ccproxy-api 0.1.0__py3-none-any.whl

ccproxy/api/routes/proxy.py

@@ -0,0 +1,238 @@
+"""Proxy endpoints for CCProxy API Server."""
+
+import json
+from collections.abc import AsyncIterator
+from typing import Any
+
+from fastapi import APIRouter, HTTPException, Request, Response
+from fastapi.responses import StreamingResponse
+from starlette.background import BackgroundTask
+
+from ccproxy.adapters.openai.adapter import OpenAIAdapter
+from ccproxy.api.dependencies import ProxyServiceDep
+from ccproxy.api.responses import ProxyResponse
+from ccproxy.core.errors import ProxyHTTPException
+
+
+# Create the router for proxy endpoints
+router = APIRouter(tags=["proxy"])
+
+
+@router.post("/v1/chat/completions", response_model=None)
+async def create_openai_chat_completion(
+    request: Request,
+    proxy_service: ProxyServiceDep,
+) -> StreamingResponse | Response:
+    """Create a chat completion using Claude AI with OpenAI-compatible format.
+
+    This endpoint handles OpenAI API format requests and forwards them
+    directly to Claude via the proxy service.
+    """
+    try:
+        # Get request body
+        body = await request.body()
+
+        # Get headers and query params
+        headers = dict(request.headers)
+        query_params: dict[str, str | list[str]] | None = (
+            dict(request.query_params) if request.query_params else None
+        )
+
+        # Handle the request using proxy service directly
+        response = await proxy_service.handle_request(
+            method=request.method,
+            path=request.url.path,
+            headers=headers,
+            body=body,
+            query_params=query_params,
+            request=request,  # Pass the request object for context access
+        )
+
+        # Return appropriate response type
+        if isinstance(response, StreamingResponse):
+            # Already a streaming response
+            return response
+        else:
+            # Tuple response - handle regular response
+            status_code, response_headers, response_body = response
+            if status_code >= 400:
+                # Forward error response directly with headers
+                return ProxyResponse(
+                    content=response_body,
+                    status_code=status_code,
+                    headers=response_headers,
+                    media_type=response_headers.get("content-type", "application/json"),
+                )
+
+            # Check if this is a streaming response based on content-type
+            content_type = response_headers.get("content-type", "")
+            if "text/event-stream" in content_type:
+                # Return as streaming response
+                async def stream_generator() -> AsyncIterator[bytes]:
+                    # Split the SSE data into chunks
+                    for line in response_body.decode().split("\n"):
+                        if line.strip():
+                            yield f"{line}\n".encode()
+
+                return StreamingResponse(
+                    stream_generator(),
+                    media_type="text/event-stream",
+                    headers={
+                        "Cache-Control": "no-cache",
+                        "Connection": "keep-alive",
+                    },
+                )
+            else:
+                # Parse JSON response
+                response_data = json.loads(response_body.decode())
+
+                # Convert Anthropic response back to OpenAI format for /chat/completions
+                openai_adapter = OpenAIAdapter()
+                openai_response = openai_adapter.adapt_response(response_data)
+
+                # Return response with headers
+                return ProxyResponse(
+                    content=json.dumps(openai_response),
+                    status_code=status_code,
+                    headers=response_headers,
+                    media_type=response_headers.get("content-type", "application/json"),
+                )
+
+    except Exception as e:
+        raise HTTPException(
+            status_code=500, detail=f"Internal server error: {str(e)}"
+        ) from e
+
+
+@router.post("/v1/messages", response_model=None)
+async def create_anthropic_message(
+    request: Request,
+    proxy_service: ProxyServiceDep,
+) -> StreamingResponse | Response:
+    """Create a message using Claude AI with Anthropic format.
+
+    This endpoint handles Anthropic API format requests and forwards them
+    directly to Claude via the proxy service.
+    """
+    try:
+        # Get request body
+        body = await request.body()
+
+        # Get headers and query params
+        headers = dict(request.headers)
+        query_params: dict[str, str | list[str]] | None = (
+            dict(request.query_params) if request.query_params else None
+        )
+
+        # Handle the request using proxy service directly
+        response = await proxy_service.handle_request(
+            method=request.method,
+            path=request.url.path,
+            headers=headers,
+            body=body,
+            query_params=query_params,
+            request=request,  # Pass the request object for context access
+        )
+
+        # Return appropriate response type
+        if isinstance(response, StreamingResponse):
+            # Already a streaming response
+            return response
+        else:
+            # Tuple response - handle regular response
+            status_code, response_headers, response_body = response
+            if status_code >= 400:
+                # Forward error response directly with headers
+                return ProxyResponse(
+                    content=response_body,
+                    status_code=status_code,
+                    headers=response_headers,
+                    media_type=response_headers.get("content-type", "application/json"),
+                )
+
+            # Check if this is a streaming response based on content-type
+            content_type = response_headers.get("content-type", "")
+            if "text/event-stream" in content_type:
+                # Return as streaming response
+                async def stream_generator() -> AsyncIterator[bytes]:
+                    # Split the SSE data into chunks
+                    for line in response_body.decode().split("\n"):
+                        if line.strip():
+                            yield f"{line}\n".encode()
+
+                return StreamingResponse(
+                    stream_generator(),
+                    media_type="text/event-stream",
+                    headers={
+                        "Cache-Control": "no-cache",
+                        "Connection": "keep-alive",
+                    },
+                )
+            else:
+                # Parse JSON response
+                response_data = json.loads(response_body.decode())
+
+                # Return response with headers
+                return ProxyResponse(
+                    content=response_body,  # Use original body to preserve exact format
+                    status_code=status_code,
+                    headers=response_headers,
+                    media_type=response_headers.get("content-type", "application/json"),
+                )
+
+    except Exception as e:
+        raise HTTPException(
+            status_code=500, detail=f"Internal server error: {str(e)}"
+        ) from e
+
+
+@router.get("/v1/models", response_model=None)
+async def list_models(
+    request: Request,
+    proxy_service: ProxyServiceDep,
+) -> Response:
+    """List available models using the proxy service.
+
+    Returns a combined list of Anthropic models and recent OpenAI models.
+    """
+    try:
+        # Get headers
+        headers = dict(request.headers)
+
+        # Handle the request using proxy service
+        response = await proxy_service.handle_request(
+            method="GET",
+            path="/v1/models",
+            headers=headers,
+            body=None,
+            request=request,
+        )
+
+        # Since /v1/models never streams, we know it returns a tuple
+        if isinstance(response, tuple):
+            status_code, response_headers, response_body = response
+        else:
+            # This shouldn't happen for /v1/models, but handle it gracefully
+            raise HTTPException(
+                status_code=500,
+                detail="Unexpected streaming response for /v1/models endpoint",
+            )
+
+        # Return response with headers
+        return ProxyResponse(
+            content=response_body,
+            status_code=status_code,
+            headers=response_headers,
+            media_type=response_headers.get("content-type", "application/json"),
+        )
+
+    except Exception as e:
+        raise HTTPException(
+            status_code=500, detail=f"Internal server error: {str(e)}"
+        ) from e
+
+
+@router.get("/status")
+async def proxy_status() -> dict[str, str]:
+    """Get proxy status."""
+    return {"status": "proxy API available", "version": "1.0.0"}

