1265 lines
45 KiB
Go
1265 lines
45 KiB
Go
package api
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"io"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
gin "github.com/gin-gonic/gin"
|
|
managementHandlers "github.com/router-for-me/CLIProxyAPI/v7/internal/api/handlers/management"
|
|
proxyconfig "github.com/router-for-me/CLIProxyAPI/v7/internal/config"
|
|
internallogging "github.com/router-for-me/CLIProxyAPI/v7/internal/logging"
|
|
"github.com/router-for-me/CLIProxyAPI/v7/internal/pluginhost"
|
|
"github.com/router-for-me/CLIProxyAPI/v7/internal/redisqueue"
|
|
"github.com/router-for-me/CLIProxyAPI/v7/internal/registry"
|
|
sdkaccess "github.com/router-for-me/CLIProxyAPI/v7/sdk/access"
|
|
"github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/auth"
|
|
coreexecutor "github.com/router-for-me/CLIProxyAPI/v7/sdk/cliproxy/executor"
|
|
sdkconfig "github.com/router-for-me/CLIProxyAPI/v7/sdk/config"
|
|
)
|
|
|
|
type codexSearchCaptureExecutor struct {
|
|
request *http.Request
|
|
body []byte
|
|
authIDs []string
|
|
}
|
|
|
|
func (e *codexSearchCaptureExecutor) Identifier() string { return "codex" }
|
|
|
|
func (e *codexSearchCaptureExecutor) Execute(context.Context, *auth.Auth, coreexecutor.Request, coreexecutor.Options) (coreexecutor.Response, error) {
|
|
return coreexecutor.Response{}, nil
|
|
}
|
|
|
|
func (e *codexSearchCaptureExecutor) ExecuteStream(context.Context, *auth.Auth, coreexecutor.Request, coreexecutor.Options) (*coreexecutor.StreamResult, error) {
|
|
return nil, nil
|
|
}
|
|
|
|
func (e *codexSearchCaptureExecutor) Refresh(_ context.Context, a *auth.Auth) (*auth.Auth, error) {
|
|
return a, nil
|
|
}
|
|
|
|
func (e *codexSearchCaptureExecutor) CountTokens(context.Context, *auth.Auth, coreexecutor.Request, coreexecutor.Options) (coreexecutor.Response, error) {
|
|
return coreexecutor.Response{}, nil
|
|
}
|
|
|
|
func (e *codexSearchCaptureExecutor) PrepareRequest(req *http.Request, a *auth.Auth) error {
|
|
token, _ := a.Metadata["access_token"].(string)
|
|
req.Header.Set("Authorization", "Bearer "+token)
|
|
return nil
|
|
}
|
|
|
|
type codexSearchGinContextSelector struct {
|
|
ginContext *gin.Context
|
|
}
|
|
|
|
func (s *codexSearchGinContextSelector) Pick(ctx context.Context, _ string, _ string, _ coreexecutor.Options, auths []*auth.Auth) (*auth.Auth, error) {
|
|
s.ginContext, _ = ctx.Value("gin").(*gin.Context)
|
|
if len(auths) == 0 {
|
|
return nil, nil
|
|
}
|
|
return auths[0], nil
|
|
}
|
|
|
|
func (e *codexSearchCaptureExecutor) HttpRequest(_ context.Context, selected *auth.Auth, req *http.Request) (*http.Response, error) {
|
|
e.request = req.Clone(req.Context())
|
|
e.authIDs = append(e.authIDs, selected.ID)
|
|
body, err := io.ReadAll(req.Body)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
e.body = body
|
|
return &http.Response{
|
|
StatusCode: http.StatusOK,
|
|
Header: http.Header{"Content-Type": []string{"application/json"}},
|
|
Body: io.NopCloser(strings.NewReader(`{"results":[{"url":"https://example.com"}]}`)),
|
|
}, nil
|
|
}
|
|
|
|
func newTestServer(t *testing.T) *Server {
|
|
