aigetwey 1.2.0 → 1.3.0

package/src/routes/v1.ts

@@ -1,9 +1,11 @@
 import type { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
 import { checkAuth, extractKey, clientKeyFingerprint } from "../middleware/auth.js";
+import { isKeyExpired } from "../config.js";
 import type { GatewayState } from "../core/state.js";
 import { handle, GatewayError, type HandleDeps } from "../core/handler.js";
 import type { WireFormat } from "../core/canonical.js";
 import type { UsageDB } from "../db.js";
+import { RateLimiter } from "../core/ratelimit.js";
 
 /**
  * /v1 proxy surface. Auth-gates on the gateway's own keys (read from state each
@@ -11,6 +13,8 @@ import type { UsageDB } from "../db.js";
  * pipeline (non-stream JSON or SSE stream).
  */
 export function registerV1Routes(app: FastifyInstance, state: GatewayState, db?: UsageDB): void {
+  const limiter = new RateLimiter();
+
   const requireAuth = {
     preHandler: (req: FastifyRequest, reply: FastifyReply, done: (err?: Error) => void) => {
       const res = checkAuth(req, state.config.server.api_keys);
@@ -18,6 +22,19 @@ export function registerV1Routes(app: FastifyInstance, state: GatewayState, db?:
         reply.code(res.status ?? 401).send({ error: res.error });
         return; // skip done() to short-circuit the route
       }
+
+      const presented = extractKey(req);
+      if (presented && isKeyExpired(state.config.server, presented, Date.now())) {
+        reply.code(403).send({ error: "key expired" });
+        return; // short-circuit
+      }
+
+      const rpm = presented ? state.config.server.key_rpm?.[presented] : undefined;
+      if (presented && rpm && limiter.over(clientKeyFingerprint(presented), rpm)) {
+        reply.code(429).send({ error: "rate limit exceeded" });
+        return; // short-circuit
+      }
+
       done();
     },
   };
@@ -28,9 +45,9 @@ export function registerV1Routes(app: FastifyInstance, state: GatewayState, db?:
     return {
       config: state.config,
       pool: state.pool,
-      quota: state.quota,
       budget: state.budget,
       db,
+      clientKeyModels: presented ? state.config.server.key_models?.[presented] : undefined,
       clientKeyFp: presented ? clientKeyFingerprint(presented) : undefined,
       log: (msg) => app.log.info(msg),
     };

package/src/server.ts

@@ -4,7 +4,6 @@ import { loadConfig } from "./config.js";
 import { registerRoutes } from "./routes/index.js";
 import { GatewayState } from "./core/state.js";
 import { UsageDB } from "./db.js";
-import { QuotaTracker } from "./core/quota.js";
 import { AuthStore } from "./core/authStore.js";
 import { consoleBuffer } from "./core/console-buffer.js";
 
@@ -52,14 +51,8 @@ async function main(): Promise<void> {
   const dataDir = resolve(process.env.AIGETWEY_DATA_DIR ?? "data");
   const db = new UsageDB(join(dataDir, "usage.sqlite"));
 
-  // quota counts persist via the DB so a restart within a window keeps the budget.
-  const quota = new QuotaTracker(Date.now, {
-    load: () => db.loadQuota(),
-    save: (id, start, consumed) => db.saveQuota(id, start, consumed),
-  });
-
   // holder enables runtime config edits (hot-reload) from the dashboard.
-  const state = new GatewayState(configPath, config, quota, db);
+  const state = new GatewayState(configPath, config, db);
   // admin password lives in a hash store (seeded from the env on first run,
   // changeable at runtime from the dashboard).
   const auth = AuthStore.open(dataDir, process.env.AIGETWEY_ADMIN_PASSWORD);

