fork-it/gpt-load
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'main' into feat-fe

Browse Source
This commit is contained in:
tbphp
2025-07-23 14:46:22 +08:00
parent 785c00140c 249a805425
commit f4774eb399
16 changed files with 198 additions and 208 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
internal/channel/anthropic_channel.go
View File

@@ -9,6 +9,7 @@ import (
"gpt-load/internal/models"
"io"
"net/http"
"net/url"
"strings"
"github.com/gin-gonic/gin"
@@ -60,25 +61,6 @@ func (ch *AnthropicChannel) IsStreamRequest(c *gin.Context, bodyBytes []byte) bo
return false
}
// ExtractKey extracts the API key from the x-api-key header.
func (ch *AnthropicChannel) ExtractKey(c *gin.Context) string {
// Check x-api-key header (Anthropic's standard)
if key := c.GetHeader("x-api-key"); key != "" {
return key
}
// Fallback to Authorization header for compatibility
authHeader := c.GetHeader("Authorization")
if authHeader != "" {
const bearerPrefix = "Bearer "
if strings.HasPrefix(authHeader, bearerPrefix) {
return authHeader[len(bearerPrefix):]
}
}
return ""
}
// ValidateKey checks if the given API key is valid by making a messages request.
func (ch *AnthropicChannel) ValidateKey(ctx context.Context, key string) (bool, error) {
upstreamURL := ch.getUpstreamURL()
@@ -86,7 +68,14 @@ func (ch *AnthropicChannel) ValidateKey(ctx context.Context, key string) (bool,
return false, fmt.Errorf("no upstream URL configured for channel %s", ch.Name)
}
reqURL := upstreamURL.String() + "/v1/messages"
validationEndpoint := ch.ValidationEndpoint
if validationEndpoint == "" {
validationEndpoint = "/v1/messages"
}
reqURL, err := url.JoinPath(upstreamURL.String(), validationEndpoint)
if err != nil {
return false, fmt.Errorf("failed to join upstream URL and validation endpoint: %w", err)
}
// Use a minimal, low-cost payload for validation
payload := gin.H{

4
internal/channel/base_channel.go
View File

@@ -28,6 +28,7 @@ type BaseChannel struct {
HTTPClient *http.Client
StreamClient *http.Client
TestModel string
ValidationEndpoint string
upstreamLock sync.Mutex
// Cached fields from the group for stale check
@@ -96,6 +97,9 @@ func (b *BaseChannel) IsConfigStale(group *models.Group) bool {
if b.TestModel != group.TestModel {
return true
}
if b.ValidationEndpoint != group.ValidationEndpoint {
return true
}
if !bytes.Equal(b.groupUpstreams, group.Upstreams) {
return true
}

3
internal/channel/channel.go
View File

@@ -29,9 +29,6 @@ type ChannelProxy interface {
// IsStreamRequest checks if the request is for a streaming response,
IsStreamRequest(c *gin.Context, bodyBytes []byte) bool
// ExtractKey extracts the API key from the request.
ExtractKey(c *gin.Context) string
// ValidateKey checks if the given API key is valid.
ValidateKey(ctx context.Context, key string) (bool, error)
}

1
internal/channel/factory.go
View File

@@ -145,6 +145,7 @@ func (f *Factory) newBaseChannel(name string, group *models.Group) (*BaseChannel
HTTPClient: httpClient,
StreamClient: streamClient,
TestModel: group.TestModel,
ValidationEndpoint: group.ValidationEndpoint,
channelType: group.ChannelType,
groupUpstreams: group.Upstreams,
effectiveConfig: &group.EffectiveConfig,

