Compare commits
27 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 6b34a39f6e | |||
| f0513683e5 | |||
| b3e53ca250 | |||
| 7a3b21eff8 | |||
| f8c8501036 | |||
| 4e1b5a5253 | |||
| 1aa27ceefe | |||
| 340dcf9515 | |||
| 1bd5d552c1 | |||
| 862d94b859 | |||
| be36d9c452 | |||
| 5ce95dd829 | |||
| d0fa01cc0a | |||
| c69ad118d1 | |||
| 0deeaf5ffb | |||
| 87c7c92ddd | |||
| f12b90f373 | |||
| 4e37027e1f | |||
| 245345f37d | |||
| 99be29ce8e | |||
| 6aaaaccb12 | |||
| 282c46fd46 | |||
| bc719875f6 | |||
| 78b634b204 | |||
| 39aae51ca2 | |||
| 937a8f3714 | |||
| c34973f40d |
@@ -1,54 +0,0 @@
|
||||
---
|
||||
description: Git workflow — NEVER commit directly to main. Always use feature branches.
|
||||
---
|
||||
|
||||
# Git Workflow
|
||||
|
||||
## ⚠️ CRITICAL RULE: NEVER commit directly to `main`
|
||||
|
||||
## Steps
|
||||
|
||||
1. **Before starting any work**, create a feature branch from `main`:
|
||||
|
||||
```bash
|
||||
git checkout main && git pull origin main
|
||||
git checkout -b feature/<feature-name>
|
||||
```
|
||||
|
||||
2. **During development**, commit to the feature branch:
|
||||
|
||||
```bash
|
||||
git add -A && git commit -m "<type>(<scope>): <description>"
|
||||
```
|
||||
|
||||
3. **Before pushing**, verify the build passes:
|
||||
|
||||
```bash
|
||||
npm run build
|
||||
```
|
||||
|
||||
4. **When the feature is complete and verified**, push the branch and STOP:
|
||||
|
||||
```bash
|
||||
git push origin feature/<feature-name>
|
||||
```
|
||||
|
||||
5. **DO NOT** create a PR, merge, or push to `main`. Let the user handle that.
|
||||
|
||||
## Branch naming convention
|
||||
|
||||
- `feature/<name>` — new features
|
||||
- `fix/<name>` — bugfixes
|
||||
- `refactor/<name>` — refactoring
|
||||
- `docker/<name>` — Docker / infrastructure changes
|
||||
- `style/<name>` — UI / CSS changes
|
||||
|
||||
## Commit types
|
||||
|
||||
- `feat` — new feature
|
||||
- `fix` — bugfix
|
||||
- `refactor` — code refactoring
|
||||
- `style` — UI / CSS changes
|
||||
- `docker` — Docker / infrastructure
|
||||
- `docs` — documentation
|
||||
- `chore` — maintenance
|
||||
+37
-6
@@ -44,6 +44,9 @@ REQUIRE_API_KEY=false
|
||||
BASE_URL=http://localhost:20128
|
||||
CLOUD_URL=
|
||||
# Backward-compatible/public variables:
|
||||
# NEXT_PUBLIC_BASE_URL is also used as the OAuth redirect_uri origin when running behind a
|
||||
# reverse proxy (e.g., nginx). Set this to your public-facing URL so OAuth callbacks work.
|
||||
# Example: NEXT_PUBLIC_BASE_URL=https://omniroute.example.com
|
||||
NEXT_PUBLIC_BASE_URL=http://localhost:20128
|
||||
NEXT_PUBLIC_CLOUD_URL=
|
||||
|
||||
@@ -79,17 +82,45 @@ NEXT_PUBLIC_ENABLE_SOCKS5_PROXY=true
|
||||
# Provider OAuth Credentials (optional — override hardcoded defaults)
|
||||
# These can also be set via data/provider-credentials.json
|
||||
# CLAUDE_OAUTH_CLIENT_ID=
|
||||
# GEMINI_OAUTH_CLIENT_ID=
|
||||
# GEMINI_OAUTH_CLIENT_SECRET=
|
||||
|
||||
# ─────────────────────────────────────────────────────────────────────────────
|
||||
# ⚠️ GOOGLE OAUTH (Antigravity, Gemini CLI) — IMPORTANT FOR REMOTE SERVERS
|
||||
# ─────────────────────────────────────────────────────────────────────────────
|
||||
# The built-in Google OAuth credentials ONLY work when OmniRoute runs on
|
||||
# localhost (127.0.0.1 / local network). They are registered with
|
||||
# redirect_uri = http://localhost:PORT/callback and Google will reject any
|
||||
# other redirect URI with: redirect_uri_mismatch.
|
||||
#
|
||||
# If you are hosting OmniRoute on a remote server (VPS, Docker, cloud), you
|
||||
# MUST register your own Google Cloud OAuth 2.0 credentials:
|
||||
#
|
||||
# 1. Go to https://console.cloud.google.com/apis/credentials
|
||||
# 2. Create an OAuth 2.0 Client ID (type: "Web application")
|
||||
# 3. Add your server URL as Authorized redirect URI:
|
||||
# https://your-server.com/callback
|
||||
# 4. Copy the Client ID and Client Secret below.
|
||||
#
|
||||
# See the full tutorial in README.md → "OAuth em Servidor Remoto" section.
|
||||
#
|
||||
# Antigravity (Google Gemini Code Assist):
|
||||
# ANTIGRAVITY_OAUTH_CLIENT_ID=your-client-id.apps.googleusercontent.com
|
||||
# ANTIGRAVITY_OAUTH_CLIENT_SECRET=GOCSPX-your-secret
|
||||
ANTIGRAVITY_OAUTH_CLIENT_SECRET=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
|
||||
|
||||
# Gemini CLI (Google AI):
|
||||
# GEMINI_OAUTH_CLIENT_ID=your-client-id.apps.googleusercontent.com
|
||||
# GEMINI_OAUTH_CLIENT_SECRET=GOCSPX-your-secret
|
||||
# GEMINI_CLI_OAUTH_CLIENT_ID=
|
||||
# GEMINI_CLI_OAUTH_CLIENT_SECRET=
|
||||
GEMINI_OAUTH_CLIENT_SECRET=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
|
||||
GEMINI_CLI_OAUTH_CLIENT_SECRET=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
|
||||
# ─────────────────────────────────────────────────────────────────────────────
|
||||
|
||||
# CLAUDE_OAUTH_CLIENT_ID=
|
||||
# CODEX_OAUTH_CLIENT_ID=
|
||||
# CODEX_OAUTH_CLIENT_SECRET=
|
||||
# QWEN_OAUTH_CLIENT_ID=
|
||||
# IFLOW_OAUTH_CLIENT_ID=
|
||||
# IFLOW_OAUTH_CLIENT_SECRET=
|
||||
# ANTIGRAVITY_OAUTH_CLIENT_ID=
|
||||
# ANTIGRAVITY_OAUTH_CLIENT_SECRET=
|
||||
IFLOW_OAUTH_CLIENT_SECRET=4Z3YjXycVsQvyGF1etiNlIBB4RsqSDtW
|
||||
|
||||
# API Key Providers (Phase 1 + Phase 4)
|
||||
# Add via Dashboard → Providers → Add API Key, or set here
|
||||
|
||||
+142
@@ -7,6 +7,144 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||
|
||||
---
|
||||
|
||||
## [1.0.10] — 2026-02-21
|
||||
|
||||
> ### 🐛 Bugfix — Multi-Account Support for Qwen
|
||||
>
|
||||
> Solves the issue where adding a second Qwen account would overwrite the first one.
|
||||
|
||||
### 🐛 Bug Fixes
|
||||
|
||||
- **OAuth Accounts** — Extracted user email from the `id_token` using JWT decoding for Qwen and similar providers, allowing multiple accounts of the same provider to be authenticated simultaneously instead of triggering the fallback overwrite logic ([#99](https://github.com/diegosouzapw/OmniRoute/issues/99))
|
||||
|
||||
---
|
||||
|
||||
## [1.0.9] — 2026-02-21
|
||||
|
||||
> ### 🐛 Hotfix — Settings Persistence
|
||||
>
|
||||
> Fixes blocked providers and API auth toggle not being saved after page reload.
|
||||
|
||||
### 🐛 Bug Fixes
|
||||
|
||||
- **Settings Persistence** — Added `requireAuthForModels` (boolean) and `blockedProviders` (string array) to the Zod validation schema, which was silently stripping these fields during PATCH requests, preventing them from being saved to the database
|
||||
|
||||
---
|
||||
|
||||
## [1.0.8] — 2026-02-21
|
||||
|
||||
> ### 🔒 API Security & Windows Support
|
||||
>
|
||||
> Adds API Endpoint Protection for `/models`, Windows server startup fixes, and UI improvements.
|
||||
|
||||
### ✨ New Features
|
||||
|
||||
- **API Endpoint Protection (`/models`)** — New Security Tab settings to optionally require an API key for the `/v1/models` endpoint (returns 404 when unauthorized) and to selectively block specific providers from appearing in the models list ([#100](https://github.com/diegosouzapw/OmniRoute/issues/100), [#96](https://github.com/diegosouzapw/OmniRoute/issues/96))
|
||||
- **Interactive Provider UI** — Blocked Providers setting features an interactive chip selector with visual badges for all available AI providers
|
||||
|
||||
### 🐛 Bug Fixes
|
||||
|
||||
- **Windows Server Startup** — Fixed `ERR_INVALID_FILE_URL_PATH` crash on Windows by safely wrapping `import.meta.url` resolution with a fallback to `process.cwd()` for globally installed npm packages ([#98](https://github.com/diegosouzapw/OmniRoute/issues/98))
|
||||
- **Combo buttons visibility** — Fixed layout overlap and tight spacing for the Quick Action buttons (Clone / Delete / Test) on the Combos page on narrower screens ([#95](https://github.com/diegosouzapw/OmniRoute/issues/95))
|
||||
|
||||
---
|
||||
|
||||
## [1.0.7] — 2026-02-20
|
||||
|
||||
> ### 🐛 Bugfix Release — OpenAI Compatibility, Custom Models & OAuth UX
|
||||
>
|
||||
> Fixes three community-reported issues: stream default now follows OpenAI spec, custom OpenAI-compatible providers appear in `/v1/models`, and Google OAuth shows a clear error + tutorial for remote deployments.
|
||||
|
||||
### 🐛 Bug Fixes
|
||||
|
||||
- **`stream` defaults to `false`** — Aligns with the OpenAI specification which explicitly states `stream` defaults to `false`. Previously OmniRoute defaulted to `true`, causing SSE data to be returned instead of a JSON object, breaking clients like Spacebot, OpenCode, and standard Python/Rust/Go OpenAI SDKs that don't explicitly set `stream: true` ([#89](https://github.com/diegosouzapw/OmniRoute/issues/89))
|
||||
- **Custom AI providers now appear in `/v1/models`** — OpenAI-compatible custom providers (e.g. FriendLI) whose provider ID wasn't in the built-in alias map were silently excluded from the models list even when active. Fixed by also checking the raw provider ID from the database against active connections ([#90](https://github.com/diegosouzapw/OmniRoute/issues/90))
|
||||
- **OAuth `redirect_uri_mismatch` — improved UX for remote deployments** — Google OAuth providers (Antigravity, Gemini CLI) now always use `localhost` as redirect URI matching the registered credentials. Remote-access users see a targeted amber warning with a link to the new setup guide. The token exchange error message explains the root cause and guides users to configure their own credentials ([#91](https://github.com/diegosouzapw/OmniRoute/issues/91))
|
||||
|
||||
### 📖 Documentation
|
||||
|
||||
- **OAuth em Servidor Remoto tutorial** — New README section with step-by-step guide to configure custom Google Cloud OAuth 2.0 credentials for remote/VPS/Docker deployments
|
||||
- **`.env.example` Google OAuth block** — Added prominent warning block explaining remote credential requirements with direct links to Google Cloud Console
|
||||
|
||||
### 📁 Files Modified
|
||||
|
||||
| File | Change |
|
||||
| -------------------------------------- | ------------------------------------------------------------------------------------------- |
|
||||
| `open-sse/handlers/chatCore.ts` | `stream` defaults to `false` (was `true`) per OpenAI spec |
|
||||
| `src/app/api/v1/models/route.ts` | Added raw `providerId` check for custom models active-provider filter |
|
||||
| `src/shared/components/OAuthModal.tsx` | Force `localhost` redirect for Google OAuth; improved `redirect_uri_mismatch` error message |
|
||||
| `.env.example` | Added ⚠️ Google OAuth remote credentials block with step-by-step instructions |
|
||||
| `README.md` | New "🔐 OAuth em Servidor Remoto" tutorial section |
|
||||
|
||||
---
|
||||
|
||||
## [1.0.6] — 2026-02-20
|
||||
|
||||
> ### ✨ Provider & Combo Toggles — Strict Model Filtering
|
||||
>
|
||||
> `/v1/models` now shows only models from providers with active connections. Combos and providers can be toggled on/off directly from the dashboard.
|
||||
|
||||
### ✨ New Features
|
||||
|
||||
- **Provider toggle on Providers page** — Enable/disable all connections for a provider directly from the main Providers list. Toggle is always visible, no hover needed
|
||||
- **Combo enable/disable toggle** — Each combo on the Combos page now has a toggle. Disabled combos are excluded from `/v1/models`
|
||||
- **OAuth private IP support** — Expanded localhost detection to include private/LAN IPs (`192.168.x.x`, `10.x.x.x`, `172.16-31.x.x`) for correct OAuth redirect URIs
|
||||
|
||||
### 🐛 Bug Fixes
|
||||
|
||||
- **`/v1/models` strict filtering** — Models are now shown only from providers with active, enabled connections. Previously, if no connections existed or all were disabled, all 378+ models were shown as a fallback
|
||||
- **Disabled provider models hidden** — Toggling off a provider immediately removes its models from `/v1/models`
|
||||
|
||||
---
|
||||
|
||||
## [1.0.5] — 2026-02-20
|
||||
|
||||
> ### 🐛 Hotfix — Model Filtering & Docker DATA_DIR
|
||||
>
|
||||
> Filters all model types in `/v1/models` by active providers and fixes Docker data directory mismatch.
|
||||
|
||||
### 🐛 Bug Fixes
|
||||
|
||||
- **`/v1/models` full filtering** — Embedding, image, rerank, audio, and moderation models are now filtered by active provider connections, matching chat model behavior. Providers like Together AI no longer appear without a configured API key (#88)
|
||||
- **Docker `DATA_DIR`** — Added `ENV DATA_DIR=/app/data` to Dockerfile and `docker-compose.yml` ensuring the volume mount always matches the app data directory — prevents empty database on container recreation
|
||||
|
||||
---
|
||||
|
||||
## [1.0.4] — 2026-02-19
|
||||
|
||||
> ### 🔧 Provider Filtering, OAuth Proxy Fix & Documentation
|
||||
>
|
||||
> Dashboard model filtering by active providers, provider enable/disable visual indicators, OAuth login fix for nginx reverse proxy, and LLM onboarding documentation.
