work/ai-gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: work:main
Branches Tags
work:main work:tests
..
compare: work:tests
Branches Tags
work:main work:tests

2 Commits
main ... tests

Author SHA1 Message Date
Paulo Reyes
9325a4919a updated fallback logic 2026-02-10 20:27:12 +08:00
Paulo Reyes
f6ad186178 added query parameter loading for the secret key 2026-02-10 19:48:29 +08:00
9 changed files with 46 additions and 172 deletions
Expand all files Collapse all files

16
Caddyfile
View File

@@ -1,16 +0,0 @@
gateway.madebypaulo.com {
log {
output stdout
}
reverse_proxy ai-gateway:8000
}
test.ldex.dev {
reverse_proxy ai_proxy_test:8000
header {
X-Zscaler-Test "Ready"
Access-Control-Allow-Origin *
}
}

23
app/api/deps.py
View File

@@ -10,22 +10,16 @@ api_key_header = APIKeyHeader(name="X-API-Key", auto_error=False)
api_key_query = APIKeyQuery(name="api_key", auto_error=False) api_key_query = APIKeyQuery(name="api_key", auto_error=False)
# Cache keys for 5 minutes, store up to 1000 keys # Cache keys for 5 minutes, store up to 1000 keys
# This prevents a Supabase round-trip on every message
auth_cache = TTLCache(maxsize=1000, ttl=300) auth_cache = TTLCache(maxsize=1000, ttl=300)
async def get_api_key( async def get_api_key(
api_key_h: str = Security(api_key_header), api_key_header: str = Security(api_key_header),
api_key_q: str = Security(api_key_query), api_key_query: str = Security(api_key_query),
db: Session = Depends(get_db) db: Session = Depends(get_db)
): ):
# Use header if provided, otherwise fallback to query param # Use header if provided, otherwise fallback to query param
api_key = api_key_h or api_key_q api_key = api_key_header or api_key_query
# DEBUG LOGGING FOR 403 TROUBLESHOOTING
print(f"DEBUG: Auth Check - Header: {'Yes' if api_key_h else 'No'}, Query: {'Yes' if api_key_q else 'No'}")
if api_key:
print(f"DEBUG: API Key received (prefix): {api_key[:5]}...")
else:
print("DEBUG: API Key is MISSING from both header and query params")
if not api_key: if not api_key:
raise HTTPException( raise HTTPException(
@@ -44,7 +38,7 @@ async def get_api_key(
# 3. Check Database for Module key (Database round-trip) # 3. Check Database for Module key (Database round-trip)
module = db.query(Module).filter(Module.secret_key == api_key, Module.is_active == True).first() module = db.query(Module).filter(Module.secret_key == api_key, Module.is_active == True).first()
if module: if module:
# Save key to cache for next time # Save module ID to cache for next time
auth_cache[api_key] = module.id auth_cache[api_key] = module.id
return module return module
@@ -54,11 +48,12 @@ async def get_api_key(
) )
async def get_current_module( async def get_current_module(
api_key_h: str = Security(api_key_header), api_key_header: str = Security(api_key_header),
api_key_q: str = Security(api_key_query), api_key_query: str = Security(api_key_query),
db: Session = Depends(get_db) db: Session = Depends(get_db)
): ):
api_key = api_key_h or api_key_q # Use header if provided, otherwise fallback to query param
api_key = api_key_header or api_key_query
if not api_key: if not api_key:
raise HTTPException( raise HTTPException(

