zack3d/OAI-Proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: zack3d/OAI-Proxy:add-tool-fix-claude
Branches Tags
zack3d/OAI-Proxy:main zack3d/OAI-Proxy:o1-role-reasoning zack3d/OAI-Proxy:o1-200k zack3d/OAI-Proxy:o1-check-family zack3d/OAI-Proxy:penurin-main-patch-71429 zack3d/OAI-Proxy:add-tool-fix-claude zack3d/OAI-Proxy:oai-deprecated-toolcall-fix zack3d/OAI-Proxy:aws-mistral zack3d/OAI-Proxy:cohere zack3d/OAI-Proxy:sqlite-users zack3d/OAI-Proxy:api-support-refactor zack3d/OAI-Proxy:combined-endpoint zack3d/OAI-Proxy:fix-express-trust-proxy zack3d/OAI-Proxy:captcha zack3d/OAI-Proxy:key-persistence zack3d/OAI-Proxy:add-assistant-postamble zack3d/OAI-Proxy:datasets-persistence zack3d/OAI-Proxy:tokenize zack3d/OAI-Proxy:scale-autochurn zack3d/OAI-Proxy:airtable-logging
..
pull from: zack3d/OAI-Proxy:o1-role-reasoning
Branches Tags
zack3d/OAI-Proxy:main zack3d/OAI-Proxy:o1-role-reasoning zack3d/OAI-Proxy:o1-200k zack3d/OAI-Proxy:o1-check-family zack3d/OAI-Proxy:penurin-main-patch-71429 zack3d/OAI-Proxy:add-tool-fix-claude zack3d/OAI-Proxy:oai-deprecated-toolcall-fix zack3d/OAI-Proxy:aws-mistral zack3d/OAI-Proxy:cohere zack3d/OAI-Proxy:sqlite-users zack3d/OAI-Proxy:api-support-refactor zack3d/OAI-Proxy:combined-endpoint zack3d/OAI-Proxy:fix-express-trust-proxy zack3d/OAI-Proxy:captcha zack3d/OAI-Proxy:key-persistence zack3d/OAI-Proxy:add-assistant-postamble zack3d/OAI-Proxy:datasets-persistence zack3d/OAI-Proxy:tokenize zack3d/OAI-Proxy:scale-autochurn zack3d/OAI-Proxy:airtable-logging

47 Commits
add-tool-fix-claude .. o1-role-reasoning

Author SHA1 Message Date
penurin 75cb98c727 o1 "developer" role support and reasoning effort 2024-12-27 17:29:32 +00:00
nai-degen 36e2430a8f adjusts gemini keychecker to trigger real generation for better rate limit detection 2024-12-07 01:31:10 -06:00
nai-degen 28447d0811 resolves server-side error when a Gemini prompt is blocked due to safety 2024-12-07 00:54:13 -06:00
nai-degen 6d54cbc785 maybe handles gemini daily key block idk 2024-12-05 15:06:29 -06:00
nai-degen 9d7a4f4b51 maybe fixes gemini's fucked error messages idk 2024-12-05 14:54:35 -06:00
nai-degen 3496a2a9bd fixes incorrect 3.5 sonnet v2 model id in gcp model reassignment 2024-12-03 19:53:56 -06:00
nai-degen 5072638ec2 attempt at fixing persistent 'invalid csrf token' error on some browsers 2024-12-03 19:49:47 -06:00
Nopm 8a325a1e0b Add 2 million Google AI context (khanon/oai-reverse-proxy!82) 2024-12-04 01:27:21 +00:00
khanon 5eeb2875b4 adds haiku 3.5 2024-11-04 18:20:19 +00:00
khanon c67dad1617 fixes AWS claude v2 2024-10-25 18:10:26 +00:00
khanon fe61745e24 fixes issue with AWS model assignment when requesting legacy claude (claude-2.1, etc) 2024-10-25 17:49:24 +00:00
nai-degen 251ea6d412 fixes typo in AWS ThrottlingException 2024-10-23 15:36:21 -05:00
nai-degen 55f7337ea4 adjusts AWS keychecker to treat rate limited models as available models 2024-10-23 15:35:32 -05:00
nai-degen f3b876887e fixes issue with AWS model name reassignment 2024-10-23 13:59:10 -05:00
nai-degen 49c578f4dc adds Sonnet 3.5v2 AWS model ID and adjusts AWS model assignment to raise error on no match 2024-10-23 13:39:34 -05:00
khanon 4190d5fef6 fixes missing comma....... 2024-10-22 16:06:39 +00:00
khanon 1644e82f25 adds Sonnet 20241022 snapshot IDs 2024-10-22 15:52:52 +00:00
nai-degen 0bbdc0b841 fixes google ai language filter and updates readme 2024-10-18 23:15:02 -05:00
nai-degen c4a633a5d6 fixes gcp oauth2 token refresh not updating cloned key instance 2024-10-18 22:41:24 -05:00
nai-degen 0c6ec3254f finally DOES something about broken GCP streaming, boebeitfully 2024-10-12 20:10:59 -05:00
nai-degen 13aa55cd3d handles gemini ai test message from sillytavern 2024-10-12 09:01:08 -05:00
nai-degen ba4532b38d more fixes for annoying gemini API design that allows arrays or single objects for contents parts 2024-10-09 17:11:53 -05:00
nai-degen b57627e69b adds stripHeaders to global mutators in createQueuedProxyMiddleware 2024-10-09 16:59:12 -05:00
nai-degen 536803853a uses removeHeader instead of setHeader to empty string 2024-10-09 16:44:53 -05:00
nai-degen ad0a3c0936 removes cors/sec-fetch headers to fix venus chub with anthropic api 2024-10-09 16:33:54 -05:00
nai-degen 161f5aba3e handles sillytavern using both camel and snake-cased parameters for gemini api 2024-10-06 11:03:48 -05:00
nai-degen 514d1b7e31 fixes azure 2024-10-01 16:15:04 -05:00
nai-degen 22d7f966c6 fixes for gemini api streaming 2024-09-29 12:44:18 -05:00
nai-degen cfb6353c65 updates google ai safety settings schema 2024-09-25 21:19:17 -05:00
nai-degen a7fed3136e fixes google ai gemini 2024-09-25 15:58:52 -05:00
nai-degen 29638cf26e minor cleanup to pow challenge 2024-09-22 11:28:33 -05:00
nai-degen ee26e7be65 various improvements and fixes to PoW challenge UI and token refresh 2024-09-22 11:11:30 -05:00
nai-degen ff0d3dfdcd prevents overwriting anthropic-version header if it's already provided 2024-09-19 00:55:17 -05:00
nai-degen 81a3ae1746 maybe fixes missing anthropic version header in some cases 2024-09-19 00:50:17 -05:00
nai-degen 4dfd57fcb4 updates render dockerfile to correctly copy patches dir into build context 2024-09-16 23:39:43 -05:00
khanon d21e274358 Add configurable network interface or SOCKS/HTTP proxy for outgoing requests (khanon/oai-reverse-proxy!80) 2024-09-16 15:17:57 +00:00
nai-degen 6e97e036b2 fixes refreshed PoW tokens not actually being reactivated 2024-09-15 18:01:23 -05:00
nai-degen 7a4a16dd2f fixes chatgpt-latest missing from models endpoint 2024-09-15 06:02:35 -05:00
nai-degen f1cfa644c5 maybe fixes openai sk-svcacct keys 2024-09-13 00:55:29 -05:00
nai-degen 6a908b09cb adds preliminary openai o1 support and some improvements to openai keychecker 2024-09-12 23:03:33 -05:00
nai-degen 86772ab32a adds 503 as a 'successful' AWS keychecker response to deal with temporary outages 2024-09-11 02:42:59 -05:00
honeytree bd87ca60f7 Implement priority queue by tokens (khanon/oai-reverse-proxy!79) 2024-09-09 16:48:46 +00:00
nai-degen ac1897fd17 returns more clear proxy_note hint on AWS 503 error 2024-09-09 09:56:18 -05:00
nai-degen 2a6f85e2e2 Revert "handles AWS HTTP 503 ServiceUnavailableException similarly to 429s" 
This reverts commit ffcaa23511.
 2024-09-09 09:43:59 -05:00
nai-degen ffcaa23511 handles AWS HTTP 503 ServiceUnavailableException similarly to 429s 2024-09-09 08:07:53 -05:00
nai-degen 1d5b8efa23 reduces key lockout period to more quickly drain queue after AWS rate limit resolves 2024-09-08 17:17:22 -05:00
nai-degen 905273abf2 fixes aws mistral token cost estimation 2024-09-08 17:15:59 -05:00
91 changed files with 3339 additions and 1990 deletions
Expand all files Collapse all files
.env.example
+73 -55
View File
@@ -8,6 +8,9 @@
# Use production mode unless you are developing locally.
NODE_ENV=production
# Detail level of diagnostic logging. (trace | debug | info | warn | error)
# LOG_LEVEL=info
# ------------------------------------------------------------------------------
# General settings:
@@ -24,30 +27,29 @@ NODE_ENV=production
# Max number of context tokens a user can request at once.
# Increase this if your proxy allow GPT 32k or 128k context
# MAX_CONTEXT_TOKENS_OPENAI=16384
# MAX_CONTEXT_TOKENS_OPENAI=32768
# MAX_CONTEXT_TOKENS_ANTHROPIC=32768
# Max number of output tokens a user can request at once.
# MAX_OUTPUT_TOKENS_OPENAI=400
# MAX_OUTPUT_TOKENS_ANTHROPIC=400
# MAX_OUTPUT_TOKENS_OPENAI=1024
# MAX_OUTPUT_TOKENS_ANTHROPIC=1024
# Whether to show the estimated cost of consumed tokens on the info page.
# SHOW_TOKEN_COSTS=false
# Whether to automatically check API keys for validity.
# Note: CHECK_KEYS is disabled by default in local development mode, but enabled
# by default in production mode.
# Disabled by default in local development mode, but enabled in production.
# CHECK_KEYS=true
# Which model types users are allowed to access.
# The following model families are recognized:
# turbo | gpt4 | gpt4-32k | gpt4-turbo | gpt4o | o1 | dall-e | claude
# | claude-opus | gemini-flash | gemini-pro | gemini-ultra | mistral-tiny |
# | mistral-small | mistral-medium | mistral-large | aws-claude |
# | aws-claude-opus | gcp-claude | gcp-claude-opus | azure-turbo | azure-gpt4
# | azure-gpt4-32k | azure-gpt4-turbo | azure-gpt4o | azure-o1 | azure-dall-e
# turbo | gpt4 | gpt4-32k | gpt4-turbo | gpt4o | dall-e | claude | claude-opus
# | gemini-flash | gemini-pro | gemini-ultra | mistral-tiny | mistral-small
# | mistral-medium | mistral-large | aws-claude | aws-claude-opus | gcp-claude
# | gcp-claude-opus | azure-turbo | azure-gpt4 | azure-gpt4-32k
# | azure-gpt4-turbo | azure-gpt4o | azure-dall-e
# By default, all models are allowed except for 'dall-e' / 'azure-dall-e'.
# By default, all models are allowed except for dall-e and o1.
# To allow DALL-E image generation, uncomment the line below and add 'dall-e' or
# 'azure-dall-e' to the list of allowed model families.
# ALLOWED_MODEL_FAMILIES=turbo,gpt4,gpt4-32k,gpt4-turbo,gpt4o,claude,claude-opus,gemini-flash,gemini-pro,gemini-ultra,mistral-tiny,mistral-small,mistral-medium,mistral-large,aws-claude,aws-claude-opus,gcp-claude,gcp-claude-opus,azure-turbo,azure-gpt4,azure-gpt4-32k,azure-gpt4-turbo,azure-gpt4o
@@ -60,6 +62,42 @@ NODE_ENV=production
# By default, no image services are allowed and image prompts are rejected.
# ALLOWED_VISION_SERVICES=
# Whether prompts should be logged to Google Sheets.
# Requires additional setup. See `docs/google-sheets.md` for more information.
# PROMPT_LOGGING=false
# Specifies the number of proxies or load balancers in front of the server.
# For Cloudflare or Hugging Face deployments, the default of 1 is correct.
# For any other deployments, please see config.ts as the correct configuration
# depends on your setup. Misconfiguring this value can result in problems
# accurately tracking IP addresses and enforcing rate limits.
# TRUSTED_PROXIES=1
# Whether cookies should be set without the Secure flag, for hosts that don't
# support SSL. True by default in development, false in production.
# USE_INSECURE_COOKIES=false
# Reorganizes requests in the queue according to their token count, placing
# larger prompts further back. The penalty is determined by (promptTokens *
# TOKENS_PUNISHMENT_FACTOR). A value of 1.0 adds one second per 1000 tokens.
# When there is no queue or it is very short, the effect is negligible (this
# setting only reorders the queue, it does not artificially delay requests).
# TOKENS_PUNISHMENT_FACTOR=0.0
# Captcha verification settings. Refer to docs/pow-captcha.md for guidance.
# CAPTCHA_MODE=none
# POW_TOKEN_HOURS=24
# POW_TOKEN_MAX_IPS=2
# POW_DIFFICULTY_LEVEL=low
# POW_CHALLENGE_TIMEOUT=30
# -------------------------------------------------------------------------------
# Blocking settings:
# Allows blocking requests depending on content, referers, or IP addresses.
# This is a convenience feature; if you need more robust functionality it is
# highly recommended to put this application behind nginx or Cloudflare, as they
# will have better performance.
# IP addresses or CIDR blocks from which requests will be blocked.
# IP_BLACKLIST=10.0.0.1/24
# URLs from which requests will be blocked.
@@ -68,35 +106,13 @@ NODE_ENV=production
# BLOCK_MESSAGE="You must be over the age of majority in your country to use this service."
# Destination to redirect blocked requests to.
# BLOCK_REDIRECT="https://roblox.com/"
# Comma-separated list of phrases that will be rejected. Only whole words are matched.
# Surround phrases with quotes if they contain commas.
# Avoid short or common phrases as this tests the entire prompt.
# Comma-separated list of phrases that will be rejected. Surround phrases with
# quotes if they contain commas. You can use regular expression tokens.
# Avoid overly broad phrases as will trigger on any match in the entire prompt.
# REJECT_PHRASES="phrase one,phrase two,"phrase three, which has a comma",phrase four"
# Message to show when requests are rejected.
# REJECT_MESSAGE="You can't say that here."
# Whether prompts should be logged to Google Sheets.
# Requires additional setup. See `docs/google-sheets.md` for more information.
# PROMPT_LOGGING=false
# The port and network interface to listen on.
# PORT=7860
# BIND_ADDRESS=0.0.0.0
# Whether cookies should be set without the Secure flag, for hosts that don't support SSL.
# USE_INSECURE_COOKIES=false
# Detail level of logging. (trace | debug | info | warn | error)
# LOG_LEVEL=info
# Captcha verification settings. Refer to docs/pow-captcha.md for guidance.
# CAPTCHA_MODE=none
# POW_TOKEN_HOURS=24
# POW_TOKEN_MAX_IPS=2
# POW_DIFFICULTY_LEVEL=low
# POW_CHALLENGE_TIMEOUT=30
# ------------------------------------------------------------------------------
# Optional settings for user management, access control, and quota enforcement:
# See `docs/user-management.md` for more information and setup instructions.
@@ -116,15 +132,8 @@ NODE_ENV=production
# ALLOW_NICKNAME_CHANGES=true
# Default token quotas for each model family. (0 for unlimited)
# Specify as TOKEN_QUOTA_MODEL_FAMILY=value, replacing dashes with underscores.
# TOKEN_QUOTA_TURBO=0
# TOKEN_QUOTA_GPT4=0
# TOKEN_QUOTA_GPT4_32K=0
# TOKEN_QUOTA_GPT4_TURBO=0
# TOKEN_QUOTA_CLAUDE=0
# TOKEN_QUOTA_GEMINI_PRO=0
# TOKEN_QUOTA_AWS_CLAUDE=0
# TOKEN_QUOTA_GCP_CLAUDE=0
# Specify as TOKEN_QUOTA_MODEL_FAMILY=value (replacing dashes with underscores).
# eg. TOKEN_QUOTA_TURBO=0, TOKEN_QUOTA_GPT4=1000000, TOKEN_QUOTA_GPT4_32K=100000
# "Tokens" for image-generation models are counted at a rate of 100000 tokens
# per US$1.00 generated, which is similar to the cost of GPT-4 Turbo.
# DALL-E 3 costs around US$0.10 per image (10000 tokens).
@@ -135,12 +144,22 @@ NODE_ENV=production
# Leave unset to never automatically refresh quotas.
# QUOTA_REFRESH_PERIOD=daily
# Specifies the number of proxies or load balancers in front of the server.
# For Cloudflare or Hugging Face deployments, the default of 1 is correct.
# For any other deployments, please see config.ts as the correct configuration
# depends on your setup. Misconfiguring this value can result in problems
# accurately tracking IP addresses and enforcing rate limits.
# TRUSTED_PROXIES=1
# -------------------------------------------------------------------------------
# HTTP agent settings:
# If you need to change how the proxy makes requests to other servers, such
# as when checking keys or forwarding users' requests to external services,
# you can configure an alternative HTTP agent. Otherwise the default OS settings
# will be used.
# The name of the network interface to use. The first external IPv4 address
# belonging to this interface will be used for outgoing requests.
# HTTP_AGENT_INTERFACE=enp0s3
# The URL of a proxy server to use. Supports SOCKS4, SOCKS5, HTTP, and HTTPS.
# Note that if your proxy server issues a self-signed certificate, you may need
# NODE_EXTRA_CA_CERTS set to the path to your certificate. You will need to set
# that variable in your environment, not in this file.
# HTTP_AGENT_PROXY_URL=http://test:test@127.0.0.1:8000
# ------------------------------------------------------------------------------
# Secrets and keys:
@@ -164,11 +183,10 @@ GCP_CREDENTIALS=project-id:client-email:region:private-key
# With user_token gatekeeper, the admin password used to manage users.
# ADMIN_KEY=your-very-secret-key
# To restrict access to the admin interface to specific IP addresses, set the
# ADMIN_WHITELIST environment variable to a comma-separated list of CIDR blocks.
# Restrict access to the admin interface to specific IP addresses, specified
# as a comma-separated list of CIDR ranges.
# ADMIN_WHITELIST=0.0.0.0/0
# With firebase_rtdb gatekeeper storage, the Firebase project credentials.
# FIREBASE_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# FIREBASE_RTDB_URL=https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.firebaseio.com
README.md
+35 -30
View File
@@ -1,15 +1,20 @@
# OAI Reverse Proxy
Reverse proxy server for various LLM APIs.
### Table of Contents
- [What is this?](#what-is-this)
- [Features](#features)
- [Usage Instructions](#usage-instructions)
- [Self-hosting](#self-hosting)
- [Huggingface (outdated, not advised)](#huggingface-outdated-not-advised)
- [Render (outdated, not advised)](#render-outdated-not-advised)
- [Local Development](#local-development)
<!-- TOC -->
* [OAI Reverse Proxy](#oai-reverse-proxy)
* [Table of Contents](#table-of-contents)
* [What is this?](#what-is-this)
* [Features](#features)
* [Usage Instructions](#usage-instructions)
* [Personal Use (single-user)](#personal-use-single-user)
* [Updating](#updating)
* [Local Development](#local-development)
* [Self-hosting](#self-hosting)
* [Building](#building)
* [Forking](#forking)
<!-- TOC -->
## What is this?
This project allows you to run a reverse proxy server for various LLM APIs.
@@ -28,40 +33,40 @@ This project allows you to run a reverse proxy server for various LLM APIs.
- [x] Simple role-based permissions
- [x] Per-model token quotas
- [x] Temporary user accounts
- [x] Prompt and completion logging
- [x] Event audit logging
- [x] Optional full logging of prompts and completions
- [x] Abuse detection and prevention
---
- [x] IP address and user token model invocation rate limits
- [x] IP blacklists
- [x] Proof-of-work challenge for access by anonymous users
## Usage Instructions
If you'd like to run your own instance of this server, you'll need to deploy it somewhere and configure it with your API keys. A few easy options are provided below, though you can also deploy it to any other service you'd like if you know what you're doing and the service supports Node.js.
### Personal Use (single-user)
If you just want to run the proxy server to use yourself without hosting it for others:
1. Install [Node.js](https://nodejs.org/en/download/) >= 18.0.0
2. Clone this repository
3. Create a `.env` file in the root of the project and add your API keys. See the [.env.example](./.env.example) file for an example.
4. Install dependencies with `npm install`
5. Run `npm run build`
6. Run `npm start`
#### Updating
You must re-run `npm install` and `npm run build` whenever you pull new changes from the repository.
#### Local Development
Use `npm run start:dev` to run the proxy in development mode with watch mode enabled. Use `npm run type-check` to run the type checker across the project.
### Self-hosting
[See here for instructions on how to self-host the application on your own VPS or local machine.](./docs/self-hosting.md)
[See here for instructions on how to self-host the application on your own VPS or local machine and expose it to the internet for others to use.](./docs/self-hosting.md)
**Ensure you set the `TRUSTED_PROXIES` environment variable according to your deployment.** Refer to [.env.example](./.env.example) and [config.ts](./src/config.ts) for more information.
### Huggingface (outdated, not advised)
[See here for instructions on how to deploy to a Huggingface Space.](./docs/deploy-huggingface.md)
### Render (outdated, not advised)
[See here for instructions on how to deploy to Render.com.](./docs/deploy-render.md)
## Local Development
To run the proxy locally for development or testing, install Node.js >= 18.0.0 and follow the steps below.
1. Clone the repo
2. Install dependencies with `npm install`
3. Create a `.env` file in the root of the project and add your API keys. See the [.env.example](./.env.example) file for an example.
4. Start the server in development mode with `npm run start:dev`.
You can also use `npm run start:dev:tsc` to enable project-wide type checking at the cost of slower startup times. `npm run type-check` can be used to run type checking without starting the server.
## Building
To build the project, run `npm run build`. This will compile the TypeScript code to JavaScript and output it to the `build` directory.
To build the project, run `npm run build`. This will compile the TypeScript code to JavaScript and output it to the `build` directory. You should run this whenever you pull new changes from the repository.
Note that if you are trying to build the server on a very memory-constrained (<= 1GB) VPS, you may need to run the build with `NODE_OPTIONS=--max_old_space_size=2048 npm run build` to avoid running out of memory during the build process, assuming you have swap enabled. The application itself should run fine on a 512MB VPS for most reasonable traffic levels.
## Forking
If you are forking the repository on GitGud, you may wish to disable GitLab CI/CD or you will be spammed with emails about failed builds due not having any CI runners. You can do this by going to *Settings > General > Visibility, project features, permissions* and then disabling the "CI/CD" feature.
docker/render/Dockerfile
+1 -2
View File
@@ -17,9 +17,8 @@ ARG GREETING_URL
RUN if [ -n "$GREETING_URL" ]; then \
curl -sL "$GREETING_URL" > greeting.md; \
fi
COPY package*.json greeting.md* ./
RUN npm install
COPY . .
RUN npm install
RUN npm run build
RUN --mount=type=secret,id=_env,dst=/etc/secrets/.env cat /etc/secrets/.env >> .env
EXPOSE 10000
docs/deploy-render.md
+1 -1
View File
@@ -1,6 +1,6 @@
# Deploy to Render.com
**⚠️ This method is no longer recommended. Please use the [self-hosting instructions](./self-hosting.md) instead.**
**⚠️ This method is no longer supported or recommended and may not work. Please use the [self-hosting instructions](./self-hosting.md) instead.**
Render.com offers a free tier that includes 750 hours of compute time per month. This is enough to run a single proxy instance 24/7. Instances shut down after 15 minutes without traffic but start up again automatically when a request is received. You can use something like https://app.checklyhq.com/ to ping your proxy every 15 minutes to keep it alive.
package-lock.json
Generated
+951 -125
View File
File diff suppressed because it is too large Load Diff
package.json
+13 -8
View File
@@ -5,10 +5,11 @@
"scripts": {
"build": "tsc && copyfiles -u 1 src/**/*.ejs build",
"database:migrate": "ts-node scripts/migrate.ts",
"postinstall": "patch-package",
"prepare": "husky install",
"start": "node build/server.js",
"start": "node --trace-deprecation --trace-warnings build/server.js",
"start:dev": "nodemon --watch src --exec ts-node --transpile-only src/server.ts",
"start:replit": "tsc && node build/server.js",
"start:debug": "ts-node --inspect --transpile-only src/server.ts",
"start:watch": "nodemon --require source-map-support/register build/server.js",
"type-check": "tsc --noEmit"
},
@@ -36,24 +37,28 @@
"csrf-csrf": "^2.3.0",
"dotenv": "^16.3.1",
"ejs": "^3.1.10",
"express": "^4.18.2",
"express": "^4.19.3",
"express-session": "^1.17.3",
"firebase-admin": "^12.3.1",
"firebase-admin": "^12.5.0",
"glob": "^10.3.12",
"googleapis": "^122.0.0",
"http-proxy-middleware": "^3.0.0-beta.1",
"http-proxy": "1.18.1",
"http-proxy-middleware": "^3.0.2",
"ipaddr.js": "^2.1.0",
"memorystore": "^1.6.7",
"multer": "^1.4.5-lts.1",
"node-schedule": "^2.1.1",
"patch-package": "^8.0.0",
"pino": "^8.11.0",
"pino-http": "^8.3.3",
"proxy-agent": "^6.4.0",
"sanitize-html": "^2.13.0",
"sharp": "^0.32.6",
"showdown": "^2.1.0",
"source-map-support": "^0.5.21",
"stream-json": "^1.8.0",
"tiktoken": "^1.0.10",
"tinyws": "^0.1.0",
"uuid": "^9.0.0",
"zlib": "^1.0.5",
"zod": "^3.22.3",
@@ -84,8 +89,8 @@
"typescript": "^5.4.2"
},
"overrides": {
"braces": "^3.0.3",
"fast-xml-parser": "^4.4.1",
"follow-redirects": "^1.15.4"
"node-fetch@2.x": {
"whatwg-url": "14.x"
}
}
}
patches/README.md
+23
View File
@@ -0,0 +1,23 @@
# Patches
Contains monkey patches for certain packages, applied using `patch-package`.
## `http-proxy+1.18.1.patch`
Modifies the `http-proxy` package to work around an incompatibility with
body-parser and SOCKS5 proxies due to some esoteric stream handling behavior
when `socks-proxy-agent` is used instead of a generic http.Agent.
Modification involves adjusting the `buffer` property on ProxyServer's `options`
object to be a function that returns a stream instead of a stream itself. This
allows us to give it a function which produces a new Readable from the already-
parsed request body.
With the old implementation we would need to create an entirely new ProxyServer
instance for each request, which is not ideal under heavy load.
`http-proxy` hasn't been updated in six years so it's unlikely that this patch
will be broken by future updates, but it's stil pinned to 1.18.1 for now.
### See also
https://github.com/chimurai/http-proxy-middleware/issues/40
https://github.com/chimurai/http-proxy-middleware/issues/299
https://github.com/http-party/node-http-proxy/pull/1027
patches/http-proxy+1.18.1.patch
+13
View File
@@ -0,0 +1,13 @@
diff --git a/node_modules/http-proxy/lib/http-proxy/passes/web-incoming.js b/node_modules/http-proxy/lib/http-proxy/passes/web-incoming.js
index 7ae7355..c825c27 100644
--- a/node_modules/http-proxy/lib/http-proxy/passes/web-incoming.js
+++ b/node_modules/http-proxy/lib/http-proxy/passes/web-incoming.js
@@ -167,7 +167,7 @@ module.exports = {
}
}
- (options.buffer || req).pipe(proxyReq);
+ (options.buffer(req) || req).pipe(proxyReq);
proxyReq.on('response', function(proxyRes) {
if(server) { server.emit('proxyRes', proxyRes, req, res); }
public/js/hash-worker.js
+1 -2
View File
@@ -30,7 +30,6 @@ self.onmessage = async (event) => {
nonce = data.nonce;
const c = data.challenge;
// decode salt to Uint8Array
const salt = new Uint8Array(c.s.length / 2);
for (let i = 0; i < c.s.length; i += 2) {
salt[i / 2] = parseInt(c.s.slice(i, i + 2), 16);
@@ -99,7 +98,7 @@ const solve = async () => {
self.postMessage({ type: "solved", nonce: solution.nonce });
active = false;
} else {
if (Date.now() - lastNotify > 1000) {
if (Date.now() - lastNotify >= 500) {
console.log("Last nonce", nonce, "Hashes", hashesSinceLastNotify);
self.postMessage({ type: "progress", hashes: hashesSinceLastNotify });
lastNotify = Date.now();
scripts/test-queue.js
+53
View File
@@ -0,0 +1,53 @@
const axios = require("axios");
function randomInteger(max) {
return Math.floor(Math.random() * max + 1);
}
async function testQueue() {
const requests = Array(10).fill(undefined).map(async function() {
const maxTokens = randomInteger(2000);
const headers = {
"Authorization": "Bearer test",
"Content-Type": "application/json",
"X-Forwarded-For": `${randomInteger(255)}.${randomInteger(255)}.${randomInteger(255)}.${randomInteger(255)}`,
};
const payload = {
model: "gpt-4o-mini-2024-07-18",
max_tokens: 20 + maxTokens,
stream: false,
messages: [{role: "user", content: "You are being benchmarked regarding your reliability at outputting exact, machine-comprehensible data. Output the sentence \"The quick brown fox jumps over the lazy dog.\" Do not precede it with quotemarks or any form of preamble, and do not output anything after the sentence."}],
temperature: 0,
};
try {
const response = await axios.post(
"http://localhost:7860/proxy/openai/v1/chat/completions",
payload,
{ headers }
);
if (response.status !== 200) {
console.error(`Request {$maxTokens} finished with status code ${response.status} and response`, response.data);
return;
}
const content = response.data.choices[0].message.content;
console.log(
`Request ${maxTokens} `,
content === "The quick brown fox jumps over the lazy dog." ? "OK" : `mangled: ${content}`
);
} catch (error) {
const msg = error.response;
console.error(`Error in req ${maxTokens}:`, error.message, msg || "");
}
});
await Promise.all(requests);
console.log("All requests finished");
}
testQueue();
src/admin/web/manage.ts
+5 -3
View File
@@ -274,6 +274,7 @@ router.post("/maintenance", (req, res) => {
"aws",
"gcp",
"azure",
"google-ai"
];
checkable.forEach((s) => keyPool.recheck(s));
const keyCount = keyPool
@@ -344,10 +345,11 @@ router.post("/maintenance", (req, res) => {
case "setDifficulty": {
const selected = req.body["pow-difficulty"];
const valid = ["low", "medium", "high", "extreme"];
if (!selected || !valid.includes(selected)) {
throw new HttpError(400, "Invalid difficulty" + selected);
const isNumber = Number.isInteger(Number(selected));
if (!selected || !valid.includes(selected) && !isNumber) {
throw new HttpError(400, "Invalid difficulty " + selected);
}
config.powDifficultyLevel = selected;
config.powDifficultyLevel = isNumber ? Number(selected) : selected;
invalidatePowChallenges();
break;
}
src/admin/web/views/admin_anti-abuse.ejs
+29 -9
View File
@@ -38,15 +38,20 @@
<h3>Difficulty Level</h3>
<div>
<label for="difficulty">Difficulty Level:</label>
<span id="currentDifficulty">Current: <%= difficulty %></span>
<select name="difficulty" id="difficulty">
<select name="difficulty" id="difficulty" onchange="difficultyChanged(event)">
<option value="low">Low</option>
<option value="medium">Medium</option>
<option value="high">High</option>
<option value="extreme">Extreme</option>
<option value="custom">Custom</option>
</select>
<div id="custom-difficulty-container" style="display: none">
<label for="customDifficulty">Hashes required (average):</label>
<input type="number" id="customDifficulty" value="0" min="1" max="1000000000" />
</div>
<button onclick='doAction("setDifficulty")'>Update Difficulty</button>
</div>
<div><span id="currentDifficulty">Current Difficulty: <%= difficulty %></span></div>
<% } %>
<form id="maintenanceForm" action="/admin/manage/maintenance" method="post">
<input id="_csrf" type="hidden" name="_csrf" value="<%= csrfToken %>" />
@@ -63,15 +68,15 @@
<div>
<h2>IP Whitelists and Blacklists</h2>
<p>
You can specify IP ranges to whitelist or blacklist from accessing the proxy. Note that changes here are not
persisted across server restarts. If you want to make changes permanent, you can copy the values to your deployment
configuration.