|
||||
|
||||
### ✨ Features
|
||||
|
||||
- **API Models filtering** — `GET /api/models` now returns only models from active providers; use `?all=true` for all models (#85)
|
||||
- **Provider disabled indicator** — Provider cards show ⏸ "Disabled" badge with reduced opacity when all connections are inactive (#85)
|
||||
- **`llm.txt`** — Comprehensive LLM onboarding file with project overview, architecture, flows, and conventions (#84)
|
||||
- **WhatsApp Community** — Added WhatsApp group link to README badges and Support section
|
||||
|
||||
### 🐛 Bug Fixes
|
||||
|
||||
- **OAuth behind nginx** — Fixed OAuth login failing when behind a reverse proxy by using `window.location.origin` for redirect URI instead of hardcoded `localhost` (#86)
|
||||
- **`NEXT_PUBLIC_BASE_URL` for OAuth** — Documented env var usage as redirect URI override for proxy deployments (#86)
|
||||
|
||||
### 📁 Files Added
|
||||
|
||||
| File | Purpose |
|
||||
| --------- | -------------------------------------------------- |
|
||||
| `llm.txt` | LLM and contributor onboarding (llms.txt standard) |
|
||||
|
||||
### 📁 Files Modified
|
||||
|
||||
| File | Change |
|
||||
| -------------------------------------------------- | ---------------------------------------------------------------- |
|
||||
| `src/app/api/models/route.ts` | Filter by active providers, `?all=true` param, `available` field |
|
||||
| `src/app/(dashboard)/dashboard/providers/page.tsx` | `allDisabled` detection + ⏸ badge + opacity-50 on provider cards |
|
||||
| `src/shared/components/OAuthModal.tsx` | Proxy-aware redirect URI using `window.location.origin` |
|
||||
| `.env.example` | Documented `NEXT_PUBLIC_BASE_URL` for OAuth behind proxy |
|
||||
|
||||
---
|
||||
|
||||
## [1.0.3] — 2026-02-19
|
||||
|
||||
> ### 📊 Logs Dashboard & Real-Time Console Viewer
|
||||
@@ -286,6 +424,10 @@ New environment variables:
|
||||
|
||||
---
|
||||
|
||||
[1.0.7]: https://github.com/diegosouzapw/OmniRoute/releases/tag/v1.0.7
|
||||
[1.0.6]: https://github.com/diegosouzapw/OmniRoute/releases/tag/v1.0.6
|
||||
[1.0.5]: https://github.com/diegosouzapw/OmniRoute/releases/tag/v1.0.5
|
||||
[1.0.4]: https://github.com/diegosouzapw/OmniRoute/releases/tag/v1.0.4
|
||||
[1.1.0]: https://github.com/diegosouzapw/OmniRoute/releases/tag/v1.1.0
|
||||
[1.0.3]: https://github.com/diegosouzapw/OmniRoute/releases/tag/v1.0.3
|
||||
[1.0.2]: https://github.com/diegosouzapw/OmniRoute/releases/tag/v1.0.2
|
||||
|
||||
+2
-1
@@ -20,7 +20,8 @@ ENV NODE_ENV=production
|
||||
ENV PORT=20128
|
||||
ENV HOSTNAME=0.0.0.0
|
||||
|
||||
# Runtime writable location for localDb when DATA_DIR is configured to /app/data
|
||||
# Data directory inside Docker — must match the volume mount in docker-compose.yml
|
||||
ENV DATA_DIR=/app/data
|
||||
RUN mkdir -p /app/data
|
||||
|
||||
COPY --from=builder /app/public ./public
|
||||
|
||||
+9
-4
@@ -100,6 +100,7 @@ _Verbinde jedes KI-gesteuerte IDE- oder CLI-Tool über OmniRoute — kostenloses
|
||||
[](https://hub.docker.com/r/diegosouzapw/omniroute)
|
||||
[](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
|
||||
[](https://omniroute.online)
|
||||
[](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
|
||||
|
||||
[🌐 Website](https://omniroute.online) • [🚀 Schnellstart](#-schnellstart) • [💡 Funktionen](#-hauptfunktionen) • [📖 Doku](#-dokumentation) • [💰 Preise](#-preisübersicht)
|
||||
|
||||
@@ -242,7 +243,7 @@ docker compose --profile cli up -d
|
||||
| Image | Tag | Größe | Beschreibung |
|
||||
| ------------------------ | -------- | ------ | ------------------------ |
|
||||
| `diegosouzapw/omniroute` | `latest` | ~250MB | Letztes stabiles Release |
|
||||
| `diegosouzapw/omniroute` | `1.0.3` | ~250MB | Aktuelle Version |
|
||||
| `diegosouzapw/omniroute` | `1.0.6` | ~250MB | Aktuelle Version |
|
||||
|
||||
---
|
||||
|
||||
@@ -892,7 +893,7 @@ Das vorgeladene „OmniRoute Golden Set" enthält 10 Testfälle:
|
||||
**Verbindungstest zeigt „Invalid" für OpenAI-kompatible Anbieter**
|
||||
|
||||
- Viele Anbieter stellen den `/models` Endpoint nicht bereit
|
||||
- OmniRoute v1.0.3+ enthält Fallback-Validierung via Chat Completions
|
||||
- OmniRoute v1.0.6+ enthält Fallback-Validierung via Chat Completions
|
||||
- Stelle sicher, dass die Base URL den `/v1` Suffix enthält
|
||||
|
||||
</details>
|
||||
@@ -902,7 +903,7 @@ Das vorgeladene „OmniRoute Golden Set" enthält 10 Testfälle:
|
||||
## 🛠️ Technologie-Stack
|
||||
|
||||
- **Runtime**: Node.js 20+
|
||||
- **Sprache**: TypeScript 5.9 — **100% TypeScript** in `src/` und `open-sse/` (v1.0.3)
|
||||
- **Sprache**: TypeScript 5.9 — **100% TypeScript** in `src/` und `open-sse/` (v1.0.6)
|
||||
- **Framework**: Next.js 16 + React 19 + Tailwind CSS 4
|
||||
- **Datenbank**: LowDB (JSON) + SQLite (Domain-Status + Proxy-Logs)
|
||||
- **Streaming**: Server-Sent Events (SSE)
|
||||
@@ -932,9 +933,13 @@ Das vorgeladene „OmniRoute Golden Set" enthält 10 Testfälle:
|
||||
|
||||
## 📧 Support
|
||||
|
||||
> 💬 **Treten Sie unserer Community bei!** [WhatsApp-Gruppe](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t) — Hilfe bekommen, Tipps teilen und auf dem Laufenden bleiben.
|
||||
|
||||
- **Website**: [omniroute.online](https://omniroute.online)
|
||||
- **GitHub**: [github.com/diegosouzapw/OmniRoute](https://github.com/diegosouzapw/OmniRoute)
|
||||
- **Issues**: [github.com/diegosouzapw/OmniRoute/issues](https://github.com/diegosouzapw/OmniRoute/issues)
|
||||
- **WhatsApp**: [Community-Gruppe](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
|
||||
- **WhatsApp**: [Community-Gruppe](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
|
||||
- **Originalprojekt**: [9router von decolua](https://github.com/decolua/9router)
|
||||
|
||||
---
|
||||
@@ -957,7 +962,7 @@ Siehe [CONTRIBUTING.md](CONTRIBUTING.md) für detaillierte Richtlinien.
|
||||
|
||||
```bash
|
||||
# Release erstellen — npm-Veröffentlichung erfolgt automatisch
|
||||
gh release create v1.0.3 --title "v1.0.3" --generate-notes
|
||||
gh release create v1.0.6 --title "v1.0.6" --generate-notes
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
+8
-4
@@ -100,6 +100,7 @@ _Conecta cualquier IDE o herramienta CLI con IA a través de OmniRoute — gatew
|
||||
[](https://hub.docker.com/r/diegosouzapw/omniroute)
|
||||
[](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
|
||||
[](https://omniroute.online)
|
||||
[](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
|
||||
|
||||
[🌐 Website](https://omniroute.online) • [🚀 Inicio Rápido](#-inicio-rápido) • [💡 Características](#-características-principales) • [📖 Docs](#-documentación) • [💰 Precios](#-precios-resumidos)
|
||||
|
||||
@@ -242,7 +243,7 @@ docker compose --profile cli up -d
|
||||
| Imagen | Tag | Tamaño | Descripción |
|
||||
| ------------------------ | -------- | ------ | ---------------------- |
|
||||
| `diegosouzapw/omniroute` | `latest` | ~250MB | Última versión estable |
|
||||
| `diegosouzapw/omniroute` | `1.0.3` | ~250MB | Versión actual |
|
||||
| `diegosouzapw/omniroute` | `1.0.6` | ~250MB | Versión actual |
|
||||
|
||||
---
|
||||
|
||||
@@ -892,7 +893,7 @@ El "OmniRoute Golden Set" precargado contiene 10 casos de prueba que cubren:
|
||||
**Prueba de conexión muestra "Invalid" para proveedores compatibles con OpenAI**
|
||||
|
||||
- Muchos proveedores no exponen el endpoint `/models`
|
||||
- OmniRoute v1.0.3+ incluye validación vía chat completions como fallback
|
||||
- OmniRoute v1.0.6+ incluye validación vía chat completions como fallback
|
||||
- Asegúrate de que la URL base incluya el sufijo `/v1`
|
||||
|
||||
</details>
|
||||
@@ -902,7 +903,7 @@ El "OmniRoute Golden Set" precargado contiene 10 casos de prueba que cubren:
|
||||
## 🛠️ Stack Tecnológico
|
||||
|
||||
- **Runtime**: Node.js 20+
|
||||
- **Lenguaje**: TypeScript 5.9 — **100% TypeScript** en `src/` y `open-sse/` (v1.0.3)
|
||||
- **Lenguaje**: TypeScript 5.9 — **100% TypeScript** en `src/` y `open-sse/` (v1.0.6)
|
||||
- **Framework**: Next.js 16 + React 19 + Tailwind CSS 4
|
||||
- **Base de Datos**: LowDB (JSON) + SQLite (estado del dominio + logs de proxy)
|
||||
- **Streaming**: Server-Sent Events (SSE)
|
||||
@@ -932,9 +933,12 @@ El "OmniRoute Golden Set" precargado contiene 10 casos de prueba que cubren:
|
||||
|
||||
## 📧 Soporte
|
||||
|
||||
> 💬 **¡Únete a la comunidad!** [Grupo WhatsApp](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t) — Obtén ayuda, comparte consejos y mantente al día.
|
||||
|
||||
- **Website**: [omniroute.online](https://omniroute.online)
|
||||
- **GitHub**: [github.com/diegosouzapw/OmniRoute](https://github.com/diegosouzapw/OmniRoute)
|
||||
- **Issues**: [github.com/diegosouzapw/OmniRoute/issues](https://github.com/diegosouzapw/OmniRoute/issues)
|
||||
- **WhatsApp**: [Grupo de la Comunidad](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
|
||||
- **Proyecto Original**: [9router por decolua](https://github.com/decolua/9router)
|
||||
|
||||
---
|
||||
@@ -957,7 +961,7 @@ Consulta [CONTRIBUTING.md](CONTRIBUTING.md) para directrices detalladas.
|
||||
|
||||
```bash
|
||||
# Crea un release — la publicación en npm ocurre automáticamente
|
||||
gh release create v1.0.3 --title "v1.0.3" --generate-notes
|
||||
gh release create v1.0.6 --title "v1.0.6" --generate-notes
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
+8
-4
@@ -100,6 +100,7 @@ _Connectez n'importe quel IDE ou outil CLI alimenté par l'IA via OmniRoute —
|
||||
[](https://hub.docker.com/r/diegosouzapw/omniroute)
|
||||
[](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
|
||||
[](https://omniroute.online)
|
||||
[](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
|
||||
|
||||
[🌐 Site web](https://omniroute.online) • [🚀 Démarrage rapide](#-démarrage-rapide) • [💡 Fonctionnalités](#-fonctionnalités-principales) • [📖 Docs](#-documentation) • [💰 Tarifs](#-aperçu-des-tarifs)
|
||||
|
||||
@@ -242,7 +243,7 @@ docker compose --profile cli up -d
|
||||
| Image | Tag | Taille | Description |
|
||||
| ------------------------ | -------- | ------ | ----------------------- |
|
||||
| `diegosouzapw/omniroute` | `latest` | ~250MB | Dernière version stable |
|
||||
| `diegosouzapw/omniroute` | `1.0.3` | ~250MB | Version actuelle |
|
||||
| `diegosouzapw/omniroute` | `1.0.6` | ~250MB | Version actuelle |
|
||||
|
||||
---
|
||||
|
||||
@@ -892,7 +893,7 @@ Le « OmniRoute Golden Set » préchargé contient 10 cas de test :
|
||||
**Le test de connexion affiche « Invalid » pour les fournisseurs compatibles OpenAI**
|
||||
|
||||
- Beaucoup de fournisseurs n'exposent pas le point de terminaison `/models`
|
||||
- OmniRoute v1.0.3+ inclut une validation de secours via chat completions
|
||||
- OmniRoute v1.0.6+ inclut une validation de secours via chat completions
|
||||
- Assurez-vous que l'URL de base inclut le suffixe `/v1`
|
||||
|
||||
</details>
|
||||
@@ -902,7 +903,7 @@ Le « OmniRoute Golden Set » préchargé contient 10 cas de test :
|
||||
## 🛠️ Stack technologique
|
||||
|
||||
- **Runtime** : Node.js 20+
|
||||
- **Langage** : TypeScript 5.9 — **100% TypeScript** dans `src/` et `open-sse/` (v1.0.3)
|
||||
- **Langage** : TypeScript 5.9 — **100% TypeScript** dans `src/` et `open-sse/` (v1.0.6)
|
||||
- **Framework** : Next.js 16 + React 19 + Tailwind CSS 4
|
||||
- **Base de données** : LowDB (JSON) + SQLite (état du domaine + logs proxy)
|
||||
- **Streaming** : Server-Sent Events (SSE)
|
||||
@@ -932,9 +933,12 @@ Le « OmniRoute Golden Set » préchargé contient 10 cas de test :
|
||||
|
||||
## 📧 Support
|
||||
|
||||
> 💬 **Rejoignez notre communauté !** [Groupe WhatsApp](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t) — Obtenez de l'aide, partagez des astuces et restez informé.
|
||||
|
||||
- **Site web** : [omniroute.online](https://omniroute.online)
|
||||
- **GitHub** : [github.com/diegosouzapw/OmniRoute](https://github.com/diegosouzapw/OmniRoute)
|
||||
- **Issues** : [github.com/diegosouzapw/OmniRoute/issues](https://github.com/diegosouzapw/OmniRoute/issues)
|
||||
- **WhatsApp** : [Groupe communautaire](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
|
||||
- **Projet original** : [9router par decolua](https://github.com/decolua/9router)
|
||||
|
||||
---
|
||||
@@ -957,7 +961,7 @@ Consultez [CONTRIBUTING.md](CONTRIBUTING.md) pour les directives détaillées.
|
||||
|
||||
```bash
|
||||
# Créer un release — la publication npm est automatique
|
||||
gh release create v1.0.3 --title "v1.0.3" --generate-notes
|
||||
gh release create v1.0.6 --title "v1.0.6" --generate-notes
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
+9
-4
@@ -100,6 +100,7 @@ _Connetti qualsiasi IDE o strumento CLI con IA tramite OmniRoute — gateway API
|
||||
[](https://hub.docker.com/r/diegosouzapw/omniroute)
|
||||
[](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
|
||||
[](https://omniroute.online)
|
||||
[](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
|
||||
|
||||
[🌐 Sito Web](https://omniroute.online) • [🚀 Avvio Rapido](#-avvio-rapido) • [💡 Funzionalità](#-funzionalità-principali) • [📖 Docs](#-documentazione) • [💰 Prezzi](#-panoramica-prezzi)
|
||||
|
||||
@@ -242,7 +243,7 @@ docker compose --profile cli up -d
|
||||
| Immagine | Tag | Dimensione | Descrizione |
|
||||
| ------------------------ | -------- | ---------- | ----------------------- |
|
||||
| `diegosouzapw/omniroute` | `latest` | ~250MB | Ultima versione stabile |
|
||||
| `diegosouzapw/omniroute` | `1.0.3` | ~250MB | Versione attuale |
|
||||
| `diegosouzapw/omniroute` | `1.0.6` | ~250MB | Versione attuale |
|
||||
|
||||
---
|
||||
|
||||
@@ -892,7 +893,7 @@ Il "OmniRoute Golden Set" precaricato contiene 10 casi di test:
|
||||
**Il test di connessione mostra "Invalid" per provider compatibili OpenAI**
|
||||
|
||||
- Molti provider non espongono l'endpoint `/models`
|
||||
- OmniRoute v1.0.3+ include validazione fallback tramite chat completions
|
||||
- OmniRoute v1.0.6+ include validazione fallback tramite chat completions
|
||||
- Assicurati che la URL base includa il suffisso `/v1`
|
||||
|
||||
</details>
|
||||
@@ -902,7 +903,7 @@ Il "OmniRoute Golden Set" precaricato contiene 10 casi di test:
|
||||
## 🛠️ Stack Tecnologico
|
||||
|
||||
- **Runtime**: Node.js 20+
|
||||
- **Linguaggio**: TypeScript 5.9 — **100% TypeScript** in `src/` e `open-sse/` (v1.0.3)
|
||||
- **Linguaggio**: TypeScript 5.9 — **100% TypeScript** in `src/` e `open-sse/` (v1.0.6)
|
||||
- **Framework**: Next.js 16 + React 19 + Tailwind CSS 4
|
||||
- **Database**: LowDB (JSON) + SQLite (stato dominio + log proxy)
|
||||
- **Streaming**: Server-Sent Events (SSE)
|
||||
@@ -932,9 +933,13 @@ Il "OmniRoute Golden Set" precaricato contiene 10 casi di test:
|
||||
|
||||
## 📧 Supporto
|
||||
|
||||
> 💬 **Unisciti alla nostra community!** [Gruppo WhatsApp](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t) — Ottieni aiuto, condividi consigli e rimani aggiornato.
|
||||
|
||||
- **Sito Web**: [omniroute.online](https://omniroute.online)
|
||||
- **GitHub**: [github.com/diegosouzapw/OmniRoute](https://github.com/diegosouzapw/OmniRoute)
|
||||
- **Issues**: [github.com/diegosouzapw/OmniRoute/issues](https://github.com/diegosouzapw/OmniRoute/issues)
|
||||
- **WhatsApp**: [Gruppo della comunità](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
|
||||
- **WhatsApp**: [Gruppo della comunità](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
|
||||
- **Progetto Originale**: [9router di decolua](https://github.com/decolua/9router)
|
||||
|
||||
---
|
||||
@@ -957,7 +962,7 @@ Consulta [CONTRIBUTING.md](CONTRIBUTING.md) per le linee guida dettagliate.
