llmapi-v2 2.1.0

package/src/providers/deepseek.ts

@@ -0,0 +1,14 @@
+import { BaseProvider } from './base-provider';
+
+/**
+ * DeepSeek provider.
+ * Native Anthropic endpoint: https://api.deepseek.com/anthropic
+ *
+ * Best for: simple conversations, light tasks, cost-sensitive routing.
+ * Note: tool calling accuracy (~81.5%) is lower than Qwen.
+ */
+export class DeepSeekProvider extends BaseProvider {
+  constructor(anthropicBaseUrl: string, apiKey: string, timeout: number, openaiBaseUrl?: string) {
+    super('deepseek', anthropicBaseUrl, apiKey, timeout, openaiBaseUrl);
+  }
+}

package/src/providers/registry.ts

@@ -0,0 +1,111 @@
+import type { AppConfig, ProviderConfig, SmartRoutingConfig } from '../config';
+import type { LLMProvider, ResolvedRoute } from './types';
+import { AliyunProvider } from './aliyun';
+import { DeepSeekProvider } from './deepseek';
+import { logger } from '../utils/logger';
+
+const providers = new Map<string, LLMProvider>();
+let modelRouting: Record<string, { provider: string; model: string; priority: number }[]> = {};
+let smartRouting: SmartRoutingConfig;
+
+export function initRegistry(config: AppConfig): void {
+  providers.clear();
+
+  for (const pc of config.providers) {
+    const provider = createProvider(pc);
+    if (provider) {
+      providers.set(pc.name, provider);
+      logger.info({ provider: pc.name, endpoint: pc.anthropicBaseUrl }, 'Provider registered (native Anthropic endpoint)');
+    }
+  }
+
+  modelRouting = config.modelRouting;
+  smartRouting = config.smartRouting;
+
+  if (providers.size === 0) {
+    logger.warn('No providers configured! API requests will fail.');
+  }
+}
+
+function createProvider(pc: ProviderConfig): LLMProvider | null {
+  if (!pc.enabled || !pc.apiKey) return null;
+
+  switch (pc.name) {
+    case 'aliyun':
+      return new AliyunProvider(pc.anthropicBaseUrl, pc.apiKey, pc.timeout, pc.openaiBaseUrl);
+    case 'deepseek':
+      return new DeepSeekProvider(pc.anthropicBaseUrl, pc.apiKey, pc.timeout, pc.openaiBaseUrl);
+    default:
+      logger.warn({ provider: pc.name }, 'Unknown provider type');
+      return null;
+  }
+}
+
+/**
+ * Smart routing: decide which provider/model based on request characteristics.
+ *
+ * Rules:
+ * - If request has tools -> coding task -> use primary coding model (Qwen)
+ * - If request is simple (no tools, few messages) -> use light model (DeepSeek)
+ * - Model name mapping: claude-opus -> best available, claude-haiku -> cheapest
+ * - Fallback: try providers in priority order
+ */
+export function smartResolve(
+  claudeModel: string,
+  hasTools: boolean,
+  messageCount: number,
+): ResolvedRoute | null {
+  // Claude-haiku always goes to the cheap model
+  if (claudeModel.includes('haiku')) {
+    const p = providers.get(smartRouting.lightModel.provider);
+    if (p?.isHealthy()) {
+      return { provider: p, backendModel: smartRouting.lightModel.model };
+    }
+  }
+
+  // No tools + short conversation = light task
+  if (!hasTools && messageCount <= smartRouting.lightTaskMaxMessages) {
+    const p = providers.get(smartRouting.lightModel.provider);
+    if (p?.isHealthy()) {
+      return { provider: p, backendModel: smartRouting.lightModel.model };
+    }
+  }
+
+  // Tools present or complex conversation = coding task
+  if (hasTools) {
+    const p = providers.get(smartRouting.codingModel.provider);
+    if (p?.isHealthy()) {
+      return { provider: p, backendModel: smartRouting.codingModel.model };
+    }
+  }
+
+  // Fallback to model-based routing
+  return null;
+}
+
+/**
+ * Resolve with failover: yield providers to try in priority order.
