修改： .env.template

修改： app/api/auth.ts 修改： app/api/bedrock.ts 修改： app/client/api.ts 修改： app/client/platforms/bedrock.ts 修改： app/components/settings.tsx 修改： app/config/server.ts 修改： app/constant.t
2025-05-21 21:20:19 +09:00 · 2024-11-05 14:27:52 +08:00 · 2024-11-05 14:27:52 +08:00 · afbf5eb541
commit afbf5eb541
parent 0f276f59bb
9 changed files with 184 additions and 153 deletions
--- a/.env.template
+++ b/.env.template
@ -67,3 +67,8 @@ ANTHROPIC_URL=
 ### (optional)
 WHITE_WEBDAV_ENDPOINTS=
 ### bedrock  (optional)
 AWS_REGION=
 AWS_ACCESS_KEY=
 AWS_SECRET_KEY=
--- a/app/api/auth.ts
+++ b/app/api/auth.ts
@ -54,18 +54,18 @@ export function auth(req: NextRequest, modelProvider: ModelProvider) {
  }
  // Special handling for Bedrock
  if (modelProvider === ModelProvider.Bedrock) {
-    const region = req.headers.get("X-Region");
+    const region = serverConfig.awsRegion;
-    const accessKeyId = req.headers.get("X-Access-Key");
+    const accessKeyId = serverConfig.awsAccessKey;
-    const secretKey = req.headers.get("X-Secret-Key");
+    const secretAccessKey = serverConfig.awsSecretKey;
    console.log("[Auth] Bedrock credentials:", {
      region,
      accessKeyId: accessKeyId ? "***" : undefined,
-      secretKey: secretKey ? "***" : undefined,
+      secretKey: secretAccessKey ? "***" : undefined,
    });
    // Check if AWS credentials are provided
-    if (!region || !accessKeyId || !secretKey) {
+    if (!region || !accessKeyId || !secretAccessKey) {
      return {
        error: true,
        msg: "Missing AWS credentials. Please configure Region, Access Key ID, and Secret Access Key in settings.",
--- a/app/api/bedrock.ts
+++ b/app/api/bedrock.ts
@ -1,7 +1,6 @@
-import { ModelProvider } from "../constant";
+import { getServerSideConfig } from "../config/server";
 import { prettyObject } from "../utils/format";
 import { NextRequest, NextResponse } from "next/server";
 import { auth } from "./auth";
 import {
  BedrockRuntimeClient,
  ConverseStreamCommand,
@ -16,6 +15,15 @@ import {
  type ToolResultContentBlock,
 } from "@aws-sdk/client-bedrock-runtime";
 // 解密函数
 function decrypt(str: string): string {
  try {
    return Buffer.from(str, "base64").toString().split("").reverse().join("");
  } catch {
    return "";
  }
 }
 // Constants and Types
 const ALLOWED_PATH = new Set(["converse"]);
@ -92,26 +100,6 @@ type DocumentFormat =
  | "txt"
  | "md";
 // Validation Functions
 function validateModelId(modelId: string): string | null {
  if (
    modelId.startsWith("meta.llama") &&
    !modelId.includes("inference-profile")
  ) {
    return "Llama models require an inference profile. Please use the full inference profile ARN.";
  }
  return null;
 }
 function validateDocumentSize(base64Data: string): boolean {
  const sizeInBytes = (base64Data.length * 3) / 4;
  const maxSize = 4.5 * 1024 * 1024;
  if (sizeInBytes > maxSize) {
    throw new Error("Document size exceeds 4.5 MB limit");
  }
  return true;
 }
 function validateImageSize(base64Data: string): boolean {
  const sizeInBytes = (base64Data.length * 3) / 4;
  const maxSize = 3.75 * 1024 * 1024;
@ -147,21 +135,6 @@ function convertContentToAWSBlock(item: ContentItem): ContentBlock | null {
    }
  }
  if (item.type === "document" && item.document) {
    validateDocumentSize(item.document.source.bytes);
    return {
      document: {
        format: item.document.format,
        name: item.document.name,
        source: {
          bytes: Uint8Array.from(
            Buffer.from(item.document.source.bytes, "base64"),
          ),
        },
      },
    };
  }
  if (item.type === "tool_use" && item.tool_use) {
    return {
      toolUse: {
@ -373,15 +346,48 @@ export async function handle(
    );
  }
-  const authResult = auth(req, ModelProvider.Bedrock);
+  const serverConfig = getServerSideConfig();
-  if (authResult.error) {
+
-    return NextResponse.json(authResult, {
+  // 首先尝试使用环境变量中的凭证
  let region = serverConfig.awsRegion;
  let accessKeyId = serverConfig.awsAccessKey;
  let secretAccessKey = serverConfig.awsSecretKey;
