@pikoloo/codex-proxy 1.0.6

package/src/security.js

@@ -0,0 +1,142 @@
+const LOOPBACK_HOSTS = new Set(['localhost', '127.0.0.1', '::1', '[::1]']);
+const CONTROL_PATH_PREFIXES = [
+  '/accounts',
+  '/settings',
+  '/claude/config',
+  '/api/logs'
+];
+const SAFE_FETCH_SITES = new Set(['same-origin', 'same-site', 'none']);
+const SENSITIVE_KEY_RE = /(api[_-]?key|auth[_-]?token|access[_-]?token|refresh[_-]?token|id[_-]?token|secret|password)/i;
+
+export function isLoopbackAddress(address) {
+  if (!address || typeof address !== 'string') return false;
+  const normalized = address.replace(/^\[|\]$/g, '');
+  return normalized === '::1' ||
+    normalized === '127.0.0.1' ||
+    normalized.startsWith('127.') ||
+    normalized.startsWith('::ffff:127.');
+}
+
+export function isLoopbackHostname(hostname) {
+  if (!hostname || typeof hostname !== 'string') return false;
+  return LOOPBACK_HOSTS.has(hostname.toLowerCase());
+}
+
+export function isControlPath(path = '') {
+  return CONTROL_PATH_PREFIXES.some(prefix => path === prefix || path.startsWith(`${prefix}/`));
+}
+
+export function isStateChangingMethod(method = 'GET') {
+  return !['GET', 'HEAD', 'OPTIONS'].includes(method.toUpperCase());
+}
+
+export function evaluateRequestAccess(req, options = {}) {
+  const path = req.path || req.url || '';
+  const method = req.method || 'GET';
+
+  if (!isControlPath(path)) {
+    return { allowed: true };
+  }
+
+  const headers = req.headers || {};
+  if (isStateChangingMethod(method)) {
+    const fetchSite = String(headers['sec-fetch-site'] || '').toLowerCase();
+    if (fetchSite && !SAFE_FETCH_SITES.has(fetchSite)) {
+      return { allowed: false, status: 403, reason: 'Cross-site control-plane request blocked' };
+    }
+
+    const origin = headers.origin;
+    if (origin && Array.isArray(options.allowedOrigins) && !options.allowedOrigins.includes(origin)) {
+      return { allowed: false, status: 403, reason: 'Origin is not allowed for control-plane request' };
+    }
+  }
+
+  const remoteAddress = req.socket?.remoteAddress || req.ip;
+  if (isLoopbackAddress(remoteAddress)) {
+    return { allowed: true };
+  }
+
+  const adminToken = options.adminToken || process.env.CODEX_CLAUDE_PROXY_ADMIN_TOKEN;
+  const suppliedToken = headers['x-codex-proxy-admin-token'];
+  if (adminToken && suppliedToken === adminToken) {
+    return { allowed: true };
+  }
+
+  return { allowed: false, status: 403, reason: 'Remote control-plane request blocked' };
+}
+
+export function securityMiddleware(options = {}) {
+  return (req, res, next) => {
+    const result = evaluateRequestAccess(req, options);
+    if (result.allowed) {
+      next();
+      return;
+    }
+    res.status(result.status || 403).json({ success: false, error: result.reason || 'Forbidden' });
+  };
+}
+
+export function redactSensitiveConfig(value) {
+  if (Array.isArray(value)) {
+    return value.map(redactSensitiveConfig);
+  }
+
+  if (!value || typeof value !== 'object') {
+    return value;
+  }
+
+  const result = {};
