refactor:重构coze使用OAuth认证

Author: joey-zhou

src/main/java/com/xiaozhi/dialogue/llm/factory/ChatModelFactory.java

@@ -3,6 +3,7 @@
 import com.xiaozhi.communication.common.ChatSession;
 import com.xiaozhi.dialogue.llm.providers.CozeChatModel;
 import com.xiaozhi.dialogue.llm.providers.DifyChatModel;
+import com.xiaozhi.dialogue.token.factory.TokenServiceFactory;
 import com.xiaozhi.entity.SysConfig;
 import com.xiaozhi.entity.SysDevice;
 import com.xiaozhi.entity.SysRole;
@@ -50,6 +51,8 @@ public class ChatModelFactory {
     private SysRoleService roleService;
     @Autowired
     private ToolCallingManager toolCallingManager;
+    @Autowired
+    private TokenServiceFactory tokenService;
     private final Logger logger = LoggerFactory.getLogger(ChatModelFactory.class);
 
     /**
@@ -85,15 +88,21 @@ private ChatModel createChatModel(SysConfig config, SysRole role) {
         Double temperature = role.getTemperature();
         Double topP = role.getTopP();
         provider = provider.toLowerCase();
+        // Coze和Dify 拥有全局唯一配置，所以需要查询唯一配置信息来作为模型的 Token 获取
+        SysConfig agentConfig = new SysConfig().setConfigType("agent").setUserId(config.getUserId());
+        SysConfig queryConfig;
         switch (provider) {
             case "ollama":
                 return newOllamaChatModel(endpoint, appId, apiKey, apiSecret, model, temperature, topP);
             case "zhipu":
                 return newZhipuChatModel(endpoint, appId, apiKey, apiSecret, model, temperature, topP);
             case "dify":
-                return new DifyChatModel(endpoint, appId, apiKey, apiSecret, model);
+                queryConfig = configService.query(agentConfig.setProvider("dify"), null).get(0);
+                return new DifyChatModel(endpoint, queryConfig.getApiKey());
             case "coze":
-                return new CozeChatModel(endpoint, appId, apiKey, apiSecret, model);
+                queryConfig = configService.query(agentConfig.setProvider("coze"), null).get(0);
+                String token = tokenService.getTokenService(queryConfig).getToken();
+                return new CozeChatModel(token, model);
             // 默认为 openai 协议
             default:
                 return newOpenAiChatModel(endpoint, appId, apiKey, apiSecret, model, temperature, topP);

src/main/java/com/xiaozhi/dialogue/llm/providers/CozeChatModel.java

@@ -7,7 +7,9 @@
 import com.coze.openapi.client.connversations.message.model.MessageType;
 import com.coze.openapi.service.auth.TokenAuth;
 import com.coze.openapi.service.service.CozeAPI;
+
 import io.reactivex.Flowable;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.ai.chat.messages.AssistantMessage;
@@ -32,29 +34,16 @@ public class CozeChatModel implements ChatModel {
     private final CozeAPI coze;
     private final String botId;
 
-    private final String endpoint;
-    private final String apiKey;
-    private final String model;
-    private final String appId;
-    private final String apiSecret;
     private final Logger logger = LoggerFactory.getLogger(getClass());
     public static final String PROVIDER_NAME = "coze";
 
+
     /**
      * 构造函数
      *
-     * @param endpoint  API端点
-     * @param appId     应用ID (在Coze中对应botId)
-     * @param apiKey    API密钥 (在Coze中不使用)
-     * @param apiSecret API密钥 (在Coze中对应access_token)
      * @param model     模型名称 (在Coze中不使用)
      */
-    public CozeChatModel(String endpoint, String appId, String apiKey, String apiSecret, String model) {
-        this.endpoint = endpoint;
-        this.appId = appId;
-        this.apiSecret = apiSecret;
-        this.apiKey = apiKey;
-        this.model = model;
+    public CozeChatModel(String apiSecret, String model) {
 
         // 使用apiSecret作为access_token
         this.authCli = new TokenAuth(apiSecret);

src/main/java/com/xiaozhi/dialogue/llm/providers/DifyChatModel.java

@@ -33,7 +33,7 @@ public class DifyChatModel implements ChatModel {
      * @param apiSecret
      * @param model     模型名称
      */
-    public DifyChatModel(String endpoint, String appId, String apiKey, String apiSecret, String model) {
+    public DifyChatModel(String endpoint, String apiKey) {
         chatClient = DifyClientFactory.createChatClient(endpoint, apiKey);
     }
 

src/main/java/com/xiaozhi/dialogue/token/factory/TokenServiceFactory.java

@@ -6,6 +6,7 @@
 
 import com.xiaozhi.dialogue.token.TokenService;
 import com.xiaozhi.dialogue.token.providers.AliyunTokenService;
+import com.xiaozhi.dialogue.token.providers.CozeTokenService;
 import com.xiaozhi.entity.SysConfig;
 
