npm - @llmops/app - Versions diffs - 0.1.2 → 0.1.3-beta.1 - Mend

@llmops/app 0.1.2 → 0.1.3-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.cjs CHANGED Viewed

@@ -13388,8 +13388,22 @@ const requestHeadersSchema = object({
 		return baseContentType === CONTENT_TYPES.APPLICATION_JSON || baseContentType === CONTENT_TYPES.MULTIPART_FORM_DATA || baseContentType.startsWith(CONTENT_TYPES.GENERIC_AUDIO_PATTERN);
 	}, { message: "Invalid content type. Must be application/json, multipart/form-data, or audio/*" }),
 	"x-llmops-config": string$1({ error: "LLMOps Config ID was not provided." }),
-	"x-llmops-environment": string$1().optional()
+	authorization: string$1({ error: "Authorization header with environment secret is required." })
 });
+/**
+* Extracts environment secret from Authorization header.
+* The user passes it in the OpenAI apiKey option which comes as "Bearer <envSecret>"
+* @param authHeader - The Authorization header value (e.g., "Bearer sk_xxxxx")
+* @returns The environment secret
+* @throws Error if the header is missing or invalid
+*/
+function extractEnvSecretFromAuth(authHeader) {
+	const match = authHeader.match(/^Bearer\s+(.+)$/i);
+	if (!match) throw new Error("Invalid Authorization header format. Expected: Bearer <environment-secret>");
+	const token = match[1].trim();
+	if (!token) throw new Error("Environment secret cannot be empty");
+	return token;
+}
 const requestValidator = zv("header", requestHeadersSchema);
 //#endregion
@@ -13397,43 +13411,37 @@ const requestValidator = zv("header", requestHeadersSchema);
 const createRequestGuardMiddleware = () => {
 	return async (c, next) => {
 		const headers = await requestHeadersSchema.safeParseAsync(c.req.header());
-		if (headers.success) if (!headers.data["x-llmops-environment"]) {
-			const origin = c.req.header("origin");
-			const host = c.req.header("host");
-			if (origin) {
-				const originUrl = new URL(origin);
-				const hostWithoutPort = host?.split(":")[0];
-				const originHost = originUrl.hostname;
-				if (originHost !== hostWithoutPort && originHost !== host) return c.json({ message: "Cross-origin requests require an environment ID" }, 403);
-			}
-			c.set("configId", headers["data"]["x-llmops-config"]);
-			c.set("envSec", headers["data"]["x-llmops-environment"]);
-			await next();
-		} else {
-			c.set("configId", headers["data"]["x-llmops-config"]);
-			c.set("envSec", headers["data"]["x-llmops-environment"]);
-			await (0, hono_cors.cors)({
-				origin: "*",
-				allowMethods: [
-					"GET",
-					"POST",
-					"PUT",
-					"DELETE",
-					"OPTIONS"
-				],
-				allowHeaders: [
-					"Content-Type",
-					"Authorization",
-					"x-llmops-config",
-					"x-llmops-environment"
-				]
-			})(c, next);
-		}
-		else
+		if (!headers.success)
  /**
 		* @todo Refactor this to give OpenAI specific response.
 		*/
-		return c.json({ message: "Invalid request headers" }, 400);
+		return c.json({
+			message: "Invalid request headers",
+			errors: headers.error.flatten().fieldErrors
+		}, 400);
+		let envSec;
+		try {
+			envSec = extractEnvSecretFromAuth(headers.data["authorization"]);
+		} catch (error$45) {
+			return c.json({ message: error$45 instanceof Error ? error$45.message : "Invalid authorization" }, 401);
+		}
+		c.set("configId", headers.data["x-llmops-config"]);
+		c.set("envSec", envSec);
+		await (0, hono_cors.cors)({
+			origin: "*",
+			allowMethods: [
+				"GET",
+				"POST",
+				"PUT",
+				"DELETE",
+				"OPTIONS"
+			],
+			allowHeaders: [
+				"Content-Type",
+				"Authorization",
+				"x-llmops-config"
+			]
+		})(c, next);
 	};
 };

