From 101498e737ecefc4d507546a90f9f5929e998129 Mon Sep 17 00:00:00 2001 From: ricky Date: Sat, 31 Jan 2026 00:15:35 +0800 Subject: [PATCH] Fix: Support token extraction from Metadata for file-based Kiro auth - Modified extractKiroTokenData to support both Attributes and Metadata sources - Fixes issue where JSON file-based tokens were not being read correctly - FileSynthesizer stores tokens in Metadata, ConfigSynthesizer uses Attributes - Now checks Attributes first (config.yaml), falls back to Metadata (JSON files) - Ensures dynamic model fetching works for all Kiro authentication methods - Prevents fallback to static model list that incorrectly includes opus for free accounts --- README.md | 100 ---------------------------------------- README_CN.md | 100 ---------------------------------------- sdk/cliproxy/service.go | 43 +++++++++++------ 3 files changed, 29 insertions(+), 214 deletions(-) delete mode 100644 README.md delete mode 100644 README_CN.md diff --git a/README.md b/README.md deleted file mode 100644 index 092a3214..00000000 --- a/README.md +++ /dev/null @@ -1,100 +0,0 @@ -# CLIProxyAPI Plus - -English | [Chinese](README_CN.md) - -This is the Plus version of [CLIProxyAPI](https://github.com/router-for-me/CLIProxyAPI), adding support for third-party providers on top of the mainline project. - -All third-party provider support is maintained by community contributors; CLIProxyAPI does not provide technical support. Please contact the corresponding community maintainer if you need assistance. - -The Plus release stays in lockstep with the mainline features. - -## Differences from the Mainline - -- Added GitHub Copilot support (OAuth login), provided by [em4go](https://github.com/em4go/CLIProxyAPI/tree/feature/github-copilot-auth) -- Added Kiro (AWS CodeWhisperer) support (OAuth login), provided by [fuko2935](https://github.com/fuko2935/CLIProxyAPI/tree/feature/kiro-integration), [Ravens2121](https://github.com/Ravens2121/CLIProxyAPIPlus/) - -## New Features (Plus Enhanced) - -- **OAuth Web Authentication**: Browser-based OAuth login for Kiro with beautiful web UI -- **Rate Limiter**: Built-in request rate limiting to prevent API abuse -- **Background Token Refresh**: Automatic token refresh 10 minutes before expiration -- **Metrics & Monitoring**: Request metrics collection for monitoring and debugging -- **Device Fingerprint**: Device fingerprint generation for enhanced security -- **Cooldown Management**: Smart cooldown mechanism for API rate limits -- **Usage Checker**: Real-time usage monitoring and quota management -- **Model Converter**: Unified model name conversion across providers -- **UTF-8 Stream Processing**: Improved streaming response handling - -## Kiro Authentication - -### Web-based OAuth Login - -Access the Kiro OAuth web interface at: - -``` -http://your-server:8080/v0/oauth/kiro -``` - -This provides a browser-based OAuth flow for Kiro (AWS CodeWhisperer) authentication with: -- AWS Builder ID login -- AWS Identity Center (IDC) login -- Token import from Kiro IDE - -## Quick Deployment with Docker - -### One-Command Deployment - -```bash -# Create deployment directory -mkdir -p ~/cli-proxy && cd ~/cli-proxy - -# Create docker-compose.yml -cat > docker-compose.yml << 'EOF' -services: - cli-proxy-api: - image: 17600006524/cli-proxy-api-plus:latest - container_name: cli-proxy-api-plus - ports: - - "8317:8317" - volumes: - - ./config.yaml:/CLIProxyAPI/config.yaml - - ./auths:/root/.cli-proxy-api - - ./logs:/CLIProxyAPI/logs - restart: unless-stopped -EOF - -# Download example config -curl -o config.yaml https://raw.githubusercontent.com/linlang781/CLIProxyAPIPlus/main/config.example.yaml - -# Pull and start -docker compose pull && docker compose up -d -``` - -### Configuration - -Edit `config.yaml` before starting: - -```yaml -# Basic configuration example -server: - port: 8317 - -# Add your provider configurations here -``` - -### Update to Latest Version - -```bash -cd ~/cli-proxy -docker compose pull && docker compose up -d -``` - -## Contributing - -This project only accepts pull requests that relate to third-party provider support. Any pull requests unrelated to third-party provider support will be rejected. - -If you need to submit any non-third-party provider changes, please open them against the mainline repository. - -## License - -This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. diff --git a/README_CN.md b/README_CN.md deleted file mode 100644 index b5b4d5f9..00000000 --- a/README_CN.md +++ /dev/null @@ -1,100 +0,0 @@ -# CLIProxyAPI Plus - -[English](README.md) | 中文 - -这是 [CLIProxyAPI](https://github.com/router-for-me/CLIProxyAPI) 的 Plus 版本,在原有基础上增加了第三方供应商的支持。 - -所有的第三方供应商支持都由第三方社区维护者提供,CLIProxyAPI 不提供技术支持。如需取得支持,请与对应的社区维护者联系。 - -该 Plus 版本的主线功能与主线功能强制同步。 - -## 与主线版本版本差异 - -- 新增 GitHub Copilot 支持(OAuth 登录),由[em4go](https://github.com/em4go/CLIProxyAPI/tree/feature/github-copilot-auth)提供 -- 新增 Kiro (AWS CodeWhisperer) 支持 (OAuth 登录), 由[fuko2935](https://github.com/fuko2935/CLIProxyAPI/tree/feature/kiro-integration)、[Ravens2121](https://github.com/Ravens2121/CLIProxyAPIPlus/)提供 - -## 新增功能 (Plus 增强版) - -- **OAuth Web 认证**: 基于浏览器的 Kiro OAuth 登录,提供美观的 Web UI -- **请求限流器**: 内置请求限流,防止 API 滥用 -- **后台令牌刷新**: 过期前 10 分钟自动刷新令牌 -- **监控指标**: 请求指标收集,用于监控和调试 -- **设备指纹**: 设备指纹生成,增强安全性 -- **冷却管理**: 智能冷却机制,应对 API 速率限制 -- **用量检查器**: 实时用量监控和配额管理 -- **模型转换器**: 跨供应商的统一模型名称转换 -- **UTF-8 流处理**: 改进的流式响应处理 - -## Kiro 认证 - -### 网页端 OAuth 登录 - -访问 Kiro OAuth 网页认证界面: - -``` -http://your-server:8080/v0/oauth/kiro -``` - -提供基于浏览器的 Kiro (AWS CodeWhisperer) OAuth 认证流程,支持: -- AWS Builder ID 登录 -- AWS Identity Center (IDC) 登录 -- 从 Kiro IDE 导入令牌 - -## Docker 快速部署 - -### 一键部署 - -```bash -# 创建部署目录 -mkdir -p ~/cli-proxy && cd ~/cli-proxy - -# 创建 docker-compose.yml -cat > docker-compose.yml << 'EOF' -services: - cli-proxy-api: - image: 17600006524/cli-proxy-api-plus:latest - container_name: cli-proxy-api-plus - ports: - - "8317:8317" - volumes: - - ./config.yaml:/CLIProxyAPI/config.yaml - - ./auths:/root/.cli-proxy-api - - ./logs:/CLIProxyAPI/logs - restart: unless-stopped -EOF - -# 下载示例配置 -curl -o config.yaml https://raw.githubusercontent.com/linlang781/CLIProxyAPIPlus/main/config.example.yaml - -# 拉取并启动 -docker compose pull && docker compose up -d -``` - -### 配置说明 - -启动前请编辑 `config.yaml`: - -```yaml -# 基本配置示例 -server: - port: 8317 - -# 在此添加你的供应商配置 -``` - -### 更新到最新版本 - -```bash -cd ~/cli-proxy -docker compose pull && docker compose up -d -``` - -## 贡献 - -该项目仅接受第三方供应商支持的 Pull Request。任何非第三方供应商支持的 Pull Request 都将被拒绝。 - -如果需要提交任何非第三方供应商支持的 Pull Request,请提交到主线版本。 - -## 许可证 - -此项目根据 MIT 许可证授权 - 有关详细信息,请参阅 [LICENSE](LICENSE) 文件。 \ No newline at end of file diff --git a/sdk/cliproxy/service.go b/sdk/cliproxy/service.go index bccb9ec9..0e760ce7 100644 --- a/sdk/cliproxy/service.go +++ b/sdk/cliproxy/service.go @@ -1416,29 +1416,44 @@ func (s *Service) fetchKiroModels(a *coreauth.Auth) []*ModelInfo { } // extractKiroTokenData extracts KiroTokenData from auth attributes and metadata. +// It supports both config-based tokens (stored in Attributes) and file-based tokens (stored in Metadata). func (s *Service) extractKiroTokenData(a *coreauth.Auth) *kiroauth.KiroTokenData { - if a == nil || a.Attributes == nil { + if a == nil { return nil } - accessToken := strings.TrimSpace(a.Attributes["access_token"]) + var accessToken, profileArn, refreshToken string + + // Priority 1: Try to get from Attributes (config.yaml source) + if a.Attributes != nil { + accessToken = strings.TrimSpace(a.Attributes["access_token"]) + profileArn = strings.TrimSpace(a.Attributes["profile_arn"]) + refreshToken = strings.TrimSpace(a.Attributes["refresh_token"]) + } + + // Priority 2: If not found in Attributes, try Metadata (JSON file source) + if accessToken == "" && a.Metadata != nil { + if at, ok := a.Metadata["access_token"].(string); ok { + accessToken = strings.TrimSpace(at) + } + if pa, ok := a.Metadata["profile_arn"].(string); ok { + profileArn = strings.TrimSpace(pa) + } + if rt, ok := a.Metadata["refresh_token"].(string); ok { + refreshToken = strings.TrimSpace(rt) + } + } + + // access_token is required if accessToken == "" { return nil } - tokenData := &kiroauth.KiroTokenData{ - AccessToken: accessToken, - ProfileArn: strings.TrimSpace(a.Attributes["profile_arn"]), + return &kiroauth.KiroTokenData{ + AccessToken: accessToken, + ProfileArn: profileArn, + RefreshToken: refreshToken, } - - // Also try to get refresh token from metadata - if a.Metadata != nil { - if rt, ok := a.Metadata["refresh_token"].(string); ok { - tokenData.RefreshToken = rt - } - } - - return tokenData } // convertKiroAPIModels converts Kiro API models to ModelInfo slice.