+  for (const [key, nestedValue] of Object.entries(value)) {
+    result[key] = SENSITIVE_KEY_RE.test(key) ? '[redacted]' : redactSensitiveConfig(nestedValue);
+  }
+  return result;
+}
+
+export function isAllowedApiEndpoint(apiUrl, options = {}) {
+  let parsed;
+  try {
+    parsed = new URL(apiUrl);
+  } catch {
+    return false;
+  }
+
+  if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
+    return false;
+  }
+
+  if (isLoopbackHostname(parsed.hostname)) {
+    return true;
+  }
+
+  const allowExternal = options.allowExternal ?? process.env.CODEX_CLAUDE_PROXY_ALLOW_EXTERNAL_ENDPOINTS === 'true';
+  return allowExternal === true;
+}
+
+export function buildAllowedOrigins(port, host = '127.0.0.1') {
+  const origins = new Set([
+    `http://localhost:${port}`,
+    `http://127.0.0.1:${port}`
+  ]);
+
+  if (Number(port) === 80) {
+    origins.add('http://localhost');
+    origins.add('http://127.0.0.1');
+  }
+
+  if (host && !['0.0.0.0', '::'].includes(host)) {
+    origins.add(`http://${host}:${port}`);
+  }
+
+  return [...origins];
+}
+
+export default {
+  buildAllowedOrigins,
+  evaluateRequestAccess,
+  isAllowedApiEndpoint,
+  isControlPath,
+  isLoopbackAddress,
+  isLoopbackHostname,
+  redactSensitiveConfig,
+  securityMiddleware
+};

package/src/server-settings.js

@@ -0,0 +1,56 @@
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from 'fs';
+import { join } from 'path';
+import { CONFIG_DIR } from './account-manager.js';
+
+const SETTINGS_FILE = join(CONFIG_DIR, 'settings.json');
+const MULTI_ACCOUNT_ROTATION_ENV = 'CODEX_CLAUDE_PROXY_ENABLE_MULTI_ACCOUNT_ROTATION';
+
+const DEFAULT_SETTINGS = {
+    haikuKiloModel: 'minimax/minimax-m2.5:free',
+    accountStrategy: 'sticky'
+};
+
+function ensureConfigDir() {
+    if (!existsSync(CONFIG_DIR)) {
+        mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
+    }
+}
+
+export function getServerSettings() {
+    ensureConfigDir();
+
+    if (!existsSync(SETTINGS_FILE)) {
+        return { ...DEFAULT_SETTINGS };
+    }
+
+    try {
+        const data = JSON.parse(readFileSync(SETTINGS_FILE, 'utf8'));
+        return { ...DEFAULT_SETTINGS, ...data };
+    } catch (error) {
+        console.error('[ServerSettings] Failed to read settings:', error.message);
+        return { ...DEFAULT_SETTINGS };
+    }
+}
+
+export function setServerSettings(patch = {}) {
+    const current = getServerSettings();
+    const next = { ...current, ...patch };
+
+    ensureConfigDir();
+    writeFileSync(SETTINGS_FILE, JSON.stringify(next, null, 2), { mode: 0o600 });
+    return next;
+}
+
+export function isMultiAccountRotationEnabled(env = process.env) {
+    return env[MULTI_ACCOUNT_ROTATION_ENV] === 'true';
+}
+
+export { SETTINGS_FILE, MULTI_ACCOUNT_ROTATION_ENV };
+
+export default {
+    getServerSettings,
+    setServerSettings,
+    isMultiAccountRotationEnabled,
+    MULTI_ACCOUNT_ROTATION_ENV,
+    SETTINGS_FILE
+};

package/src/server.js

@@ -0,0 +1,58 @@
+/**
+ * Server bootstrap
+ * Creates the Express app, middleware, and registers API routes.