  let sessionToken = undefined;
  // 如果环境变量中没有配置，则尝试使用前端传来的加密凭证
  if (!region || !accessKeyId || !secretAccessKey) {
    // 解密前端传来的凭证
    region = decrypt(req.headers.get("X-Region") ?? "");
    accessKeyId = decrypt(req.headers.get("X-Access-Key") ?? "");
    secretAccessKey = decrypt(req.headers.get("X-Secret-Key") ?? "");
    sessionToken = req.headers.get("X-Session-Token")
      ? decrypt(req.headers.get("X-Session-Token") ?? "")
      : undefined;
  }
  if (!region || !accessKeyId || !secretAccessKey) {
    return NextResponse.json(
      {
        error: true,
        msg: "AWS credentials not found in environment variables or request headers",
      },
      {
        status: 401,
-    });
+      },
    );
  }
  try {
-    const response = await handleConverseRequest(req);
+    const client = new BedrockRuntimeClient({
      region,
      credentials: {
        accessKeyId,
        secretAccessKey,
        sessionToken,
      },
    });
    const response = await handleConverseRequest(req, client);
    return response;
  } catch (e) {
    console.error("[Bedrock] ", e);
@ -396,42 +402,14 @@ export async function handle(
  }
 }
-async function handleConverseRequest(req: NextRequest) {
+async function handleConverseRequest(
-  const region = req.headers.get("X-Region") || "us-west-2";
+  req: NextRequest,
-  const accessKeyId = req.headers.get("X-Access-Key") || "";
+  client: BedrockRuntimeClient,
-  const secretAccessKey = req.headers.get("X-Secret-Key") || "";
+) {
  const sessionToken = req.headers.get("X-Session-Token");
  if (!accessKeyId || !secretAccessKey) {
    return NextResponse.json(
      {
        error: true,
        message: "Missing AWS credentials",
      },
      {
        status: 401,
      },
    );
  }
  const client = new BedrockRuntimeClient({
    region,
    credentials: {
      accessKeyId,
      secretAccessKey,
      sessionToken: sessionToken || undefined,
    },
  });
  try {
    const body = (await req.json()) as ConverseRequest;
    const { modelId } = body;
    const validationError = validateModelId(modelId);
    if (validationError) {
      throw new Error(validationError);
    }
    console.log("[Bedrock] Invoking model:", modelId);
    const command = new ConverseStreamCommand(formatRequestBody(body));
@ -455,8 +433,9 @@ async function handleConverseRequest(req: NextRequest) {
            if ("messageStart" in output && output.messageStart?.role) {
              controller.enqueue(
                `data: ${JSON.stringify({
-                  type: "messageStart",
+                  stream: {
-                  role: output.messageStart.role,
+                    messageStart: { role: output.messageStart.role },
                  },
                })}\n\n`,
              );
            } else if (
@ -465,9 +444,13 @@ async function handleConverseRequest(req: NextRequest) {
            ) {
              controller.enqueue(
                `data: ${JSON.stringify({
-                  type: "contentBlockStart",
+                  stream: {
-                  index: output.contentBlockStart.contentBlockIndex,
+                    contentBlockStart: {
                      contentBlockIndex:
                        output.contentBlockStart.contentBlockIndex,
                      start: output.contentBlockStart.start,
                    },
                  },
                })}\n\n`,
              );
            } else if (
@ -477,15 +460,30 @@ async function handleConverseRequest(req: NextRequest) {
              if ("text" in output.contentBlockDelta.delta) {
                controller.enqueue(
                  `data: ${JSON.stringify({
-                    type: "text",
+                    stream: {
-                    content: output.contentBlockDelta.delta.text,
+                      contentBlockDelta: {
                        delta: { text: output.contentBlockDelta.delta.text },
                        contentBlockIndex:
                          output.contentBlockDelta.contentBlockIndex,
                      },
                    },