|
||||
|
||||
```bash
|
||||
# Crea un rilascio — la pubblicazione npm avviene automaticamente
|
||||
gh release create v1.0.3 --title "v1.0.3" --generate-notes
|
||||
gh release create v1.0.6 --title "v1.0.6" --generate-notes
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
@@ -100,8 +100,9 @@ _Connect any AI-powered IDE or CLI tool through OmniRoute — free API gateway f
|
||||
[](https://hub.docker.com/r/diegosouzapw/omniroute)
|
||||
[](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
|
||||
[](https://omniroute.online)
|
||||
[](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
|
||||
|
||||
[🌐 Website](https://omniroute.online) • [🚀 Quick Start](#-quick-start) • [💡 Features](#-key-features) • [📖 Docs](#-documentation) • [💰 Pricing](#-pricing-at-a-glance)
|
||||
[🌐 Website](https://omniroute.online) • [🚀 Quick Start](#-quick-start) • [💡 Features](#-key-features) • [📖 Docs](#-documentation) • [💰 Pricing](#-pricing-at-a-glance) • [💬 WhatsApp](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
|
||||
|
||||
🌐 **Available in:** [English](README.md) | [Português](README.pt-BR.md) | [Español](README.es.md) | [Русский](README.ru.md) | [中文](README.zh-CN.md) | [Deutsch](README.de.md) | [Français](README.fr.md) | [Italiano](README.it.md)
|
||||
|
||||
@@ -372,6 +373,7 @@ Access via: WhatsApp, Telegram, Slack, Discord, iMessage, Signal...
|
||||
| 🔒 **TLS Fingerprint Spoofing** | Bypass TLS-based bot detection via wreq-js |
|
||||
| 🌐 **IP Filtering** | Allowlist/blocklist for API access control |
|
||||
| 📊 **Editable Rate Limits** | Configurable RPM, min gap, and max concurrent at system level |
|
||||
| 🛡 **API Endpoint Protection** | Auth gating + provider blocking for the `/models` endpoint |
|
||||
|
||||
### 📊 Observability & Analytics
|
||||
|
||||
@@ -857,6 +859,99 @@ The pre-loaded "OmniRoute Golden Set" contains 10 test cases covering:
|
||||
|
||||
---
|
||||
|
||||
## 🔐 OAuth em Servidor Remoto (Remote OAuth Setup)
|
||||
|
||||
<a name="oauth-em-servidor-remoto"></a>
|
||||
|
||||
> **⚠️ IMPORTANTE para usuários com OmniRoute em VPS/Docker/servidor remoto**
|
||||
|
||||
### Por que o OAuth do Antigravity / Gemini CLI falha em servidores remotos?
|
||||
|
||||
Os provedores **Antigravity** e **Gemini CLI** usam **Google OAuth 2.0** para autenticação. O Google exige que a `redirect_uri` usada no fluxo OAuth seja **exatamente** uma das URIs pré-cadastradas no Google Cloud Console do aplicativo.
|
||||
|
||||
As credenciais OAuth embutidas no OmniRoute estão cadastradas **apenas para `localhost`**. Quando você acessa o OmniRoute em um servidor remoto (ex: `https://omniroute.meuservidor.com`), o Google rejeita a autenticação com:
|
||||
|
||||
```
|
||||
Error 400: redirect_uri_mismatch
|
||||
```
|
||||
|
||||
### Solução: Configure suas próprias credenciais OAuth
|
||||
|
||||
Você precisa criar um **OAuth 2.0 Client ID** no Google Cloud Console com a URI do seu servidor.
|
||||
|
||||
#### Passo a passo
|
||||
|
||||
**1. Acesse o Google Cloud Console**
|
||||
|
||||
Abra: [https://console.cloud.google.com/apis/credentials](https://console.cloud.google.com/apis/credentials)
|
||||
|
||||
**2. Crie um novo OAuth 2.0 Client ID**
|
||||
|
||||
- Clique em **"+ Create Credentials"** → **"OAuth client ID"**
|
||||
- Tipo de aplicativo: **"Web application"**
|
||||
- Nome: escolha qualquer nome (ex: `OmniRoute Remote`)
|
||||
|
||||
**3. Adicione as Authorized Redirect URIs**
|
||||
|
||||
No campo **"Authorized redirect URIs"**, adicione:
|
||||
|
||||
```
|
||||
https://seu-servidor.com/callback
|
||||
```
|
||||
|
||||
> Substitua `seu-servidor.com` pelo domínio ou IP do seu servidor (inclua a porta se necessário, ex: `http://45.33.32.156:20128/callback`).
|
||||
|
||||
**4. Salve e copie as credenciais**
|
||||
|
||||
Após criar, o Google mostrará o **Client ID** e o **Client Secret**.
|
||||
|
||||
**5. Configure as variáveis de ambiente**
|
||||
|
||||
No seu `.env` (ou nas variáveis de ambiente do Docker):
|
||||
|
||||
```bash
|
||||
# Para Antigravity:
|
||||
ANTIGRAVITY_OAUTH_CLIENT_ID=seu-client-id.apps.googleusercontent.com
|
||||
ANTIGRAVITY_OAUTH_CLIENT_SECRET=GOCSPX-seu-secret
|
||||
|
||||
# Para Gemini CLI:
|
||||
GEMINI_OAUTH_CLIENT_ID=seu-client-id.apps.googleusercontent.com
|
||||
GEMINI_OAUTH_CLIENT_SECRET=GOCSPX-seu-secret
|
||||
GEMINI_CLI_OAUTH_CLIENT_SECRET=GOCSPX-seu-secret
|
||||
```
|
||||
|
||||
**6. Reinicie o OmniRoute**
|
||||
|
||||
```bash
|
||||
# Se usando npm:
|
||||
npm run dev
|
||||
|
||||
# Se usando Docker:
|
||||
docker restart omniroute
|
||||
```
|
||||
|
||||
**7. Tente conectar novamente**
|
||||
|
||||
Dashboard → Providers → Antigravity (ou Gemini CLI) → OAuth
|
||||
|
||||
Agora o Google redirecionará corretamente para `https://seu-servidor.com/callback` e a autenticação funcionará.
|
||||
|
||||
---
|
||||
|
||||
### Workaround temporário (sem configurar credenciais próprias)
|
||||
|
||||
Se não quiser criar credenciais próprias agora, ainda é possível usar o fluxo **manual de URL**:
|
||||
|
||||
1. O OmniRoute abrirá a URL de autorização do Google
|
||||
2. Após você autorizar, o Google tentará redirecionar para `localhost` (que falha no servidor remoto)
|
||||
3. **Copie a URL completa** da barra de endereço do seu browser (mesmo que a página não carregue)
|
||||
4. Cole essa URL no campo que aparece no modal de conexão do OmniRoute
|
||||
5. Clique em **"Connect"**
|
||||
|
||||
> Este workaround funciona porque o código de autorização na URL é válido independente do redirect ter carregado ou não.
|
||||
|
||||
---
|
||||
|
||||
## 🐛 Troubleshooting
|
||||
|
||||
<details>
|
||||
@@ -905,7 +1000,7 @@ The pre-loaded "OmniRoute Golden Set" contains 10 test cases covering:
|
||||
**Connection test shows "Invalid" for OpenAI-compatible providers**
|
||||
|
||||
- Many providers don't expose a `/models` endpoint
|
||||
- OmniRoute v1.0.3+ includes fallback validation via chat completions
|
||||
- OmniRoute v1.0.6+ includes fallback validation via chat completions
|
||||
- Ensure base URL includes `/v1` suffix
|
||||
|
||||
</details>
|
||||
@@ -915,7 +1010,7 @@ The pre-loaded "OmniRoute Golden Set" contains 10 test cases covering:
|
||||
## 🛠️ Tech Stack
|
||||
|
||||
- **Runtime**: Node.js 20+
|
||||
- **Language**: TypeScript 5.9 — **100% TypeScript** across `src/` and `open-sse/` (v1.0.3)
|
||||
- **Language**: TypeScript 5.9 — **100% TypeScript** across `src/` and `open-sse/` (v1.0.6)
|
||||
- **Framework**: Next.js 16 + React 19 + Tailwind CSS 4
|
||||
- **Database**: LowDB (JSON) + SQLite (domain state + proxy logs)
|
||||
- **Streaming**: Server-Sent Events (SSE)
|
||||
@@ -991,9 +1086,12 @@ OmniRoute has **210+ features planned** across multiple development phases. Here
|
||||
|
||||
## 📧 Support
|
||||
|
||||
> 💬 **Join our community!** [WhatsApp Group](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t) — Get help, share tips, and stay updated.
|
||||
|
||||
- **Website**: [omniroute.online](https://omniroute.online)
|
||||
- **GitHub**: [github.com/diegosouzapw/OmniRoute](https://github.com/diegosouzapw/OmniRoute)
|
||||
- **Issues**: [github.com/diegosouzapw/OmniRoute/issues](https://github.com/diegosouzapw/OmniRoute/issues)
|
||||
- **WhatsApp**: [Community Group](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
|
||||
- **Original Project**: [9router by decolua](https://github.com/decolua/9router)
|
||||
|
||||
---
|
||||
@@ -1016,7 +1114,7 @@ See [CONTRIBUTING.md](CONTRIBUTING.md) for detailed guidelines.
|
||||
|
||||
```bash
|
||||
# Create a release — npm publish happens automatically
|
||||
gh release create v1.0.3 --title "v1.0.3" --generate-notes
|
||||
gh release create v1.0.6 --title "v1.0.6" --generate-notes
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
+9
-4
@@ -100,6 +100,7 @@ _Conecte qualquer IDE ou ferramenta CLI com IA através do OmniRoute — gateway
|
||||
[](https://hub.docker.com/r/diegosouzapw/omniroute)
|
||||
[](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
|
||||
[](https://omniroute.online)
|
||||
[](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
|
||||
|
||||
[🌐 Website](https://omniroute.online) • [🚀 Início Rápido](#-início-rápido) • [💡 Funcionalidades](#-funcionalidades-principais) • [📖 Docs](#-documentação) • [💰 Preços](#-preços-resumidos)
|
||||
|
||||
@@ -242,7 +243,7 @@ docker compose --profile cli up -d
|
||||
| Imagem | Tag | Tamanho | Descrição |
|
||||
| ------------------------ | -------- | ------- | --------------------- |
|
||||
| `diegosouzapw/omniroute` | `latest` | ~250MB | Última versão estável |
|
||||
| `diegosouzapw/omniroute` | `1.0.3` | ~250MB | Versão atual |
|
||||
| `diegosouzapw/omniroute` | `1.0.6` | ~250MB | Versão atual |
|
||||
|
||||
---
|
||||
|
||||
@@ -372,6 +373,7 @@ Acesso via: WhatsApp, Telegram, Slack, Discord, iMessage, Signal...
|
||||
| 🔒 **Spoofing de Fingerprint TLS** | Bypass de detecção de bot via TLS com wreq-js |
|
||||
| 🌐 **Filtragem de IP** | Allowlist/blocklist para controle de acesso à API |
|
||||
| 📊 **Rate Limits Editáveis** | RPM, gap mínimo e concorrência máxima configuráveis |
|
||||
| 🛡 **Proteção de Endpoint API** | Gateway de Auth + bloqueio de provedores para o endpoint `/models` |
|
||||
|
||||
### 📊 Observabilidade e Analytics
|
||||
|
||||
@@ -899,7 +901,7 @@ O "OmniRoute Golden Set" pré-carregado contém 10 casos de teste cobrindo:
|
||||
**Teste de conexão mostra "Invalid" para provedores compatíveis com OpenAI**
|
||||
|
||||
- Muitos provedores não expõem endpoint `/models`
|
||||
- OmniRoute v1.0.3+ inclui validação via chat completions como fallback
|
||||
- OmniRoute v1.0.6+ inclui validação via chat completions como fallback
|
||||
- Certifique-se de que a base URL inclui sufixo `/v1`
|
||||
|
||||
</details>
|
||||
@@ -909,7 +911,7 @@ O "OmniRoute Golden Set" pré-carregado contém 10 casos de teste cobrindo:
|
||||
## 🛠️ Stack Tecnológico
|
||||
|
||||
- **Runtime**: Node.js 20+
|
||||
- **Linguagem**: TypeScript 5.9 — **100% TypeScript** em `src/` e `open-sse/` (v1.0.3)
|
||||
- **Linguagem**: TypeScript 5.9 — **100% TypeScript** em `src/` e `open-sse/` (v1.0.6)
|
||||
- **Framework**: Next.js 16 + React 19 + Tailwind CSS 4
|
||||
- **Banco de Dados**: LowDB (JSON) + SQLite (estado do domínio + logs de proxy)
|
||||
- **Streaming**: Server-Sent Events (SSE)
|
||||
@@ -985,9 +987,12 @@ O OmniRoute tem **210+ funcionalidades planejadas** em múltiplas fases de desen
|
||||
|
||||
## 📧 Suporte
|
||||
|
||||
> 💬 **Participe da comunidade!** [Grupo WhatsApp](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t) — Tire dúvidas, compartilhe dicas e fique atualizado.
|
||||
|
||||
- **Website**: [omniroute.online](https://omniroute.online)
|
||||
- **GitHub**: [github.com/diegosouzapw/OmniRoute](https://github.com/diegosouzapw/OmniRoute)
|
||||
- **Issues**: [github.com/diegosouzapw/OmniRoute/issues](https://github.com/diegosouzapw/OmniRoute/issues)
|
||||
- **WhatsApp**: [Grupo da Comunidade](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
|
||||
- **Projeto Original**: [9router por decolua](https://github.com/decolua/9router)
|
||||
|
||||
---
|
||||
@@ -1010,7 +1015,7 @@ Veja [CONTRIBUTING.md](CONTRIBUTING.md) para diretrizes detalhadas.
|
||||
|
||||
```bash
|
||||
# Crie um release — publicação no npm acontece automaticamente
|
||||
gh release create v1.0.3 --title "v1.0.3" --generate-notes
|
||||
gh release create v1.0.6 --title "v1.0.6" --generate-notes
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
+8
-4
@@ -100,6 +100,7 @@ _Подключайте любую IDE или CLI-инструмент с AI ч
|
||||
[](https://hub.docker.com/r/diegosouzapw/omniroute)
|
||||
[](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
|
||||
[](https://omniroute.online)
|
||||
[](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
|
||||
|
||||
[🌐 Сайт](https://omniroute.online) • [🚀 Быстрый старт](#-быстрый-старт) • [💡 Функции](#-основные-функции) • [📖 Документация](#-документация) • [💰 Цены](#-обзор-цен)
|
||||
|
||||
@@ -242,7 +243,7 @@ docker compose --profile cli up -d
|
||||
| Образ | Тег | Размер | Описание |
|
||||
| ------------------------ | -------- | ------ | -------------------------- |
|
||||
| `diegosouzapw/omniroute` | `latest` | ~250MB | Последний стабильный релиз |
|
||||
| `diegosouzapw/omniroute` | `1.0.3` | ~250MB | Текущая версия |
|
||||
| `diegosouzapw/omniroute` | `1.0.6` | ~250MB | Текущая версия |
|
||||
|
||||
---
|
||||
|
||||
@@ -892,7 +893,7 @@ OmniRoute включает встроенный фреймворк оценки
|
||||
**Тест подключения показывает «Invalid» для OpenAI-совместимых провайдеров**
|
||||
|
||||
- Многие провайдеры не предоставляют endpoint `/models`
|
||||
- OmniRoute v1.0.3+ включает fallback-валидацию через chat completions
|
||||
- OmniRoute v1.0.6+ включает fallback-валидацию через chat completions
|
||||
- Убедитесь что base URL содержит суффикс `/v1`
|
||||
|
||||
</details>
|
||||
@@ -902,7 +903,7 @@ OmniRoute включает встроенный фреймворк оценки
|
||||
## 🛠️ Технологический стек
|
||||
|
||||
- **Runtime**: Node.js 20+
|
||||
- **Язык**: TypeScript 5.9 — **100% TypeScript** в `src/` и `open-sse/` (v1.0.3)
|
||||
- **Язык**: TypeScript 5.9 — **100% TypeScript** в `src/` и `open-sse/` (v1.0.6)
|
||||
- **Framework**: Next.js 16 + React 19 + Tailwind CSS 4
|
||||
- **База данных**: LowDB (JSON) + SQLite (состояние домена + proxy-логи)
|
||||
- **Стриминг**: Server-Sent Events (SSE)
|
||||
@@ -932,9 +933,12 @@ OmniRoute включает встроенный фреймворк оценки
|
||||
|
||||
## 📧 Поддержка
|
||||
|
||||
> 💬 **Присоединяйтесь к сообществу!** [Группа WhatsApp](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t) — Получайте помощь, делитесь советами и оставайтесь в курсе.