+ */
+
+import express from 'express';
+import cors from 'cors';
+
+import { ensureAccountsPersist, startAutoRefresh } from './account-manager.js';
+import { registerApiRoutes } from './routes/api-routes.js';
+import { buildAllowedOrigins, securityMiddleware } from './security.js';
+
+export const DEFAULT_HOST = '127.0.0.1';
+
+export function createServer({ port, host = DEFAULT_HOST }) {
+  ensureAccountsPersist();
+  startAutoRefresh();
+
+  const app = express();
+  app.disable('x-powered-by');
+  
+  // High-level request logging
+  app.use((req, res, next) => {
+    const start = Date.now();
+    res.on('finish', () => {
+      const duration = Date.now() - start;
+      const msg = `[${req.method}] ${req.originalUrl} ${res.statusCode} (${duration}ms)`;
+      if (res.statusCode >= 400) {
+        console.log(`\x1b[31m${msg}\x1b[0m`); // Red for error
+      } else if (req.originalUrl !== '/health') { // Skip health check logs to reduce noise
+        console.log(`\x1b[36m${msg}\x1b[0m`); // Cyan for success
+      }
+    });
+    next();
+  });
+
+  const allowedOrigins = buildAllowedOrigins(port, host);
+
+  app.use(cors({
+    origin: allowedOrigins,
+    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+    allowedHeaders: ['Content-Type', 'Authorization', 'X-Codex-Proxy-Admin-Token'],
+    credentials: false
+  }));
+  app.use(securityMiddleware({ allowedOrigins }));
+  app.use(express.json({ limit: '10mb' }));
+
+  registerApiRoutes(app, { port });
+
+  return app;
+}
+
+export function startServer({ port, host = process.env.HOST || DEFAULT_HOST }) {
+  const app = createServer({ port, host });
+  return app.listen(port, host);
+}
+
+export default { createServer, startServer };

package/src/signature-cache.js

@@ -0,0 +1,106 @@
+/**
+ * Signature Cache
+ * In-memory cache for thinking signatures
+ *
+ * Claude Code strips non-standard fields. This cache stores signatures by tool_use_id
+ * so they can be restored in subsequent requests.
+ *
+ * Also caches thinking block signatures with model family for cross-model
+ * compatibility checking.
+ */
+
+// Default cache TTL: 2 hours
+const SIGNATURE_CACHE_TTL_MS = 2 * 60 * 60 * 1000;
+
+// Minimum valid signature length
+const MIN_SIGNATURE_LENGTH = 50;
+
+const signatureCache = new Map();
+const thinkingSignatureCache = new Map();
+
+/**
+ * Store a signature for a tool_use_id
+ * @param {string} toolUseId - The tool use ID
+ * @param {string} signature - The thoughtSignature to cache
+ */
+export function cacheSignature(toolUseId, signature) {
+    if (!toolUseId || !signature) return;
+    signatureCache.set(toolUseId, {
+        signature,
+        timestamp: Date.now()
+    });
+}
+
+/**
+ * Get a cached signature for a tool_use_id
+ * @param {string} toolUseId - The tool use ID
+ * @returns {string|null} The cached signature or null if not found/expired
+ */
+export function getCachedSignature(toolUseId) {
+    if (!toolUseId) return null;
+    const entry = signatureCache.get(toolUseId);
+    if (!entry) return null;
+
+    // Check TTL
+    if (Date.now() - entry.timestamp > SIGNATURE_CACHE_TTL_MS) {
+        signatureCache.delete(toolUseId);
+        return null;
+    }
+
+    return entry.signature;
+}
+
+/**
+ * Cache a thinking block signature with its model family
+ * @param {string} signature - The thinking signature to cache
+ * @param {string} modelFamily - The model family ('claude' or 'gemini' or 'openai')
+ */
+export function cacheThinkingSignature(signature, modelFamily) {
+    if (!signature || signature.length < MIN_SIGNATURE_LENGTH) return;
+    thinkingSignatureCache.set(signature, {
+        modelFamily,
+        timestamp: Date.now()
+    });
+}
+
+/**
+ * Get the cached model family for a thinking signature
+ * @param {string} signature - The signature to look up
+ * @returns {string|null} 'claude', 'gemini', 'openai', or null if not found/expired
+ */
+export function getCachedSignatureFamily(signature) {
+    if (!signature) return null;
+    const entry = thinkingSignatureCache.get(signature);
+    if (!entry) return null;
+
+    // Check TTL
+    if (Date.now() - entry.timestamp > SIGNATURE_CACHE_TTL_MS) {
+        thinkingSignatureCache.delete(signature);
+        return null;
+    }
+
+    return entry.modelFamily;
+}
+
+/**
+ * Clear all entries from the thinking signature cache.