</p>
<p>
Entries can be specified as single addresses or
You can specify IP ranges to whitelist or blacklist from accessing the proxy. Entries can be specified as single
addresses or
<a href="https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation">CIDR notation</a>. IPv6 is
supported but not recommended for use with the current version of the proxy.
</p>
<p>
<strong>Note:</strong> Changes here are not persisted across server restarts. If you want to make changes permanent,
you can copy the values to your deployment configuration.
</p>
<% for (let i = 0; i < whitelists.length; i++) { %>
<%- include("partials/admin-cidr-widget", { list: whitelists[i] }) %>
<% } %>
@@ -99,10 +104,25 @@
</div>
<script>
function difficultyChanged(event) {
const value = event.target.value;
if (value === "custom") {
document.getElementById("custom-difficulty-container").style.display = "block";
} else {
document.getElementById("custom-difficulty-container").style.display = "none";
}
}
function doAction(action) {
document.getElementById("hiddenAction").value = action;
if (action === "setDifficulty") {
document.getElementById("hiddenDifficulty").value = document.getElementById("difficulty").value;
const selected = document.getElementById("difficulty").value;
const hiddenDifficulty = document.getElementById("hiddenDifficulty");
if (selected === "custom") {
hiddenDifficulty.value = document.getElementById("customDifficulty").value;
} else {
hiddenDifficulty.value = selected;
}
}
document.getElementById("maintenanceForm").submit();
}
src/config.ts
+59 -30
View File
@@ -378,6 +378,43 @@ type Config = {
* Takes precedence over the adminWhitelist.
*/
ipBlacklist: string[];
/**
* If set, pushes requests further back into the queue according to their
* token costs by factor*tokens*milliseconds (or more intuitively
* factor*thousands_of_tokens*seconds).
* Accepts floats.
*/
tokensPunishmentFactor: number;
/**
* Configuration for HTTP requests made by the proxy to other servers, such
* as when checking keys or forwarding users' requests to external services.
* If not set, all requests will be made using the default agent.
*
* If set, the proxy may make requests to other servers using the specified
* settings. This is useful if you wish to route users' requests through
* another proxy or VPN, or if you have multiple network interfaces and want
* to use a specific one for outgoing requests.
*/
httpAgent?: {
/**
* The name of the network interface to use. The first external IPv4 address
* belonging to this interface will be used for outgoing requests.
*/
interface?: string;
/**
* The URL of a proxy server to use. Supports SOCKS4, SOCKS5, HTTP, and
* HTTPS. If not set, the proxy will be made using the default agent.
* - SOCKS4: `socks4://some-socks-proxy.com:9050`
* - SOCKS5: `socks5://username:password@some-socks-proxy.com:9050`
* - HTTP: `http://proxy-server-over-tcp.com:3128`
* - HTTPS: `https://proxy-server-over-tls.com:3129`
*
* **Note:** If your proxy server issues a certificate, you may need to set
* `NODE_EXTRA_CA_CERTS` to the path to your certificate, otherwise this
* application will reject TLS connections.
*/
proxyUrl?: string;
};
};
// To change configs, create a file called .env in the root directory.
@@ -483,6 +520,11 @@ export const config: Config = {
getEnvWithDefault("ADMIN_WHITELIST", "0.0.0.0/0,::/0")
),
ipBlacklist: parseCsv(getEnvWithDefault("IP_BLACKLIST", "")),
tokensPunishmentFactor: getEnvWithDefault("TOKENS_PUNISHMENT_FACTOR", 0.0),
httpAgent: {
interface: getEnvWithDefault("HTTP_AGENT_INTERFACE", undefined),
proxyUrl: getEnvWithDefault("HTTP_AGENT_PROXY_URL", undefined),
},
} as const;
function generateSigningKey() {
@@ -602,6 +644,16 @@ export async function assertConfigIsValid() {
);
}
if (Object.values(config.httpAgent || {}).filter(Boolean).length === 0) {
delete config.httpAgent;
} else if (config.httpAgent) {
if (config.httpAgent.interface && config.httpAgent.proxyUrl) {
throw new Error(
"Cannot set both `HTTP_AGENT_INTERFACE` and `HTTP_AGENT_PROXY_URL`."
);
}
}
// Ensure forks which add new secret-like config keys don't unwittingly expose
// them to users.
for (const key of getKeys(config)) {
@@ -615,15 +667,16 @@ export async function assertConfigIsValid() {
`Config key "${key}" may be sensitive but is exposed. Add it to SENSITIVE_KEYS or OMITTED_KEYS.`
);
}
await maybeInitializeFirebase();
}
/**
* Config keys that are masked on the info page, but not hidden as their
* presence may be relevant to the user due to privacy implications.
*/
export const SENSITIVE_KEYS: (keyof Config)[] = ["googleSheetsSpreadsheetId"];
export const SENSITIVE_KEYS: (keyof Config)[] = [
"googleSheetsSpreadsheetId",
"httpAgent",
];
/**
* Config keys that are not displayed on the info page at all, generally because
@@ -747,32 +800,6 @@ function getEnvWithDefault<T>(env: string | string[], defaultValue: T): T {
}
}
let firebaseApp: firebase.app.App | undefined;
async function maybeInitializeFirebase() {
if (!config.gatekeeperStore.startsWith("firebase")) {
return;
}
const firebase = await import("firebase-admin");
const firebaseKey = Buffer.from(config.firebaseKey!, "base64").toString();
const app = firebase.initializeApp({
credential: firebase.credential.cert(JSON.parse(firebaseKey)),
databaseURL: config.firebaseRtdbUrl,
});
await app.database().ref("connection-test").set(Date.now());
firebaseApp = app;
}
export function getFirebaseApp(): firebase.app.App {
if (!firebaseApp) {
throw new Error("Firebase app not initialized.");
}
return firebaseApp;
}
function parseCsv(val: string): string[] {
if (!val) return [];
@@ -782,5 +809,7 @@ function parseCsv(val: string): string[] {
}
function getDefaultModelFamilies(): ModelFamily[] {
return MODEL_FAMILIES.filter((f) => !f.includes("dall-e")) as ModelFamily[];
return MODEL_FAMILIES.filter(
(f) => !f.includes("dall-e") && !f.includes("o1")
) as ModelFamily[];
}
src/info-page.ts
+5 -1
View File
@@ -17,6 +17,8 @@ const MODEL_FAMILY_FRIENDLY_NAME: { [f in ModelFamily]: string } = {
"gpt4-32k": "GPT-4 32k",
"gpt4-turbo": "GPT-4 Turbo",
gpt4o: "GPT-4o",
o1: "OpenAI o1",
"o1-mini": "OpenAI o1 mini",
"dall-e": "DALL-E",
claude: "Claude (Sonnet)",
"claude-opus": "Claude (Opus)",
@@ -40,6 +42,8 @@ const MODEL_FAMILY_FRIENDLY_NAME: { [f in ModelFamily]: string } = {
"azure-gpt4-32k": "Azure GPT-4 32k",
"azure-gpt4-turbo": "Azure GPT-4 Turbo",
"azure-gpt4o": "Azure GPT-4o",
"azure-o1": "Azure o1",
"azure-o1-mini": "Azure o1 mini",
"azure-dall-e": "Azure DALL-E",
};
@@ -167,7 +171,7 @@ function getSelfServiceLinks() {
}
return `<div class="self-service-links">${links
.map(([text, link]) => `<a target="_blank" href="${link}">${text}</a>`)
.map(([text, link]) => `<a href="${link}">${text}</a>`)
.join(" | ")}</div>`;
}
src/proxy/anthropic.ts
+36 -55
View File
@@ -1,22 +1,14 @@
import { Request, Response, RequestHandler, Router } from "express";
import { createProxyMiddleware } from "http-proxy-middleware";
import { Request, RequestHandler, Router } from "express";
import { config } from "../config";
import { logger } from "../logger";
import { createQueueMiddleware } from "./queue";
import { ipLimiter } from "./rate-limit";
import { handleProxyError } from "./middleware/common";
import {
addKey,
addAnthropicPreamble,
createPreprocessorMiddleware,
finalizeBody,
createOnProxyReqHandler,
} from "./middleware/request";
import {
ProxyResHandlerWithBody,
createOnProxyResHandler,
} from "./middleware/response";
import { sendErrorToClient } from "./middleware/response/error-generator";
import { ProxyResHandlerWithBody } from "./middleware/response";
import { createQueuedProxyMiddleware } from "./middleware/request/proxy-middleware-factory";
import { ProxyReqManager } from "./middleware/request/proxy-req-manager";
let modelsCache: any = null;
let modelsCacheTime = 0;
@@ -44,9 +36,13 @@ const getModelsResponse = () => {
"claude-2.0",
"claude-2.1",
"claude-3-haiku-20240307",
"claude-3-5-haiku-20241022",
"claude-3-opus-20240229",
"claude-3-opus-latest",
"claude-3-sonnet-20240229",
"claude-3-5-sonnet-20240620",
"claude-3-5-sonnet-20241022",
"claude-3-5-sonnet-latest",
];
const models = claudeVariants.map((id) => ({
@@ -69,7 +65,6 @@ const handleModelRequest: RequestHandler = (_req, res) => {
res.status(200).json(getModelsResponse());
};
/** Only used for non-streaming requests. */
const anthropicBlockingResponseHandler: ProxyResHandlerWithBody = async (
_proxyRes,
req,
@@ -123,13 +118,7 @@ export function transformAnthropicChatResponseToAnthropicText(
};
}
/**
* Transforms a model response from the Anthropic API to match those from the
* OpenAI API, for users using Claude via the OpenAI-compatible endpoint. This
* is only used for non-streaming requests as streaming requests are handled
* on-the-fly.
*/
export function transformAnthropicTextResponseToOpenAI(
function transformAnthropicTextResponseToOpenAI(
anthropicBody: Record<string, any>,
req: Request
): Record<string, any> {
@@ -181,12 +170,12 @@ export function transformAnthropicChatResponseToOpenAI(
/**
* If a client using the OpenAI compatibility endpoint requests an actual OpenAI
* model, reassigns it to Claude 3 Sonnet.
* model, reassigns it to Sonnet.
*/
function maybeReassignModel(req: Request) {
const model = req.body.model;
if (!model.startsWith("gpt-")) return;
req.body.model = "claude-3-sonnet-20240229";
if (model.includes("claude")) return; // use whatever model the user requested
req.body.model = "claude-3-5-sonnet-latest";
}
/**
@@ -201,38 +190,30 @@ function setAnthropicBetaHeader(req: Request) {
}
}
const anthropicProxy = createQueueMiddleware({
proxyMiddleware: createProxyMiddleware({
target: "https://api.anthropic.com",
changeOrigin: true,
selfHandleResponse: true,
logger,
on: {
proxyReq: createOnProxyReqHandler({
pipeline: [addKey, addAnthropicPreamble, finalizeBody],
}),
proxyRes: createOnProxyResHandler([anthropicBlockingResponseHandler]),
error: handleProxyError,
},
// Abusing pathFilter to rewrite the paths dynamically.
pathFilter: (pathname, req) => {
const isText = req.outboundApi === "anthropic-text";
const isChat = req.outboundApi === "anthropic-chat";
if (isChat && pathname === "/v1/complete") {
req.url = "/v1/messages";
}
if (isText && pathname === "/v1/chat/completions") {
req.url = "/v1/complete";
}
if (isChat && pathname === "/v1/chat/completions") {
req.url = "/v1/messages";
}
if (isChat && ["sonnet", "opus"].includes(req.params.type)) {
req.url = "/v1/messages";
}
return true;
},
}),
function selectUpstreamPath(manager: ProxyReqManager) {
const req = manager.request;
const pathname = req.url.split("?")[0];
req.log.debug({ pathname }, "Anthropic path filter");
const isText = req.outboundApi === "anthropic-text";
const isChat = req.outboundApi === "anthropic-chat";
if (isChat && pathname === "/v1/complete") {
manager.setPath("/v1/messages");
}
if (isText && pathname === "/v1/chat/completions") {
manager.setPath("/v1/complete");
}
if (isChat && pathname === "/v1/chat/completions") {
manager.setPath("/v1/messages");
}
if (isChat && ["sonnet", "opus"].includes(req.params.type)) {
manager.setPath("/v1/messages");
}
}
const anthropicProxy = createQueuedProxyMiddleware({
target: "https://api.anthropic.com",
mutations: [selectUpstreamPath, addKey, finalizeBody],
blockingResponseHandler: anthropicBlockingResponseHandler,
});
const nativeAnthropicChatPreprocessor = createPreprocessorMiddleware(
src/proxy/aws-claude.ts
+63 -59
View File
@@ -1,27 +1,19 @@
import { Request, RequestHandler, Router } from "express";
import { createProxyMiddleware } from "http-proxy-middleware";
import { v4 } from "uuid";
import { logger } from "../logger";
import { createQueueMiddleware } from "./queue";
import { ipLimiter } from "./rate-limit";
import { handleProxyError } from "./middleware/common";
import {
createPreprocessorMiddleware,
signAwsRequest,
finalizeSignedRequest,
createOnProxyReqHandler,
} from "./middleware/request";
import {
ProxyResHandlerWithBody,
createOnProxyResHandler,
} from "./middleware/response";
import {
transformAnthropicChatResponseToAnthropicText,
transformAnthropicChatResponseToOpenAI,
} from "./anthropic";
import { ipLimiter } from "./rate-limit";
import {
createPreprocessorMiddleware,
finalizeSignedRequest,
signAwsRequest,
} from "./middleware/request";
import { ProxyResHandlerWithBody } from "./middleware/response";
import { createQueuedProxyMiddleware } from "./middleware/request/proxy-middleware-factory";
/** Only used for non-streaming requests. */
const awsResponseHandler: ProxyResHandlerWithBody = async (
const awsBlockingResponseHandler: ProxyResHandlerWithBody = async (
_proxyRes,
req,
res,
@@ -55,12 +47,6 @@ const awsResponseHandler: ProxyResHandlerWithBody = async (
res.status(200).json({ ...newBody, proxy: body.proxy });
};
/**
* Transforms a model response from the Anthropic API to match those from the
* OpenAI API, for users using Claude via the OpenAI-compatible endpoint. This
* is only used for non-streaming requests as streaming requests are handled
* on-the-fly.
*/
function transformAwsTextResponseToOpenAI(
awsBody: Record<string, any>,
req: Request
@@ -89,23 +75,13 @@ function transformAwsTextResponseToOpenAI(
};
}
const awsClaudeProxy = createQueueMiddleware({
beforeProxy: signAwsRequest,
proxyMiddleware: createProxyMiddleware({
target: "bad-target-will-be-rewritten",
router: ({ signedRequest }) => {
if (!signedRequest) throw new Error("Must sign request before proxying");
return `${signedRequest.protocol}//${signedRequest.hostname}`;
},
changeOrigin: true,
selfHandleResponse: true,
logger,
on: {
proxyReq: createOnProxyReqHandler({ pipeline: [finalizeSignedRequest] }),
proxyRes: createOnProxyResHandler([awsResponseHandler]),
error: handleProxyError,
},
}),
const awsClaudeProxy = createQueuedProxyMiddleware({
target: ({ signedRequest }) => {
if (!signedRequest) throw new Error("Must sign request before proxying");
return `${signedRequest.protocol}//${signedRequest.hostname}`;
},
mutations: [signAwsRequest, finalizeSignedRequest],
blockingResponseHandler: awsBlockingResponseHandler,
});
const nativeTextPreprocessor = createPreprocessorMiddleware(
@@ -201,19 +177,17 @@ function maybeReassignModel(req: Request) {
// Anthropic model names can look like:
// - claude-v1
// - claude-2.1
// - claude-3-5-sonnet-20240620-v1:0
// - claude-3-5-sonnet-20240620
// - claude-3-opus-latest
const pattern =
/^(claude-)?(instant-)?(v)?(\d+)([.-](\d))?(-\d+k)?(-sonnet-|-opus-|-haiku-)?(\d*)/i;
/^(claude-)?(instant-)?(v)?(\d+)([.-](\d))?(-\d+k)?(-sonnet-|-opus-|-haiku-)?(latest|\d*)/i;
const match = model.match(pattern);
// If there's no match, fallback to Claude v2 as it is most likely to be
// available on AWS.
if (!match) {
req.body.model = `anthropic.claude-v2:1`;
return;
throw new Error(`Provided model name (${model}) doesn't resemble a Claude model ID.`);
}
const [_, _cl, instant, _v, major, _sep, minor, _ctx, name, _rev] = match;
const [_, _cl, instant, _v, major, _sep, minor, _ctx, rawName, rev] = match;
if (instant) {
req.body.model = "anthropic.claude-instant-v1";
@@ -221,6 +195,8 @@ function maybeReassignModel(req: Request) {
}
const ver = minor ? `${major}.${minor}` : major;
const name = rawName?.match(/([a-z]+)/)?.[1] || "";
switch (ver) {
case "1":
case "1.0":
@@ -230,24 +206,52 @@ function maybeReassignModel(req: Request) {
case "2.0":
req.body.model = "anthropic.claude-v2";
return;
case "2.1":
req.body.model = "anthropic.claude-v2:1";
return;
case "3":
case "3.0":
if (name.includes("opus")) {
req.body.model = "anthropic.claude-3-opus-20240229-v1:0";
} else if (name.includes("haiku")) {
req.body.model = "anthropic.claude-3-haiku-20240307-v1:0";
} else {
req.body.model = "anthropic.claude-3-sonnet-20240229-v1:0";
// there is only one snapshot for all Claude 3 models so there is no need
// to check the revision
switch (name) {
case "sonnet":
req.body.model = "anthropic.claude-3-sonnet-20240229-v1:0";
return;
case "haiku":
req.body.model = "anthropic.claude-3-haiku-20240307-v1:0";
return;
case "opus":
req.body.model = "anthropic.claude-3-opus-20240229-v1:0";
return;
}
return;
break;
case "3.5":
req.body.model = "anthropic.claude-3-5-sonnet-20240620-v1:0";
return;
switch (name) {
case "sonnet":
switch (rev) {
case "20241022":
case "latest":
req.body.model = "anthropic.claude-3-5-sonnet-20241022-v2:0";
return;
case "20240620":
req.body.model = "anthropic.claude-3-5-sonnet-20240620-v1:0";
return;
}
break;
case "haiku":
switch (rev) {
case "20241022":
case "latest":
req.body.model = "anthropic.claude-3-5-haiku-20241022-v1:0";
return;
}
case "opus":
// Add after model id is announced never
break;
}
}
// Fallback to Claude 2.1
req.body.model = `anthropic.claude-v2:1`;
return;
throw new Error(`Provided model name (${model}) could not be mapped to a known AWS Claude model ID.`);
}
export const awsClaude = awsClaudeRouter;
src/proxy/aws-mistral.ts
+14 -29
View File
@@ -1,21 +1,16 @@
import { Request } from "express";
import { Request, Router } from "express";
import {
createOnProxyResHandler,
ProxyResHandlerWithBody,
} from "./middleware/response";
import { createQueueMiddleware } from "./queue";
detectMistralInputApi,
transformMistralTextToMistralChat,
} from "./mistral-ai";
import { ipLimiter } from "./rate-limit";
import { ProxyResHandlerWithBody } from "./middleware/response";
import {
createOnProxyReqHandler,
createPreprocessorMiddleware,
finalizeSignedRequest,
signAwsRequest,
} from "./middleware/request";
import { createProxyMiddleware } from "http-proxy-middleware";
import { logger } from "../logger";
import { handleProxyError } from "./middleware/common";
import { Router } from "express";
import { ipLimiter } from "./rate-limit";
import { detectMistralInputApi, transformMistralTextToMistralChat } from "./mistral-ai";
import { createQueuedProxyMiddleware } from "./middleware/request/proxy-middleware-factory";
const awsMistralBlockingResponseHandler: ProxyResHandlerWithBody = async (
_proxyRes,
@@ -39,23 +34,13 @@ const awsMistralBlockingResponseHandler: ProxyResHandlerWithBody = async (
res.status(200).json({ ...newBody, proxy: body.proxy });
};
const awsMistralProxy = createQueueMiddleware({
beforeProxy: signAwsRequest,
proxyMiddleware: createProxyMiddleware({
target: "bad-target-will-be-rewritten",
router: ({ signedRequest }) => {
if (!signedRequest) throw new Error("Must sign request before proxying");
return `${signedRequest.protocol}//${signedRequest.hostname}`;
},
changeOrigin: true,
selfHandleResponse: true,
logger,
on: {
proxyReq: createOnProxyReqHandler({ pipeline: [finalizeSignedRequest] }),
proxyRes: createOnProxyResHandler([awsMistralBlockingResponseHandler]),
error: handleProxyError,
},
}),
const awsMistralProxy = createQueuedProxyMiddleware({
target: ({ signedRequest }) => {
if (!signedRequest) throw new Error("Must sign request before proxying");
return `${signedRequest.protocol}//${signedRequest.hostname}`;
},
mutations: [signAwsRequest,finalizeSignedRequest],
blockingResponseHandler: awsMistralBlockingResponseHandler,
});
function maybeReassignModel(req: Request) {
src/proxy/aws.ts
+2
View File
@@ -40,8 +40,10 @@ function handleModelsRequest(req: Request, res: Response) {
"anthropic.claude-v2",
"anthropic.claude-v2:1",
"anthropic.claude-3-haiku-20240307-v1:0",
"anthropic.claude-3-5-haiku-20241022-v1:0",
"anthropic.claude-3-sonnet-20240229-v1:0",
"anthropic.claude-3-5-sonnet-20240620-v1:0",
"anthropic.claude-3-5-sonnet-20241022-v2:0",
"anthropic.claude-3-opus-20240229-v1:0",
"mistral.mistral-7b-instruct-v0:2",
"mistral.mixtral-8x7b-instruct-v0:1",
src/proxy/azure.ts
+23 -75
View File
@@ -1,73 +1,30 @@
import { RequestHandler, Router } from "express";
import { createProxyMiddleware } from "http-proxy-middleware";
import { config } from "../config";
import { keyPool } from "../shared/key-management";
import {
AzureOpenAIModelFamily,
getAzureOpenAIModelFamily,
ModelFamily,
} from "../shared/models";
import { logger } from "../logger";
import { KNOWN_OPENAI_MODELS } from "./openai";
import { createQueueMiddleware } from "./queue";
import { generateModelList } from "./openai";
import { ipLimiter } from "./rate-limit";
import { handleProxyError } from "./middleware/common";
import {
addAzureKey,
createOnProxyReqHandler,
createPreprocessorMiddleware,
finalizeSignedRequest,
} from "./middleware/request";
import {
createOnProxyResHandler,
ProxyResHandlerWithBody,
} from "./middleware/response";
import { ProxyResHandlerWithBody } from "./middleware/response";
import { createQueuedProxyMiddleware } from "./middleware/request/proxy-middleware-factory";
let modelsCache: any = null;
let modelsCacheTime = 0;
function getModelsResponse() {
if (new Date().getTime() - modelsCacheTime < 1000 * 60) {
return modelsCache;
}
let available = new Set<AzureOpenAIModelFamily>();
for (const key of keyPool.list()) {
if (key.isDisabled || key.service !== "azure") continue;
key.modelFamilies.forEach((family) =>
available.add(family as AzureOpenAIModelFamily)
);
}
const allowed = new Set<ModelFamily>(config.allowedModelFamilies);
available = new Set([...available].filter((x) => allowed.has(x)));
const models = KNOWN_OPENAI_MODELS.map((id) => ({
id,
object: "model",
created: new Date().getTime(),
owned_by: "azure",
permission: [
{
id: "modelperm-" + id,
object: "model_permission",
created: new Date().getTime(),
organization: "*",
group: null,
is_blocking: false,
},
],
root: id,
parent: null,
})).filter((model) => available.has(getAzureOpenAIModelFamily(model.id)));
modelsCache = { object: "list", data: models };
modelsCacheTime = new Date().getTime();
return modelsCache;
}
const handleModelRequest: RequestHandler = (_req, res) => {
res.status(200).json(getModelsResponse());
if (new Date().getTime() - modelsCacheTime < 1000 * 60) {
return res.status(200).json(modelsCache);
}
if (!config.azureCredentials) return { object: "list", data: [] };
const result = generateModelList("azure");
modelsCache = { object: "list", data: result };
modelsCacheTime = new Date().getTime();
res.status(200).json(modelsCache);
};
const azureOpenaiResponseHandler: ProxyResHandlerWithBody = async (
@@ -83,26 +40,17 @@ const azureOpenaiResponseHandler: ProxyResHandlerWithBody = async (
res.status(200).json({ ...body, proxy: body.proxy });
};
const azureOpenAIProxy = createQueueMiddleware({
beforeProxy: addAzureKey,
proxyMiddleware: createProxyMiddleware({
target: "will be set by router",
router: (req) => {
if (!req.signedRequest) throw new Error("signedRequest not set");
const { hostname, path } = req.signedRequest;
return `https://${hostname}${path}`;
},
changeOrigin: true,
selfHandleResponse: true,
logger,
on: {
proxyReq: createOnProxyReqHandler({ pipeline: [finalizeSignedRequest] }),
proxyRes: createOnProxyResHandler([azureOpenaiResponseHandler]),
error: handleProxyError,
},
}),
const azureOpenAIProxy = createQueuedProxyMiddleware({
target: ({ signedRequest }) => {
if (!signedRequest) throw new Error("Must sign request before proxying");
const { hostname, protocol } = signedRequest;
return `${protocol}//${hostname}`;
},
mutations: [addAzureKey, finalizeSignedRequest],
blockingResponseHandler: azureOpenaiResponseHandler,
});
const azureOpenAIRouter = Router();
azureOpenAIRouter.get("/v1/models", handleModelRequest);
azureOpenAIRouter.post(
src/proxy/gcp.ts
+39 -36
View File
@@ -1,21 +1,15 @@
import { Request, RequestHandler, Router } from "express";
import { createProxyMiddleware } from "http-proxy-middleware";
import { config } from "../config";
import { logger } from "../logger";
import { createQueueMiddleware } from "./queue";
import { transformAnthropicChatResponseToOpenAI } from "./anthropic";
import { ipLimiter } from "./rate-limit";
import { handleProxyError } from "./middleware/common";
import {
createPreprocessorMiddleware,
signGcpRequest,
finalizeSignedRequest,
createOnProxyReqHandler,
signGcpRequest,
} from "./middleware/request";
import {
ProxyResHandlerWithBody,
createOnProxyResHandler,
} from "./middleware/response";
import { transformAnthropicChatResponseToOpenAI } from "./anthropic";
import { ProxyResHandlerWithBody } from "./middleware/response";
import { createQueuedProxyMiddleware } from "./middleware/request/proxy-middleware-factory";
const LATEST_GCP_SONNET_MINOR_VERSION = "20240229";
let modelsCache: any = null;
@@ -31,9 +25,11 @@ const getModelsResponse = () => {
// https://docs.anthropic.com/en/docs/about-claude/models
const variants = [
"claude-3-haiku@20240307",
"claude-3-5-haiku@20241022",
"claude-3-sonnet@20240229",
"claude-3-opus@20240229",
"claude-3-5-sonnet@20240620",
"claude-3-5-sonnet-v2@20241022",
"claude-3-opus@20240229",
];
const models = variants.map((id) => ({
@@ -56,8 +52,7 @@ const handleModelRequest: RequestHandler = (_req, res) => {
res.status(200).json(getModelsResponse());
};
/** Only used for non-streaming requests. */
const gcpResponseHandler: ProxyResHandlerWithBody = async (
const gcpBlockingResponseHandler: ProxyResHandlerWithBody = async (
_proxyRes,
req,
res,
@@ -78,23 +73,13 @@ const gcpResponseHandler: ProxyResHandlerWithBody = async (
res.status(200).json({ ...newBody, proxy: body.proxy });
};
const gcpProxy = createQueueMiddleware({
beforeProxy: signGcpRequest,
proxyMiddleware: createProxyMiddleware({
target: "bad-target-will-be-rewritten",
router: ({ signedRequest }) => {
if (!signedRequest) throw new Error("Must sign request before proxying");
return `${signedRequest.protocol}//${signedRequest.hostname}`;
},
changeOrigin: true,
selfHandleResponse: true,
logger,
on: {
proxyReq: createOnProxyReqHandler({ pipeline: [finalizeSignedRequest] }),
proxyRes: createOnProxyResHandler([gcpResponseHandler]),
error: handleProxyError,
},
}),
const gcpProxy = createQueuedProxyMiddleware({
target: ({ signedRequest }) => {
if (!signedRequest) throw new Error("Must sign request before proxying");
return `${signedRequest.protocol}//${signedRequest.hostname}`;
},
mutations: [signGcpRequest, finalizeSignedRequest],
blockingResponseHandler: gcpBlockingResponseHandler,
});
const oaiToChatPreprocessor = createPreprocessorMiddleware(
@@ -138,7 +123,7 @@ gcpRouter.post(
* - frontends sending Anthropic model names that GCP doesn't recognize
* - frontends sending OpenAI model names because they expect the proxy to
* translate them
*
*
* If client sends GCP model ID it will be used verbatim. Otherwise, various
* strategies are used to try to map a non-GCP model name to GCP model ID.
