LLM/CLIProxyAPIPlus
1
0
Fork 0
mirror of https://github.com/router-for-me/CLIProxyAPIPlus.git synced 2026-03-30 01:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add GitLab Duo auth and executor support

Browse Source
This commit is contained in:
LuxVTZ
2026-03-10 17:57:55 +04:00
parent bb28cd26ad
commit 54c3eb1b1e
8 changed files with 356 additions and 179 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/auth/gitlab/gitlab.go
View File

@@ -426,7 +426,7 @@ func ExtractDiscoveredModels(metadata map[string]any) []DiscoveredModel {
if name == "" {
return
}
key := strings.ToLower(provider + "\x00" + name)
key := strings.ToLower(name)
if _, ok := seen[key]; ok {
return
}

160
internal/auth/gitlab/gitlab_test.go
View File

@@ -2,71 +2,137 @@ package gitlab
import (
"context"
"encoding/json"
"net/http"
"net/http/httptest"
"net/url"
"strings"
"testing"
)
func TestNormalizeBaseURL(t *testing.T) {
tests := []struct {
name string
in string
want string
}{
{name: "default", in: "", want: DefaultBaseURL},
{name: "plain host", in: "gitlab.example.com", want: "https://gitlab.example.com"},
{name: "trim trailing slash", in: "https://gitlab.example.com/", want: "https://gitlab.example.com"},
func TestAuthClientGenerateAuthURLIncludesPKCE(t *testing.T) {
client := NewAuthClient(nil)
pkce, err := GeneratePKCECodes()
if err != nil {
t.Fatalf("GeneratePKCECodes() error = %v", err)
}
for _, tc := range tests {
t.Run(tc.name, func(t *testing.T) {
if got := NormalizeBaseURL(tc.in); got != tc.want {
t.Fatalf("NormalizeBaseURL(%q) = %q, want %q", tc.in, got, tc.want)
}
})
rawURL, err := client.GenerateAuthURL("https://gitlab.example.com", "client-id", RedirectURL(17171), "state-123", pkce)
if err != nil {
t.Fatalf("GenerateAuthURL() error = %v", err)
}
parsed, err := url.Parse(rawURL)
if err != nil {
t.Fatalf("Parse(authURL) error = %v", err)
}
if got := parsed.Path; got != "/oauth/authorize" {
t.Fatalf("expected /oauth/authorize path, got %q", got)
}
query := parsed.Query()
if got := query.Get("client_id"); got != "client-id" {
t.Fatalf("expected client_id, got %q", got)
}
if got := query.Get("scope"); got != defaultOAuthScope {
t.Fatalf("expected scope %q, got %q", defaultOAuthScope, got)
}
if got := query.Get("code_challenge_method"); got != "S256" {
t.Fatalf("expected PKCE method S256, got %q", got)
}
if got := query.Get("code_challenge"); got == "" {
t.Fatal("expected non-empty code_challenge")
}
}
func TestFetchDirectAccess_ParsesModelDetails(t *testing.T) {
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPost {
t.Fatalf("expected POST, got %s", r.Method)
func TestAuthClientExchangeCodeForTokens(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path != "/oauth/token" {
t.Fatalf("unexpected path %q", r.URL.Path)
}
if got := r.Header.Get("Authorization"); got != "Bearer pat-123" {
t.Fatalf("expected Authorization header, got %q", got)
if err := r.ParseForm(); err != nil {
t.Fatalf("ParseForm() error = %v", err)
}
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`{
"base_url":"https://gateway.gitlab.example.com/v1",
"token":"duo-gateway-token",
"expires_at":2000000000,
"headers":{
"X-Gitlab-Realm":"saas",
"X-Gitlab-Host-Name":"gitlab.example.com"
},
"model_details":{
"model_provider":"anthropic",
"model_name":"claude-sonnet-4-5"
}
}`))
if got := r.Form.Get("grant_type"); got != "authorization_code" {
t.Fatalf("expected authorization_code grant, got %q", got)
}
if got := r.Form.Get("code_verifier"); got != "verifier-123" {
t.Fatalf("expected code_verifier, got %q", got)
}
_ = json.NewEncoder(w).Encode(map[string]any{
"access_token": "oauth-access",
"refresh_token": "oauth-refresh",
"token_type": "Bearer",
"scope": "api read_user",
"created_at": 1710000000,
"expires_in": 3600,
})
}))
defer server.Close()
defer srv.Close()
client := &AuthClient{httpClient: server.Client()}
direct, err := client.FetchDirectAccess(context.Background(), server.URL, "pat-123")
client := NewAuthClient(nil)
token, err := client.ExchangeCodeForTokens(context.Background(), srv.URL, "client-id", "client-secret", RedirectURL(17171), "auth-code", "verifier-123")
if err != nil {
t.Fatalf("FetchDirectAccess returned error: %v", err)
t.Fatalf("ExchangeCodeForTokens() error = %v", err)
}
if direct.BaseURL != "https://gateway.gitlab.example.com/v1" {
t.Fatalf("unexpected base_url %q", direct.BaseURL)
if token.AccessToken != "oauth-access" {
t.Fatalf("expected access token, got %q", token.AccessToken)
}
if direct.Token != "duo-gateway-token" {
t.Fatalf("unexpected token %q", direct.Token)
if token.RefreshToken != "oauth-refresh" {
t.Fatalf("expected refresh token, got %q", token.RefreshToken)
}
}
func TestExtractDiscoveredModels(t *testing.T) {
models := ExtractDiscoveredModels(map[string]any{
"model_details": map[string]any{
"model_provider": "anthropic",
"model_name": "claude-sonnet-4-5",
},
"supported_models": []any{
map[string]any{"model_provider": "openai", "model_name": "gpt-4.1"},
"claude-sonnet-4-5",
},
})
if len(models) != 2 {
t.Fatalf("expected 2 unique models, got %d", len(models))
}
if models[0].ModelName != "claude-sonnet-4-5" {
t.Fatalf("unexpected first model %q", models[0].ModelName)
}
if models[1].ModelName != "gpt-4.1" {
t.Fatalf("unexpected second model %q", models[1].ModelName)
}
}
func TestFetchDirectAccessDecodesModelDetails(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path != "/api/v4/code_suggestions/direct_access" {
t.Fatalf("unexpected path %q", r.URL.Path)
}
if got := r.Header.Get("Authorization"); !strings.Contains(got, "token-123") {
t.Fatalf("expected bearer token, got %q", got)
}
_ = json.NewEncoder(w).Encode(map[string]any{
"base_url": "https://cloud.gitlab.example.com",
"token": "gateway-token",
"expires_at": 1710003600,
"headers": map[string]string{
"X-Gitlab-Realm": "saas",
},
"model_details": map[string]any{
"model_provider": "anthropic",
"model_name": "claude-sonnet-4-5",
},
})
}))
defer srv.Close()
client := NewAuthClient(nil)
direct, err := client.FetchDirectAccess(context.Background(), srv.URL, "token-123")
if err != nil {
t.Fatalf("FetchDirectAccess() error = %v", err)
}
if direct.ModelDetails == nil || direct.ModelDetails.ModelName != "claude-sonnet-4-5" {
t.Fatalf("unexpected model details: %+v", direct.ModelDetails)
}
if direct.Headers["X-Gitlab-Realm"] != "saas" {
t.Fatalf("expected X-Gitlab-Realm header, got %+v", direct.Headers)
t.Fatalf("expected model details, got %+v", direct.ModelDetails)
}
}