ccproxy/auth/__init__.py

@@ -0,0 +1,75 @@
+"""Authentication module for centralized auth handling."""
+
+from ccproxy.auth.bearer import BearerTokenAuthManager
+from ccproxy.auth.credentials_adapter import CredentialsAuthManager
+from ccproxy.auth.dependencies import (
+    AccessTokenDep,
+    AuthManagerDep,
+    RequiredAuthDep,
+    get_access_token,
+    get_auth_manager,
+    get_bearer_auth_manager,
+    get_credentials_auth_manager,
+    require_auth,
+)
+from ccproxy.auth.exceptions import (
+    AuthenticationError,
+    AuthenticationRequiredError,
+    CredentialsError,
+    CredentialsExpiredError,
+    CredentialsInvalidError,
+    CredentialsNotFoundError,
+    CredentialsStorageError,
+    InsufficientPermissionsError,
+    InvalidTokenError,
+    OAuthCallbackError,
+    OAuthError,
+    OAuthLoginError,
+    OAuthTokenRefreshError,
+)
+from ccproxy.auth.manager import AuthManager, BaseAuthManager
+from ccproxy.auth.storage import (
+    JsonFileTokenStorage,
+    KeyringTokenStorage,
+    TokenStorage,
+)
+from ccproxy.services.credentials.manager import CredentialsManager
+
+
+__all__ = [
+    # Manager interfaces
+    "AuthManager",
+    "BaseAuthManager",
+    # Implementations
+    "BearerTokenAuthManager",
+    "CredentialsAuthManager",
+    "CredentialsManager",
+    # Storage interfaces and implementations
+    "TokenStorage",
+    "JsonFileTokenStorage",
+    "KeyringTokenStorage",
+    # Exceptions
+    "AuthenticationError",
+    "AuthenticationRequiredError",
+    "CredentialsError",
+    "CredentialsExpiredError",
+    "CredentialsInvalidError",
+    "CredentialsNotFoundError",
+    "CredentialsStorageError",
+    "InvalidTokenError",
+    "InsufficientPermissionsError",
+    "OAuthCallbackError",
+    "OAuthError",
+    "OAuthLoginError",
+    "OAuthTokenRefreshError",
+    # Dependencies
+    "get_auth_manager",
+    "get_bearer_auth_manager",
+    "get_credentials_auth_manager",
+    "require_auth",
+    "get_access_token",
+    # Type aliases
+    "AuthManagerDep",
+    "RequiredAuthDep",
+    "AccessTokenDep",
+]