package/src/stream/openai-stream.ts

@@ -24,7 +24,9 @@ export async function* streamToCanonical(events: AsyncIterable<SSEEvent>): Async
 /** Lift vendor reasoning fields into the canonical `delta.reasoning`. */
 function normalize(chunk: CanonicalChunk): CanonicalChunk {
   for (const choice of chunk.choices ?? []) {
-    const d = choice.delta as Record<string, unknown> & { reasoning?: string };
+    // a finish_reason chunk carries no `delta`; skip it (and any delta-less choice).
+    const d = choice.delta as (Record<string, unknown> & { reasoning?: string }) | undefined;
+    if (!d) continue;
     if (d.reasoning === undefined) {
       const vendor = (d["reasoning_content"] as string | undefined) ?? (d["reasoning"] as string | undefined);
       if (vendor) d.reasoning = vendor;

package/src/core/quota.ts

@@ -1,253 +0,0 @@
-/**
- * Per-provider token quota tracking with scheduled window resets.
- *
- * Distinct from the key-pool cooldown: a cooldown is a transient penalty after a
- * 429; a quota is a budget that refills on a schedule (a 5-hour rolling window, a
- * daily/weekly/monthly calendar boundary). When a provider's `limit_tokens` is
- * reached before its window resets, routing skips it — like a key that's cooling
- * down, but for the whole provider.
- *
- * State is in-memory, optionally persisted so counts survive a restart within
- * the same window. Calendar boundaries are computed in the provider's timezone.
- */
-import type { Provider, Quota } from "../config.js";
-
-const HOUR_MS = 3600_000;
-const DAY_MS = 24 * HOUR_MS;
-
-const WEEKDAYS = ["sunday", "monday", "tuesday", "wednesday", "thursday", "friday", "saturday"];
-
-/** Optional persistence hook so counts survive a restart within a window. */
-export interface QuotaStore {
-  load(): Array<{ provider_id: string; window_start: number; consumed: number }>;
-  save(providerId: string, windowStart: number, consumed: number): void;
-}
-
-interface QuotaState {
-  windowStart: number;
-  consumed: number;
-}
-
-export interface QuotaSnapshot {
-  provider: string;
-  window: Quota["window"];
-  consumed: number;
-  limit_tokens?: number;
-  /** ms until the next scheduled reset */
-  reset_in_ms: number;
-  /** 0..1 fraction of the limit used, if a limit is set */
-  pct?: number;
-  exhausted: boolean;
-  /** true when a limit is set and pct >= the quota's alert_at (default 0.8) */
-  alert: boolean;
-}
-
-// ---- timezone-aware calendar math -----------------------------------------
-
-/** Wall-clock offset (ms) of `tz` at instant `date`: tzWallAsUTC - actualUTC. */
-function tzOffsetMs(date: Date, tz: string): number {
-  const dtf = new Intl.DateTimeFormat("en-US", {
-    timeZone: tz,
-    hourCycle: "h23",
-    year: "numeric",
-    month: "2-digit",
-    day: "2-digit",
-    hour: "2-digit",
-    minute: "2-digit",
-    second: "2-digit",
-  });
-  const parts = Object.fromEntries(dtf.formatToParts(date).map((p) => [p.type, p.value]));
-  const asUTC = Date.UTC(
-    Number(parts.year),
-    Number(parts.month) - 1,
-    Number(parts.day),
-    Number(parts.hour),
-    Number(parts.minute),
-    Number(parts.second),
-  );
-  return asUTC - date.getTime();
-}
-
-/** Convert a desired wall-clock time in `tz` to an epoch ms. DST-corrected once. */
-function zonedWallToEpoch(y: number, mo: number, d: number, h: number, mi: number, tz: string): number {
-  const guessUTC = Date.UTC(y, mo, d, h, mi);
-  const offset = tzOffsetMs(new Date(guessUTC), tz);
