fix: support OAuth for Gemini media understanding

Extract parseGeminiAuth() to shared infra module and use it in both embeddings-gemini.ts and inline-data.ts. Previously, inline-data.ts directly set x-goog-api-key header without handling OAuth JSON format. Now it properly supports both traditional API keys and OAuth tokens.
2026-05-07 17:51:24 +00:00 · 2026-02-16 14:19:01 +08:00
parent 3379b9d341
commit 153794080e
3 changed files with 47 additions and 38 deletions
--- a/src/infra/gemini-auth.ts
+++ b/src/infra/gemini-auth.ts
@@ -0,0 +1,40 @@
+/**
+ * Shared Gemini authentication utilities.
+ *
+ * Supports both traditional API keys and OAuth JSON format.
+ */
+
+/**
+ * Parse Gemini API key and return appropriate auth headers.
+ *
+ * OAuth format: `{"token": "...", "projectId": "..."}`
+ *
+ * @param apiKey - Either a traditional API key string or OAuth JSON
+ * @returns Headers object with appropriate authentication
+ */
+export function parseGeminiAuth(apiKey: string): { headers: Record<string, string> } {
+  // Try parsing as OAuth JSON format
+  if (apiKey.startsWith("{")) {
+    try {
+      const parsed = JSON.parse(apiKey) as { token?: string; projectId?: string };
+      if (typeof parsed.token === "string" && parsed.token) {
+        return {
+          headers: {
+            Authorization: `Bearer ${parsed.token}`,
+            "Content-Type": "application/json",
+          },
+        };
+      }
+    } catch {
+      // Parse failed, fallback to API key mode
+    }
+  }
+
+  // Default: traditional API key
+  return {
+    headers: {
+      "x-goog-api-key": apiKey,
+      "Content-Type": "application/json",
+    },
+  };
+}