+ */
+export async function* resolveWithFailover(
+  claudeModel: string,
+): AsyncGenerator<ResolvedRoute> {
+  const routes = modelRouting[claudeModel];
+  if (!routes || routes.length === 0) {
+    logger.error({ model: claudeModel }, 'No routes configured for model');
+    return;
+  }
+
+  for (const route of routes) {
+    const provider = providers.get(route.provider);
+    if (!provider) continue;
+    if (!provider.isHealthy()) {
+      logger.debug({ provider: route.provider }, 'Skipping unhealthy provider');
+      continue;
+    }
+    yield { provider, backendModel: route.model };
+  }
+}
+
+export function getProviders(): Map<string, LLMProvider> {
+  return providers;
+}

package/src/providers/types.ts

@@ -0,0 +1,26 @@
+import type { IncomingMessage } from 'http';
+
+export interface LLMProvider {
+  readonly name: string;
+  readonly anthropicBaseUrl: string;
+
+  isHealthy(): boolean;
+  markUnhealthy(reason: string): void;
+  markHealthy(): void;
+
+  /**
+   * Transparent proxy: forward raw Anthropic request to provider's native endpoint.
+   * Returns the raw HTTP response for direct piping back to the client.
+   */
+  proxy(
+    path: string,
+    body: Buffer | string,
+    headers: Record<string, string>,
+    isStream: boolean,
+  ): Promise<IncomingMessage>;
+}
+
+export interface ResolvedRoute {
+  provider: LLMProvider;
+  backendModel: string;
+}

package/src/routes/admin.ts

@@ -0,0 +1,169 @@
+import { Router } from 'express';
+import type { Request, Response } from 'express';
+import { getPool } from '../services/database';
+import { adminAuth } from '../middleware/session-auth';
+import { getHealthStatus } from '../services/health-checker';
+import { logger } from '../utils/logger';
+
+export const adminRouter = Router();
+
+// All routes require admin auth
+adminRouter.use(adminAuth);
+
+/**
+ * GET /api/admin/stats
+ * Platform-wide statistics.
+ */
+adminRouter.get('/stats', async (_req: Request, res: Response) => {
+  try {
+    const pool = getPool();
+
+    const [users] = await pool.execute(`
+      SELECT
+        COUNT(*) as total,
+        SUM(CASE WHEN DATE(created_at) = CURRENT_DATE THEN 1 ELSE 0 END) as today_new
+      FROM users
+    `);
+
+    const [activeUsers] = await pool.execute(`
+      SELECT COUNT(DISTINCT user_id) as cnt FROM usage_logs
+      WHERE created_at >= NOW() - INTERVAL '7 days'
+    `);
+
+    const [requests] = await pool.execute(`
+      SELECT
+        COUNT(*) as total,
+        SUM(CASE WHEN DATE(created_at) = CURRENT_DATE THEN 1 ELSE 0 END) as today
+      FROM usage_logs
+    `);
+
+    const [tokens] = await pool.execute(`
+      SELECT
+        COALESCE(SUM(input_tokens + output_tokens), 0) as total_tokens,
+        COALESCE(SUM(provider_cost), 0) as total_cost
+      FROM usage_logs
+    `);
+
+    const [monthCost] = await pool.execute(`
+      SELECT COALESCE(SUM(provider_cost), 0) as cost
+      FROM usage_logs WHERE created_at >= date_trunc('month', NOW())
+    `);
+
+    const [revenue] = await pool.execute(`
+      SELECT COALESCE(SUM(amount), 0) as total FROM orders WHERE status = 'paid'
+    `);
+
+    const [monthRevenue] = await pool.execute(`
+      SELECT COALESCE(SUM(amount), 0) as total FROM orders
+      WHERE status = 'paid' AND paid_at >= date_trunc('month', NOW())
+    `);
+
+    // Provider health
+    const providerHealth = getHealthStatus();
+
+    res.json({
+      success: true,
+      stats: {
+        users: (users as any[])[0],
+        activeUsers7d: (activeUsers as any[])[0].cnt,
+        requests: (requests as any[])[0],
+        tokens: (tokens as any[])[0],
+        monthCost: parseFloat((monthCost as any[])[0].cost),
+        revenue: parseFloat((revenue as any[])[0].total),
+        monthRevenue: parseFloat((monthRevenue as any[])[0].total),
+        providerHealth,
+      },
+    });
+  } catch (err) {
+    logger.error({ err }, 'admin stats error');
+    res.status(500).json({ success: false, error: 'Internal error' });
+  }
+});
+
+/**
+ * GET /api/admin/users
+ * Full user list with plan and usage info.