                  })}\n\n`,
                );
              } else if ("toolUse" in output.contentBlockDelta.delta) {
                controller.enqueue(
                  `data: ${JSON.stringify({
-                    type: "toolUse",
+                    stream: {
-                    input: output.contentBlockDelta.delta.toolUse?.input,
+                      contentBlockDelta: {
                        delta: {
                          toolUse: {
                            input:
                              output.contentBlockDelta.delta.toolUse?.input,
                          },
                        },
                        contentBlockIndex:
                          output.contentBlockDelta.contentBlockIndex,
                      },
                    },
                  })}\n\n`,
                );
              }
@ -495,26 +493,36 @@ async function handleConverseRequest(req: NextRequest) {
            ) {
              controller.enqueue(
                `data: ${JSON.stringify({
-                  type: "contentBlockStop",
+                  stream: {
-                  index: output.contentBlockStop.contentBlockIndex,
+                    contentBlockStop: {
                      contentBlockIndex:
                        output.contentBlockStop.contentBlockIndex,
                    },
                  },
                })}\n\n`,
              );
            } else if ("messageStop" in output && output.messageStop) {
              controller.enqueue(
                `data: ${JSON.stringify({
-                  type: "messageStop",
+                  stream: {
                    messageStop: {
                      stopReason: output.messageStop.stopReason,
                      additionalModelResponseFields:
                        output.messageStop.additionalModelResponseFields,
                    },
                  },
                })}\n\n`,
              );
            } else if ("metadata" in output && output.metadata) {
              controller.enqueue(
                `data: ${JSON.stringify({
-                  type: "metadata",
+                  stream: {
                    metadata: {
                      usage: output.metadata.usage,
                      metrics: output.metadata.metrics,
                      trace: output.metadata.trace,
                    },
                  },
                })}\n\n`,
              );
            }
@ -522,14 +530,17 @@ async function handleConverseRequest(req: NextRequest) {
          controller.close();
        } catch (error) {
          const errorResponse = {
-            type: "error",
+            stream: {
              error:
-              error instanceof Error ? error.constructor.name : "UnknownError",
+                error instanceof Error
                  ? error.constructor.name
                  : "UnknownError",
              message: error instanceof Error ? error.message : "Unknown error",
              ...(error instanceof ModelStreamErrorException && {
                originalStatusCode: error.originalStatusCode,
                originalMessage: error.originalMessage,
              }),
            },
          };
          controller.enqueue(`data: ${JSON.stringify(errorResponse)}\n\n`);
          controller.close();
--- a/app/client/api.ts
+++ b/app/client/api.ts
@ -261,7 +261,7 @@ export function getHeaders(ignoreHeaders: boolean = false) {
    const apiKey = isGoogle
      ? accessStore.googleApiKey
      : isBedrock
-      ? accessStore.awsAccessKeyId // Use AWS access key for Bedrock
+      ? accessStore.awsAccessKey // Use AWS access key for Bedrock
      : isAzure
      ? accessStore.azureApiKey
      : isAnthropic
@ -322,12 +322,15 @@ export function getHeaders(ignoreHeaders: boolean = false) {
  const authHeader = getAuthHeader();
  if (isBedrock) {
-    // Add AWS credentials for Bedrock
+    // 简单加密 AWS credentials
-    headers["X-Region"] = accessStore.awsRegion;
+    const encrypt = (str: string) =>
-    headers["X-Access-Key"] = accessStore.awsAccessKeyId;