|
||||
|
||||
- **Сайт**: [omniroute.online](https://omniroute.online)
|
||||
- **GitHub**: [github.com/diegosouzapw/OmniRoute](https://github.com/diegosouzapw/OmniRoute)
|
||||
- **Issues**: [github.com/diegosouzapw/OmniRoute/issues](https://github.com/diegosouzapw/OmniRoute/issues)
|
||||
- **WhatsApp**: [Группа сообщества](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
|
||||
- **Оригинальный проект**: [9router от decolua](https://github.com/decolua/9router)
|
||||
|
||||
---
|
||||
@@ -957,7 +961,7 @@ OmniRoute включает встроенный фреймворк оценки
|
||||
|
||||
```bash
|
||||
# Создайте релиз — публикация в npm происходит автоматически
|
||||
gh release create v1.0.3 --title "v1.0.3" --generate-notes
|
||||
gh release create v1.0.6 --title "v1.0.6" --generate-notes
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
+8
-4
@@ -100,6 +100,7 @@ _通过 OmniRoute 连接任何 AI 驱动的 IDE 或 CLI 工具 — 免费 API
|
||||
[](https://hub.docker.com/r/diegosouzapw/omniroute)
|
||||
[](https://github.com/diegosouzapw/OmniRoute/blob/main/LICENSE)
|
||||
[](https://omniroute.online)
|
||||
[](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
|
||||
|
||||
[🌐 网站](https://omniroute.online) • [🚀 快速开始](#-快速开始) • [💡 功能特性](#-核心功能) • [📖 文档](#-文档) • [💰 定价](#-定价概览)
|
||||
|
||||
@@ -242,7 +243,7 @@ docker compose --profile cli up -d
|
||||
| 镜像 | 标签 | 大小 | 描述 |
|
||||
| ------------------------ | -------- | ------ | ---------- |
|
||||
| `diegosouzapw/omniroute` | `latest` | ~250MB | 最新稳定版 |
|
||||
| `diegosouzapw/omniroute` | `1.0.3` | ~250MB | 当前版本 |
|
||||
| `diegosouzapw/omniroute` | `1.0.6` | ~250MB | 当前版本 |
|
||||
|
||||
---
|
||||
|
||||
@@ -892,7 +893,7 @@ OmniRoute 包含内置评估框架,用于针对黄金集测试 LLM 响应质
|
||||
**兼容 OpenAI 的提供商连接测试显示 "Invalid"**
|
||||
|
||||
- 许多提供商不暴露 `/models` 端点
|
||||
- OmniRoute v1.0.3+ 包含通过 chat completions 的回退验证
|
||||
- OmniRoute v1.0.6+ 包含通过 chat completions 的回退验证
|
||||
- 确保 base URL 包含 `/v1` 后缀
|
||||
|
||||
</details>
|
||||
@@ -902,7 +903,7 @@ OmniRoute 包含内置评估框架,用于针对黄金集测试 LLM 响应质
|
||||
## 🛠️ 技术栈
|
||||
|
||||
- **运行时**: Node.js 20+
|
||||
- **语言**: TypeScript 5.9 — `src/` 和 `open-sse/` 中 **100% TypeScript**(v1.0.3)
|
||||
- **语言**: TypeScript 5.9 — `src/` 和 `open-sse/` 中 **100% TypeScript**(v1.0.6)
|
||||
- **框架**: Next.js 16 + React 19 + Tailwind CSS 4
|
||||
- **数据库**: LowDB (JSON) + SQLite(领域状态 + 代理日志)
|
||||
- **流式传输**: Server-Sent Events (SSE)
|
||||
@@ -932,9 +933,12 @@ OmniRoute 包含内置评估框架,用于针对黄金集测试 LLM 响应质
|
||||
|
||||
## 📧 支持
|
||||
|
||||
> 💬 **加入我们的社区!** [WhatsApp 群组](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t) — 获取帮助、分享技巧、了解最新动态。
|
||||
|
||||
- **网站**: [omniroute.online](https://omniroute.online)
|
||||
- **GitHub**: [github.com/diegosouzapw/OmniRoute](https://github.com/diegosouzapw/OmniRoute)
|
||||
- **Issues**: [github.com/diegosouzapw/OmniRoute/issues](https://github.com/diegosouzapw/OmniRoute/issues)
|
||||
- **WhatsApp**: [社区群组](https://chat.whatsapp.com/JI7cDQ1GyaiDHhVBpLxf8b?mode=gi_t)
|
||||
- **原始项目**: [decolua 的 9router](https://github.com/decolua/9router)
|
||||
|
||||
---
|
||||
@@ -957,7 +961,7 @@ OmniRoute 包含内置评估框架,用于针对黄金集测试 LLM 响应质
|
||||
|
||||
```bash
|
||||
# 创建发布 — npm 发布自动完成
|
||||
gh release create v1.0.3 --title "v1.0.3" --generate-notes
|
||||
gh release create v1.0.6 --title "v1.0.6" --generate-notes
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
@@ -18,6 +18,8 @@
|
||||
x-common: &common
|
||||
restart: unless-stopped
|
||||
env_file: .env
|
||||
environment:
|
||||
- DATA_DIR=/app/data # Must match the volume mount below
|
||||
volumes:
|
||||
- omniroute-data:/app/data
|
||||
healthcheck:
|
||||
|
||||
+1
-1
@@ -46,7 +46,7 @@ Four modes for debugging API translations: **Playground** (format converter), **
|
||||
|
||||
## ⚙️ Settings
|
||||
|
||||
General settings, system storage, backup management (export/import database), appearance (dark/light mode), security, routing, resilience, and advanced configuration.
|
||||
General settings, system storage, backup management (export/import database), appearance (dark/light mode), security (includes API endpoint protection and custom provider blocking), routing, resilience, and advanced configuration.
|
||||
|
||||

|
||||
|
||||
|
||||
+1
-1
@@ -610,7 +610,7 @@ The settings page is organized into 5 tabs for easy navigation:
|
||||
|
||||
| Tab | Contents |
|
||||
| -------------- | ---------------------------------------------------------------------------------------------- |
|
||||
| **Security** | Login/Password settings and IP Access Control (allowlist/blocklist) |
|
||||
| **Security** | Login/Password settings, IP Access Control, API auth for `/models`, and Provider Blocking |
|
||||
| **Routing** | Global routing strategy (6 options), wildcard model aliases, fallback chains, combo defaults |
|
||||
| **Resilience** | Provider profiles, editable rate limits, circuit breaker status, policies & locked identifiers |
|
||||
| **AI** | Thinking budget configuration, global system prompt injection, prompt cache stats |
|
||||
|
||||
@@ -0,0 +1,134 @@
|
||||
# OmniRoute
|
||||
|
||||
> OmniRoute is a free, open-source AI Gateway that acts as a universal API proxy for multi-provider LLMs. It provides smart routing, automatic fallback, load balancing, and format translation across 36+ AI providers — all through a single OpenAI-compatible endpoint.
|
||||
|
||||
## Overview
|
||||
|
||||
OmniRoute solves the problem of managing multiple AI provider subscriptions, quotas, and rate limits. It sits between your AI-powered tools (IDE agents, CLI tools) and AI providers, routing requests intelligently through a 4-tier fallback system: Subscription → API Key → Cheap → Free.
|
||||
|
||||
**Key value:** One endpoint (`http://localhost:20128/v1`), unlimited models, zero downtime, minimal cost.
|
||||
|
||||
## Tech Stack
|
||||
|
||||
- **Runtime:** Node.js >= 18
|
||||
- **Framework:** Next.js 16 (App Router) with TypeScript
|
||||
- **Database:** SQLite via better-sqlite3 (local, zero-config)
|
||||
- **State management:** Zustand (client), lowdb (server JSON persistence)
|
||||
- **UI:** React 19, Tailwind CSS 4, Recharts for analytics
|
||||
- **Auth:** OAuth 2.0 (PKCE) for providers, bcrypt for local user auth
|
||||
- **Background jobs:** Custom token health check scheduler
|
||||
- **Streaming:** Server-Sent Events (SSE) for real-time proxy responses
|
||||
- **Proxy engine:** Custom pipeline with format translation, circuit breaker, rate limiting
|
||||
- **Package:** Published on npm (`omniroute`) and Docker Hub (`diegosouzapw/omniroute`)
|
||||
|
||||
## Project Structure
|
||||
|
||||
```
|
||||
/
|
||||
├── src/ # Main application source
|
||||
│ ├── app/ # Next.js App Router pages and API routes
|
||||
│ │ ├── (dashboard)/ # Dashboard UI pages (providers, combos, analytics, logs, etc.)
|
||||
│ │ ├── api/ # REST API endpoints
|
||||
│ │ │ ├── v1/ # OpenAI-compatible API (chat, models, embeddings, images, audio)
|
||||
│ │ │ ├── oauth/ # OAuth flows per provider (authorize, exchange, callback)
|
||||
│ │ │ ├── providers/ # Provider CRUD and batch testing
|
||||
│ │ │ ├── models/ # Dashboard model listing and aliases
|
||||
│ │ │ ├── combos/ # Combo CRUD (multi-model fallback chains)
|
||||
│ │ │ └── ... # Other endpoints (usage, logs, health, settings, etc.)
|
||||
│ │ └── login/ # Login page
|
||||
│ ├── domain/ # Domain types and business logic interfaces
|
||||
│ ├── lib/ # Core libraries
|
||||
│ │ ├── db/ # SQLite database layer (providers, combos, prompts, logs)
|
||||
│ │ ├── oauth/ # OAuth providers, services, and utilities
|
||||
│ │ │ ├── providers/ # Provider-specific OAuth configs (GitHub, Google, Claude, etc.)
|
||||
│ │ │ ├── services/ # Provider-specific token exchange logic
|
||||
│ │ │ └── utils/ # PKCE, callback server, token helpers
|
||||
│ │ ├── cloudSync.ts # Cloud sync via Cloudflare Workers
|
||||
│ │ ├── tokenHealthCheck.ts # Background OAuth token refresh scheduler
|
||||
│ │ └── localDb.ts # Unified database access layer
|
||||
│ ├── shared/ # Shared utilities, components, and constants
|
||||
│ │ ├── components/ # Reusable UI components (Card, Badge, Button, Modal, etc.)
|
||||
│ │ ├── constants/ # Provider definitions, model lists, pricing
|
||||
│ │ └── utils/ # Helpers (auth, CORS, error codes, machine ID)
|
||||
│ ├── sse/ # SSE proxy pipeline
|
||||
│ │ ├── services/ # Auth resolution, format translation, response handling
|
||||
│ │ └── middleware/ # Rate limiting, circuit breaker, caching, idempotency
|
||||
│ ├── store/ # Zustand client-side stores
|
||||
│ ├── types/ # TypeScript type definitions
|
||||
│ ├── proxy.ts # Main proxy request handler
|
||||
│ └── server-init.ts # Server initialization (DB, health checks)
|
||||
├── open-sse/ # Standalone SSE server (npm workspace)
|
||||
│ ├── config/ # Model registries (embedding, image, audio, rerank, moderation)
|
||||
│ ├── handlers/ # Request handlers per API type
|
||||
│ └── translators/ # Format translators (OpenAI ↔ Claude ↔ Gemini ↔ Responses)
|
||||
├── tests/ # Test suites
|
||||
│ ├── unit/ # Unit tests (32+ test files)
|
||||
│ └── integration/ # Integration tests
|
||||
├── docs/ # Documentation and screenshots
|
||||
├── bin/ # CLI entry points (omniroute, reset-password)
|
||||
└── .env.example # Environment variable template
|
||||
```
|
||||
|
||||
## Key Architectural Decisions
|
||||
|
||||
1. **OpenAI-compatible API surface:** All incoming requests follow the OpenAI API format (`/v1/chat/completions`, `/v1/models`, etc.). This makes OmniRoute a drop-in replacement for any tool that supports custom OpenAI endpoints.
|
||||
|
||||
2. **Provider abstraction via format translators:** Each AI provider (Claude, Gemini, etc.) has a translator in `open-sse/translators/` that converts between the OpenAI format and the provider's native format. This happens transparently.
|
||||
|
||||
3. **Connection-based provider model:** Providers are stored as "connections" in SQLite. Each connection has an `id`, `provider`, `authType` (oauth/apikey/free), `isActive` flag, and credentials. Multiple connections per provider are supported for multi-account rotation.
|
||||
|
||||
4. **Combo system for fallback:** Users create "combos" — ordered lists of `provider/model` pairs. The proxy tries each in order until one succeeds. Supports 6 strategies: fill-first, round-robin, power-of-two-choices, random, least-used, cost-optimized.
|
||||
|
||||
5. **SSE proxy pipeline (`src/sse/`):** The proxy pipeline is middleware-based: request → auth resolution → rate limiting → circuit breaker → format translation → upstream call → response translation → SSE streaming back to client.
|
||||
|
||||
6. **SQLite for persistence:** All state (providers, combos, logs, settings) is stored in a single SQLite database file at `data/omniroute.db`. This keeps the app self-contained and zero-config.
|
||||
|
||||
7. **OAuth with PKCE:** OAuth flows use PKCE for security. A local callback server (`src/lib/oauth/utils/server.ts`) handles the redirect. Token refresh is handled by a background job (`tokenHealthCheck.ts`).
|
||||
|
||||
## Main Flows
|
||||
|
||||
### Proxy Request Flow
|
||||
1. Client sends OpenAI-format request to `/v1/chat/completions`
|
||||
2. API key validation (`src/shared/utils/apiAuth.ts`)
|
||||
3. Model resolution: direct model or combo lookup
|
||||
4. For combos: iterate through models in fallback order
|
||||
5. Auth resolution: get credentials for the target provider
|
||||
6. Format translation: OpenAI → provider native format
|
||||
7. Upstream request with circuit breaker and rate limiting
|
||||
8. Response translation: provider → OpenAI format
|
||||
9. SSE streaming back to client
|
||||
|
||||
### OAuth Flow
|
||||
1. Dashboard initiates `/api/oauth/[provider]/authorize`
|
||||
2. User completes OAuth login in browser
|
||||
3. Callback hits `/api/oauth/[provider]/exchange`
|
||||
4. Tokens stored as a provider connection in SQLite
|
||||
5. Background job refreshes tokens before expiry
|
||||
|
||||
### Model Listing
|
||||
- `/api/models` — Dashboard endpoint, lists all defined models with aliases
|
||||
- `/v1/models` — OpenAI-compatible endpoint, lists only models from active providers
|
||||
|
||||
## Important Notes for LLMs
|
||||
|
||||
1. **Two model endpoints exist:** `/api/models` (dashboard, all models) and `/v1/models` (OpenAI-compatible, active only). Don't confuse them.
|
||||
|
||||
2. **Provider IDs vs aliases:** Providers have both an ID (`claude`, `github`) and a short alias (`cc`, `gh`). Models are referenced as `alias/model-name` (e.g., `cc/claude-opus-4-6`).
|
||||
|
||||
3. **The `open-sse/` directory is a separate npm workspace** with its own config, handlers, and translators. It handles the actual SSE streaming and format translation.
|
||||
|
||||
4. **Environment variables:** All configuration is in `.env` (from `.env.example`). Key vars: `PORT`, `NEXT_PUBLIC_BASE_URL`, `API_KEY`, `ADMIN_PASSWORD`.
|
||||
|
||||
5. **Database migrations:** SQLite schema is managed inline in `src/lib/db/core.ts` and `src/lib/db/providers.ts`. No migration framework — schema changes are applied on startup.
|
||||
|
||||
6. **Tests use Node.js built-in test runner:** Run `npm test` or `node --test tests/unit/*.test.mjs`. Playwright is used for E2E tests.
|
||||
|
||||
7. **The proxy pipeline is in `src/sse/`**, not in `src/app/api/v1/`. The API routes in `src/app/api/v1/` delegate to the SSE server running on a separate Express instance.