 import jakarta.annotation.PostConstruct;
@@ -86,7 +87,7 @@ public TokenService getTokenService(SysConfig config) {
     private TokenService createTokenService(SysConfig config) {
         return switch (config.getProvider()) {
             case "aliyun" -> new AliyunTokenService(config);
-            default -> new AliyunTokenService(config);
+            default -> new CozeTokenService(config);
         };
     }
 

src/main/java/com/xiaozhi/dialogue/token/providers/AliyunTokenService.java

@@ -171,10 +171,4 @@ public boolean needsCacheCleanup() {
         return tokenCache != null && tokenCache.needsCacheCleanup();
     }
 
-    /**
-     * 获取配置ID
-     */
-    public Integer getConfigId() {
-        return configId;
-    }
 }

src/main/java/com/xiaozhi/dialogue/token/providers/CozeTokenService.java

@@ -0,0 +1,246 @@
+package com.xiaozhi.dialogue.token.providers;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.*;
+import org.springframework.web.client.RestTemplate;
+
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONObject;
+import com.xiaozhi.dialogue.token.TokenService;
+import com.xiaozhi.dialogue.token.entity.TokenCache;
+import com.xiaozhi.entity.SysConfig;
+
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.time.LocalDateTime;
+import java.util.Base64;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
+import java.util.concurrent.locks.ReentrantLock;
+
+public class CozeTokenService implements TokenService {
+
+    private static final Logger logger = LoggerFactory.getLogger(CozeTokenService.class);
+
+    private static final String PROVIDER_NAME = "coze";
+
+    private final String oauthAppId;     // OAuth应用ID
+    private final String publicKey;      // 公钥
+    private final String privateKey;     // 私钥
+    private final Integer configId;
+
+    // Token缓存
+    private volatile TokenCache tokenCache;
+    // 防止并发刷新的锁
+    private final ReentrantLock refreshLock = new ReentrantLock();
+
+    // Coze API配置
+    private static final String COZE_API_ENDPOINT = "api.coze.cn";
+    private static final String TOKEN_URL = "https://api.coze.cn/api/permission/oauth2/token";
+    private static final String ALGORITHM = "RS256";
+    private static final String TOKEN_TYPE = "JWT";
+    private static final int DEFAULT_DURATION_SECONDS = 86399; // 24小时 - 1秒
+
+    private final RestTemplate restTemplate;
+
+    public CozeTokenService(SysConfig config) {
+        this.oauthAppId = config.getAppId();    // OAuth应用ID
+        this.publicKey = config.getAk();        // 公钥
+        this.privateKey = config.getSk();       // 私钥
+        this.configId = config.getConfigId();
+
+        this.restTemplate = new RestTemplate();
+    }
+
+    @Override
+    public String getProviderName() {
+        return PROVIDER_NAME;
+    }
+
+    @Override
+    public String getToken() {
+        // 检查缓存是否存在且有效
+        if (tokenCache != null) {
+            // 更新最后使用时间
+            tokenCache.updateLastUsedTime();
+            
+            // 如果token已过期，清除缓存
+            if (tokenCache.isExpired()) {
+                clearTokenCache();
+            }
+            // 如果需要刷新（剩余1小时），异步刷新
+            else if (tokenCache.needsRefresh()) {
+                refreshTokenAsync();
+                return tokenCache.getToken(); // 返回当前还有效的token
+            }
+            // 如果token仍然有效，直接返回
+            else if (isTokenValid()) {
+                return tokenCache.getToken();
+            }
+        }
+
+        // 缓存无效或不存在，获取新token
+        return refreshToken();
+    }
+
+    @Override
+    public String refreshToken() {
+        refreshLock.lock();
+        try {
+            // 双重检查，防止重复刷新
+            if (tokenCache != null && isTokenValid() && !tokenCache.needsRefresh()) {
+                return tokenCache.getToken();
+            }
+
+            // 1. 生成JWT
+            String jwt = generateJWT();
+            
+            // 2. 使用JWT获取访问令牌
+            String accessToken = requestAccessToken(jwt);
+            
+            // 3. 计算过期时间（默认24小时）
+            LocalDateTime expireTime = LocalDateTime.now().plusSeconds(DEFAULT_DURATION_SECONDS);
+            
+            // 4. 更新缓存
+            tokenCache = new TokenCache(accessToken, expireTime);
+            
+            return accessToken;
+            
+        } catch (Exception e) {
+            throw new RuntimeException("刷新Coze Token失败: " + e.getMessage(), e);
+        } finally {
+            refreshLock.unlock();
+        }
+    }
+
+    /**
+     * 生成JWT
+     */
+    private String generateJWT() throws Exception {
