chuan/CLIProxyAPI
1
0
Fork 0
mirror of https://github.com/router-for-me/CLIProxyAPI.git synced 2026-02-02 20:40:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

refactor(config, auth): remove allow-localhost-unauthenticated support and related handlers

Browse Source 
- Eliminated `allow-localhost-unauthenticated` configuration field and its usage.
- Removed associated management API handlers and middleware logic.
- Simplified authentication middleware by deprecating localhost-specific checks.
This commit is contained in:
Luis Pater
2025-09-25 09:00:38 +08:00
parent ac93641946
commit 688547b063
4 changed files with 3 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/api/handlers/management/config_basic.go
View File

@@ -26,14 +26,6 @@ func (h *Handler) PutRequestRetry(c *gin.Context) {
h.updateIntField(c, func(v int) { h.cfg.RequestRetry = v }) h.updateIntField(c, func(v int) { h.cfg.RequestRetry = v })
} }
// Allow localhost unauthenticated
func (h *Handler) GetAllowLocalhost(c *gin.Context) {
c.JSON(200, gin.H{"allow-localhost-unauthenticated": h.cfg.AllowLocalhostUnauthenticated})
}
func (h *Handler) PutAllowLocalhost(c *gin.Context) {
h.updateBoolField(c, func(v bool) { h.cfg.AllowLocalhostUnauthenticated = v })
}
// Proxy URL // Proxy URL
func (h *Handler) GetProxyURL(c *gin.Context) { c.JSON(200, gin.H{"proxy-url": h.cfg.ProxyURL}) } func (h *Handler) GetProxyURL(c *gin.Context) { c.JSON(200, gin.H{"proxy-url": h.cfg.ProxyURL}) }
func (h *Handler) PutProxyURL(c *gin.Context) { func (h *Handler) PutProxyURL(c *gin.Context) {

21
internal/api/server.go
View File

@@ -188,11 +188,9 @@ func (s *Server) setupRoutes() {
claudeCodeHandlers := claude.NewClaudeCodeAPIHandler(s.handlers) claudeCodeHandlers := claude.NewClaudeCodeAPIHandler(s.handlers)
openaiResponsesHandlers := openai.NewOpenAIResponsesAPIHandler(s.handlers) openaiResponsesHandlers := openai.NewOpenAIResponsesAPIHandler(s.handlers)
cfgSupplier := func() *config.Config { return s.cfg }
// OpenAI compatible API routes // OpenAI compatible API routes
v1 := s.engine.Group("/v1") v1 := s.engine.Group("/v1")
v1.Use(AuthMiddleware(cfgSupplier, s.accessManager)) v1.Use(AuthMiddleware(s.accessManager))
{ {
v1.GET("/models", s.unifiedModelsHandler(openaiHandlers, claudeCodeHandlers)) v1.GET("/models", s.unifiedModelsHandler(openaiHandlers, claudeCodeHandlers))
v1.POST("/chat/completions", openaiHandlers.ChatCompletions) v1.POST("/chat/completions", openaiHandlers.ChatCompletions)
@@ -204,7 +202,7 @@ func (s *Server) setupRoutes() {
// Gemini compatible API routes // Gemini compatible API routes
v1beta := s.engine.Group("/v1beta") v1beta := s.engine.Group("/v1beta")
v1beta.Use(AuthMiddleware(cfgSupplier, s.accessManager)) v1beta.Use(AuthMiddleware(s.accessManager))
{ {
v1beta.GET("/models", geminiHandlers.GeminiModels) v1beta.GET("/models", geminiHandlers.GeminiModels)
v1beta.POST("/models/:action", geminiHandlers.GeminiHandler) v1beta.POST("/models/:action", geminiHandlers.GeminiHandler)
@@ -309,10 +307,6 @@ func (s *Server) setupRoutes() {
mgmt.PUT("/request-retry", s.mgmt.PutRequestRetry) mgmt.PUT("/request-retry", s.mgmt.PutRequestRetry)
mgmt.PATCH("/request-retry", s.mgmt.PutRequestRetry) mgmt.PATCH("/request-retry", s.mgmt.PutRequestRetry)
mgmt.GET("/allow-localhost-unauthenticated", s.mgmt.GetAllowLocalhost)
mgmt.PUT("/allow-localhost-unauthenticated", s.mgmt.PutAllowLocalhost)
mgmt.PATCH("/allow-localhost-unauthenticated", s.mgmt.PutAllowLocalhost)
mgmt.GET("/claude-api-key", s.mgmt.GetClaudeKeys) mgmt.GET("/claude-api-key", s.mgmt.GetClaudeKeys)
mgmt.PUT("/claude-api-key", s.mgmt.PutClaudeKeys) mgmt.PUT("/claude-api-key", s.mgmt.PutClaudeKeys)
mgmt.PATCH("/claude-api-key", s.mgmt.PatchClaudeKey) mgmt.PATCH("/claude-api-key", s.mgmt.PatchClaudeKey)
@@ -487,17 +481,8 @@ func (s *Server) UpdateClients(cfg *config.Config) {
// AuthMiddleware returns a Gin middleware handler that authenticates requests // AuthMiddleware returns a Gin middleware handler that authenticates requests
// using the configured authentication providers. When no providers are available, // using the configured authentication providers. When no providers are available,
// it allows all requests (legacy behaviour). // it allows all requests (legacy behaviour).
func AuthMiddleware(cfgFn func() *config.Config, manager *sdkaccess.Manager) gin.HandlerFunc { func AuthMiddleware(manager *sdkaccess.Manager) gin.HandlerFunc {
return func(c *gin.Context) { return func(c *gin.Context) {
cfg := cfgFn()
if cfg != nil && cfg.AllowLocalhostUnauthenticated {
ip := c.ClientIP()
if ip == "127.0.0.1" || ip == "::1" || strings.HasPrefix(c.Request.RemoteAddr, "127.0.0.1:") || strings.HasPrefix(c.Request.RemoteAddr, "[::1]:") {
c.Next()
return
}
}
if manager == nil { if manager == nil {
c.Next() c.Next()
return return