ccproxy/auth/bearer.py

@@ -0,0 +1,68 @@
+"""Bearer token authentication implementation."""
+
+from typing import Any
+
+from ccproxy.auth.exceptions import AuthenticationError
+from ccproxy.auth.manager import BaseAuthManager
+from ccproxy.auth.models import ClaudeCredentials, UserProfile
+
+
+class BearerTokenAuthManager(BaseAuthManager):
+    """Authentication manager for static bearer tokens."""
+
+    def __init__(self, token: str) -> None:
+        """Initialize with a static bearer token.
+
+        Args:
+            token: Bearer token string
+        """
+        self.token = token.strip()
+        if not self.token:
+            raise ValueError("Token cannot be empty")
+
+    async def get_access_token(self) -> str:
+        """Get the bearer token.
+
+        Returns:
+            Bearer token string
+
+        Raises:
+            AuthenticationError: If token is invalid
+        """
+        if not self.token:
+            raise AuthenticationError("No bearer token available")
+        return self.token
+
+    async def get_credentials(self) -> ClaudeCredentials:
+        """Get credentials (not supported for bearer tokens).
+
+        Raises:
+            AuthenticationError: Bearer tokens don't support full credentials
+        """
+        raise AuthenticationError(
+            "Bearer token authentication doesn't support full credentials"
+        )
+
+    async def is_authenticated(self) -> bool:
+        """Check if bearer token is available.
+
+        Returns:
+            True if token is available, False otherwise
+        """
+        return bool(self.token)
+
+    async def get_user_profile(self) -> UserProfile | None:
+        """Get user profile (not supported for bearer tokens).
+
+        Returns:
+            None - bearer tokens don't support user profiles
+        """
+        return None
+
+    async def __aenter__(self) -> "BearerTokenAuthManager":
+        """Async context manager entry."""
+        return self
+
+    async def __aexit__(self, exc_type: Any, exc_val: Any, exc_tb: Any) -> None:
+        """Async context manager exit."""
+        pass