*/
@@ -166,8 +151,9 @@ function maybeReassignModel(req: Request) {
return;
}
const [_, _cl, instant, _v, major, _sep, minor, _ctx, name, _rev] = match;
const [_, _cl, instant, _v, major, _sep, minor, _ctx, name, rev] = match;
// TODO: rework this to function similarly to aws-claude.ts maybeReassignModel
const ver = minor ? `${major}.${minor}` : major;
switch (ver) {
case "3":
@@ -181,8 +167,25 @@ function maybeReassignModel(req: Request) {
}
return;
case "3.5":
req.body.model = "claude-3-5-sonnet@20240620";
return;
switch (name) {
case "sonnet":
switch (rev) {
case "20241022":
case "latest":
req.body.model = "claude-3-5-sonnet-v2@20241022";
return;
case "20240620":
req.body.model = "claude-3-5-sonnet@20240620";
return;
}
break;
case "haiku":
req.body.model = "claude-3-5-haiku@20241022";
return;
case "opus":
// Add after model ids are announced late 2024
break;
}
}
// Fallback to Claude3 Sonnet
src/proxy/google-ai.ts
+17 -48
View File
@@ -1,22 +1,15 @@
import { Request, RequestHandler, Router } from "express";
import { createProxyMiddleware } from "http-proxy-middleware";
import { v4 } from "uuid";
import { GoogleAIKey, keyPool } from "../shared/key-management";
import { config } from "../config";
import { logger } from "../logger";
import { createQueueMiddleware } from "./queue";
import { ipLimiter } from "./rate-limit";
import { handleProxyError } from "./middleware/common";
import {
createOnProxyReqHandler,
createPreprocessorMiddleware,
finalizeSignedRequest,
} from "./middleware/request";
import {
createOnProxyResHandler,
ProxyResHandlerWithBody,
} from "./middleware/response";
import { addGoogleAIKey } from "./middleware/request/preprocessors/add-google-ai-key";
import { GoogleAIKey, keyPool } from "../shared/key-management";
import { ProxyResHandlerWithBody } from "./middleware/response";
import { addGoogleAIKey } from "./middleware/request/mutators/add-google-ai-key";
import { createQueuedProxyMiddleware } from "./middleware/request/proxy-middleware-factory";
let modelsCache: any = null;
let modelsCacheTime = 0;
@@ -63,8 +56,7 @@ const handleModelRequest: RequestHandler = (_req, res) => {
res.status(200).json(getModelsResponse());
};
/** Only used for non-streaming requests. */
const googleAIResponseHandler: ProxyResHandlerWithBody = async (
const googleAIBlockingResponseHandler: ProxyResHandlerWithBody = async (
_proxyRes,
req,
res,
@@ -110,33 +102,14 @@ function transformGoogleAIResponse(
};
}
const googleAIProxy = createQueueMiddleware({
beforeProxy: addGoogleAIKey,
proxyMiddleware: createProxyMiddleware({
target: "bad-target-will-be-rewritten",
router: ({ signedRequest }) => {
const { protocol, hostname, path } = signedRequest;
return `${protocol}//${hostname}${path}`;
},
changeOrigin: true,
selfHandleResponse: true,
// Prevent logging of the API key by HPM
logger: logger.child(
{},
{
redact: {
paths: ["*"],
censor: (v) =>
typeof v === "string" ? v.replace(/key=\S+/g, "key=xxxxxxx") : v,
},
}
),
on: {
proxyReq: createOnProxyReqHandler({ pipeline: [finalizeSignedRequest] }),
proxyRes: createOnProxyResHandler([googleAIResponseHandler]),
error: handleProxyError,
},
}),
const googleAIProxy = createQueuedProxyMiddleware({
target: ({ signedRequest }) => {
if (!signedRequest) throw new Error("Must sign request before proxying");
const { protocol, hostname} = signedRequest;
return `${protocol}//${hostname}`;
},
mutations: [addGoogleAIKey, finalizeSignedRequest],
blockingResponseHandler: googleAIBlockingResponseHandler,
});
const googleAIRouter = Router();
@@ -147,11 +120,7 @@ googleAIRouter.post(
"/v1beta/models/:modelId:(generateContent|streamGenerateContent)",
ipLimiter,
createPreprocessorMiddleware(
{
inApi: "google-ai",
outApi: "google-ai",
service: "google-ai",
},
{ inApi: "google-ai", outApi: "google-ai", service: "google-ai" },
{ beforeTransform: [maybeReassignModel], afterTransform: [setStreamFlag] }
),
googleAIProxy
@@ -180,7 +149,7 @@ function setStreamFlag(req: Request) {
}
/**
* Replaces requests for non-Google AI models with gemini-pro-1.5-latest.
* Replaces requests for non-Google AI models with gemini-1.5-pro-latest.
* Also strips models/ from the beginning of the model IDs.
**/
function maybeReassignModel(req: Request) {
@@ -200,8 +169,8 @@ function maybeReassignModel(req: Request) {
return;
}
req.log.info({ requested }, "Reassigning model to gemini-pro-1.5-latest");
req.body.model = "gemini-pro-1.5-latest";
req.log.info({ requested }, "Reassigning model to gemini-1.5-pro-latest");
req.body.model = "gemini-1.5-pro-latest";
}
export const googleAI = googleAIRouter;
src/proxy/middleware/common.ts
+23 -8
View File
@@ -1,6 +1,6 @@
import { Request, Response } from "express";
import http from "http";
import httpProxy from "http-proxy";
import { Socket } from "net";
import { ZodError } from "zod";
import { generateErrorMessage } from "zod-error";
import { HttpError } from "../../shared/errors";
@@ -72,16 +72,23 @@ export function sendProxyError(
});
}
export const handleProxyError: httpProxy.ErrorCallback = (err, req, res) => {
req.log.error(err, `Error during http-proxy-middleware request`);
classifyErrorAndSend(err, req as Request, res as Response);
};
/**
* Handles errors thrown during preparation of a proxy request (before it is
* sent to the upstream API), typically due to validation, quota, or other
* pre-flight checks. Depending on the error class, this function will send an
* appropriate error response to the client, streaming it if necessary.
*/
export const classifyErrorAndSend = (
err: Error,
req: Request,
res: Response
res: Response | Socket
) => {
if (res instanceof Socket) {
// We should always have an Express response object here, but http-proxy's
// ErrorCallback type says it could be just a Socket.
req.log.error(err, "Caught error while proxying request to target but cannot send error response to client.");
return res.destroy();
}
try {
const { statusCode, statusMessage, userMessage, ...errorDetails } =
classifyError(err);
@@ -257,7 +264,15 @@ export function getCompletionFromBody(req: Request, body: Record<string, any>) {
if ("choices" in body) {
return body.choices[0].message.content;
}
return body.candidates[0].content.parts[0].text;
const text = body.candidates[0].content?.parts?.[0]?.text;
if (!text) {
req.log.warn(
{ body: JSON.stringify(body) },
"Received empty Google AI text completion"
);
return "";
}
return text;
case "openai-image":
return body.data?.map((item: any) => item.url).join("\n");
default:
src/proxy/middleware/request/index.ts
+26 -35
View File
@@ -1,44 +1,38 @@
import type { Request } from "express";
import type { ClientRequest } from "http";
import type { ProxyReqCallback } from "http-proxy";
export { createOnProxyReqHandler } from "./onproxyreq-factory";
import { ProxyReqManager } from "./proxy-req-manager";
export {
createPreprocessorMiddleware,
createEmbeddingsPreprocessorMiddleware,
} from "./preprocessor-factory";
// Express middleware (runs before http-proxy-middleware, can be async)
export { addAzureKey } from "./preprocessors/add-azure-key";
// Preprocessors (runs before request is queued, usually body transformation/validation)
export { applyQuotaLimits } from "./preprocessors/apply-quota-limits";
export { blockZoomerOrigins } from "./preprocessors/block-zoomer-origins";
export { countPromptTokens } from "./preprocessors/count-prompt-tokens";
export { languageFilter } from "./preprocessors/language-filter";
export { setApiFormat } from "./preprocessors/set-api-format";
export { signAwsRequest } from "./preprocessors/sign-aws-request";
export { signGcpRequest } from "./preprocessors/sign-vertex-ai-request";
export { transformOutboundPayload } from "./preprocessors/transform-outbound-payload";
export { validateContextSize } from "./preprocessors/validate-context-size";
export { validateModelFamily } from "./preprocessors/validate-model-family";
export { validateVision } from "./preprocessors/validate-vision";
// http-proxy-middleware callbacks (runs on onProxyReq, cannot be async)
export { addAnthropicPreamble } from "./onproxyreq/add-anthropic-preamble";
export { addKey, addKeyForEmbeddingsRequest } from "./onproxyreq/add-key";
export { blockZoomerOrigins } from "./onproxyreq/block-zoomer-origins";
export { checkModelFamily } from "./onproxyreq/check-model-family";
export { finalizeBody } from "./onproxyreq/finalize-body";
export { finalizeSignedRequest } from "./onproxyreq/finalize-signed-request";
export { stripHeaders } from "./onproxyreq/strip-headers";
// Proxy request mutators (runs every time request is dequeued, before proxying, usually for auth/signing)
export { addKey, addKeyForEmbeddingsRequest } from "./mutators/add-key";
export { addAzureKey } from "./mutators/add-azure-key";
export { finalizeBody } from "./mutators/finalize-body";
export { finalizeSignedRequest } from "./mutators/finalize-signed-request";
export { signAwsRequest } from "./mutators/sign-aws-request";
export { signGcpRequest } from "./mutators/sign-vertex-ai-request";
export { stripHeaders } from "./mutators/strip-headers";
/**
* Middleware that runs prior to the request being handled by http-proxy-
* middleware.
* Middleware that runs prior to the request being queued or handled by
* http-proxy-middleware. You will not have access to the proxied
* request/response objects since they have not yet been sent to the API.
*
* Async functions can be used here, but you will not have access to the proxied
* request/response objects, nor the data set by ProxyRequestMiddleware
* functions as they have not yet been run.
*
* User will have been authenticated by the time this middleware runs, but your
* request won't have been assigned an API key yet.
* User will have been authenticated by the proxy's gatekeeper, but the request
* won't have been assigned an upstream API key yet.
*
* Note that these functions only run once ever per request, even if the request
* is automatically retried by the request queue middleware.
@@ -46,17 +40,14 @@ export { stripHeaders } from "./onproxyreq/strip-headers";
export type RequestPreprocessor = (req: Request) => void | Promise<void>;
/**
* Callbacks that run immediately before the request is sent to the API in
* response to http-proxy-middleware's `proxyReq` event.
* Middleware that runs immediately before the request is proxied to the
* upstream API, after dequeueing the request from the request queue.
*
* Async functions cannot be used here as HPM's event emitter is not async and
* will not wait for the promise to resolve before sending the request.
*
* Note that these functions may be run multiple times per request if the
* first attempt is rate limited and the request is automatically retried by the
* request queue middleware.
* Because these middleware may be run multiple times per request if a retryable
* error occurs and the request put back in the queue, they must be idempotent.
* A change manager is provided to allow the middleware to make changes to the
* request which can be automatically reverted.
*/
export type HPMRequestCallback = ProxyReqCallback<ClientRequest, Request>;
export const forceModel = (model: string) => (req: Request) =>
void (req.body.model = model);
export type ProxyReqMutator = (
changeManager: ProxyReqManager
) => void | Promise<void>;
src/proxy/middleware/request/preprocessors/add-azure-key.ts → src/proxy/middleware/request/mutators/add-azure-key.ts
+13 -7
View File
@@ -3,14 +3,16 @@ import {
AzureOpenAIKey,
keyPool,
} from "../../../../shared/key-management";
import { RequestPreprocessor } from "../index";
import { ProxyReqMutator } from "../index";
export const addAzureKey: RequestPreprocessor = (req) => {
export const addAzureKey: ProxyReqMutator = async (manager) => {
const req = manager.request;
const validAPIs: APIFormat[] = ["openai", "openai-image"];
const apisValid = [req.outboundApi, req.inboundApi].every((api) =>
validAPIs.includes(api)
);
const serviceValid = req.service === "azure";
if (!apisValid || !serviceValid) {
throw new Error("addAzureKey called on invalid request");
}
@@ -22,11 +24,15 @@ export const addAzureKey: RequestPreprocessor = (req) => {
const model = req.body.model.startsWith("azure-")
? req.body.model
: `azure-${req.body.model}`;
req.key = keyPool.get(model, "azure");
// TODO: untracked mutation to body, I think this should just be a
// RequestPreprocessor because we don't need to do it every dequeue.
req.body.model = model;
const key = keyPool.get(model, "azure");
manager.setKey(key);
// Handles the sole Azure API deviation from the OpenAI spec (that I know of)
// TODO: this should also probably be a RequestPreprocessor
const notNullOrUndefined = (x: any) => x !== null && x !== undefined;
if ([req.body.logprobs, req.body.top_logprobs].some(notNullOrUndefined)) {
// OpenAI wants logprobs: true/false and top_logprobs: number
@@ -43,7 +49,7 @@ export const addAzureKey: RequestPreprocessor = (req) => {
}
req.log.info(
{ key: req.key.hash, model },
{ key: key.hash, model },
"Assigned Azure OpenAI key to request"
);
@@ -55,7 +61,7 @@ export const addAzureKey: RequestPreprocessor = (req) => {
const apiVersion =
req.outboundApi === "openai" ? "2023-09-01-preview" : "2024-02-15-preview";
req.signedRequest = {
manager.setSignedRequest({
method: "POST",
protocol: "https:",
hostname: `${resourceName}.openai.azure.com`,
@@ -66,7 +72,7 @@ export const addAzureKey: RequestPreprocessor = (req) => {
["api-key"]: apiKey,
},
body: JSON.stringify(req.body),
};
});
};
function getCredentialsFromKey(key: AzureOpenAIKey) {
src/proxy/middleware/request/preprocessors/add-google-ai-key.ts → src/proxy/middleware/request/mutators/add-google-ai-key.ts
+17 -12
View File
@@ -1,39 +1,44 @@
import { keyPool } from "../../../../shared/key-management";
import { RequestPreprocessor } from "../index";
import { ProxyReqMutator } from "../index";
export const addGoogleAIKey: RequestPreprocessor = (req) => {
export const addGoogleAIKey: ProxyReqMutator = (manager) => {
const req = manager.request;
const inboundValid =
req.inboundApi === "openai" || req.inboundApi === "google-ai";
const outboundValid = req.outboundApi === "google-ai";
const serviceValid = req.service === "google-ai";
if (!inboundValid || !outboundValid || !serviceValid) {
throw new Error("addGoogleAIKey called on invalid request");
}
const model = req.body.model;
req.isStreaming = req.isStreaming || req.body.stream;
req.key = keyPool.get(model, "google-ai");
const key = keyPool.get(model, "google-ai");
manager.setKey(key);
req.log.info(
{ key: req.key.hash, model, stream: req.isStreaming },
{ key: key.hash, model, stream: req.isStreaming },
"Assigned Google AI API key to request"
);
// https://generativelanguage.googleapis.com/v1beta/models/$MODEL_ID:generateContent?key=$API_KEY
// https://generativelanguage.googleapis.com/v1beta/models/$MODEL_ID:streamGenerateContent?key=${API_KEY}
const payload = { ...req.body, stream: undefined, model: undefined };
req.signedRequest = {
// TODO: this isn't actually signed, so the manager api is a little unclear
// with the ProxyReqManager refactor, it's probably no longer necesasry to
// do this because we can modify the path using Manager.setPath.
manager.setSignedRequest({
method: "POST",
protocol: "https:",
hostname: "generativelanguage.googleapis.com",
path: `/v1beta/models/${model}:${
req.isStreaming ? "streamGenerateContent" : "generateContent"
}?key=${req.key.key}`,
req.isStreaming ? "streamGenerateContent?alt=sse&" : "generateContent?"
}key=${key.key}`,
headers: {
["host"]: `generativelanguage.googleapis.com`,
["content-type"]: "application/json",
},
body: JSON.stringify(payload),
};
});
};
src/proxy/middleware/request/onproxyreq/add-key.ts → src/proxy/middleware/request/mutators/add-key.ts
+20 -17
View File
@@ -2,10 +2,12 @@ import { AnthropicChatMessage } from "../../../../shared/api-schemas";
import { containsImageContent } from "../../../../shared/api-schemas/anthropic";
import { Key, OpenAIKey, keyPool } from "../../../../shared/key-management";
import { isEmbeddingsRequest } from "../../common";
import { HPMRequestCallback } from "../index";
import { assertNever } from "../../../../shared/utils";
import { ProxyReqMutator } from "../index";
export const addKey: ProxyReqMutator = (manager) => {
const req = manager.request;
export const addKey: HPMRequestCallback = (proxyReq, req) => {
let assignedKey: Key;
const { service, inboundApi, outboundApi, body } = req;
@@ -58,7 +60,7 @@ export const addKey: HPMRequestCallback = (proxyReq, req) => {
}
}
req.key = assignedKey;
manager.setKey(assignedKey);
req.log.info(
{ key: assignedKey.hash, model: body.model, inboundApi, outboundApi },
"Assigned key to request"
@@ -67,21 +69,24 @@ export const addKey: HPMRequestCallback = (proxyReq, req) => {
// TODO: KeyProvider should assemble all necessary headers
switch (assignedKey.service) {
case "anthropic":
proxyReq.setHeader("X-API-Key", assignedKey.key);
manager.setHeader("X-API-Key", assignedKey.key);
if (!manager.request.headers["anthropic-version"]) {
manager.setHeader("anthropic-version", "2023-06-01");
}
break;
case "openai":
const key: OpenAIKey = assignedKey as OpenAIKey;
if (key.organizationId) {
proxyReq.setHeader("OpenAI-Organization", key.organizationId);
if (key.organizationId && !key.key.includes("svcacct")) {
manager.setHeader("OpenAI-Organization", key.organizationId);
}
proxyReq.setHeader("Authorization", `Bearer ${assignedKey.key}`);
manager.setHeader("Authorization", `Bearer ${assignedKey.key}`);
break;
case "mistral-ai":
proxyReq.setHeader("Authorization", `Bearer ${assignedKey.key}`);
manager.setHeader("Authorization", `Bearer ${assignedKey.key}`);
break;
case "azure":
const azureKey = assignedKey.key;
proxyReq.setHeader("api-key", azureKey);
manager.setHeader("api-key", azureKey);
break;
case "aws":
case "gcp":
@@ -96,10 +101,8 @@ export const addKey: HPMRequestCallback = (proxyReq, req) => {
* Special case for embeddings requests which don't go through the normal
* request pipeline.
*/
export const addKeyForEmbeddingsRequest: HPMRequestCallback = (
proxyReq,
req
) => {
export const addKeyForEmbeddingsRequest: ProxyReqMutator = (manager) => {
const req = manager.request;
if (!isEmbeddingsRequest(req)) {
throw new Error(
"addKeyForEmbeddingsRequest called on non-embeddings request"
@@ -110,18 +113,18 @@ export const addKeyForEmbeddingsRequest: HPMRequestCallback = (
throw new Error("Embeddings requests must be from OpenAI");
}
req.body = { input: req.body.input, model: "text-embedding-ada-002" };
manager.setBody({ input: req.body.input, model: "text-embedding-ada-002" });
const key = keyPool.get("text-embedding-ada-002", "openai") as OpenAIKey;
req.key = key;
manager.setKey(key);
req.log.info(
{ key: key.hash, toApi: req.outboundApi },
"Assigned Turbo key to embeddings request"
);
proxyReq.setHeader("Authorization", `Bearer ${key.key}`);
manager.setHeader("Authorization", `Bearer ${key.key}`);
if (key.organizationId) {
proxyReq.setHeader("OpenAI-Organization", key.organizationId);
manager.setHeader("OpenAI-Organization", key.organizationId);
}
};
src/proxy/middleware/request/mutators/finalize-body.ts
+22
View File
@@ -0,0 +1,22 @@
import type { ProxyReqMutator } from "../index";
/** Finalize the rewritten request body. Must be the last mutator. */
export const finalizeBody: ProxyReqMutator = (manager) => {
const req = manager.request;
if (["POST", "PUT", "PATCH"].includes(req.method ?? "") && req.body) {
// For image generation requests, remove stream flag.
if (req.outboundApi === "openai-image") {
delete req.body.stream;
}
// For anthropic text to chat requests, remove undefined prompt.
if (req.outboundApi === "anthropic-chat") {
delete req.body.prompt;
}
const serialized =
typeof req.body === "string" ? req.body : JSON.stringify(req.body);
manager.setHeader("Content-Length", String(Buffer.byteLength(serialized)));
manager.setBody(serialized);
}
};
src/proxy/middleware/request/mutators/finalize-signed-request.ts
+32
View File
@@ -0,0 +1,32 @@
import { ProxyReqMutator } from "../index";
/**
* For AWS/GCP/Azure/Google requests, the body is signed earlier in the request
* pipeline, before the proxy middleware. This function just assigns the path
* and headers to the proxy request.
*/
export const finalizeSignedRequest: ProxyReqMutator = (manager) => {
const req = manager.request;
if (!req.signedRequest) {
throw new Error("Expected req.signedRequest to be set");
}
// The path depends on the selected model and the assigned key's region.
manager.setPath(req.signedRequest.path);
// Amazon doesn't want extra headers, so we need to remove all of them and
// reassign only the ones specified in the signed request.
const headers = req.signedRequest.headers;
Object.keys(headers).forEach((key) => {
manager.removeHeader(key);
});
Object.entries(req.signedRequest.headers).forEach(([key, value]) => {
manager.setHeader(key, value);
});
const serialized =
typeof req.signedRequest.body === "string"
? req.signedRequest.body
: JSON.stringify(req.signedRequest.body);
manager.setHeader("Content-Length", String(Buffer.byteLength(serialized)));
manager.setBody(serialized);
};
src/proxy/middleware/request/preprocessors/sign-aws-request.ts → src/proxy/middleware/request/mutators/sign-aws-request.ts
+12 -28
View File
@@ -7,11 +7,11 @@ import {
AnthropicV1MessagesSchema,
} from "../../../../shared/api-schemas";
import { AwsBedrockKey, keyPool } from "../../../../shared/key-management";
import { RequestPreprocessor } from "../index";
import {
AWSMistralV1ChatCompletionsSchema,
AWSMistralV1TextCompletionsSchema,
} from "../../../../shared/api-schemas/mistral-ai";
import { ProxyReqMutator } from "../index";
const AMZ_HOST =
process.env.AMZ_HOST || "bedrock-runtime.%REGION%.amazonaws.com";
@@ -21,32 +21,24 @@ const AMZ_HOST =
* request object in place to fix the path.
* This happens AFTER request transformation.
*/
export const signAwsRequest: RequestPreprocessor = async (req) => {
export const signAwsRequest: ProxyReqMutator = async (manager) => {
const req = manager.request;
const { model, stream } = req.body;
req.key = keyPool.get(model, "aws");
req.isStreaming = stream === true || stream === "true";
// same as addAnthropicPreamble for non-AWS requests, but has to happen here
if (req.outboundApi === "anthropic-text") {
let preamble = req.body.prompt.startsWith("\n\nHuman:") ? "" : "\n\nHuman:";
req.body.prompt = preamble + req.body.prompt;
}
const key = keyPool.get(model, "aws") as AwsBedrockKey;
manager.setKey(key);
const credential = getCredentialParts(req);
const host = AMZ_HOST.replace("%REGION%", credential.region);
// AWS only uses 2023-06-01 and does not actually check this header, but we
// set it so that the stream adapter always selects the correct transformer.
req.headers["anthropic-version"] = "2023-06-01";
manager.setHeader("anthropic-version", "2023-06-01");
// If our key has an inference profile compatible with the requested model,
// we want to use the inference profile instead of the model ID when calling
// InvokeModel as that will give us higher rate limits.
const profile =
(req.key as AwsBedrockKey).inferenceProfileIds.find((p) =>
p.includes(model)
) || model;
key.inferenceProfileIds.find((p) => p.includes(model)) || model;
// Uses the AWS SDK to sign a request, then modifies our HPM proxy request
// with the headers generated by the SDK.
@@ -59,7 +51,7 @@ export const signAwsRequest: RequestPreprocessor = async (req) => {
["Host"]: host,
["content-type"]: "application/json",
},
body: JSON.stringify(applyAwsStrictValidation(req)),
body: JSON.stringify(getStrictlyValidatedBodyForAws(req)),
});
if (stream) {
@@ -68,19 +60,13 @@ export const signAwsRequest: RequestPreprocessor = async (req) => {
newRequest.headers["accept"] = "*/*";
}
const { key, body, inboundApi, outboundApi } = req;
const { body, inboundApi, outboundApi } = req;
req.log.info(
{
key: key.hash,
model: body.model,
inferenceProfile: profile,
inboundApi,
outboundApi,
},
{ key: key.hash, model: body.model, profile, inboundApi, outboundApi },
"Assigned AWS credentials to request"
);
req.signedRequest = await sign(newRequest, getCredentialParts(req));
manager.setSignedRequest(await sign(newRequest, getCredentialParts(req)));
};
type Credential = {
@@ -116,7 +102,7 @@ async function sign(request: HttpRequest, credential: Credential) {
return signer.sign(request);
}
function applyAwsStrictValidation(req: Request): unknown {
function getStrictlyValidatedBodyForAws(req: Readonly<Request>): unknown {
// AWS uses vendor API formats but imposes additional (more strict) validation
// rules, namely that extraneous parameters are not allowed. We will validate
// using the vendor's zod schema but apply `.strip` to ensure that any
@@ -144,8 +130,6 @@ function applyAwsStrictValidation(req: Request): unknown {
temperature: true,
top_k: true,
top_p: true,
tools: true,
tool_choice: true,
})
.strip()
.parse(req.body);
src/proxy/middleware/request/mutators/sign-vertex-ai-request.ts
+75
View File
@@ -0,0 +1,75 @@
import { AnthropicV1MessagesSchema } from "../../../../shared/api-schemas";
import { GcpKey, keyPool } from "../../../../shared/key-management";
import { ProxyReqMutator } from "../index";
import {
getCredentialsFromGcpKey,
refreshGcpAccessToken,
} from "../../../../shared/key-management/gcp/oauth";
const GCP_HOST = process.env.GCP_HOST || "%REGION%-aiplatform.googleapis.com";
export const signGcpRequest: ProxyReqMutator = async (manager) => {
const req = manager.request;
const serviceValid = req.service === "gcp";
if (!serviceValid) {
throw new Error("addVertexAIKey called on invalid request");
}
if (!req.body?.model) {
throw new Error("You must specify a model with your request.");
}
const { model } = req.body;
const key: GcpKey = keyPool.get(model, "gcp") as GcpKey;
if (!key.accessToken || Date.now() > key.accessTokenExpiresAt) {
const [token, durationSec] = await refreshGcpAccessToken(key);
keyPool.update(key, {
accessToken: token,
accessTokenExpiresAt: Date.now() + durationSec * 1000 * 0.95,
} as GcpKey);
// nb: key received by `get` is a clone and will not have the new access
// token we just set, so it must be manually updated.
key.accessToken = token;
}
manager.setKey(key);
req.log.info({ key: key.hash, model }, "Assigned GCP key to request");
// TODO: This should happen in transform-outbound-payload.ts
// TODO: Support tools
let strippedParams: Record<string, unknown>;
strippedParams = AnthropicV1MessagesSchema.pick({
messages: true,
system: true,
max_tokens: true,
stop_sequences: true,
temperature: true,
top_k: true,
top_p: true,
stream: true,
})
.strip()
.parse(req.body);
strippedParams.anthropic_version = "vertex-2023-10-16";
const credential = await getCredentialsFromGcpKey(key);
const host = GCP_HOST.replace("%REGION%", credential.region);
// GCP doesn't use the anthropic-version header, but we set it to ensure the
// stream adapter selects the correct transformer.
manager.setHeader("anthropic-version", "2023-06-01");
manager.setSignedRequest({
method: "POST",
protocol: "https:",
hostname: host,
path: `/v1/projects/${credential.projectId}/locations/${credential.region}/publishers/anthropic/models/${model}:streamRawPredict`,
headers: {
["host"]: host,
["content-type"]: "application/json",
["authorization"]: `Bearer ${key.accessToken}`,
},
body: JSON.stringify(strippedParams),
});
};
src/proxy/middleware/request/mutators/strip-headers.ts
+33
View File
@@ -0,0 +1,33 @@
import { ProxyReqMutator } from "../index";
/**
* Removes origin and referer headers before sending the request to the API for
* privacy reasons.
*/
export const stripHeaders: ProxyReqMutator = (manager) => {
manager.removeHeader("origin");
manager.removeHeader("referer");
// Some APIs refuse requests coming from browsers to discourage embedding
// API keys in client-side code, so we must remove all CORS/fetch headers.
Object.keys(manager.request.headers).forEach((key) => {
if (key.startsWith("sec-")) {
manager.removeHeader(key);
}
});
manager.removeHeader("tailscale-user-login");
manager.removeHeader("tailscale-user-name");
manager.removeHeader("tailscale-headers-info");
manager.removeHeader("tailscale-user-profile-pic");
manager.removeHeader("cf-connecting-ip");
manager.removeHeader("cf-ray");
manager.removeHeader("cf-visitor");
manager.removeHeader("cf-warp-tag-id");
manager.removeHeader("forwarded");
manager.removeHeader("true-client-ip");
manager.removeHeader("x-forwarded-for");
manager.removeHeader("x-forwarded-host");
manager.removeHeader("x-forwarded-proto");
manager.removeHeader("x-real-ip");
};
src/proxy/middleware/request/onproxyreq-factory.ts
-45
View File
@@ -1,45 +0,0 @@
import {
applyQuotaLimits,
blockZoomerOrigins,
checkModelFamily,
HPMRequestCallback,
stripHeaders,
} from "./index";
type ProxyReqHandlerFactoryOptions = { pipeline: HPMRequestCallback[] };
/**
* Returns an http-proxy-middleware request handler that runs the given set of
* onProxyReq callback functions in sequence.
*
* These will run each time a request is proxied, including on automatic retries
* by the queue after encountering a rate limit.
*/
export const createOnProxyReqHandler = ({
pipeline,
}: ProxyReqHandlerFactoryOptions): HPMRequestCallback => {
const callbackPipeline = [
checkModelFamily,
applyQuotaLimits,
blockZoomerOrigins,
stripHeaders,
...pipeline,
];
return (proxyReq, req, res, options) => {
// The streaming flag must be set before any other onProxyReq handler runs,
// as it may influence the behavior of subsequent handlers.
// Image generation requests can't be streamed.
// TODO: this flag is set in too many places
req.isStreaming =
req.isStreaming || req.body.stream === true || req.body.stream === "true";
req.body.stream = req.isStreaming;
try {
for (const fn of callbackPipeline) {
fn(proxyReq, req, res, options);
}
} catch (error) {
proxyReq.destroy(error);
}
};
};
src/proxy/middleware/request/onproxyreq/add-anthropic-preamble.ts
-33
View File
@@ -1,33 +0,0 @@
import { AnthropicKey, Key } from "../../../../shared/key-management";
import { isTextGenerationRequest } from "../../common";
import { HPMRequestCallback } from "../index";
/**
* Some keys require the prompt to start with `\n\nHuman:`. There is no way to
* know this without trying to send the request and seeing if it fails. If a
* key is marked as requiring a preamble, it will be added here.
*/
export const addAnthropicPreamble: HPMRequestCallback = (_proxyReq, req) => {
if (
!isTextGenerationRequest(req) ||
req.key?.service !== "anthropic" ||
req.outboundApi !== "anthropic-text"
) {
return;
}
let preamble = "";
let prompt = req.body.prompt;
assertAnthropicKey(req.key);
if (req.key.requiresPreamble && prompt) {
preamble = prompt.startsWith("\n\nHuman:") ? "" : "\n\nHuman:";
req.log.debug({ key: req.key.hash, preamble }, "Adding preamble to prompt");
}
req.body.prompt = preamble + prompt;
};
function assertAnthropicKey(key: Key): asserts key is AnthropicKey {
if (key.service !== "anthropic") {
throw new Error(`Expected an Anthropic key, got '${key.service}'`);
}
}
src/proxy/middleware/request/onproxyreq/finalize-body.ts
-23
View File
@@ -1,23 +0,0 @@
import { fixRequestBody } from "http-proxy-middleware";
import type { HPMRequestCallback } from "../index";
/** Finalize the rewritten request body. Must be the last rewriter. */
export const finalizeBody: HPMRequestCallback = (proxyReq, req) => {
if (["POST", "PUT", "PATCH"].includes(req.method ?? "") && req.body) {
// For image generation requests, remove stream flag.
if (req.outboundApi === "openai-image") {
delete req.body.stream;
}
// For anthropic text to chat requests, remove undefined prompt.
if (req.outboundApi === "anthropic-chat") {
delete req.body.prompt;
}
const updatedBody = JSON.stringify(req.body);
proxyReq.setHeader("Content-Length", Buffer.byteLength(updatedBody));
(req as any).rawBody = Buffer.from(updatedBody);
// body-parser and http-proxy-middleware don't play nice together
fixRequestBody(proxyReq, req);
}
};
src/proxy/middleware/request/onproxyreq/finalize-signed-request.ts
-26
View File
@@ -1,26 +0,0 @@
import type { HPMRequestCallback } from "../index";
/**
* For AWS/GCP/Azure/Google requests, the body is signed earlier in the request
* pipeline, before the proxy middleware. This function just assigns the path
* and headers to the proxy request.
