diff --git a/sdk/cliproxy/auth/conductor.go b/sdk/cliproxy/auth/conductor.go index d16fc1ae..df3d8b3e 100644 --- a/sdk/cliproxy/auth/conductor.go +++ b/sdk/cliproxy/auth/conductor.go @@ -5,6 +5,7 @@ import ( "encoding/json" "errors" "net/http" + "path/filepath" "strconv" "strings" "sync" @@ -385,20 +386,23 @@ func (m *Manager) executeWithProvider(ctx context.Context, provider string, req return cliproxyexecutor.Response{}, errPick } - accountType, accountInfo := auth.AccountInfo() - proxyInfo := auth.ProxyInfo() entry := logEntryWithRequestID(ctx) - if accountType == "api_key" { - if proxyInfo != "" { - entry.Debugf("Use API key %s for model %s %s", util.HideAPIKey(accountInfo), req.Model, proxyInfo) - } else { - entry.Debugf("Use API key %s for model %s", util.HideAPIKey(accountInfo), req.Model) - } - } else if accountType == "oauth" { - if proxyInfo != "" { - entry.Debugf("Use OAuth %s for model %s %s", accountInfo, req.Model, proxyInfo) - } else { - entry.Debugf("Use OAuth %s for model %s", accountInfo, req.Model) + if log.IsLevelEnabled(log.DebugLevel) { + accountType, accountInfo := auth.AccountInfo() + proxyInfo := auth.ProxyInfo() + if accountType == "api_key" { + if proxyInfo != "" { + entry.Debugf("Use API key %s for model %s %s", util.HideAPIKey(accountInfo), req.Model, proxyInfo) + } else { + entry.Debugf("Use API key %s for model %s", util.HideAPIKey(accountInfo), req.Model) + } + } else if accountType == "oauth" { + ident := formatOauthIdentity(auth, provider, accountInfo) + if proxyInfo != "" { + entry.Debugf("Use OAuth %s for model %s %s", ident, req.Model, proxyInfo) + } else { + entry.Debugf("Use OAuth %s for model %s", ident, req.Model) + } } } @@ -446,20 +450,23 @@ func (m *Manager) executeCountWithProvider(ctx context.Context, provider string, return cliproxyexecutor.Response{}, errPick } - accountType, accountInfo := auth.AccountInfo() - proxyInfo := auth.ProxyInfo() entry := logEntryWithRequestID(ctx) - if accountType == "api_key" { - if proxyInfo != "" { - entry.Debugf("Use API key %s for model %s %s", util.HideAPIKey(accountInfo), req.Model, proxyInfo) - } else { - entry.Debugf("Use API key %s for model %s", util.HideAPIKey(accountInfo), req.Model) - } - } else if accountType == "oauth" { - if proxyInfo != "" { - entry.Debugf("Use OAuth %s for model %s %s", accountInfo, req.Model, proxyInfo) - } else { - entry.Debugf("Use OAuth %s for model %s", accountInfo, req.Model) + if log.IsLevelEnabled(log.DebugLevel) { + accountType, accountInfo := auth.AccountInfo() + proxyInfo := auth.ProxyInfo() + if accountType == "api_key" { + if proxyInfo != "" { + entry.Debugf("Use API key %s for model %s %s", util.HideAPIKey(accountInfo), req.Model, proxyInfo) + } else { + entry.Debugf("Use API key %s for model %s", util.HideAPIKey(accountInfo), req.Model) + } + } else if accountType == "oauth" { + ident := formatOauthIdentity(auth, provider, accountInfo) + if proxyInfo != "" { + entry.Debugf("Use OAuth %s for model %s %s", ident, req.Model, proxyInfo) + } else { + entry.Debugf("Use OAuth %s for model %s", ident, req.Model) + } } } @@ -507,20 +514,23 @@ func (m *Manager) executeStreamWithProvider(ctx context.Context, provider string return nil, errPick } - accountType, accountInfo := auth.AccountInfo() - proxyInfo := auth.ProxyInfo() entry := logEntryWithRequestID(ctx) - if accountType == "api_key" { - if proxyInfo != "" { - entry.Debugf("Use API key %s for model %s %s", util.HideAPIKey(accountInfo), req.Model, proxyInfo) - } else { - entry.Debugf("Use API key %s for model %s", util.HideAPIKey(accountInfo), req.Model) - } - } else if accountType == "oauth" { - if proxyInfo != "" { - entry.Debugf("Use OAuth %s for model %s %s", accountInfo, req.Model, proxyInfo) - } else { - entry.Debugf("Use OAuth %s for model %s", accountInfo, req.Model) + if log.IsLevelEnabled(log.DebugLevel) { + accountType, accountInfo := auth.AccountInfo() + proxyInfo := auth.ProxyInfo() + if accountType == "api_key" { + if proxyInfo != "" { + entry.Debugf("Use API key %s for model %s %s", util.HideAPIKey(accountInfo), req.Model, proxyInfo) + } else { + entry.Debugf("Use API key %s for model %s", util.HideAPIKey(accountInfo), req.Model) + } + } else if accountType == "oauth" { + ident := formatOauthIdentity(auth, provider, accountInfo) + if proxyInfo != "" { + entry.Debugf("Use OAuth %s for model %s %s", ident, req.Model, proxyInfo) + } else { + entry.Debugf("Use OAuth %s for model %s", ident, req.Model) + } } } @@ -1610,6 +1620,44 @@ func logEntryWithRequestID(ctx context.Context) *log.Entry { return log.NewEntry(log.StandardLogger()) } +func formatOauthIdentity(auth *Auth, provider string, accountInfo string) string { + if auth == nil { + return "" + } + authIndex := auth.EnsureIndex() + // Prefer the auth's provider when available. + providerName := strings.TrimSpace(auth.Provider) + if providerName == "" { + providerName = strings.TrimSpace(provider) + } + // Only log the basename to avoid leaking host paths. + // FileName may be unset for some auth backends; fall back to ID. + authFile := strings.TrimSpace(auth.FileName) + if authFile == "" { + authFile = strings.TrimSpace(auth.ID) + } + if authFile != "" { + authFile = filepath.Base(authFile) + } + parts := make([]string, 0, 3) + if providerName != "" { + parts = append(parts, "provider="+providerName) + } + if authFile != "" { + parts = append(parts, "auth_file="+authFile) + } + if authIndex != "" { + parts = append(parts, "auth_index="+authIndex) + } + if len(parts) == 0 { + return accountInfo + } + if accountInfo == "" { + return strings.Join(parts, " ") + } + return strings.Join(parts, " ") + " account=\"" + accountInfo + "\"" +} + // InjectCredentials delegates per-provider HTTP request preparation when supported. // If the registered executor for the auth provider implements RequestPreparer, // it will be invoked to modify the request (e.g., add headers).