llmapi-v2 2.1.0

package/src/index.ts

@@ -0,0 +1,219 @@
+import path from 'path';
+import express from 'express';
+import cors from 'cors';
+import helmet from 'helmet';
+import { loadConfig } from './config';
+import { initDatabase } from './services/database';
+import { initRegistry } from './providers/registry';
+import { startHealthChecker, stopHealthChecker, getHealthStatus } from './services/health-checker';
+import { setJwtSecret, cookieParser, optionalAuth } from './middleware/session-auth';
+import { setMailerApiKey } from './services/mailer';
+import { setAlipayConfig } from './services/alipay';
+import { messagesRouter } from './routes/messages';
+import { modelsRouter } from './routes/models';
+import { createAuthRouter } from './routes/auth';
+import { dashboardRouter } from './routes/dashboard';
+import { adminRouter } from './routes/admin';
+import { paymentRouter } from './routes/payment';
+import { blogRouter } from './routes/blog';
+import { sitemapRouter } from './routes/sitemap';
+import { initRemoteWs } from './services/remote-ws';
+import { requestLogger } from './middleware/request-logger';
+import { metrics } from './services/metrics';
+import { logger } from './utils/logger';
+
+const app = express();
+const config = loadConfig();
+
+// View engine
+app.set('view engine', 'ejs');
+app.set('views', path.join(__dirname, '..', 'views'));
+
+// Middleware
+app.use(helmet({ contentSecurityPolicy: false }));
+app.use(cors());
+app.use(express.json({ limit: '10mb' }));
+app.use(express.urlencoded({ extended: true }));
+app.use(cookieParser);
+app.use(express.static(path.join(__dirname, '..', 'public')));
+
+// Request logging
+app.use(requestLogger);
+
+// Graceful handling of streaming disconnects
+app.use((req, res, next) => {
+  res.on('error', (err: NodeJS.ErrnoException) => {
+    if (['ERR_STREAM_WRITE_AFTER_END', 'EPIPE', 'ECONNRESET'].includes(err.code || '')) {
+      return;
+    }
+    logger.error({ err }, 'Response stream error');
+  });
+  next();
+});
+
+// Inject viewUser for page rendering (non-blocking)
+app.use(optionalAuth);
+
+// ---- API Routes ----
+app.use('/v1', messagesRouter);
+app.use('/v1', modelsRouter);
+app.use('/api/auth', createAuthRouter(config.jwtSecret));
+app.use('/api/dashboard', dashboardRouter);
+app.use('/api/admin', adminRouter);
+app.use('/api/payment', paymentRouter);
+app.use(blogRouter);
+app.use(sitemapRouter);
+
+// ---- Page Routes ----
+app.get('/', (req, res) => {
+  res.render('pages/index', { viewUser: req.user || null });
+});
+
+app.get('/login', (req, res) => {
+  if (req.user) return res.redirect('/dashboard');
+  res.render('pages/login', { viewUser: null });
+});
+
+app.get('/register', (req, res) => {
+  if (req.user) return res.redirect('/dashboard');
+  res.render('pages/register', { viewUser: null });
+});
+
+app.get('/dashboard', (req, res) => {
+  if (!req.user) return res.redirect('/login');
+  res.render('pages/dashboard', { viewUser: req.user });
+});
+
+app.get('/pricing', (req, res) => {
+  res.render('pages/pricing', { viewUser: req.user || null });
+});
+
+app.get('/docs', (req, res) => {
+  res.render('pages/docs', { viewUser: req.user || null });
+});
+
+app.get('/orders', (req, res) => {
+  if (!req.user) return res.redirect('/login');
+  res.render('pages/orders', { viewUser: req.user });
+});
+
+app.get('/settings', (req, res) => {
+  if (!req.user) return res.redirect('/login');