+      Buffer.from(str.split("").reverse().join("")).toString("base64");
-    headers["X-Secret-Key"] = accessStore.awsSecretAccessKey;
+
    headers["X-Region"] = encrypt(accessStore.awsRegion);
    headers["X-Access-Key"] = encrypt(accessStore.awsAccessKey);
    headers["X-Secret-Key"] = encrypt(accessStore.awsSecretKey);
    if (accessStore.awsSessionToken) {
-      headers["X-Session-Token"] = accessStore.awsSessionToken;
+      headers["X-Session-Token"] = encrypt(accessStore.awsSessionToken);
    }
  } else {
    const bearerToken = getBearerToken(
--- a/app/client/platforms/bedrock.ts
+++ b/app/client/platforms/bedrock.ts
@ -8,7 +8,6 @@ import {
  SpeechOptions,
 } from "../api";
 import {
  useAccessStore,
  useAppConfig,
  usePluginStore,
  useChatStore,
@ -60,7 +59,6 @@ export class BedrockApi implements LLMApi {
  async chat(options: ChatOptions): Promise<void> {
    const visionModel = isVisionModel(options.config.model);
    const accessStore = useAccessStore.getState();
    const shouldStream = !!options.config.stream;
    const modelConfig = {
      ...useAppConfig.getState().modelConfig,
@ -69,12 +67,6 @@ export class BedrockApi implements LLMApi {
        model: options.config.model,
      },
    };
    const headers: Record<string, string> = {
      ...getHeaders(),
      "X-Region": accessStore.awsRegion,
      "X-Access-Key": accessStore.awsAccessKeyId,
      "X-Secret-Key": accessStore.awsSecretAccessKey,
    };
    // try get base64image from local cache image_url
    const messages: ChatOptions["messages"] = [];
@ -196,7 +188,7 @@ export class BedrockApi implements LLMApi {
      return stream(
        conversePath,
        requestBody,
-        headers,
+        getHeaders(),
        Array.isArray(tools)
          ? tools.map((tool: any) => ({
              name: tool?.function?.name,
@ -208,14 +200,20 @@ export class BedrockApi implements LLMApi {
        controller,
        // parseSSE
        (text: string, runTools: ChatMessageTool[]) => {
-          const event = JSON.parse(text);
+          const parsed = JSON.parse(text);
          const event = parsed.stream;
-          if (event.type === "messageStart") {
+          if (!event) {
            console.warn("[Bedrock] Unexpected event format:", parsed);
            return "";
          }
-          if (event.type === "contentBlockStart" && event.start?.toolUse) {
+          if (event.messageStart) {
-            const { toolUseId, name } = event.start.toolUse;
+            return "";
          }
          if (event.contentBlockStart?.start?.toolUse) {
            const { toolUseId, name } = event.contentBlockStart.start.toolUse;
            currentToolUse = {
              id: toolUseId,
              type: "function",
@ -228,21 +226,34 @@ export class BedrockApi implements LLMApi {
            return "";
          }
-          if (event.type === "text" && event.content) {
+          if (event.contentBlockDelta?.delta?.text) {
-            return event.content;
+            return event.contentBlockDelta.delta.text;
          }
          if (
-            event.type === "toolUse" &&
+            event.contentBlockDelta?.delta?.toolUse?.input &&
            event.input &&
            currentToolUse?.function
          ) {
-            currentToolUse.function.arguments += event.input;
+            currentToolUse.function.arguments +=
              event.contentBlockDelta.delta.toolUse.input;
            return "";
          }
-          if (event.type === "error") {
+          if (
-            throw new Error(event.message || "Unknown error");
+            event.internalServerException ||
            event.modelStreamErrorException ||
            event.validationException ||
            event.throttlingException ||
            event.serviceUnavailableException
          ) {
            const errorMessage =
              event.internalServerException?.message ||
              event.modelStreamErrorException?.message ||
              event.validationException?.message ||
              event.throttlingException?.message ||