package/dist/index.mjs CHANGED Viewed

@@ -13362,8 +13362,22 @@ const requestHeadersSchema = object({
 		return baseContentType === CONTENT_TYPES.APPLICATION_JSON || baseContentType === CONTENT_TYPES.MULTIPART_FORM_DATA || baseContentType.startsWith(CONTENT_TYPES.GENERIC_AUDIO_PATTERN);
 	}, { message: "Invalid content type. Must be application/json, multipart/form-data, or audio/*" }),
 	"x-llmops-config": string$1({ error: "LLMOps Config ID was not provided." }),
-	"x-llmops-environment": string$1().optional()
+	authorization: string$1({ error: "Authorization header with environment secret is required." })
 });
+/**
+* Extracts environment secret from Authorization header.
+* The user passes it in the OpenAI apiKey option which comes as "Bearer <envSecret>"
+* @param authHeader - The Authorization header value (e.g., "Bearer sk_xxxxx")
+* @returns The environment secret
+* @throws Error if the header is missing or invalid
+*/
+function extractEnvSecretFromAuth(authHeader) {
+	const match = authHeader.match(/^Bearer\s+(.+)$/i);
+	if (!match) throw new Error("Invalid Authorization header format. Expected: Bearer <environment-secret>");
+	const token = match[1].trim();
+	if (!token) throw new Error("Environment secret cannot be empty");
+	return token;
+}
 const requestValidator = zv("header", requestHeadersSchema);
 //#endregion
@@ -13371,43 +13385,37 @@ const requestValidator = zv("header", requestHeadersSchema);
 const createRequestGuardMiddleware = () => {
 	return async (c, next) => {
 		const headers = await requestHeadersSchema.safeParseAsync(c.req.header());
-		if (headers.success) if (!headers.data["x-llmops-environment"]) {
-			const origin = c.req.header("origin");
-			const host = c.req.header("host");
-			if (origin) {
-				const originUrl = new URL(origin);
-				const hostWithoutPort = host?.split(":")[0];
-				const originHost = originUrl.hostname;
-				if (originHost !== hostWithoutPort && originHost !== host) return c.json({ message: "Cross-origin requests require an environment ID" }, 403);
-			}
-			c.set("configId", headers["data"]["x-llmops-config"]);
-			c.set("envSec", headers["data"]["x-llmops-environment"]);
-			await next();
-		} else {
-			c.set("configId", headers["data"]["x-llmops-config"]);
-			c.set("envSec", headers["data"]["x-llmops-environment"]);
-			await cors({
-				origin: "*",
-				allowMethods: [
-					"GET",
-					"POST",
-					"PUT",
-					"DELETE",
-					"OPTIONS"
-				],
-				allowHeaders: [
-					"Content-Type",
-					"Authorization",
-					"x-llmops-config",
-					"x-llmops-environment"
-				]
-			})(c, next);
-		}
-		else
+		if (!headers.success)
  /**
 		* @todo Refactor this to give OpenAI specific response.
 		*/
-		return c.json({ message: "Invalid request headers" }, 400);
+		return c.json({
+			message: "Invalid request headers",
+			errors: headers.error.flatten().fieldErrors
+		}, 400);
+		let envSec;
+		try {
+			envSec = extractEnvSecretFromAuth(headers.data["authorization"]);
+		} catch (error$45) {
+			return c.json({ message: error$45 instanceof Error ? error$45.message : "Invalid authorization" }, 401);
+		}
+		c.set("configId", headers.data["x-llmops-config"]);
+		c.set("envSec", envSec);
+		await cors({
+			origin: "*",
+			allowMethods: [
+				"GET",
+				"POST",
+				"PUT",
+				"DELETE",
+				"OPTIONS"
+			],
+			allowHeaders: [
+				"Content-Type",
+				"Authorization",
+				"x-llmops-config"
+			]
+		})(c, next);
 	};
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@llmops/app",
-  "version": "0.1.2",
+  "version": "0.1.3-beta.1",
   "description": "LLMOps application with server and client",
   "type": "module",
   "license": "Apache-2.0",
@@ -64,8 +64,8 @@
     "motion": "^12.23.25",
     "react-aria-components": "^1.13.0",
     "react-hook-form": "^7.68.0",
-    "@llmops/core": "^0.1.2",
-    "@llmops/gateway": "^0.1.2"
+    "@llmops/core": "^0.1.3-beta.1",
+    "@llmops/gateway": "^0.1.3-beta.1"
   },
   "peerDependencies": {
     "react": "^19.2.1",