优化和重构代码，增加前端可以设置加密配置数据的密钥

2025-11-12 20:23:45 +08:00 · 2024-11-22 22:03:42 +08:00
parent bd68df1d9b
commit b0c1ccd0a0
12 changed files with 138 additions and 154 deletions
--- a/app/client/api.ts
+++ b/app/client/api.ts
@@ -23,7 +23,6 @@ import { SparkApi } from "./platforms/iflytek";
 import { XAIApi } from "./platforms/xai";
 import { ChatGLMApi } from "./platforms/glm";
 import { BedrockApi } from "./platforms/bedrock";
-import { encrypt } from "../utils/aws";

 export const ROLES = ["system", "user", "assistant"] as const;
 export type MessageRole = (typeof ROLES)[number];
@@ -258,8 +257,6 @@ export function getHeaders(ignoreHeaders: boolean = false) {
    const isEnabledAccessControl = accessStore.enabledAccessControl();
    const apiKey = isGoogle
      ? accessStore.googleApiKey
-      : isBedrock
-      ? accessStore.awsAccessKey // Use AWS access key for Bedrock
      : isAzure
      ? accessStore.azureApiKey
      : isAnthropic
@@ -278,6 +275,18 @@ export function getHeaders(ignoreHeaders: boolean = false) {
      ? accessStore.iflytekApiKey && accessStore.iflytekApiSecret
        ? accessStore.iflytekApiKey + ":" + accessStore.iflytekApiSecret
        : ""
+      : isBedrock
+      ? accessStore.awsRegion &&
+        accessStore.awsAccessKey &&
+        accessStore.awsSecretKey
+        ? accessStore.awsRegion +
+          "," +
+          accessStore.awsAccessKey +
+          "," +
+          accessStore.awsSecretKey +
+          "," +
+          modelConfig.model
+        : ""
      : accessStore.openaiApiKey;
    return {
      isBedrock,
@@ -303,13 +312,10 @@ export function getHeaders(ignoreHeaders: boolean = false) {
      ? "x-api-key"
      : isGoogle
      ? "x-goog-api-key"
-      : isBedrock
-      ? "x-api-key"
      : "Authorization";
  }

  const {
-    isBedrock,
    isGoogle,
    isAzure,
    isAnthropic,
@@ -322,28 +328,23 @@ export function getHeaders(ignoreHeaders: boolean = false) {

  const authHeader = getAuthHeader();

-  if (isBedrock) {
-    // Secure encryption of AWS credentials using the new encryption utility
-    headers["X-Region"] = encrypt(accessStore.awsRegion);
-    headers["X-Access-Key"] = encrypt(accessStore.awsAccessKey);
-    headers["X-Secret-Key"] = encrypt(accessStore.awsSecretKey);
+  // if (isBedrock) {
+  //   // Secure encryption of AWS credentials using the new encryption utility
+  //   headers["X-Region"] = encrypt(accessStore.awsRegion);
+  //   headers["X-Access-Key"] = encrypt(accessStore.awsAccessKey);
+  //   headers["X-Secret-Key"] = encrypt(accessStore.awsSecretKey);
+  // } else {
+  const bearerToken = getBearerToken(
+    apiKey,
+    isAzure || isAnthropic || isGoogle,
+  );

-    if (accessStore.awsSessionToken) {
-      headers["X-Session-Token"] = encrypt(accessStore.awsSessionToken);
-    }
-  } else {
-    const bearerToken = getBearerToken(
-      apiKey,
-      isAzure || isAnthropic || isGoogle,
+  if (bearerToken) {
+    headers[authHeader] = bearerToken;
+  } else if (isEnabledAccessControl && validString(accessStore.accessCode)) {
+    headers["Authorization"] = getBearerToken(
+      ACCESS_CODE_PREFIX + accessStore.accessCode,
    );
-
-    if (bearerToken) {
-      headers[authHeader] = bearerToken;
-    } else if (isEnabledAccessControl && validString(accessStore.accessCode)) {
-      headers["Authorization"] = getBearerToken(
-        ACCESS_CODE_PREFIX + accessStore.accessCode,
-      );
-    }
  }

  return headers;
--- a/app/client/platforms/bedrock.ts
+++ b/app/client/platforms/bedrock.ts
@@ -1,5 +1,6 @@
 import {
  ChatOptions,
+  getHeaders,
  LLMApi,
  SpeechOptions,
  RequestMessage,
@@ -233,23 +234,22 @@ export class BedrockApi implements LLMApi {
    const accessStore = useAccessStore.getState();
    if (!accessStore.isValidBedrock()) {
      throw new Error(
-        "Invalid AWS credentials. Please check your configuration.",
+        "Invalid AWS credentials. Please check your configuration and ensure ENCRYPTION_KEY is set.",
      );
    }

    try {
      const apiEndpoint = "/api/bedrock/chat";
-      const headers = {
-        "Content-Type": requestBody.contentType || "application/json",
-        Accept: requestBody.accept || "application/json",
-        "X-Region": accessStore.awsRegion,
-        "X-Access-Key": accessStore.awsAccessKey,
-        "X-Secret-Key": accessStore.awsSecretKey,
-        "X-Model-Id": modelConfig.model,
-        ...(accessStore.awsSessionToken && {
-          "X-Session-Token": accessStore.awsSessionToken,
-        }),
-      };
+      // const headers = {
+      //   "Content-Type": requestBody.contentType || "application/json",
+      //   Accept: requestBody.accept || "application/json",
+      //   "X-Region": accessStore.awsRegion,
+      //   "X-Access-Key": accessStore.awsAccessKey,
+      //   "X-Secret-Key": accessStore.awsSecretKey,
+      //   "X-Model-Id": modelConfig.model,
+      //   "X-Encryption-Key": accessStore.bedrockEncryptionKey,
+      // };
+      const headers = getHeaders();

      if (options.config.stream) {
        let index = -1;
@@ -274,7 +274,6 @@ export class BedrockApi implements LLMApi {
          (text: string, runTools: ChatMessageTool[]) => {
            try {
              const chunkJson = JSON.parse(text);
-              // console.log("Received chunk:", JSON.stringify(chunkJson, null, 2));
              if (chunkJson?.content_block?.type === "tool_use") {
                index += 1;
                currentToolArgs = "";
@@ -375,7 +374,6 @@ export class BedrockApi implements LLMApi {
        });

        const resJson = await res.json();
-        // console.log("Response:", JSON.stringify(resJson, null, 2));
        const message = this.extractMessage(resJson, modelConfig.model);
        // console.log("Extracted message:", message);
        options.onFinish(message, res);