+ */
+adminRouter.get('/users', async (_req: Request, res: Response) => {
+  try {
+    const pool = getPool();
+    const [rows] = await pool.execute(`
+      SELECT
+        u.id, u.email, u.name, u.role, u.status, u.created_at,
+        p.name as plan_name, p.display_name as plan_display,
+        COALESCE(s.tokens_used, 0) as tokens_used,
+        p.token_limit_monthly,
+        (SELECT COUNT(*) FROM usage_logs WHERE user_id = u.id) as total_requests,
+        (SELECT COUNT(*) FROM api_keys WHERE user_id = u.id AND status = 'active') as api_key_count
+      FROM users u
+      LEFT JOIN subscriptions s ON s.user_id = u.id
+      LEFT JOIN plans p ON s.plan_id = p.id
+      ORDER BY u.created_at DESC
+    `);
+
+    res.json({ success: true, users: rows });
+  } catch (err) {
+    logger.error({ err }, 'admin users error');
+    res.status(500).json({ success: false, error: 'Internal error' });
+  }
+});
+
+/**
+ * PUT /api/admin/users/:id
+ * Update user status or plan.
+ */
+adminRouter.put('/users/:id', async (req: Request, res: Response) => {
+  try {
+    const pool = getPool();
+    const userId = req.params.id;
+    const { status, plan } = req.body;
+
+    if (status) {
+      await pool.execute('UPDATE users SET status = ? WHERE id = ?', [status, userId]);
+    }
+
+    if (plan) {
+      const [plans] = await pool.execute('SELECT id FROM plans WHERE name = ?', [plan]);
+      const planId = (plans as any[])[0]?.id;
+      if (planId) {
+        await pool.execute(
+          'UPDATE subscriptions SET plan_id = ?, tokens_used = 0 WHERE id = (SELECT id FROM subscriptions WHERE user_id = ? ORDER BY period_start DESC LIMIT 1)',
+          [planId, userId],
+        );
+      }
+    }
+
+    res.json({ success: true });
+  } catch (err) {
+    logger.error({ err }, 'admin update user error');
+    res.status(500).json({ success: false, error: 'Internal error' });
+  }
+});
+
+/**
+ * GET /api/admin/cost-report
+ * Provider cost breakdown.
+ */
+adminRouter.get('/cost-report', async (_req: Request, res: Response) => {
+  try {
+    const pool = getPool();
+    const [daily] = await pool.execute(`
+      SELECT
+        DATE(created_at) as date,
+        provider_name,
+        COUNT(*) as requests,
+        COALESCE(SUM(input_tokens), 0) as input_tokens,
+        COALESCE(SUM(output_tokens), 0) as output_tokens,
+        COALESCE(SUM(provider_cost), 0) as cost
+      FROM usage_logs
+      WHERE created_at >= CURRENT_DATE - INTERVAL '30 days'
+      GROUP BY DATE(created_at), provider_name
+      ORDER BY date DESC, provider_name
+    `);
+
+    res.json({ success: true, daily });
+  } catch (err) {
+    logger.error({ err }, 'cost report error');
+    res.status(500).json({ success: false, error: 'Internal error' });
+  }
+});

package/src/routes/auth.ts

@@ -0,0 +1,369 @@
+import { Router } from 'express';
+import type { Request, Response } from 'express';
+import bcrypt from 'bcryptjs';
+import jwt from 'jsonwebtoken';
+import crypto from 'crypto';
+import { getPool } from '../services/database';
+import { sessionAuth } from '../middleware/session-auth';
+import { sendVerificationEmail, sendWelcomeEmail } from '../services/mailer';
+import { logger } from '../utils/logger';
+
+const GOOGLE_CLIENT_ID = process.env.GOOGLE_CLIENT_ID || '128504392054-4rfrtk05umm9fvfpd83l9qn9r4qnaa98.apps.googleusercontent.com';
+
+export function createAuthRouter(jwtSecret: string): Router {
+  const router = Router();
+
+  // In-memory pending registrations (code -> {email, hash, name, expiresAt})
+  const pending = new Map<string, {
+    email: string;
+    passwordHash: string;
+    name: string;
+    code: string;
+    expiresAt: number;
+  }>();
+
+  // Cleanup expired entries every 5 min
+  setInterval(() => {
+    const now = Date.now();
+    for (const [key, val] of pending) {
+      if (val.expiresAt < now) pending.delete(key);
+    }
+  }, 5 * 60_000);
+
+  /**
+   * POST /api/auth/send-code
+   * Step 1 of registration: validate inputs, send verification code.
