Marshall Bowers created
This PR makes it so the user gets signed out upon receiving an
Unauthorized response when acquiring an LLM token.
This is a re-landing of #49661.
Closes CLO-324.
Release Notes:
- N/ACargo.lock | 2
crates/client/src/client.rs | 22 +++++-
crates/client/src/user.rs | 16 +++++
crates/cloud_api_client/Cargo.toml | 1
crates/cloud_api_client/src/cloud_api_client.rs | 59 +++++++++++++++---
crates/language_model/Cargo.toml | 1
crates/language_model/src/model/cloud_model.rs | 20 +++++-
crates/zed/src/zed.rs | 1
8 files changed, 100 insertions(+), 22 deletions(-)
@@ -3035,6 +3035,7 @@ dependencies = [
"http_client",
"parking_lot",
"serde_json",
+ "thiserror 2.0.17",
"yawc",
]
@@ -9108,6 +9109,7 @@ dependencies = [
"anyhow",
"base64 0.22.1",
"client",
+ "cloud_api_client",
"cloud_api_types",
"cloud_llm_client",
"collections",
@@ -19,11 +19,12 @@ use credentials_provider::CredentialsProvider;
use feature_flags::FeatureFlagAppExt as _;
use futures::{
AsyncReadExt, FutureExt, SinkExt, Stream, StreamExt, TryFutureExt as _, TryStreamExt,
- channel::oneshot, future::BoxFuture,
+ channel::{mpsc, oneshot},
+ future::BoxFuture,
};
use gpui::{App, AsyncApp, Entity, Global, Task, WeakEntity, actions};
use http_client::{HttpClient, HttpClientWithUrl, http, read_proxy_from_env};
-use parking_lot::RwLock;
+use parking_lot::{Mutex, RwLock};
use postage::watch;
use proxy::connect_proxy_stream;
use rand::prelude::*;
@@ -195,8 +196,9 @@ pub struct Client {
telemetry: Arc<Telemetry>,
credentials_provider: ClientCredentialsProvider,
state: RwLock<ClientState>,
- handler_set: parking_lot::Mutex<ProtoMessageHandlerSet>,
- message_to_client_handlers: parking_lot::Mutex<Vec<MessageToClientHandler>>,
+ handler_set: Mutex<ProtoMessageHandlerSet>,
+ message_to_client_handlers: Mutex<Vec<MessageToClientHandler>>,
+ sign_out_tx: Mutex<Option<mpsc::UnboundedSender<()>>>,
#[allow(clippy::type_complexity)]
#[cfg(any(test, feature = "test-support"))]
@@ -536,7 +538,8 @@ impl Client {
credentials_provider: ClientCredentialsProvider::new(cx),
state: Default::default(),
handler_set: Default::default(),
- message_to_client_handlers: parking_lot::Mutex::new(Vec::new()),
+ message_to_client_handlers: Mutex::new(Vec::new()),
+ sign_out_tx: Mutex::new(None),
#[cfg(any(test, feature = "test-support"))]
authenticate: Default::default(),
@@ -1519,6 +1522,13 @@ impl Client {
}
}
+ /// Requests a sign out to be performed asynchronously.
+ pub fn request_sign_out(&self) {
+ if let Some(sign_out_tx) = self.sign_out_tx.lock().clone() {
+ sign_out_tx.unbounded_send(()).ok();
+ }
+ }
+
pub fn disconnect(self: &Arc<Self>, cx: &AsyncApp) {
self.peer.teardown();
self.set_status(Status::SignedOut, cx);
@@ -1706,7 +1716,7 @@ impl ProtoClient for Client {
self.peer.send_dynamic(connection_id, envelope)
}
- fn message_handler_set(&self) -> &parking_lot::Mutex<ProtoMessageHandlerSet> {
+ fn message_handler_set(&self) -> &Mutex<ProtoMessageHandlerSet> {
&self.handler_set
}
@@ -118,6 +118,7 @@ pub struct UserStore {
client: Weak<Client>,
_maintain_contacts: Task<()>,
_maintain_current_user: Task<Result<()>>,
+ _handle_sign_out: Task<()>,
weak_self: WeakEntity<Self>,
}
@@ -165,12 +166,14 @@ pub struct RequestUsage {
impl UserStore {
pub fn new(client: Arc<Client>, cx: &Context<Self>) -> Self {
let (mut current_user_tx, current_user_rx) = watch::channel();
+ let (sign_out_tx, mut sign_out_rx) = mpsc::unbounded();
let (update_contacts_tx, mut update_contacts_rx) = mpsc::unbounded();
let rpc_subscriptions = vec![
client.add_message_handler(cx.weak_entity(), Self::handle_update_contacts),
client.add_message_handler(cx.weak_entity(), Self::handle_show_contacts),
];
+ client.sign_out_tx.lock().replace(sign_out_tx);
client.add_message_to_client_handler({
let this = cx.weak_entity();
move |message, cx| Self::handle_message_to_client(this.clone(), message, cx)
@@ -281,6 +284,19 @@ impl UserStore {
}
Ok(())
}),
+ _handle_sign_out: cx.spawn(async move |this, cx| {
+ while let Some(()) = sign_out_rx.next().await {
+ let Some(client) = this
+ .read_with(cx, |this, _cx| this.client.upgrade())
+ .ok()
+ .flatten()
+ else {
+ break;
+ };
+
+ client.sign_out(cx).await;
+ }
+ }),
pending_contact_requests: Default::default(),
weak_self: cx.weak_entity(),
}
@@ -20,4 +20,5 @@ gpui_tokio.workspace = true
http_client.workspace = true
parking_lot.workspace = true
serde_json.workspace = true
+thiserror.workspace = true
yawc.workspace = true
@@ -11,6 +11,7 @@ use gpui_tokio::Tokio;
use http_client::http::request;
use http_client::{AsyncBody, HttpClientWithUrl, HttpRequestExt, Method, Request, StatusCode};