22
internal/runtime/executor/gitlab_executor.go
View File

@@ -21,10 +21,10 @@ import (
)
const (
gitLabProviderKey = "gitlab"
gitLabAuthMethodOAuth = "oauth"
gitLabAuthMethodPAT = "pat"
gitLabChatEndpoint = "/api/v4/chat/completions"
gitLabProviderKey = "gitlab"
gitLabAuthMethodOAuth = "oauth"
gitLabAuthMethodPAT = "pat"
gitLabChatEndpoint = "/api/v4/chat/completions"
gitLabCodeSuggestionsEndpoint = "/api/v4/code_suggestions/completions"
)
@@ -33,10 +33,10 @@ type GitLabExecutor struct {
}
type gitLabPrompt struct {
Instruction string
FileName string
ContentAboveCursor string
ChatContext []map[string]any
Instruction string
FileName string
ContentAboveCursor string
ChatContext []map[string]any
CodeSuggestionContext []map[string]any
}
@@ -246,10 +246,10 @@ func (e *GitLabExecutor) requestCodeSuggestions(ctx context.Context, auth *clipr
"content_above_cursor": contentAbove,
"content_below_cursor": "",
},
"intent": "generation",
"generation_type": "small_file",
"intent": "generation",
"generation_type": "small_file",
"user_instruction": prompt.Instruction,
"stream": false,
"stream": false,
}
if len(prompt.CodeSuggestionContext) > 0 {
body["context"] = prompt.CodeSuggestionContext

