-
Notifications
You must be signed in to change notification settings - Fork 59.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: built-in plugin dalle3 error #5787 #5795
Conversation
Someone is attempting to deploy a commit to the NextChat Team on Vercel. A member of the Team first needs to authorize it. |
WalkthroughThe changes in this pull request focus on enhancing the Changes
Possibly related PRs
Suggested reviewers
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? πͺ§ TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
π§Ή Outside diff range and nitpick comments (1)
app/api/proxy.ts (1)
Line range hint
1-83
: Security enhancement confirmationThe implementation successfully addresses the security concern by moving the OpenAI API key handling to the server side. This change:
- Prevents client-side exposure of the API key
- Maintains proper header sanitization
- Preserves existing security measures
Consider adding request logging for security monitoring.
Add debug logging for security monitoring:
if (baseUrl?.includes("api.openai.com")) { + console.log("[Proxy Route] Handling OpenAI API request"); headers.set("Authorization", `Bearer ${serverConfig.apiKey}`); }
π Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
π Files selected for processing (1)
app/api/proxy.ts
(3 hunks)
π Additional comments (2)
app/api/proxy.ts (2)
2-2
: LGTM: Secure server-side configuration handling
The addition of server-side configuration handling is well-placed and follows security best practices by keeping sensitive data server-side.
Also applies to: 13-13
Line range hint 41-83
: Verify impact on other API endpoints
The proxy implementation looks robust, but let's ensure the new OpenAI-specific changes don't affect other API endpoints.
β Verification successful
Let me gather more information about the API endpoints and their implementations.
Based on the comprehensive analysis of the codebase, I can now provide a final response regarding the impact of the OpenAI-specific changes on other API endpoints.
Content-encoding header removal is safe for other endpoints
The changes to handle content-encoding are specific to OpenAI's API behavior and won't affect other endpoints because:
- The content-encoding header removal is only implemented in the proxy route which is used exclusively by OpenAI endpoints (verified by checking x-base-url usage)
- Other API providers (Anthropic, Google, Azure, etc.) have their own dedicated route handlers with separate header management
- Each provider's route handler implements its own header sanitization specific to that provider's needs
π Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check for other API endpoints that might be affected by these changes
# Look for other API endpoint configurations or usages
echo "Checking for other API endpoint configurations..."
rg -l "x-base-url" --type ts
# Look for other proxy route handlers
echo "Checking for other proxy implementations..."
ast-grep --pattern 'export async function handle(req: NextRequest, $$$)'
Length of output: 326
Script:
#!/bin/bash
# Search for all route handlers in the API directory
echo "Checking API route handlers..."
fd . app/api -t f -e ts -x cat {}
# Search for fetch implementations
echo "Checking fetch implementations..."
ast-grep --pattern 'fetch($_, $_)'
Length of output: 70205
app/api/proxy.ts
Outdated
// if dalle3 use openai api key | ||
if (req.headers.get("x-base-url")?.includes("openai")) { | ||
headers.set("Authorization", `Bearer ${serverConfig.apiKey}`); | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
π οΈ Refactor suggestion
Enhance API key injection robustness
While the implementation addresses the core issue, consider these improvements for better reliability:
- Use a more specific check for OpenAI endpoints
- Add validation for the API key
- Include proper error handling
Consider this enhanced implementation:
- if (req.headers.get("x-base-url")?.includes("openai")) {
- headers.set("Authorization", `Bearer ${serverConfig.apiKey}`);
+ const baseUrl = req.headers.get("x-base-url");
+ if (baseUrl?.includes("api.openai.com")) {
+ if (!serverConfig.apiKey) {
+ return NextResponse.json(
+ { error: "OpenAI API key not configured" },
+ { status: 500 }
+ );
+ }
+ headers.set("Authorization", `Bearer ${serverConfig.apiKey}`);
}
π Committable suggestion
βΌοΈ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
// if dalle3 use openai api key | |
if (req.headers.get("x-base-url")?.includes("openai")) { | |
headers.set("Authorization", `Bearer ${serverConfig.apiKey}`); | |
} | |
// if dalle3 use openai api key | |
const baseUrl = req.headers.get("x-base-url"); | |
if (baseUrl?.includes("api.openai.com")) { | |
if (!serverConfig.apiKey) { | |
return NextResponse.json( | |
{ error: "OpenAI API key not configured" }, | |
{ status: 500 } | |
); | |
} | |
headers.set("Authorization", `Bearer ${serverConfig.apiKey}`); | |
} |
app/api/proxy.ts
Outdated
@@ -31,6 +33,11 @@ export async function handle( | |||
return true; | |||
}), | |||
); | |||
// if dalle3 use openai api key | |||
if (req.headers.get("x-base-url")?.includes("openai")) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
includes('api.openai.com')
Update proxy.ts
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
π§Ή Outside diff range and nitpick comments (1)
app/api/proxy.ts (1)
36-46
: Add documentation for the API key injection logicConsider adding a comment block explaining the DALL-E 3 specific handling and the security implications of server-side API key management.
