Add Guest mode, periodic activity warmup, and browser client impersonation

[luuquangvu]

The following is a summary of some changes in this PR version:

• Add random jitter to start_auto_refresh
• Allow to customize browser client (impersonate)
• Enable Guest mode with limited access to advanced features
• Add periodic activity warmup to rotate session cookies
• Get account quotas, abuse status. Update RPCs to align with JS code
• Add a background task to send HTTP/2 PING frames

Close #239
Close #297

[luuquangvu]

Hi @HanaokaYuzu

Whenever you have a moment, please check out this PR. Thanks a lot.

[tassa-yoniso-manasi-karoto]

I will give this fork a shot, perhaps it can help avoiding #313 ?

I didn't review the PR's changes but I will leave a small suggestion regarding the cookie/session handling.

I hit an issue where my live browser session was valid, but gemini_webapi would still initialize as:

Account status: UNAUTHENTICATED - Session is not authenticated or cookies have expired.

The API session really was unauthenticated, and only 1-2 Gemini Pro requests would work before the webapi path degraded.

The cause seemed to be the cache-first path in get_access_token(): when __Secure-1PSID was present, the library preferred the local cached cookie file for that PSID before trying the full live/base cookie jar.

That is OK when the caller only provides __Secure-1PSID / __Secure-1PSIDTS, but it can be harmful when the caller provides a full browser/exported cookie jar. In that case, the full cookie jar may be fresher and contain session cookies like SIDCC / __Secure-1PSIDCC that the cache may not have.

This patch makes get_access_token() detect whether base_cookies contains more than just __Secure-1PSID and __Secure-1PSIDTS. If it does, it skips the cache-first path and lets the full base cookie jar be tried directly.

In practice, this removed the UNAUTHENTICATED logs & initialization state I was getting.

Patch:

  diff --git a/src/gemini_webapi/utils/get_access_token.py b/src/gemini_webapi/utils/get_access_token.py
  index 97dbc25..5ae13ba 100644
  --- a/src/gemini_webapi/utils/get_access_token.py
  +++ b/src/gemini_webapi/utils/get_access_token.py
  @@ -75,6 +75,19 @@ async def get_access_token(
           If all requests failed.
       """

  +    def _has_non_auth_cookies(cookies: dict | Cookies) -> bool:
  +        auth_names = {"__Secure-1PSID", "__Secure-1PSIDTS"}
  +        if isinstance(cookies, Cookies):
  +            for cookie in cookies.jar:
  +                if cookie.name not in auth_names and not cookie.is_expired():
  +                    return True
  +            return False
  +
  +        for name, value in cookies.items():
  +            if name not in auth_names and value:
  +                return True
  +        return False
  +
       client = AsyncSession(
           impersonate=impersonate,
           proxy=proxy,
  @@ -108,8 +121,9 @@ async def get_access_token(
       else:
           base_psid = base_cookies.get("__Secure-1PSID")
           base_psidts = base_cookies.get("__Secure-1PSIDTS")
  +    prefer_base_cookies = _has_non_auth_cookies(base_cookies)

  -    if base_psid:
  +    if base_psid and not prefer_base_cookies:
           jar = Cookies()
           jar.set("__Secure-1PSID", base_psid, domain=".google.com")
           cache_file = _get_cookies_cache_path(jar)