fix: 架构审查修复 3 个 bug
1. instanceSalt 空值兼容:salt 为空时保持原始 hash 格式不变 避免升级后所有 user_id hash 突变触发 Anthropic 检测 2. doViaNodeTLSProxy 克隆请求:不修改原始 req 对象 修复重试时 URL 已被改写导致请求失败 3. Sora doSoraBackendJSON 漏改:补上 sidecar 路由
This commit is contained in:
win
parent
e909214ee5
commit
2b0192e704
@ -284,27 +284,26 @@ func (s *httpUpstreamService) doViaNodeTLSProxy(req *http.Request, proxyURL stri
|
|||||||
listenPort = 3456
|
listenPort = 3456
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 克隆请求,避免修改原始 req(重试时需要原始 URL)
|
||||||
|
proxyReq := req.Clone(req.Context())
|
||||||
|
proxyReq.Body = req.Body // Clone 不复制 Body
|
||||||
|
|
||||||
// 保存原始目标主机,通过自定义头传给 Node.js 代理
|
// 保存原始目标主机,通过自定义头传给 Node.js 代理
|
||||||
originalHost := req.URL.Host
|
originalHost := req.URL.Host
|
||||||
req.Header.Set("X-Forwarded-Host", originalHost)
|
proxyReq.Header.Set("X-Forwarded-Host", originalHost)
|
||||||
|
|
||||||
// 重写请求 URL:https://api.anthropic.com/v1/... → http://127.0.0.1:3456/v1/...
|
// 重写请求 URL:https://api.anthropic.com/v1/... → http://127.0.0.1:3456/v1/...
|
||||||
originalURL := req.URL.String()
|
proxyReq.URL.Scheme = "http"
|
||||||
req.URL.Scheme = "http"
|
proxyReq.URL.Host = fmt.Sprintf("%s:%d", listenHost, listenPort)
|
||||||
req.URL.Host = fmt.Sprintf("%s:%d", listenHost, listenPort)
|
|
||||||
|
|
||||||
slog.Debug("node_tls_proxy_rewrite",
|
slog.Debug("node_tls_proxy_rewrite",
|
||||||
"account_id", accountID,
|
"account_id", accountID,
|
||||||
"original_url", originalURL,
|
|
||||||
"original_host", originalHost,
|
"original_host", originalHost,
|
||||||
"rewritten_to", req.URL.String(),
|
"rewritten_to", proxyReq.URL.Host,
|
||||||
)
|
)
|
||||||
|
|
||||||
// 递归保护:标记已经过代理重写,避免 Do() 再次进入本方法
|
|
||||||
req.URL.Scheme = "http" // Do() 只拦截 scheme=="https",http 会走正常路径
|
|
||||||
|
|
||||||
// 通过标准 HTTP 客户端发送(不需要 TLS,代理是本地 HTTP)
|
// 通过标准 HTTP 客户端发送(不需要 TLS,代理是本地 HTTP)
|
||||||
return s.Do(req, "", accountID, accountConcurrency)
|
return s.Do(proxyReq, "", accountID, accountConcurrency)
|
||||||
}
|
}
|
||||||
|
|
||||||
// acquireClientWithTLS 获取或创建带 TLS 指纹的客户端
|
// acquireClientWithTLS 获取或创建带 TLS 指纹的客户端
|
||||||
|
|||||||
@ -268,7 +268,12 @@ func (s *IdentityService) RewriteUserID(body []byte, accountID int64, accountUUI
|
|||||||
|
|
||||||
// 生成新的session hash: SHA256(salt::accountID::sessionTail) -> UUID格式
|
// 生成新的session hash: SHA256(salt::accountID::sessionTail) -> UUID格式
|
||||||
// instanceSalt 使不同 sub2api 实例对相同输入产生不同的 hash
|
// instanceSalt 使不同 sub2api 实例对相同输入产生不同的 hash
|
||||||
seed := fmt.Sprintf("%s::%d::%s", s.instanceSalt, accountID, sessionTail)
|
var seed string
|
||||||
|
if s.instanceSalt != "" {
|
||||||
|
seed = fmt.Sprintf("%s::%d::%s", s.instanceSalt, accountID, sessionTail)
|
||||||
|
} else {
|
||||||
|
seed = fmt.Sprintf("%d::%s", accountID, sessionTail)
|
||||||
|
}
|
||||||
newSessionHash := generateUUIDFromSeed(seed)
|
newSessionHash := generateUUIDFromSeed(seed)
|
||||||
|
|
||||||
// 根据客户端版本选择输出格式
|
// 根据客户端版本选择输出格式
|
||||||
|
|||||||
@ -723,7 +723,7 @@ func (c *SoraSDKClient) doSoraBackendJSON(
|
|||||||
|
|
||||||
var resp *http.Response
|
var resp *http.Response
|
||||||
if c.httpUpstream != nil {
|
if c.httpUpstream != nil {
|
||||||
resp, err = c.httpUpstream.Do(req, proxyURL, accountID, accountConcurrency)
|
resp, err = c.doSoraHTTP(req, proxyURL, accountID, accountConcurrency)
|
||||||
} else {
|
} else {
|
||||||
resp, err = http.DefaultClient.Do(req)
|
resp, err = http.DefaultClient.Do(req)
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user