+ // DALL-E 3 requests require server-side API key injection + // We only inject the key for api.openai.com to prevent key leakage const baseUrl = req.headers.get("x-base-url");
π Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
π Files selected for processing (1)
app/api/proxy.ts
(3 hunks)
π Additional comments (2)
app/api/proxy.ts (2)
Line range hint 2-13
: LGTM: Clean server configuration integration
The server-side configuration is properly imported and initialized early in the request handling flow, following good practices for configuration management.
36-46
: Verify error handling behavior
The API key injection logic looks secure, but let's verify the error handling behavior in various scenarios.
Let's verify the error handling implementation:
β Verification successful
Error handling implementation is secure and consistent
The error handling for the OpenAI API key is properly implemented:
- Returns a clear, non-revealing error message when API key is missing
- Uses appropriate HTTP 500 status code for server configuration issues
- Consistently checks for API key presence before using it
- No sensitive information is exposed in error messages
The implementation aligns with security best practices for API key handling and error responses.
π Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Verify error handling for OpenAI API requests
# Test cases:
# 1. Check for proper error message construction
# 2. Verify no sensitive information in error responses
# Search for other error handling patterns in the codebase
rg -A 2 'OpenAI API key not configured'
# Check for any potential sensitive information leakage in error messages
rg -g '*.ts' -g '*.js' 'serverConfig.apiKey.*error'
Length of output: 238
Script:
#!/bin/bash
# Let's perform a more comprehensive check of error handling patterns
# Check for all error responses in the proxy endpoint
rg -A 5 'NextResponse.json.*error' app/api/proxy.ts
# Look for other uses of serverConfig.apiKey to ensure consistent error handling
rg -A 3 'serverConfig.apiKey'
# Check the structure of serverConfig to understand the API key handling
ast-grep --pattern 'const serverConfig = {
$$$
}'
Length of output: 820
Your build has completed! |
commit 38fa305 Author: lloydzhou <[email protected]> Date: Mon Nov 11 13:26:08 2024 +0800 update version commit 289aeec Merge: f8f6954 7d71da9 Author: Lloyd Zhou <[email protected]> Date: Mon Nov 11 13:19:26 2024 +0800 Merge pull request ChatGPTNextWeb#5786 from ConnectAI-E/feature/realtime-chat Feature/realtime chat commit 7d71da9 Author: lloydzhou <[email protected]> Date: Mon Nov 11 13:15:09 2024 +0800 remove close-24 svg commit f8f6954 Merge: 6e03f32 64aa760 Author: Lloyd Zhou <[email protected]> Date: Mon Nov 11 13:13:09 2024 +0800 Merge pull request ChatGPTNextWeb#5779 from ConnectAI-E/feature/model/claude35haiku add claude35haiku & not support vision commit 6e03f32 Merge: 108069a 18a6571 Author: Lloyd Zhou <[email protected]> Date: Mon Nov 11 13:10:00 2024 +0800 Merge pull request ChatGPTNextWeb#5795 from JingSyue/main fix: built-in plugin dalle3 error ChatGPTNextWeb#5787 commit 18a6571 Author: JingSyue <[email protected]> Date: Mon Nov 11 12:59:29 2024 +0800 Update proxy.ts Update proxy.ts commit 14f444e Author: Dogtiti <[email protected]> Date: Mon Nov 11 11:47:41 2024 +0800 doc: realtime chat commit 2b0f2e5 Author: JingSyue <[email protected]> Date: Sun Nov 10 10:28:25 2024 +0800 fix: built-in plugin dalle3 error ChatGPTNextWeb#5787 commit 4629b39 Author: Dogtiti <[email protected]> Date: Sat Nov 9 16:22:01 2024 +0800 chore: comment context history commit d33e772 Author: Dogtiti <[email protected]> Date: Fri Nov 8 22:39:17 2024 +0800 feat: voice print commit 89136fb Author: Dogtiti <[email protected]> Date: Fri