+   */
+  router.post('/send-code', async (req: Request, res: Response) => {
+    try {
+      const { email, password, name } = req.body;
+
+      if (!email || !password || !name) {
+        res.status(400).json({ success: false, error: 'Missing required fields' });
+        return;
+      }
+      if (password.length < 8) {
+        res.status(400).json({ success: false, error: 'Password must be at least 8 characters' });
+        return;
+      }
+
+      const pool = getPool();
+      const [existing] = await pool.execute('SELECT id FROM users WHERE email = ?', [email]);
+      if ((existing as any[]).length > 0) {
+        res.status(409).json({ success: false, error: 'Email already registered' });
+        return;
+      }
+
+      const code = String(Math.floor(100000 + Math.random() * 900000));
+      const passwordHash = await bcrypt.hash(password, 10);
+
+      pending.set(email, {
+        email,
+        passwordHash,
+        name,
+        code,
+        expiresAt: Date.now() + 30 * 60_000, // 30 min
+      });
+
+      await sendVerificationEmail(email, code, name);
+
+      res.json({ success: true, message: 'Verification code sent' });
+    } catch (err) {
+      logger.error({ err }, 'send-code error');
+      res.status(500).json({ success: false, error: 'Internal error' });
+    }
+  });
+
+  /**
+   * POST /api/auth/register
+   * Step 2: verify code, create user, issue JWT.
+   */
+  router.post('/register', async (req: Request, res: Response) => {
+    try {
+      const { email, code } = req.body;
+
+      const entry = pending.get(email);
+      if (!entry || entry.code !== code || entry.expiresAt < Date.now()) {
+        res.status(400).json({ success: false, error: 'Invalid or expired verification code' });
+        return;
+      }
+
+      const pool = getPool();
+
+      // Create user
+      const [result] = await pool.execute(
+        'INSERT INTO users (email, password_hash, name, verified, status) VALUES (?, ?, ?, 1, ?)',
+        [entry.email, entry.passwordHash, entry.name, 'active'],
+      );
+      const userId = (result as any).insertId;
+
+      // Assign free plan
+      const [plans] = await pool.execute('SELECT id FROM plans WHERE name = ?', ['free']);
+      const planId = (plans as any[])[0]?.id;
+      if (planId) {
+        await pool.execute(
+          "INSERT INTO subscriptions (user_id, plan_id, period_end) VALUES (?, ?, NOW() + INTERVAL '100 years')",
+          [userId, planId],
+        );
+      }
+
+      pending.delete(email);
+
+      // Issue JWT
+      const token = jwt.sign({ id: userId }, jwtSecret, { expiresIn: '7d' });
+      res.cookie('token', token, { httpOnly: true, maxAge: 7 * 24 * 3600_000, sameSite: 'lax' });
+
+      // Send welcome email (async, don't block)
+      sendWelcomeEmail(entry.email, entry.name).catch(() => {});
+
+      res.json({ success: true, user: { id: userId, email: entry.email, name: entry.name } });
+    } catch (err) {
+      logger.error({ err }, 'register error');
+      res.status(500).json({ success: false, error: 'Internal error' });
+    }
+  });
+
+  /**
+   * POST /api/auth/login
+   */
+  router.post('/login', async (req: Request, res: Response) => {
+    try {
+      const { email, password } = req.body;
+      if (!email || !password) {
+        res.status(400).json({ success: false, error: 'Email and password required' });
+        return;
+      }
+
+      const pool = getPool();
+      const [rows] = await pool.execute('SELECT * FROM users WHERE email = ?', [email]);
+      const user = (rows as any[])[0];
+
+      if (!user || !(await bcrypt.compare(password, user.password_hash))) {
+        res.status(401).json({ success: false, error: 'Invalid email or password' });
+        return;
+      }
+      if (user.status !== 'active') {
+        res.status(403).json({ success: false, error: 'Account suspended' });
+        return;
+      }
+
+      const token = jwt.sign({ id: user.id }, jwtSecret, { expiresIn: '7d' });