+  res.render('pages/settings', { viewUser: req.user });
+});
+
+app.get('/admin', (req, res) => {
+  if (!req.user || req.user.role !== 'admin') return res.redirect('/login');
+  res.render('pages/admin', { viewUser: req.user });
+});
+
+app.get('/remote', (req, res) => {
+  res.render('pages/remote', { viewUser: req.user || null });
+});
+
+// API: fetch remote session credentials (used by remote page)
+app.get('/api/remote/session/:sessionId', async (req, res) => {
+  try {
+    const { getRemoteSessionKey } = await import('./services/remote-control');
+    const result = await getRemoteSessionKey(req.params.sessionId);
+    if (!result) {
+      res.status(404).json({ success: false, error: 'Session not found or expired' });
+      return;
+    }
+    res.json({ success: true, ...result });
+  } catch (err) {
+    res.status(500).json({ success: false, error: 'Internal error' });
+  }
+});
+
+// Health check with provider status
+app.get('/health', (_req, res) => {
+  const providers = getHealthStatus();
+  res.json({
+    status: 'ok',
+    timestamp: new Date().toISOString(),
+    providers,
+  });
+});
+
+// Metrics endpoint (admin use)
+app.get('/metrics', (_req, res) => {
+  res.json(metrics.getSnapshot());
+});
+
+// 404
+app.use((req, res) => {
+  res.status(404).render('pages/404', { viewUser: req.user || null });
+});
+
+// Error handler
+app.use((err: Error, _req: express.Request, res: express.Response, _next: express.NextFunction) => {
+  logger.error({ err }, 'Unhandled error');
+  res.status(500).json({
+    type: 'error',
+    error: { type: 'api_error', message: 'Internal server error' },
+  });
+});
+
+// ---- Startup ----
+async function start() {
+  // Initialize config-dependent services
+  setJwtSecret(config.jwtSecret);
+
+  if (process.env.RESEND_API_KEY) {
+    setMailerApiKey(process.env.RESEND_API_KEY);
+  }
+
+  if (process.env.ALIPAY_APP_ID) {
+    setAlipayConfig({
+      appId: process.env.ALIPAY_APP_ID,
+      privateKey: process.env.ALIPAY_PRIVATE_KEY || '',
+      alipayPublicKey: process.env.ALIPAY_PUBLIC_KEY || '',
+      gateway: process.env.ALIPAY_GATEWAY || 'https://openapi.alipay.com/gateway.do',
+      notifyUrl: `${config.siteUrl}/api/payment/notify`,
+    });
+  }
+
+  // Database
+  await initDatabase(config.databaseUrl);
+
+  // Provider registry
+  initRegistry(config);
+
+  // Health checker (check every 60s)
+  startHealthChecker(5 * 60_000); // Every 5 min (uses zero-cost invalid model probe)
+
+  // Start server
+  const server = app.listen(config.port, () => {
+    logger.info({
+      port: config.port,
+      providers: config.providers.map(p => p.name),
+      siteUrl: config.siteUrl,
+    }, 'LLM API v2 started');
+  });
+
+  // Initialize Remote Control WebSocket server
+  initRemoteWs(server);
+
+  // Graceful shutdown
+  const shutdown = (signal: string) => {
+    logger.info({ signal }, 'Shutting down...');
+    stopHealthChecker();
+    server.close(() => {
+      logger.info('Server closed');
+      process.exit(0);
+    });
+    // Force exit after 10s
+    setTimeout(() => {
+      logger.warn('Forced shutdown after timeout');
+      process.exit(1);
+    }, 10_000);
+  };
+  process.on('SIGTERM', () => shutdown('SIGTERM'));
+  process.on('SIGINT', () => shutdown('SIGINT'));
+}
+
+start().catch((err) => {
+  logger.error({ err }, 'Failed to start');
+  process.exit(1);
+});