Nov 8 22:18:39 2024 +0800 feat: voice print commit 8b4ca13 Author: Dogtiti <[email protected]> Date: Fri Nov 8 22:02:31 2024 +0800 feat: voice print commit a4c9eaf Author: lloydzhou <[email protected]> Date: Fri Nov 8 13:43:13 2024 +0800 do not save empty audio file commit 50e6310 Author: lloydzhou <[email protected]> Date: Fri Nov 8 13:21:40 2024 +0800 merge code and get analyser data commit 48a1e8a Author: Dogtiti <[email protected]> Date: Thu Nov 7 21:32:47 2024 +0800 chore: i18n commit e44ebe3 Author: Dogtiti <[email protected]> Date: Thu Nov 7 21:28:23 2024 +0800 feat: realtime config commit 108069a Merge: fbb9385 d5bda29 Author: Lloyd Zhou <[email protected]> Date: Thu Nov 7 20:06:30 2024 +0800 Merge pull request ChatGPTNextWeb#5788 from ConnectAI-E/fix-o1-maxtokens chore: o1樑εδ½Ώη¨max_completion_tokens commit d5bda29 Author: DDMeaqua <[email protected]> Date: Thu Nov 7 19:45:27 2024 +0800 chore: o1樑εδ½Ώη¨max_completion_tokens commit 283caba Author: lloydzhou <[email protected]> Date: Thu Nov 7 18:57:57 2024 +0800 stop streaming play after get input audio. commit b78e5db Author: lloydzhou <[email protected]> Date: Thu Nov 7 17:55:51 2024 +0800 add temperature config commit 46c469b Author: lloydzhou <[email protected]> Date: Thu Nov 7 17:47:55 2024 +0800 add voice config commit c00ebbe Author: lloydzhou <[email protected]> Date: Thu Nov 7 17:40:03 2024 +0800 update commit c526ff8 Author: lloydzhou <[email protected]> Date: Thu Nov 7 17:23:20 2024 +0800 update commit 0037b0c Author: lloydzhou <[email protected]> Date: Thu Nov 7 17:03:04 2024 +0800 ts error commit 6f81bb3 Author: lloydzhou <[email protected]> Date: Thu Nov 7 16:56:15 2024 +0800 add context after connected commit 7bdc45e Author: lloydzhou <[email protected]> Date: Thu Nov 7 16:41:24 2024 +0800 connect realtime model when open panel commit 88cd3ac Author: Dogtiti <[email protected]> Date: Thu Nov 7 12:16:11 2024 +0800 fix: ts error commit 4988d2e Author: Dogtiti <[email protected]> Date: Thu Nov 7 11:56:58 2024 +0800 fix: ts error commit 8deb7a9 Author: lloydzhou <[email protected]> Date: Thu Nov 7 11:53:01 2024 +0800 hotfix for update target session commit db060d7 Author: lloydzhou <[email protected]> Date: Thu Nov 7 11:45:38 2024 +0800 upload save record wav file commit 5226278 Author: lloydzhou <[email protected]> Date: Thu Nov 7 09:36:22 2024 +0800 upload save wav file logic commit cf46d5a Author: lloydzhou <[email protected]> Date: Thu Nov 7 01:12:08 2024 +0800 upload response audio, and update audio_url to session message commit a494152 Author: Dogtiti <[email protected]> Date: Wed Nov 6 22:30:02 2024 +0800 feat: audio to message commit f6e1f83 Author: Dogtiti <[email protected]> Date: Wed Nov 6 22:07:33 2024 +0800 wip commit d544eea Author: Dogtiti <[email protected]> Date: Wed Nov 6 21:14:45 2024 +0800 feat: realtime chat ui commit fbb9385 Merge: 6ded4e9 18144c3 Author: Lloyd Zhou <[email protected]> Date: Wed Nov 6 20:33:51 2024 +0800 Merge pull request ChatGPTNextWeb#5782 from ConnectAI-E/style/classname style: improve classname by clsx commit 18144c3 Author: Dogtiti <[email protected]> Date: Wed Nov 6 20:16:38 2024 +0800 chore: clsx commit 64aa760 Author: opchips <[email protected]> Date: Wed Nov 6 19:18:05 2024 +0800 update claude rank commit e0bbb8b Author: Dogtiti <[email protected]> Date: Wed Nov 6 16:58:26 2024 +0800 style: improve classname by clsx commit 6667ee1 Merge: 3086a2f 6ded4e9 Author: opchips <[email protected]> Date: Wed Nov 6 15:08:18 2024 +0800 merge main commit 6ded4e9 Merge: f4c9410 85cdcab Author: Lloyd Zhou <[email protected]> Date: Wed Nov 6 15:04:46 2024 +0800 Merge pull request ChatGPTNextWeb#5778 from ConnectAI-E/fix/5436 fix: botMessage reply date commit 85cdcab Author: Dogtiti <[email