*/
export const finalizeSignedRequest: HPMRequestCallback = (proxyReq, req) => {
if (!req.signedRequest) {
throw new Error("Expected req.signedRequest to be set");
}
// The path depends on the selected model and the assigned key's region.
proxyReq.path = req.signedRequest.path;
// Amazon doesn't want extra headers, so we need to remove all of them and
// reassign only the ones specified in the signed request.
proxyReq.getRawHeaderNames().forEach(proxyReq.removeHeader.bind(proxyReq));
Object.entries(req.signedRequest.headers).forEach(([key, value]) => {
proxyReq.setHeader(key, value);
});
// Don't use fixRequestBody here because it adds a content-length header.
// Amazon doesn't want that and it breaks the signature.
proxyReq.write(req.signedRequest.body);
};
src/proxy/middleware/request/onproxyreq/strip-headers.ts
-21
View File
@@ -1,21 +0,0 @@
import { HPMRequestCallback } from "../index";
/**
* Removes origin and referer headers before sending the request to the API for
* privacy reasons.
**/
export const stripHeaders: HPMRequestCallback = (proxyReq) => {
proxyReq.setHeader("origin", "");
proxyReq.setHeader("referer", "");
proxyReq.removeHeader("tailscale-user-login");
proxyReq.removeHeader("tailscale-user-name");
proxyReq.removeHeader("tailscale-headers-info");
proxyReq.removeHeader("tailscale-user-profile-pic")
proxyReq.removeHeader("cf-connecting-ip");
proxyReq.removeHeader("forwarded");
proxyReq.removeHeader("true-client-ip");
proxyReq.removeHeader("x-forwarded-for");
proxyReq.removeHeader("x-forwarded-host");
proxyReq.removeHeader("x-forwarded-proto");
proxyReq.removeHeader("x-real-ip");
};
src/proxy/middleware/request/preprocessor-factory.ts
+21 -10
View File
@@ -4,12 +4,15 @@ import { initializeSseStream } from "../../../shared/streaming";
import { classifyErrorAndSend } from "../common";
import {
RequestPreprocessor,
blockZoomerOrigins,
countPromptTokens,
languageFilter,
setApiFormat,
transformOutboundPayload,
validateContextSize,
validateModelFamily,
validateVision,
applyQuotaLimits,
} from ".";
type RequestPreprocessorOptions = {
@@ -30,14 +33,15 @@ type RequestPreprocessorOptions = {
/**
* Returns a middleware function that processes the request body into the given
* API format, and then sequentially runs the given additional preprocessors.
* These should be used for validation and transformations that only need to
* happen once per request.
*
* These run first in the request lifecycle, a single time per request before it
* is added to the request queue. They aren't run again if the request is
* re-attempted after a rate limit.
*
* To run a preprocessor on every re-attempt, pass it to createQueueMiddleware.
* It will run after these preprocessors, but before the request is sent to
* http-proxy-middleware.
* To run functions against requests every time they are re-attempted, write a
* ProxyReqMutator and pass it to createQueuedProxyMiddleware instead.
*/
export const createPreprocessorMiddleware = (
apiFormat: Parameters<typeof setApiFormat>[0],
@@ -45,6 +49,7 @@ export const createPreprocessorMiddleware = (
): RequestHandler => {
const preprocessors: RequestPreprocessor[] = [
setApiFormat(apiFormat),
blockZoomerOrigins,
...(beforeTransform ?? []),
transformOutboundPayload,
countPromptTokens,
@@ -52,6 +57,8 @@ export const createPreprocessorMiddleware = (
...(afterTransform ?? []),
validateContextSize,
validateVision,
validateModelFamily,
applyQuotaLimits,
];
return async (...args) => executePreprocessors(preprocessors, args);
};
@@ -83,10 +90,10 @@ async function executePreprocessors(
next();
} catch (error) {
if (error.constructor.name === "ZodError") {
const msg = error?.issues
const issues = error?.issues
?.map((issue: ZodIssue) => `${issue.path.join(".")}: ${issue.message}`)
.join("; ");
req.log.warn({ issues: msg }, "Prompt validation failed.");
req.log.warn({ issues }, "Prompt failed preprocessor validation.");
} else {
req.log.error(error, "Error while executing request preprocessor");
}
@@ -136,8 +143,15 @@ const handleTestMessage: RequestHandler = (req, res) => {
completion: "Hello!",
// anthropic chat
content: [{ type: "text", text: "Hello!" }],
// gemini
candidates: [
{
content: { parts: [{ text: "Hello!" }] },
finishReason: "stop",
},
],
proxy_note:
"This response was generated by the proxy's test message handler and did not go to the API.",
"SillyTavern connection test detected. Your prompt was not sent to the actual model and this response was generated by the proxy.",
});
}
};
@@ -152,10 +166,7 @@ function isTestMessage(body: any) {
messages[0].content === "Hi"
);
} else if (contents) {
return (
contents.length === 1 &&
contents[0].parts[0]?.text === "Hi"
);
return contents.length === 1 && contents[0].parts[0]?.text === "Hi";
} else {
return (
prompt?.trim() === "Human: Hi\n\nAssistant:" ||
src/proxy/middleware/request/preprocessors/apply-quota-limits.ts
+2 -2
View File
@@ -1,6 +1,6 @@
import { hasAvailableQuota } from "../../../../shared/users/user-store";
import { isImageGenerationRequest, isTextGenerationRequest } from "../../common";
import { HPMRequestCallback } from "../index";
import { RequestPreprocessor } from "../index";
export class QuotaExceededError extends Error {
public quotaInfo: any;
@@ -11,7 +11,7 @@ export class QuotaExceededError extends Error {
}
}
export const applyQuotaLimits: HPMRequestCallback = (_proxyReq, req) => {
export const applyQuotaLimits: RequestPreprocessor = (req) => {
const subjectToQuota =
isTextGenerationRequest(req) || isImageGenerationRequest(req);
if (!subjectToQuota || !req.user) return;
src/proxy/middleware/request/onproxyreq/block-zoomer-origins.ts → src/proxy/middleware/request/preprocessors/block-zoomer-origins.ts
+2 -2
View File
@@ -1,4 +1,4 @@
import { HPMRequestCallback } from "../index";
import { RequestPreprocessor } from "../index";
const DISALLOWED_ORIGIN_SUBSTRINGS = "janitorai.com,janitor.ai".split(",");
@@ -13,7 +13,7 @@ class ZoomerForbiddenError extends Error {
* Blocks requests from Janitor AI users with a fake, scary error message so I
* stop getting emails asking for tech support.
*/
export const blockZoomerOrigins: HPMRequestCallback = (_proxyReq, req) => {
export const blockZoomerOrigins: RequestPreprocessor = (req) => {
const origin = req.headers.origin || req.headers.referer;
if (origin && DISALLOWED_ORIGIN_SUBSTRINGS.some((s) => origin.includes(s))) {
// Venus-derivatives send a test prompt to check if the proxy is working.
src/proxy/middleware/request/preprocessors/count-prompt-tokens.ts
+1 -1
View File
@@ -17,7 +17,7 @@ export const countPromptTokens: RequestPreprocessor = async (req) => {
switch (service) {
case "openai": {
req.outputTokens = req.body.max_tokens;
req.outputTokens = req.body.max_completion_tokens || req.body.max_tokens;
const prompt: OpenAIChatMessage[] = req.body.messages;
result = await countTokens({ req, prompt, service });
break;
src/proxy/middleware/request/preprocessors/language-filter.ts
+13 -2
View File
@@ -1,4 +1,5 @@
import { Request } from "express";
import { z } from "zod";
import { config } from "../../../../config";
import { assertNever } from "../../../../shared/utils";
import { RequestPreprocessor } from "../index";
@@ -8,6 +9,7 @@ import {
OpenAIChatMessage,
flattenAnthropicMessages,
} from "../../../../shared/api-schemas";
import { GoogleAIV1GenerateContentSchema } from "../../../../shared/api-schemas/google-ai";
const rejectedClients = new Map<string, number>();
@@ -50,6 +52,10 @@ export const languageFilter: RequestPreprocessor = async (req) => {
}
};
/*
TODO: this is not type safe and does not raise errors if request body zod schema
is changed.
*/
function getPromptFromRequest(req: Request) {
const service = req.outboundApi;
const body = req.body;
@@ -75,8 +81,13 @@ function getPromptFromRequest(req: Request) {
case "openai-image":
case "mistral-text":
return body.prompt;
case "google-ai":
return body.prompt.text;
case "google-ai": {
const b = body as z.infer<typeof GoogleAIV1GenerateContentSchema>;
return [
b.systemInstruction?.parts.map((p) => p.text),
...b.contents.flatMap((c) => c.parts.map((p) => p.text)),
].join("\n");
}
default:
assertNever(service);
}
src/proxy/middleware/request/preprocessors/set-api-format.ts
+14
View File
@@ -4,8 +4,22 @@ import { LLMService } from "../../../../shared/models";
import { RequestPreprocessor } from "../index";
export const setApiFormat = (api: {
/**
* The API format the user made the request in and expects the response to be
* in.
*/
inApi: Request["inboundApi"];
/**
* The API format the proxy will make the request in and expects the response
* to be in. If different from `inApi`, the proxy will transform the user's
* request body to this format, and will transform the response body or stream
* events from this format.
*/
outApi: APIFormat;
/**
* The service the request will be sent to, which determines authentication
* and possibly the streaming transport.
*/
service: LLMService;
}): RequestPreprocessor => {
return function configureRequestApiFormat(req) {
src/proxy/middleware/request/preprocessors/sign-vertex-ai-request.ts
-202
View File
@@ -1,202 +0,0 @@
import express from "express";
import crypto from "crypto";
import { keyPool } from "../../../../shared/key-management";
import { RequestPreprocessor } from "../index";
import { AnthropicV1MessagesSchema } from "../../../../shared/api-schemas";
const GCP_HOST = process.env.GCP_HOST || "%REGION%-aiplatform.googleapis.com";
export const signGcpRequest: RequestPreprocessor = async (req) => {
const serviceValid = req.service === "gcp";
if (!serviceValid) {
throw new Error("addVertexAIKey called on invalid request");
}
if (!req.body?.model) {
throw new Error("You must specify a model with your request.");
}
const { model, stream } = req.body;
req.key = keyPool.get(model, "gcp");
req.log.info({ key: req.key.hash, model }, "Assigned GCP key to request");
req.isStreaming = String(stream) === "true";
// TODO: This should happen in transform-outbound-payload.ts
let strippedParams: Record<string, unknown>;
strippedParams = AnthropicV1MessagesSchema.pick({
messages: true,
system: true,
max_tokens: true,
stop_sequences: true,
temperature: true,
top_k: true,
top_p: true,
tools: true,
tool_choice: true,
stream: true,
})
.strip()
.parse(req.body);
strippedParams.anthropic_version = "vertex-2023-10-16";
const [accessToken, credential] = await getAccessToken(req);
const host = GCP_HOST.replace("%REGION%", credential.region);
// GCP doesn't use the anthropic-version header, but we set it to ensure the
// stream adapter selects the correct transformer.
req.headers["anthropic-version"] = "2023-06-01";
req.signedRequest = {
method: "POST",
protocol: "https:",
hostname: host,
path: `/v1/projects/${credential.projectId}/locations/${credential.region}/publishers/anthropic/models/${model}:streamRawPredict`,
headers: {
["host"]: host,
["content-type"]: "application/json",
["authorization"]: `Bearer ${accessToken}`,
},
body: JSON.stringify(strippedParams),
};
};
async function getAccessToken(
req: express.Request
): Promise<[string, Credential]> {
// TODO: access token caching to reduce latency
const credential = getCredentialParts(req);
const signedJWT = await createSignedJWT(
credential.clientEmail,
credential.privateKey
);
const [accessToken, jwtError] = await exchangeJwtForAccessToken(signedJWT);
if (accessToken === null) {
req.log.warn(
{ key: req.key!.hash, jwtError },
"Unable to get the access token"
);
throw new Error("The access token is invalid.");
}
return [accessToken, credential];
}
async function createSignedJWT(email: string, pkey: string): Promise<string> {
let cryptoKey = await crypto.subtle.importKey(
"pkcs8",
str2ab(atob(pkey)),
{
name: "RSASSA-PKCS1-v1_5",
hash: { name: "SHA-256" },
},
false,
["sign"]
);
const authUrl = "https://www.googleapis.com/oauth2/v4/token";
const issued = Math.floor(Date.now() / 1000);
const expires = issued + 600;
const header = {
alg: "RS256",
typ: "JWT",
};
const payload = {
iss: email,
aud: authUrl,
iat: issued,
exp: expires,
scope: "https://www.googleapis.com/auth/cloud-platform",
};
const encodedHeader = urlSafeBase64Encode(JSON.stringify(header));
const encodedPayload = urlSafeBase64Encode(JSON.stringify(payload));
const unsignedToken = `${encodedHeader}.${encodedPayload}`;
const signature = await crypto.subtle.sign(
"RSASSA-PKCS1-v1_5",
cryptoKey,
str2ab(unsignedToken)
);
const encodedSignature = urlSafeBase64Encode(signature);
return `${unsignedToken}.${encodedSignature}`;
}
async function exchangeJwtForAccessToken(
signedJwt: string
): Promise<[string | null, string]> {
const authUrl = "https://www.googleapis.com/oauth2/v4/token";
const params = {
grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
assertion: signedJwt,
};
const r = await fetch(authUrl, {
method: "POST",
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: Object.entries(params)
.map(([k, v]) => `${k}=${v}`)
.join("&"),
}).then((res) => res.json());
if (r.access_token) {
return [r.access_token, ""];
}
return [null, JSON.stringify(r)];
}
function str2ab(str: string): ArrayBuffer {
const buffer = new ArrayBuffer(str.length);
const bufferView = new Uint8Array(buffer);
for (let i = 0; i < str.length; i++) {
bufferView[i] = str.charCodeAt(i);
}
return buffer;
}
function urlSafeBase64Encode(data: string | ArrayBuffer): string {
let base64: string;
if (typeof data === "string") {
base64 = btoa(
encodeURIComponent(data).replace(/%([0-9A-F]{2})/g, (match, p1) =>
String.fromCharCode(parseInt("0x" + p1, 16))
)
);
} else {
base64 = btoa(String.fromCharCode(...new Uint8Array(data)));
}
return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
}
type Credential = {
projectId: string;
clientEmail: string;
region: string;
privateKey: string;
};
function getCredentialParts(req: express.Request): Credential {
const [projectId, clientEmail, region, rawPrivateKey] =
req.key!.key.split(":");
if (!projectId || !clientEmail || !region || !rawPrivateKey) {
req.log.error(
{ key: req.key!.hash },
"GCP_CREDENTIALS isn't correctly formatted; refer to the docs"
);
throw new Error("The key assigned to this request is invalid.");
}
const privateKey = rawPrivateKey
.replace(
/-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----|\r|\n|\\n/g,
""
)
.trim();
return { projectId, clientEmail, region, privateKey };
}
src/proxy/middleware/request/preprocessors/transform-outbound-payload.ts
+2 -9
View File
@@ -35,15 +35,8 @@ export const transformOutboundPayload: RequestPreprocessor = async (req) => {
// target API format. We don't need to transform them.
const isNativePrompt = req.inboundApi === req.outboundApi;
if (isNativePrompt) {
const result = API_REQUEST_VALIDATORS[req.inboundApi].safeParse(req.body);
if (!result.success) {
req.log.warn(
{ issues: result.error.issues, body: req.body },
"Native prompt request validation failed."
);
throw result.error;
}
req.body = result.data;
const result = API_REQUEST_VALIDATORS[req.inboundApi].parse(req.body);
req.body = result;
return;
}
src/proxy/middleware/request/preprocessors/validate-context-size.ts
+5 -1
View File
@@ -7,7 +7,7 @@ import { RequestPreprocessor } from "../index";
const CLAUDE_MAX_CONTEXT = config.maxContextTokensAnthropic;
const OPENAI_MAX_CONTEXT = config.maxContextTokensOpenAI;
// todo: make configurable
const GOOGLE_AI_MAX_CONTEXT = 1024000;
const GOOGLE_AI_MAX_CONTEXT = 2048000;
const MISTRAL_AI_MAX_CONTENT = 131072;
/**
@@ -68,6 +68,10 @@ export const validateContextSize: RequestPreprocessor = async (req) => {
modelMax = 131072;
} else if (model.match(/^gpt-4(-\d{4})?-vision(-preview)?$/)) {
modelMax = 131072;
} else if (model.match(/^o1-mini(-\d{4}-\d{2}-\d{2})?$/)) {
modelMax = 128000;
} else if (model.match(/^o1(-preview)?(-\d{4}-\d{2}-\d{2})?$/)) {
modelMax = 128000;
} else if (model.match(/gpt-3.5-turbo/)) {
modelMax = 16384;
} else if (model.match(/gpt-4-32k/)) {
src/proxy/middleware/request/onproxyreq/check-model-family.ts → src/proxy/middleware/request/preprocessors/validate-model-family.ts
+2 -2
View File
@@ -1,12 +1,12 @@
import { config } from "../../../../config";
import { ForbiddenError } from "../../../../shared/errors";
import { getModelFamilyForRequest } from "../../../../shared/models";
import { HPMRequestCallback } from "../index";
import { RequestPreprocessor } from "../index";
/**
* Ensures the selected model family is enabled by the proxy configuration.
*/
export const checkModelFamily: HPMRequestCallback = (_proxyReq, req) => {
export const validateModelFamily: RequestPreprocessor = (req) => {
const family = getModelFamilyForRequest(req);
if (!config.allowedModelFamilies.includes(family)) {
throw new ForbiddenError(
src/proxy/middleware/request/proxy-middleware-factory.ts
+135
View File
@@ -0,0 +1,135 @@
import { Request, Response } from "express";
import http from "http";
import ProxyServer from "http-proxy";
import { Readable } from "stream";
import {
createProxyMiddleware,
Options,
debugProxyErrorsPlugin,
proxyEventsPlugin,
} from "http-proxy-middleware";
import { ProxyReqMutator, stripHeaders } from "./index";
import { createOnProxyResHandler, ProxyResHandlerWithBody } from "../response";
import { createQueueMiddleware } from "../../queue";
import { getHttpAgents } from "../../../shared/network";
import { classifyErrorAndSend } from "../common";
/**
* Options for the `createQueuedProxyMiddleware` factory function.
*/
type ProxyMiddlewareFactoryOptions = {
/**
* Functions which receive a ProxyReqManager and can modify the request before
* it is proxied. The modifications will be automatically reverted if the
* request needs to be returned to the queue.
*/
mutations?: ProxyReqMutator[];
/**
* The target URL to proxy requests to. This can be a string or a function
* which accepts the request and returns a string.
*/
target: string | Options<Request>["router"];
/**
* A function which receives the proxy response and the JSON-decoded request
* body. Only fired for non-streaming responses; streaming responses are
* handled in `handle-streaming-response.ts`.
*/
blockingResponseHandler?: ProxyResHandlerWithBody;
};
/**
* Returns a middleware function that accepts incoming requests and places them
* into the request queue. When the request is dequeued, it is proxied to the
* target URL using the given options and middleware. Non-streaming responses
* are handled by the given `blockingResponseHandler`.
*/
export function createQueuedProxyMiddleware({
target,
mutations,
blockingResponseHandler,
}: ProxyMiddlewareFactoryOptions) {
const hpmTarget = typeof target === "string" ? target : "https://setbyrouter";
const hpmRouter = typeof target === "function" ? target : undefined;
const [httpAgent, httpsAgent] = getHttpAgents();
const agent = hpmTarget.startsWith("http:") ? httpAgent : httpsAgent;
const proxyMiddleware = createProxyMiddleware<Request, Response>({
target: hpmTarget,
router: hpmRouter,
agent,
changeOrigin: true,
toProxy: true,
selfHandleResponse: typeof blockingResponseHandler === "function",
// Disable HPM logger plugin (requires re-adding the other default plugins).
// Contrary to name, debugProxyErrorsPlugin is not just for debugging and
// fixes several error handling/connection close issues in http-proxy core.
ejectPlugins: true,
// Inferred (via Options<express.Request>) as Plugin<express.Request>, but
// the default plugins only allow http.IncomingMessage for TReq. They are
// compatible with express.Request, so we can use them. `Plugin` type is not
// exported for some reason.
plugins: [
debugProxyErrorsPlugin,
pinoLoggerPlugin,
proxyEventsPlugin,
] as any,
on: {
proxyRes: createOnProxyResHandler(
blockingResponseHandler ? [blockingResponseHandler] : []
),
error: classifyErrorAndSend,
},
buffer: ((req: Request) => {
// This is a hack/monkey patch and is not part of the official
// http-proxy-middleware package. See patches/http-proxy+1.18.1.patch.
let payload = req.body;
if (typeof payload === "string") {
payload = Buffer.from(payload);
}
const stream = new Readable();
stream.push(payload);
stream.push(null);
return stream;
}) as any,
});
return createQueueMiddleware({
mutations: [stripHeaders, ...(mutations ?? [])],
proxyMiddleware,
});
}
type ProxiedResponse = http.IncomingMessage & Response & any;
function pinoLoggerPlugin(proxyServer: ProxyServer<Request>) {
proxyServer.on("error", (err, req, res, target) => {
req.log.error(
{ originalUrl: req.originalUrl, targetUrl: String(target), err },
"Error occurred while proxying request to target"
);
});
proxyServer.on("proxyReq", (proxyReq, req) => {
const { protocol, host, path } = proxyReq;
req.log.info(
{
from: req.originalUrl,
to: `${protocol}//${host}${path}`,
},
"Sending request to upstream API..."
);
});
proxyServer.on("proxyRes", (proxyRes: ProxiedResponse, req, _res) => {
const { protocol, host, path } = proxyRes.req;
req.log.info(
{
target: `${protocol}//${host}${path}`,
status: proxyRes.statusCode,
contentType: proxyRes.headers["content-type"],
contentEncoding: proxyRes.headers["content-encoding"],
contentLength: proxyRes.headers["content-length"],
transferEncoding: proxyRes.headers["transfer-encoding"],
},
"Got response from upstream API."
);
});
}
src/proxy/middleware/request/proxy-req-manager.ts
+112
View File
@@ -0,0 +1,112 @@
import { Request } from "express";
import { Key } from "../../../shared/key-management";
import { assertNever } from "../../../shared/utils";
/**
* Represents a change to the request that will be reverted if the request
* fails.
*/
interface ProxyReqMutation {
target: "header" | "path" | "body" | "api-key" | "signed-request";
key?: string;
originalValue: any | undefined;
}
/**
* Manages a request's headers, body, and path, allowing them to be modified
* before the request is proxied and automatically reverted if the request
* needs to be retried.
*/
export class ProxyReqManager {
private req: Request;
private mutations: ProxyReqMutation[] = [];
/**
* A read-only proxy of the request object. Avoid changing any properties
* here as they will persist across retries.
*/
public readonly request: Readonly<Request>;
constructor(req: Request) {
this.req = req;
this.request = new Proxy(req, {
get: (target, prop) => {
if (typeof prop === "string") return target[prop as keyof Request];
return undefined;
},
});
}
setHeader(name: string, newValue: string): void {
const originalValue = this.req.get(name);
this.mutations.push({ target: "header", key: name, originalValue });
this.req.headers[name.toLowerCase()] = newValue;
}
removeHeader(name: string): void {
const originalValue = this.req.get(name);
this.mutations.push({ target: "header", key: name, originalValue });
delete this.req.headers[name.toLowerCase()];
}
setBody(newBody: any): void {
const originalValue = this.req.body;
this.mutations.push({ target: "body", key: "body", originalValue });
this.req.body = newBody;
}
setKey(newKey: Key): void {
const originalValue = this.req.key;
this.mutations.push({ target: "api-key", key: "key", originalValue });
this.req.key = newKey;
}
setPath(newPath: string): void {
const originalValue = this.req.path;
this.mutations.push({ target: "path", key: "path", originalValue });
this.req.url = newPath;
}
setSignedRequest(newSignedRequest: typeof this.req.signedRequest): void {
const originalValue = this.req.signedRequest;
this.mutations.push({ target: "signed-request", key: "signedRequest", originalValue });
this.req.signedRequest = newSignedRequest;
}
hasChanged(): boolean {
return this.mutations.length > 0;
}
revert(): void {
for (const mutation of this.mutations.reverse()) {
switch (mutation.target) {
case "header":
if (mutation.originalValue === undefined) {
delete this.req.headers[mutation.key!.toLowerCase()];
continue;
} else {
this.req.headers[mutation.key!.toLowerCase()] =
mutation.originalValue;
}
break;
case "path":
this.req.url = mutation.originalValue;
break;
case "body":
this.req.body = mutation.originalValue;
break;
case "api-key":
// We don't reset the key here because it's not a property of the
// inbound request, so we'd only ever be reverting it to null.
break;
case "signed-request":
this.req.signedRequest = mutation.originalValue;
break;
default:
assertNever(mutation.target);
}
}
this.mutations = [];
}
}
src/proxy/middleware/response/compression.ts
+36
View File
@@ -0,0 +1,36 @@
import util from "util";
import zlib from "zlib";
import { PassThrough } from "stream";
const BUFFER_DECODER_MAP = {
gzip: util.promisify(zlib.gunzip),
deflate: util.promisify(zlib.inflate),
br: util.promisify(zlib.brotliDecompress),
text: (data: Buffer) => data,
};
const STREAM_DECODER_MAP = {
gzip: zlib.createGunzip,
deflate: zlib.createInflate,
br: zlib.createBrotliDecompress,
text: () => new PassThrough(),
};
type SupportedContentEncoding = keyof typeof BUFFER_DECODER_MAP;
const isSupportedContentEncoding = (
encoding: string
): encoding is SupportedContentEncoding => encoding in BUFFER_DECODER_MAP;
export async function decompressBuffer(buf: Buffer, encoding: string = "text") {
if (isSupportedContentEncoding(encoding)) {
return (await BUFFER_DECODER_MAP[encoding](buf)).toString();
}
throw new Error(`Unsupported content-encoding: ${encoding}`);
}
export function getStreamDecompressor(encoding: string = "text") {
if (isSupportedContentEncoding(encoding)) {
return STREAM_DECODER_MAP[encoding]();
}
throw new Error(`Unsupported content-encoding: ${encoding}`);
}
src/proxy/middleware/response/error-generator.ts
+68 -48
View File
@@ -2,36 +2,33 @@ import express from "express";
import { APIFormat } from "../../../shared/key-management";
import { assertNever } from "../../../shared/utils";
import { initializeSseStream } from "../../../shared/streaming";
import http from "http";
function getMessageContent({
title,
message,
obj,
}: {
/**
* Returns a Markdown-formatted message that renders semi-nicely in most chat
* frontends. For example:
*
* **Proxy error (HTTP 404 Not Found)**
* The proxy encountered an error while trying to send your prompt to the upstream service. Further technical details are provided below.
* ***
* *The requested Claude model might not exist, or the key might not be provisioned for it.*
* ```
* {
* "type": "error",
* "error": {
* "type": "not_found_error",
* "message": "model: some-invalid-model-id",
* },
* "proxy_note": "The requested Claude model might not exist, or the key might not be provisioned for it."
* }
* ```
*/
function getMessageContent(params: {
title: string;
message: string;
obj?: Record<string, any>;
}) {
/*
Constructs a Markdown-formatted message that renders semi-nicely in most chat
frontends. For example:
**Proxy error (HTTP 404 Not Found)**
The proxy encountered an error while trying to send your prompt to the upstream service. Further technical details are provided below.
***
*The requested Claude model might not exist, or the key might not be provisioned for it.*
```
{
"type": "error",
"error": {
"type": "not_found_error",
"message": "model: some-invalid-model-id",
},
"proxy_note": "The requested Claude model might not exist, or the key might not be provisioned for it."
}
```
*/
const { title, message, obj } = params;
const note = obj?.proxy_note || obj?.error?.message || "";
const header = `### **${title}**`;
const friendlyMessage = note ? `${message}\n\n----\n\n*${note}*` : message;
@@ -71,7 +68,11 @@ type ErrorGeneratorOptions = {
statusCode?: number;
};
export function tryInferFormat(body: any): APIFormat | "unknown" {
/**
* Very crude inference of the request format based on the request body. Don't
* rely on this to be very accurate.
*/
function tryInferFormat(body: any): APIFormat | "unknown" {
if (typeof body !== "object" || !body.model) {
return "unknown";
}
@@ -95,7 +96,11 @@ export function tryInferFormat(body: any): APIFormat | "unknown" {
return "unknown";
}
// avoid leaking upstream hostname on dns resolution error
/**
* Redacts the hostname from the error message if it contains a DNS resolution
* error. This is to avoid leaking upstream hostnames on DNS resolution errors,
* as those may contain sensitive information about the proxy's configuration.
*/
function redactHostname(options: ErrorGeneratorOptions): ErrorGeneratorOptions {
if (!options.message.includes("getaddrinfo")) return options;
@@ -112,46 +117,61 @@ function redactHostname(options: ErrorGeneratorOptions): ErrorGeneratorOptions {
return redacted;
}
export function sendErrorToClient({
options,
req,
res,
}: {
/**
* Generates an appropriately-formatted error response and sends it to the
* client over their requested transport (blocking or SSE stream).