package/src/middleware/api-key-auth.ts

@@ -0,0 +1,82 @@
+import crypto from 'crypto';
+import type { Request, Response, NextFunction } from 'express';
+import { getPool } from '../services/database';
+import { AuthenticationError, PermissionError, RateLimitError } from '../utils/errors';
+/// <reference path="../types/express.d.ts" />
+
+/**
+ * Authenticate requests using API key (x-api-key header or Bearer token).
+ * Used for /v1/messages and other API routes.
+ */
+export async function apiKeyAuth(req: Request, res: Response, next: NextFunction): Promise<void> {
+  try {
+    const apiKey = extractApiKey(req);
+    if (!apiKey) {
+      throw new AuthenticationError('Missing API key. Include it in the x-api-key header or Authorization: Bearer header.');
+    }
+
+    const pool = getPool();
+
+    // Lookup by prefix + SHA-256 hash
+    const keyPrefix = apiKey.substring(0, 12);
+    const keyHash = crypto.createHash('sha256').update(apiKey).digest('hex');
+
+    const [keys] = await pool.execute(
+      'SELECT * FROM api_keys WHERE key_prefix = ? AND key_hash = ? AND status = ?',
+      [keyPrefix, keyHash, 'active'],
+    );
+    const matched = (keys as any[])[0];
+    if (!matched) {
+      throw new AuthenticationError('Invalid API key.');
+    }
+
+    // Fetch user
+    const [users] = await pool.execute('SELECT * FROM users WHERE id = ?', [matched.user_id]);
+    const user = (users as any[])[0];
+    if (!user || user.status !== 'active') {
+      throw new PermissionError('Account suspended or not found.');
+    }
+
+    // Fetch subscription + plan
+    const [subs] = await pool.execute(`
+      SELECT s.*, p.name as plan_name, p.token_limit_monthly, p.rate_limit_rpm
+      FROM subscriptions s JOIN plans p ON s.plan_id = p.id
+      WHERE s.user_id = ?
+      ORDER BY s.period_start DESC LIMIT 1
+    `, [user.id]);
+    const sub = (subs as any[])[0];
+
+    // Check token quota (-1 = unlimited)
+    if (sub && Number(sub.token_limit_monthly) !== -1 && Number(sub.tokens_used) >= Number(sub.token_limit_monthly)) {
+      throw new RateLimitError('Monthly token limit exceeded. Please upgrade your plan.');
+    }
+
+    // Attach to request
+    req.userId = user.id;
+    req.apiUser = user;
+    req.apiKey = { id: matched.id, rate_limit: matched.rate_limit };
+    req.subscription = sub;
+
+    next();
+  } catch (err) {
+    if (err instanceof AuthenticationError || err instanceof PermissionError || err instanceof RateLimitError) {
+      res.status(err.statusCode).json(err.toJSON());
+    } else {
+      next(err);
+    }
+  }
+}
+
+function extractApiKey(req: Request): string | null {
+  // x-api-key header (Anthropic standard)
+  const xApiKey = req.headers['x-api-key'];
+  if (typeof xApiKey === 'string') return xApiKey;
+
+  // Authorization: Bearer <key>
+  const auth = req.headers.authorization;
+  if (auth && auth.startsWith('Bearer ')) {
+    return auth.slice(7);
+  }
+
+  return null;
+}

package/src/middleware/quota-guard.ts

@@ -0,0 +1,28 @@
+import type { Request, Response, NextFunction } from 'express';
+import { RateLimitError } from '../utils/errors';
+
+/**
+ * Pre-request quota check. Must run after apiKeyAuth.
+ * Rejects requests if the user has exhausted their monthly token quota.
+ *
+ * Note: This is a soft guard — the actual deduction happens after the request
+ * completes (in usage.ts). Concurrent requests may slightly exceed the quota,
+ * which is acceptable for this use case.
+ */
+export function quotaGuard(req: Request, res: Response, next: NextFunction): void {
+  const sub = req.subscription;
+  if (!sub) return next();
+
+  // -1 means unlimited (PG may return bigint as string)
+  if (Number(sub.token_limit_monthly) === -1) return next();
+
+  if (Number(sub.tokens_used) >= Number(sub.token_limit_monthly)) {
+    const err = new RateLimitError(
+      `Monthly token limit exceeded (${sub.tokens_used.toLocaleString()} / ${sub.token_limit_monthly.toLocaleString()}). Please upgrade your plan.`,
+    );
+    res.status(err.statusCode).json(err.toJSON());
+    return;
+  }
+
+  next();
+}