protected]> Date: Wed Nov 6 14:53:08 2024 +0800 fix: botMessage reply date commit f4c9410 Merge: f526d6f adf7d82 Author: Lloyd Zhou <[email protected]> Date: Wed Nov 6 14:02:20 2024 +0800 Merge pull request ChatGPTNextWeb#5776 from ConnectAI-E/feat-glm fix: glm chatpath commit adf7d82 Author: DDMeaqua <[email protected]> Date: Wed Nov 6 13:55:57 2024 +0800 fix: glm chatpath commit 3086a2f Author: opchips <[email protected]> Date: Wed Nov 6 12:56:24 2024 +0800 add claude35haiku not vision commit f526d6f Merge: f3603e5 106461a Author: Lloyd Zhou <[email protected]> Date: Wed Nov 6 11:16:33 2024 +0800 Merge pull request ChatGPTNextWeb#5774 from ConnectAI-E/feature/update-target-session fix: updateCurrentSession => updateTargetSession commit 106461a Merge: c4e19db f3603e5 Author: Dogtiti <[email protected]> Date: Wed Nov 6 11:08:41 2024 +0800 Merge branch 'main' of https://github.com/ConnectAI-E/ChatGPT-Next-Web into feature/update-target-session commit c4e19db Author: Dogtiti <[email protected]> Date: Wed Nov 6 11:06:18 2024 +0800 fix: updateCurrentSession => updateTargetSession commit f3603e5 Merge: 00d6cb2 8e2484f Author: Dogtiti <[email protected]> Date: Wed Nov 6 10:49:28 2024 +0800 Merge pull request ChatGPTNextWeb#5769 from ryanhex53/fix-model-multi@ Custom model names can include the `@` symbol by itself. commit 8e2484f Author: ryanhex53 <[email protected]> Date: Tue Nov 5 13:52:54 2024 +0000 Refactor: Replace all provider split occurrences with getModelProvider utility method commit 00d6cb2 Author: lloydzhou <[email protected]> Date: Tue Nov 5 17:42:55 2024 +0800 update version commit b844045 Author: ryanhex53 <[email protected]> Date: Tue Nov 5 07:44:12 2024 +0000 Custom model names can include the `@` symbol by itself. To specify the model's provider, append it after the model name using `@` as before. This format supports cases like `google vertex ai` with a model name like `claude-3-5-sonnet@20240620`. For instance, `claude-3-5-sonnet@20240620@vertex-ai` will be split by `split(/@(?!.*@)/)` into: `[ 'claude-3-5-sonnet@20240620', 'vertex-ai' ]`, where the former is the model name and the latter is the custom provider. commit e49fe97 Merge: 14f7519 e49466f Author: Lloyd Zhou <[email protected]> Date: Tue Nov 5 15:07:52 2024 +0800 Merge pull request ChatGPTNextWeb#5765 from ConnectAI-E/feature/onfinish feat: update real 'currentSession' commit 14f7519 Merge: 820ab54 0ec4233 Author: Dogtiti <[email protected]> Date: Tue Nov 5 11:07:52 2024 +0800 Merge pull request ChatGPTNextWeb#5767 from ConnectAI-E/feat-glm chore: update readme commit 0ec4233 Author: DDMeaqua <[email protected]> Date: Tue Nov 5 11:06:20 2024 +0800 chore: update readme commit 820ab54 Merge: 0dc4071 a6c1eb2 Author: Dogtiti <[email protected]> Date: Tue Nov 5 10:54:52 2024 +0800 Merge pull request ChatGPTNextWeb#5766 from ConnectAI-E/feature/add-claude-haiku3.5 Feature/add claude haiku3.5 commit a6c1eb2 Merge: 801dc41 0dc4071 Author: lloydzhou <[email protected]> Date: Tue Nov 5 10:23:15 2024 +0800 add claude 3.5 haiku commit 0dc4071 Merge: aef535f 4d39497 Author: Lloyd Zhou <[email protected]> Date: Tue Nov 5 01:10:06 2024 +0800 Merge pull request ChatGPTNextWeb#5464 from endless-learner/main Added 1-click deployment link for Alibaba Cloud. commit 4d39497 Author: Lloyd Zhou <[email protected]> Date: Tue Nov 5 01:09:27 2024 +0800 merge main commit aef535f Merge: 686a80e fbb7a1e Author: Dogtiti <[email protected]> Date: Mon Nov 4 21:41:11 2024 +0800 Merge pull request ChatGPTNextWeb#5753 from ChatGPTNextWeb/feat-bt-doc Feat bt doc commit 686a80e Merge: 5733e3c 4b93370 Author: Dogtiti <[email protected]> Date: Mon Nov 4 21:37:34 2024 +0800 Merge pull request ChatGPTNextWeb#5764 from ChatGPTNextWeb/dependabot/npm_and_yarn/testing-library/react-16.0.1 