ccproxy/auth/credentials_adapter.py

@@ -0,0 +1,93 @@
+"""Adapter to make CredentialsManager compatible with AuthManager interface."""
+
+from typing import Any
+
+from ccproxy.auth.exceptions import (
+    AuthenticationError,
+    CredentialsError,
+    CredentialsExpiredError,
+    CredentialsNotFoundError,
+)
+from ccproxy.auth.manager import BaseAuthManager
+from ccproxy.auth.models import ClaudeCredentials, UserProfile
+from ccproxy.services.credentials.manager import CredentialsManager
+
+
+class CredentialsAuthManager(BaseAuthManager):
+    """Adapter to make CredentialsManager compatible with AuthManager interface."""
+
+    def __init__(self, credentials_manager: CredentialsManager | None = None) -> None:
+        """Initialize with credentials manager.
+
+        Args:
+            credentials_manager: CredentialsManager instance, creates new if None
+        """
+        self._credentials_manager = credentials_manager or CredentialsManager()
+
+    async def get_access_token(self) -> str:
+        """Get valid access token from credentials manager.
+
+        Returns:
+            Access token string
+
+        Raises:
+            AuthenticationError: If authentication fails
+        """
+        try:
+            return await self._credentials_manager.get_access_token()
+        except CredentialsNotFoundError as e:
+            raise AuthenticationError("No credentials found") from e
+        except CredentialsExpiredError as e:
+            raise AuthenticationError("Credentials expired") from e
+        except CredentialsError as e:
+            raise AuthenticationError(f"Credentials error: {e}") from e
+
+    async def get_credentials(self) -> ClaudeCredentials:
+        """Get valid credentials from credentials manager.
+
+        Returns:
+            Valid credentials
+
+        Raises:
+            AuthenticationError: If authentication fails
+        """
+        try:
+            return await self._credentials_manager.get_valid_credentials()
+        except CredentialsNotFoundError as e:
+            raise AuthenticationError("No credentials found") from e
+        except CredentialsExpiredError as e:
+            raise AuthenticationError("Credentials expired") from e
+        except CredentialsError as e:
+            raise AuthenticationError(f"Credentials error: {e}") from e
+
+    async def is_authenticated(self) -> bool:
+        """Check if current authentication is valid.
+
+        Returns:
+            True if authenticated, False otherwise
+        """
+        try:
+            await self._credentials_manager.get_valid_credentials()
+            return True
+        except CredentialsError:
+            return False
+
+    async def get_user_profile(self) -> UserProfile | None:
+        """Get user profile information.
+
+        Returns:
+            UserProfile if available, None otherwise
+        """
+        try:
+            return await self._credentials_manager.fetch_user_profile()
+        except CredentialsError:
+            return None
+
+    async def __aenter__(self) -> "CredentialsAuthManager":
+        """Async context manager entry."""
+        await self._credentials_manager.__aenter__()
+        return self
+
+    async def __aexit__(self, exc_type: Any, exc_val: Any, exc_tb: Any) -> None:
+        """Async context manager exit."""
+        await self._credentials_manager.__aexit__(exc_type, exc_val, exc_tb)