|
||||
|
||||
## Links
|
||||
|
||||
- Repository: https://github.com/diegosouzapw/OmniRoute
|
||||
- Website: https://omniroute.online
|
||||
- npm: https://www.npmjs.com/package/omniroute
|
||||
- Docker Hub: https://hub.docker.com/r/diegosouzapw/omniroute
|
||||
- Documentation: See `/docs/` directory
|
||||
@@ -110,8 +110,8 @@ export async function handleChatCore({
|
||||
const modelTargetFormat = getModelTargetFormat(alias, model);
|
||||
const targetFormat = modelTargetFormat || getTargetFormat(provider);
|
||||
|
||||
// Default to streaming unless client explicitly sets stream: false
|
||||
const stream = body.stream !== false;
|
||||
// Default to false unless client explicitly sets stream: true (OpenAI spec compliant)
|
||||
const stream = body.stream === true;
|
||||
|
||||
// ── Phase 9.1: Semantic cache check (non-streaming, temp=0 only) ──
|
||||
if (isCacheable(body, clientRawRequest?.headers)) {
|
||||
|
||||
Generated
+3
-3
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "omniroute",
|
||||
"version": "1.0.3",
|
||||
"version": "1.0.6",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "omniroute",
|
||||
"version": "1.0.3",
|
||||
"version": "1.0.6",
|
||||
"license": "MIT",
|
||||
"workspaces": [
|
||||
"open-sse"
|
||||
@@ -3840,7 +3840,7 @@
|
||||
}
|
||||
},
|
||||
"node_modules/content-type": {
|
||||
"version": "1.0.5",
|
||||
"version": "1.0.6",
|
||||
"resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
|
||||
"integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==",
|
||||
"license": "MIT",
|
||||
|
||||
+1
-1
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "omniroute",
|
||||
"version": "1.0.3",
|
||||
"version": "1.0.10",
|
||||
"description": "Smart AI Router with auto fallback — route to FREE & cheap models, zero downtime. Works with Cursor, Cline, Claude Desktop, Codex, and any OpenAI-compatible tool.",
|
||||
"type": "module",
|
||||
"bin": {
|
||||
|
||||
@@ -6,6 +6,7 @@ import {
|
||||
Button,
|
||||
Modal,
|
||||
Input,
|
||||
Toggle,
|
||||
CardSkeleton,
|
||||
ModelSelectModal,
|
||||
ProxyConfigModal,
|
||||
@@ -170,6 +171,25 @@ export default function CombosPage() {
|
||||
}
|
||||
};
|
||||
|
||||
const handleToggleCombo = async (combo) => {
|
||||
const newActive = combo.isActive === false ? true : false;
|
||||
// Optimistic update
|
||||
setCombos((prev) => prev.map((c) => (c.id === combo.id ? { ...c, isActive: newActive } : c)));
|
||||
try {
|
||||
await fetch(`/api/combos/${combo.id}`, {
|
||||
method: "PUT",
|
||||
headers: { "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ isActive: newActive }),
|
||||
});
|
||||
} catch (error) {
|
||||
// Revert on error
|
||||
setCombos((prev) =>
|
||||
prev.map((c) => (c.id === combo.id ? { ...c, isActive: !newActive } : c))
|
||||
);
|
||||
notify.error("Failed to toggle combo");
|
||||
}
|
||||
};
|
||||
|
||||
if (loading) {
|
||||
return (
|
||||
<div className="flex flex-col gap-6">
|
||||
@@ -219,6 +239,7 @@ export default function CombosPage() {
|
||||
testing={testingCombo === combo.name}
|
||||
onProxy={() => setProxyTargetCombo(combo)}
|
||||
hasProxy={!!proxyConfig?.combos?.[combo.id]}
|
||||
onToggle={() => handleToggleCombo(combo)}
|
||||
/>
|
||||
))}
|
||||
</div>
|
||||
@@ -287,12 +308,14 @@ function ComboCard({
|
||||
testing,
|
||||
onProxy,
|
||||
hasProxy,
|
||||
onToggle,
|
||||
}) {
|
||||
const strategy = combo.strategy || "priority";
|
||||
const models = combo.models || [];
|
||||
const isDisabled = combo.isActive === false;
|
||||
|
||||
return (
|
||||
<Card padding="sm" className="group">
|
||||
<Card padding="sm" className={`group ${isDisabled ? "opacity-50" : ""}`}>
|
||||
<div className="flex items-center justify-between">
|
||||
<div className="flex items-center gap-3 flex-1 min-w-0">
|
||||
{/* Icon */}
|
||||
@@ -386,47 +409,55 @@ function ComboCard({
|
||||
</div>
|
||||
|
||||
{/* Actions */}
|
||||
<div className="flex gap-0.5 opacity-0 group-hover:opacity-100 transition-opacity shrink-0">
|
||||
<button
|
||||
onClick={onTest}
|
||||
disabled={testing}
|
||||
className="p-1.5 hover:bg-black/5 dark:hover:bg-white/5 rounded text-text-muted hover:text-emerald-500 transition-colors"
|
||||
title="Test combo"
|
||||
>
|
||||
<span
|
||||
className={`material-symbols-outlined text-[16px] ${testing ? "animate-spin" : ""}`}
|
||||
<div className="flex items-center gap-1.5 shrink-0 ml-2">
|
||||
<Toggle
|
||||
size="sm"
|
||||
checked={!isDisabled}
|
||||
onChange={onToggle}
|
||||
title={isDisabled ? "Enable combo" : "Disable combo"}
|
||||
/>
|
||||
<div className="flex items-center gap-1 opacity-0 group-hover:opacity-100 transition-opacity">
|
||||
<button
|
||||
onClick={onTest}
|
||||
disabled={testing}
|
||||
className="p-1.5 hover:bg-black/5 dark:hover:bg-white/5 rounded text-text-muted hover:text-emerald-500 transition-colors"
|
||||
title="Test combo"
|
||||
>
|
||||
{testing ? "progress_activity" : "play_arrow"}
|
||||
</span>
|
||||
</button>
|
||||
<button
|
||||
onClick={onDuplicate}
|
||||
className="p-1.5 hover:bg-black/5 dark:hover:bg-white/5 rounded text-text-muted hover:text-primary transition-colors"
|
||||
title="Duplicate"
|
||||
>
|
||||
<span className="material-symbols-outlined text-[16px]">content_copy</span>
|
||||
</button>
|
||||
<button
|
||||
onClick={onProxy}
|
||||
className="p-1.5 hover:bg-black/5 dark:hover:bg-white/5 rounded text-text-muted hover:text-primary transition-colors"
|
||||
title="Proxy configuration"
|
||||
>
|
||||
<span className="material-symbols-outlined text-[16px]">vpn_lock</span>
|
||||
</button>
|
||||
<button
|
||||
onClick={onEdit}
|
||||
className="p-1.5 hover:bg-black/5 dark:hover:bg-white/5 rounded text-text-muted hover:text-primary transition-colors"
|
||||
title="Edit"
|
||||
>
|
||||
<span className="material-symbols-outlined text-[16px]">edit</span>
|
||||
</button>
|
||||
<button
|
||||
onClick={onDelete}
|
||||
className="p-1.5 hover:bg-red-500/10 rounded text-red-500 transition-colors"
|
||||
title="Delete"
|
||||
>
|
||||
<span className="material-symbols-outlined text-[16px]">delete</span>
|
||||
</button>
|
||||
<span
|
||||
className={`material-symbols-outlined text-[16px] ${testing ? "animate-spin" : ""}`}
|
||||
>
|
||||
{testing ? "progress_activity" : "play_arrow"}
|
||||
</span>
|
||||
</button>
|
||||
<button
|
||||
onClick={onDuplicate}
|
||||
className="p-1.5 hover:bg-black/5 dark:hover:bg-white/5 rounded text-text-muted hover:text-primary transition-colors"
|
||||
title="Duplicate"
|
||||
>
|
||||
<span className="material-symbols-outlined text-[16px]">content_copy</span>
|
||||
</button>
|
||||
<button
|
||||
onClick={onProxy}
|
||||
className="p-1.5 hover:bg-black/5 dark:hover:bg-white/5 rounded text-text-muted hover:text-primary transition-colors"
|
||||
title="Proxy configuration"
|
||||
>
|
||||
<span className="material-symbols-outlined text-[16px]">vpn_lock</span>
|
||||
</button>
|
||||
<button
|
||||
onClick={onEdit}
|
||||
className="p-1.5 hover:bg-black/5 dark:hover:bg-white/5 rounded text-text-muted hover:text-primary transition-colors"
|
||||
title="Edit"
|
||||
>
|
||||
<span className="material-symbols-outlined text-[16px]">edit</span>
|
||||
</button>
|
||||
<button
|
||||
onClick={onDelete}
|
||||
className="p-1.5 hover:bg-red-500/10 rounded text-red-500 transition-colors"
|
||||
title="Delete"
|
||||
>
|
||||
<span className="material-symbols-outlined text-[16px]">delete</span>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</Card>
|
||||
|
||||
@@ -3,7 +3,16 @@
|
||||
import { useState, useEffect } from "react";
|
||||
import Image from "next/image";
|
||||
import PropTypes from "prop-types";
|
||||
import { Card, CardSkeleton, Badge, Button, Input, Modal, Select } from "@/shared/components";
|
||||
import {
|
||||
Card,
|
||||
CardSkeleton,
|
||||
Badge,
|
||||
Button,
|
||||
Input,
|
||||
Modal,
|
||||
Select,
|
||||
Toggle,
|
||||
} from "@/shared/components";
|
||||
import { OAUTH_PROVIDERS, APIKEY_PROVIDERS } from "@/shared/constants/config";
|
||||
import {
|
||||
FREE_PROVIDERS,
|
||||
@@ -134,14 +143,41 @@ export default function ProvidersPage() {
|
||||
const error = errorConns.length;
|
||||
const total = providerConnections.length;
|
||||
|
||||
// Check if all connections are manually disabled
|
||||
const allDisabled = total > 0 && providerConnections.every((c) => c.isActive === false);
|
||||
|
||||
// Get latest error info
|
||||
const latestError = errorConns.sort(
|
||||
(a: any, b: any) => (new Date(b.lastErrorAt || 0) as any) - (new Date(a.lastErrorAt || 0) as any)
|
||||
(a: any, b: any) =>
|
||||
(new Date(b.lastErrorAt || 0) as any) - (new Date(a.lastErrorAt || 0) as any)
|
||||
)[0];
|
||||
const errorCode = latestError ? getConnectionErrorTag(latestError) : null;
|
||||
const errorTime = latestError?.lastErrorAt ? getRelativeTime(latestError.lastErrorAt) : null;
|
||||
|
||||
return { connected, error, total, errorCode, errorTime };
|
||||
return { connected, error, total, errorCode, errorTime, allDisabled };
|
||||
};
|
||||
|
||||
// Toggle all connections for a provider on/off
|
||||
const handleToggleProvider = async (providerId: string, authType: string, newActive: boolean) => {
|
||||
const providerConns = connections.filter(
|
||||
(c) => c.provider === providerId && c.authType === authType
|
||||
);
|
||||
// Optimistically update UI
|
||||
setConnections((prev) =>
|
||||
prev.map((c) =>
|
||||
c.provider === providerId && c.authType === authType ? { ...c, isActive: newActive } : c
|
||||
)
|
||||
);
|
||||
// Fire API calls in parallel
|
||||
await Promise.allSettled(
|
||||
providerConns.map((c) =>
|
||||
fetch(`/api/providers/${c.id}`, {
|
||||
method: "PUT",
|
||||
headers: { "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ isActive: newActive }),
|
||||
})
|
||||
)
|
||||
);
|
||||
};
|
||||
|
||||
const handleBatchTest = async (mode, providerId = null) => {
|
||||
@@ -233,6 +269,7 @@ export default function ProvidersPage() {
|
||||
provider={info}
|
||||
stats={getProviderStats(key, "oauth")}
|
||||
authType="oauth"
|
||||
onToggle={(active) => handleToggleProvider(key, "oauth", active)}
|
||||
/>
|
||||
))}
|
||||
</div>
|
||||
@@ -269,6 +306,7 @@ export default function ProvidersPage() {
|
||||
provider={info}
|
||||
stats={getProviderStats(key, "oauth")}
|
||||
authType="free"
|
||||
onToggle={(active) => handleToggleProvider(key, "oauth", active)}
|
||||
/>
|
||||
))}
|
||||
</div>
|
||||
@@ -306,6 +344,7 @@ export default function ProvidersPage() {
|
||||
provider={info}
|
||||
stats={getProviderStats(key, "apikey")}
|
||||
authType="apikey"
|
||||
onToggle={(active) => handleToggleProvider(key, "apikey", active)}
|
||||
/>
|
||||
))}
|
||||
</div>
|
||||
@@ -369,6 +408,7 @@ export default function ProvidersPage() {
|
||||
provider={info}
|
||||
stats={getProviderStats(info.id, "apikey")}
|
||||
authType="compatible"
|
||||
onToggle={(active) => handleToggleProvider(info.id, "apikey", active)}
|
||||
/>
|
||||
))}
|
||||
</div>
|
||||
@@ -421,8 +461,8 @@ export default function ProvidersPage() {
|
||||
);
|
||||
}
|
||||
|
||||
function ProviderCard({ providerId, provider, stats, authType }) {
|
||||
const { connected, error, errorCode, errorTime } = stats;
|
||||
function ProviderCard({ providerId, provider, stats, authType, onToggle }) {
|
||||
const { connected, error, errorCode, errorTime, allDisabled } = stats;
|
||||
const [imgError, setImgError] = useState(false);
|
||||
|
||||
const dotColors = {
|
||||
@@ -437,7 +477,7 @@ function ProviderCard({ providerId, provider, stats, authType }) {
|
||||
<Link href={`/dashboard/providers/${providerId}`} className="group">
|
||||
<Card
|
||||
padding="xs"
|
||||
className="h-full hover:bg-black/[0.01] dark:hover:bg-white/[0.01] transition-colors cursor-pointer"
|
||||
className={`h-full hover:bg-black/[0.01] dark:hover:bg-white/[0.01] transition-colors cursor-pointer ${allDisabled ? "opacity-50" : ""}`}
|
||||
>
|
||||
<div className="flex items-center justify-between">
|
||||
<div className="flex items-center gap-3">
|
||||
@@ -470,14 +510,44 @@ function ProviderCard({ providerId, provider, stats, authType }) {
|
||||
/>
|
||||
</h3>
|
||||
<div className="flex items-center gap-2 text-xs flex-wrap">
|
||||
{getStatusDisplay(connected, error, errorCode)}
|
||||
{errorTime && <span className="text-text-muted">• {errorTime}</span>}
|
||||
{allDisabled ? (
|
||||
<Badge variant="default" size="sm">
|
||||
<span className="flex items-center gap-1">
|
||||
<span className="material-symbols-outlined text-[12px]">pause_circle</span>
|
||||
Disabled
|
||||
</span>
|
||||
</Badge>
|
||||
) : (
|
||||
<>
|
||||
{getStatusDisplay(connected, error, errorCode)}
|
||||
{errorTime && <span className="text-text-muted">• {errorTime}</span>}
|
||||
</>
|
||||
)}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<span className="material-symbols-outlined text-text-muted opacity-0 group-hover:opacity-100 transition-opacity">
|
||||
chevron_right
|
||||
</span>
|
||||
<div className="flex items-center gap-2">
|
||||
{stats.total > 0 && (
|
||||
<div
|
||||
onClick={(e) => {
|
||||
e.preventDefault();
|
||||
e.stopPropagation();
|
||||
onToggle(!allDisabled ? false : true);
|
||||
}}
|
||||
className=""
|
||||
>
|
||||
<Toggle
|
||||
size="sm"
|
||||
checked={!allDisabled}
|
||||
onChange={() => {}}
|
||||
title={allDisabled ? "Enable provider" : "Disable provider"}
|
||||
/>
|
||||
</div>
|
||||
)}
|
||||
<span className="material-symbols-outlined text-text-muted opacity-0 group-hover:opacity-100 transition-opacity">
|
||||
chevron_right
|
||||
</span>
|
||||
</div>
|
||||
</div>
|
||||
</Card>
|
||||
</Link>
|
||||
@@ -502,8 +572,8 @@ ProviderCard.propTypes = {
|
||||
};
|
||||
|
||||
// API Key providers - use image with textIcon fallback (same as OAuth providers)
|
||||
function ApiKeyProviderCard({ providerId, provider, stats, authType }) {
|
||||
const { connected, error, errorCode, errorTime } = stats;
|
||||
function ApiKeyProviderCard({ providerId, provider, stats, authType, onToggle }) {
|
||||
const { connected, error, errorCode, errorTime, allDisabled } = stats;
|
||||
const isCompatible = providerId.startsWith(OPENAI_COMPATIBLE_PREFIX);
|
||||
const isAnthropicCompatible = providerId.startsWith(ANTHROPIC_COMPATIBLE_PREFIX);
|
||||
const [imgError, setImgError] = useState(false);
|
||||
@@ -531,7 +601,7 @@ function ApiKeyProviderCard({ providerId, provider, stats, authType }) {
|
||||
<Link href={`/dashboard/providers/${providerId}`} className="group">
|
||||
<Card
|
||||
padding="xs"
|
||||
className="h-full hover:bg-black/[0.01] dark:hover:bg-white/[0.01] transition-colors cursor-pointer"
|
||||
className={`h-full hover:bg-black/[0.01] dark:hover:bg-white/[0.01] transition-colors cursor-pointer ${allDisabled ? "opacity-50" : ""}`}
|
||||
>
|
||||
<div className="flex items-center justify-between">
|
||||
<div className="flex items-center gap-3">
|
||||
@@ -564,24 +634,54 @@ function ApiKeyProviderCard({ providerId, provider, stats, authType }) {
|
||||
/>
|
||||
</h3>
|
||||
<div className="flex items-center gap-2 text-xs flex-wrap">
|
||||
{getStatusDisplay(connected, error, errorCode)}
|
||||
{isCompatible && (
|
||||
{allDisabled ? (
|
||||
<Badge variant="default" size="sm">
|
||||
{provider.apiType === "responses" ? "Responses" : "Chat"}
|
||||
<span className="flex items-center gap-1">
|
||||
<span className="material-symbols-outlined text-[12px]">pause_circle</span>
|
||||
Disabled
|
||||
</span>
|
||||
</Badge>
|
||||
) : (
|
||||
<>
|
||||
{getStatusDisplay(connected, error, errorCode)}
|
||||
{isCompatible && (
|
||||
<Badge variant="default" size="sm">
|
||||
{provider.apiType === "responses" ? "Responses" : "Chat"}
|
||||
</Badge>
|
||||
)}
|
||||
{isAnthropicCompatible && (
|
||||
<Badge variant="default" size="sm">
|
||||
Messages
|
||||
</Badge>
|
||||
)}
|
||||
{errorTime && <span className="text-text-muted">• {errorTime}</span>}
|
||||
</>
|
||||
)}
|
||||
{isAnthropicCompatible && (
|
||||
<Badge variant="default" size="sm">
|
||||
Messages
|
||||
</Badge>
|
||||
)}
|
||||
{errorTime && <span className="text-text-muted">• {errorTime}</span>}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<span className="material-symbols-outlined text-text-muted opacity-0 group-hover:opacity-100 transition-opacity">
|
||||
chevron_right
|
||||
</span>
|
||||
<div className="flex items-center gap-2">
|
||||
{stats.total > 0 && (
|
||||
<div
|
||||
onClick={(e) => {
|
||||
e.preventDefault();
|
||||
e.stopPropagation();
|
||||
onToggle(!allDisabled ? false : true);
|
||||
}}
|
||||
className=""
|
||||
>
|
||||
<Toggle
|
||||
size="sm"
|
||||
checked={!allDisabled}
|
||||
onChange={() => {}}
|
||||
title={allDisabled ? "Enable provider" : "Disable provider"}
|
||||
/>
|
||||
</div>
|
||||
)}
|
||||
<span className="material-symbols-outlined text-text-muted opacity-0 group-hover:opacity-100 transition-opacity">
