fix: bound subscription login completion time

joohw · joohw · commit 6041a2e7bfe1 · 2026-06-03T16:43:20.000+08:00
diff --git a/core/internal/buildinfo/buildinfo.go b/core/internal/buildinfo/buildinfo.go
@@ -4,7 +4,7 @@ import "strings"
 
 // Set at link time via -ldflags (see .goreleaser.yaml).
 var (
-	Version = "dev0.1.91"
+	Version = "dev0.1.92"
 	Commit  = "none"
 	Date    = "unknown"
 )
diff --git a/core/internal/subscriptionauth/oauth.go b/core/internal/subscriptionauth/oauth.go
@@ -41,7 +41,8 @@ const (
 	codexScope        = "openid profile email offline_access"
 	codexAuthClaim    = "https://api.openai.com/auth"
 
-	loginTimeout = 10 * time.Minute
+	loginTimeout         = 10 * time.Minute
+	tokenExchangeTimeout = 45 * time.Second
 )
 
 // claudeTokenURL is a var (not const) so tests can point it at a local server.
@@ -127,7 +128,9 @@ func loginClaude(ctx context.Context, openBrowser bool) (string, error) {
 	if err != nil {
 		return authURL, err
 	}
-	creds, err := exchangeClaudeCode(ctx, cb.Code, cb.State, pkce.Verifier, redirectURI)
+	exchangeCtx, exchangeCancel := context.WithTimeout(ctx, tokenExchangeTimeout)
+	defer exchangeCancel()
+	creds, err := exchangeClaudeCode(exchangeCtx, cb.Code, cb.State, pkce.Verifier, redirectURI)
 	if err != nil {
 		return authURL, err
 	}
@@ -178,7 +181,9 @@ func loginCodex(ctx context.Context, openBrowser bool) (string, error) {
 	if err != nil {
 		return authURL, err
 	}
-	creds, err := exchangeCodexCode(ctx, cb.Code, pkce.Verifier, redirectURI)
+	exchangeCtx, exchangeCancel := context.WithTimeout(ctx, tokenExchangeTimeout)
+	defer exchangeCancel()
+	creds, err := exchangeCodexCode(exchangeCtx, cb.Code, pkce.Verifier, redirectURI)
 	if err != nil {
 		return authURL, err
 	}
diff --git a/electron/clovapi-desktop.js b/electron/clovapi-desktop.js
@@ -175,6 +175,7 @@ async function authLogin(provider) {
   const result = await runClovapiLongAsync(["auth", "login", "--provider", providerId, "--json"], {
     cancelKey: providerId,
     onOutput: outputHandler,
+    timeout: AUTH_LOGIN_TIMEOUT,
   });
   if (result.cancelled) {
     return { ok: false, cancelled: true, error: "已取消登录" };
diff --git a/electron/clovapi-exec.js b/electron/clovapi-exec.js
@@ -699,12 +699,22 @@ async function runClovapiLongAsync(args, options = {}) {
     const stderrChunks = [];
     let settled = false;
     const onOutput = options.onOutput;
+    const longRunTimeout = Number(options.timeout);
+    let timeoutTimer = null;
+    if (Number.isFinite(longRunTimeout) && longRunTimeout > 0) {
+      timeoutTimer = setTimeout(() => {
+        emitLongRunOutput(onOutput, "system", `\n[timeout] after ${longRunTimeout}ms\n`);
+        killChildTree(child);
+      }, longRunTimeout);
+      timeoutTimer.unref?.();
+    }
     emitLongRunOutput(onOutput, "system", `$ ${exe} ${args.join(" ")}\n`);
 
     const finish = (result) => {
       if (settled) return;
       settled = true;
       if (cancelKey) activeLongRuns.delete(cancelKey);
+      if (timeoutTimer) clearTimeout(timeoutTimer);
       resolve(result);
     };
 
diff --git a/electron/package.json b/electron/package.json
@@ -1,7 +1,7 @@
 {
   "name": "clovapi-switcher",
   "private": true,
-  "version": "0.2.9",
+  "version": "0.2.10",
   "description": "ClovAPI Switcher desktop app",
   "main": "main.js",
   "type": "commonjs",

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ import "strings"`
`4`	`4`
`5`	`5`	`// Set at link time via -ldflags (see .goreleaser.yaml).`
`6`	`6`	`var (`
`7`		`- Version = "dev0.1.91"`
	`7`	`+ Version = "dev0.1.92"`
`8`	`8`	`Commit = "none"`
`9`	`9`	`Date = "unknown"`
`10`	`10`	`)`
Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,8 @@ const (`
`41`	`41`	`codexScope = "openid profile email offline_access"`
`42`	`42`	`codexAuthClaim = "https://api.openai.com/auth"`
`43`	`43`
`44`		`- loginTimeout = 10 * time.Minute`
	`44`	`+ loginTimeout = 10 * time.Minute`
	`45`	`+ tokenExchangeTimeout = 45 * time.Second`
`45`	`46`	`)`
`46`	`47`
`47`	`48`	`// claudeTokenURL is a var (not const) so tests can point it at a local server.`
`@@ -127,7 +128,9 @@ func loginClaude(ctx context.Context, openBrowser bool) (string, error) {`
`127`	`128`	`if err != nil {`
`128`	`129`	`return authURL, err`
`129`	`130`	`}`
`130`		`- creds, err := exchangeClaudeCode(ctx, cb.Code, cb.State, pkce.Verifier, redirectURI)`
	`131`	`+ exchangeCtx, exchangeCancel := context.WithTimeout(ctx, tokenExchangeTimeout)`
	`132`	`+ defer exchangeCancel()`
	`133`	`+ creds, err := exchangeClaudeCode(exchangeCtx, cb.Code, cb.State, pkce.Verifier, redirectURI)`
`131`	`134`	`if err != nil {`
`132`	`135`	`return authURL, err`
`133`	`136`	`}`
`@@ -178,7 +181,9 @@ func loginCodex(ctx context.Context, openBrowser bool) (string, error) {`
`178`	`181`	`if err != nil {`
`179`	`182`	`return authURL, err`
`180`	`183`	`}`
`181`		`- creds, err := exchangeCodexCode(ctx, cb.Code, pkce.Verifier, redirectURI)`
	`184`	`+ exchangeCtx, exchangeCancel := context.WithTimeout(ctx, tokenExchangeTimeout)`
	`185`	`+ defer exchangeCancel()`
	`186`	`+ creds, err := exchangeCodexCode(exchangeCtx, cb.Code, pkce.Verifier, redirectURI)`
`182`	`187`	`if err != nil {`
`183`	`188`	`return authURL, err`
`184`	`189`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "clovapi-switcher",`
`3`	`3`	`"private": true,`
`4`		`- "version": "0.2.9",`
	`4`	`+ "version": "0.2.10",`
`5`	`5`	`"description": "ClovAPI Switcher desktop app",`
`6`	`6`	`"main": "main.js",`
`7`	`7`	`"type": "commonjs",`