*/
export function sendErrorToClient(params: {
options: ErrorGeneratorOptions;
req: express.Request;
res: express.Response;
}) {
const redactedOpts = redactHostname(options);
const { format: inputFormat } = redactedOpts;
const { req, res } = params;
const options = redactHostname(params.options);
const { statusCode, message, title, obj: details } = options;
// Since we want to send the error in a format the client understands, we
// need to know the request format. `setApiFormat` might not have been called
// yet, so we'll try to infer it from the request body.
const format =
inputFormat === "unknown" ? tryInferFormat(req.body) : inputFormat;
options.format === "unknown" ? tryInferFormat(req.body) : options.format;
if (format === "unknown") {
return res.status(redactedOpts.statusCode || 400).json({
error: redactedOpts.message,
details: redactedOpts.obj,
// Early middleware error (auth, rate limit) so we can only send something
// generic.
const code = statusCode || 400;
const hasDetails = details && Object.keys(details).length > 0;
return res.status(code).json({
error: {
message,
type: http.STATUS_CODES[code]!.replace(/\s+/g, "_").toLowerCase(),
},
...(hasDetails ? { details } : {}),
});
}
const completion = buildSpoofedCompletion({ ...redactedOpts, format });
const event = buildSpoofedSSE({ ...redactedOpts, format });
const isStreaming =
req.isStreaming || req.body.stream === true || req.body.stream === "true";
// Cannot modify headers if client opted into streaming and made it into the
// proxy request queue, because that immediately starts an SSE stream.
if (!res.headersSent) {
res.setHeader("x-oai-proxy-error", redactedOpts.title);
res.setHeader("x-oai-proxy-error-status", redactedOpts.statusCode || 500);
res.setHeader("x-oai-proxy-error", title);
res.setHeader("x-oai-proxy-error-status", statusCode || 500);
}
// By this point, we know the request format. To get the error to display in
// chat clients' UIs, we'll send it as a 200 response as a spoofed completion
// from the language model. Depending on whether the client is streaming, we
// will either send an SSE event or a JSON response.
const isStreaming = req.isStreaming || String(req.body.stream) === "true";
if (isStreaming) {
// User can have opted into streaming but not made it into the queue yet,
// in which case the stream must be started first.
if (!res.headersSent) {
initializeSseStream(res);
}
res.write(event);
res.write(buildSpoofedSSE({ ...options, format }));
res.write(`data: [DONE]\n\n`);
res.end();
} else {
res.status(200).json(completion);
res.status(200).json(buildSpoofedCompletion({ ...options, format }));
}
}
@@ -193,7 +213,7 @@ export function buildSpoofedCompletion({
return {
outputs: [{ text: content, stop_reason: title }],
model,
}
};
case "openai-text":
return {
id: "error-" + id,
src/proxy/middleware/response/handle-blocking-response.ts
+35 -41
View File
@@ -1,19 +1,6 @@
import util from "util";
import zlib from "zlib";
import { sendProxyError } from "../common";
import type { RawResponseBodyHandler } from "./index";
const DECODER_MAP = {
gzip: util.promisify(zlib.gunzip),
deflate: util.promisify(zlib.inflate),
br: util.promisify(zlib.brotliDecompress),
};
const isSupportedContentEncoding = (
contentEncoding: string
): contentEncoding is keyof typeof DECODER_MAP => {
return contentEncoding in DECODER_MAP;
};
import { decompressBuffer } from "./compression";
/**
* Handles the response from the upstream service and decodes the body if
@@ -35,42 +22,49 @@ export const handleBlockingResponse: RawResponseBodyHandler = async (
throw err;
}
return new Promise<string>((resolve, reject) => {
return new Promise((resolve, reject) => {
let chunks: Buffer[] = [];
proxyRes.on("data", (chunk) => chunks.push(chunk));
proxyRes.on("end", async () => {
let body = Buffer.concat(chunks);
const contentEncoding = proxyRes.headers["content-encoding"];
if (contentEncoding) {
if (isSupportedContentEncoding(contentEncoding)) {
const decoder = DECODER_MAP[contentEncoding];
// @ts-ignore - started failing after upgrading TypeScript, don't care
// as it was never a problem.
body = await decoder(body);
} else {
const error = `Proxy received response with unsupported content-encoding: ${contentEncoding}`;
req.log.warn({ contentEncoding, key: req.key?.hash }, error);
sendProxyError(req, res, 500, "Internal Server Error", {
error,
contentEncoding,
});
return reject(error);
}
const contentType = proxyRes.headers["content-type"];
let body: string | Buffer = Buffer.concat(chunks);
const rejectWithMessage = function (msg: string, err: Error) {
const error = `${msg} (${err.message})`;
req.log.warn(
{ msg: error, stack: err.stack },
"Error in blocking response handler"
);
sendProxyError(req, res, 500, "Internal Server Error", { error });
return reject(error);
};
try {
body = await decompressBuffer(body, contentEncoding);
} catch (e) {
return rejectWithMessage(`Could not decode response body`, e);
}
try {
if (proxyRes.headers["content-type"]?.includes("application/json")) {
const json = JSON.parse(body.toString());
return resolve(json);
}
return resolve(body.toString());
return resolve(tryParseAsJson(body, contentType));
} catch (e) {
const msg = `Proxy received response with invalid JSON: ${e.message}`;
req.log.warn({ error: e.stack, key: req.key?.hash }, msg);
sendProxyError(req, res, 500, "Internal Server Error", { error: msg });
return reject(msg);
return rejectWithMessage("API responded with invalid JSON", e);
}
});
});
};
function tryParseAsJson(body: string, contentType?: string) {
// If the response is declared as JSON, it must parse or we will throw
if (contentType?.includes("application/json")) {
return JSON.parse(body);
}
// If it's not declared as JSON, some APIs we'll try to parse it as JSON
// anyway since some APIs return the wrong content-type header in some cases.
// If it fails to parse, we'll just return the raw body without throwing.
try {
return JSON.parse(body);
} catch (e) {
return body;
}
}
src/proxy/middleware/response/handle-streamed-response.ts
+14 -16
View File
@@ -1,6 +1,5 @@
import express from "express";
import { pipeline, Readable, Transform } from "stream";
import StreamArray from "stream-json/streamers/StreamArray";
import { StringDecoder } from "string_decoder";
import { promisify } from "util";
import type { logger } from "../../../logger";
@@ -18,6 +17,7 @@ import { getAwsEventStreamDecoder } from "./streaming/aws-event-stream-decoder";
import { EventAggregator } from "./streaming/event-aggregator";
import { SSEMessageTransformer } from "./streaming/sse-message-transformer";
import { SSEStreamAdapter } from "./streaming/sse-stream-adapter";
import { getStreamDecompressor } from "./compression";
const pipelineAsync = promisify(pipeline);
@@ -41,21 +41,21 @@ export const handleStreamedResponse: RawResponseBodyHandler = async (
req,
res
) => {
const { hash } = req.key!;
const { headers, statusCode } = proxyRes;
if (!req.isStreaming) {
throw new Error("handleStreamedResponse called for non-streaming request.");
}
if (proxyRes.statusCode! > 201) {
if (statusCode! > 201) {
req.isStreaming = false;
req.log.warn(
{ statusCode: proxyRes.statusCode, key: hash },
{ statusCode },
`Streaming request returned error status code. Falling back to non-streaming response handler.`
);
return handleBlockingResponse(proxyRes, req, res);
}
req.log.debug({ headers: proxyRes.headers }, `Starting to proxy SSE stream.`);
req.log.debug({ headers }, `Starting to proxy SSE stream.`);
// Typically, streaming will have already been initialized by the request
// queue to send heartbeat pings.
@@ -66,7 +66,7 @@ export const handleStreamedResponse: RawResponseBodyHandler = async (
const prefersNativeEvents = req.inboundApi === req.outboundApi;
const streamOptions = {
contentType: proxyRes.headers["content-type"],
contentType: headers["content-type"],
api: req.outboundApi,
logger: req.log,
};
@@ -78,11 +78,10 @@ export const handleStreamedResponse: RawResponseBodyHandler = async (
// only have to write one aggregator (OpenAI input) for each output format.
const aggregator = new EventAggregator(req);
// Decoder reads from the raw response buffer and produces a stream of
// discrete events in some format (text/event-stream, vnd.amazon.event-stream,
// streaming JSON, etc).
const decompressor = getStreamDecompressor(headers["content-encoding"]);
// Decoder reads from the response bytes to produce a stream of plaintext.
const decoder = getDecoder({ ...streamOptions, input: proxyRes });
// Adapter consumes the decoded events and produces server-sent events so we
// Adapter consumes the decoded text and produces server-sent events so we
// have a standard event format for the client and to translate between API
// message formats.
const adapter = new SSEStreamAdapter(streamOptions);
@@ -107,7 +106,7 @@ export const handleStreamedResponse: RawResponseBodyHandler = async (
try {
await Promise.race([
handleAbortedStream(req, res),
pipelineAsync(proxyRes, decoder, adapter, transformer),
pipelineAsync(proxyRes, decompressor, decoder, adapter, transformer),
]);
req.log.debug(`Finished proxying SSE stream.`);
res.end();
@@ -174,14 +173,13 @@ function getDecoder(options: {
logger: typeof logger;
contentType?: string;
}) {
const { api, contentType, input, logger } = options;
const { contentType, input, logger } = options;
if (contentType?.includes("application/vnd.amazon.eventstream")) {
return getAwsEventStreamDecoder({ input, logger });
} else if (api === "google-ai") {
return StreamArray.withParser();
} else if (contentType?.includes("application/json")) {
throw new Error("JSON streaming not supported, request SSE instead");
} else {
// Passthrough stream, but ensures split chunks across multi-byte characters
// are handled correctly.
// Ensures split chunks across multi-byte characters are handled correctly.
const stringDecoder = new StringDecoder("utf8");
return new Transform({
readableObjectMode: true,
src/proxy/middleware/response/index.ts
+153 -134
View File
@@ -47,7 +47,7 @@ export type ProxyResHandlerWithBody = (
*/
body: string | Record<string, any>
) => Promise<void>;
export type ProxyResMiddleware = ProxyResHandlerWithBody[];
export type ProxyResMiddleware = ProxyResHandlerWithBody[] | undefined;
/**
* Returns a on.proxyRes handler that executes the given middleware stack after
@@ -71,11 +71,22 @@ export const createOnProxyResHandler = (apiMiddleware: ProxyResMiddleware) => {
req: Request,
res: Response
) => {
const initialHandler: RawResponseBodyHandler = req.isStreaming
// Proxied request has by now been sent to the upstream API, so we revert
// tracked mutations that were only needed to send the request.
// This generally means path adjustment, headers, and body serialization.
if (req.changeManager) {
req.changeManager.revert();
}
const initialHandler = req.isStreaming
? handleStreamedResponse
: handleBlockingResponse;
let lastMiddleware = initialHandler.name;
if (Buffer.isBuffer(req.body)) {
req.body = JSON.parse(req.body.toString());
}
try {
const body = await initialHandler(proxyRes, req, res);
const middlewareStack: ProxyResMiddleware = [];
@@ -100,7 +111,7 @@ export const createOnProxyResHandler = (apiMiddleware: ProxyResMiddleware) => {
saveImage,
logPrompt,
logEvent,
...apiMiddleware
...(apiMiddleware ?? [])
);
}
@@ -124,15 +135,15 @@ export const createOnProxyResHandler = (apiMiddleware: ProxyResMiddleware) => {
}
const { stack, message } = error;
const info = { stack, lastMiddleware, key: req.key?.hash };
const details = { stack, message, lastMiddleware, key: req.key?.hash };
const description = `Error while executing proxy response middleware: ${lastMiddleware} (${message})`;
if (res.headersSent) {
req.log.error(info, description);
req.log.error(details, description);
if (!res.writableEnded) res.end();
return;
} else {
req.log.error(info, description);
req.log.error(details, description);
res
.status(500)
.json({ error: "Internal server error", proxy_note: description });
@@ -163,60 +174,61 @@ const handleUpstreamErrors: ProxyResHandlerWithBody = async (
) => {
const statusCode = proxyRes.statusCode || 500;
const statusMessage = proxyRes.statusMessage || "Internal Server Error";
let errorPayload: ProxiedErrorPayload;
const service = req.key!.service;
// Not an error, continue to next response handler
if (statusCode < 400) return;
// Parse the error response body
let errorPayload: ProxiedErrorPayload;
try {
assertJsonResponse(body);
errorPayload = body;
} catch (parseError) {
// Likely Bad Gateway or Gateway Timeout from upstream's reverse proxy
const hash = req.key?.hash;
req.log.warn({ statusCode, statusMessage, key: hash }, parseError.message);
const strBody = String(body).slice(0, 128);
req.log.error({ statusCode, strBody }, "Error body is not JSON");
const errorObject = {
const details = {
error: parseError.message,
status: statusCode,
statusMessage,
proxy_note: `Proxy got back an error, but it was not in JSON format. This is likely a temporary problem with the upstream service.`,
proxy_note: `Proxy got back an error, but it was not in JSON format. This is likely a temporary problem with the upstream service. Response body: ${strBody}`,
};
sendProxyError(req, res, statusCode, statusMessage, errorObject);
sendProxyError(req, res, statusCode, statusMessage, details);
throw new HttpError(statusCode, parseError.message);
}
const service = req.key!.service;
// Extract the error type from the response body depending on the service
if (service === "gcp") {
if (Array.isArray(errorPayload)) {
errorPayload = errorPayload[0];
}
}
const errorType =
errorPayload.error?.code ||
errorPayload.error?.type ||
getAwsErrorType(proxyRes.headers["x-amzn-errortype"]);
req.log.warn(
{ statusCode, type: errorType, errorPayload, key: req.key?.hash },
`Received error response from upstream. (${proxyRes.statusMessage})`
{ statusCode, statusMessage, errorType, errorPayload, key: req.key?.hash },
`API returned an error.`
);
// TODO: split upstream error handling into separate modules for each service,
// this is out of control.
// Try to convert response body to a ProxiedErrorPayload with message/type
if (service === "aws") {
// Try to standardize the error format for AWS
errorPayload.error = { message: errorPayload.message, type: errorType };
delete errorPayload.message;
} else if (service === "gcp") {
// Try to standardize the error format for GCP
if (errorPayload.error?.code) { // GCP Error
errorPayload.error = { message: errorPayload.error.message, type: errorPayload.error.status || errorPayload.error.code };
if (errorPayload.error?.code) {
errorPayload.error = {
message: errorPayload.error.message,
type: errorPayload.error.status || errorPayload.error.code,
};
}
}
// Figure out what to do with the error
// TODO: separate error handling for each service
if (statusCode === 400) {
switch (service) {
case "openai":
@@ -231,7 +243,7 @@ const handleUpstreamErrors: ProxyResHandlerWithBody = async (
// same 429 billing error that other models return.
await handleOpenAIRateLimitError(req, errorPayload);
} else {
errorPayload.proxy_note = `The upstream API rejected the request. Your prompt may be too long for ${req.body?.model}.`;
errorPayload.proxy_note = `The upstream API rejected the request. Check the error message for details.`;
}
break;
case "anthropic":
@@ -256,10 +268,6 @@ const handleUpstreamErrors: ProxyResHandlerWithBody = async (
errorType === "permission_error" &&
errorPayload.error?.message?.toLowerCase().includes("multimodal")
) {
req.log.warn(
{ key: req.key?.hash },
"This Anthropic key does not support multimodal prompts."
);
keyPool.update(req.key!, { allowsMultimodality: false });
await reenqueueRequest(req);
throw new RetryableError(
@@ -293,8 +301,8 @@ const handleUpstreamErrors: ProxyResHandlerWithBody = async (
errorPayload.proxy_note = `Received 403 error. Key may be invalid.`;
}
return;
case "mistral-ai":
case "gcp":
case "mistral-ai":
case "gcp":
keyPool.disable(req.key!, "revoked");
errorPayload.proxy_note = `Assigned API key is invalid or revoked, please try again.`;
return;
@@ -327,7 +335,7 @@ const handleUpstreamErrors: ProxyResHandlerWithBody = async (
// Most likely model not found
switch (service) {
case "openai":
if (errorPayload.error?.code === "model_not_found") {
if (errorType === "model_not_found") {
const requestedModel = req.body.model;
const modelFamily = getOpenAIModelFamily(requestedModel);
errorPayload.proxy_note = `The key assigned to your prompt does not support the requested model (${requestedModel}, family: ${modelFamily}).`;
@@ -338,31 +346,35 @@ const handleUpstreamErrors: ProxyResHandlerWithBody = async (
}
break;
case "anthropic":
errorPayload.proxy_note = `The requested Claude model might not exist, or the key might not be provisioned for it.`;
break;
case "google-ai":
errorPayload.proxy_note = `The requested Google AI model might not exist, or the key might not be provisioned for it.`;
break;
case "mistral-ai":
errorPayload.proxy_note = `The requested Mistral AI model might not exist, or the key might not be provisioned for it.`;
break;
case "aws":
errorPayload.proxy_note = `The requested AWS resource might not exist, or the key might not have access to it.`;
break;
case "gcp":
errorPayload.proxy_note = `The requested GCP resource might not exist, or the key might not have access to it.`;
break;
case "azure":
errorPayload.proxy_note = `The assigned Azure deployment does not support the requested model.`;
errorPayload.proxy_note = `The key assigned to your prompt does not support the requested model.`;
break;
default:
assertNever(service);
}
} else if (statusCode === 503) {
switch (service) {
case "aws":
if (
errorType === "ServiceUnavailableException" &&
errorPayload.error?.message?.match(/too many connections/i)
) {
errorPayload.proxy_note = `The requested AWS Bedrock model is overloaded. Try again in a few minutes, or try another model.`;
}
break;
default:
errorPayload.proxy_note = `Upstream service unavailable. Try again later.`;
break;
}
} else {
errorPayload.proxy_note = `Unrecognized error from upstream service.`;
}
// Some OAI errors contain the organization ID, which we don't want to reveal.
// Redact the OpenAI org id from the error message
if (errorPayload.error?.message) {
errorPayload.error.message = errorPayload.error.message.replace(
/org-.{24}/gm,
@@ -370,9 +382,10 @@ const handleUpstreamErrors: ProxyResHandlerWithBody = async (
);
}
// Send the error to the client
sendProxyError(req, res, statusCode, statusMessage, errorPayload);
// This is bubbled up to onProxyRes's handler for logging but will not trigger
// a write to the response as `sendProxyError` has just done that.
// Re-throw the error to bubble up to onProxyRes's handler for logging
throw new HttpError(statusCode, errorPayload.error?.message);
};
@@ -505,56 +518,6 @@ async function handleOpenAIRateLimitError(
// Per-minute request or token rate limit is exceeded, which we can retry
await reenqueueRequest(req);
throw new RetryableError("Rate-limited request re-enqueued.");
// WIP/nonfunctional
// case "tokens_usage_based":
// // Weird new rate limit type that seems limited to preview models.
// // Distinct from `tokens` type. Can be per-minute or per-day.
//
// // I've seen reports of this error for 500k tokens/day and 10k tokens/min.
// // 10k tokens per minute is problematic, because this is much less than
// // GPT4-Turbo's max context size for a single prompt and is effectively a
// // cap on the max context size for just that key+model, which the app is
// // not able to deal with.
//
// // Similarly if there is a 500k tokens per day limit and 450k tokens have
// // been used today, the max context for that key becomes 50k tokens until
// // the next day and becomes progressively smaller as more tokens are used.
//
// // To work around these keys we will first retry the request a few times.
// // After that we will reject the request, and if it's a per-day limit we
// // will also disable the key.
//
// // "Rate limit reached for gpt-4-1106-preview in organization org-xxxxxxxxxxxxxxxxxxx on tokens_usage_based per day: Limit 500000, Used 460000, Requested 50000"
// // "Rate limit reached for gpt-4-1106-preview in organization org-xxxxxxxxxxxxxxxxxxx on tokens_usage_based per min: Limit 10000, Requested 40000"
//
// const regex =
// /Rate limit reached for .+ in organization .+ on \w+ per (day|min): Limit (\d+)(?:, Used (\d+))?, Requested (\d+)/;
// const [, period, limit, used, requested] =
// errorPayload.error?.message?.match(regex) || [];
//
// req.log.warn(
// { key: req.key?.hash, period, limit, used, requested },
// "Received `tokens_usage_based` rate limit error from OpenAI."
// );
//
// if (!period || !limit || !requested) {
// errorPayload.proxy_note = `Unrecognized rate limit error from OpenAI. (${errorPayload.error?.message})`;
// break;
// }
//
// if (req.retryCount < 2) {
// await reenqueueRequest(req);
// throw new RetryableError("Rate-limited request re-enqueued.");
// }
//
// if (period === "min") {
// errorPayload.proxy_note = `Assigned key can't be used for prompts longer than ${limit} tokens, and no other keys are available right now. Reduce the length of your prompt or try again in a few minutes.`;
// } else {
// errorPayload.proxy_note = `Assigned key has reached its per-day request limit for this model. Try another model.`;
// }
//
// keyPool.markRateLimited(req.key!);
// break;
default:
errorPayload.proxy_note = `This is likely a temporary error with the API. Try again in a few seconds.`;
break;
@@ -585,46 +548,91 @@ async function handleGoogleAIBadRequestError(
errorPayload: ProxiedErrorPayload
) {
const error = errorPayload.error || {};
const { message, status, details } = error;
if (status === "INVALID_ARGUMENT") {
const reason = details?.[0]?.reason;
if (reason === "API_KEY_INVALID") {
req.log.warn(
{ key: req.key?.hash, status, reason, msg: error.message },
"Received `API_KEY_INVALID` error from Google AI. Check the configured API key."
);
keyPool.disable(req.key!, "revoked");
errorPayload.proxy_note = `Assigned API key is invalid.`;
}
} else if (status === "FAILED_PRECONDITION") {
if (message.match(/please enable billing/i)) {
req.log.warn(
{ key: req.key?.hash, status, msg: error.message },
"Cannot use key due to billing restrictions."
);
keyPool.disable(req.key!, "revoked");
errorPayload.proxy_note = `Assigned API key cannot be used.`;
}
// google changes this shit every few months
// i don't want to deal with it
const keyDeadMsgs = [
/please enable billing/i,
/API key not valid/i,
/API key expired/i,
/pass a valid API/i,
];
const text = JSON.stringify(error);
if (keyDeadMsgs.some((msg) => text.match(msg))) {
req.log.warn(
{ key: req.key?.hash, error: text },
"Google API key appears to be inoperative."
);
keyPool.disable(req.key!, "revoked");
errorPayload.proxy_note = `Assigned API key cannot be used.`;
} else {
req.log.warn(
{ key: req.key?.hash, status, msg: error.message },
"Received unexpected 400 error from Google AI."
{ key: req.key?.hash, error: text },
"Unknown Google API error."
);
errorPayload.proxy_note = `Unrecognized error from Google AI.`;
}
// const { message, status, details } = error;
//
// if (status === "INVALID_ARGUMENT") {
// const reason = details?.[0]?.reason;
// if (reason === "API_KEY_INVALID") {
// req.log.warn(
// { key: req.key?.hash, status, reason, msg: error.message },
// "Received `API_KEY_INVALID` error from Google AI. Check the configured API key."
// );
// keyPool.disable(req.key!, "revoked");
// errorPayload.proxy_note = `Assigned API key is invalid.`;
// }
// } else if (status === "FAILED_PRECONDITION") {
// if (message.match(/please enable billing/i)) {
// req.log.warn(
// { key: req.key?.hash, status, msg: error.message },
// "Cannot use key due to billing restrictions."
// );
// keyPool.disable(req.key!, "revoked");
// errorPayload.proxy_note = `Assigned API key cannot be used.`;
// }
// } else {
// req.log.warn(
// { key: req.key?.hash, status, msg: error.message },
// "Received unexpected 400 error from Google AI."
// );
// }
}
//{"error":{"code":429,"message":"Resource has been exhausted (e.g. check quota).","status":"RESOURCE_EXHAUSTED"}
//
async function handleGoogleAIRateLimitError(
req: Request,
errorPayload: ProxiedErrorPayload
) {
const status = errorPayload.error?.status;
const text = JSON.stringify(errorPayload.error);
// sometimes they block keys by rate limiting them to 0 requests per minute
// for some indefinite period of time
const keyDeadMsgs = [
/GenerateContentRequestsPerMinutePerProjectPerRegion/i,
/"quota_limit_value":"0"/i,
];
switch (status) {
case "RESOURCE_EXHAUSTED":
case "RESOURCE_EXHAUSTED": {
if (keyDeadMsgs.every((msg) => text.match(msg))) {
req.log.warn(
{ key: req.key?.hash, error: text },
"Google API key appears to be temporarily inoperative and will be disabled."
);
keyPool.disable(req.key!, "revoked");
errorPayload.proxy_note = `Assigned API key cannot be used.`;
return;
}
keyPool.markRateLimited(req.key!);
await reenqueueRequest(req);
throw new RetryableError("Rate-limited request re-enqueued.");
}
default:
errorPayload.proxy_note = `Unrecognized rate limit error from Google AI (${status}). Please report this.`;
break;
@@ -674,15 +682,23 @@ const countResponseTokens: ProxyResHandlerWithBody = async (
const completion = getCompletionFromBody(req, body);
const tokens = await countTokens({ req, completion, service });
if (req.service === "openai" || req.service === "azure") {
// O1 consumes (a significant amount of) invisible tokens for the chain-
// of-thought reasoning. We have no way to count these other than to check
// the response body.
tokens.reasoning_tokens =
body.usage?.completion_tokens_details?.reasoning_tokens;
}
req.log.debug(
{ service, tokens, prevOutputTokens: req.outputTokens },
{ service, prevOutputTokens: req.outputTokens, tokens },
`Counted tokens for completion`
);
if (req.tokenizerInfo) {
req.tokenizerInfo.completion_tokens = tokens;
}
req.outputTokens = tokens.token_count;
req.outputTokens = tokens.token_count + (tokens.reasoning_tokens ?? 0);
} catch (error) {
req.log.warn(
error,
@@ -697,22 +713,25 @@ const trackKeyRateLimit: ProxyResHandlerWithBody = async (proxyRes, req) => {
keyPool.updateRateLimits(req.key!, proxyRes.headers);
};
const omittedHeaders = new Set<string>([
// Omit content-encoding because we will always decode the response body
"content-encoding",
// Omit transfer-encoding because we are using response.json which will
// set a content-length header, which is not valid for chunked responses.
"transfer-encoding",
// Don't set cookies from upstream APIs because proxied requests are stateless
"set-cookie",
"openai-organization",
"x-request-id",
"cf-ray",
]);
const copyHttpHeaders: ProxyResHandlerWithBody = async (
proxyRes,
_req,
res
) => {
Object.keys(proxyRes.headers).forEach((key) => {
// Omit content-encoding because we will always decode the response body
if (key === "content-encoding") {
return;
}
// We're usually using res.json() to send the response, which causes express
// to set content-length. That's not valid for chunked responses and some
// clients will reject it so we need to omit it.
if (key === "transfer-encoding") {
return;
}
if (omittedHeaders.has(key)) return;
res.setHeader(key, proxyRes.headers[key] as string);
});
};
@@ -756,6 +775,6 @@ function getAwsErrorType(header: string | string[] | undefined) {
function assertJsonResponse(body: any): asserts body is Record<string, any> {
if (typeof body !== "object") {
throw new Error("Expected response to be an object");
throw new Error(`Expected response to be an object, got ${typeof body}`);
}
}
src/proxy/middleware/response/streaming/sse-stream-adapter.ts
-35
View File
@@ -2,7 +2,6 @@ import pino from "pino";
import { Transform, TransformOptions } from "stream";
import { Message } from "@smithy/eventstream-codec";
import { APIFormat } from "../../../../shared/key-management";
import { buildSpoofedSSE } from "../error-generator";
import { BadRequestError, RetryableError } from "../../../../shared/errors";
type SSEStreamAdapterOptions = TransformOptions & {
@@ -20,7 +19,6 @@ type SSEStreamAdapterOptions = TransformOptions & {
*/
export class SSEStreamAdapter extends Transform {
private readonly isAwsStream;
private readonly isGoogleStream;
private api: APIFormat;
private partialMessage = "";
private textDecoder = new TextDecoder("utf8");
@@ -30,7 +28,6 @@ export class SSEStreamAdapter extends Transform {
super({ ...options, objectMode: true });
this.isAwsStream =
options?.contentType === "application/vnd.amazon.eventstream";
this.isGoogleStream = options?.api === "google-ai";
this.api = options.api;
this.log = options.logger.child({ module: "sse-stream-adapter" });
}
@@ -110,44 +107,12 @@ export class SSEStreamAdapter extends Transform {
}
}
/** Processes an incoming array element from the Google AI JSON stream. */
protected processGoogleObject(data: any): string | null {
// Sometimes data has fields key and value, sometimes it's just the
// candidates array.