3
internal/config/config.go
View File

@@ -53,9 +53,6 @@ type Config struct {
// OpenAICompatibility defines OpenAI API compatibility configurations for external providers. // OpenAICompatibility defines OpenAI API compatibility configurations for external providers.
OpenAICompatibility []OpenAICompatibility `yaml:"openai-compatibility" json:"openai-compatibility"` OpenAICompatibility []OpenAICompatibility `yaml:"openai-compatibility" json:"openai-compatibility"`
// AllowLocalhostUnauthenticated allows unauthenticated requests from localhost.
AllowLocalhostUnauthenticated bool `yaml:"allow-localhost-unauthenticated" json:"allow-localhost-unauthenticated"`
// RemoteManagement nests management-related options under 'remote-management'. // RemoteManagement nests management-related options under 'remote-management'.
RemoteManagement RemoteManagement `yaml:"remote-management" json:"-"` RemoteManagement RemoteManagement `yaml:"remote-management" json:"-"`

3
internal/watcher/watcher.go
View File

@@ -474,9 +474,6 @@ func (w *Watcher) reloadConfig() bool {
if len(oldConfig.CodexKey) != len(newConfig.CodexKey) { if len(oldConfig.CodexKey) != len(newConfig.CodexKey) {
log.Debugf(" codex-api-key count: %d -> %d", len(oldConfig.CodexKey), len(newConfig.CodexKey)) log.Debugf(" codex-api-key count: %d -> %d", len(oldConfig.CodexKey), len(newConfig.CodexKey))
} }
if oldConfig.AllowLocalhostUnauthenticated != newConfig.AllowLocalhostUnauthenticated {
log.Debugf(" allow-localhost-unauthenticated: %t -> %t", oldConfig.AllowLocalhostUnauthenticated, newConfig.AllowLocalhostUnauthenticated)
}
if oldConfig.RemoteManagement.AllowRemote != newConfig.RemoteManagement.AllowRemote { if oldConfig.RemoteManagement.AllowRemote != newConfig.RemoteManagement.AllowRemote {
log.Debugf(" remote-management.allow-remote: %t -> %t", oldConfig.RemoteManagement.AllowRemote, newConfig.RemoteManagement.AllowRemote) log.Debugf(" remote-management.allow-remote: %t -> %t", oldConfig.RemoteManagement.AllowRemote, newConfig.RemoteManagement.AllowRemote)
} }