71
app/api/endpoints/gemini.py
View File

@@ -3,7 +3,6 @@ from app.api.deps import get_api_key, get_current_module
from app.models.module import Module from app.models.module import Module
from sqlalchemy.orm import Session from sqlalchemy.orm import Session
from app.core.database import get_db from app.core.database import get_db
from fastapi.responses import PlainTextResponse
from app.core.limiter import limiter from app.core.limiter import limiter
from app.core.config import settings from app.core.config import settings
from pydantic import BaseModel from pydantic import BaseModel
@@ -33,7 +32,7 @@ def get_gemini_client():
_client = genai.Client(api_key=settings.GOOGLE_API_KEY, http_options={'api_version': 'v1alpha'}) _client = genai.Client(api_key=settings.GOOGLE_API_KEY, http_options={'api_version': 'v1alpha'})
return _client return _client
@router.api_route("/chat", methods=["GET", "POST"]) @router.post("/chat")
@limiter.limit(settings.RATE_LIMIT) @limiter.limit(settings.RATE_LIMIT)
async def gemini_chat( async def gemini_chat(
request: Request, request: Request,
@@ -41,45 +40,23 @@ async def gemini_chat(
module: Module = Depends(get_current_module), module: Module = Depends(get_current_module),
db: Session = Depends(get_db) db: Session = Depends(get_db)
): ):
chat_data = None # Handle text/plain as JSON (fallback for CORS "Simple Requests")
content_type = request.headers.get("Content-Type", "")
if request.method == "GET": if "text/plain" in content_type:
# Handle GET requests (Ultimate Simple Request) try:
params = request.query_params body = await request.body()
if not params.get("prompt"): import json
return {"status": "error", "detail": "Missing 'prompt' query parameter"} data = json.loads(body)
chat_data = LLMRequest(**data)
chat_data = LLMRequest( except Exception as e:
prompt=params.get("prompt"), return {"status": "error", "detail": f"Failed to parse text/plain as JSON: {str(e)}"}
context=params.get("context", ""),
system_prompt=params.get("system_prompt"),
knowledge_base=params.get("knowledge_base"),
temperature=float(params.get("temperature", 0.7)),
top_p=float(params.get("top_p", 0.95)),
top_k=int(params.get("top_k", 40)),
max_output_tokens=int(params.get("max_output_tokens", 8192))
)
else: else:
# Handle POST requests # Standard JSON parsing
content_type = request.headers.get("Content-Type", "") try:
if "text/plain" in content_type: data = await request.json()
try: chat_data = LLMRequest(**data)
body = await request.body() except Exception as e:
import json return {"status": "error", "detail": f"Invalid JSON: {str(e)}"}
data = json.loads(body)
chat_data = LLMRequest(**data)
except Exception as e:
return {"status": "error", "detail": f"Failed to parse text/plain as JSON: {str(e)}"}
else:
# Standard JSON parsing
try:
data = await request.json()
chat_data = LLMRequest(**data)
except Exception as e:
return {"status": "error", "detail": f"Invalid JSON: {str(e)}"}
if not chat_data:
return {"status": "error", "detail": "Could not determine request data"}
client = get_gemini_client() client = get_gemini_client()
@@ -139,14 +116,10 @@ async def gemini_chat(
module.total_tokens += (prompt_tokens + completion_tokens) module.total_tokens += (prompt_tokens + completion_tokens)
db.commit() db.commit()
return {
"status": "success",
"model": "gemini",
"response": response.text
}
except Exception as e: except Exception as e:
return {"status": "error", "detail": str(e)} return {"status": "error", "detail": str(e)}
# Final Response
return {
"status": "success",
"model": "gemini",
"response": response.text
}