const candidates = data.value?.candidates ?? data.candidates ?? [{}];
try {
const hasParts = candidates[0].content?.parts?.length > 0;
if (hasParts) {
return `data: ${JSON.stringify(data.value ?? data)}`;
} else {
this.log.error({ event: data }, "Received bad Google AI event");
return `data: ${buildSpoofedSSE({
format: "google-ai",
title: "Proxy stream error",
message:
"The proxy received malformed or unexpected data from Google AI while streaming.",
obj: data,
reqId: "proxy-sse-adapter-message",
model: "",
})}`;
}
} catch (error) {
error.lastEvent = data;
this.emit("error", error);
}
return null;
}
_transform(data: any, _enc: string, callback: (err?: Error | null) => void) {
try {
if (this.isAwsStream) {
// `data` is a Message object
const message = this.processAwsMessage(data);
if (message) this.push(message + "\n\n");
} else if (this.isGoogleStream) {
// `data` is an element from the Google AI JSON stream
const message = this.processGoogleObject(data);
if (message) this.push(message + "\n\n");
} else {
// `data` is a string, but possibly only a partial message
const fullMessages = (this.partialMessage + data).split(
src/proxy/middleware/response/streaming/transformers/google-ai-to-openai.ts
+16 -2
View File
@@ -9,7 +9,7 @@ const log = logger.child({
type GoogleAIStreamEvent = {
candidates: {
content: { parts: { text: string }[]; role: string };
content?: { parts?: { text: string }[]; role: string };
finishReason?: "STOP" | "MAX_TOKENS" | "SAFETY" | "RECITATION" | "OTHER";
index: number;
tokenCount?: number;
@@ -34,9 +34,15 @@ export const googleAIToOpenAI: StreamingCompletionTransformer = (params) => {
return { position: -1 };
}
const parts = completionEvent.candidates[0].content.parts;
const parts = completionEvent.candidates[0].content?.parts || [];
let content = parts[0]?.text ?? "";
if (isSafetyStop(completionEvent)) {
content = `[Proxy Warning] Gemini safety filter triggered: ${JSON.stringify(
completionEvent.candidates[0].safetyRatings
)}`;
}
// If this is the first chunk, try stripping speaker names from the response
// e.g. "John: Hello" -> "Hello"
if (index === 0) {
@@ -60,6 +66,14 @@ export const googleAIToOpenAI: StreamingCompletionTransformer = (params) => {
return { position: -1, event: newEvent };
};
function isSafetyStop(completion: GoogleAIStreamEvent) {
const isSafetyStop = ["SAFETY", "OTHER"].includes(
completion.candidates[0].finishReason ?? ""
);
const hasNoContent = completion.candidates[0].content?.parts?.length === 0;
return isSafetyStop && hasNoContent;
}
function asCompletion(event: ServerSentEvent): GoogleAIStreamEvent | null {
try {
const parsed = JSON.parse(event.data) as GoogleAIStreamEvent;
src/proxy/mistral-ai.ts
+9 -26
View File
@@ -1,27 +1,20 @@
import express, { Request, RequestHandler, Router } from "express";
import { createProxyMiddleware } from "http-proxy-middleware";
import { config } from "../config";
import { Request, RequestHandler, Router } from "express";
import { BadRequestError } from "../shared/errors";
import { keyPool } from "../shared/key-management";
import {
getMistralAIModelFamily,
MistralAIModelFamily,
ModelFamily,
} from "../shared/models";
import { logger } from "../logger";
import { createQueueMiddleware } from "./queue";
import { config } from "../config";
import { ipLimiter } from "./rate-limit";
import { handleProxyError } from "./middleware/common";
import {
addKey,
createOnProxyReqHandler,
createPreprocessorMiddleware,
finalizeBody,
} from "./middleware/request";
import {
createOnProxyResHandler,
ProxyResHandlerWithBody,
} from "./middleware/response";
import { BadRequestError } from "../shared/errors";
import { ProxyResHandlerWithBody } from "./middleware/response";
import { createQueuedProxyMiddleware } from "./middleware/request/proxy-middleware-factory";
// Mistral can't settle on a single naming scheme and deprecates models within
// months of releasing them so this list is hard to keep up to date. 2024-07-28
@@ -127,20 +120,10 @@ export function transformMistralTextToMistralChat(textBody: any) {
};
}
const mistralAIProxy = createQueueMiddleware({
proxyMiddleware: createProxyMiddleware({
target: "https://api.mistral.ai",
changeOrigin: true,
selfHandleResponse: true,
logger,
on: {
proxyReq: createOnProxyReqHandler({
pipeline: [addKey, finalizeBody],
}),
proxyRes: createOnProxyResHandler([mistralAIResponseHandler]),
error: handleProxyError,
},
}),
const mistralAIProxy = createQueuedProxyMiddleware({
target: "https://api.mistral.ai",
mutations: [addKey, finalizeBody],
blockingResponseHandler: mistralAIResponseHandler,
});
const mistralAIRouter = Router();
src/proxy/openai-image.ts
+22 -29
View File
@@ -1,22 +1,15 @@
import { RequestHandler, Router, Request } from "express";
import { createProxyMiddleware } from "http-proxy-middleware";
import { config } from "../config";
import { logger } from "../logger";
import { createQueueMiddleware } from "./queue";
import { Request, RequestHandler, Router } from "express";
import { OpenAIImageGenerationResult } from "../shared/file-storage/mirror-generated-image";
import { generateModelList } from "./openai";
import { ipLimiter } from "./rate-limit";
import { handleProxyError } from "./middleware/common";
import {
addKey,
createPreprocessorMiddleware,
finalizeBody,
createOnProxyReqHandler,
} from "./middleware/request";
import {
createOnProxyResHandler,
ProxyResHandlerWithBody,
} from "./middleware/response";
import { generateModelList } from "./openai";
import { OpenAIImageGenerationResult } from "../shared/file-storage/mirror-generated-image";
import { ProxyResHandlerWithBody } from "./middleware/response";
import { ProxyReqManager } from "./middleware/request/proxy-req-manager";
import { createQueuedProxyMiddleware } from "./middleware/request/proxy-middleware-factory";
const KNOWN_MODELS = ["dall-e-2", "dall-e-3"];
@@ -26,7 +19,9 @@ const handleModelRequest: RequestHandler = (_req, res) => {
if (new Date().getTime() - modelListValid < 1000 * 60) {
return res.status(200).json(modelListCache);
}
const result = generateModelList(KNOWN_MODELS);
const result = generateModelList("openai").filter((m: { id: string }) =>
KNOWN_MODELS.includes(m.id)
);
modelListCache = { object: "list", data: result };
modelListValid = new Date().getTime();
res.status(200).json(modelListCache);
@@ -94,21 +89,19 @@ function transformResponseForChat(
};
}
const openaiImagesProxy = createQueueMiddleware({
proxyMiddleware: createProxyMiddleware({
target: "https://api.openai.com",
changeOrigin: true,
selfHandleResponse: true,
logger,
pathRewrite: {
"^/v1/chat/completions": "/v1/images/generations",
},
on: {
proxyReq: createOnProxyReqHandler({ pipeline: [addKey, finalizeBody] }),
proxyRes: createOnProxyResHandler([openaiImagesResponseHandler]),
error: handleProxyError,
},
}),
function replacePath(manager: ProxyReqManager) {
const req = manager.request;
const pathname = req.url.split("?")[0];
req.log.debug({ pathname }, "OpenAI image path filter");
if (req.path.startsWith("/v1/chat/completions")) {
manager.setPath("/v1/images/generations");
}
}
const openaiImagesProxy = createQueuedProxyMiddleware({
target: "https://api.openai.com",
mutations: [replacePath, addKey, finalizeBody],
blockingResponseHandler: openaiImagesResponseHandler,
});
const openaiImagesRouter = Router();
src/proxy/openai.ts
+73 -129
View File
@@ -1,129 +1,80 @@
import { RequestHandler, Router } from "express";
import { createProxyMiddleware } from "http-proxy-middleware";
import { Request, RequestHandler, Router } from "express";
import { config } from "../config";
import { keyPool, OpenAIKey } from "../shared/key-management";
import {
getOpenAIModelFamily,
ModelFamily,
OpenAIModelFamily,
} from "../shared/models";
import { logger } from "../logger";
import { createQueueMiddleware } from "./queue";
import { AzureOpenAIKey, keyPool, OpenAIKey } from "../shared/key-management";
import { getOpenAIModelFamily } from "../shared/models";
import { ipLimiter } from "./rate-limit";
import { handleProxyError } from "./middleware/common";
import {
addKey,
addKeyForEmbeddingsRequest,
createEmbeddingsPreprocessorMiddleware,
createOnProxyReqHandler,
createPreprocessorMiddleware,
finalizeBody,
forceModel,
RequestPreprocessor,
} from "./middleware/request";
import {
createOnProxyResHandler,
ProxyResHandlerWithBody,
} from "./middleware/response";
import { ProxyResHandlerWithBody } from "./middleware/response";
import { createQueuedProxyMiddleware } from "./middleware/request/proxy-middleware-factory";
// https://platform.openai.com/docs/models/overview
export const KNOWN_OPENAI_MODELS = [
// GPT4o
"gpt-4o",
"gpt-4o-2024-05-13",
"gpt-4o-2024-08-06",
// GPT4o Mini
"gpt-4o-mini",
"gpt-4o-mini-2024-07-18",
// GPT4o (ChatGPT)
"chatgpt-4o-latest",
// GPT4 Turbo (superceded by GPT4o)
"gpt-4-turbo",
"gpt-4-turbo-2024-04-09", // gpt4-turbo stable, with vision
"gpt-4-turbo-preview", // alias for latest turbo preview
"gpt-4-0125-preview", // gpt4-turbo preview 2
"gpt-4-1106-preview", // gpt4-turbo preview 1
// Launch GPT4
"gpt-4",
"gpt-4-0613",
"gpt-4-0314", // legacy
// GPT3.5 Turbo (superceded by GPT4o Mini)
"gpt-3.5-turbo",
"gpt-3.5-turbo-0125", // latest turbo
"gpt-3.5-turbo-1106", // older turbo
// Text Completion
"gpt-3.5-turbo-instruct",
"gpt-3.5-turbo-instruct-0914",
// Embeddings
"text-embedding-ada-002",
// Known deprecated models
"gpt-4-32k", // alias for 0613
"gpt-4-32k-0314", // EOL 2025-06-06
"gpt-4-32k-0613", // EOL 2025-06-06
"gpt-4-vision-preview", // EOL 2024-12-06
"gpt-4-1106-vision-preview", // EOL 2024-12-06
"gpt-3.5-turbo-0613", // EOL 2024-09-13
"gpt-3.5-turbo-0301", // not on the website anymore, maybe unavailable
"gpt-3.5-turbo-16k", // alias for 0613
"gpt-3.5-turbo-16k-0613", // EOL 2024-09-13
];
let modelsCache: any = null;
let modelsCacheTime = 0;
export function generateModelList(models = KNOWN_OPENAI_MODELS) {
// Get available families and snapshots
let availableFamilies = new Set<OpenAIModelFamily>();
const availableSnapshots = new Set<string>();
for (const key of keyPool.list()) {
if (key.isDisabled || key.service !== "openai") continue;
const asOpenAIKey = key as OpenAIKey;
asOpenAIKey.modelFamilies.forEach((f) => availableFamilies.add(f));
asOpenAIKey.modelSnapshots.forEach((s) => availableSnapshots.add(s));
}
export function generateModelList(service: "openai" | "azure") {
const keys = keyPool
.list()
.filter((k) => k.service === service && !k.isDisabled) as
| OpenAIKey[]
| AzureOpenAIKey[];
if (keys.length === 0) return [];
// Remove disabled families
const allowed = new Set<ModelFamily>(config.allowedModelFamilies);
availableFamilies = new Set(
[...availableFamilies].filter((x) => allowed.has(x))
const allowedModelFamilies = new Set(config.allowedModelFamilies);
const modelFamilies = new Set(
keys
.flatMap((k) => k.modelFamilies)
.filter((f) => allowedModelFamilies.has(f))
);
return models
.map((id) => ({
id,
object: "model",
created: new Date().getTime(),
owned_by: "openai",
permission: [
{
id: "modelperm-" + id,
object: "model_permission",
created: new Date().getTime(),
organization: "*",
group: null,
is_blocking: false,
},
],
root: id,
parent: null,
}))
.filter((model) => {
// First check if the family is available
const hasFamily = availableFamilies.has(getOpenAIModelFamily(model.id));
if (!hasFamily) return false;
const modelIds = new Set(
keys
.flatMap((k) => k.modelIds)
.filter((id) => {
const allowed = modelFamilies.has(getOpenAIModelFamily(id));
const known = ["gpt", "o1", "dall-e", "chatgpt", "text-embedding"].some(
(prefix) => id.startsWith(prefix)
);
const isFinetune = id.includes("ft");
return allowed && known && !isFinetune;
})
);
// Then for snapshots, ensure the specific snapshot is available
const isSnapshot = model.id.match(/-\d{4}(-preview)?$/);
if (!isSnapshot) return true;
return availableSnapshots.has(model.id);
});
return Array.from(modelIds).map((id) => ({
id,
object: "model",
created: new Date().getTime(),
owned_by: service,
permission: [
{
id: "modelperm-" + id,
object: "model_permission",
created: new Date().getTime(),
organization: "*",
group: null,
is_blocking: false,
},
],
root: id,
parent: null,
}));
}
const handleModelRequest: RequestHandler = (_req, res) => {
if (new Date().getTime() - modelsCacheTime < 1000 * 60) {
return res.status(200).json(modelsCache);
}
const result = generateModelList();
if (!config.openaiKey) return { object: "list", data: [] };
const result = generateModelList("openai");
modelsCache = { object: "list", data: result };
modelsCacheTime = new Date().getTime();
res.status(200).json(modelsCache);
@@ -167,7 +118,6 @@ const openaiResponseHandler: ProxyResHandlerWithBody = async (
res.status(200).json({ ...newBody, proxy: body.proxy });
};
/** Only used for non-streaming responses. */
function transformTurboInstructResponse(
turboInstructBody: Record<string, any>
): Record<string, any> {
@@ -185,31 +135,15 @@ function transformTurboInstructResponse(
return transformed;
}
const openaiProxy = createQueueMiddleware({
proxyMiddleware: createProxyMiddleware({
target: "https://api.openai.com",
changeOrigin: true,
selfHandleResponse: true,
logger,
on: {
proxyReq: createOnProxyReqHandler({ pipeline: [addKey, finalizeBody] }),
proxyRes: createOnProxyResHandler([openaiResponseHandler]),
error: handleProxyError,
},
}),
const openaiProxy = createQueuedProxyMiddleware({
mutations: [addKey, finalizeBody],
target: "https://api.openai.com",
blockingResponseHandler: openaiResponseHandler,
});
const openaiEmbeddingsProxy = createProxyMiddleware({
const openaiEmbeddingsProxy = createQueuedProxyMiddleware({
mutations: [addKeyForEmbeddingsRequest, finalizeBody],
target: "https://api.openai.com",
changeOrigin: true,
selfHandleResponse: false,
logger,
on: {
proxyReq: createOnProxyReqHandler({
pipeline: [addKeyForEmbeddingsRequest, finalizeBody],
}),
error: handleProxyError,
},
});
const openaiRouter = Router();
@@ -242,11 +176,10 @@ openaiRouter.post(
openaiRouter.post(
"/v1/chat/completions",
ipLimiter,
createPreprocessorMiddleware({
inApi: "openai",
outApi: "openai",
service: "openai",
}),
createPreprocessorMiddleware(
{ inApi: "openai", outApi: "openai", service: "openai" },
{ afterTransform: [fixupMaxTokens] }
),
openaiProxy
);
// Embeddings endpoint.
@@ -257,4 +190,15 @@ openaiRouter.post(
openaiEmbeddingsProxy
);
function forceModel(model: string): RequestPreprocessor {
return (req: Request) => void (req.body.model = model);
}
function fixupMaxTokens(req: Request) {
if (!req.body.max_completion_tokens) {
req.body.max_completion_tokens = req.body.max_tokens;
}
delete req.body.max_tokens;
}
export const openai = openaiRouter;
src/proxy/queue.ts
+42 -18
View File
@@ -13,6 +13,7 @@
import crypto from "crypto";
import { Handler, Request } from "express";
import { config } from "../config";
import { BadRequestError, TooManyRequestsError } from "../shared/errors";
import { keyPool } from "../shared/key-management";
import {
@@ -23,9 +24,10 @@ import {
import { initializeSseStream } from "../shared/streaming";
import { logger } from "../logger";
import { getUniqueIps } from "./rate-limit";
import { RequestPreprocessor } from "./middleware/request";
import { handleProxyError } from "./middleware/common";
import { ProxyReqMutator, RequestPreprocessor } from "./middleware/request";
import { sendErrorToClient } from "./middleware/response/error-generator";
import { ProxyReqManager } from "./middleware/request/proxy-req-manager";
import { classifyErrorAndSend } from "./middleware/common";
const queue: Request[] = [];
const log = logger.child({ module: "request-queue" });
@@ -34,14 +36,12 @@ const log = logger.child({ module: "request-queue" });
const USER_CONCURRENCY_LIMIT = parseInt(
process.env.USER_CONCURRENCY_LIMIT ?? "1"
);
/** Maximum number of queue slots for Agnai.chat requests. */
const AGNAI_CONCURRENCY_LIMIT = USER_CONCURRENCY_LIMIT * 5;
const MIN_HEARTBEAT_SIZE = parseInt(process.env.MIN_HEARTBEAT_SIZE_B ?? "512");
const MAX_HEARTBEAT_SIZE =
1024 * parseInt(process.env.MAX_HEARTBEAT_SIZE_KB ?? "1024");
const HEARTBEAT_INTERVAL =
1000 * parseInt(process.env.HEARTBEAT_INTERVAL_SEC ?? "5");
const LOAD_THRESHOLD = parseFloat(process.env.LOAD_THRESHOLD ?? "50");
const LOAD_THRESHOLD = parseFloat(process.env.LOAD_THRESHOLD ?? "150");
const PAYLOAD_SCALE_FACTOR = parseFloat(
process.env.PAYLOAD_SCALE_FACTOR ?? "6"
);
@@ -68,6 +68,14 @@ const sharesIdentifierWith = (incoming: Request) => (queued: Request) =>
getIdentifier(queued) === getIdentifier(incoming);
async function enqueue(req: Request) {
if (req.socket.destroyed || req.res?.writableEnded) {
// In rare cases, a request can be disconnected after it is dequeued for a
// retry, but before it is re-enqueued. In this case we may miss the abort
// and the request will loop in the queue forever.
req.log.warn("Attempt to enqueue aborted request.");
throw new Error("Attempt to enqueue aborted request.");
}
const enqueuedRequestCount = queue.filter(sharesIdentifierWith(req)).length;
if (enqueuedRequestCount >= USER_CONCURRENCY_LIMIT) {
@@ -140,7 +148,14 @@ export function dequeue(partition: ModelFamily): Request | undefined {
}
const req = modelQueue.reduce((prev, curr) =>
prev.startTime < curr.startTime ? prev : curr
prev.startTime +
config.tokensPunishmentFactor *
((prev.promptTokens ?? 0) + (prev.outputTokens ?? 0)) <
curr.startTime +
config.tokensPunishmentFactor *
((curr.promptTokens ?? 0) + (curr.outputTokens ?? 0))
? prev
: curr
);
queue.splice(queue.indexOf(req), 1);
@@ -307,26 +322,35 @@ export function getQueueLength(partition: ModelFamily | "all" = "all") {
}
export function createQueueMiddleware({
beforeProxy,
mutations = [],
proxyMiddleware,
}: {
beforeProxy?: RequestPreprocessor;
mutations?: ProxyReqMutator[];
proxyMiddleware: Handler;
}): Handler {
return async (req, res, next) => {
req.proceed = async () => {
if (beforeProxy) {
try {
// Hack to let us run asynchronous middleware before the
// http-proxy-middleware handler. This is used to sign AWS requests
// before they are proxied, as the signing is asynchronous.
// Unlike RequestPreprocessors, this runs every time the request is
// dequeued, not just the first time.
await beforeProxy(req);
} catch (err) {
return handleProxyError(err, req, res);
// canonicalize the stream field which is set in a few places not always
// consistently
req.isStreaming = req.isStreaming || String(req.body.stream) === "true";
req.body.stream = req.isStreaming;
try {
// Just before executing the proxyMiddleware, we will create a
// ProxyReqManager to track modifications to the request. This allows
// us to revert those changes if the proxied request fails with a
// retryable error. That happens in proxyMiddleware's onProxyRes
// handler.
const changeManager = new ProxyReqManager(req);
req.changeManager = changeManager;
for (const mutator of mutations) {
await mutator(changeManager);
}
} catch (err) {
// Failure during request preparation is a fatal error.
return classifyErrorAndSend(err, req, res);
}
proxyMiddleware(req, res, next);
};
src/server.ts
+8 -1
View File
@@ -23,6 +23,7 @@ import { init as initTokenizers } from "./shared/tokenization";
import { checkOrigin } from "./proxy/check-origin";
import { sendErrorToClient } from "./proxy/middleware/response/error-generator";
import { initializeDatabase, getDatabase } from "./shared/database";
import { initializeFirebase } from "./shared/firebase";
const PORT = config.port;
const BIND_ADDRESS = config.bindAddress;
@@ -137,6 +138,12 @@ async function start() {
logger.info("Checking configs and external dependencies...");
await assertConfigIsValid();
if (config.gatekeeperStore.startsWith("firebase")) {
logger.info("Testing Firebase connection...");
await initializeFirebase();
logger.info("Firebase connection successful.");
}
keyPool.init();
await initTokenizers();
@@ -166,7 +173,7 @@ async function start() {
app.listen(PORT, BIND_ADDRESS, () => {
logger.info(
{ port: PORT, interface: BIND_ADDRESS },
"Now listening for connections."
"Server ready to accept connections."
);
registerUncaughtExceptionHandler();
});
src/shared/api-schemas/anthropic.ts
+4 -27
View File
@@ -19,12 +19,7 @@ const AnthropicV1BaseSchema = z
top_k: z.coerce.number().optional(),
top_p: z.coerce.number().optional(),
metadata: z.object({ user_id: z.string().optional() }).optional(),
tools: z.array(z.any()).optional(),
tool_choice: z.any().optional(),
})
.omit(
Boolean(config.allowOpenAIToolUsage) ? {} : { tools: true, tool_choice: true }
)
.strip();
// https://docs.anthropic.com/claude/reference/complete_post [deprecated]
@@ -49,18 +44,6 @@ const AnthropicV1MessageMultimodalContentSchema = z.array(
data: z.string(),
}),
}),
z.object({
type: z.literal("tool_use"),
id: z.string(),
name: z.string(),
input: z.object({}).passthrough(),
}),
z.object({
type: z.literal("tool_result"),
tool_use_id: z.string(),
is_error: z.boolean().optional(),
content: z.union([z.string(), z.object({}).passthrough()]).optional(),
}),
])
);
@@ -99,7 +82,7 @@ function openAIMessagesToClaudeTextPrompt(messages: OpenAIChatMessage[]) {
let role: string = m.role;
if (role === "assistant") {
role = "Assistant";
} else if (role === "system") {
} else if (["system", "developer"].includes(role)) {
role = "System";
} else if (role === "user") {
role = "Human";
@@ -127,8 +110,6 @@ export const transformOpenAIToAnthropicChat: APIFormatTransformer<
throw result.error;
}
req.headers["anthropic-version"] = "2023-06-01";
const { messages, ...rest } = result.data;
const { messages: newMessages, system } =
openAIMessagesToClaudeChatPrompt(messages);
@@ -163,8 +144,6 @@ export const transformOpenAIToAnthropicText: APIFormatTransformer<
throw result.error;
}
req.headers["anthropic-version"] = "2023-06-01";
const { messages, ...rest } = result.data;
const prompt = openAIMessagesToClaudeTextPrompt(messages);
@@ -209,8 +188,6 @@ export const transformAnthropicTextToAnthropicChat: APIFormatTransformer<
throw result.error;
}
req.headers["anthropic-version"] = "2023-06-01";
const { model, max_tokens_to_sample, prompt, ...rest } = result.data;
validateAnthropicTextPrompt(prompt);
@@ -388,7 +365,7 @@ function openAIMessagesToClaudeChatPrompt(messages: OpenAIChatMessage[]): {
// Here we will lose the original name if it was a system message, but that
// is generally okay because the system message is usually a prompt and not
// a character in the chat.
const name = msg.role === "system" ? "System" : msg.name?.trim();
const name = ["system", "developer"].includes(msg.role) ? "System" : msg.name?.trim();
const content = convertOpenAIContent(msg.content);
// Prepend the display name to the first text content in the current message
@@ -418,8 +395,8 @@ function openAIMessagesToClaudeChatPrompt(messages: OpenAIChatMessage[]): {
function isSystemOpenAIRole(
role: OpenAIChatMessage["role"]
): role is "system" | "function" | "tool" {
return ["system", "function", "tool"].includes(role);
): role is "developer" | "system" | "function" | "tool" {
return ["developer","system", "function", "tool"].includes(role);
}
function getFirstTextContent(content: OpenAIChatMessage["content"]) {
src/shared/api-schemas/google-ai.ts
+52 -15
View File
@@ -6,10 +6,40 @@ import {
import { APIFormatTransformer } from "./index";
const GoogleAIV1ContentSchema = z.object({
parts: z.array(z.object({ text: z.string() })), // TODO: add other media types
parts: z
.union([
z.array(z.object({ text: z.string() })),
z.object({ text: z.string() }),
])
// Google allows parts to be an array or a single object, which is really
// annoying for downstream code. We will coerce it to an array here.
.transform((val) => (Array.isArray(val) ? val : [val])),
// TODO: add other media types
role: z.enum(["user", "model"]).optional(),
});
const SafetySettingsSchema = z
.array(
z.object({
category: z.enum([
"HARM_CATEGORY_HARASSMENT",
"HARM_CATEGORY_HATE_SPEECH",
"HARM_CATEGORY_SEXUALLY_EXPLICIT",
"HARM_CATEGORY_DANGEROUS_CONTENT",
"HARM_CATEGORY_CIVIC_INTEGRITY",
]),
threshold: z.enum([
"OFF",
"BLOCK_NONE",
"BLOCK_ONLY_HIGH",
"BLOCK_MEDIUM_AND_ABOVE",
"BLOCK_LOW_AND_ABOVE",
"HARM_BLOCK_THRESHOLD_UNSPECIFIED",
]),
})
)
.optional();
// https://developers.generativeai.google/api/rest/generativelanguage/models/generateContent
export const GoogleAIV1GenerateContentSchema = z
.object({
@@ -17,21 +47,27 @@ export const GoogleAIV1GenerateContentSchema = z
stream: z.boolean().optional().default(false), // also used for router
contents: z.array(GoogleAIV1ContentSchema),
tools: z.array(z.object({})).max(0).optional(),
safetySettings: z.array(z.object({})).optional(),
safetySettings: SafetySettingsSchema,
systemInstruction: GoogleAIV1ContentSchema.optional(),
generationConfig: z.object({
temperature: z.number().optional(),
maxOutputTokens: z.coerce
.number()
.int()
.optional()
.default(16)
.transform((v) => Math.min(v, 4096)), // TODO: Add config
candidateCount: z.literal(1).optional(),
topP: z.number().optional(),
topK: z.number().optional(),
stopSequences: z.array(z.string().max(500)).max(5).optional(),
}).default({}),
// quick fix for SillyTavern, which uses camel case field names for everything
// except for system_instruction where it randomly uses snake case.
// google api evidently accepts either case.
system_instruction: GoogleAIV1ContentSchema.optional(),
generationConfig: z
.object({
temperature: z.number().min(0).max(2).optional(),
maxOutputTokens: z.coerce
.number()
.int()
.optional()
.default(16)
.transform((v) => Math.min(v, 4096)), // TODO: Add config
candidateCount: z.literal(1).optional(),
topP: z.number().min(0).max(1).optional(),
topK: z.number().min(1).max(40).optional(),
stopSequences: z.array(z.string().max(500)).max(5).optional(),
})
.default({}),
})
.strip();
export type GoogleAIChatMessage = z.infer<
@@ -120,6 +156,7 @@ export const transformOpenAIToGoogleAI: APIFormatTransformer<
{ category: "HARM_CATEGORY_HATE_SPEECH", threshold: "BLOCK_NONE" },
{ category: "HARM_CATEGORY_SEXUALLY_EXPLICIT", threshold: "BLOCK_NONE" },
{ category: "HARM_CATEGORY_DANGEROUS_CONTENT", threshold: "BLOCK_NONE" },
{ category: "HARM_CATEGORY_CIVIC_INTEGRITY", threshold: "BLOCK_NONE" },
],
};
};
src/shared/api-schemas/openai.ts
+9 -1
View File
@@ -21,7 +21,7 @@ export const OpenAIV1ChatCompletionSchema = z
model: z.string().max(100),
messages: z.array(
z.object({
role: z.enum(["system", "user", "assistant", "tool", "function"]),
role: z.enum(["developer", "system", "user", "assistant", "tool", "function"]),
content: z.union([z.string(), OpenAIV1ChatContentArraySchema]),
name: z.string().optional(),
tool_calls: z.array(z.any()).optional(),
@@ -54,6 +54,13 @@ export const OpenAIV1ChatCompletionSchema = z
.nullish()
.default(Math.min(OPENAI_OUTPUT_MAX, 16384))
.transform((v) => Math.min(v ?? OPENAI_OUTPUT_MAX, OPENAI_OUTPUT_MAX)),
// max_completion_tokens replaces max_tokens in the OpenAI API.
// for backwards compatibility, we accept both and move the value in
// max_tokens to max_completion_tokens in proxy middleware.
max_completion_tokens: z.coerce
.number()
.int()
.optional(),
frequency_penalty: z.number().optional().default(0),
presence_penalty: z.number().optional().default(0),
logit_bias: z.any().optional(),
@@ -71,6 +78,7 @@ export const OpenAIV1ChatCompletionSchema = z
tool_choice: z.any().optional(),
function_choice: z.any().optional(),
response_format: z.any(),
reasoning_effort: z.enum(["low", "medium", "high"]).optional(),
})
// Tool usage must be enabled via config because we currently have no way to
// track quota usage for them or enforce limits.
src/shared/custom.d.ts
Vendored
+2
View File
@@ -5,6 +5,7 @@ import { Express } from "express-serve-static-core";
import { APIFormat, Key } from "./key-management";
import { User } from "./users/schema";
import { LLMService, ModelFamily } from "./models";
import { ProxyReqManager } from "../proxy/middleware/request/proxy-req-manager";
declare global {
namespace Express {
@@ -24,6 +25,7 @@ declare global {
queueOutTime?: number;
onAborted?: () => void;
proceed: () => void;
changeManager?: ProxyReqManager;
heartbeatInterval?: NodeJS.Timeout;
monitorInterval?: NodeJS.Timeout;
promptTokens?: number;
src/shared/file-storage/mirror-generated-image.ts
+3 -1
View File
@@ -1,12 +1,14 @@
import axios from "axios";
import express from "express";
import { promises as fs } from "fs";
import path from "path";
import { v4 } from "uuid";
import { USER_ASSETS_DIR } from "../../config";
import { getAxiosInstance } from "../network";
import { addToImageHistory } from "./image-history";
import { libSharp } from "./index";
const axios = getAxiosInstance();
export type OpenAIImageGenerationResult = {
created: number;
data: {
src/shared/firebase.ts
+28
View File
@@ -0,0 +1,28 @@
import type firebase from "firebase-admin";
import { config } from "../config";
import { getHttpAgents } from "./network";
let firebaseApp: firebase.app.App | undefined;
export async function initializeFirebase() {
const firebase = await import("firebase-admin");
const firebaseKey = Buffer.from(config.firebaseKey!, "base64").toString();
const app = firebase.initializeApp({
// RTDB doesn't actually seem to use this but respects `WS_PROXY` if set,
// so we do that in the network module.
httpAgent: getHttpAgents()[0],
credential: firebase.credential.cert(JSON.parse(firebaseKey)),
databaseURL: config.firebaseRtdbUrl,
});
await app.database().ref("connection-test").set(Date.now());
firebaseApp = app;
}
export function getFirebaseApp(): firebase.app.App {
if (!firebaseApp) {
throw new Error("Firebase app not initialized.");
}
return firebaseApp;
}
src/shared/key-management/anthropic/checker.ts
+4 -1
View File
@@ -1,7 +1,10 @@
import axios, { AxiosError, AxiosResponse } from "axios";
import { AxiosError, AxiosResponse } from "axios";
import { getAxiosInstance } from "../../network";
import { KeyCheckerBase } from "../key-checker-base";
import type { AnthropicKey, AnthropicKeyProvider } from "./provider";
const axios = getAxiosInstance();
const MIN_CHECK_INTERVAL = 3 * 1000; // 3 seconds
const KEY_CHECK_PERIOD = 1000 * 60 * 60 * 6; // 6 hours
const POST_MESSAGES_URL = "https://api.anthropic.com/v1/messages";
src/shared/key-management/aws/checker.ts
+46 -5
View File
@@ -1,23 +1,29 @@
import { Sha256 } from "@aws-crypto/sha256-js";
import { SignatureV4 } from "@smithy/signature-v4";
import { HttpRequest } from "@smithy/protocol-http";
import axios, { AxiosError, AxiosHeaders, AxiosRequestConfig } from "axios";
import { AxiosError, AxiosHeaders, AxiosRequestConfig } from "axios";
import { URL } from "url";
import { config } from "../../../config";
import { getAwsBedrockModelFamily } from "../../models";
import { getAxiosInstance } from "../../network";
import { KeyCheckerBase } from "../key-checker-base";
import type { AwsBedrockKey, AwsBedrockKeyProvider } from "./provider";
const axios = getAxiosInstance();
type ParentModelId = string;
type AliasModelId = string;
type ModuleAliasTuple = [ParentModelId, ...AliasModelId[]];
const KNOWN_MODEL_IDS: ModuleAliasTuple[] = [
["anthropic.claude-instant-v1"],
["anthropic.claude-v2", "anthropic.claude-v2:1"],
["anthropic.claude-3-sonnet-20240229-v1:0"],
["anthropic.claude-3-haiku-20240307-v1:0"],
["anthropic.claude-3-5-haiku-20241022-v1:0"],
["anthropic.claude-3-opus-20240229-v1:0"],
["anthropic.claude-3-5-sonnet-20240620-v1:0"],
["anthropic.claude-3-5-sonnet-20241022-v2:0"],
["mistral.mistral-7b-instruct-v0:2"],
["mistral.mixtral-8x7b-instruct-v0:1"],
["mistral.mistral-large-2402-v1:0"],
@@ -103,6 +109,7 @@ See https://docs.aws.amazon.com/bedrock/latest/userguide/cross-region-inference-
}
// Perform checks for all parent model IDs
// TODO: use allsettled
const results = await Promise.all(
KNOWN_MODEL_IDS.filter(([model]) =>
// Skip checks for models that are disabled anyway
@@ -176,9 +183,9 @@ See https://docs.aws.amazon.com/bedrock/latest/userguide/cross-region-inference-
// not necessarily disabled. Retry in 10 seconds.
this.log.warn(
{ key: key.hash, errorType, error: error.response.data },
"Key is rate limited. Rechecking in 10 seconds."
"Key is rate limited. Rechecking in 30 seconds."
);
const next = Date.now() - (KEY_CHECK_PERIOD - 10 * 1000);
const next = Date.now() - (KEY_CHECK_PERIOD - 30 * 1000);
return this.updateKey(key.hash, { lastChecked: next });
case "ValidationException":
default:
@@ -234,7 +241,7 @@ See https://docs.aws.amazon.com/bedrock/latest/userguide/cross-region-inference-
} catch (e) {
this.log.error(
{ key: key.hash, model, profile, error: e.message },
"Error testing model with inference profile; trying model ID directly."
"InvokeModel via inference profile returned an error; trying model ID directly."