24
internal/channel/gemini_channel.go
View File

@@ -9,6 +9,7 @@ import (
"gpt-load/internal/models"
"io"
"net/http"
"net/url"
"strings"
"github.com/gin-gonic/gin"
@@ -40,7 +41,6 @@ func (ch *GeminiChannel) ModifyRequest(req *http.Request, apiKey *models.APIKey,
req.URL.RawQuery = q.Encode()
}
// IsStreamRequest checks if the request is for a streaming response.
func (ch *GeminiChannel) IsStreamRequest(c *gin.Context, bodyBytes []byte) bool {
path := c.Request.URL.Path
@@ -59,21 +59,6 @@ func (ch *GeminiChannel) IsStreamRequest(c *gin.Context, bodyBytes []byte) bool
return false
}
// ExtractKey extracts the API key from the X-Goog-Api-Key header or the "key" query parameter.
func (ch *GeminiChannel) ExtractKey(c *gin.Context) string {
// 1. Check X-Goog-Api-Key header
if key := c.GetHeader("X-Goog-Api-Key"); key != "" {
return key
}
// 2. Check "key" query parameter
if key := c.Query("key"); key != "" {
return key
}
return ""
}
// ValidateKey checks if the given API key is valid by making a generateContent request.
func (ch *GeminiChannel) ValidateKey(ctx context.Context, key string) (bool, error) {
upstreamURL := ch.getUpstreamURL()
@@ -81,7 +66,12 @@ func (ch *GeminiChannel) ValidateKey(ctx context.Context, key string) (bool, err
return false, fmt.Errorf("no upstream URL configured for channel %s", ch.Name)
}
reqURL := fmt.Sprintf("%s/v1beta/models/%s:generateContent?key=%s", upstreamURL.String(), ch.TestModel, key)
// Safely join the path segments
reqURL, err := url.JoinPath(upstreamURL.String(), "v1beta", "models", ch.TestModel+":generateContent")
if err != nil {
return false, fmt.Errorf("failed to create gemini validation path: %w", err)
}
reqURL += "?key=" + key
payload := gin.H{
"contents": []gin.H{

22
internal/channel/openai_channel.go
View File

@@ -9,6 +9,7 @@ import (
"gpt-load/internal/models"
"io"
"net/http"
"net/url"
"strings"
"github.com/gin-gonic/gin"
@@ -59,18 +60,6 @@ func (ch *OpenAIChannel) IsStreamRequest(c *gin.Context, bodyBytes []byte) bool
return false
}
// ExtractKey extracts the API key from the Authorization header.
func (ch *OpenAIChannel) ExtractKey(c *gin.Context) string {
authHeader := c.GetHeader("Authorization")
if authHeader != "" {
const bearerPrefix = "Bearer "
if strings.HasPrefix(authHeader, bearerPrefix) {
return authHeader[len(bearerPrefix):]
}
}
return ""
}
// ValidateKey checks if the given API key is valid by making a chat completion request.
func (ch *OpenAIChannel) ValidateKey(ctx context.Context, key string) (bool, error) {
upstreamURL := ch.getUpstreamURL()
@@ -78,7 +67,14 @@ func (ch *OpenAIChannel) ValidateKey(ctx context.Context, key string) (bool, err
return false, fmt.Errorf("no upstream URL configured for channel %s", ch.Name)
}
reqURL := upstreamURL.String() + "/v1/chat/completions"
validationEndpoint := ch.ValidationEndpoint
if validationEndpoint == "" {
validationEndpoint = "/v1/chat/completions"
}
reqURL, err := url.JoinPath(upstreamURL.String(), validationEndpoint)
if err != nil {
return false, fmt.Errorf("failed to join upstream URL and validation endpoint: %w", err)
}
// Use a minimal, low-cost payload for validation
payload := gin.H{

