zfc/sub2api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Enable TLS fingerprint routing for Antigravity API requests

Browse Source 
**Bug Fix**: TLS fingerprint routing was disabled by default
- isTLSFingerprintRoutingEnabled() was checking NodeTLSProxy.Enabled (default: false)
- Should check TLSFingerprint.Enabled (default: true)
- This caused all Antigravity requests to lack proper TLS fingerprinting

**Changes**:
- Use correct config flag: s.cfg.Gateway.TLSFingerprint.Enabled
- Add cloudcode-pa.googleapis.com and daily sandbox variant to default routing list
- Requests now properly emulate Claude CLI (Node.js 24.x) TLS fingerprint

**Impact**:
- Antigravity API requests now use JA3/JA4 fingerprinting to avoid 503 monitoring blocks
- Proper TLS handshake matching real Claude IDE behavior
- Fixes 'context deadline exceeded' and intermittent 503 errors

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
win 2026-04-10 23:13:21 +08:00
parent b01a44cd39
commit dad970f739
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
backend/internal/repository/http_upstream_antigravity.go
View File

@ -23,17 +23,17 @@ import (
)
// isTLSFingerprintRoutingEnabled 检查 TLS 指纹路由是否启用
// 复用 NodeTLSProxy.Enabled 配置项,保持配置兼容
// 使用 TLSFingerprint.Enabled 配置项(而不是旧的 NodeTLSProxy.Enabled
func (s *httpUpstreamService) isTLSFingerprintRoutingEnabled() bool {
if s.cfg == nil {
return false
}
return s.cfg.Gateway.NodeTLSProxy.Enabled
return s.cfg.Gateway.TLSFingerprint.Enabled
}
// shouldRouteWithTLSFingerprint 判断请求是否应该使用 TLS 指纹
// 拦截目标主机在 proxy_hosts 白名单中的 HTTPS 请求
// 白名单为空时默认只代理 api.anthropic.com。
// 拦截目标主机在 proxy_hosts 白名单中的 HTTPS 请求
// 白名单为空时默认代理 api.anthropic.com 和 Antigravity API 主机
func (s *httpUpstreamService) shouldRouteWithTLSFingerprint(req *http.Request) bool {
if req == nil || req.URL == nil || req.URL.Scheme != "https" {
return false
@ -45,7 +45,13 @@ func (s *httpUpstreamService) shouldRouteWithTLSFingerprint(req *http.Request) b
hosts := s.cfg.Gateway.NodeTLSProxy.ProxyHosts
if len(hosts) == 0 {
return reqHost == "api.anthropic.com"
// 默认白名单api.anthropic.com 和 Antigravity API 主机
defaultHosts := map[string]bool{
"api.anthropic.com": true,
"cloudcode-pa.googleapis.com": true,
"daily-cloudcode-pa.sandbox.googleapis.com": true,
}
return defaultHosts[reqHost]
}
for _, h := range hosts {
if reqHost == h {