package/src/middleware/rate-limiter.ts

@@ -0,0 +1,61 @@
+import type { Request, Response, NextFunction } from 'express';
+import { RateLimitError } from '../utils/errors';
+
+interface WindowEntry {
+  timestamps: number[];
+}
+
+/** In-memory sliding window rate limiter, keyed by API key ID. */
+const windows = new Map<number, WindowEntry>();
+
+const WINDOW_MS = 60_000; // 1 minute sliding window
+const CLEANUP_INTERVAL = 5 * 60_000; // Clean up every 5 min
+
+// Periodic cleanup
+setInterval(() => {
+  const now = Date.now();
+  for (const [key, entry] of windows) {
+    entry.timestamps = entry.timestamps.filter(t => now - t < WINDOW_MS);
+    if (entry.timestamps.length === 0) windows.delete(key);
+  }
+}, CLEANUP_INTERVAL);
+
+/**
+ * Rate limit middleware. Must run after apiKeyAuth (needs req.apiKey and req.subscription).
+ */
+export function rateLimiter(req: Request, res: Response, next: NextFunction): void {
+  const keyId = req.apiKey?.id;
+  if (!keyId) return next();
+
+  const limit = req.subscription?.rate_limit_rpm || req.apiKey?.rate_limit || 60;
+  const now = Date.now();
+
+  let entry = windows.get(keyId);
+  if (!entry) {
+    entry = { timestamps: [] };
+    windows.set(keyId, entry);
+  }
+
+  // Remove expired timestamps
+  entry.timestamps = entry.timestamps.filter(t => now - t < WINDOW_MS);
+
+  if (entry.timestamps.length >= limit) {
+    const resetTime = entry.timestamps[0] + WINDOW_MS;
+    res.setHeader('X-RateLimit-Limit', String(limit));
+    res.setHeader('X-RateLimit-Remaining', '0');
+    res.setHeader('X-RateLimit-Reset', String(Math.ceil(resetTime / 1000)));
+    res.setHeader('Retry-After', String(Math.ceil((resetTime - now) / 1000)));
+
+    const err = new RateLimitError(`Rate limit exceeded. Max ${limit} requests per minute.`);
+    res.status(err.statusCode).json(err.toJSON());
+    return;
+  }
+
+  entry.timestamps.push(now);
+
+  // Set rate limit headers
+  res.setHeader('X-RateLimit-Limit', String(limit));
+  res.setHeader('X-RateLimit-Remaining', String(limit - entry.timestamps.length));
+
+  next();
+}

package/src/middleware/request-logger.ts

@@ -0,0 +1,36 @@
+import type { Request, Response, NextFunction } from 'express';
+import { logger } from '../utils/logger';
+/// <reference path="../types/express.d.ts" />
+
+/**
+ * Log every HTTP request with timing.
+ * Skips /health to avoid noise.
+ */
+export function requestLogger(req: Request, res: Response, next: NextFunction): void {
+  if (req.path === '/health') return next();
+
+  const start = Date.now();
+
+  res.on('finish', () => {
+    const duration = Date.now() - start;
+    const logData = {
+      method: req.method,
+      path: req.path,
+      status: res.statusCode,
+      durationMs: duration,
+      ip: req.ip || req.headers['x-forwarded-for'] || req.socket.remoteAddress,
+      userAgent: req.headers['user-agent']?.slice(0, 100),
+      userId: req.userId,
+    };
+
+    if (res.statusCode >= 500) {
+      logger.error(logData, 'Request error');
+    } else if (res.statusCode >= 400) {
+      logger.warn(logData, 'Request client error');
+    } else {
+      logger.info(logData, 'Request completed');
+    }
+  });
+
+  next();
+}