+      res.cookie('token', token, { httpOnly: true, maxAge: 7 * 24 * 3600_000, sameSite: 'lax' });
+
+      res.json({ success: true, user: { id: user.id, email: user.email, name: user.name } });
+    } catch (err) {
+      logger.error({ err }, 'login error');
+      res.status(500).json({ success: false, error: 'Internal error' });
+    }
+  });
+
+  /**
+   * POST /api/auth/logout
+   */
+  router.post('/logout', (_req: Request, res: Response) => {
+    res.clearCookie('token');
+    res.json({ success: true });
+  });
+
+  /**
+   * GET /api/auth/me
+   */
+  router.get('/me', sessionAuth, async (req: Request, res: Response) => {
+    try {
+      const pool = getPool();
+      const [subs] = await pool.execute(`
+        SELECT s.*, p.name as plan_name, p.display_name, p.token_limit_monthly, p.rate_limit_rpm, p.max_api_keys, p.price_monthly
+        FROM subscriptions s JOIN plans p ON s.plan_id = p.id
+        WHERE s.user_id = ? ORDER BY s.period_start DESC LIMIT 1
+      `, [req.userId!]);
+
+      res.json({
+        success: true,
+        user: req.user,
+        subscription: (subs as any[])[0] || null,
+      });
+    } catch (err) {
+      logger.error({ err }, 'me error');
+      res.status(500).json({ success: false, error: 'Internal error' });
+    }
+  });
+
+  /**
+   * POST /api/auth/update-profile
+   */
+  router.post('/update-profile', sessionAuth, async (req: Request, res: Response) => {
+    try {
+      const { name } = req.body;
+      if (!name || name.length < 2) {
+        res.status(400).json({ success: false, error: 'Name must be at least 2 characters' });
+        return;
+      }
+      const pool = getPool();
+      await pool.execute('UPDATE users SET name = ? WHERE id = ?', [name, req.userId!]);
+      res.json({ success: true });
+    } catch (err) {
+      logger.error({ err }, 'update-profile error');
+      res.status(500).json({ success: false, error: 'Internal error' });
+    }
+  });
+
+  /**
+   * POST /api/auth/change-password
+   */
+  router.post('/change-password', sessionAuth, async (req: Request, res: Response) => {
+    try {
+      const { currentPassword, newPassword } = req.body;
+      if (!currentPassword || !newPassword || newPassword.length < 8) {
+        res.status(400).json({ success: false, error: 'Invalid password' });
+        return;
+      }
+
+      const pool = getPool();
+      const [rows] = await pool.execute('SELECT password_hash FROM users WHERE id = ?', [req.userId!]);
+      const user = (rows as any[])[0];
+
+      if (!user || !(await bcrypt.compare(currentPassword, user.password_hash))) {
+        res.status(401).json({ success: false, error: 'Current password is incorrect' });
+        return;
+      }
+
+      const hash = await bcrypt.hash(newPassword, 10);
+      await pool.execute('UPDATE users SET password_hash = ? WHERE id = ?', [hash, req.userId!]);
+
+      res.json({ success: true });
+    } catch (err) {
+      logger.error({ err }, 'change-password error');
+      res.status(500).json({ success: false, error: 'Internal error' });
+    }
+  });
+
+  /**
+   * POST /api/auth/delete-account
+   */
+  router.post('/delete-account', sessionAuth, async (req: Request, res: Response) => {
+    try {
+      const { email } = req.body;
+      if (email !== req.user?.email) {
+        res.status(400).json({ success: false, error: 'Email confirmation does not match' });
+        return;
+      }
+
+      const pool = getPool();
+      await pool.execute('DELETE FROM users WHERE id = ?', [req.userId!]);
+      res.clearCookie('token');
+      res.json({ success: true });
+    } catch (err) {
+      logger.error({ err }, 'delete-account error');
+      res.status(500).json({ success: false, error: 'Internal error' });
+    }
+  });
+
+  // ============================================================
+  // Google Sign-In (frontend-based, no server-to-Google network calls)
+  // ============================================================
+
+  /**
+   * Decode a Google ID token (JWT) without network access.