223
internal/runtime/executor/gitlab_executor_test.go
View File

@@ -2,123 +2,154 @@ package executor
import (
"context"
"io"
"encoding/json"
"net/http"
"net/http/httptest"
"strings"
"testing"
"github.com/router-for-me/CLIProxyAPI/v6/internal/config"
cliproxyauth "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/auth"
cliproxyexecutor "github.com/router-for-me/CLIProxyAPI/v6/sdk/cliproxy/executor"
sdktranslator "github.com/router-for-me/CLIProxyAPI/v6/sdk/translator"
"github.com/tidwall/gjson"
)
func TestGitLabExecutorRefresh_WithPATStoresGatewayMetadata(t *testing.T) {
var server *httptest.Server
server = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path != "/api/v4/code_suggestions/direct_access" {
t.Fatalf("unexpected path %s", r.URL.Path)
func TestGitLabExecutorExecuteUsesChatEndpoint(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path != gitLabChatEndpoint {
t.Fatalf("unexpected path %q", r.URL.Path)
}
if got := r.Header.Get("Authorization"); got != "Bearer pat-123" {
t.Fatalf("unexpected Authorization header %q", got)
}
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`{
"base_url":"` + server.URL + `",
"token":"gateway-token",
"expires_at":2000000000,
"headers":{"X-Gitlab-Realm":"saas"},
"model_details":{"model_provider":"mistral","model_name":"codestral-2501"}
}`))
_, _ = w.Write([]byte(`"chat response"`))
}))
defer server.Close()
defer srv.Close()
exec := NewGitLabExecutor(nil)
exec := NewGitLabExecutor(&config.Config{})
auth := &cliproxyauth.Auth{
ID: "gitlab-pat.json",
Provider: "gitlab",
Metadata: map[string]any{
"type": "gitlab",
"base_url": srv.URL,
"access_token": "oauth-access",
"model_name": "claude-sonnet-4-5",
},
}
req := cliproxyexecutor.Request{
Model: "gitlab-duo",
Payload: []byte(`{"model":"gitlab-duo","messages":[{"role":"user","content":"hello"}]}`),
}
resp, err := exec.Execute(context.Background(), auth, req, cliproxyexecutor.Options{
SourceFormat: sdktranslator.FromString("openai"),
})
if err != nil {
t.Fatalf("Execute() error = %v", err)
}
if got := gjson.GetBytes(resp.Payload, "choices.0.message.content").String(); got != "chat response" {
t.Fatalf("expected chat response, got %q", got)
}
if got := gjson.GetBytes(resp.Payload, "model").String(); got != "claude-sonnet-4-5" {
t.Fatalf("expected resolved model, got %q", got)
}
}
func TestGitLabExecutorExecuteFallsBackToCodeSuggestions(t *testing.T) {
chatCalls := 0
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch r.URL.Path {
case gitLabChatEndpoint:
chatCalls++
http.Error(w, "feature unavailable", http.StatusForbidden)
case gitLabCodeSuggestionsEndpoint:
_ = json.NewEncoder(w).Encode(map[string]any{
"choices": []map[string]any{{
"text": "fallback response",
}},
})
default:
t.Fatalf("unexpected path %q", r.URL.Path)
}
}))
defer srv.Close()
exec := NewGitLabExecutor(&config.Config{})
auth := &cliproxyauth.Auth{
Provider: "gitlab",
Metadata: map[string]any{
"base_url": srv.URL,
"personal_access_token": "glpat-token",
"auth_method": "pat",
"base_url": server.URL,
"personal_access_token": "pat-123",
},
}
req := cliproxyexecutor.Request{
Model: "gitlab-duo",
Payload: []byte(`{"model":"gitlab-duo","messages":[{"role":"user","content":"write code"}]}`),
}
resp, err := exec.Execute(context.Background(), auth, req, cliproxyexecutor.Options{
SourceFormat: sdktranslator.FromString("openai"),
})
if err != nil {
t.Fatalf("Execute() error = %v", err)
}
if chatCalls != 1 {
t.Fatalf("expected chat endpoint to be tried once, got %d", chatCalls)
}
if got := gjson.GetBytes(resp.Payload, "choices.0.message.content").String(); got != "fallback response" {
t.Fatalf("expected fallback response, got %q", got)
}
}
func TestGitLabExecutorRefreshUpdatesMetadata(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch r.URL.Path {