);
result = false;
}
@@ -244,6 +251,7 @@ See https://docs.aws.amazon.com/bedrock/latest/userguide/cross-region-inference-
// profile will be used when the key is used for inference.
if (result) return true;
}
this.log.debug({ key: key.hash, model }, "Testing model via model ID.");
return this.testClaudeModel(key, model);
} else if (model.includes("mistral")) {
return this.testMistralModel(key, model);
@@ -269,7 +277,7 @@ See https://docs.aws.amazon.com/bedrock/latest/userguide/cross-region-inference-
method: "POST",
url: POST_INVOKE_MODEL_URL(creds.region, model),
data: payload,
validateStatus: (status) => [400, 403, 404].includes(status),
validateStatus: (status) => [400, 403, 404, 429, 503].includes(status),
};
config.headers = new AxiosHeaders({
"content-type": "application/json",
@@ -281,6 +289,39 @@ See https://docs.aws.amazon.com/bedrock/latest/userguide/cross-region-inference-
const errorType = (headers["x-amzn-errortype"] as string).split(":")[0];
const errorMessage = data?.message;
// 503 ServiceUnavailableException errors are usually due to temporary
// outages in the AWS infrastructure. However, because a 503 response also
// indicates that the key can invoke the model, we can treat this as a
// successful response.
if (status === 503 && errorType.match(/ServiceUnavailableException/i)) {
this.log.warn(
{ key: key.hash, model, errorType, data, status, headers },
"Model is accessible, but may be temporarily unavailable."
);
return true;
}
// 429 ThrottlingException can suggest the model is available but the key
// is being rate limited. I think if a key does not have access to the
// model, it cannot receive a 429 response, so this should be a success.
if (status === 429) {
if (errorType.match(/ThrottlingException/i)) {
this.log.debug(
{ key: key.hash, model, errorType, data, status, headers },
"Model is available but key is rate limited."
);
return true;
} else {
throw new AxiosError(
`InvokeModel returned 429 of type ${errorType}`,
`AWS_INVOKE_MODEL_RATE_LIMITED`,
response.config,
response.request,
response
);
}
}
// This message indicates the key is valid but this particular model is not
// accessible. Other 403s may indicate the key is not usable.
if (
src/shared/key-management/aws/provider.ts
+2 -2
View File
@@ -29,13 +29,13 @@ export interface AwsBedrockKey extends Key, AwsBedrockKeyUsage {
* Upon being rate limited, a key will be locked out for this many milliseconds
* while we wait for other concurrent requests to finish.
*/
const RATE_LIMIT_LOCKOUT = 4000;
const RATE_LIMIT_LOCKOUT = 5000;
/**
* Upon assigning a key, we will wait this many milliseconds before allowing it
* to be used again. This is to prevent the queue from flooding a key with too
* many requests while we wait to learn whether previous ones succeeded.
*/
const KEY_REUSE_DELAY = 500;
const KEY_REUSE_DELAY = 250;
export class AwsBedrockKeyProvider implements KeyProvider<AwsBedrockKey> {
readonly service = "aws";
src/shared/key-management/azure/checker.ts
+14 -2
View File
@@ -1,7 +1,10 @@
import axios, { AxiosError } from "axios";
import { AxiosError } from "axios";
import { getAzureOpenAIModelFamily } from "../../models";
import { getAxiosInstance } from "../../network";
import { KeyCheckerBase } from "../key-checker-base";
import type { AzureOpenAIKey, AzureOpenAIKeyProvider } from "./provider";
import { getAzureOpenAIModelFamily } from "../../models";
const axios = getAxiosInstance();
const MIN_CHECK_INTERVAL = 3 * 1000; // 3 seconds
const KEY_CHECK_PERIOD = 60 * 60 * 1000; // 1 hour
@@ -65,6 +68,14 @@ export class AzureOpenAIKeyChecker extends KeyCheckerBase<AzureOpenAIKey> {
});
case "429":
const headers = error.response.headers;
const retryAfter = Number(headers["retry-after"] || 0);
if (retryAfter > 3600) {
this.log.warn(
{ key: key.hash, errorType, error: error.response.data, headers },
"Key has an excessive rate limit and will be disabled."
);
return this.updateKey(key.hash, { isDisabled: true });
}
this.log.warn(
{ key: key.hash, errorType, error: error.response.data, headers },
"Key is rate limited. Rechecking key in 1 minute."
@@ -137,6 +148,7 @@ export class AzureOpenAIKeyChecker extends KeyCheckerBase<AzureOpenAIKey> {
}
const family = getAzureOpenAIModelFamily(data.model);
this.updateKey(key.hash, { modelIds: [data.model] });
// Azure returns "gpt-4" even for GPT-4 Turbo, so we need further checks.
// Otherwise we can use the model family Azure returned.
src/shared/key-management/azure/provider.ts
+4
View File
@@ -18,6 +18,7 @@ export interface AzureOpenAIKey extends Key, AzureOpenAIKeyUsage {
readonly service: "azure";
readonly modelFamilies: AzureOpenAIModelFamily[];
contentFiltering: boolean;
modelIds: string[];
}
/**
@@ -72,7 +73,10 @@ export class AzureOpenAIKeyProvider implements KeyProvider<AzureOpenAIKey> {
"azure-gpt4-32kTokens": 0,
"azure-gpt4-turboTokens": 0,
"azure-gpt4oTokens": 0,
"azure-o1Tokens": 0,
"azure-o1-miniTokens": 0,
"azure-dall-eTokens": 0,
modelIds: [],
};
this.keys.push(newKey);
}
src/shared/key-management/gcp/checker.ts
+31 -123
View File
@@ -1,8 +1,11 @@
import axios, { AxiosError } from "axios";
import crypto from "crypto";
import { AxiosError } from "axios";
import { GcpModelFamily } from "../../models";
import { getAxiosInstance } from "../../network";
import { KeyCheckerBase } from "../key-checker-base";
import type { GcpKey, GcpKeyProvider } from "./provider";
import { GcpModelFamily } from "../../models";
import { getCredentialsFromGcpKey, refreshGcpAccessToken } from "./oauth";
const axios = getAxiosInstance();
const MIN_CHECK_INTERVAL = 3 * 1000; // 3 seconds
const KEY_CHECK_PERIOD = 90 * 60 * 1000; // 90 minutes
@@ -34,6 +37,7 @@ export class GcpKeyChecker extends KeyCheckerBase<GcpKey> {
let checks: Promise<boolean>[] = [];
const isInitialCheck = !key.lastChecked;
if (isInitialCheck) {
await this.maybeRefreshAccessToken(key);
checks = [
this.invokeModel("claude-3-haiku@20240307", key, true),
this.invokeModel("claude-3-sonnet@20240229", key, true),
@@ -67,6 +71,7 @@ export class GcpKeyChecker extends KeyCheckerBase<GcpKey> {
modelFamilies: families,
});
} else {
await this.maybeRefreshAccessToken(key);
if (key.haikuEnabled) {
await this.invokeModel("claude-3-haiku@20240307", key, false);
} else if (key.sonnetEnabled) {
@@ -82,10 +87,7 @@ export class GcpKeyChecker extends KeyCheckerBase<GcpKey> {
}
this.log.info(
{
key: key.hash,
families: key.modelFamilies,
},
{ key: key.hash, families: key.modelFamilies },
"Checked key."
);
}
@@ -126,26 +128,36 @@ export class GcpKeyChecker extends KeyCheckerBase<GcpKey> {
this.updateKey(key.hash, { lastChecked: next });
}
private async maybeRefreshAccessToken(key: GcpKey) {
if (key.accessToken && key.accessTokenExpiresAt >= Date.now()) {
return;
}
this.log.info({ key: key.hash }, "Refreshing GCP access token...");
const [token, durationSec] = await refreshGcpAccessToken(key);
this.updateKey(key.hash, {
accessToken: token,
accessTokenExpiresAt: Date.now() + durationSec * 1000 * 0.95,
});
}
/**
* Attempt to invoke the given model with the given key. Returns true if the
* key has access to the model, false if it does not. Throws an error if the
* key is disabled.
*/
private async invokeModel(model: string, key: GcpKey, initial: boolean) {
const creds = GcpKeyChecker.getCredentialsFromKey(key);
const signedJWT = await GcpKeyChecker.createSignedJWT(
creds.clientEmail,
creds.privateKey
);
const [accessToken, jwtError] =
await GcpKeyChecker.exchangeJwtForAccessToken(signedJWT);
if (accessToken === null) {
this.log.warn(
{ key: key.hash, jwtError },
"Unable to get the access token"
const creds = await getCredentialsFromGcpKey(key);
try {
await this.maybeRefreshAccessToken(key);
} catch (e) {
this.log.error(
{ key: key.hash, error: e.message },
"Could not test key due to error while getting access token."
);
return false;
}
const payload = {
max_tokens: 1,
messages: TEST_MESSAGES,
@@ -155,7 +167,7 @@ export class GcpKeyChecker extends KeyCheckerBase<GcpKey> {
POST_STREAM_RAW_URL(creds.projectId, creds.region, model),
payload,
{
headers: GcpKeyChecker.getRequestHeaders(accessToken),
headers: GcpKeyChecker.getRequestHeaders(key.accessToken),
validateStatus: initial
? () => true
: (status: number) => status >= 200 && status < 300,
@@ -181,114 +193,10 @@ export class GcpKeyChecker extends KeyCheckerBase<GcpKey> {
}
}
static async createSignedJWT(email: string, pkey: string): Promise<string> {
let cryptoKey = await crypto.subtle.importKey(
"pkcs8",
GcpKeyChecker.str2ab(atob(pkey)),
{ name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-256" } },
false,
["sign"]
);
const authUrl = "https://www.googleapis.com/oauth2/v4/token";
const issued = Math.floor(Date.now() / 1000);
const expires = issued + 600;
const header = { alg: "RS256", typ: "JWT" };
const payload = {
iss: email,
aud: authUrl,
iat: issued,
exp: expires,
scope: "https://www.googleapis.com/auth/cloud-platform",
};
const encodedHeader = GcpKeyChecker.urlSafeBase64Encode(
JSON.stringify(header)
);
const encodedPayload = GcpKeyChecker.urlSafeBase64Encode(
JSON.stringify(payload)
);
const unsignedToken = `${encodedHeader}.${encodedPayload}`;
const signature = await crypto.subtle.sign(
"RSASSA-PKCS1-v1_5",
cryptoKey,
GcpKeyChecker.str2ab(unsignedToken)
);
const encodedSignature = GcpKeyChecker.urlSafeBase64Encode(signature);
return `${unsignedToken}.${encodedSignature}`;
}
static async exchangeJwtForAccessToken(
signed_jwt: string
): Promise<[string | null, string]> {
const auth_url = "https://www.googleapis.com/oauth2/v4/token";
const params = {
grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
assertion: signed_jwt,
};
const r = await fetch(auth_url, {
method: "POST",
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: Object.entries(params)
.map(([k, v]) => `${k}=${v}`)
.join("&"),
}).then((res) => res.json());
if (r.access_token) {
return [r.access_token, ""];
}
return [null, JSON.stringify(r)];
}
static str2ab(str: string): ArrayBuffer {
const buffer = new ArrayBuffer(str.length);
const bufferView = new Uint8Array(buffer);
for (let i = 0; i < str.length; i++) {
bufferView[i] = str.charCodeAt(i);
}
return buffer;
}
static urlSafeBase64Encode(data: string | ArrayBuffer): string {
let base64: string;
if (typeof data === "string") {
base64 = btoa(
encodeURIComponent(data).replace(/%([0-9A-F]{2})/g, (match, p1) =>
String.fromCharCode(parseInt("0x" + p1, 16))
)
);
} else {
base64 = btoa(String.fromCharCode(...new Uint8Array(data)));
}
return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
}
static getRequestHeaders(accessToken: string) {
return {
Authorization: `Bearer ${accessToken}`,
"Content-Type": "application/json",
};
}
static getCredentialsFromKey(key: GcpKey) {
const [projectId, clientEmail, region, rawPrivateKey] = key.key.split(":");
if (!projectId || !clientEmail || !region || !rawPrivateKey) {
throw new Error("Invalid GCP key");
}
const privateKey = rawPrivateKey
.replace(
/-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----|\r|\n|\\n/g,
""
)
.trim();
return { projectId, clientEmail, region, privateKey };
}
}
src/shared/key-management/gcp/oauth.ts
+150
View File
@@ -0,0 +1,150 @@
import crypto from "crypto";
import type { GcpKey } from "./provider";
import { getAxiosInstance } from "../../network";
import { logger } from "../../../logger";
const axios = getAxiosInstance();
const log = logger.child({ module: "gcp-oauth" });
const authUrl = "https://www.googleapis.com/oauth2/v4/token";
const scope = "https://www.googleapis.com/auth/cloud-platform";
type GoogleAuthResponse = {
access_token: string;
scope: string;
token_type: "Bearer";
expires_in: number;
};
type GoogleAuthError = {
error:
| "unauthorized_client"
| "access_denied"
| "admin_policy_enforced"
| "invalid_client"
| "invalid_grant"
| "invalid_scope"
| "disabled_client"
| "org_internal";
error_description: string;
};
export async function refreshGcpAccessToken(
key: GcpKey
): Promise<[string, number]> {
log.info({ key: key.hash }, "Entering GCP OAuth flow...");
const { clientEmail, privateKey } = await getCredentialsFromGcpKey(key);
// https://developers.google.com/identity/protocols/oauth2/service-account#authorizingrequests
const jwt = await createSignedJWT(clientEmail, privateKey);
log.info({ key: key.hash }, "Signed JWT, exchanging for access token...");
const res = await axios.post<GoogleAuthResponse | GoogleAuthError>(
authUrl,
{
grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
assertion: jwt,
},
{
headers: { "Content-Type": "application/x-www-form-urlencoded" },
validateStatus: () => true,
}
);
const status = res.status;
const headers = res.headers;
const data = res.data;
if ("error" in data || status >= 400) {
log.error(
{ key: key.hash, status, headers, data },
"Error from Google Identity API while getting access token."
);
throw new Error(
`Google Identity API returned error: ${(data as GoogleAuthError).error}`
);
}
log.info({ key: key.hash, exp: data.expires_in }, "Got access token.");
return [data.access_token, data.expires_in];
}
export async function getCredentialsFromGcpKey(key: GcpKey) {
const [projectId, clientEmail, region, rawPrivateKey] = key.key.split(":");
if (!projectId || !clientEmail || !region || !rawPrivateKey) {
log.error(
{ key: key.hash },
"Cannot parse GCP credentials. Ensure they are in the format PROJECT_ID:CLIENT_EMAIL:REGION:PRIVATE_KEY, and ensure no whitespace or newlines are in the private key."
);
throw new Error("Cannot parse GCP credentials.");
}
if (!key.privateKey) {
await importPrivateKey(key, rawPrivateKey);
}
return { projectId, clientEmail, region, privateKey: key.privateKey! };
}
async function createSignedJWT(
email: string,
pkey: crypto.webcrypto.CryptoKey
) {
const issued = Math.floor(Date.now() / 1000);
const expires = issued + 600;
const header = { alg: "RS256", typ: "JWT" };
const payload = {
iss: email,
aud: authUrl,
iat: issued,
exp: expires,
scope,
};
const encodedHeader = urlSafeBase64Encode(JSON.stringify(header));
const encodedPayload = urlSafeBase64Encode(JSON.stringify(payload));
const unsignedToken = `${encodedHeader}.${encodedPayload}`;
const signature = await crypto.subtle.sign(
"RSASSA-PKCS1-v1_5",
pkey,
new TextEncoder().encode(unsignedToken)
);
const encodedSignature = urlSafeBase64Encode(signature);
return `${unsignedToken}.${encodedSignature}`;
}
async function importPrivateKey(key: GcpKey, rawPrivateKey: string) {
log.info({ key: key.hash }, "Importing GCP private key...");
const privateKey = rawPrivateKey
.replace(
/-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----|\r|\n|\\n/g,
""
)
.trim();
const binaryKey = Buffer.from(privateKey, "base64");
key.privateKey = await crypto.subtle.importKey(
"pkcs8",
binaryKey,
{ name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
true,
["sign"]
);
log.info({ key: key.hash }, "GCP private key imported.");
}
function urlSafeBase64Encode(data: string | ArrayBuffer): string {
let base64: string;
if (typeof data === "string") {
base64 = btoa(
encodeURIComponent(data).replace(/%([0-9A-F]{2})/g, (match, p1) =>
String.fromCharCode(parseInt("0x" + p1, 16))
)
);
} else {
base64 = btoa(String.fromCharCode(...new Uint8Array(data)));
}
return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
}
src/shared/key-management/gcp/provider.ts
+7
View File
@@ -17,6 +17,11 @@ export interface GcpKey extends Key, GcpKeyUsage {
sonnetEnabled: boolean;
haikuEnabled: boolean;
sonnet35Enabled: boolean;
privateKey?: crypto.webcrypto.CryptoKey;
/** Cached access token for GCP APIs. */
accessToken: string;
accessTokenExpiresAt: number;
}
/**
@@ -68,6 +73,8 @@ export class GcpKeyProvider implements KeyProvider<GcpKey> {
sonnetEnabled: true,
haikuEnabled: false,
sonnet35Enabled: false,
accessToken: "",
accessTokenExpiresAt: 0,
["gcp-claudeTokens"]: 0,
["gcp-claude-opusTokens"]: 0,
};
src/shared/key-management/google-ai/checker.ts
+56 -25
View File
@@ -1,13 +1,17 @@
import axios, { AxiosError } from "axios";
import type { GoogleAIModelFamily } from "../../models";
import { AxiosError } from "axios";
import { GoogleAIModelFamily, getGoogleAIModelFamily } from "../../models";
import { getAxiosInstance } from "../../network";
import { KeyCheckerBase } from "../key-checker-base";
import type { GoogleAIKey, GoogleAIKeyProvider } from "./provider";
import { getGoogleAIModelFamily } from "../../models";
const axios = getAxiosInstance();
const MIN_CHECK_INTERVAL = 3 * 1000; // 3 seconds
const KEY_CHECK_PERIOD = 3 * 60 * 60 * 1000; // 3 hours
const KEY_CHECK_PERIOD = 6 * 60 * 60 * 1000; // 3 hours
const LIST_MODELS_URL =
"https://generativelanguage.googleapis.com/v1beta/models";
const GENERATE_CONTENT_URL =
"https://generativelanguage.googleapis.com/v1beta/models/gemini-1.5-pro-latest:generateContent?key=%KEY%";
type ListModelsResponse = {
models: {
@@ -35,16 +39,16 @@ export class GoogleAIKeyChecker extends KeyCheckerBase<GoogleAIKey> {
service: "google-ai",
keyCheckPeriod: KEY_CHECK_PERIOD,
minCheckInterval: MIN_CHECK_INTERVAL,
recurringChecksEnabled: false,
recurringChecksEnabled: true,
updateKey,
});
}
protected async testKeyOrFail(key: GoogleAIKey) {
const provisionedModels = await this.getProvisionedModels(key);
const updates = {
modelFamilies: provisionedModels,
};
await this.testGenerateContent(key);
const updates = { modelFamilies: provisionedModels };
this.updateKey(key.hash, updates);
this.log.info(
{ key: key.hash, models: key.modelFamilies, ids: key.modelIds.length },
@@ -76,33 +80,44 @@ export class GoogleAIKeyChecker extends KeyCheckerBase<GoogleAIKey> {
return familiesArray;
}
private async testGenerateContent(key: GoogleAIKey) {
const payload = {
contents: [{ parts: { text: "hello" }, role: "user" }],
tools: [],
safetySettings: [],
generationConfig: { maxOutputTokens: 1 },
};
await axios.post(
GENERATE_CONTENT_URL.replace("%KEY%", key.key),
payload,
{ validateStatus: (status) => status === 200 }
);
}
protected handleAxiosError(key: GoogleAIKey, error: AxiosError): void {
if (error.response && GoogleAIKeyChecker.errorIsGoogleAIError(error)) {
const httpStatus = error.response.status;
const { code, message, status, details } = error.response.data.error;
switch (httpStatus) {
case 400:
const reason = details?.[0]?.reason;
if (status === "INVALID_ARGUMENT" && reason === "API_KEY_INVALID") {
case 400: {
const keyDeadMsgs = [
/please enable billing/i,
/API key not valid/i,
/API key expired/i,
/pass a valid API/i,
];
const text = JSON.stringify(error.response.data.error);
if (text.match(keyDeadMsgs.join("|"))) {
this.log.warn(
{ key: key.hash, reason, details },
"Key check returned API_KEY_INVALID error. Disabling key."
);
this.updateKey(key.hash, { isDisabled: true, isRevoked: true });
return;
} else if (
status === "FAILED_PRECONDITION" &&
message.match(/please enable billing/i)
) {
this.log.warn(
{ key: key.hash, message, details },
"Key check returned billing disabled error. Disabling key."
{ key: key.hash, error: text },
"Key check returned a non-transient 400 error. Disabling key."
);
this.updateKey(key.hash, { isDisabled: true, isRevoked: true });
return;
}
break;
}
case 401:
case 403:
this.log.warn(
@@ -111,14 +126,30 @@ export class GoogleAIKeyChecker extends KeyCheckerBase<GoogleAIKey> {
);
this.updateKey(key.hash, { isDisabled: true, isRevoked: true });
return;
case 429:
case 429: {
const text = JSON.stringify(error.response.data.error);
const keyDeadMsgs = [
/GenerateContentRequestsPerMinutePerProjectPerRegion/i,
/"quota_limit_value":"0"/i,
];
if (text.match(keyDeadMsgs.join("|"))) {
this.log.warn(
{ key: key.hash, error: text },
"Key check returned a non-transient 429 error. Disabling key."
);
this.updateKey(key.hash, { isDisabled: true, isRevoked: true });
return;
}
this.log.warn(
{ key: key.hash, status, code, message, details },
"Key is rate limited. Rechecking key in 1 minute."
);
const next = Date.now() - (KEY_CHECK_PERIOD - 10 * 1000);
const next = Date.now() - (KEY_CHECK_PERIOD - 60 * 1000);
this.updateKey(key.hash, { lastChecked: next });
return;
}
}
this.log.error(
src/shared/key-management/key-pool.ts
+13 -4
View File
@@ -8,13 +8,13 @@ import { LLMService, MODEL_FAMILY_SERVICE, ModelFamily } from "../models";
import { Key, KeyProvider } from "./index";
import { AnthropicKeyProvider, AnthropicKeyUpdate } from "./anthropic/provider";
import { OpenAIKeyProvider, OpenAIKeyUpdate } from "./openai/provider";
import { GoogleAIKeyProvider } from "./google-ai/provider";
import { GoogleAIKeyProvider } from "./google-ai/provider";
import { AwsBedrockKeyProvider } from "./aws/provider";
import { GcpKeyProvider } from "./gcp/provider";
import { GcpKeyProvider, GcpKey } from "./gcp/provider";
import { AzureOpenAIKeyProvider } from "./azure/provider";
import { MistralAIKeyProvider } from "./mistral-ai/provider";
type AllowedPartial = OpenAIKeyUpdate | AnthropicKeyUpdate;
type AllowedPartial = OpenAIKeyUpdate | AnthropicKeyUpdate | Partial<GcpKey>;
export class KeyPool {
private keyProviders: KeyProvider[] = [];
@@ -75,6 +75,14 @@ export class KeyPool {
}
}
/**
* Updates a key in the keypool with the given properties.
*
* Be aware that the `key` argument may not be the same object instance as the
* one in the keypool (such as if it is a clone received via `KeyPool.get` in
* which case you are responsible for updating your clone with the new
* properties.
*/
public update(key: Key, props: AllowedPartial): void {
const service = this.getKeyProvider(key.service);
service.update(key.hash, props);
@@ -170,8 +178,9 @@ export class KeyPool {
const job = schedule.scheduleJob(crontab, () => {
const next = job.nextInvocation();
logger.info({ next }, "Performing periodic recheck of OpenAI keys");
logger.info({ next }, "Performing periodic recheck.");
this.recheck("openai");
this.recheck("google-ai");
});
logger.info(
{ rule: crontab, next: job.nextInvocation() },
src/shared/key-management/mistral-ai/checker.ts
+5 -3
View File
@@ -1,8 +1,10 @@
import axios, { AxiosError } from "axios";
import type { MistralAIModelFamily } from "../../models";
import { AxiosError } from "axios";
import { MistralAIModelFamily, getMistralAIModelFamily } from "../../models";
import { getAxiosInstance } from "../../network";
import { KeyCheckerBase } from "../key-checker-base";
import type { MistralAIKey, MistralAIKeyProvider } from "./provider";
import { getMistralAIModelFamily } from "../../models";
const axios = getAxiosInstance();
const MIN_CHECK_INTERVAL = 3 * 1000; // 3 seconds
const KEY_CHECK_PERIOD = 60 * 60 * 1000; // 1 hour
src/shared/key-management/openai/checker.ts
+16 -35
View File
@@ -1,8 +1,10 @@
import axios, { AxiosError } from "axios";
import type { OpenAIModelFamily } from "../../models";
import { AxiosError } from "axios";
import { KeyCheckerBase } from "../key-checker-base";
import type { OpenAIKey, OpenAIKeyProvider } from "./provider";
import { getOpenAIModelFamily } from "../../models";
import { OpenAIModelFamily, getOpenAIModelFamily } from "../../models";
import { getAxiosInstance } from "../../network";
const axios = getAxiosInstance();
const MIN_CHECK_INTERVAL = 3 * 1000; // 3 seconds
const KEY_CHECK_PERIOD = 60 * 60 * 1000; // 1 hour
@@ -63,7 +65,7 @@ export class OpenAIKeyChecker extends KeyCheckerBase<OpenAIKey> {
key: key.hash,
models: key.modelFamilies,
trial: key.isTrial,
snapshots: key.modelSnapshots,
snapshots: key.modelIds,
},
"Checked key."
);
@@ -74,10 +76,11 @@ export class OpenAIKeyChecker extends KeyCheckerBase<OpenAIKey> {
): Promise<OpenAIModelFamily[]> {
const opts = { headers: OpenAIKeyChecker.getHeaders(key) };
const { data } = await axios.get<GetModelsResponse>(GET_MODELS_URL, opts);
const ids = new Set<string>();
const families = new Set<OpenAIModelFamily>();
const models = data.data.map(({ id }) => {
data.data.forEach(({ id }) => {
ids.add(id);
families.add(getOpenAIModelFamily(id, "turbo"));
return id;
});
// disable dall-e for trial keys due to very low per-day quota that tends to
@@ -86,36 +89,12 @@ export class OpenAIKeyChecker extends KeyCheckerBase<OpenAIKey> {
families.delete("dall-e");
}
// as of 2023-11-18, many keys no longer return the dalle3 model but still
// have access to it via the api for whatever reason.
// if (families.has("dall-e") && !models.find(({ id }) => id === "dall-e-3")) {
// families.delete("dall-e");
// }
// as of January 2024, 0314 model snapshots are only available on keys which
// have used them in the past. these keys also seem to have 32k-0314 even
// though they don't have the base gpt-4-32k model alias listed. if a key
// has access to both 0314 models we will flag it as such and force add
// gpt4-32k to its model families.
if (
["gpt-4-0314", "gpt-4-32k-0314"].every((m) => models.find((n) => n === m))
) {
this.log.info({ key: key.hash }, "Added gpt4-32k to -0314 key.");
families.add("gpt4-32k");
}
// We want to update the key's model families here, but we don't want to
// update its `lastChecked` timestamp because we need to let the liveness
// check run before we can consider the key checked.
const familiesArray = [...families];
const keyFromPool = this.keys.find((k) => k.hash === key.hash)!;
this.updateKey(key.hash, {
modelSnapshots: models.filter((m) => m.match(/-\d{4}(-preview)?$/)),
modelFamilies: familiesArray,
lastChecked: keyFromPool.lastChecked,
modelIds: Array.from(ids),
modelFamilies: Array.from(families),
});
return familiesArray;
return key.modelFamilies;
}
private async maybeCreateOrganizationClones(key: OpenAIKey) {
@@ -333,9 +312,11 @@ export class OpenAIKeyChecker extends KeyCheckerBase<OpenAIKey> {
}
static getHeaders(key: OpenAIKey) {
const useOrg = !key.key.includes("svcacct");
return {
Authorization: `Bearer ${key.key}`,
...(key.organizationId && { "OpenAI-Organization": key.organizationId }),
...(useOrg &&
key.organizationId && { "OpenAI-Organization": key.organizationId }),
};
}
}
src/shared/key-management/openai/provider.ts
+34 -72
View File
@@ -3,12 +3,11 @@ import http from "http";
import { Key, KeyProvider } from "../index";
import { config } from "../../../config";
import { logger } from "../../../logger";
import { OpenAIKeyChecker } from "./checker";
import { getOpenAIModelFamily, OpenAIModelFamily } from "../../models";
import { PaymentRequiredError } from "../../errors";
import { OpenAIKeyChecker } from "./checker";
import { prioritizeKeys } from "../prioritize-keys";
// Flattening model families instead of using a nested object for easier
// cloning.
type OpenAIKeyUsage = {
[K in OpenAIModelFamily as `${K}Tokens`]: number;
};
@@ -48,14 +47,10 @@ export interface OpenAIKey extends Key, OpenAIKeyUsage {
* tokens.
*/
rateLimitTokensReset: number;
/**
* This key's maximum request rate for GPT-4, per minute.
*/
gpt4Rpm: number;
/**
* Model snapshots available.
*/
modelSnapshots: string[];
modelIds: string[];
}
export type OpenAIKeyUpdate = Omit<
@@ -117,9 +112,10 @@ export class OpenAIKeyProvider implements KeyProvider<OpenAIKey> {
"gpt4-32kTokens": 0,
"gpt4-turboTokens": 0,
gpt4oTokens: 0,
"o1Tokens": 0,
"o1-miniTokens": 0,
"dall-eTokens": 0,
gpt4Rpm: 0,
modelSnapshots: [],
modelIds: [],
};
this.keys.push(newKey);
}
@@ -140,27 +136,14 @@ export class OpenAIKeyProvider implements KeyProvider<OpenAIKey> {
* Don't mutate returned keys, use a KeyPool method instead.
**/
public list() {
return this.keys.map((key) => {
return Object.freeze({
...key,
key: undefined,
});
});
return this.keys.map((key) => Object.freeze({ ...key, key: undefined }));
}
public get(requestModel: string) {
let model = requestModel;
// Special case for GPT-4-32k. Some keys have access to only gpt4-32k-0314
// but not gpt-4-32k-0613, or its alias gpt-4-32k. Because we add a model
// family if a key has any snapshot, we need to dealias gpt-4-32k here so
// we can look for the specific snapshot.
// gpt-4-32k is superceded by gpt4-turbo so this shouldn't ever change.
if (model === "gpt-4-32k") model = "gpt-4-32k-0613";
const neededFamily = getOpenAIModelFamily(model);
const excludeTrials = model === "text-embedding-ada-002";
const needsSnapshot = model.match(/-\d{4}(-preview)?$/);
const availableKeys = this.keys.filter(
// Allow keys which
@@ -168,58 +151,22 @@ export class OpenAIKeyProvider implements KeyProvider<OpenAIKey> {
!key.isDisabled && // are not disabled
key.modelFamilies.includes(neededFamily) && // have access to the model family we need
(!excludeTrials || !key.isTrial) && // and are not trials if we don't want them
(!needsSnapshot || key.modelSnapshots.includes(model)) // and have the specific snapshot we need
(!config.checkKeys || key.modelIds.includes(model)) // and have the specific snapshot we need
);
if (availableKeys.length === 0) {
throw new PaymentRequiredError(
`No keys can fulfill request for ${model}`
`No OpenAI keys available for model ${model}`
);
}
// Select a key, from highest priority to lowest priority:
// 1. Keys which are not rate limited
// a. We ignore rate limits from >30 seconds ago
// b. If all keys were rate limited in the last minute, select the
// least recently rate limited key
// 2. Keys which are trials
// 3. Keys which do *not* have access to GPT-4-32k
// 4. Keys which have not been used in the longest time
const now = Date.now();
const rateLimitThreshold = 30 * 1000;
const keysByPriority = availableKeys.sort((a, b) => {
// TODO: this isn't quite right; keys are briefly artificially rate-
// limited when they are selected, so this will deprioritize keys that
// may not actually be limited, simply because they were used recently.
