From 924f4492d83a1c19ac9b26ce2b215c1b28315560 Mon Sep 17 00:00:00 2001
From: Donnie Adams <donnie@acorn.io>
Date: Fri, 18 Oct 2024 19:09:31 -0400
Subject: [PATCH] fix: pass server URL instead of assuming localhost

Signed-off-by: Donnie Adams <donnie@acorn.io>
---
 pkg/api/handlers/agent.go     | 12 ++++++------
 pkg/api/handlers/workflows.go | 12 ++++++------
 pkg/api/router/router.go      |  4 ++--
 pkg/invoke/invoker.go         |  6 ++++--
 pkg/proxy/proxy.go            | 10 ++++------
 pkg/render/render.go          | 14 ++++++--------
 pkg/services/config.go        |  6 ++++--
 7 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/pkg/api/handlers/agent.go b/pkg/api/handlers/agent.go
index 960fe984..49ea93f7 100644
--- a/pkg/api/handlers/agent.go
+++ b/pkg/api/handlers/agent.go
@@ -17,14 +17,14 @@ import (
 )
 
 type AgentHandler struct {
-	gptscript         *gptscript.GPTScript
-	workspaceProvider string
+	gptscript *gptscript.GPTScript
+	serverURL string
 }
 
-func NewAgentHandler(gClient *gptscript.GPTScript, wp string) *AgentHandler {
+func NewAgentHandler(gClient *gptscript.GPTScript, serverURL string) *AgentHandler {
 	return &AgentHandler{
-		workspaceProvider: wp,
-		gptscript:         gClient,
+		serverURL: serverURL,
+		gptscript: gClient,
 	}
 }
 
@@ -221,7 +221,7 @@ func (a *AgentHandler) Script(req api.Context) error {
 		return fmt.Errorf("failed to get agent with id %s: %w", id, err)
 	}
 
-	tools, extraEnv, err := render.Agent(req.Context(), req.Storage, &agent, render.AgentOptions{})
+	tools, extraEnv, err := render.Agent(req.Context(), req.Storage, &agent, a.serverURL, render.AgentOptions{})
 	if err != nil {
 		return err
 	}
diff --git a/pkg/api/handlers/workflows.go b/pkg/api/handlers/workflows.go
index 4274d5ef..2a9a5d2c 100644
--- a/pkg/api/handlers/workflows.go
+++ b/pkg/api/handlers/workflows.go
@@ -17,14 +17,14 @@ import (
 )
 
 type WorkflowHandler struct {
-	gptscript         *gptscript.GPTScript
-	workspaceProvider string
+	gptscript *gptscript.GPTScript
+	serverURL string
 }
 
-func NewWorkflowHandler(gClient *gptscript.GPTScript, wp string) *WorkflowHandler {
+func NewWorkflowHandler(gClient *gptscript.GPTScript, serverURL string) *WorkflowHandler {
 	return &WorkflowHandler{
-		gptscript:         gClient,
-		workspaceProvider: wp,
+		gptscript: gClient,
+		serverURL: serverURL,
 	}
 }
 
@@ -189,7 +189,7 @@ func (a *WorkflowHandler) Script(req api.Context) error {
 		return err
 	}
 
-	tools, extraEnv, err := render.Agent(req.Context(), req.Storage, agent, render.AgentOptions{})
+	tools, extraEnv, err := render.Agent(req.Context(), req.Storage, agent, a.serverURL, render.AgentOptions{})
 	if err != nil {
 		return err
 	}
diff --git a/pkg/api/router/router.go b/pkg/api/router/router.go
index da9b2098..590e2ddf 100644
--- a/pkg/api/router/router.go
+++ b/pkg/api/router/router.go
@@ -11,8 +11,8 @@ import (
 func Router(services *services.Services) (http.Handler, error) {
 	mux := services.APIServer
 
-	agents := handlers.NewAgentHandler(services.GPTClient, "directory")
-	workflows := handlers.NewWorkflowHandler(services.GPTClient, "directory")
+	agents := handlers.NewAgentHandler(services.GPTClient, services.ServerURL)
+	workflows := handlers.NewWorkflowHandler(services.GPTClient, services.ServerURL)
 	invoker := handlers.NewInvokeHandler(services.Invoker)
 	threads := handlers.NewThreadHandler(services.GPTClient, services.Events)
 	runs := handlers.NewRunHandler(services.Events)
diff --git a/pkg/invoke/invoker.go b/pkg/invoke/invoker.go
index 253b4e7c..9e4112b1 100644
--- a/pkg/invoke/invoker.go
+++ b/pkg/invoke/invoker.go
@@ -37,15 +37,17 @@ type Invoker struct {
 	tokenService            *jwt.TokenService
 	events                  *events.Emitter
 	threadWorkspaceProvider string
+	serverURL               string
 }
 