package/src/middleware/session-auth.ts

@@ -0,0 +1,91 @@
+import jwt from 'jsonwebtoken';
+import type { Request, Response, NextFunction } from 'express';
+import { getPool } from '../services/database';
+/// <reference path="../types/express.d.ts" />
+
+let jwtSecret = '';
+
+export function setJwtSecret(secret: string): void {
+  jwtSecret = secret;
+}
+
+/**
+ * Parse cookies from Cookie header (lightweight, no dependency).
+ */
+export function cookieParser(req: Request, _res: Response, next: NextFunction): void {
+  const header = req.headers.cookie || '';
+  const cookies: Record<string, string> = {};
+  for (const pair of header.split(';')) {
+    const [key, ...rest] = pair.trim().split('=');
+    if (key) cookies[key] = decodeURIComponent(rest.join('='));
+  }
+  req.cookies = cookies;
+  next();
+}
+
+/**
+ * Session-based JWT authentication for web dashboard routes.
+ * Reads JWT from 'token' cookie.
+ */
+export async function sessionAuth(req: Request, res: Response, next: NextFunction): Promise<void> {
+  const token = req.cookies?.token;
+  const isApi = req.path.startsWith('/api/');
+
+  const sendUnauth = () => {
+    if (isApi) {
+      res.status(401).json({ success: false, error: 'Authentication required' });
+    } else {
+      res.redirect('/login');
+    }
+  };
+
+  if (!token) { sendUnauth(); return; }
+
+  try {
+    const decoded = jwt.verify(token, jwtSecret) as { id: number };
+    const pool = getPool();
+    const [rows] = await pool.execute('SELECT id, email, name, role, status FROM users WHERE id = ?', [decoded.id]);
+    const user = (rows as any[])[0];
+
+    if (!user || user.status !== 'active') {
+      res.clearCookie('token');
+      sendUnauth();
+      return;
+    }
+
+    req.user = user;
+    req.userId = user.id;
+    next();
+  } catch {
+    res.clearCookie('token');
+    sendUnauth();
+  }
+}
+
+/**
+ * Admin authentication. Extends sessionAuth with role check.
+ */
+export async function adminAuth(req: Request, res: Response, next: NextFunction): Promise<void> {
+  await sessionAuth(req, res, () => {
+    if (req.user?.role === 'admin') return next();
+    res.status(403).json({ success: false, error: 'Admin access required' });
+  });
+}
+
+/**
+ * Inject user info into req.user from cookie (non-blocking, for page rendering).
+ */
+export async function optionalAuth(req: Request, _res: Response, next: NextFunction): Promise<void> {
+  const token = req.cookies?.token;
+  if (!token) { next(); return; }
+
+  try {
+    const decoded = jwt.verify(token, jwtSecret) as { id: number };
+    const pool = getPool();
+    const [rows] = await pool.execute('SELECT id, email, name, role, status FROM users WHERE id = ?', [decoded.id]);
+    req.user = (rows as any[])[0] || undefined;
+    req.userId = req.user?.id;
+  } catch {}
+
+  next();
+}

package/src/providers/aliyun.ts

@@ -0,0 +1,16 @@
+import { BaseProvider } from './base-provider';
+
+/**
+ * Alibaba Cloud Bailian (DashScope) provider.
+ * Native Anthropic endpoint: https://dashscope-intl.aliyuncs.com/apps/anthropic
+ *
+ * Supports Qwen series models with full Anthropic API compatibility:
+ * - Streaming SSE
+ * - Tool calling (96.5% accuracy)
+ * - Context caching (automatic, reduces cost for repeated prefixes)
+ */
+export class AliyunProvider extends BaseProvider {
+  constructor(anthropicBaseUrl: string, apiKey: string, timeout: number, openaiBaseUrl?: string) {
+    super('aliyun', anthropicBaseUrl, apiKey, timeout, openaiBaseUrl);
+  }
+}