|
||||
chevron_right
|
||||
</span>
|
||||
</div>
|
||||
</div>
|
||||
</Card>
|
||||
</Link>
|
||||
|
||||
@@ -2,11 +2,12 @@
|
||||
|
||||
import { useState, useEffect } from "react";
|
||||
import { Card, Button, Input, Toggle } from "@/shared/components";
|
||||
import { AI_PROVIDERS } from "@/shared/constants/providers";
|
||||
import IPFilterSection from "./IPFilterSection";
|
||||
import SessionInfoCard from "./SessionInfoCard";
|
||||
|
||||
export default function SecurityTab() {
|
||||
const [settings, setSettings] = useState({ requireLogin: false, hasPassword: false });
|
||||
const [settings, setSettings] = useState<any>({ requireLogin: false, hasPassword: false });
|
||||
const [loading, setLoading] = useState(true);
|
||||
const [passwords, setPasswords] = useState({ current: "", new: "", confirm: "" });
|
||||
const [passStatus, setPassStatus] = useState({ type: "", message: "" });
|
||||
@@ -37,6 +38,29 @@ export default function SecurityTab() {
|
||||
}
|
||||
};
|
||||
|
||||
const updateSetting = async (key: string, value: any) => {
|
||||
try {
|
||||
const res = await fetch("/api/settings", {
|
||||
method: "PATCH",
|
||||
headers: { "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ [key]: value }),
|
||||
});
|
||||
if (res.ok) {
|
||||
setSettings((prev) => ({ ...prev, [key]: value }));
|
||||
}
|
||||
} catch (err) {
|
||||
console.error(`Failed to update ${key}:`, err);
|
||||
}
|
||||
};
|
||||
|
||||
const toggleBlockedProvider = (providerId: string) => {
|
||||
const current: string[] = settings.blockedProviders || [];
|
||||
const updated = current.includes(providerId)
|
||||
? current.filter((p) => p !== providerId)
|
||||
: [...current, providerId];
|
||||
updateSetting("blockedProviders", updated);
|
||||
};
|
||||
|
||||
const handlePasswordChange = async (e) => {
|
||||
e.preventDefault();
|
||||
if (passwords.new !== passwords.confirm) {
|
||||
@@ -70,6 +94,8 @@ export default function SecurityTab() {
|
||||
}
|
||||
};
|
||||
|
||||
const blockedProviders: string[] = settings.blockedProviders || [];
|
||||
|
||||
return (
|
||||
<div className="flex flex-col gap-6">
|
||||
<Card>
|
||||
@@ -146,6 +172,92 @@ export default function SecurityTab() {
|
||||
)}
|
||||
</div>
|
||||
</Card>
|
||||
|
||||
{/* API Endpoint Protection */}
|
||||
<Card>
|
||||
<div className="flex items-center gap-3 mb-4">
|
||||
<div className="p-2 rounded-lg bg-amber-500/10 text-amber-600 dark:text-amber-400">
|
||||
<span className="material-symbols-outlined text-[20px]" aria-hidden="true">
|
||||
api
|
||||
</span>
|
||||
</div>
|
||||
<h3 className="text-lg font-semibold">API Endpoint Protection</h3>
|
||||
</div>
|
||||
<div className="flex flex-col gap-4">
|
||||
{/* Require auth for /models */}
|
||||
<div className="flex items-center justify-between">
|
||||
<div>
|
||||
<p className="font-medium">Require API key for /models</p>
|
||||
<p className="text-sm text-text-muted">
|
||||
When ON, the{" "}
|
||||
<code className="text-xs bg-black/5 dark:bg-white/5 px-1 py-0.5 rounded">
|
||||
/v1/models
|
||||
</code>{" "}
|
||||
endpoint returns 404 for unauthenticated requests. Prevents model discovery by
|
||||
unauthorized users.
|
||||
</p>
|
||||
</div>
|
||||
<Toggle
|
||||
checked={settings.requireAuthForModels === true}
|
||||
onChange={() => updateSetting("requireAuthForModels", !settings.requireAuthForModels)}
|
||||
disabled={loading}
|
||||
/>
|
||||
</div>
|
||||
|
||||
{/* Blocked Providers */}
|
||||
<div className="pt-4 border-t border-border/50">
|
||||
<div className="mb-3">
|
||||
<p className="font-medium">Blocked Providers</p>
|
||||
<p className="text-sm text-text-muted">
|
||||
Hide specific providers from the{" "}
|
||||
<code className="text-xs bg-black/5 dark:bg-white/5 px-1 py-0.5 rounded">
|
||||
/v1/models
|
||||
</code>{" "}
|
||||
response. Blocked providers will not appear in model listings.
|
||||
</p>
|
||||
</div>
|
||||
<div className="flex flex-wrap gap-2">
|
||||
{Object.values(AI_PROVIDERS).map((provider: any) => {
|
||||
const isBlocked = blockedProviders.includes(provider.id);
|
||||
return (
|
||||
<button
|
||||
key={provider.id}
|
||||
onClick={() => toggleBlockedProvider(provider.id)}
|
||||
disabled={loading}
|
||||
className={`inline-flex items-center gap-1.5 px-2.5 py-1.5 rounded-lg text-xs font-medium transition-all border ${
|
||||
isBlocked
|
||||
? "bg-red-500/10 border-red-500/30 text-red-600 dark:text-red-400"
|
||||
: "bg-black/[0.02] dark:bg-white/[0.02] border-transparent text-text-muted hover:bg-black/[0.05] dark:hover:bg-white/[0.05]"
|
||||
}`}
|
||||
title={isBlocked ? `Unblock ${provider.name}` : `Block ${provider.name}`}
|
||||
>
|
||||
<span
|
||||
className="material-symbols-outlined text-[14px]"
|
||||
style={{ color: isBlocked ? undefined : provider.color }}
|
||||
>
|
||||
{isBlocked ? "block" : provider.icon}
|
||||
</span>
|
||||
{provider.name}
|
||||
{isBlocked && (
|
||||
<span className="material-symbols-outlined text-[12px] text-red-500">
|
||||
close
|
||||
</span>
|
||||
)}
|
||||
</button>
|
||||
);
|
||||
})}
|
||||
</div>
|
||||
{blockedProviders.length > 0 && (
|
||||
<p className="text-xs text-amber-600 dark:text-amber-400 mt-2 flex items-center gap-1">
|
||||
<span className="material-symbols-outlined text-[14px]">warning</span>
|
||||
{blockedProviders.length} provider{blockedProviders.length !== 1 ? "s" : ""} blocked
|
||||
from /models
|
||||
</p>
|
||||
)}
|
||||
</div>
|
||||
</div>
|
||||
</Card>
|
||||
|
||||
<SessionInfoCard />
|
||||
<IPFilterSection />
|
||||
</div>
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
"use client";
|
||||
|
||||
import { useState } from "react";
|
||||
import { useSearchParams } from "next/navigation";
|
||||
import { cn } from "@/shared/utils/cn";
|
||||
import { APP_CONFIG } from "@/shared/constants/config";
|
||||
import SystemStorageTab from "./components/SystemStorageTab";
|
||||
@@ -25,7 +26,10 @@ const tabs = [
|
||||
];
|
||||
|
||||
export default function SettingsPage() {
|
||||
const [activeTab, setActiveTab] = useState("general");
|
||||
const searchParams = useSearchParams();
|
||||
const tabParam = searchParams.get("tab");
|
||||
const [userSelectedTab, setUserSelectedTab] = useState(null);
|
||||
const activeTab = userSelectedTab || tabs.find((t) => t.id === tabParam)?.id || "general";
|
||||
|
||||
return (
|
||||
<div className="max-w-2xl mx-auto">
|
||||
@@ -42,7 +46,7 @@ export default function SettingsPage() {
|
||||
role="tab"
|
||||
aria-selected={activeTab === tab.id}
|
||||
tabIndex={activeTab === tab.id ? 0 : -1}
|
||||
onClick={() => setActiveTab(tab.id)}
|
||||
onClick={() => setUserSelectedTab(tab.id)}
|
||||
className={cn(
|
||||
"flex items-center gap-2 px-4 py-2 rounded-md font-medium transition-all text-sm",
|
||||
activeTab === tab.id
|
||||
|
||||
@@ -57,7 +57,7 @@ export async function POST(request) {
|
||||
|
||||
const token = await new SignJWT({ authenticated: true })
|
||||
.setProtectedHeader({ alg: "HS256" })
|
||||
.setExpirationTime("24h")
|
||||
.setExpirationTime("30d")
|
||||
.sign(SECRET);
|
||||
|
||||
const cookieStore = await cookies();
|
||||
|
||||
@@ -1,20 +1,37 @@
|
||||
import { NextResponse } from "next/server";
|
||||
import { getModelAliases, setModelAlias } from "@/models";
|
||||
import { getModelAliases, setModelAlias, getProviderConnections } from "@/models";
|
||||
import { AI_MODELS } from "@/shared/constants/config";
|
||||
|
||||
// GET /api/models - Get models with aliases
|
||||
export async function GET() {
|
||||
// GET /api/models - Get models with aliases (only from active providers by default)
|
||||
export async function GET(request: Request) {
|
||||
try {
|
||||
const { searchParams } = new URL(request.url);
|
||||
const showAll = searchParams.get("all") === "true";
|
||||
|
||||
const modelAliases = await getModelAliases();
|
||||
|
||||
const models = AI_MODELS.map((m) => {
|
||||
// Get active provider connections to filter available models
|
||||
let activeProviders: Set<string> | null = null;
|
||||
if (!showAll) {
|
||||
try {
|
||||
const connections = await getProviderConnections();
|
||||
const active = connections.filter((c: any) => c.isActive !== false);
|
||||
activeProviders = new Set(active.map((c: any) => c.provider));
|
||||
} catch {
|
||||
// If DB unavailable, show all models
|
||||
}
|
||||
}
|
||||
|
||||
const models = AI_MODELS.map((m: any) => {
|
||||
const fullModel = `${m.provider}/${m.model}`;
|
||||
const available = !activeProviders || activeProviders.has(m.provider);
|
||||
return {
|
||||
...m,
|
||||
fullModel,
|
||||
alias: modelAliases[fullModel] || m.model,
|
||||
available,
|
||||
};
|
||||
});
|
||||
}).filter((m: any) => showAll || m.available);
|
||||
|
||||
return NextResponse.json({ models });
|
||||
} catch (error) {
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
import { CORS_ORIGIN } from "@/shared/utils/cors";
|
||||
import { PROVIDER_MODELS, PROVIDER_ID_TO_ALIAS } from "@/shared/constants/models";
|
||||
import { AI_PROVIDERS } from "@/shared/constants/providers";
|
||||
import { getProviderConnections, getCombos, getAllCustomModels } from "@/lib/localDb";
|
||||
import { getProviderConnections, getCombos, getAllCustomModels, getSettings } from "@/lib/localDb";
|
||||
import { extractApiKey, isValidApiKey } from "@/sse/services/auth";
|
||||
import { getAllEmbeddingModels } from "@omniroute/open-sse/config/embeddingRegistry.ts";
|
||||
import { getAllImageModels } from "@omniroute/open-sse/config/imageRegistry.ts";
|
||||
import { getAllRerankModels } from "@omniroute/open-sse/config/rerankRegistry.ts";
|
||||
@@ -94,19 +95,39 @@ export async function OPTIONS() {
|
||||
* GET /v1/models - OpenAI compatible models list
|
||||
* Returns models from all active providers, combos, embeddings, and image models in OpenAI format
|
||||
*/
|
||||
export async function GET() {
|
||||
export async function GET(request: Request) {
|
||||
try {
|
||||
// Issue #100: Optionally require API key for /models (security hardening)
|
||||
// When enabled, unauthenticated requests get 404 to hide endpoint existence
|
||||
let settings: Record<string, any> = {};
|
||||
try {
|
||||
settings = await getSettings();
|
||||
} catch {}
|
||||
if (settings.requireAuthForModels === true) {
|
||||
const apiKey = extractApiKey(request);
|
||||
if (!apiKey || !(await isValidApiKey(apiKey))) {
|
||||
return new Response("Not Found", { status: 404 });
|
||||
}
|
||||
}
|
||||
|
||||
const { aliasToProviderId, providerIdToAlias } = buildAliasMaps();
|
||||
|
||||
// Issue #96: Allow blocking specific providers from the models list
|
||||
const blockedProviders: Set<string> = new Set(
|
||||
Array.isArray(settings.blockedProviders) ? settings.blockedProviders : []
|
||||
);
|
||||
|
||||
// Get active provider connections
|
||||
let connections = [];
|
||||
let totalConnectionCount = 0; // Track if DB has ANY connections (even disabled)
|
||||
try {
|
||||
connections = await getProviderConnections();
|
||||
totalConnectionCount = connections.length;
|
||||
// Filter to only active connections
|
||||
connections = connections.filter((c) => c.isActive !== false);
|
||||
} catch (e) {
|
||||
// If database not available, return all models
|
||||
console.log("Could not fetch providers, returning all models");
|
||||
// If database not available, show no provider models (safe default)
|
||||
console.log("Could not fetch providers, showing only combos/custom models");
|
||||
}
|
||||
|
||||
// Get combos
|
||||
@@ -129,8 +150,9 @@ export async function GET() {
|
||||
const models = [];
|
||||
const timestamp = Math.floor(Date.now() / 1000);
|
||||
|
||||
// Add combos first (they appear at the top)
|
||||
// Add combos first (they appear at the top) — only active ones
|
||||
for (const combo of combos) {
|
||||
if (combo.isActive === false) continue;
|
||||
models.push({
|
||||
id: combo.name,
|
||||
object: "model",
|
||||
@@ -147,12 +169,11 @@ export async function GET() {
|
||||
const providerId = aliasToProviderId[alias] || alias;
|
||||
const canonicalProviderId = FALLBACK_ALIAS_TO_PROVIDER[alias] || providerId;
|
||||
|
||||
// If we have active providers, only include those; otherwise include all
|
||||
if (
|
||||
connections.length > 0 &&
|
||||
!activeAliases.has(alias) &&
|
||||
!activeAliases.has(canonicalProviderId)
|
||||
) {
|
||||
// Skip blocked providers (Issue #96)
|
||||
if (blockedProviders.has(alias) || blockedProviders.has(canonicalProviderId)) continue;
|
||||
|
||||
// Only include models from providers with active connections
|
||||
if (!activeAliases.has(alias) && !activeAliases.has(canonicalProviderId)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -184,8 +205,16 @@ export async function GET() {
|
||||
}
|
||||
}
|
||||
|
||||
// Add embedding models
|
||||
// Helper: check if a provider is active (by provider id or alias)
|
||||
const isProviderActive = (provider: string) => {
|
||||
if (activeAliases.size === 0) return false; // No active connections = show nothing
|
||||
const alias = providerIdToAlias[provider] || provider;
|
||||
return activeAliases.has(alias) || activeAliases.has(provider);
|
||||
};
|
||||
|
||||
// Add embedding models (filtered by active providers)
|
||||
for (const embModel of getAllEmbeddingModels()) {
|
||||
if (!isProviderActive(embModel.provider)) continue;
|
||||
models.push({
|
||||
id: embModel.id,
|
||||
object: "model",
|
||||
@@ -196,8 +225,9 @@ export async function GET() {
|
||||
});
|
||||
}
|
||||
|
||||
// Add image models
|
||||
// Add image models (filtered by active providers)
|
||||
for (const imgModel of getAllImageModels()) {
|
||||
if (!isProviderActive(imgModel.provider)) continue;
|
||||
models.push({
|
||||
id: imgModel.id,
|
||||
object: "model",
|
||||
@@ -208,8 +238,9 @@ export async function GET() {
|
||||
});
|
||||
}
|
||||
|
||||
// Add rerank models
|
||||
// Add rerank models (filtered by active providers)
|
||||
for (const rerankModel of getAllRerankModels()) {
|
||||
if (!isProviderActive(rerankModel.provider)) continue;
|
||||
models.push({
|
||||
id: rerankModel.id,
|
||||
object: "model",
|
||||
@@ -219,8 +250,9 @@ export async function GET() {
|
||||
});
|
||||
}
|
||||
|
||||
// Add audio models (transcription + speech)
|
||||
// Add audio models (filtered by active providers)
|
||||
for (const audioModel of getAllAudioModels()) {
|
||||
if (!isProviderActive(audioModel.provider)) continue;
|
||||
models.push({
|
||||
id: audioModel.id,
|
||||
object: "model",
|
||||
@@ -231,8 +263,9 @@ export async function GET() {
|
||||
});
|
||||
}
|
||||
|
||||
// Add moderation models
|
||||
// Add moderation models (filtered by active providers)
|
||||
for (const modModel of getAllModerationModels()) {
|
||||
if (!isProviderActive(modModel.provider)) continue;
|
||||
models.push({
|
||||
id: modModel.id,
|
||||
object: "model",
|
||||
@@ -248,11 +281,12 @@ export async function GET() {
|
||||
for (const [providerId, providerCustomModels] of Object.entries(customModelsMap)) {
|
||||
const alias = providerIdToAlias[providerId] || providerId;
|
||||
const canonicalProviderId = FALLBACK_ALIAS_TO_PROVIDER[alias] || providerId;
|
||||
// Only include if provider is active (or no connections configured)
|
||||
// Only include if provider is active — check alias, canonical ID, or raw providerId
|
||||
// (raw check needed for OpenAI-compatible providers whose ID isn't in the alias map)
|
||||
if (
|
||||
connections.length > 0 &&
|
||||
!activeAliases.has(alias) &&
|
||||
!activeAliases.has(canonicalProviderId)
|
||||
!activeAliases.has(canonicalProviderId) &&
|
||||
!activeAliases.has(providerId)
|
||||
)
|
||||
continue;
|
||||
|
||||
|
||||
+189
-35
@@ -1,7 +1,7 @@
|
||||
"use client";
|
||||
|
||||
import { useState, useEffect } from "react";
|
||||
import { Card, Button, Input } from "@/shared/components";
|
||||
import { Button, Input } from "@/shared/components";
|
||||
import { useRouter } from "next/navigation";
|
||||
|
||||
export default function LoginPage() {
|
||||
@@ -9,9 +9,12 @@ export default function LoginPage() {
|
||||
const [error, setError] = useState("");
|
||||
const [loading, setLoading] = useState(false);
|
||||
const [hasPassword, setHasPassword] = useState(null);
|
||||
const [setupComplete, setSetupComplete] = useState(null);
|
||||
const [mounted, setMounted] = useState(false);
|
||||
const router = useRouter();
|
||||
|
||||
useEffect(() => {
|
||||
setMounted(true);
|
||||
async function checkAuth() {
|
||||
const controller = new AbortController();
|
||||
const timeoutId = setTimeout(() => controller.abort(), 5000);
|
||||
@@ -31,13 +34,15 @@ export default function LoginPage() {
|
||||
return;
|
||||
}
|
||||
setHasPassword(!!data.hasPassword);
|
||||
setSetupComplete(!!data.setupComplete);
|
||||
} else {
|
||||
// Safe fallback on non-OK response to avoid infinite loading state.