-func NewInvoker(c kclient.Client, gptClient *gptscript.GPTScript, workspaceProviderType string, tokenService *jwt.TokenService, events *events.Emitter) *Invoker {
+func NewInvoker(c kclient.Client, gptClient *gptscript.GPTScript, serverURL, workspaceProviderType string, tokenService *jwt.TokenService, events *events.Emitter) *Invoker {
 	return &Invoker{
 		uncached:                c,
 		gptClient:               gptClient,
 		tokenService:            tokenService,
 		events:                  events,
 		threadWorkspaceProvider: workspaceProviderType,
+		serverURL:               serverURL,
 	}
 }
 
@@ -205,7 +207,7 @@ func (i *Invoker) Agent(ctx context.Context, c kclient.Client, agent *v1.Agent,
 	}
 	credContextIDs = append(credContextIDs, agent.Namespace)
 
-	tools, extraEnv, err := render.Agent(ctx, c, agent, render.AgentOptions{
+	tools, extraEnv, err := render.Agent(ctx, c, agent, i.serverURL, render.AgentOptions{
 		Thread: thread,
 	})
 	if err != nil {
diff --git a/pkg/proxy/proxy.go b/pkg/proxy/proxy.go
index 1e0e5051..9842367a 100644
--- a/pkg/proxy/proxy.go
+++ b/pkg/proxy/proxy.go
@@ -1,13 +1,12 @@
 package proxy
 
 import (
+	"errors"
 	"fmt"
 	"net/http"
 	"strings"
 	"time"
 
-	"errors"
-
 	oauth2proxy "github.com/oauth2-proxy/oauth2-proxy/v7"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/validation"
@@ -19,7 +18,6 @@ import (
 var log = mvl.Package()
 
 type Config struct {
-	AuthBaseURI        string   `usage:"Base URI for authentication" default:"http://localhost:8080"`
 	AuthCookieSecret   string   `usage:"Secret used to encrypt cookie"`
 	AuthEmailDomains   string   `usage:"Email domains allowed for authentication" default:"*"`
 	AuthAdminEmails    []string `usage:"Emails admin users"`
@@ -32,7 +30,7 @@ type Proxy struct {
 	authProviderID string
 }
 
-func New(authProviderID uint, cfg Config) (*Proxy, error) {
+func New(serverURL string, authProviderID uint, cfg Config) (*Proxy, error) {
 	oauthProxyOpts, err := options.NewLegacyOptions().ToOptions()
 	if err != nil {
 		return nil, err
@@ -44,7 +42,7 @@ func New(authProviderID uint, cfg Config) (*Proxy, error) {
 	oauthProxyOpts.Cookie.Refresh = time.Hour
 	oauthProxyOpts.Cookie.Name = "otto_access_token"
 	oauthProxyOpts.Cookie.Secret = cfg.AuthCookieSecret
-	oauthProxyOpts.Cookie.Secure = strings.HasPrefix(cfg.AuthBaseURI, "https://")
+	oauthProxyOpts.Cookie.Secure = strings.HasPrefix(serverURL, "https://")
 	oauthProxyOpts.UpstreamServers = options.UpstreamConfig{
 		Upstreams: []options.Upstream{
 			{
@@ -56,7 +54,7 @@ func New(authProviderID uint, cfg Config) (*Proxy, error) {
 		},
 	}
 
-	oauthProxyOpts.RawRedirectURL = cfg.AuthBaseURI + "/oauth2/callback"
+	oauthProxyOpts.RawRedirectURL = serverURL + "/oauth2/callback"
 	oauthProxyOpts.Providers[0].ClientID = cfg.GoogleClientID
 	oauthProxyOpts.Providers[0].ClientSecret = cfg.GoogleClientSecret
 	oauthProxyOpts.ReverseProxy = true
diff --git a/pkg/render/render.go b/pkg/render/render.go
index e28352fd..1a3151bd 100644
--- a/pkg/render/render.go
+++ b/pkg/render/render.go
@@ -20,13 +20,11 @@ var DefaultAgentParams = []string{
 	"message", "Message to send",
 }
 
-var OAuthServerURL = "http://localhost:8080"
-
 type AgentOptions struct {
 	Thread *v1.Thread
 }
 
-func Agent(ctx context.Context, db kclient.Client, agent *v1.Agent, opts AgentOptions) (_ []gptscript.ToolDef, extraEnv []string, _ error) {
+func Agent(ctx context.Context, db kclient.Client, agent *v1.Agent, oauthServerURL string, opts AgentOptions) (_ []gptscript.ToolDef, extraEnv []string, _ error) {
 	mainTool := gptscript.ToolDef{
 		Name:         agent.Spec.Manifest.Name,
 		Description:  agent.Spec.Manifest.Description,
@@ -71,7 +69,7 @@ func Agent(ctx context.Context, db kclient.Client, agent *v1.Agent, opts AgentOp
 		return nil, nil, err
 	}
 