chore(deps-dev): bump @testing-library/react from 16.0.0 to 16.0.1 commit e49466f Author: Dogtiti <[email protected]> Date: Mon Nov 4 21:25:56 2024 +0800 feat: update real 'currentSession' commit 4b93370 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Nov 4 10:24:30 2024 +0000 chore(deps-dev): bump @testing-library/react from 16.0.0 to 16.0.1 Bumps [@testing-library/react](https://github.com/testing-library/react-testing-library) from 16.0.0 to 16.0.1. - [Release notes](https://github.com/testing-library/react-testing-library/releases) - [Changelog](https://github.com/testing-library/react-testing-library/blob/main/CHANGELOG.md) - [Commits](testing-library/react-testing-library@v16.0.0...v16.0.1) --- updated-dependencies: - dependency-name: "@testing-library/react" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> commit 5733e3c Merge: d66bfc6 44fc5b5 Author: Dogtiti <[email protected]> Date: Mon Nov 4 17:16:44 2024 +0800 Merge pull request ChatGPTNextWeb#5759 from ConnectAI-E/feature/onfinish Feature/onfinish commit 44fc5b5 Author: Dogtiti <[email protected]> Date: Mon Nov 4 17:00:45 2024 +0800 fix: onfinish responseRes commit 2d3f7c9 Author: Dogtiti <[email protected]> Date: Wed Oct 16 15:17:08 2024 +0800 fix: vision model dalle3 commit fe8cca3 Merge: adf97c6 d66bfc6 Author: GH Action - Upstream Sync <[email protected]> Date: Sat Nov 2 01:12:09 2024 +0000 Merge branch 'main' of https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web commit fbb7a1e Author: weige <[email protected]> Date: Fri Nov 1 18:20:16 2024 +0800 fix commit fb2c155 Author: weige <[email protected]> Date: Fri Nov 1 17:45:50 2024 +0800 fix commit c2c52a1 Author: weige <[email protected]> Date: Fri Nov 1 17:35:34 2024 +0800 fix commit 106ddc1 Author: weige <[email protected]> Date: Fri Nov 1 17:35:09 2024 +0800 fix commit 17d5209 Author: weige <[email protected]> Date: Fri Nov 1 17:28:20 2024 +0800 add bt install doc commit adf97c6 Merge: 7c466c9 0581e37 Author: GH Action - Upstream Sync <[email protected]> Date: Fri Nov 1 01:18:59 2024 +0000 Merge branch 'main' of https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web commit 7c466c9 Merge: b0d28eb a0fa4d7 Author: GH Action - Upstream Sync <[email protected]> Date: Thu Oct 31 01:14:28 2024 +0000 Merge branch 'main' of https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web commit b0d28eb Merge: 064e964 613d67e Author: endless-learner <[email protected]> Date: Tue Oct 29 14:38:49 2024 -0700 Merge branch 'main' into main commit 801dc41 Author: lloydzhou <[email protected]> Date: Thu Oct 24 15:28:05 2024 +0800 add claude-3.5-haiku commit 064e964 Author: endless-learner <[email protected]> Date: Tue Sep 24 23:05:32 2024 -0700 Updated link to deploy on Alibaba Cloud, readable when not logged in, also, able to choose region. commit 47fb40d Merge: 9e18cc2 4c84182 Author: endless-learner <[email protected]> Date: Tue Sep 24 23:03:03 2024 -0700 Merge branch 'ChatGPTNextWeb:main' into main commit 9e18cc2 Author: endless-learner <[email protected]> Date: Tue Sep 24 13:55:00 2024 -0700 Update README.md Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> commit 03268ce Author: endless-learner <[email protected]> Date: Wed Sep 18 20:38:20 2024 -0700 Added 1-click deployment link for Alibaba Cloud.
π» εζ΄η±»ε | Change Type
π εζ΄θ―΄ζ | Description of Change
feat: support dalle3 api key from server env
Added OpenAI API key handling in proxy route for DALL-E 3 requests.
Securely fetches API key from server environment variables
instead of requiring client-side key.
Changes:
Bug Fixes: builtin plugin dalle3 can't not use openai api key
π θ‘₯ε δΏ‘ζ― | Additional Information
Relevant issueοΌ#5787
Summary by CodeRabbit
New Features
Bug Fixes