From 11a795a01ca5f75a8b029a4a0e7471e6ad6c5ec5 Mon Sep 17 00:00:00 2001 From: Kirill Turanskiy Date: Fri, 6 Mar 2026 13:06:37 +0300 Subject: [PATCH] fix: surface upstream error details in Gemini CLI OAuth onboarding UI SetOAuthSessionError previously sent generic messages to the management panel (e.g. "Failed to complete Gemini CLI onboarding"), hiding the actual error returned by Google APIs. The specific error was only written to the server log via log.Errorf, which is often inaccessible in headless/Docker deployments. Include the upstream error in all 8 OAuth error paths so the management panel shows actionable messages like "no Google Cloud projects available for this account" instead of a generic failure. --- internal/api/handlers/management/auth_files.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/internal/api/handlers/management/auth_files.go b/internal/api/handlers/management/auth_files.go index e0a16377..2e471ae8 100644 --- a/internal/api/handlers/management/auth_files.go +++ b/internal/api/handlers/management/auth_files.go @@ -1306,12 +1306,12 @@ func (h *Handler) RequestGeminiCLIToken(c *gin.Context) { projects, errAll := onboardAllGeminiProjects(ctx, gemClient, &ts) if errAll != nil { log.Errorf("Failed to complete Gemini CLI onboarding: %v", errAll) - SetOAuthSessionError(state, "Failed to complete Gemini CLI onboarding") + SetOAuthSessionError(state, fmt.Sprintf("Failed to complete Gemini CLI onboarding: %v", errAll)) return } if errVerify := ensureGeminiProjectsEnabled(ctx, gemClient, projects); errVerify != nil { log.Errorf("Failed to verify Cloud AI API status: %v", errVerify) - SetOAuthSessionError(state, "Failed to verify Cloud AI API status") + SetOAuthSessionError(state, fmt.Sprintf("Failed to verify Cloud AI API status: %v", errVerify)) return } ts.ProjectID = strings.Join(projects, ",") @@ -1320,7 +1320,7 @@ func (h *Handler) RequestGeminiCLIToken(c *gin.Context) { ts.Auto = false if errSetup := performGeminiCLISetup(ctx, gemClient, &ts, ""); errSetup != nil { log.Errorf("Google One auto-discovery failed: %v", errSetup) - SetOAuthSessionError(state, "Google One auto-discovery failed") + SetOAuthSessionError(state, fmt.Sprintf("Google One auto-discovery failed: %v", errSetup)) return } if strings.TrimSpace(ts.ProjectID) == "" { @@ -1331,19 +1331,19 @@ func (h *Handler) RequestGeminiCLIToken(c *gin.Context) { isChecked, errCheck := checkCloudAPIIsEnabled(ctx, gemClient, ts.ProjectID) if errCheck != nil { log.Errorf("Failed to verify Cloud AI API status: %v", errCheck) - SetOAuthSessionError(state, "Failed to verify Cloud AI API status") + SetOAuthSessionError(state, fmt.Sprintf("Failed to verify Cloud AI API status: %v", errCheck)) return } ts.Checked = isChecked if !isChecked { log.Error("Cloud AI API is not enabled for the auto-discovered project") - SetOAuthSessionError(state, "Cloud AI API not enabled") + SetOAuthSessionError(state, fmt.Sprintf("Cloud AI API not enabled for project %s", ts.ProjectID)) return } } else { if errEnsure := ensureGeminiProjectAndOnboard(ctx, gemClient, &ts, requestedProjectID); errEnsure != nil { log.Errorf("Failed to complete Gemini CLI onboarding: %v", errEnsure) - SetOAuthSessionError(state, "Failed to complete Gemini CLI onboarding") + SetOAuthSessionError(state, fmt.Sprintf("Failed to complete Gemini CLI onboarding: %v", errEnsure)) return } @@ -1356,13 +1356,13 @@ func (h *Handler) RequestGeminiCLIToken(c *gin.Context) { isChecked, errCheck := checkCloudAPIIsEnabled(ctx, gemClient, ts.ProjectID) if errCheck != nil { log.Errorf("Failed to verify Cloud AI API status: %v", errCheck) - SetOAuthSessionError(state, "Failed to verify Cloud AI API status") + SetOAuthSessionError(state, fmt.Sprintf("Failed to verify Cloud AI API status: %v", errCheck)) return } ts.Checked = isChecked if !isChecked { log.Error("Cloud AI API is not enabled for the selected project") - SetOAuthSessionError(state, "Cloud AI API not enabled") + SetOAuthSessionError(state, fmt.Sprintf("Cloud AI API not enabled for project %s", ts.ProjectID)) return } }