fix(qwen-ai): 修复 Qwen AI 对话认证与请求参数#118
Conversation
Qwen AI 网页端有记录模式已不再使用 Bearer Authorization,而是依赖完整 Cookie 进行认证。旧实现只保存 token 并发送 Authorization,导致对话接口无法正常使用。 本次修复改为使用 Cookie 认证,更新用户状态校验接口,保持有记录模式 chat_mode 为 normal,并修复内置登录流程只保存 token、不保存完整 cookies 的问题。
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3edcad2a18
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| auto_search: false, // Default to disable auto search | ||
| auto_thinking: false, | ||
| thinking_mode: shouldEnableThinking ? 'Thinking' : 'Fast', | ||
| auto_search: true, |
There was a problem hiding this comment.
For any Qwen AI request that does not explicitly ask for search, this now sends auto_search: true, so normal chat completions will invoke web search and can become slower, less deterministic, and produce web-grounded answers unexpectedly. Other adapters gate search on web_search or a model-name suffix, but forwardQwenAi does not pass any search flag here, so this should be derived from the request/model instead of being unconditional.
Useful? React with 👍 / 👎.
| finalCredentials = { | ||
| ...(token ? { token } : {}), | ||
| cookies, | ||
| } |
There was a problem hiding this comment.
When Qwen AI in-app login succeeds, finalCredentials now includes the full Cookie header, and the existing success path immediately stringifies finalCredentials to the main-process log. In successful Qwen AI logins this exposes reusable session cookies in logs; keep passing/storing the cookies, but redact the value or log only credential keys.
Useful? React with 👍 / 👎.
- qwen-ai.ts: 将 auto_search 恢复为 false(默认禁用联网搜索), 避免所有普通对话请求无条件触发网络搜索,导致响应变慢 和结果非预期包含联网内容。如需启用,请在模型名加 -search 后缀或通过 web_search 参数显式指定。 - manager.ts: 登录成功后的日志改为只打印凭据字段名 (Object.keys),不再将 Cookie 等敏感凭据明文输出到日志, 防止可复用的会话 Cookie 泄露到日志文件。
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Save Qwen AI manual cookies as cookies
When the Qwen AI manual OAuth config now asks for a full Cookie header, this path still receives that field through the generic token argument and returns it as { token }. In that scenario a pasted header like a=...; b=... is validated/saved as a token value rather than cookies, so later proxy requests synthesize Cookie: token=a=...; b=... instead of sending the required full Cookie header. Please map the cookie manual input to cookies in loginWithToken/the IPC path before validating and saving it.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
oauth/adapters/qwen-ai.ts 的 loginWithToken 方法中,原先无论
输入什么都将凭据存为 { token }。当用户手动粘贴完整 Cookie
Header 时,会被存为 token 字段,导致代理请求生成错误的
Cookie 头(Cookie: token=a=xxx; b=xxx),认证失败。
修复方式:通过判断入参是否为 JWT 格式(以 eyJ 开头且有三段)
来区分 token 和 Cookie 字符串,并分别存入 { token } 或
{ cookies } 字段,确保后续代理请求的 Cookie 头格式正确。
注:当前 UI 的 LoginDialog 中没有 qwen-ai 的入口,该方法
目前无法从界面触达,此修复是预防性的,保证未来接入时逻辑
正确,不影响现有任何功能路径。
2 participants
Qwen AI 网页端有记录模式已不再使用 Bearer Authorization,而是依赖完整 Cookie 进行认证。旧实现只保存 token 并发送 Authorization,导致对话接口无法正常使用。
本次修复改为使用 Cookie 认证,更新用户状态校验接口,保持有记录模式 chat_mode 为 normal,并修复内置登录流程只保存 token、不保存完整 cookies 的问题。