Add GitLab Duo OAuth and PAT cards to Web UI

[LuxVTZ]

Summary

• add GitLab Duo OAuth card to the OAuth page
• add GitLab PAT card for direct account connection
• wire new GitLab auth API calls, types, icon, and localized copy

Why

The control panel currently has no GitLab entry, so Windows/release users cannot conveniently connect GitLab Duo from the HTML UI.

Testing

• npm ci
• npm run build
• npm run lint

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the Web UI's authentication capabilities by introducing direct support for GitLab Duo. Previously, users, especially those on Windows or release versions, lacked a convenient way to connect GitLab Duo through the HTML interface. This change addresses that gap by providing both OAuth and Personal Access Token (PAT) based authentication methods, making it easier for users to integrate their GitLab accounts and utilize Duo's features.

Highlights

• GitLab Duo OAuth Integration: Added a new OAuth card for GitLab Duo, allowing users to connect via an OAuth application directly from the Web UI. This includes fields for GitLab Base URL, Client ID, and an optional Client Secret.
• GitLab Duo Personal Access Token (PAT) Support: Introduced a dedicated card for connecting GitLab Duo using a Personal Access Token (PAT), providing a faster connection method for accounts with Duo already enabled. This includes fields for GitLab Base URL and the PAT.
• Internationalization Support: Incorporated new localization strings across English, Russian, and Simplified Chinese for all new GitLab OAuth and PAT UI elements, ensuring a consistent user experience across different languages.
• API and Type System Updates: Extended the API service to support GitLab OAuth and PAT authentication flows, including new types for request parameters and response structures to handle GitLab-specific authentication details.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• src/assets/icons/gitlab.svg
  • Added a new SVG icon for GitLab to be used in the UI.
• src/i18n/locales/en.json
  • Added numerous new localization keys and their English values for GitLab Duo OAuth and Personal Access Token (PAT) features, including titles, button texts, hints, labels, and status messages.
• src/i18n/locales/ru.json
  • Added new localization keys and their Russian translations for GitLab Duo OAuth and Personal Access Token (PAT) features, covering UI elements like titles, buttons, hints, and status messages.
• src/i18n/locales/zh-CN.json
  • Added new localization keys and their Simplified Chinese translations for GitLab Duo OAuth and Personal Access Token (PAT) features, including UI texts for titles, buttons, hints, and status messages.
• src/pages/OAuthPage.tsx
  • Imported new types for GitLab PAT authentication and the GitLab SVG icon.
  • Extended the ProviderState interface to include baseUrl, clientId, and clientSecret for GitLab OAuth configuration.
  • Introduced GitLabPatState interface to manage state for PAT authentication, including base URL, token, loading status, result, and error.
  • Added gitlab to the PROVIDERS array and CALLBACK_SUPPORTED list, enabling GitLab OAuth functionality.
  • Initialized gitlabPat state with default values.
  • Modified the startAuth function to handle GitLab-specific parameters (baseUrl, clientId, clientSecret) when initiating OAuth.
  • Implemented submitGitlabPat function to handle PAT submission, including validation, API call, and state updates.
  • Added a new Card component for GitLab Duo PAT login, including input fields for base URL and personal access token, and displaying results or errors.
  • Integrated input fields for GitLab OAuth base URL, client ID, and client secret into the existing OAuth provider rendering logic.
• src/services/api/oauth.ts
  • Imported new OAuth-related types from @/types/oauth.
  • Added gitlab to the WEBUI_SUPPORTED OAuth providers list.
  • Modified the startAuth method to conditionally include base_url, client_id, and client_secret parameters for GitLab OAuth requests.
  • Introduced a new gitlabPatAuth method to handle API calls for GitLab Personal Access Token authentication.
• src/types/oauth.ts
  • Added gitlab to the OAuthProvider union type.
  • Defined OAuthStartOptions interface to include optional projectId, baseUrl, clientId, and clientSecret.
  • Defined OAuthStartResponse and OAuthStatusResponse interfaces.
  • Defined OAuthCallbackResponse interface.
  • Defined IFlowCookieAuthResponse interface.
  • Defined GitLabPatAuthResponse interface to specify the structure of the response for GitLab PAT authentication, including status, error, saved path, username, email, token label, model provider, and model name.

Activity

• No human activity has been recorded for this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[LuxVTZ]

Related backend PR for the management endpoints and callback flow: router-for-me/CLIProxyAPIPlus#433

[gemini-code-assist]

Code Review

This pull request effectively adds support for GitLab Duo authentication through both OAuth and Personal Access Tokens (PAT). However, a high-severity security vulnerability has been identified where the OAuth client_secret is insecurely transmitted as a query parameter in a GET request during authorization initiation. This could lead to the exposure of sensitive credentials in server logs and browser history, and it is strongly recommended to transition to POST requests for sensitive data transmission. The overall implementation is well-structured, with suggestions provided to improve code readability and maintainability in the OAuthPage.tsx component.

[gemini-code-assist]

The oauthApi.startAuth function transmits the GitLab client_secret as a query parameter in a GET request. Sensitive information such as OAuth client secrets should never be transmitted in query parameters because they are frequently logged by web servers, reverse proxies, and browser history. This exposure can lead to the compromise of the OAuth application credentials.

    if (provider === 'gitlab') {
      const payload: Record<string, string> = {};
      if (options?.baseUrl) {
        payload.base_url = options.baseUrl;
      }
      if (options?.clientId) {
        payload.client_id = options.clientId;
      }
      if (options?.clientSecret) {
        payload.client_secret = options.clientSecret;
      }
      return apiClient.post<OAuthStartResponse>(`/${provider}-auth-url`, payload);
    }
    return apiClient.get<OAuthStartResponse>(`/${provider}-auth-url`, {
      params: Object.keys(params).length ? params : undefined
    });

[gemini-code-assist]

The nested ternary operator for constructing the options object can be hard to read and maintain. Consider refactoring this into a more explicit if/else if structure to improve clarity.

      let authOptions: Parameters<typeof oauthApi.startAuth>[1];
      if (provider === 'gemini-cli') {
        authOptions = { projectId: projectId || undefined };
      } else if (provider === 'gitlab') {
        authOptions = {
          baseUrl: gitlabBaseUrl || undefined,
          clientId: gitlabClientId,
          clientSecret: gitlabClientSecret || undefined
        };
      }
      const res = await oauthApi.startAuth(provider, authOptions);

[gemini-code-assist]

The onChange handlers for the gitlabPat state are repetitive. To improve maintainability and reduce code duplication, you could create a generic handler function that updates a specific field in the gitlabPat state. For example, you could add this function inside your component:

const handleGitlabPatChange = (field: keyof Pick<GitLabPatState, 'baseUrl' | 'personalAccessToken'>) => (e: ChangeEvent<HTMLInputElement>) => {
  setGitlabPat((prev) => ({ ...prev, [field]: e.target.value }));
};

Then you can use it in your Input components like onChange={handleGitlabPatChange('baseUrl')}. This makes the code cleaner and easier to extend if more fields are added to the gitlabPat state in the future.

[LTbinglingfeng]

CPAMC will not adapt to CPAP