feat: codex oauth proxy

[seefs001]

#2718
刷新授权/获取授权 走渠道代理设置

Summary by CodeRabbit

Release Notes

• New Features
  • Codex OAuth now supports proxy configuration for authorization code exchange and token refresh operations.
  • Channel-specific proxy settings are automatically applied during OAuth flows and credential renewal.
  • Token refresh triggered by authentication errors now uses the configured proxy setting.

[coderabbitai]

Walkthrough

This PR adds proxy-aware OAuth token operations by introducing RefreshCodexOAuthTokenWithProxy and ExchangeCodexAuthorizationCodeWithProxy functions. Existing OAuth methods are refactored to delegate to these new variants, and all call sites are updated to pass channel-specific proxy settings from configurations. JSON decoding is unified using a common helper function.

Changes

Cohort / File(s)	Summary
OAuth Service Core service/codex_oauth.go	Added RefreshCodexOAuthTokenWithProxy and ExchangeCodexAuthorizationCodeWithProxy with proxy-aware HTTP client creation via getCodexOAuthHTTPClient. Refactored existing RefreshCodexOAuthToken and ExchangeCodexAuthorizationCode to delegate to proxy variants. Switched JSON decoding to common.DecodeJson.
OAuth Controller & Completion controller/codex_oauth.go	Updated CompleteCodexOAuthWithChannelID to extract and pass channel proxy setting to ExchangeCodexAuthorizationCodeWithProxy.
OAuth Token Refresh service/codex_credential_refresh.go, controller/codex_usage.go	Updated refresh paths to use RefreshCodexOAuthTokenWithProxy with channel proxy setting. Replaced json.Unmarshal with common.Unmarshal in usage refresh flow.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 With proxy in paw, our OAuth hops forth,
Through channels and credentials, of proven worth,
No token left behind without its safe route,
A tunnel of trust—our proxy's salute! 🛡️

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: codex oauth proxy' directly describes the main change: adding proxy support to Codex OAuth operations across multiple files (controller, service, and usage flows).

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

service/codex_oauth.go (2)

8-8: encoding/json is still directly imported — used in decodeJWTClaims (Line 313).

The coding guidelines require using common wrappers instead of encoding/json. While the usage at Line 313 is pre-existing and unchanged, you've already added the common import in this PR. Consider migrating decodeJWTClaims to common.Unmarshal to fully comply and allow dropping the encoding/json import.

Proposed fix

 func decodeJWTClaims(token string) (map[string]any, bool) {
 	parts := strings.Split(token, ".")
 	if len(parts) != 3 {
 		return nil, false
 	}
 	payloadRaw, err := base64.RawURLEncoding.DecodeString(parts[1])
 	if err != nil {
 		return nil, false
 	}
 	var claims map[string]any
-	if err := json.Unmarshal(payloadRaw, &claims); err != nil {
+	if err := common.Unmarshal(payloadRaw, &claims); err != nil {
 		return nil, false
 	}
 	return claims, true
 }

This would also allow removing the "encoding/json" import from line 8.

As per coding guidelines: "Do NOT directly import or call encoding/json in business code; use wrapper functions from common/json.go instead."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@service/codex_oauth.go` at line 8, The decodeJWTClaims function currently
uses encoding/json directly; replace that usage with the common.Unmarshal
wrapper (call common.Unmarshal into the same target struct/value) and update
error handling to match existing patterns, then remove the "encoding/json"
import from the file; refer to the decodeJWTClaims function and common.Unmarshal
helper when making the change so the file no longer imports encoding/json.

---

123-128: Status-code check after body decode loses the real error on non-JSON error responses.

In both refreshCodexOAuthToken (Line 123) and exchangeCodexAuthorizationCode (Line 184), the response body is decoded before checking the status code. If the server returns a non-2xx response with a non-JSON body (e.g., an HTML error page), DecodeJson fails first, and the caller sees a JSON parse error instead of the meaningful HTTP status code.

This is pre-existing logic (only the decode call changed), but since you're already touching these lines, consider swapping the order:

Proposed fix (same pattern applies to both functions)

For refreshCodexOAuthToken:

-	if err := common.DecodeJson(resp.Body, &payload); err != nil {
-		return nil, err
-	}
 	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
 		return nil, fmt.Errorf("codex oauth refresh failed: status=%d", resp.StatusCode)
 	}
+	if err := common.DecodeJson(resp.Body, &payload); err != nil {
+		return nil, err
+	}

For exchangeCodexAuthorizationCode:

-	if err := common.DecodeJson(resp.Body, &payload); err != nil {
-		return nil, err
-	}
 	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
 		return nil, fmt.Errorf("codex oauth code exchange failed: status=%d", resp.StatusCode)
 	}
+	if err := common.DecodeJson(resp.Body, &payload); err != nil {
+		return nil, err
+	}

Also applies to: 184-189

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@service/codex_oauth.go` around lines 123 - 128, The response body is being
JSON-decoded before checking HTTP status, causing JSON parse errors to hide
non-2xx responses; in both refreshCodexOAuthToken and
exchangeCodexAuthorizationCode swap the order so you first check resp.StatusCode
(treat non-2xx as an error and read/attach the raw body for context) and only
then call common.DecodeJson into payload for 2xx responses, ensuring errors
return the HTTP status and response body when available while successful flows
still decode payload.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@service/codex_oauth.go`:
- Line 8: The decodeJWTClaims function currently uses encoding/json directly;
replace that usage with the common.Unmarshal wrapper (call common.Unmarshal into
the same target struct/value) and update error handling to match existing
patterns, then remove the "encoding/json" import from the file; refer to the
decodeJWTClaims function and common.Unmarshal helper when making the change so
the file no longer imports encoding/json.
- Around line 123-128: The response body is being JSON-decoded before checking
HTTP status, causing JSON parse errors to hide non-2xx responses; in both
refreshCodexOAuthToken and exchangeCodexAuthorizationCode swap the order so you
first check resp.StatusCode (treat non-2xx as an error and read/attach the raw
body for context) and only then call common.DecodeJson into payload for 2xx
responses, ensuring errors return the HTTP status and response body when
available while successful flows still decode payload.