-  let epoch = guessUTC - offset;
-  // re-check once: the offset can differ across a DST boundary
-  const offset2 = tzOffsetMs(new Date(epoch), tz);
-  if (offset2 !== offset) epoch = guessUTC - offset2;
-  return epoch;
-}
-
-/** Wall-clock parts of `nowMs` in `tz`. */
-function zonedParts(nowMs: number, tz: string) {
-  const dtf = new Intl.DateTimeFormat("en-US", {
-    timeZone: tz,
-    hourCycle: "h23",
-    weekday: "long",
-    year: "numeric",
-    month: "2-digit",
-    day: "2-digit",
-    hour: "2-digit",
-    minute: "2-digit",
-  });
-  const p = Object.fromEntries(dtf.formatToParts(nowMs).map((x) => [x.type, x.value]));
-  return {
-    year: Number(p.year),
-    month: Number(p.month) - 1,
-    day: Number(p.day),
-    hour: Number(p.hour),
-    minute: Number(p.minute),
-    weekday: String(p.weekday).toLowerCase(),
-  };
-}
-
-function parseHHMM(reset_at: string | undefined): { h: number; m: number } {
-  const m = /^(\d{1,2}):(\d{2})$/.exec(reset_at ?? "");
-  if (!m) return { h: 0, m: 0 };
-  return { h: Math.min(23, Number(m[1])), m: Math.min(59, Number(m[2])) };
-}
-
-/**
- * Next reset instant (epoch ms) strictly after `now` for a quota schedule.
- *   - 5h:      rolling — windowStart + 5h.
- *   - daily:   next `reset_at` (HH:MM, default 00:00) wall-clock in tz.
- *   - weekly:  next `reset_at` weekday (default monday) at 00:00 in tz.
- *   - monthly: next 1st of month at 00:00 in tz.
- */
-export type WindowSpec = Pick<Quota, "window" | "reset_at" | "timezone">;
-
-export function nextResetAt(quota: WindowSpec, windowStart: number, now: number): number {
-  const tz = quota.timezone || "UTC";
-  if (quota.window === "5h") return windowStart + 5 * HOUR_MS;
-
-  const p = zonedParts(now, tz);
-
-  if (quota.window === "daily") {
-    const { h, m } = parseHHMM(quota.reset_at);
-    let candidate = zonedWallToEpoch(p.year, p.month, p.day, h, m, tz);
-    if (candidate <= now) candidate = zonedWallToEpoch(p.year, p.month, p.day + 1, h, m, tz);
-    return candidate;
-  }
-
-  if (quota.window === "weekly") {
-    const target = WEEKDAYS.indexOf((quota.reset_at ?? "monday").toLowerCase());
-    const targetIdx = target === -1 ? 1 : target;
-    const curIdx = WEEKDAYS.indexOf(p.weekday);
-    let daysAhead = (targetIdx - curIdx + 7) % 7;
-    let candidate = zonedWallToEpoch(p.year, p.month, p.day + daysAhead, 0, 0, tz);
-    if (candidate <= now) candidate = zonedWallToEpoch(p.year, p.month, p.day + daysAhead + 7, 0, 0, tz);
-    return candidate;
-  }
-
-  // monthly: first of next month at 00:00
-  return zonedWallToEpoch(p.year, p.month + 1, 1, 0, 0, tz);
-}
-
-/**
- * Epoch ms of the START of the window containing `now`.
- *   - 5h:      fixed 5-hour grid floor (stateless; no per-provider anchor).
- *   - daily:   today's reset_at in tz, or yesterday's if that's still ahead.
- *   - weekly:  the most recent occurrence of the target weekday at 00:00 in tz.
- *   - monthly: the 1st of the current month at 00:00 in tz.
- */
-export function currentWindowStart(spec: WindowSpec, now: number): number {
-  const tz = spec.timezone || "UTC";
-  if (spec.window === "5h") return Math.floor(now / (5 * HOUR_MS)) * (5 * HOUR_MS);
-
-  const p = zonedParts(now, tz);
-
-  if (spec.window === "daily") {
-    const { h, m } = parseHHMM(spec.reset_at);
-    let start = zonedWallToEpoch(p.year, p.month, p.day, h, m, tz);
-    if (start > now) start = zonedWallToEpoch(p.year, p.month, p.day - 1, h, m, tz);