|
||||
setHasPassword(true);
|
||||
setSetupComplete(true);
|
||||
}
|
||||
} catch (err) {
|
||||
clearTimeout(timeoutId);
|
||||
setHasPassword(true);
|
||||
setSetupComplete(true);
|
||||
}
|
||||
}
|
||||
checkAuth();
|
||||
@@ -70,58 +75,207 @@ export default function LoginPage() {
|
||||
}
|
||||
};
|
||||
|
||||
// Show loading state while checking password
|
||||
if (hasPassword === null) {
|
||||
if (hasPassword === null || setupComplete === null) {
|
||||
return (
|
||||
<div className="min-h-screen flex items-center justify-center bg-bg p-4">
|
||||
<div className="text-center">
|
||||
<div className="inline-block animate-spin rounded-full h-8 w-8 border-b-2 border-primary"></div>
|
||||
<p className="text-text-muted mt-4">Loading...</p>
|
||||
<div className="min-h-screen flex items-center justify-center bg-bg">
|
||||
<div className="flex flex-col items-center gap-3">
|
||||
<div className="relative">
|
||||
<div className="w-10 h-10 border-2 border-primary/20 rounded-full"></div>
|
||||
<div className="absolute inset-0 w-10 h-10 border-2 border-primary border-t-transparent rounded-full animate-spin"></div>
|
||||
</div>
|
||||
<span className="text-sm text-text-muted">Loading...</span>
|
||||
</div>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
if (!hasPassword && !setupComplete) {
|
||||
return (
|
||||
<div className="min-h-screen flex items-center justify-center bg-bg p-6">
|
||||
<div
|
||||
className={`w-full max-w-md transition-all duration-700 ease-out ${mounted ? "opacity-100 translate-y-0" : "opacity-0 translate-y-4"}`}
|
||||
>
|
||||
<div className="text-center mb-10">
|
||||
<div className="inline-flex items-center justify-center w-20 h-20 rounded-3xl bg-gradient-to-br from-primary/10 to-primary/5 border border-primary/10 mb-6">
|
||||
<span className="material-symbols-outlined text-primary text-[40px]">
|
||||
rocket_launch
|
||||
</span>
|
||||
</div>
|
||||
<h1 className="text-3xl font-bold text-text-main tracking-tight">Welcome</h1>
|
||||
<p className="text-text-muted mt-2">
|
||||
Let's get your OmniRoute instance configured
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<div className="bg-surface border border-border rounded-2xl p-8 shadow-soft">
|
||||
<div className="text-center">
|
||||
<p className="text-text-muted leading-relaxed mb-6">
|
||||
Run the onboarding wizard to set up your password and connect your first AI
|
||||
provider.
|
||||
</p>
|
||||
<Button
|
||||
variant="primary"
|
||||
className="w-full h-11 text-sm font-medium"
|
||||
onClick={() => router.push("/dashboard/onboarding")}
|
||||
>
|
||||
Start Onboarding
|
||||
</Button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<p className="text-center text-xs text-text-muted/60 mt-8">
|
||||
OmniRoute — Unified AI API Proxy
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
if (!hasPassword && setupComplete) {
|
||||
return (
|
||||
<div className="min-h-screen flex items-center justify-center bg-bg p-6">
|
||||
<div
|
||||
className={`w-full max-w-md transition-all duration-700 ease-out ${mounted ? "opacity-100 translate-y-0" : "opacity-0 translate-y-4"}`}
|
||||
>
|
||||
<div className="text-center mb-10">
|
||||
<div className="inline-flex items-center justify-center w-20 h-20 rounded-3xl bg-gradient-to-br from-amber-500/10 to-amber-500/5 border border-amber-500/10 mb-6">
|
||||
<span className="material-symbols-outlined text-amber-500 text-[40px]">
|
||||
shield_person
|
||||
</span>
|
||||
</div>
|
||||
<h1 className="text-3xl font-bold text-text-main tracking-tight">
|
||||
Secure Your Instance
|
||||
</h1>
|
||||
<p className="text-text-muted mt-2">Password protection is not enabled</p>
|
||||
</div>
|
||||
|
||||
<div className="bg-surface border border-border rounded-2xl p-8 shadow-soft">
|
||||
<div className="text-center">
|
||||
<p className="text-text-muted leading-relaxed mb-6">
|
||||
Set a password to protect your dashboard and secure your API endpoints from
|
||||
unauthorized access.
|
||||
</p>
|
||||
<Button
|
||||
variant="primary"
|
||||
className="w-full h-11 text-sm font-medium"
|
||||
onClick={() => router.push("/dashboard/settings?tab=security")}
|
||||
>
|
||||
Configure Password
|
||||
</Button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<p className="text-center text-xs text-text-muted/60 mt-8">
|
||||
OmniRoute — Unified AI API Proxy
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
return (
|
||||
<div className="min-h-screen flex items-center justify-center bg-bg p-4">
|
||||
<div className="w-full max-w-md">
|
||||
<div className="text-center mb-8">
|
||||
<h1 className="text-3xl font-bold text-primary mb-2">OmniRoute</h1>
|
||||
<p className="text-text-muted">Enter your password to access the dashboard</p>
|
||||
</div>
|
||||
<div className="min-h-screen flex bg-bg">
|
||||
<div className="flex-1 flex items-center justify-center p-6">
|
||||
<div
|
||||
className={`w-full max-w-sm transition-all duration-700 ease-out ${mounted ? "opacity-100 translate-y-0" : "opacity-0 translate-y-4"}`}
|
||||
>
|
||||
<div className="mb-10">
|
||||
<div className="flex items-center gap-3 mb-8">
|
||||
<div className="w-10 h-10 rounded-xl bg-gradient-to-br from-primary to-primary-hover flex items-center justify-center">
|
||||
<span className="material-symbols-outlined text-white text-[20px]">hub</span>
|
||||
</div>
|
||||
<span className="text-xl font-semibold text-text-main tracking-tight">OmniRoute</span>
|
||||
</div>
|
||||
<h1 className="text-2xl font-bold text-text-main tracking-tight">Sign in</h1>
|
||||
<p className="text-text-muted mt-1.5">Enter your password to continue</p>
|
||||
</div>
|
||||
|
||||
<Card>
|
||||
<form onSubmit={handleLogin} className="flex flex-col gap-4">
|
||||
<div className="flex flex-col gap-2">
|
||||
<label className="text-sm font-medium">Password</label>
|
||||
<form onSubmit={handleLogin} className="space-y-5">
|
||||
<div className="space-y-2">
|
||||
<label className="text-sm font-medium text-text-main">Password</label>
|
||||
<Input
|
||||
type="password"
|
||||
placeholder="Enter password"
|
||||
placeholder="Enter your password"
|
||||
value={password}
|
||||
onChange={(e) => setPassword(e.target.value)}
|
||||
required
|
||||
autoFocus
|
||||
className="h-11"
|
||||
/>
|
||||
{error && <p className="text-xs text-red-500">{error}</p>}
|
||||
{error && (
|
||||
<p className="text-sm text-red-500 flex items-center gap-1.5 pt-1">
|
||||
<span className="material-symbols-outlined text-base">error</span>
|
||||
{error}
|
||||
</p>
|
||||
)}
|
||||
</div>
|
||||
|
||||
<Button type="submit" variant="primary" className="w-full" loading={loading}>
|
||||
Login
|
||||
<Button
|
||||
type="submit"
|
||||
variant="primary"
|
||||
className="w-full h-11 text-sm font-medium"
|
||||
loading={loading}
|
||||
>
|
||||
Continue
|
||||
</Button>
|
||||
|
||||
{!hasPassword && (
|
||||
<p className="text-xs text-center text-text-muted mt-2">
|
||||
Default password is <code className="bg-sidebar px-1 rounded">123456</code>
|
||||
</p>
|
||||
)}
|
||||
|
||||
<p className="text-xs text-center mt-1">
|
||||
<a href="/forgot-password" className="text-primary hover:underline">
|
||||
Forgot password?
|
||||
</a>
|
||||
</p>
|
||||
</form>
|
||||
</Card>
|
||||
|
||||
<div className="mt-6 pt-6 border-t border-border">
|
||||
<a
|
||||
href="/forgot-password"
|
||||
className="text-sm text-text-muted hover:text-primary transition-colors"
|
||||
>
|
||||
Forgot your password?
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div className="hidden lg:flex lg:w-1/2 bg-gradient-to-br from-primary/5 via-primary/3 to-transparent items-center justify-center p-12">
|
||||
<div
|
||||
className={`max-w-md transition-all duration-700 delay-200 ease-out ${mounted ? "opacity-100 translate-y-0" : "opacity-0 translate-y-4"}`}
|
||||
>
|
||||
<div className="space-y-8">
|
||||
<div>
|
||||
<h2 className="text-2xl font-bold text-text-main mb-3">Unified AI API Proxy</h2>
|
||||
<p className="text-text-muted leading-relaxed">
|
||||
Route requests to multiple AI providers through a single endpoint. Load balancing,
|
||||
failover, and usage tracking built in.
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<div className="space-y-4">
|
||||
{[
|
||||
{
|
||||
icon: "swap_horiz",
|
||||
title: "Multi-Provider",
|
||||
desc: "OpenAI, Anthropic, Google, and more",
|
||||
},
|
||||
{
|
||||
icon: "speed",
|
||||
title: "Load Balancing",
|
||||
desc: "Distribute requests intelligently",
|
||||
},
|
||||
{ icon: "analytics", title: "Usage Tracking", desc: "Monitor costs and tokens" },
|
||||
].map((item) => (
|
||||
<div
|
||||
key={item.icon}
|
||||
className="flex items-start gap-4 p-4 rounded-xl bg-surface/50 border border-border"
|
||||
>
|
||||
<div className="w-10 h-10 rounded-lg bg-primary/10 flex items-center justify-center flex-shrink-0">
|
||||
<span className="material-symbols-outlined text-primary text-[20px]">
|
||||
{item.icon}
|
||||
</span>
|
||||
</div>
|
||||
<div>
|
||||
<h3 className="font-medium text-text-main">{item.title}</h3>
|
||||
<p className="text-sm text-text-muted">{item.desc}</p>
|
||||
</div>
|
||||
</div>
|
||||
))}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
);
|
||||
|
||||
+5
-14
@@ -1,38 +1,29 @@
|
||||
"use client";
|
||||
|
||||
/**
|
||||
* Custom Not Found Page — FASE-04 Error Handling
|
||||
*
|
||||
* Displayed when a user navigates to a non-existent route.
|
||||
*/
|
||||
|
||||
import Link from "next/link";
|
||||
|
||||
export default function NotFound() {
|
||||
return (
|
||||
<div
|
||||
className="flex flex-col items-center justify-center min-h-screen p-6 bg-[var(--bg-primary,#0a0a0f)] text-[var(--text-primary,#e0e0e0)] text-center"
|
||||
className="flex flex-col items-center justify-center min-h-screen p-6 bg-bg text-text-main text-center"
|
||||
role="main"
|
||||
aria-labelledby="not-found-title"
|
||||
>
|
||||
<div
|
||||
className="text-[96px] font-extrabold leading-none mb-2 bg-gradient-to-br from-[#6366f1] via-[#8b5cf6] to-[#a855f7] bg-clip-text text-transparent"
|
||||
className="text-[96px] font-extrabold leading-none mb-2 bg-gradient-to-br from-primary to-primary-hover bg-clip-text text-transparent"
|
||||
aria-hidden="true"
|
||||
>
|
||||
404
|
||||
</div>
|
||||
<h1
|
||||
id="not-found-title"
|
||||
className="text-2xl font-semibold mb-2"
|
||||
>
|
||||
<h1 id="not-found-title" className="text-2xl font-semibold mb-2">
|
||||
Page not found
|
||||
</h1>
|
||||
<p className="text-[15px] text-[var(--text-secondary,#888)] max-w-[400px] leading-relaxed mb-8">
|
||||
<p className="text-[15px] text-text-muted max-w-[400px] leading-relaxed mb-8">
|
||||
The page you're looking for doesn't exist or has been moved.