case "/oauth/token":
_ = json.NewEncoder(w).Encode(map[string]any{
"access_token": "oauth-refreshed",
"refresh_token": "oauth-refresh",
"token_type": "Bearer",
"scope": "api read_user",
"created_at": 1710000000,
"expires_in": 3600,
})
case "/api/v4/code_suggestions/direct_access":
_ = json.NewEncoder(w).Encode(map[string]any{
"base_url": "https://cloud.gitlab.example.com",
"token": "gateway-token",
"expires_at": 1710003600,
"headers": map[string]string{"X-Gitlab-Realm": "saas"},
"model_details": map[string]any{
"model_provider": "anthropic",
"model_name": "claude-sonnet-4-5",
},
})
default:
t.Fatalf("unexpected path %q", r.URL.Path)
}
}))
defer srv.Close()
exec := NewGitLabExecutor(&config.Config{})
auth := &cliproxyauth.Auth{
ID: "gitlab-auth.json",
Provider: "gitlab",
Metadata: map[string]any{
"base_url": srv.URL,
"access_token": "oauth-access",
"refresh_token": "oauth-refresh",
"oauth_client_id": "client-id",
"oauth_client_secret": "client-secret",
"auth_method": "oauth",
"oauth_expires_at": "2000-01-01T00:00:00Z",
},
}
updated, err := exec.Refresh(context.Background(), auth)
if err != nil {
t.Fatalf("Refresh returned error: %v", err)
t.Fatalf("Refresh() error = %v", err)
}
if got := metadataString(updated.Metadata, "duo_gateway_token"); got != "gateway-token" {
t.Fatalf("unexpected gateway token %q", got)
if got := updated.Metadata["access_token"]; got != "oauth-refreshed" {
t.Fatalf("expected refreshed access token, got %#v", got)
}
if got := gitLabModelName(updated); got != "codestral-2501" {
t.Fatalf("unexpected model name %q", got)
}
headers := gitLabHeaders(updated)
if headers["X-Gitlab-Realm"] != "saas" {
t.Fatalf("unexpected gateway headers %+v", headers)
if got := updated.Metadata["model_name"]; got != "claude-sonnet-4-5" {
t.Fatalf("expected refreshed model metadata, got %#v", got)
}
}
func TestGitLabExecutorExecute_UsesGatewayHeadersAndResolvedModel(t *testing.T) {
var receivedAuth string
var receivedRealm string
var receivedModel string
gateway := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
body, _ := io.ReadAll(r.Body)
receivedAuth = r.Header.Get("Authorization")
receivedRealm = r.Header.Get("X-Gitlab-Realm")
receivedModel = findJSONField(string(body), `"model":"`, `"`)
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write([]byte(`{"id":"ok","object":"chat.completion","choices":[{"index":0,"message":{"role":"assistant","content":"ok"},"finish_reason":"stop"}]}`))
}))
defer gateway.Close()
exec := NewGitLabExecutor(nil)
auth := &cliproxyauth.Auth{
ID: "gitlab-oauth.json",
Provider: "gitlab",
Metadata: map[string]any{
"type": "gitlab",
"auth_method": "oauth",
"duo_gateway_base_url": gateway.URL,
"duo_gateway_token": "gateway-token",
"duo_gateway_headers": map[string]any{"X-Gitlab-Realm": "saas"},
"model_details": map[string]any{"model_name": "codestral-2501", "model_provider": "mistral"},
},
}
resp, err := exec.Execute(context.Background(), auth, cliproxyexecutor.Request{
Model: "gitlab-duo",
Payload: []byte(`{"model":"gitlab-duo","messages":[{"role":"user","content":"hello"}]}`),
}, cliproxyexecutor.Options{})
if err != nil {
t.Fatalf("Execute returned error: %v", err)
}
if len(resp.Payload) == 0 {
t.Fatal("expected non-empty payload")
}
if receivedAuth != "Bearer gateway-token" {
t.Fatalf("unexpected Authorization header %q", receivedAuth)
}
if receivedRealm != "saas" {
t.Fatalf("unexpected X-Gitlab-Realm header %q", receivedRealm)
}
if receivedModel != "codestral-2501" {
t.Fatalf("unexpected resolved model %q", receivedModel)
}
}
func findJSONField(body, prefix, suffix string) string {
start := strings.Index(body, prefix)
if start < 0 {
return ""
}
start += len(prefix)
end := strings.Index(body[start:], suffix)
if end < 0 {
return ""
}
return body[start : start+end]
}