-    return start;
-  }
-
-  if (spec.window === "weekly") {
-    const target = WEEKDAYS.indexOf((spec.reset_at ?? "monday").toLowerCase());
-    const targetIdx = target === -1 ? 1 : target;
-    const curIdx = WEEKDAYS.indexOf(p.weekday);
-    const daysBehind = (curIdx - targetIdx + 7) % 7;
-    let start = zonedWallToEpoch(p.year, p.month, p.day - daysBehind, 0, 0, tz);
-    if (start > now) start = zonedWallToEpoch(p.year, p.month, p.day - daysBehind - 7, 0, 0, tz);
-    return start;
-  }
-
-  // monthly
-  return zonedWallToEpoch(p.year, p.month, 1, 0, 0, tz);
-}
-
-export class QuotaTracker {
-  private readonly states = new Map<string, QuotaState>();
-
-  constructor(
-    private readonly now: () => number = Date.now,
-    private readonly store?: QuotaStore,
-  ) {
-    if (store) {
-      for (const row of store.load()) {
-        this.states.set(row.provider_id, { windowStart: row.window_start, consumed: row.consumed });
-      }
-    }
-  }
-
-  /**
-   * Return the live state for a provider, rolling the window over (resetting
-   * consumed to 0) if `now` has crossed the scheduled reset boundary.
-   */
-  private current(provider: Provider): QuotaState | null {
-    if (!provider.quota) return null;
-    const t = this.now();
-    const state = this.states.get(provider.id) ?? { windowStart: t, consumed: 0 };
-    if (!this.states.has(provider.id)) this.states.set(provider.id, state);
-    // boundary is the first reset AFTER this window opened — computed from
-    // windowStart, not `now`. Computing it from `now` would always return the
-    // NEXT future boundary and so never detect that we've crossed one.
-    const reset = nextResetAt(provider.quota, state.windowStart, state.windowStart);
-    if (t >= reset) {
-      state.windowStart = t;
-      state.consumed = 0;
-      this.store?.save(provider.id, state.windowStart, state.consumed);
-    }
-    return state;
-  }
-
-  /** Add consumed tokens for a provider (no-op if it has no quota config). */
-  consume(provider: Provider, tokens: number): void {
-    const state = this.current(provider);
-    if (!state) return;
-    state.consumed += Math.max(0, tokens);
-    this.store?.save(provider.id, state.windowStart, state.consumed);
-  }
-
-  /** True when a token limit is set AND it's been reached in the current window. */
-  isExhausted(provider: Provider): boolean {
-    const state = this.current(provider);
-    if (!state || !provider.quota?.limit_tokens) return false;
-    return state.consumed >= provider.quota.limit_tokens;
-  }
-
-  /** Dashboard view: window, consumed, countdown, and progress for each provider. */
-  snapshot(providers: Provider[]): QuotaSnapshot[] {
-    const t = this.now();
-    return providers.flatMap((provider) => {
-      if (!provider.quota) return [];
-      const state = this.current(provider)!;
-      const reset = nextResetAt(provider.quota, state.windowStart, t);
-      const limit = provider.quota.limit_tokens;
-      return [
-        {
-          provider: provider.id,
-          window: provider.quota.window,
-          consumed: state.consumed,
-          limit_tokens: limit,
-          reset_in_ms: Math.max(0, reset - t),
-          pct: limit ? Math.min(1, state.consumed / limit) : undefined,
-          exhausted: limit ? state.consumed >= limit : false,
-          alert: limit ? state.consumed / limit >= (provider.quota.alert_at ?? 0.8) : false,
-        },
-      ];
-    });
-  }
-}