// This should be adjusted to use a new `rateLimitedUntil` field instead
// of `rateLimitedAt`.
const aRateLimited = now - a.rateLimitedAt < rateLimitThreshold;
const bRateLimited = now - b.rateLimitedAt < rateLimitThreshold;
if (aRateLimited && !bRateLimited) return 1;
if (!aRateLimited && bRateLimited) return -1;
if (aRateLimited && bRateLimited) {
return a.rateLimitedAt - b.rateLimitedAt;
}
// Neither key is rate limited, continue
if (a.isTrial && !b.isTrial) return -1;
if (!a.isTrial && b.isTrial) return 1;
// Neither or both keys are trials, continue
const aHas32k = a.modelFamilies.includes("gpt4-32k");
const bHas32k = b.modelFamilies.includes("gpt4-32k");
if (aHas32k && !bHas32k) return 1;
if (!aHas32k && bHas32k) return -1;
// Neither or both keys have 32k, continue
return a.lastUsed - b.lastUsed;
});
const keysByPriority = prioritizeKeys(
availableKeys,
(a, b) => +a.isTrial - +b.isTrial
);
const selectedKey = keysByPriority[0];
selectedKey.lastUsed = now;
selectedKey.lastUsed = Date.now();
this.throttle(selectedKey.hash);
return { ...selectedKey };
}
@@ -273,6 +220,9 @@ export class OpenAIKeyProvider implements KeyProvider<OpenAIKey> {
* the request, or returns 0 if a key is ready immediately.
*/
public getLockoutPeriod(family: OpenAIModelFamily): number {
// TODO: this is really inefficient on servers with large key pools and we
// are calling it every 50ms, per model family.
const activeKeys = this.keys.filter(
(key) => !key.isDisabled && key.modelFamilies.includes(family)
);
@@ -318,11 +268,15 @@ export class OpenAIKeyProvider implements KeyProvider<OpenAIKey> {
public markRateLimited(keyHash: string) {
this.log.debug({ key: keyHash }, "Key rate limited");
const key = this.keys.find((k) => k.hash === keyHash)!;
key.rateLimitedAt = Date.now();
// DALL-E requests do not send headers telling us when the rate limit will
// be reset so we need to set a fallback value here. Other models will have
// this overwritten by the `updateRateLimits` method.
key.rateLimitRequestsReset = 20000;
const now = Date.now();
key.rateLimitedAt = now;
// Most OpenAI reqeuests will provide a `x-ratelimit-reset-requests` header
// header telling us when to try again which will be set in a call to
// `updateRateLimits`. These values below are fallbacks in case the header
// is not provided.
key.rateLimitRequestsReset = 10000;
key.rateLimitedUntil = now + key.rateLimitRequestsReset;
}
public incrementUsage(keyHash: string, model: string, tokens: number) {
@@ -349,6 +303,13 @@ export class OpenAIKeyProvider implements KeyProvider<OpenAIKey> {
this.log.warn({ key: key.hash }, `No ratelimit headers; skipping update`);
return;
}
const { rateLimitedAt, rateLimitRequestsReset, rateLimitTokensReset } = key;
const rateLimitedUntil =
rateLimitedAt + Math.max(rateLimitRequestsReset, rateLimitTokensReset);
if (rateLimitedUntil > Date.now()) {
key.rateLimitedUntil = rateLimitedUntil;
}
}
public recheck() {
@@ -382,6 +343,7 @@ export class OpenAIKeyProvider implements KeyProvider<OpenAIKey> {
key.rateLimitedAt = Date.now();
key.rateLimitRequestsReset = KEY_REUSE_DELAY;
key.rateLimitedUntil = Date.now() + KEY_REUSE_DELAY;
}
}
src/shared/key-management/prioritize-keys.ts
+5 -5
View File
@@ -5,9 +5,9 @@ import { Key } from "./index";
* lowest priority. Keys are prioritized in the following order:
*
* 1. Keys which are not rate limited
* a. If all keys were rate limited recently, select the least-recently
* - If all keys were rate limited recently, select the least-recently
* rate limited key.
* b. Otherwise, select the first key.
* - Otherwise, select the first key.
* 2. Keys which have not been used in the longest time
* 3. Keys according to the custom comparator, if provided
* @param keys The list of keys to sort
@@ -20,13 +20,13 @@ export function prioritizeKeys<T extends Key>(
const now = Date.now();
return keys.sort((a, b) => {
const aRateLimited = now - a.rateLimitedAt < a.rateLimitedUntil;
const bRateLimited = now - b.rateLimitedAt < b.rateLimitedUntil;
const aRateLimited = now < a.rateLimitedUntil;
const bRateLimited = now < b.rateLimitedUntil;
if (aRateLimited && !bRateLimited) return 1;
if (!aRateLimited && bRateLimited) return -1;
if (aRateLimited && bRateLimited) {
return a.rateLimitedAt - b.rateLimitedAt;
return a.rateLimitedUntil - b.rateLimitedUntil;
}
if (customComparator) {
src/shared/models.ts
+12
View File
@@ -22,6 +22,8 @@ export type OpenAIModelFamily =
| "gpt4-32k"
| "gpt4-turbo"
| "gpt4o"
| "o1"
| "o1-mini"
| "dall-e";
export type AnthropicModelFamily = "claude" | "claude-opus";
export type GoogleAIModelFamily =
@@ -54,6 +56,8 @@ export const MODEL_FAMILIES = (<A extends readonly ModelFamily[]>(
"gpt4-32k",
"gpt4-turbo",
"gpt4o",
"o1",
"o1-mini",
"dall-e",
"claude",
"claude-opus",
@@ -78,6 +82,8 @@ export const MODEL_FAMILIES = (<A extends readonly ModelFamily[]>(
"azure-gpt4-turbo",
"azure-gpt4o",
"azure-dall-e",
"azure-o1",
"azure-o1-mini",
] as const);
export const LLM_SERVICES = (<A extends readonly LLMService[]>(
@@ -100,6 +106,8 @@ export const MODEL_FAMILY_SERVICE: {
"gpt4-turbo": "openai",
"gpt4-32k": "openai",
gpt4o: "openai",
"o1": "openai",
"o1-mini": "openai",
"dall-e": "openai",
claude: "anthropic",
"claude-opus": "anthropic",
@@ -117,6 +125,8 @@ export const MODEL_FAMILY_SERVICE: {
"azure-gpt4-turbo": "azure",
"azure-gpt4o": "azure",
"azure-dall-e": "azure",
"azure-o1": "azure",
"azure-o1-mini": "azure",
"gemini-flash": "google-ai",
"gemini-pro": "google-ai",
"gemini-ultra": "google-ai",
@@ -143,6 +153,8 @@ export const OPENAI_MODEL_FAMILY_MAP: { [regex: string]: OpenAIModelFamily } = {
"^gpt-3.5-turbo": "turbo",
"^text-embedding-ada-002$": "turbo",
"^dall-e-\\d{1}$": "dall-e",
"^o1-mini(-\\d{4}-\\d{2}-\\d{2})?$": "o1-mini",
"^o1(-preview)?(-\\d{4}-\\d{2}-\\d{2})?$": "o1",
};
export function getOpenAIModelFamily(
src/shared/network.ts
+70
View File
@@ -0,0 +1,70 @@
import axios, { AxiosInstance } from "axios";
import http from "http";
import https from "https";
import os from "os";
import { ProxyAgent } from "proxy-agent";
import { config } from "../config";
import { logger } from "../logger";
const log = logger.child({ module: "network" });
export type HttpAgent = http.Agent | https.Agent;
/** HTTP agent used by http-proxy-middleware when forwarding requests. */
let httpAgent: HttpAgent;
/** HTTPS agent used by http-proxy-middleware when forwarding requests. */
let httpsAgent: HttpAgent;
/** Axios instance used for any non-proxied requests. */
let axiosInstance: AxiosInstance;
function getInterfaceAddress(iface: string) {
const ifaces = os.networkInterfaces();
log.debug({ ifaces, iface }, "Found network interfaces.");
if (!ifaces[iface]) {
throw new Error(`Interface ${iface} not found.`);
}
const addresses = ifaces[iface]!.filter(
({ family, internal }) => family === "IPv4" && !internal
);
if (addresses.length === 0) {
throw new Error(`Interface ${iface} has no external IPv4 addresses.`);
}
log.debug({ selected: addresses[0] }, "Selected network interface.");
return addresses[0].address;
}
export function getHttpAgents() {
if (httpAgent) return [httpAgent, httpsAgent];
const { interface: iface, proxyUrl } = config.httpAgent || {};
if (iface) {
const address = getInterfaceAddress(iface);
httpAgent = new http.Agent({ localAddress: address, keepAlive: true });
httpsAgent = new https.Agent({ localAddress: address, keepAlive: true });
log.info({ address }, "Using configured interface for outgoing requests.");
} else if (proxyUrl) {
process.env.HTTP_PROXY = proxyUrl;
process.env.HTTPS_PROXY = proxyUrl;
process.env.WS_PROXY = proxyUrl;
process.env.WSS_PROXY = proxyUrl;
httpAgent = new ProxyAgent();
httpsAgent = httpAgent; // ProxyAgent automatically handles HTTPS
const proxy = proxyUrl.replace(/:.*@/, "@******");
log.info({ proxy }, "Using proxy server for outgoing requests.");
} else {
httpAgent = new http.Agent();
httpsAgent = new https.Agent();
}
return [httpAgent, httpsAgent];
}
export function getAxiosInstance() {
if (axiosInstance) return axiosInstance;
const [httpAgent, httpsAgent] = getHttpAgents();
axiosInstance = axios.create({ httpAgent, httpsAgent, proxy: false });
return axiosInstance;
}
src/shared/stats.ts
+22 -3
View File
@@ -14,6 +14,18 @@ export function getTokenCostUsd(model: ModelFamily, tokens: number) {
case "gpt4-turbo":
cost = 0.00001;
break;
case "azure-o1":
case "o1":
// Currently we do not track output tokens separately, and O1 uses
// considerably more output tokens that other models for its hidden
// reasoning. The official O1 pricing is $15/1M input tokens and $60/1M
// output tokens so we will return a higher estimate here.
cost = 0.00002;
break
case "azure-o1-mini":
case "o1-mini":
cost = 0.000005; // $3/1M input tokens, $12/1M output tokens
break
case "azure-gpt4-32k":
case "gpt4-32k":
cost = 0.00006;
@@ -39,14 +51,21 @@ export function getTokenCostUsd(model: ModelFamily, tokens: number) {
case "claude-opus":
cost = 0.000015;
break;
case "aws-mistral-tiny":
case "mistral-tiny":
cost = 0.00000031;
cost = 0.00000025;
break;
case "aws-mistral-small":
case "mistral-small":
cost = 0.00000132;
cost = 0.0000003;
break;
case "aws-mistral-medium":
case "mistral-medium":
cost = 0.0000055;
cost = 0.00000275;
break;
case "aws-mistral-large":
case "mistral-large":
cost = 0.000003;
break;
}
return cost * Math.max(0, tokens);
src/shared/tokenization/claude.ts
-3
View File
@@ -67,9 +67,6 @@ async function getTokenCountForMessages({
case "image":
numTokens += await getImageTokenCount(part.source.data);
break;
case "tool_use":
case "tool_result":
break;
default:
throw new Error(`Unsupported Anthropic content type.`);
}
src/shared/tokenization/tokenizer.ts
+2
View File
@@ -86,6 +86,8 @@ type TokenCountRequest = { req: Request } & (
type TokenCountResult = {
token_count: number;
/** Additional tokens for reasoning, if applicable. */
reasoning_tokens?: number;
tokenizer: string;
tokenization_duration_ms: number;
};
src/shared/users/user-store.ts
+11 -8
View File
@@ -10,7 +10,10 @@
import admin from "firebase-admin";
import schedule from "node-schedule";
import { v4 as uuid } from "uuid";
import { config, getFirebaseApp } from "../../config";
import { config } from "../../config";
import { logger } from "../../logger";
import { getFirebaseApp } from "../firebase";
import { APIFormat } from "../key-management";
import {
getAwsBedrockModelFamily,
getGcpModelFamily,
@@ -22,10 +25,8 @@ import {
MODEL_FAMILIES,
ModelFamily,
} from "../models";
import { logger } from "../../logger";
import { User, UserTokenCounts, UserUpdate } from "./schema";
import { APIFormat } from "../key-management";
import { assertNever } from "../utils";
import { User, UserTokenCounts, UserUpdate } from "./schema";
const log = logger.child({ module: "users" });
@@ -299,10 +300,11 @@ export function disableUser(token: string, reason?: string) {
if (!user) return;
user.disabledAt = Date.now();
user.disabledReason = reason;
if (user.meta) {
// manually banned tokens cannot be refreshed
user.meta.refreshable = false;
if (!user.meta) {
user.meta = {};
}
// manually banned tokens cannot be refreshed
user.meta.refreshable = false;
usersToFlush.add(token);
}
@@ -418,7 +420,8 @@ function getModelFamilyForQuotaUsage(
// differentiate between Azure and OpenAI variants of the same model.
if (model.includes("azure")) return getAzureOpenAIModelFamily(model);
if (model.includes("anthropic.")) return getAwsBedrockModelFamily(model);
if (model.startsWith("claude-") && model.includes("@")) return getGcpModelFamily(model);
if (model.startsWith("claude-") && model.includes("@"))
return getGcpModelFamily(model);
switch (api) {
case "openai":
src/shared/views/partials/shared_quota-info.ejs
+23 -1
View File
@@ -1,7 +1,14 @@
<p>
Next refresh: <time><%- nextQuotaRefresh %></time>
</p>
<table class="striped">
<%
const quotaTableId = Math.random().toString(36).slice(2);
%>
<div>
<label for="quota-family-filter-<%= quotaTableId %>">Filter:</label>
<input type="text" id="quota-family-filter-<%= quotaTableId %>" oninput="filterQuotaTable(this, '<%= quotaTableId %>')" />
</div>
<table class="striped" id="quota-table-<%= quotaTableId %>">
<thead>
<tr>
<th scope="col">Model Family</th>
@@ -50,3 +57,18 @@
<% }) %>
</tbody>
</table>
<script>
function filterQuotaTable(input, tableId) {
const filter = input.value.toLowerCase();
const table = document.getElementById("quota-table-" + tableId);
const rows = table.querySelectorAll("tbody tr");
for (const row of rows) {
const modelFamily = row.querySelector("th").textContent;
if (modelFamily.toLowerCase().includes(filter)) {
row.style.display = "";
} else {
row.style.display = "none";
}
}
}
</script>
src/user/routes.ts
+6 -1
View File
@@ -32,9 +32,14 @@ userRouter.use(
_next: express.NextFunction
) => {
const data: any = { message: err.message, stack: err.stack, status: 500 };
const isCsrfError = err.message === "invalid csrf token";
if (isCsrfError) {
res.clearCookie("csrf");
req.session.csrf = undefined;
}
if (req.accepts("json", "html") === "json") {
const isCsrfError = err.message === "invalid csrf token";
const message = isCsrfError
? "CSRF token mismatch; try refreshing the page"
: err.message;
src/user/web/pow-captcha.ts
+33 -23
View File
@@ -187,7 +187,7 @@ function verifyTokenRefreshable(token: string, req: express.Request) {
}
}
req.log.info({ token }, "Allowing token refresh");
req.log.info({ token: `...${token.slice(-5)}` }, "Allowing token refresh");
return true;
}
@@ -227,51 +227,57 @@ router.post("/verify", async (req, res) => {
const ip = req.ip;
req.log.info("Got verification request");
if (recentAttempts.has(ip)) {
res
.status(429)
.json({ error: "Rate limited; wait a minute before trying again" });
const error = "Rate limited; wait a minute before trying again";
req.log.info({ error }, "Verification rejected");
res.status(429).json({ error });
return;
}
const result = verifySchema.safeParse(req.body);
if (!result.success) {
res
.status(400)
.json({ error: "Invalid verify request", details: result.error });
const error = "Invalid verify request";
req.log.info({ error, result }, "Verification rejected");
res.status(400).json({ error, details: result.error });
return;
}
const { challenge, signature, solution } = result.data;
if (signMessage(challenge, powKeySalt) !== signature) {
res.status(400).json({
error:
"Invalid signature; server may have restarted since challenge was issued. Please request a new challenge.",
});
const error =
"Invalid signature; server may have restarted since challenge was issued. Please request a new challenge.";
req.log.info({ error }, "Verification rejected");
res.status(400).json({ error });
return;
}
if (config.proxyKey && result.data.proxyKey !== config.proxyKey) {
res.status(401).json({ error: "Invalid proxy password" });
const error = "Invalid proxy password";
req.log.info({ error }, "Verification rejected");
res.status(401).json({ error, password: result.data.proxyKey });
return;
}
if (challenge.ip && challenge.ip !== ip) {
req.log.warn("Attempt to verify from different IP address");
res.status(400).json({
error: "Solution must be verified from original IP address",
});
const error = "Solution must be verified from original IP address";
req.log.info(
{ error, challengeIp: challenge.ip, clientIp: ip },
"Verification rejected"
);
res.status(400).json({ error });
return;
}
if (solves.has(signature)) {
req.log.warn("Attempt to reuse signature");
res.status(400).json({ error: "Reused signature" });
const error = "Reused signature";
req.log.info({ error }, "Verification rejected");
res.status(400).json({ error });
return;
}
if (Date.now() > challenge.e) {
req.log.warn("Verification took too long");
res.status(400).json({ error: "Verification took too long" });
const error = "Verification took too long";
req.log.info({ error }, "Verification rejected");
res.status(400).json({ error });
return;
}
@@ -285,7 +291,7 @@ router.post("/verify", async (req, res) => {
const success = await verifySolution(challenge, solution, req.log);
if (!success) {
recentAttempts.set(ip, Date.now() + 1000 * 60 * 60 * 6);
req.log.warn("Solution failed verification");
req.log.warn("Bogus solution, client blocked");
res.status(400).json({ error: "Solution failed verification" });
return;
}
@@ -299,8 +305,12 @@ router.post("/verify", async (req, res) => {
if (challenge.token) {
const user = getUser(challenge.token);
if (user) {
user.expiresAt = Date.now() + config.powTokenHours * 60 * 60 * 1000;
upsertUser(user);
upsertUser({
token: challenge.token,
expiresAt: Date.now() + config.powTokenHours * 60 * 60 * 1000,
disabledAt: null,
disabledReason: null,
});
req.log.info(
{ token: `...${challenge.token.slice(-5)}` },
"Token refreshed"
src/user/web/views/partials/user_challenge_widget.ejs
+74 -54
View File
@@ -5,8 +5,8 @@
</noscript>
<style>
#captcha-container {
max-width: 500px;
margin: 50px auto;
max-width: 550px;
margin: 20px auto;
}
@media (max-width: 1000px) {
#captcha-container {
@@ -42,7 +42,7 @@
#captcha-progress-text {
width: 100%;
height: 18rem;
height: 20rem;
resize: vertical;
font-family: monospace;
}
@@ -70,13 +70,22 @@
height: 100%;
background-color: #76c7c0;
}
#copy-token {
border: none;
background: none;
filter: saturate(0);
padding: 0;
}
#copy-token:hover {
filter: saturate(1);
}
</style>
<div style="display: none" id="captcha-container">
<p>
Your device needs to perform a verification task before you can receive a token. This might take anywhere from a few
seconds to a few minutes, depending on your device and the proxy's security settings.
Your device needs to be verified before you can receive a token. This might take anywhere from a few seconds to a
few minutes, depending on your device and the proxy's security settings.
</p>
<p>Click the button below to start.</p>
<details>
<summary>What is this?</summary>
<p>
@@ -107,18 +116,6 @@
faster than the first one.
</p>
</details>
<details>
<summary>What is the "Workers" setting?</summary>
<p>
This controls how many CPU cores will be used to solve the verification task. If your device gets too hot or slows
down too much during verification, reduce the number of workers.
</p>
<p>
For fastest verification, set this to the number of physical CPU cores in your device. Setting more workers than
you have actual cores will generally only slow down verification.
</p>
<p>If you don't understand what this means, leave it at the default setting.</p>
</details>
<details>
<summary>Other important information</summary>
<ul>
@@ -134,15 +131,27 @@
</li>
</ul>
</details>
<details>
<summary>Settings</summary>
<div>
<label for="workers">Workers:</label>
<input type="number" id="workers" value="1" min="1" max="32" onchange="spawnWorkers()" />
</div>
<p>
This controls how many CPU cores will be used to solve the verification task. If your device gets too hot or slows
down too much during verification, reduce the number of workers.
</p>
<p>
For fastest verification, set this to the number of physical CPU cores in your device. Setting more workers than
you have actual cores will generally only slow down verification.
</p>
<p>If you don't understand what this means, leave it at the default setting.</p>
</details>
<form id="captcha-form" style="display: none">
<input type="hidden" name="_csrf" value="<%= csrfToken %>" />
<input type="hidden" name="tokenLifetime" value="<%= tokenLifetime %>" />
</form>
<div id="captcha-control">
<div>
<label for="workers">Workers:</label>
<input type="number" id="workers" value="1" min="1" max="32" onchange="spawnWorkers()" />
</div>
<button id="worker-control" onclick="toggleWorker()">Start verification</button>
</div>
<div id="captcha-progress-container" style="display: none">
@@ -183,6 +192,9 @@
let isMobileWebkit = isIOSiPadOSWebKit();
function handleWorkerMessage(e) {
if (solution) {
return;
}
switch (e.data.type) {
case "progress":
totalHashes += e.data.hashes;
@@ -201,18 +213,15 @@
document.getElementById("workers").disabled = false;
break;
case "solved":
if (solution) {
return;
}
workers.forEach((w, i) => {
w.postMessage({ type: "stop" });
setTimeout(() => w.terminate(), 1000 + i * 100)
setTimeout(() => w.terminate(), 1000 + i * 100);
});
workers = [];
active = false;
solution = e.data.nonce;
document.getElementById("captcha-result").textContent =
"Verification completed. Submitting solution for verification...";
"Solution found. Verifying with server...";
document.getElementById("captcha-control").style.display = "none";
submitVerification();
break;
@@ -233,6 +242,21 @@
estimateProgress();
}
function copyToClipboard(text) {
if (!navigator.clipboard) {
const textArea = document.createElement("textarea");
textArea.value = text;
document.body.appendChild(textArea);
textArea.focus();
textArea.select();
document.execCommand("copy");
textArea.remove();
} else {
navigator.clipboard.writeText(text);
}
alert("Copied to clipboard.");
}
function loadNewChallenge(c, s) {
const btn = document.getElementById("worker-control");
btn.textContent = "Start verification";
@@ -248,6 +272,7 @@
startTime = 0;
lastUpdateTime = 0;
elapsedTime = 0;
totalHashes = 0;
const targetValue = challenge.d.slice(0, -1);
const hashLength = challenge.hl;
workFactor = Number(BigInt(2) ** BigInt(8 * hashLength) / BigInt(targetValue));
@@ -329,52 +354,47 @@
document.getElementById("captcha-progress").style.display = "none";
document.getElementById("captcha-result").innerHTML = `
<p style="color: green">Verification complete</p>
<p>Your user token is: <code>${data.token}</code></p>
<p>Your user token is: <code>${data.token}</code> <button id="copy-token" onclick="copyToClipboard('${data.token}')">📋</button></p>
<p>Valid until: ${new Date(Date.now() + lifetime * 3600 * 1000).toLocaleString()}</p>
`;
}
});
}
function formatTime(time) {
if (time < 60) {
return time.toFixed(1) + "s";
} else if (time < 3600) {
const minutes = Math.floor(time / 60);
const seconds = Math.floor(time % 60);
return minutes + "m " + seconds + "s";
} else {
const hours = Math.floor(time / 3600);
const minutes = Math.floor((time % 3600) / 60);
return hours + "h " + minutes + "m";
}
}
function estimateProgress() {
if (reports % workers.length !== 0) {
if (Date.now() - lastUpdateTime < 500) {
return;
}
elapsedTime += (Date.now() - lastUpdateTime) / 1000;
lastUpdateTime = Date.now();
const hashRate = totalHashes / elapsedTime;
const timeRemaining = (workFactor - totalHashes) / hashRate;
const progress = 100 * (1 - Math.exp(-totalHashes / workFactor));
const formatTime = (time) => {
if (time < 60) {
return time.toFixed(1) + "s";
} else if (time < 3600) {
const minutes = Math.floor(time / 60);
const seconds = Math.floor(time % 60);
return minutes + "m " + seconds + "s";
} else {
const hours = Math.floor(time / 3600);
const minutes = Math.floor((time % 3600) / 60);
return hours + "h " + minutes + "m";
}
};
const p = 1 / workFactor;
const odds = ((1 - p) ** totalHashes * 100).toFixed(2);
const odds = ((1 - p) ** totalHashes * 100).toFixed(3);
const progress = 100 - odds;
let note = "";
if (odds < 33) {
note = " (" + odds + "% odds of no solution yet)";
}
document.getElementById("captcha-progress").style.width = Math.min(progress, 100) + "%";
document.querySelector("#captcha-progress>.progress").style.width = Math.min(progress, 100) + "%";
document.getElementById("captcha-progress-text").value = `
Solution probability: 1 in ${workFactor.toLocaleString()} hashes
Hashes computed: ${totalHashes.toLocaleString()}${note}
Hashes computed: ${totalHashes.toLocaleString()}
Luckiness: ${odds}%
Elapsed time: ${formatTime(elapsedTime)}
Hash rate: ${hashRate.toFixed(2)} H/s
Workers: ${workers.length}${isMobileWebkit ? " (iOS/iPadOS detected)" : ""}
${active ? `Average time remaining: ${formatTime(timeRemaining)}` : "Verification task stopped"}`.trim();
${active ? `Average time remaining: ${formatTime(timeRemaining)}` : "Verification stopped"}`.trim();
}
</script>
src/user/web/views/user_request_token.ejs
+87 -43
View File
@@ -1,20 +1,27 @@
<%- include("partials/shared_header", { title: "Request User Token" }) %>
<style>
#request-buttons {
#request-container {
display: flex;
justify-content: space-between;
margin-top: 20px;
width: 400px;
flex-direction: column;
align-items: center;
margin: 20px 0;
width: 100%;
gap: 10px;
}
#request-buttons button {
margin: 0 10px;
#request-container button {
flex: 1;
width: 100%;
max-width: 300px;
padding: 10px 20px;
font-size: 16px;
cursor: pointer;
}
#refresh-token-input {
width: 100%;
}
</style>
<h1>Request User Token</h1>
@@ -28,37 +35,70 @@
</div>
</div>
<% } %>
<div id="existing-token" style="display: none">
<p>It looks like you might have an older temporary user token. If it has expired, you can try to refresh it.</p>
<strong id="existing-token-value">Existing token:</strong>
<div id="request-container">
<button id="request-token" onclick="requestChallenge('new')">Get a new token</button>
<button id="refresh-token-toggle" onclick="switchSection('refresh')">Refresh an old token</button>
<h6 id="existing-token-value" style="display: none">Existing token:</h6>
</div>
<div id="request-buttons">
<button disabled id="refresh-token" onclick="requestChallenge('refresh')">Refresh old token</button>
<button id="request_token" onclick="requestChallenge('new')">Request new token</button>
<div id="back-to-menu" style="display: none">
<a href="#" onclick="switchSection('root')">« Back</a>
</div>
<div id="refresh-container" style="display: none">
<div id="existing-token">
<p>
If you have an existing or expired token, enter it here to try to refresh it by completing a shorter verification.
</p>
<div>
<label for="refresh-token-input">Existing token:</label>
<input type="text" id="refresh-token-input" />
<button id="refresh-token" onclick="requestChallenge('refresh')">Refresh</button>
</div>
</div>
</div>
<%- include("partials/user_challenge_widget") %>
<script>
function switchSection(sectionId) {
const backToMenu = document.getElementById("back-to-menu");
const captchaSection = document.getElementById("captcha-container");
const requestSection = document.getElementById("request-container");
const refreshSection = document.getElementById("refresh-container");
[backToMenu, captchaSection, requestSection, refreshSection].forEach((element) => (element.style.display = "none"));
switch (sectionId) {
case "root":
requestSection.style.display = "flex";
maybeLoadExistingToken();
break;
case "captcha":
captchaSection.style.display = "block";
backToMenu.style.display = "block";
break;
case "refresh":
refreshSection.style.display = "block";
backToMenu.style.display = "block";
document.getElementById("refresh-token-input").focus();
break;
}
}
function requestChallenge(action) {
const token = localStorage.getItem("captcha-temp-token");
if (token && action === "new") {
const data = JSON.parse(token);
const { expires } = data;
const expiresDate = new Date(expires);
const now = new Date();
if (expiresDate > now) {
if (!confirm("You already have an existing token. Are you sure you want to request a new one?")) {
return;
}
localStorage.removeItem("captcha-temp-token");
document.getElementById("existing-token").style.display = "none";
document.getElementById("refresh-token").disabled = true;
const savedToken = localStorage.getItem("captcha-temp-token");
const refreshInput = document.getElementById("refresh-token-input").value;
if (savedToken && action === "new") {
const confirmation = confirm(
"It looks like you might already have an existing token. Are you sure you want to request a new one?"
);
if (!confirmation) {
return;
}
} else if (!token && action === "refresh") {
alert("You don't have an existing token to refresh");
localStorage.removeItem("captcha-temp-token");
document.getElementById("existing-token").style.display = "none";
document.getElementById("refresh-token").disabled = true;
} else if (!refreshInput?.length && action === "refresh") {
alert("You need to provide a token to refresh.");
return;
}
const refreshToken = token && action === "refresh" ? JSON.parse(token).token : undefined;
const refreshToken = action === "refresh" ? refreshInput : undefined;
const keyInput = document.getElementById("proxy-key");
const proxyKey = (keyInput && keyInput.value) || undefined;
if (!proxyKey?.length) {
@@ -79,7 +119,7 @@
}
const { challenge, signature } = data;
loadNewChallenge(challenge, signature);
document.getElementById("request-buttons").style.display = "none";
switchSection("captcha");
})
.catch(function (error) {
console.error(error);
@@ -87,22 +127,26 @@
});
}
const existingToken = localStorage.getItem("captcha-temp-token");
if (existingToken) {
const data = JSON.parse(existingToken);
const { token, expires } = data;
const expiresDate = new Date(expires);
document.getElementById(
"existing-token-value"
).textContent = `Your token: ${token} (valid until ${expiresDate.toLocaleString()})`;
document.getElementById("existing-token").style.display = "block";
document.getElementById("refresh-token").disabled = false;
function maybeLoadExistingToken() {
const existingToken = localStorage.getItem("captcha-temp-token");
if (existingToken) {
const data = JSON.parse(existingToken);
const { token, expires } = data;
const expiresDate = new Date(expires);
document.getElementById(
"existing-token-value"
).textContent = `User token: ${token} (valid until ${expiresDate.toLocaleString()})`;
document.getElementById("existing-token-value").style.display = "block";
document.getElementById("refresh-token-input").value = token;
}
const proxyKey = localStorage.getItem("captcha-proxy-key");
if (proxyKey && document.getElementById("proxy-key")) {
document.getElementById("proxy-key").value = proxyKey;
}
}
const proxyKey = localStorage.getItem("captcha-proxy-key");
if (proxyKey && document.getElementById("proxy-key")) {
document.getElementById("proxy-key").value = proxyKey;
}
switchSection("root");
</script>
<%- include("partials/user_footer") %>