package/src/providers/base-provider.ts

@@ -0,0 +1,148 @@
+import http from 'http';
+import https from 'https';
+import { URL } from 'url';
+import type { IncomingMessage } from 'http';
+import type { LLMProvider } from './types';
+import { logger } from '../utils/logger';
+
+/**
+ * Transparent Anthropic proxy provider.
+ *
+ * Forwards requests directly to the provider's native Anthropic-compatible
+ * endpoint WITHOUT format conversion. The provider handles all Anthropic
+ * protocol details (streaming SSE, tool calling, etc.).
+ *
+ * This is the highest-quality approach: we rely on the provider's own
+ * Anthropic compatibility layer rather than building our own.
+ */
+export class BaseProvider implements LLMProvider {
+  readonly name: string;
+  readonly anthropicBaseUrl: string;
+  readonly openaiBaseUrl: string | undefined;
+  private readonly apiKey: string;
+  private readonly timeout: number;
+
+  // Circuit breaker
+  private healthy = true;
+  private consecutiveFailures = 0;
+  private lastFailureTime = 0;
+  private static readonly FAILURE_THRESHOLD = 3;
+  private static readonly RECOVERY_TIME_MS = 30_000;
+
+  constructor(
+    name: string,
+    anthropicBaseUrl: string,
+    apiKey: string,
+    timeout: number,
+    openaiBaseUrl?: string,
+  ) {
+    this.name = name;
+    this.anthropicBaseUrl = anthropicBaseUrl;
+    this.openaiBaseUrl = openaiBaseUrl;
+    this.apiKey = apiKey;
+    this.timeout = timeout;
+  }
+
+  isHealthy(): boolean {
+    if (this.healthy) return true;
+    if (Date.now() - this.lastFailureTime > BaseProvider.RECOVERY_TIME_MS) {
+      this.healthy = true;
+      this.consecutiveFailures = 0;
+      logger.info({ provider: this.name }, 'Provider auto-recovered');
+      return true;
+    }
+    return false;
+  }
+
+  markUnhealthy(reason: string): void {
+    this.consecutiveFailures++;
+    this.lastFailureTime = Date.now();
+    if (this.consecutiveFailures >= BaseProvider.FAILURE_THRESHOLD) {
+      this.healthy = false;
+      logger.warn({ provider: this.name, reason, failures: this.consecutiveFailures },
+        'Provider marked unhealthy');
+    }
+  }
+
+  markHealthy(): void {
+    if (!this.healthy) {
+      logger.info({ provider: this.name }, 'Provider recovered');
+    }
+    this.healthy = true;
+    this.consecutiveFailures = 0;
+  }
+
+  /**
+   * Transparent proxy: forward an Anthropic-format request body directly
+   * to the provider's native Anthropic endpoint.
+   *
+   * Returns the raw IncomingMessage so the caller can pipe it directly
+   * back to the client (for streaming) or buffer it (for non-streaming).
+   */
+  proxy(
+    path: string,
+    body: Buffer | string,
+    headers: Record<string, string>,
+    isStream: boolean,
+  ): Promise<IncomingMessage> {
+    return new Promise((resolve, reject) => {
+      const parsed = new URL(this.anthropicBaseUrl);
+      const isHttps = parsed.protocol === 'https:';
+      const transport = isHttps ? https : http;
+
+      const payload = typeof body === 'string' ? Buffer.from(body) : body;
+      const fullPath = parsed.pathname.replace(/\/+$/, '') + path;
+
+      // Forward most headers, but override auth
+      const proxyHeaders: Record<string, string | number> = {
+        'Content-Type': 'application/json',
+        'Content-Length': payload.length,
+        'x-api-key': this.apiKey,
+        'Authorization': `Bearer ${this.apiKey}`,
+      };
+      // Pass through anthropic-specific headers
+      if (headers['anthropic-version']) proxyHeaders['anthropic-version'] = headers['anthropic-version'];
+      if (headers['anthropic-beta']) proxyHeaders['anthropic-beta'] = headers['anthropic-beta'];
+
+      const options: http.RequestOptions = {
+        hostname: parsed.hostname,
+        port: parsed.port || (isHttps ? 443 : 80),
+        path: fullPath,
+        method: 'POST',
+        headers: proxyHeaders,
+        timeout: this.timeout,
+      };
+
+      const req = transport.request(options, (res) => {
+        if (isStream || (res.statusCode && res.statusCode < 400)) {
+          resolve(res);
+          return;
+        }
+
+        // Non-stream error: buffer the error response to log it
+        const chunks: Buffer[] = [];
+        res.on('data', (chunk) => chunks.push(chunk));
+        res.on('end', () => {
+          const errBody = Buffer.concat(chunks).toString();
+          let message = `Provider ${this.name} returned ${res.statusCode}`;
+          try {
+            const parsed = JSON.parse(errBody);
+            message = parsed.error?.message || message;
+          } catch {}
+          const err = new Error(message) as Error & { statusCode: number; rawBody: string };
+          err.statusCode = res.statusCode || 500;
+          err.rawBody = errBody;
+          reject(err);
+        });
+      });
+
+      req.on('timeout', () => {
+        req.destroy();
+        reject(new Error(`Request to ${this.name} timed out after ${this.timeout}ms`));
+      });
+      req.on('error', reject);
+      req.write(payload);
+      req.end();
+    });
+  }
+}