mirror of
https://github.com/router-for-me/CLIProxyAPIPlus.git
synced 2026-03-30 01:06:39 +00:00
Fixed: #2102
fix(auth): ensure unique auth index for shared API keys across providers and credential identities
This commit is contained in:
Luis Pater
@@ -162,7 +162,60 @@ func stableAuthIndex(seed string) string {
|
||||
return hex.EncodeToString(sum[:8])
|
||||
}
|
||||
|
||||
// EnsureIndex returns a stable index derived from the auth file name or API key.
|
||||
func (a *Auth) indexSeed() string {
|
||||
if a == nil {
|
||||
return ""
|
||||
}
|
||||
|
||||
if fileName := strings.TrimSpace(a.FileName); fileName != "" {
|
||||
return "file:" + fileName
|
||||
}
|
||||
|
||||
providerKey := strings.ToLower(strings.TrimSpace(a.Provider))
|
||||
compatName := ""
|
||||
baseURL := ""
|
||||
apiKey := ""
|
||||
source := ""
|
||||
if a.Attributes != nil {
|
||||
if value := strings.TrimSpace(a.Attributes["provider_key"]); value != "" {
|
||||
providerKey = strings.ToLower(value)
|
||||
}
|
||||
compatName = strings.ToLower(strings.TrimSpace(a.Attributes["compat_name"]))
|
||||
baseURL = strings.TrimSpace(a.Attributes["base_url"])
|
||||
apiKey = strings.TrimSpace(a.Attributes["api_key"])
|
||||
source = strings.TrimSpace(a.Attributes["source"])
|
||||
}
|
||||
|
||||
proxyURL := strings.TrimSpace(a.ProxyURL)
|
||||
hasCredentialIdentity := compatName != "" || baseURL != "" || proxyURL != "" || apiKey != "" || source != ""
|
||||
if providerKey != "" && hasCredentialIdentity {
|
||||
parts := []string{"provider=" + providerKey}
|
||||
if compatName != "" {
|
||||
parts = append(parts, "compat="+compatName)
|
||||
}
|
||||
if baseURL != "" {
|
||||
parts = append(parts, "base="+baseURL)
|
||||
}
|
||||
if proxyURL != "" {
|
||||
parts = append(parts, "proxy="+proxyURL)
|
||||
}
|
||||
if apiKey != "" {
|
||||
parts = append(parts, "api_key="+apiKey)
|
||||
}
|
||||
if source != "" {
|
||||
parts = append(parts, "source="+source)
|
||||
}
|
||||
return "config:" + strings.Join(parts, "\x00")
|
||||
}
|
||||
|
||||
if id := strings.TrimSpace(a.ID); id != "" {
|
||||
return "id:" + id
|
||||
}
|
||||
|
||||
return ""
|
||||
}
|
||||
|
||||
// EnsureIndex returns a stable index derived from the auth file name or credential identity.
|
||||
func (a *Auth) EnsureIndex() string {
|
||||
if a == nil {
|
||||
return ""
|
||||
@@ -171,20 +224,9 @@ func (a *Auth) EnsureIndex() string {
|
||||
return a.Index
|
||||
}
|
||||
|
||||
seed := strings.TrimSpace(a.FileName)
|
||||
if seed != "" {
|
||||
seed = "file:" + seed
|
||||
} else if a.Attributes != nil {
|
||||
if apiKey := strings.TrimSpace(a.Attributes["api_key"]); apiKey != "" {
|
||||
seed = "api_key:" + apiKey
|
||||
}
|
||||
}
|
||||
seed := a.indexSeed()
|
||||
if seed == "" {
|
||||
if id := strings.TrimSpace(a.ID); id != "" {
|
||||
seed = "id:" + id
|
||||
} else {
|
||||
return ""
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
idx := stableAuthIndex(seed)
|
||||
|
||||
@@ -33,3 +33,66 @@ func TestToolPrefixDisabled(t *testing.T) {
|
||||
t.Error("should return false when set to false")
|
||||
}
|
||||
}
|
||||
|
||||
func TestEnsureIndexUsesCredentialIdentity(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
geminiAuth := &Auth{
|
||||
Provider: "gemini",
|
||||
Attributes: map[string]string{
|
||||
"api_key": "shared-key",
|
||||
"source": "config:gemini[abc123]",
|
||||
},
|
||||
}
|
||||
compatAuth := &Auth{
|
||||
Provider: "bohe",
|
||||
Attributes: map[string]string{
|
||||
"api_key": "shared-key",
|
||||
"compat_name": "bohe",
|
||||
"provider_key": "bohe",
|
||||
"source": "config:bohe[def456]",
|
||||
},
|
||||
}
|
||||
geminiAltBase := &Auth{
|
||||
Provider: "gemini",
|
||||
Attributes: map[string]string{
|
||||
"api_key": "shared-key",
|
||||
"base_url": "https://alt.example.com",
|
||||
"source": "config:gemini[ghi789]",
|
||||
},
|
||||
}
|
||||
geminiDuplicate := &Auth{
|
||||
Provider: "gemini",
|
||||
Attributes: map[string]string{
|
||||
"api_key": "shared-key",
|
||||
"source": "config:gemini[abc123-1]",
|
||||
},
|
||||
}
|
||||
|
||||
geminiIndex := geminiAuth.EnsureIndex()
|
||||
compatIndex := compatAuth.EnsureIndex()
|
||||
altBaseIndex := geminiAltBase.EnsureIndex()
|
||||
duplicateIndex := geminiDuplicate.EnsureIndex()
|
||||
|
||||
if geminiIndex == "" {
|
||||
t.Fatal("gemini index should not be empty")
|
||||
}
|
||||
if compatIndex == "" {
|
||||
t.Fatal("compat index should not be empty")
|
||||
}
|
||||
if altBaseIndex == "" {
|
||||
t.Fatal("alt base index should not be empty")
|
||||
}
|
||||
if duplicateIndex == "" {
|
||||
t.Fatal("duplicate index should not be empty")
|
||||
}
|
||||
if geminiIndex == compatIndex {
|
||||
t.Fatalf("shared api key produced duplicate auth_index %q", geminiIndex)
|
||||
}
|
||||
if geminiIndex == altBaseIndex {
|
||||
t.Fatalf("same provider/key with different base_url produced duplicate auth_index %q", geminiIndex)
|
||||
}
|
||||
if geminiIndex == duplicateIndex {
|
||||
t.Fatalf("duplicate config entries should be separated by source-derived seed, got %q", geminiIndex)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user