33
internal/handler/group_handler.go
View File

@@ -88,6 +88,20 @@ func isValidGroupName(name string) bool {
return match
}
// isValidValidationEndpoint checks if the validation endpoint is a valid path.
func isValidValidationEndpoint(endpoint string) bool {
if endpoint == "" {
return true
}
if !strings.HasPrefix(endpoint, "/") {
return false
}
if strings.Contains(endpoint, "://") {
return false
}
return true
}
// validateAndCleanConfig validates the group config against the GroupConfig struct and system-defined rules.
func (s *Server) validateAndCleanConfig(configMap map[string]any) (map[string]any, error) {
if configMap == nil {
@@ -180,6 +194,12 @@ func (s *Server) CreateGroup(c *gin.Context) {
return
}
validationEndpoint := strings.TrimSpace(req.ValidationEndpoint)
if !isValidValidationEndpoint(validationEndpoint) {
response.Error(c, app_errors.NewAPIError(app_errors.ErrValidation, "无效的测试路径。如果提供,必须是以 / 开头的有效路径且不能是完整的URL。"))
return
}
group := models.Group{
Name: name,
DisplayName: strings.TrimSpace(req.DisplayName),
@@ -188,6 +208,7 @@ func (s *Server) CreateGroup(c *gin.Context) {
ChannelType: channelType,
Sort: req.Sort,
TestModel: testModel,
ValidationEndpoint: validationEndpoint,
ParamOverrides: req.ParamOverrides,
Config: cleanedConfig,
}
@@ -229,6 +250,7 @@ type GroupUpdateRequest struct {
ChannelType *string `json:"channel_type,omitempty"`
Sort *int `json:"sort"`
TestModel string `json:"test_model"`
ValidationEndpoint *string `json:"validation_endpoint,omitempty"`
ParamOverrides map[string]any `json:"param_overrides"`
Config map[string]any `json:"config"`
}
@@ -311,6 +333,15 @@ func (s *Server) UpdateGroup(c *gin.Context) {
if req.ParamOverrides != nil {
group.ParamOverrides = req.ParamOverrides
}
if req.ValidationEndpoint != nil {
validationEndpoint := strings.TrimSpace(*req.ValidationEndpoint)
if !isValidValidationEndpoint(validationEndpoint) {
response.Error(c, app_errors.NewAPIError(app_errors.ErrValidation, "无效的测试路径。如果提供,必须是以 / 开头的有效路径且不能是完整的URL。"))
return
}
group.ValidationEndpoint = validationEndpoint
}
if req.Config != nil {
cleanedConfig, err := s.validateAndCleanConfig(req.Config)
if err != nil {
@@ -348,6 +379,7 @@ type GroupResponse struct {
ChannelType string `json:"channel_type"`
Sort int `json:"sort"`
TestModel string `json:"test_model"`
ValidationEndpoint string `json:"validation_endpoint"`
ParamOverrides datatypes.JSONMap `json:"param_overrides"`
Config datatypes.JSONMap `json:"config"`
LastValidatedAt *time.Time `json:"last_validated_at"`
@@ -377,6 +409,7 @@ func (s *Server) newGroupResponse(group *models.Group) *GroupResponse {
ChannelType: group.ChannelType,
Sort: group.Sort,
TestModel: group.TestModel,
ValidationEndpoint: group.ValidationEndpoint,
ParamOverrides: group.ParamOverrides,
Config: group.Config,
LastValidatedAt: group.LastValidatedAt,