              event.serviceUnavailableException?.message ||
              "Unknown error";
            throw new Error(errorMessage);
          }
          return "";
@ -284,7 +295,7 @@ export class BedrockApi implements LLMApi {
      try {
        const response = await fetch(conversePath, {
          method: "POST",
-          headers,
+          headers: getHeaders(),
          body: JSON.stringify(requestBody),
          signal: controller.signal,
        });
--- a/app/components/settings.tsx
+++ b/app/components/settings.tsx
@ -988,12 +988,12 @@ export function Settings() {
      >
        <PasswordInput
          aria-label={Locale.Settings.Access.Bedrock.AccessKey.Title}
-          value={accessStore.awsAccessKeyId}
+          value={accessStore.awsAccessKey}
          type="text"
          placeholder={Locale.Settings.Access.Bedrock.AccessKey.Placeholder}
          onChange={(e) => {
            accessStore.update(
-              (access) => (access.awsAccessKeyId = e.currentTarget.value),
+              (access) => (access.awsAccessKey = e.currentTarget.value),
            );
          }}
        />
@ -1004,12 +1004,12 @@ export function Settings() {
      >
        <PasswordInput
          aria-label={Locale.Settings.Access.Bedrock.SecretKey.Title}
-          value={accessStore.awsSecretAccessKey}
+          value={accessStore.awsSecretKey}
          type="text"
          placeholder={Locale.Settings.Access.Bedrock.SecretKey.Placeholder}
          onChange={(e) => {
            accessStore.update(
-              (access) => (access.awsSecretAccessKey = e.currentTarget.value),
+              (access) => (access.awsSecretKey = e.currentTarget.value),
            );
          }}
        />
--- a/app/config/server.ts
+++ b/app/config/server.ts
@ -13,8 +13,9 @@ declare global {
      OPENAI_ORG_ID?: string; // openai only
      // bedrock only
-      BEDROCK_URL?: string;
+      BEDROCK_REGION?: string;
      BEDROCK_API_KEY?: string;
      BEDROCK_API_SECRET?: string;
      VERCEL?: string;
      BUILD_MODE?: "standalone" | "export";
@ -173,8 +174,9 @@ export const getServerSideConfig = () => {
    openaiOrgId: process.env.OPENAI_ORG_ID,
    isBedrock,
-    bedrockUrl: process.env.BEDROCK_URL,
+    awsRegion: process.env.AWS_REGION,
-    bedrockApiKey: getApiKey(process.env.BEDROCK_API_KEY),
+    awsAccessKey: process.env.AWS_ACCESS_KEY,
    awsSecretKey: process.env.AWS_SECRET_KEY,
    isStability,
    stabilityUrl: process.env.STABILITY_URL,
--- a/app/constant.ts
+++ b/app/constant.ts
@ -230,6 +230,10 @@ export const XAI = {
  ChatPath: "v1/chat/completions",
 };
 export const Bedrock = {
  ChatPath: "converse",
 };
 export const DEFAULT_INPUT_TEMPLATE = `{{input}}`; // input / time / model / lang
 // export const DEFAULT_SYSTEM_TEMPLATE = `
 // You are ChatGPT, a large language model trained by {{ServiceProvider}}.
@ -312,9 +316,11 @@ const openaiModels = [
 const bedrockModels = [
  // Claude Models
  "anthropic.claude-3-haiku-20240307-v1:0",
  "anthropic.claude-3-5-haiku-20241022-v1:0",
  "anthropic.claude-3-sonnet-20240229-v1:0",
  "anthropic.claude-3-opus-20240229-v1:0",
  "anthropic.claude-3-5-sonnet-20241022-v2:0",
  "anthropic.claude-3-opus-20240229-v1:0",
  // Meta Llama Models
  "us.meta.llama3-2-11b-instruct-v1:0",
  "us.meta.llama3-2-90b-instruct-v1:0",
--- a/app/store/access.ts
+++ b/app/store/access.ts
@ -60,14 +60,11 @@ const DEFAULT_ACCESS_STATE = {
  openaiApiKey: "",
  // bedrock
  bedrockUrl: DEFAULT_BEDROCK_URL,
  bedrockApiKey: "",
  awsRegion: "",
-  awsAccessKeyId: "",
+  awsAccessKey: "",
-  awsSecretAccessKey: "",
+  awsSecretKey: "",
  awsSessionToken: "",
  awsCognitoUser: false,
  awsInferenceProfile: "", // Added inference profile field
  // azure
  azureUrl: "",
@ -154,11 +151,7 @@ export const useAccessStore = createPersistStore(
    },
    isValidBedrock() {
-      return ensure(get(), [
+      return ensure(get(), ["awsAccessKey", "awsSecretKey", "awsRegion"]);
        "awsAccessKeyId",
        "awsSecretAccessKey",
        "awsRegion",
      ]);
    },
    isValidAzure() {