27
app/main.py
View File

@@ -1,14 +1,8 @@
from fastapi import FastAPI, Request from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware from fastapi.middleware.cors import CORSMiddleware
from slowapi import _rate_limit_exceeded_handler from slowapi import _rate_limit_exceeded_handler
from slowapi.errors import RateLimitExceeded from slowapi.errors import RateLimitExceeded
import logging
# Set up logging to stdout
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger("ai_gateway")
from app.api.router import api_router from app.api.router import api_router
from app.core.config import settings from app.core.config import settings
from app.core.limiter import limiter from app.core.limiter import limiter
@@ -37,24 +31,15 @@ def create_application() -> FastAPI:
# Mount Static Files # Mount Static Files
application.mount("/static", StaticFiles(directory="app/static"), name="static") application.mount("/static", StaticFiles(directory="app/static"), name="static")
# Debug Logger Middleware # Set up CORS
@application.middleware("http")
async def log_requests(request: Request, call_next):
logger.info(f"DEBUG: Incoming {request.method} {request.url}")
logger.info(f"DEBUG: Origin: {request.headers.get('origin')}")
response = await call_next(request)
logger.info(f"DEBUG: Status Code: {response.status_code}")
return response
# Set up fully permissive CORS for standalone/tunnelling mode
application.add_middleware( application.add_middleware(
CORSMiddleware, CORSMiddleware,
allow_origins=["*"], allow_origins=["*"],
allow_credentials=True, allow_credentials=False, # Changed to False for better compat with allow_origins=["*"]
allow_methods=["*"], allow_methods=["*"],
allow_headers=["*"], allow_headers=["*"],
) )
# Set up Rate Limiter # Set up Rate Limiter
application.state.limiter = limiter application.state.limiter = limiter
@@ -85,10 +70,6 @@ import os
async def admin_panel(): async def admin_panel():
return FileResponse("app/static/admin.html") return FileResponse("app/static/admin.html")
@app.get("/api/v1/health")
async def health_check():
return {"status": "ok", "message": "Global AI Gateway is reachable"}
@app.get("/") @app.get("/")
async def root(): async def root():
return FileResponse("app/static/index.html") return FileResponse("app/static/index.html")

2
app/static/index.html
View File

@@ -186,7 +186,7 @@
</div> </div>
<div class="footer"> <div class="footer">
&copy; 2026 Paulo Reyes. All rights reserved. &copy; 2026 AI Gateway. All rights reserved.
</div> </div>
</body> </body>

18
docker-compose.test.yml
View File

@@ -1,18 +0,0 @@
services:
ai-gateway:
build: .
container_name: ai-gateway
expose:
- "8191"
environment:
- PYTHONUNBUFFERED=1
env_file:
- .env
networks:
- gateway_net
restart: always
command: uvicorn app.main:app --host 0.0.0.0 --port 8191
networks:
gateway_net:
external: true

37
docker-compose.yml
View File

@@ -1,37 +1,20 @@
services: services:
ai-gateway: api:
build: . build: .
container_name: ai-gateway container_name: ai-gateway
networks: networks:
- ai_network - caddy_network
environment: ports:
- PYTHONUNBUFFERED=1 - "8000:8000"
env_file: env_file:
- .env - .env
restart: always restart: always
command: uvicorn app.main:app --host 0.0.0.0 --port 8000
caddy:
image: caddy:latest
container_name: caddy
restart: always
ports:
- "80:80"
- "443:443"
- "443:443/udp"
networks:
- ai_network
volumes: volumes:
- ./Caddyfile:/etc/caddy/Caddyfile - .:/app
- caddy_data:/data # Override command for development/auto-reload if needed
- caddy_config:/config command: uvicorn app.main:app --host 0.0.0.0 --port 8000 --reload
depends_on:
- ai-gateway
networks: networks:
ai_network: caddy_network:
driver: bridge # Define the network at the bottom
external: true
volumes:
caddy_data:
caddy_config:

BIN
server_log.txt Normal file
View File

Binary file not shown.

24
supabase/migrations/20260311_enable_rls_modules.sql
View File

@@ -1,24 +0,0 @@
-- Enable Row Level Security on the modules table.
-- This blocks all direct PostgREST access by default.
-- The backend app connects via the service role (DATABASE_URL), which bypasses RLS,
-- so existing functionality is unaffected.
ALTER TABLE public.modules ENABLE ROW LEVEL SECURITY;
-- Deny all access to anonymous (unauthenticated) PostgREST callers.
-- No policy = no access. This is the default when RLS is enabled, but
-- the explicit policy below makes the intent clear.
CREATE POLICY "deny_anon" ON public.modules
AS RESTRICTIVE
FOR ALL
TO anon
USING (false);
-- Deny all access to authenticated PostgREST callers too.
-- The modules table is internal admin-only and should never be
-- queried directly via the Supabase REST API.
CREATE POLICY "deny_authenticated" ON public.modules
AS RESTRICTIVE
FOR ALL
TO authenticated
USING (false);