88
internal/middleware/middleware.go
View File

@@ -6,10 +6,8 @@ import (
"strings"
"time"
"gpt-load/internal/channel"
app_errors "gpt-load/internal/errors"
"gpt-load/internal/response"
"gpt-load/internal/services"
"gpt-load/internal/types"
"github.com/gin-gonic/gin"
@@ -116,45 +114,16 @@ func CORS(config types.CORSConfig) gin.HandlerFunc {
}
// Auth creates an authentication middleware
func Auth(
authConfig types.AuthConfig,
groupManager *services.GroupManager,
channelFactory *channel.Factory,
) gin.HandlerFunc {
func Auth(authConfig types.AuthConfig) gin.HandlerFunc {
return func(c *gin.Context) {
path := c.Request.URL.Path
// Skip authentication for health endpoints
if isMonitoringEndpoint(path) {
c.Next()
return
}
var key string
var err error
if strings.HasPrefix(path, "/api") {
// Handle backend API authentication
key = extractApiKey(c)
} else if strings.HasPrefix(path, "/proxy/") {
// Handle proxy authentication
key, err = extractProxyKey(c, groupManager, channelFactory)
if err != nil {
// The error from extractProxyKey is already an APIError
if apiErr, ok := err.(*app_errors.APIError); ok {
response.Error(c, apiErr)
} else {
response.Error(c, app_errors.NewAPIError(app_errors.ErrInternalServer, err.Error()))
}
c.Abort()
return
}
} else {
// For any other paths, deny access by default
response.Error(c, app_errors.ErrResourceNotFound)
c.Abort()
return
}
key := extractAuthKey(c)
if key == "" || key != authConfig.Key {
response.Error(c, app_errors.ErrUnauthorized)
@@ -162,8 +131,6 @@ func Auth(
return
}
// Key is extracted, but validation is handled by the proxy logic itself.
// For the backend API, we've already validated it.
c.Next()
}
}
@@ -227,8 +194,10 @@ func isMonitoringEndpoint(path string) bool {
return false
}
// extractBearerKey extracts a key from the "Authorization: Bearer <key>" header.
func extractApiKey(c *gin.Context) string {
// extractAuthKey extracts a auth key.
func extractAuthKey(c *gin.Context) string {
// Bearer token
authHeader := c.GetHeader("Authorization")
if authHeader != "" {
const bearerPrefix = "Bearer "
@@ -237,39 +206,20 @@ func extractApiKey(c *gin.Context) string {
}
}
authKey := c.Query("auth_key")
if authKey != "" {
return authKey
// X-Api-Key
if key := c.GetHeader("X-Api-Key"); key != "" {
return key
}
// X-Goog-Api-Key
if key := c.GetHeader("X-Goog-Api-Key"); key != "" {
return key
}
// Query key
if key := c.Query("key"); key != "" {
return key
}
return ""
}
// extractProxyKey handles key extraction for proxy routes.
func extractProxyKey(
c *gin.Context,
groupManager *services.GroupManager,
channelFactory *channel.Factory,
) (string, error) {
groupName := c.Param("group_name")
if groupName == "" {
return "", app_errors.NewAPIError(app_errors.ErrBadRequest, "Group name is missing in the URL path")
}
group, err := groupManager.GetGroupByName(groupName)
if err != nil {
return "", app_errors.NewAPIError(app_errors.ErrResourceNotFound, fmt.Sprintf("Group '%s' not found", groupName))
}
channel, err := channelFactory.GetChannel(group)
if err != nil {
return "", app_errors.NewAPIError(app_errors.ErrInternalServer, fmt.Sprintf("Failed to get channel for group '%s'", groupName))
}
key := channel.ExtractKey(c)
if key == "" {
return "", app_errors.ErrUnauthorized
}
return key, nil
}

1
internal/models/types.go
View File

@@ -47,6 +47,7 @@ type Group struct {
DisplayName string `gorm:"type:varchar(255)" json:"display_name"`
Description string `gorm:"type:varchar(512)" json:"description"`
Upstreams datatypes.JSON `gorm:"type:json;not null" json:"upstreams"`
ValidationEndpoint string `gorm:"type:varchar(255)" json:"validation_endpoint"`
ChannelType string `gorm:"type:varchar(50);not null" json:"channel_type"`
Sort int `gorm:"default:0" json:"sort"`
TestModel string `gorm:"type:varchar(255);not null" json:"test_model"`

9
internal/proxy/server.go
View File

@@ -156,6 +156,15 @@ func (ps *ProxyServer) executeRequestWithRetry(
req.ContentLength = int64(len(bodyBytes))
req.Header = c.Request.Header.Clone()
// Clean up client auth key
req.Header.Del("Authorization")
req.Header.Del("X-Api-Key")
req.Header.Del("X-Goog-Api-Key")
q := req.URL.Query()
q.Del("key")
req.URL.RawQuery = q.Encode()
channelHandler.ModifyRequest(req, apiKey, group)
var client *http.Client

12
internal/router/router.go
View File

@@ -65,8 +65,8 @@ func NewRouter(
// 注册路由
registerSystemRoutes(router, serverHandler)
registerAPIRoutes(router, serverHandler, configManager, groupManager, channelFactory)
registerProxyRoutes(router, proxyServer, configManager, groupManager, channelFactory)
registerAPIRoutes(router, serverHandler, configManager)
registerProxyRoutes(router, proxyServer, configManager)
registerFrontendRoutes(router, buildFS, indexPage)
return router
@@ -82,8 +82,6 @@ func registerAPIRoutes(
router *gin.Engine,
serverHandler *handler.Server,
configManager types.ConfigManager,
groupManager *services.GroupManager,
channelFactory *channel.Factory,
) {
api := router.Group("/api")
authConfig := configManager.GetAuthConfig()
@@ -93,7 +91,7 @@ func registerAPIRoutes(
// 认证
protectedAPI := api.Group("")
protectedAPI.Use(middleware.Auth(authConfig, groupManager, channelFactory))
protectedAPI.Use(middleware.Auth(authConfig))
registerProtectedAPIRoutes(protectedAPI, serverHandler)
}
@@ -162,13 +160,11 @@ func registerProxyRoutes(
router *gin.Engine,
proxyServer *proxy.ProxyServer,
configManager types.ConfigManager,
groupManager *services.GroupManager,
channelFactory *channel.Factory,
) {
proxyGroup := router.Group("/proxy")
authConfig := configManager.GetAuthConfig()
proxyGroup.Use(middleware.Auth(authConfig, groupManager, channelFactory))
proxyGroup.Use(middleware.Auth(authConfig))
proxyGroup.Any("/:group_name/*path", proxyServer.HandleProxy)
}