ccproxy/auth/dependencies.py

@@ -0,0 +1,229 @@
+"""FastAPI dependency injection for authentication."""
+
+from typing import TYPE_CHECKING, Annotated, Any
+
+from fastapi import Depends, HTTPException, status
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+
+
+if TYPE_CHECKING:
+    from ccproxy.config.settings import Settings
+
+from ccproxy.auth.bearer import BearerTokenAuthManager
+from ccproxy.auth.credentials_adapter import CredentialsAuthManager
+from ccproxy.auth.exceptions import AuthenticationError, AuthenticationRequiredError
+from ccproxy.auth.manager import AuthManager
+
+
+# FastAPI security scheme for bearer tokens
+bearer_scheme = HTTPBearer(auto_error=False)
+
+
+async def get_credentials_auth_manager() -> AuthManager:
+    """Get credentials-based authentication manager.
+
+    Returns:
+        CredentialsAuthManager instance
+    """
+    return CredentialsAuthManager()
+
+
+async def get_bearer_auth_manager(
+    credentials: Annotated[HTTPAuthorizationCredentials | None, Depends(bearer_scheme)],
+) -> AuthManager:
+    """Get bearer token authentication manager.
+
+    Args:
+        credentials: HTTP authorization credentials
+
+    Returns:
+        BearerTokenAuthManager instance
+
+    Raises:
+        HTTPException: If no valid bearer token provided
+    """
+    if not credentials or not credentials.credentials:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Bearer token required",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+    return BearerTokenAuthManager(credentials.credentials)
+
+
+async def _get_auth_manager_with_settings(
+    credentials: HTTPAuthorizationCredentials | None,
+    settings: "Settings",
+) -> AuthManager:
+    """Internal function to get auth manager with specific settings.
+
+    Args:
+        credentials: HTTP authorization credentials
+        settings: Application settings
+
+    Returns:
+        AuthManager instance
+
+    Raises:
+        HTTPException: If no valid authentication available
+    """
+    # Try bearer token first if provided
+    if credentials and credentials.credentials:
+        try:
+            # If API has configured auth_token, validate against it
+            if settings.security.auth_token:
+                if credentials.credentials == settings.security.auth_token:
+                    bearer_auth = BearerTokenAuthManager(credentials.credentials)
+                    if await bearer_auth.is_authenticated():
+                        return bearer_auth
+                else:
+                    # Token doesn't match configured auth_token
+                    raise HTTPException(
+                        status_code=status.HTTP_401_UNAUTHORIZED,
+                        detail="Invalid bearer token",
+                        headers={"WWW-Authenticate": "Bearer"},
+                    )
+            else:
+                # No auth_token configured, accept any bearer token
+                bearer_auth = BearerTokenAuthManager(credentials.credentials)
+                if await bearer_auth.is_authenticated():
+                    return bearer_auth
+        except (AuthenticationError, ValueError):
+            pass
+
+    # Fall back to credentials only if no auth_token is configured
+    if not settings.security.auth_token:
+        try:
+            credentials_auth = CredentialsAuthManager()
+            if await credentials_auth.is_authenticated():
+                return credentials_auth
+        except AuthenticationError:
+            pass
+
+    raise HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        detail="Authentication required",
+        headers={"WWW-Authenticate": "Bearer"},
+    )
+
+
+async def get_auth_manager(
+    credentials: Annotated[
+        HTTPAuthorizationCredentials | None, Depends(bearer_scheme)
+    ] = None,
+) -> AuthManager:
+    """Get authentication manager with fallback strategy.
+
+    Try bearer token first, then fall back to credentials.
+
+    Args:
+        credentials: HTTP authorization credentials
+
+    Returns:
+        AuthManager instance
+
+    Raises:
+        HTTPException: If no valid authentication available
+    """
+    # Import here to avoid circular imports
+    from ccproxy.config.settings import get_settings
+
+    settings = get_settings()
+    return await _get_auth_manager_with_settings(credentials, settings)
+
+
+async def get_auth_manager_with_injected_settings(
+    credentials: Annotated[
+        HTTPAuthorizationCredentials | None, Depends(bearer_scheme)
+    ] = None,
+) -> AuthManager:
+    """Get authentication manager with dependency-injected settings.
+
+    This version uses FastAPI's dependency injection for settings,
+    which allows test overrides to work properly.
+
+    Args:
+        credentials: HTTP authorization credentials
+        settings: Application settings (injected by FastAPI)
+
+    Returns:
+        AuthManager instance
+
+    Raises:
+        HTTPException: If no valid authentication available
+    """
+    # Import here to avoid circular imports
+    from ccproxy.config.settings import get_settings
+
+    settings = get_settings()
+    return await _get_auth_manager_with_settings(credentials, settings)
+
+
+async def require_auth(
+    auth_manager: Annotated[AuthManager, Depends(get_auth_manager)],
+) -> AuthManager:
+    """Require authentication for endpoint.
+
+    Args:
+        auth_manager: Authentication manager
+
+    Returns:
+        AuthManager instance
+
+    Raises:
+        HTTPException: If authentication fails
+    """
+    try:
+        if not await auth_manager.is_authenticated():
+            raise AuthenticationRequiredError("Authentication required")
+        return auth_manager
+    except AuthenticationError as e:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail=str(e),
+            headers={"WWW-Authenticate": "Bearer"},
+        ) from e
+
+
+async def get_access_token(
+    auth_manager: Annotated[AuthManager, Depends(require_auth)],
+) -> str:
+    """Get access token from authenticated manager.
+
+    Args:
+        auth_manager: Authentication manager
+
+    Returns:
+        Access token string
+
+    Raises:
+        HTTPException: If token retrieval fails
+    """
+    try:
+        return await auth_manager.get_access_token()
+    except AuthenticationError as e:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail=str(e),
+            headers={"WWW-Authenticate": "Bearer"},
+        ) from e
+
+
+async def get_auth_manager_dependency(
+    credentials: Annotated[
+        HTTPAuthorizationCredentials | None, Depends(bearer_scheme)
+    ] = None,
+) -> AuthManager:
+    """Dependency wrapper for getting auth manager with settings injection."""
+    # Import here to avoid circular imports
+    from ccproxy.config.settings import get_settings
+
+    settings = get_settings()
+    return await _get_auth_manager_with_settings(credentials, settings)
+
+
+# Type aliases for common dependencies
+AuthManagerDep = Annotated[AuthManager, Depends(get_auth_manager)]
+RequiredAuthDep = Annotated[AuthManager, Depends(require_auth)]
+AccessTokenDep = Annotated[str, Depends(get_access_token)]