+   * We trust the token because it comes from Google's Sign-In SDK
+   * running in the user's browser with our client_id configured.
+   */
+  function decodeGoogleIdToken(idToken: string) {
+    const parts = idToken.split('.');
+    if (parts.length !== 3) throw new Error('Invalid token');
+    const payload = JSON.parse(Buffer.from(parts[1], 'base64url').toString());
+    if (!['accounts.google.com', 'https://accounts.google.com'].includes(payload.iss)) {
+      throw new Error('Invalid issuer');
+    }
+    if (payload.aud !== GOOGLE_CLIENT_ID) {
+      throw new Error('Invalid audience');
+    }
+    if (payload.exp * 1000 < Date.now()) {
+      throw new Error('Token expired');
+    }
+    return payload as { email: string; name?: string; sub: string; picture?: string };
+  }
+
+  /**
+   * POST /api/auth/google/token
+   * Receive a Google ID token from the frontend, verify it, create/login user.
+   */
+  router.post('/google/token', async (req: Request, res: Response) => {
+    try {
+      const { idToken } = req.body;
+      if (!idToken || typeof idToken !== 'string') {
+        res.status(400).json({ success: false, error: 'Missing idToken' });
+        return;
+      }
+
+      if (!GOOGLE_CLIENT_ID) {
+        res.status(500).json({ success: false, error: 'Google OAuth not configured' });
+        return;
+      }
+
+      let googleUser: { email: string; name?: string; sub: string; picture?: string };
+      try {
+        googleUser = decodeGoogleIdToken(idToken);
+      } catch (err: any) {
+        logger.warn({ err: err.message }, 'Invalid Google ID token');
+        res.status(401).json({ success: false, error: 'Invalid Google token' });
+        return;
+      }
+
+      if (!googleUser.email) {
+        res.status(400).json({ success: false, error: 'No email in Google token' });
+        return;
+      }
+
+      const pool = getPool();
+
+      // Check if user exists
+      const [existing] = await pool.execute('SELECT * FROM users WHERE email = ?', [googleUser.email]);
+      let userId: number;
+
+      if ((existing as any[]).length > 0) {
+        // Existing user — login
+        const user = (existing as any[])[0];
+        if (user.status !== 'active') {
+          res.status(403).json({ success: false, error: 'Account suspended' });
+          return;
+        }
+        userId = user.id;
+      } else {
+        // New user — register
+        const randomPassword = crypto.randomBytes(32).toString('hex');
+        const hash = await bcrypt.hash(randomPassword, 10);
+        const name = googleUser.name || googleUser.email.split('@')[0];
+
+        const [result] = await pool.execute(
+          'INSERT INTO users (email, password_hash, name, verified, status) VALUES (?, ?, ?, 1, ?) RETURNING id',
+          [googleUser.email, hash, name, 'active'],
+        );
+        userId = (result as any[])[0].id;
+
+        // Assign free plan
+        const [plans] = await pool.execute('SELECT id FROM plans WHERE name = ?', ['free']);
+        const planId = (plans as any[])[0]?.id;
+        if (planId) {
+          await pool.execute(
+            "INSERT INTO subscriptions (user_id, plan_id, period_end) VALUES (?, ?, NOW() + INTERVAL '100 years')",
+            [userId, planId],
+          );
+        }
+
+        // Welcome email (async)
+        sendWelcomeEmail(googleUser.email, name).catch(() => {});
+      }
+
+      // Issue JWT
+      const token = jwt.sign({ id: userId }, jwtSecret, { expiresIn: '7d' });
+      res.cookie('token', token, { httpOnly: true, maxAge: 7 * 24 * 3600_000, sameSite: 'lax' });
+      res.json({ success: true, user: { id: userId, email: googleUser.email, name: googleUser.name } });
+
+    } catch (err) {
+      logger.error({ err }, 'Google token login error');
+      res.status(500).json({ success: false, error: 'Internal error' });
+    }
+  });
+
+  return router;
+}