2
web/src/api/keys.ts
View File

@@ -157,7 +157,7 @@ export const keysApi = {
const params = new URLSearchParams({
group_id: groupId.toString(),
auth_key: authKey,
key: authKey,
});
if (status !== "all") {

2
web/src/api/logs.ts
View File

@@ -31,7 +31,7 @@ export const logApi = {
{} as Record<string, string>
)
);
queryParams.append("auth_key", authKey);
queryParams.append("key", authKey);
const url = `${http.defaults.baseURL}/logs/export?${queryParams.toString()}`;

18
web/src/components/keys/GroupFormModal.vue
View File

@@ -54,6 +54,7 @@ interface GroupFormData {
channel_type: "openai" | "gemini" | "anthropic";
sort: number;
test_model: string;
validation_endpoint: string;
param_overrides: string;
config: Record<string, number>;
configItems: ConfigItem[];
@@ -73,6 +74,7 @@ const formData = reactive<GroupFormData>({
channel_type: "openai",
sort: 1,
test_model: "",
validation_endpoint: "",
param_overrides: "",
config: {},
configItems: [] as ConfigItem[],
@@ -177,6 +179,7 @@ function resetForm() {
channel_type: "openai",
sort: 1,
test_model: "",
validation_endpoint: "",
param_overrides: "",
config: {},
configItems: [],
@@ -203,6 +206,7 @@ function loadGroupData() {
channel_type: props.group.channel_type || "openai",
sort: props.group.sort || 1,
test_model: props.group.test_model || "",
validation_endpoint: props.group.validation_endpoint || "",
param_overrides: JSON.stringify(props.group.param_overrides || {}, null, 2),
config: {},
configItems,
@@ -231,6 +235,8 @@ function addUpstream() {
function removeUpstream(index: number) {
if (formData.upstreams.length > 1) {
formData.upstreams.splice(index, 1);
} else {
message.warning("至少需要保留一个上游地址");
}
}
@@ -305,6 +311,7 @@ async function handleSubmit() {
channel_type: formData.channel_type,
sort: formData.sort,
test_model: formData.test_model,
validation_endpoint: formData.validation_endpoint,
param_overrides: formData.param_overrides ? paramOverrides : undefined,
config,
};
@@ -376,6 +383,17 @@ async function handleSubmit() {
<n-input v-model:value="formData.test_model" :placeholder="testModelPlaceholder" />
</n-form-item>
<n-form-item
label="测试路径"
path="validation_endpoint"
v-if="formData.channel_type !== 'gemini'"
>
<n-input
v-model:value="formData.validation_endpoint"
placeholder="可选自定义用于验证key的API路径"
/>
</n-form-item>
<n-form-item label="排序" path="sort">
<n-input-number
v-model:value="formData.sort"

5
web/src/components/keys/GroupInfoCard.vue
View File

@@ -318,6 +318,11 @@ function resetPage() {
{{ group?.sort || 0 }}
</n-form-item>
</n-grid-item>
<n-grid-item v-if="group?.channel_type !== 'gemini'">
<n-form-item label="测试路径:">
{{ group?.validation_endpoint }}
</n-form-item>
</n-grid-item>
<n-grid-item>
<n-form-item label="描述:">
{{ group?.description || "-" }}

1
web/src/types/models.ts
View File

@@ -38,6 +38,7 @@ export interface Group {
test_model: string;
channel_type: "openai" | "gemini" | "anthropic";
upstreams: UpstreamInfo[];
validation_endpoint: string;
config: Record<string, unknown>;
api_keys?: APIKey[];
endpoint?: string;