+        long currentTime = System.currentTimeMillis() / 1000;
+        
+        // 构建Header
+        Map<String, Object> headers = new HashMap<>();
+        headers.put("alg", ALGORITHM);
+        headers.put("typ", TOKEN_TYPE);
+        headers.put("kid", publicKey);
+        
+        // 构建Payload
+        Map<String, Object> claims = new HashMap<>();
+        claims.put("iss", oauthAppId);               // OAuth应用ID
+        claims.put("aud", COZE_API_ENDPOINT);        // Coze API Endpoint
+        claims.put("iat", currentTime);              // 开始生效时间
+        claims.put("exp", currentTime + 600);        // JWT过期时间（10分钟后）
+        claims.put("jti", UUID.randomUUID().toString()); // 随机字符串，防止重放攻击
+        
+        // 可选参数
+        // claims.put("session_name", "user_" + configId);
+        
+        // 解析私钥
+        PrivateKey key = parsePrivateKey(privateKey);
+        
+        // 生成JWT
+        String jwt = Jwts.builder()
+                .setHeader(headers)
+                .setClaims(claims)
+                .signWith(key, SignatureAlgorithm.RS256)
+                .compact();
+                
+        return jwt;
+    }
+
+    /**
+     * 解析私钥
+     */
+    private PrivateKey parsePrivateKey(String privateKeyStr) throws Exception {
+        // 清理私钥字符串
+        String cleanKey = privateKeyStr
+                .replace("-----BEGIN PRIVATE KEY-----", "")
+                .replace("-----END PRIVATE KEY-----", "")
+                .replaceAll("\\s", "");
+        
+        // 解码Base64
+        byte[] keyBytes = Base64.getDecoder().decode(cleanKey);
+        
+        // 创建私钥
+        PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
+        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+        return keyFactory.generatePrivate(spec);
+    }
+
+    /**
+     * 使用JWT请求访问令牌
+     */
+    private String requestAccessToken(String jwt) throws Exception {
+        // 构建请求头
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.APPLICATION_JSON);
+        headers.setBearerAuth(jwt);
+        
+        // 构建请求体
+        Map<String, Object> requestBody = new HashMap<>();
+        requestBody.put("duration_seconds", DEFAULT_DURATION_SECONDS);
+        requestBody.put("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
+        
+        // 发送请求
+        HttpEntity<Map<String, Object>> request = new HttpEntity<>(requestBody, headers);
+        ResponseEntity<String> response = restTemplate.postForEntity(TOKEN_URL, request, String.class);
+        
+        if (response.getStatusCode() == HttpStatus.OK) {
+            // 直接使用fastjson解析响应
+            JSONObject jsonResponse = JSON.parseObject(response.getBody());
+            String accessToken = jsonResponse.getString("access_token");
+            
+            if (accessToken == null || accessToken.isEmpty()) {
+                throw new RuntimeException("响应中未找到access_token字段");
+            }
+            
+            return accessToken;
+        } else {
+            throw new RuntimeException("Coze API返回错误，HTTP状态码: " + response.getStatusCode() + 
+                                     ", 响应: " + response.getBody());
+        }
+    }
+
+    @Override
+    public boolean isTokenValid() {
+        if (tokenCache == null) {
+            return false;
+        }
+        
+        // 检查token是否过期
+        return !tokenCache.isExpired();
+    }
+
+    @Override
+    public void clearTokenCache() {
+        tokenCache = null;
+    }
+
+    /**
+     * 使用虚拟线程异步刷新token
+     */
+    private void refreshTokenAsync() {
+        Thread.startVirtualThread(() -> {
+            try {
+                refreshToken();
+            } catch (Exception e) {
+                logger.error("虚拟线程异步刷新Coze Token失败，configId: {}: {}", configId, e.getMessage(), e);
+            }
+        });
+    }
+
+    /**
+     * 检查是否需要清除缓存（超过24小时未使用）
+     */
+    public boolean needsCacheCleanup() {
+        return tokenCache != null && tokenCache.needsCacheCleanup();
+    }
+
+}

src/main/java/com/xiaozhi/entity/SysAgent.java

@@ -17,9 +17,6 @@ public class SysAgent extends SysConfig {
     /** 智能体名称 */
     private String agentName;
 
-    /** 平台智能体空间ID */
-    private String spaceId;
-
     /** 平台智能体ID */
     private String botId;
 
@@ -51,15 +48,6 @@ public SysAgent setAgentName(String agentName) {
         return this;
     }
 
-    public String getSpaceId() {
-        return spaceId;
-    }
-
-    public SysAgent setSpaceId(String spaceId) {
-        this.spaceId = spaceId;
-        return this;
-    }
-
     public String getBotId() {
         return botId;
     }