIndex: getCurrentCodexAccountIndex(),
|
||||
});
|
||||
} catch (err) {
|
||||
const message = err instanceof Error ? err.message : String(err);
|
||||
return jsonResponse({ error: message }, { status: 400 });
|
||||
}
|
||||
}
|
||||
|
||||
if (url.pathname === '/api/tasks' && request.method === 'POST') {
|
||||
if (!loadRoomBindings) {
|
||||
return jsonResponse(
|
||||
@@ -1538,6 +1602,7 @@ export function createWebDashboardHandler(
|
||||
return jsonResponse({
|
||||
claude: listClaudeAccounts(),
|
||||
codex: listCodexAccounts(),
|
||||
codexCurrentIndex: getCurrentCodexAccountIndex(),
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user