+ * Used for testing cold cache scenarios.
+ */
+export function clearThinkingSignatureCache() {
+    thinkingSignatureCache.clear();
+    signatureCache.clear();
+}
+
+export const SIGNATURE_CONSTANTS = {
+    MIN_SIGNATURE_LENGTH,
+    SIGNATURE_CACHE_TTL_MS
+};
+
+export default {
+    cacheSignature,
+    getCachedSignature,
+    cacheThinkingSignature,
+    getCachedSignatureFamily,
+    clearThinkingSignatureCache,
+    SIGNATURE_CONSTANTS
+};

package/src/thinking-utils.js

@@ -0,0 +1,312 @@
+/**
+ * Thinking Block Utilities
+ * Handles thinking block processing, validation, and filtering
+ */
+
+import { getCachedSignatureFamily, SIGNATURE_CONSTANTS } from './signature-cache.js';
+
+const { MIN_SIGNATURE_LENGTH } = SIGNATURE_CONSTANTS;
+
+// ============================================================================
+// Cache Control Cleaning (Critical for Claude Code compatibility)
+// ============================================================================
+
+/**
+ * Remove cache_control fields from all content blocks in messages.
+ * This is critical - Claude Code CLI sends cache_control fields that the API
+ * rejects with "Extra inputs are not permitted".
+ *
+ * @param {Array<Object>} messages - Array of messages in Anthropic format
+ * @returns {Array<Object>} Messages with cache_control fields removed
+ */
+export function cleanCacheControl(messages) {
+    if (!Array.isArray(messages)) return messages;
+
+    let removedCount = 0;
+
+    const cleaned = messages.map(message => {
+        if (!message || typeof message !== 'object') return message;
+
+        // Handle string content (no cache_control possible)
+        if (typeof message.content === 'string') return message;
+
+        // Handle array content
+        if (!Array.isArray(message.content)) return message;
+
+        const cleanedContent = message.content.map(block => {
+            if (!block || typeof block !== 'object') return block;
+
+            // Check if cache_control exists before destructuring
+            if (block.cache_control === undefined) return block;
+
+            // Create a shallow copy without cache_control
+            const { cache_control, ...cleanBlock } = block;
+            removedCount++;
+
+            return cleanBlock;
+        });
+
+        return {
+            ...message,
+            content: cleanedContent
+        };
+    });
+
+    if (removedCount > 0) {
+        // Debug only - cache_control removal is expected behavior
+        // console.debug(`[ThinkingUtils] Removed cache_control from ${removedCount} block(s)`);
+    }
+
+    return cleaned;
+}
+
+// ============================================================================
+// Thinking Block Detection and Validation
+// ============================================================================
+
+/**
+ * Check if a part is a thinking block
+ * @param {Object} part - Content part to check
+ * @returns {boolean} True if the part is a thinking block
+ */
+function isThinkingPart(part) {
+    return part.type === 'thinking' ||
+        part.type === 'redacted_thinking' ||
+        part.thinking !== undefined ||
+        part.thought === true;
+}
+
+/**
+ * Check if a thinking part has a valid signature (>= MIN_SIGNATURE_LENGTH chars)
+ */
+function hasValidSignature(part) {
+    const signature = part.thought === true ? part.thoughtSignature : part.signature;
+    return typeof signature === 'string' && signature.length >= MIN_SIGNATURE_LENGTH;
+}
+
+/**
+ * Check if conversation has unsigned thinking blocks that will be dropped.