|
||||
</p>
|
||||
<Link
|
||||
href="/dashboard"
|
||||
className="px-8 py-3 rounded-[10px] text-white text-sm font-semibold no-underline transition-all duration-200 shadow-[0_4px_16px_rgba(99,102,241,0.3)] hover:-translate-y-0.5 bg-gradient-to-br from-[#6366f1] to-[#8b5cf6] focus:outline-2 focus:outline-offset-2 focus:outline-[#6366f1]"
|
||||
className="px-8 py-3 rounded-xl text-white text-sm font-medium no-underline transition-all duration-200 shadow-warm hover:-translate-y-0.5 bg-gradient-to-br from-primary to-primary-hover hover:shadow-elevated focus:outline-2 focus:outline-offset-2 focus:outline-primary"
|
||||
aria-label="Return to dashboard"
|
||||
>
|
||||
Go to Dashboard
|
||||
|
||||
@@ -8,9 +8,20 @@
|
||||
* @see https://nextjs.org/docs/app/building-your-application/optimizing/instrumentation
|
||||
*/
|
||||
|
||||
import crypto from "crypto";
|
||||
|
||||
function ensureJwtSecret(): void {
|
||||
if (!process.env.JWT_SECRET || process.env.JWT_SECRET.trim() === "") {
|
||||
const generated = crypto.randomBytes(48).toString("base64");
|
||||
process.env.JWT_SECRET = generated;
|
||||
console.log("[STARTUP] JWT_SECRET auto-generated (random 64-char secret)");
|
||||
}
|
||||
}
|
||||
|
||||
export async function register() {
|
||||
// Only run on the server (not during build or in Edge runtime)
|
||||
if (process.env.NEXT_RUNTIME === "nodejs") {
|
||||
ensureJwtSecret();
|
||||
// Console log file capture (must be first — before any logging occurs)
|
||||
const { initConsoleInterceptor } = await import("@/lib/consoleInterceptor");
|
||||
initConsoleInterceptor();
|
||||
|
||||
@@ -14,9 +14,26 @@ import path from "node:path";
|
||||
import { fileURLToPath } from "node:url";
|
||||
import type Database from "better-sqlite3";
|
||||
|
||||
const __filename = fileURLToPath(import.meta.url);
|
||||
const __dirname = path.dirname(__filename);
|
||||
const MIGRATIONS_DIR = path.join(__dirname, "migrations");
|
||||
/**
|
||||
* Resolve the migrations directory path safely across platforms.
|
||||
* On Windows with global npm installs, `import.meta.url` may not be a valid
|
||||
* `file://` URL, causing `fileURLToPath` to throw `ERR_INVALID_FILE_URL_PATH`.
|
||||
*/
|
||||
function resolveMigrationsDir(): string {
|
||||
try {
|
||||
const metaUrl = import.meta.url;
|
||||
if (metaUrl && metaUrl.startsWith("file://")) {
|
||||
const __filename = fileURLToPath(metaUrl);
|
||||
return path.join(path.dirname(__filename), "migrations");
|
||||
}
|
||||
} catch {
|
||||
// fileURLToPath failed (e.g. Windows global install) — use fallback
|
||||
}
|
||||
// Fallback: resolve relative to cwd (works for both dev and global installs)
|
||||
return path.join(process.cwd(), "src", "lib", "db", "migrations");
|
||||
}
|
||||
|
||||
const MIGRATIONS_DIR = resolveMigrationsDir();
|
||||
|
||||
/**
|
||||
* Ensure the schema_migrations tracking table exists.
|
||||
|
||||
@@ -44,10 +44,24 @@ export const codex = {
|
||||
|
||||
return await response.json();
|
||||
},
|
||||
mapTokens: (tokens) => ({
|
||||
accessToken: tokens.access_token,
|
||||
refreshToken: tokens.refresh_token,
|
||||
idToken: tokens.id_token,
|
||||
expiresIn: tokens.expires_in,
|
||||
}),
|
||||
mapTokens: (tokens) => {
|
||||
// Extract email from id_token JWT to distinguish between accounts
|
||||
let email = null;
|
||||
if (tokens.id_token) {
|
||||
try {
|
||||
const payload = tokens.id_token.split(".")[1];
|
||||
const decoded = JSON.parse(Buffer.from(payload, "base64").toString());
|
||||
email = decoded.email || null;
|
||||
} catch {
|
||||
// Ignore JWT parsing errors
|
||||
}
|
||||
}
|
||||
return {
|
||||
accessToken: tokens.access_token,
|
||||
refreshToken: tokens.refresh_token,
|
||||
idToken: tokens.id_token,
|
||||
expiresIn: tokens.expires_in,
|
||||
email,
|
||||
};
|
||||
},
|
||||
};
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
import { QWEN_CONFIG } from "../constants/oauth";
|
||||
import { decodeJwt } from "jose";
|
||||
|
||||
export const qwen = {
|
||||
config: QWEN_CONFIG,
|
||||
@@ -45,10 +46,27 @@ export const qwen = {
|
||||
data: await response.json(),
|
||||
};
|
||||
},
|
||||
mapTokens: (tokens) => ({
|
||||
accessToken: tokens.access_token,
|
||||
refreshToken: tokens.refresh_token,
|
||||
expiresIn: tokens.expires_in,
|
||||
providerSpecificData: { resourceUrl: tokens.resource_url },
|
||||
}),
|
||||
mapTokens: (tokens) => {
|
||||
let email = null;
|
||||
let displayName = null;
|
||||
if (tokens.id_token) {
|
||||
try {
|
||||
const decoded = decodeJwt(tokens.id_token);
|
||||
email = decoded.email || decoded.preferred_username || null;
|
||||
displayName = decoded.name || email;
|
||||
} catch (e) {
|
||||
// Ignore
|
||||
}
|
||||
}
|
||||
|
||||
return {
|
||||
accessToken: tokens.access_token,
|
||||
refreshToken: tokens.refresh_token,
|
||||
expiresIn: tokens.expires_in,
|
||||
idToken: tokens.id_token,
|
||||
email,
|
||||
displayName,
|
||||
providerSpecificData: { resourceUrl: tokens.resource_url },
|
||||
};
|
||||
},
|
||||
};
|
||||
|
||||
+38
-8
@@ -1,17 +1,12 @@
|
||||
import { NextResponse } from "next/server";
|
||||
import { jwtVerify } from "jose";
|
||||
import { jwtVerify, SignJWT } from "jose";
|
||||
import { generateRequestId } from "./shared/utils/requestId";
|
||||
import { getSettings } from "./lib/localDb";
|
||||
import { isPublicRoute, verifyAuth, isAuthRequired } from "./shared/utils/apiAuth";
|
||||
import { checkBodySize, getBodySizeLimit } from "./shared/middleware/bodySizeGuard";
|
||||
import { isDraining } from "./lib/gracefulShutdown";
|
||||
|
||||
// FASE-01: Fail-fast — no hardcoded fallback. Server must have JWT_SECRET configured.
|
||||
if (!process.env.JWT_SECRET) {
|
||||
console.error("[SECURITY] JWT_SECRET is not set. Authentication will fail.");
|
||||
}
|
||||
|
||||
const SECRET = new TextEncoder().encode(process.env.JWT_SECRET);
|
||||
const SECRET = new TextEncoder().encode(process.env.JWT_SECRET || "");
|
||||
|
||||
export async function proxy(request) {
|
||||
const { pathname } = request.nextUrl;
|
||||
@@ -81,7 +76,42 @@ export async function proxy(request) {
|
||||
|
||||
if (token) {
|
||||
try {
|
||||
await jwtVerify(token, SECRET);
|
||||
const { payload } = await jwtVerify(token, SECRET);
|
||||
|
||||
// Auto-refresh: if token expires within 7 days, issue a fresh 30-day token
|
||||
const exp = payload.exp as number;
|
||||
const now = Math.floor(Date.now() / 1000);
|
||||
const REFRESH_WINDOW = 7 * 24 * 60 * 60; // 7 days in seconds
|
||||
if (exp && exp - now < REFRESH_WINDOW) {
|
||||
try {
|
||||
const freshToken = await new SignJWT({ authenticated: true })
|
||||
.setProtectedHeader({ alg: "HS256" })
|
||||
.setExpirationTime("30d")
|
||||
.sign(SECRET);
|
||||
|
||||
// Detect secure context
|
||||
const fwdProto = (request.headers.get("x-forwarded-proto") || "")
|
||||
.split(",")[0]
|
||||
.trim()
|
||||
.toLowerCase();
|
||||
const isHttps = fwdProto === "https" || request.nextUrl?.protocol === "https:";
|
||||
const useSecure = process.env.AUTH_COOKIE_SECURE === "true" || isHttps;
|
||||
|
||||
response.cookies.set("auth_token", freshToken, {
|
||||
httpOnly: true,
|
||||
secure: useSecure,
|
||||
sameSite: "lax",
|
||||
path: "/",
|
||||
});
|
||||
console.log(
|
||||
`[Middleware] JWT auto-refreshed for ${pathname} (was expiring in ${Math.round((exp - now) / 3600)}h)`
|
||||
);
|
||||
} catch (refreshErr) {
|
||||
// Refresh failed — continue with existing valid token
|
||||
console.error("[Middleware] JWT auto-refresh failed:", refreshErr.message);
|
||||
}
|
||||
}
|
||||
|
||||
return response;
|
||||
} catch (err) {
|
||||
// FASE-01: Log auth errors instead of silently redirecting
|
||||
|
||||
@@ -34,18 +34,28 @@ export default function OAuthModal({
|
||||
const callbackProcessedRef = useRef(false);
|
||||
const flowStartedRef = useRef(false);
|
||||
|
||||
// Detect if running on localhost (client-side only)
|
||||
// Detect if running on localhost or private/LAN IP (client-side only)
|
||||
// Google OAuth rejects private IPs (192.168.x.x, 10.x.x.x, etc.) the same as localhost,
|
||||
// requiring device_id/device_name. Treat them identically for redirect URI construction.
|
||||
useEffect(() => {
|
||||
if (typeof window !== "undefined") {
|
||||
setIsLocalhost(
|
||||
window.location.hostname === "localhost" || window.location.hostname === "127.0.0.1"
|
||||
);
|
||||
const hostname = window.location.hostname;
|
||||
const isLocal =
|
||||
hostname === "localhost" ||
|
||||
hostname === "127.0.0.1" ||
|
||||
hostname.startsWith("192.168.") ||
|
||||
hostname.startsWith("10.") ||
|
||||
/^172\.(1[6-9]|2\d|3[01])\./.test(hostname);
|
||||
setIsLocalhost(isLocal);
|
||||
setPlaceholderUrl(`${window.location.origin}/callback?code=...`);
|
||||
}
|
||||
}, []);
|
||||
|
||||
// Define all useCallback hooks BEFORE the useEffects that reference them
|
||||
|
||||
// Google OAuth providers that only accept pre-registered localhost redirect URIs
|
||||
const GOOGLE_OAUTH_PROVIDERS = ["antigravity", "gemini-cli"];
|
||||
|
||||
// Exchange tokens
|
||||
const exchangeTokens = useCallback(
|
||||
async (code, state) => {
|
||||
@@ -68,10 +78,26 @@ export default function OAuthModal({
|
||||
setStep("success");
|
||||
onSuccess?.();
|
||||
} catch (err) {
|
||||
setError(err.message);
|
||||
// Provide actionable guidance for redirect_uri_mismatch on Google OAuth providers
|
||||
if (
|
||||
err.message?.toLowerCase().includes("redirect_uri_mismatch") &&
|
||||
GOOGLE_OAUTH_PROVIDERS.includes(provider)
|
||||
) {
|
||||
setError(
|
||||
"redirect_uri_mismatch: As credenciais padrão do Google OAuth só funcionam em localhost. " +
|
||||
"Para uso remoto, configure suas próprias credenciais OAuth nas variáveis de ambiente: " +
|
||||
(provider === "antigravity"
|
||||
? "ANTIGRAVITY_OAUTH_CLIENT_ID e ANTIGRAVITY_OAUTH_CLIENT_SECRET"
|
||||
: "GEMINI_OAUTH_CLIENT_ID e GEMINI_OAUTH_CLIENT_SECRET") +
|
||||
". Veja o README, seção 'OAuth em Servidor Remoto'."
|
||||
);
|
||||
} else {
|
||||
setError(err.message);
|
||||
}
|
||||
setStep("error");
|
||||
}
|
||||
},
|
||||
// eslint-disable-next-line react-hooks/exhaustive-deps
|
||||
[authData, provider, onSuccess]
|
||||
);
|
||||
|
||||
@@ -209,13 +235,30 @@ export default function OAuthModal({
|
||||
}
|
||||
|
||||
// Authorization code flow
|
||||
// Always use localhost redirect_uri — this is what providers have registered.
|
||||
// On remote, the browser redirects to localhost (error page), user copies URL and pastes back.
|
||||
// Codex (OpenAI) requires exactly http://localhost:1455/auth/callback — the registered URI.
|
||||
// Other providers (Antigravity/Gemini via Google OAuth) accept any localhost port.
|
||||
// Redirect URI strategy:
|
||||
// - Codex/OpenAI: always port 1455 (registered in OAuth app)
|
||||
// - Google OAuth providers (antigravity, gemini-cli): always localhost, regardless of
|
||||
// where OmniRoute is hosted — Google only accepts pre-registered localhost URIs with
|
||||
// the built-in credentials. Remote users must configure their own credentials.
|
||||
// - Other providers on remote: use actual origin (supports PUBLIC_URL env var)
|
||||
// - Localhost: use localhost:port
|
||||
let redirectUri: string;
|
||||
if (provider === "codex" || provider === "openai") {
|
||||
redirectUri = "http://localhost:1455/auth/callback";
|
||||
} else if (GOOGLE_OAUTH_PROVIDERS.includes(provider)) {
|
||||
// Google OAuth built-in credentials only accept localhost redirect URIs.
|
||||
// Even in remote deployments we use localhost — user copies the callback URL manually.
|
||||
const port = window.location.port || "20128";
|
||||
redirectUri = `http://localhost:${port}/callback`;
|
||||
} else if (!isLocalhost) {
|
||||
// Behind reverse proxy: use actual origin (e.g., https://omniroute.example.com/callback)
|
||||
// Supports PUBLIC_URL env var override, or falls back to window.location.origin.
|
||||
const publicUrl = process.env.NEXT_PUBLIC_BASE_URL;
|
||||
const origin =
|
||||
publicUrl && publicUrl !== "http://localhost:20128"
|
||||
? publicUrl.replace(/\/$/, "")
|
||||
: window.location.origin;
|
||||
redirectUri = `${origin}/callback`;
|
||||
} else {
|
||||
const port = window.location.port || (window.location.protocol === "https:" ? "443" : "80");
|
||||
redirectUri = `http://localhost:${port}/callback`;
|
||||
@@ -450,7 +493,29 @@ export default function OAuthModal({
|
||||
{step === "input" && !isDeviceCode && (
|
||||
<>
|
||||
<div className="space-y-4">
|
||||
{!isLocalhost && (
|
||||
{/* Remote server info for Google OAuth providers */}
|
||||
{!isLocalhost && GOOGLE_OAUTH_PROVIDERS.includes(provider) && (
|
||||
<div className="rounded-lg border border-amber-500/30 bg-amber-500/10 p-3 text-xs text-amber-200">
|
||||
<span className="material-symbols-outlined text-sm align-middle mr-1">
|
||||
warning
|
||||
</span>
|
||||
<strong>Acesso remoto + Google OAuth:</strong> As credenciais padrão só aceitam
|
||||
redirect para <code>localhost</code>. Após autorizar, o browser tentará abrir
|
||||
<code>localhost</code> — copie essa URL completa e cole abaixo. Para uso
|
||||
totalmente remoto sem esse passo manual,{" "}
|
||||
<a
|
||||
href="https://github.com/diegosouzapw/OmniRoute#oauth-em-servidor-remoto"
|
||||
target="_blank"
|
||||
rel="noreferrer"
|
||||
className="underline"
|
||||
>
|
||||
configure suas próprias credenciais OAuth
|
||||
</a>
|
||||
.
|
||||
</div>
|
||||
)}
|
||||
{/* Generic remote info for other providers */}
|
||||
{!isLocalhost && !GOOGLE_OAUTH_PROVIDERS.includes(provider) && (
|
||||
<div className="rounded-lg border border-blue-500/30 bg-blue-500/10 p-3 text-xs text-blue-200">
|
||||
<span className="material-symbols-outlined text-sm align-middle mr-1">info</span>
|
||||
<strong>Remote access:</strong> Since you're accessing OmniRoute remotely,
|
||||
|
||||
@@ -32,8 +32,8 @@ const SECRET_RULES = [
|
||||
{
|
||||
name: "JWT_SECRET",
|
||||
minLength: 32,
|
||||
required: true,
|
||||
description: "JWT signing secret for dashboard authentication",
|
||||
required: false,
|
||||
description: "JWT signing secret for dashboard authentication (auto-generated if not set)",
|
||||
generateHint: "openssl rand -base64 48",
|
||||
},
|
||||
{
|
||||
|
||||
@@ -69,6 +69,9 @@ export const updateSettingsSchema = z.object({
|
||||
logRetentionDays: z.number().int().min(1).max(365).optional(),
|
||||
cloudUrl: z.string().max(500).optional(),
|
||||
baseUrl: z.string().max(500).optional(),
|
||||
setupComplete: z.boolean().optional(),
|
||||
requireAuthForModels: z.boolean().optional(),
|
||||
blockedProviders: z.array(z.string().max(100)).optional(),
|
||||
});
|
||||
|
||||
// ──── Auth Schemas ────
|
||||
|
||||
Reference in New Issue
Block a user