use parking_lot::RwLock;
+use thiserror::Error;
use yawc::WebSocket;
use crate::websocket::Connection;
@@ -20,6 +21,14 @@ struct Credentials {
access_token: String,
}
+#[derive(Debug, Error)]
+pub enum ClientApiError {
+ #[error("Unauthorized")]
+ Unauthorized,
+ #[error(transparent)]
+ Other(#[from] anyhow::Error),
+}
+
pub struct CloudApiClient {
credentials: RwLock<Option<Credentials>>,
http_client: Arc<HttpClientWithUrl>,
@@ -58,7 +67,9 @@ impl CloudApiClient {
build_request(req, body, credentials)
}
- pub async fn get_authenticated_user(&self) -> Result<GetAuthenticatedUserResponse> {
+ pub async fn get_authenticated_user(
+ &self,
+ ) -> Result<GetAuthenticatedUserResponse, ClientApiError> {
let request = self.build_request(
Request::builder().method(Method::GET).uri(
self.http_client
@@ -71,19 +82,31 @@ impl CloudApiClient {
let mut response = self.http_client.send(request).await?;
if !response.status().is_success() {
+ if response.status() == StatusCode::UNAUTHORIZED {
+ return Err(ClientApiError::Unauthorized);
+ }
+
let mut body = String::new();
- response.body_mut().read_to_string(&mut body).await?;
+ response
+ .body_mut()
+ .read_to_string(&mut body)
+ .await
+ .context("failed to read response body")?;
- anyhow::bail!(
+ return Err(ClientApiError::Other(anyhow::anyhow!(
"Failed to get authenticated user.\nStatus: {:?}\nBody: {body}",
response.status()
- )
+ )));
}
let mut body = String::new();
- response.body_mut().read_to_string(&mut body).await?;
+ response
+ .body_mut()
+ .read_to_string(&mut body)
+ .await
+ .context("failed to read response body")?;
- Ok(serde_json::from_str(&body)?)
+ Ok(serde_json::from_str(&body).context("failed to parse response body")?)
}
pub fn connect(&self, cx: &App) -> Result<Task<Result<Connection>>> {
@@ -118,7 +141,7 @@ impl CloudApiClient {
pub async fn create_llm_token(
&self,
system_id: Option<String>,
- ) -> Result<CreateLlmTokenResponse> {
+ ) -> Result<CreateLlmTokenResponse, ClientApiError> {
let request_builder = Request::builder()
.method(Method::POST)
.uri(
@@ -135,19 +158,31 @@ impl CloudApiClient {
let mut response = self.http_client.send(request).await?;
if !response.status().is_success() {
+ if response.status() == StatusCode::UNAUTHORIZED {
+ return Err(ClientApiError::Unauthorized);
+ }
+
let mut body = String::new();
- response.body_mut().read_to_string(&mut body).await?;
+ response
+ .body_mut()
+ .read_to_string(&mut body)
+ .await
+ .context("failed to read response body")?;
- anyhow::bail!(
+ return Err(ClientApiError::Other(anyhow::anyhow!(
"Failed to create LLM token.\nStatus: {:?}\nBody: {body}",
response.status()
- )
+ )));
}
let mut body = String::new();
- response.body_mut().read_to_string(&mut body).await?;
+ response
+ .body_mut()
+ .read_to_string(&mut body)
+ .await
+ .context("failed to read response body")?;
- Ok(serde_json::from_str(&body)?)
+ Ok(serde_json::from_str(&body).context("failed to parse response body")?)
}
pub async fn validate_credentials(&self, user_id: u32, access_token: &str) -> Result<bool> {
@@ -21,6 +21,7 @@ anyhow.workspace = true
credentials_provider.workspace = true
base64.workspace = true
client.workspace = true
+cloud_api_client.workspace = true
cloud_api_types.workspace = true
cloud_llm_client.workspace = true
collections.workspace = true
@@ -1,8 +1,9 @@
use std::fmt;
use std::sync::Arc;
-use anyhow::Result;
+use anyhow::{Context as _, Result};
use client::Client;
+use cloud_api_client::ClientApiError;
use cloud_api_types::websocket_protocol::MessageToClient;
use cloud_llm_client::{EXPIRED_LLM_TOKEN_HEADER_NAME, OUTDATED_LLM_TOKEN_HEADER_NAME};
use gpui::{App, AppContext as _, Context, Entity, EventEmitter, Global, ReadGlobal as _};
@@ -47,9 +48,20 @@ impl LlmApiToken {
.system_id()
.map(|system_id| system_id.to_string());
- let response = client.cloud_client().create_llm_token(system_id).await?;
- *lock = Some(response.token.0.clone());
- Ok(response.token.0)
+ let result = client.cloud_client().create_llm_token(system_id).await;
+ match result {
+ Ok(response) => {
+ *lock = Some(response.token.0.clone());
+ Ok(response.token.0)
+ }
+ Err(err) => match err {
+ ClientApiError::Unauthorized => {
+ client.request_sign_out();
+ Err(err).context("Failed to create LLM token")
+ }
+ ClientApiError::Other(err) => Err(err),
+ },
+ }
}
}
@@ -2779,6 +2779,7 @@ mod tests {
assert_eq!(cx.update(|cx| cx.windows().len()), 0);
}
+ #[ignore = "This test has timing issues across platforms."]
#[gpui::test]
async fn test_window_edit_state_restoring_enabled(cx: &mut TestAppContext) {
let app_state = init_test(cx);