+ * These cause "Expected thinking but found text" errors.
+ * @param {Array<Object>} messages - Array of messages
+ * @returns {boolean} True if any assistant message has unsigned thinking blocks
+ */
+export function hasUnsignedThinkingBlocks(messages) {
+    return messages.some(msg => {
+        if (msg.role !== 'assistant' && msg.role !== 'model') return false;
+        if (!Array.isArray(msg.content)) return false;
+        return msg.content.some(block =>
+            isThinkingPart(block) && !hasValidSignature(block)
+        );
+    });
+}
+
+// ============================================================================
+// Thinking Block Sanitization
+// ============================================================================
+
+/**
+ * Sanitize a thinking block by removing extra fields like cache_control.
+ * Only keeps: type, thinking, signature (for thinking) or type, data (for redacted_thinking)
+ */
+function sanitizeAnthropicThinkingBlock(block) {
+    if (!block) return block;
+
+    if (block.type === 'thinking') {
+        const sanitized = { type: 'thinking' };
+        if (block.thinking !== undefined) sanitized.thinking = block.thinking;
+        if (block.signature !== undefined) sanitized.signature = block.signature;
+        return sanitized;
+    }
+
+    if (block.type === 'redacted_thinking') {
+        const sanitized = { type: 'redacted_thinking' };
+        if (block.data !== undefined) sanitized.data = block.data;
+        return sanitized;
+    }
+
+    return block;
+}
+
+/**
+ * Sanitize a text block by removing extra fields like cache_control.
+ * Only keeps: type, text
+ */
+function sanitizeTextBlock(block) {
+    if (!block || block.type !== 'text') return block;
+
+    const sanitized = { type: 'text' };
+    if (block.text !== undefined) sanitized.text = block.text;
+    return sanitized;
+}
+
+/**
+ * Sanitize a tool_use block by removing extra fields like cache_control.
+ * Only keeps: type, id, name, input, thoughtSignature
+ */
+function sanitizeToolUseBlock(block) {
+    if (!block || block.type !== 'tool_use') return block;
+
+    const sanitized = { type: 'tool_use' };
+    if (block.id !== undefined) sanitized.id = block.id;
+    if (block.name !== undefined) sanitized.name = block.name;
+    if (block.input !== undefined) sanitized.input = block.input;
+    if (block.thoughtSignature !== undefined) sanitized.thoughtSignature = block.thoughtSignature;
+    return sanitized;
+}
+
+// ============================================================================
+// Thinking Block Processing
+// ============================================================================
+
+/**
+ * Remove trailing unsigned thinking blocks from assistant messages.
+ * APIs require that assistant messages don't end with unsigned thinking blocks.
+ *
+ * @param {Array<Object>} content - Array of content blocks
+ * @returns {Array<Object>} Content array with trailing unsigned thinking blocks removed
+ */
+export function removeTrailingThinkingBlocks(content) {
+    if (!Array.isArray(content)) return content;
+    if (content.length === 0) return content;
+
+    // Work backwards from the end, removing thinking blocks
+    let endIndex = content.length;
+    for (let i = content.length - 1; i >= 0; i--) {
+        const block = content[i];
+        if (!block || typeof block !== 'object') break;
+
+        const isThinking = isThinkingPart(block);
+
+        if (isThinking) {
+            if (!hasValidSignature(block)) {
+                endIndex = i;
+            } else {
+                break; // Stop at signed thinking block
+            }
+        } else {
+            break; // Stop at first non-thinking block
+        }
+    }
+
+    if (endIndex < content.length) {
+        console.log(`[ThinkingUtils] Removed ${content.length - endIndex} trailing unsigned thinking blocks`);
+        return content.slice(0, endIndex);
+    }
+
+    return content;
+}
+
+/**
+ * Filter thinking blocks: keep only those with valid signatures.
+ * Blocks without signatures are dropped (API requires signatures).