t.Helper()
|
|
return newTestServerWithOptions(t)
|
|
}
|
|
|
|
func newTestServerWithOptions(t *testing.T, opts ...ServerOption) *Server {
|
|
t.Helper()
|
|
|
|
gin.SetMode(gin.TestMode)
|
|
|
|
tmpDir := t.TempDir()
|
|
authDir := filepath.Join(tmpDir, "auth")
|
|
if err := os.MkdirAll(authDir, 0o700); err != nil {
|
|
t.Fatalf("failed to create auth dir: %v", err)
|
|
}
|
|
|
|
cfg := &proxyconfig.Config{
|
|
SDKConfig: sdkconfig.SDKConfig{
|
|
APIKeys: []string{"test-key"},
|
|
},
|
|
Port: 0,
|
|
AuthDir: authDir,
|
|
Debug: true,
|
|
LoggingToFile: false,
|
|
UsageStatisticsEnabled: false,
|
|
}
|
|
|
|
authManager := auth.NewManager(nil, nil, nil)
|
|
accessManager := sdkaccess.NewManager()
|
|
|
|
configPath := filepath.Join(tmpDir, "config.yaml")
|
|
return NewServer(cfg, authManager, accessManager, configPath, opts...)
|
|
}
|
|
|
|
func TestHealthz(t *testing.T) {
|
|
server := newTestServer(t)
|
|
|
|
t.Run("GET", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodGet, "/healthz", nil)
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("unexpected status code: got %d want %d; body=%s", rr.Code, http.StatusOK, rr.Body.String())
|
|
}
|
|
|
|
var resp struct {
|
|
Status string `json:"status"`
|
|
}
|
|
if err := json.Unmarshal(rr.Body.Bytes(), &resp); err != nil {
|
|
t.Fatalf("failed to parse response JSON: %v; body=%s", err, rr.Body.String())
|
|
}
|
|
if resp.Status != "ok" {
|
|
t.Fatalf("unexpected response status: got %q want %q", resp.Status, "ok")
|
|
}
|
|
})
|
|
|
|
t.Run("HEAD", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodHead, "/healthz", nil)
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("unexpected status code: got %d want %d; body=%s", rr.Code, http.StatusOK, rr.Body.String())
|
|
}
|
|
if rr.Body.Len() != 0 {
|
|
t.Fatalf("expected empty body for HEAD request, got %q", rr.Body.String())
|
|
}
|
|
})
|
|
}
|
|
|
|
func TestCodexAlphaSearchForwardsRequest(t *testing.T) {
|
|
server := newTestServer(t)
|
|
executor := &codexSearchCaptureExecutor{}
|
|
server.handlers.AuthManager.RegisterExecutor(executor)
|
|
credential := &auth.Auth{
|
|
ID: "codex-auth",
|
|
Provider: "codex",
|
|
Status: auth.StatusActive,
|
|
Metadata: map[string]any{"access_token": "codex-token", "account_id": "account-123"},
|
|
}
|
|
if _, err := server.handlers.AuthManager.Register(context.Background(), credential); err != nil {
|
|
t.Fatalf("register Codex auth: %v", err)
|
|
}
|
|
|
|
req := httptest.NewRequest(http.MethodPost, "/v1/alpha/search", strings.NewReader(`{"query":"GPT-5.6"}`))
|
|
req.Header.Set("Authorization", "Bearer test-key")
|
|
req.Header.Set("Content-Type", "application/json")
|
|
req.Header.Set("Session_id", "session-123")
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want %d; body=%s", rr.Code, http.StatusOK, rr.Body.String())
|
|
}
|
|
if executor.request == nil {
|
|
t.Fatal("Codex executor did not receive a request")
|
|
}
|
|
if got, want := executor.request.URL.String(), "https://chatgpt.com/backend-api/codex/alpha/search"; got != want {
|
|
t.Fatalf("upstream URL = %q, want %q", got, want)
|
|
}
|
|