-	if oauthEnv, err := setupOAuthApps(ctx, db, agent); err != nil {
+	if oauthEnv, err := setupOAuthApps(ctx, db, agent, oauthServerURL); err != nil {
 		return nil, nil, err
 	} else {
 		extraEnv = append(extraEnv, oauthEnv...)
@@ -80,7 +78,7 @@ func Agent(ctx context.Context, db kclient.Client, agent *v1.Agent, opts AgentOp
 	return append([]gptscript.ToolDef{mainTool}, otherTools...), extraEnv, nil
 }
 
-func setupOAuthApps(ctx context.Context, db kclient.Client, agent *v1.Agent) (extraEnv []string, _ error) {
+func setupOAuthApps(ctx context.Context, db kclient.Client, agent *v1.Agent, serverURL string) (extraEnv []string, _ error) {
 	if len(agent.Spec.Manifest.OAuthApps) == 0 {
 		return nil, nil
 	}
@@ -119,9 +117,9 @@ func setupOAuthApps(ctx context.Context, db kclient.Client, agent *v1.Agent) (ex
 		integrationEnv := strings.ReplaceAll(strings.ToUpper(app.Spec.Manifest.Integration), "-", "_")
 
 		extraEnv = append(extraEnv,
-			fmt.Sprintf("GPTSCRIPT_OAUTH_%s_AUTH_URL=%s", integrationEnv, app.AuthorizeURL(OAuthServerURL)),
-			fmt.Sprintf("GPTSCRIPT_OAUTH_%s_REFRESH_URL=%s", integrationEnv, app.RefreshURL(OAuthServerURL)),
-			fmt.Sprintf("GPTSCRIPT_OAUTH_%s_TOKEN_URL=%s", integrationEnv, v1.OAuthAppGetTokenURL(OAuthServerURL)))
+			fmt.Sprintf("GPTSCRIPT_OAUTH_%s_AUTH_URL=%s", integrationEnv, app.AuthorizeURL(serverURL)),
+			fmt.Sprintf("GPTSCRIPT_OAUTH_%s_REFRESH_URL=%s", integrationEnv, app.RefreshURL(serverURL)),
+			fmt.Sprintf("GPTSCRIPT_OAUTH_%s_TOKEN_URL=%s", integrationEnv, v1.OAuthAppGetTokenURL(serverURL)))
 	}
 
 	return extraEnv, nil
diff --git a/pkg/services/config.go b/pkg/services/config.go
index a0933527..759eb575 100644
--- a/pkg/services/config.go
+++ b/pkg/services/config.go
@@ -57,6 +57,7 @@ type Config struct {
 type Services struct {
 	ToolRegistryURL       string
 	WorkspaceProviderType string
+	ServerURL             string
 	DevUIPort             int
 	Events                *events.Emitter
 	StorageClient         storage.Client
@@ -155,7 +156,7 @@ func New(ctx context.Context, config Config) (*Services, error) {
 
 	if config.GoogleClientID != "" && config.GoogleClientSecret != "" {
 		// "Authentication Enabled" flow
-		proxyServer, err = proxy.New(authProviderID, proxy.Config(config.AuthConfig))
+		proxyServer, err = proxy.New(config.Hostname, authProviderID, proxy.Config(config.AuthConfig))
 		if err != nil {
 			return nil, fmt.Errorf("failed to start auth server: %w", err)
 		}
@@ -184,6 +185,7 @@ func New(ctx context.Context, config Config) (*Services, error) {
 	// For now, always auto-migrate the gateway database
 	return &Services{
 		WorkspaceProviderType: config.WorkspaceProviderType,
+		ServerURL:             config.Hostname,
 		DevUIPort:             devPort,
 		ToolRegistryURL:       config.ToolRegistry,
 		Events:                events,
@@ -192,7 +194,7 @@ func New(ctx context.Context, config Config) (*Services, error) {
 		GPTClient:             c,
 		APIServer:             server.NewServer(storageClient, c, authn.NewAuthenticator(authenticators), authz.NewAuthorizer()),
 		TokenServer:           tokenServer,
-		Invoker:               invoke.NewInvoker(storageClient, c, config.WorkspaceProviderType, tokenServer, events),
+		Invoker:               invoke.NewInvoker(storageClient, c, config.Hostname, config.WorkspaceProviderType, tokenServer, events),
 		AIHelper:              aihelper.New(c, config.HelperModel),
 		GatewayServer:         gatewayServer,
 		ProxyServer:           proxyServer,