+ * Also sanitizes blocks to remove extra fields like cache_control.
+ *
+ * @param {Array<Object>} content - Array of content blocks
+ * @returns {Array<Object>} Filtered content with only valid signed thinking blocks
+ */
+export function restoreThinkingSignatures(content) {
+    if (!Array.isArray(content)) return content;
+
+    const originalLength = content.length;
+    const filtered = [];
+
+    for (const block of content) {
+        if (!block || block.type !== 'thinking') {
+            filtered.push(block);
+            continue;
+        }
+
+        // Keep blocks with valid signatures, sanitized
+        if (block.signature && block.signature.length >= MIN_SIGNATURE_LENGTH) {
+            filtered.push(sanitizeAnthropicThinkingBlock(block));
+        }
+        // Unsigned thinking blocks are dropped - there's no way to restore them
+        // as thinking signatures are cached by signature itself (for family tracking)
+    }
+
+    if (filtered.length < originalLength) {
+        console.log(`[ThinkingUtils] Dropped ${originalLength - filtered.length} unsigned thinking block(s)`);
+    }
+
+    return filtered;
+}
+
+/**
+ * Reorder content so that:
+ * 1. Thinking blocks come first (required when thinking is enabled)
+ * 2. Text blocks come in the middle (filtering out empty/useless ones)
+ * 3. Tool_use blocks come at the end (required before tool_result)
+ *
+ * @param {Array<Object>} content - Array of content blocks
+ * @returns {Array<Object>} Reordered content array
+ */
+export function reorderAssistantContent(content) {
+    if (!Array.isArray(content)) return content;
+
+    // Even for single-element arrays, we need to sanitize thinking blocks
+    if (content.length === 1) {
+        const block = content[0];
+        if (block && (block.type === 'thinking' || block.type === 'redacted_thinking')) {
+            return [sanitizeAnthropicThinkingBlock(block)];
+        }
+        return content;
+    }
+
+    const thinkingBlocks = [];
+    const textBlocks = [];
+    const toolUseBlocks = [];
+    let droppedEmptyBlocks = 0;
+
+    for (const block of content) {
+        if (!block) continue;
+
+        if (block.type === 'thinking' || block.type === 'redacted_thinking') {
+            thinkingBlocks.push(sanitizeAnthropicThinkingBlock(block));
+        } else if (block.type === 'tool_use') {
+            toolUseBlocks.push(sanitizeToolUseBlock(block));
+        } else if (block.type === 'text') {
+            // Only keep text blocks with meaningful content
+            if (block.text && block.text.trim().length > 0) {
+                textBlocks.push(sanitizeTextBlock(block));
+            } else {
+                droppedEmptyBlocks++;
+            }
+        } else {
+            textBlocks.push(block);
+        }
+    }
+
+    if (droppedEmptyBlocks > 0) {
+        console.log(`[ThinkingUtils] Dropped ${droppedEmptyBlocks} empty text block(s)`);
+    }
+
+    return [...thinkingBlocks, ...textBlocks, ...toolUseBlocks];
+}
+
+/**
+ * Process assistant message content:
+ * 1. Restore thinking signatures from cache
+ * 2. Remove trailing unsigned thinking blocks
+ * 3. Reorder content (thinking first, then text, then tool_use)
+ *
+ * @param {Array<Object>} content - Content array from assistant message
+ * @returns {Array<Object>} Processed content
+ */
+export function processAssistantContent(content) {
+    if (!Array.isArray(content)) return content;
+
+    let processed = restoreThinkingSignatures(content);
+    processed = removeTrailingThinkingBlocks(processed);
+    processed = reorderAssistantContent(processed);
+
+    return processed;
+}
+
+export default {
+    cleanCacheControl,
+    hasUnsignedThinkingBlocks,
+    removeTrailingThinkingBlocks,
+    restoreThinkingSignatures,
+    reorderAssistantContent,
+    processAssistantContent
+};