zfc/sub2api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 架构审查修复 3 个 bug
Some checks failed
CI / test (push) Failing after 4s
Details
CI / golangci-lint (push) Failing after 5s
Details
Security Scan / backend-security (push) Failing after 5s
Details
Security Scan / frontend-security (push) Failing after 6s
Details

Browse Source 
1. instanceSalt 空值兼容:salt 为空时保持原始 hash 格式不变
   避免升级后所有 user_id hash 突变触发 Anthropic 检测
2. doViaNodeTLSProxy 克隆请求:不修改原始 req 对象
   修复重试时 URL 已被改写导致请求失败
3. Sora doSoraBackendJSON 漏改:补上 sidecar 路由
This commit is contained in:
win 2026-03-22 11:39:20 +08:00
parent e909214ee5
commit 2b0192e704
3 changed files with 16 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
backend/internal/repository/http_upstream.go
View File

@ -284,27 +284,26 @@ func (s *httpUpstreamService) doViaNodeTLSProxy(req *http.Request, proxyURL stri
listenPort = 3456
}
// 克隆请求,避免修改原始 req重试时需要原始 URL
proxyReq := req.Clone(req.Context())
proxyReq.Body = req.Body // Clone 不复制 Body
// 保存原始目标主机,通过自定义头传给 Node.js 代理
originalHost := req.URL.Host
req.Header.Set("X-Forwarded-Host", originalHost)
proxyReq.Header.Set("X-Forwarded-Host", originalHost)
// 重写请求 URLhttps://api.anthropic.com/v1/... → http://127.0.0.1:3456/v1/...
originalURL := req.URL.String()
req.URL.Scheme = "http"
req.URL.Host = fmt.Sprintf("%s:%d", listenHost, listenPort)
proxyReq.URL.Scheme = "http"
proxyReq.URL.Host = fmt.Sprintf("%s:%d", listenHost, listenPort)
slog.Debug("node_tls_proxy_rewrite",
"account_id", accountID,
"original_url", originalURL,
"original_host", originalHost,
"rewritten_to", req.URL.String(),
"rewritten_to", proxyReq.URL.Host,
)
// 递归保护:标记已经过代理重写,避免 Do() 再次进入本方法
req.URL.Scheme = "http" // Do() 只拦截 scheme=="https"http 会走正常路径
// 通过标准 HTTP 客户端发送(不需要 TLS代理是本地 HTTP
return s.Do(req, "", accountID, accountConcurrency)
return s.Do(proxyReq, "", accountID, accountConcurrency)
}
// acquireClientWithTLS 获取或创建带 TLS 指纹的客户端

7
backend/internal/service/identity_service.go
View File

@ -268,7 +268,12 @@ func (s *IdentityService) RewriteUserID(body []byte, accountID int64, accountUUI
// 生成新的session hash: SHA256(salt::accountID::sessionTail) -> UUID格式
// instanceSalt 使不同 sub2api 实例对相同输入产生不同的 hash
seed := fmt.Sprintf("%s::%d::%s", s.instanceSalt, accountID, sessionTail)
var seed string
if s.instanceSalt != "" {
seed = fmt.Sprintf("%s::%d::%s", s.instanceSalt, accountID, sessionTail)
} else {
seed = fmt.Sprintf("%d::%s", accountID, sessionTail)
}
newSessionHash := generateUUIDFromSeed(seed)
// 根据客户端版本选择输出格式

2
backend/internal/service/sora_sdk_client.go
View File

@ -723,7 +723,7 @@ func (c *SoraSDKClient) doSoraBackendJSON(
var resp *http.Response
if c.httpUpstream != nil {
resp, err = c.httpUpstream.Do(req, proxyURL, accountID, accountConcurrency)
resp, err = c.doSoraHTTP(req, proxyURL, accountID, accountConcurrency)
} else {
resp, err = http.DefaultClient.Do(req)
}