if got, want := string(executor.body), `{"query":"GPT-5.6"}`; got != want {
|
|
t.Fatalf("upstream body = %q, want %q", got, want)
|
|
}
|
|
if got := executor.request.Header.Get("Authorization"); got != "Bearer codex-token" {
|
|
t.Fatalf("Authorization = %q", got)
|
|
}
|
|
if got := executor.request.Header.Get("Chatgpt-Account-Id"); got != "account-123" {
|
|
t.Fatalf("Chatgpt-Account-Id = %q", got)
|
|
}
|
|
if got := executor.request.Header.Get("Session_id"); got != "session-123" {
|
|
t.Fatalf("Session_id = %q", got)
|
|
}
|
|
if got := rr.Header().Get("Content-Type"); got != "application/json" {
|
|
t.Fatalf("response Content-Type = %q", got)
|
|
}
|
|
}
|
|
|
|
func TestCodexAlphaSearchPassesGinContextToAuthSelection(t *testing.T) {
|
|
server := newTestServer(t)
|
|
selector := &codexSearchGinContextSelector{}
|
|
server.handlers.AuthManager.SetSelector(selector)
|
|
executor := &codexSearchCaptureExecutor{}
|
|
server.handlers.AuthManager.RegisterExecutor(executor)
|
|
credential := &auth.Auth{
|
|
ID: "codex-auth",
|
|
Provider: "codex",
|
|
Status: auth.StatusActive,
|
|
Metadata: map[string]any{"access_token": "codex-token"},
|
|
}
|
|
if _, errRegister := server.handlers.AuthManager.Register(context.Background(), credential); errRegister != nil {
|
|
t.Fatalf("register Codex auth: %v", errRegister)
|
|
}
|
|
|
|
req := httptest.NewRequest(http.MethodPost, "/v1/alpha/search?key=home-query-key", strings.NewReader(`{"query":"GPT-5.6"}`))
|
|
req.Header.Set("Authorization", "Bearer test-key")
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want %d; body=%s", rr.Code, http.StatusOK, rr.Body.String())
|
|
}
|
|
if selector.ginContext == nil {
|
|
t.Fatal("auth selection did not receive the Gin context required by Home scheduling")
|
|
}
|
|
if got := selector.ginContext.Query("key"); got != "home-query-key" {
|
|
t.Fatalf("Gin query key = %q, want %q", got, "home-query-key")
|
|
}
|
|
}
|
|
|
|
func TestCodexAlphaSearchUsesRequestIDForSessionAffinity(t *testing.T) {
|
|
server := newTestServer(t)
|
|
server.handlers.AuthManager.SetSelector(auth.NewSessionAffinitySelector(&auth.RoundRobinSelector{}))
|
|
executor := &codexSearchCaptureExecutor{}
|
|
server.handlers.AuthManager.RegisterExecutor(executor)
|
|
for _, id := range []string{"codex-auth-a", "codex-auth-b"} {
|
|
registry.GetGlobalRegistry().RegisterClient(id, "codex", []*registry.ModelInfo{{ID: "gpt-5.6-luna"}})
|
|
t.Cleanup(func() {
|
|
registry.GetGlobalRegistry().UnregisterClient(id)
|
|
})
|
|
credential := &auth.Auth{
|
|
ID: id,
|
|
Provider: "codex",
|
|
Status: auth.StatusActive,
|
|
Metadata: map[string]any{"access_token": id},
|
|
}
|
|
if _, errRegister := server.handlers.AuthManager.Register(context.Background(), credential); errRegister != nil {
|
|
t.Fatalf("register Codex auth: %v", errRegister)
|
|
}
|
|
}
|
|
|
|
for _, payload := range []string{
|
|
`{"id":"session-a","model":"gpt-5.6-luna"}`,
|
|
`{"id":"session-b","model":"gpt-5.6-luna"}`,
|
|
`{"id":"session-a","model":"gpt-5.6-luna"}`,
|
|
} {
|
|
req := httptest.NewRequest(http.MethodPost, "/v1/alpha/search", strings.NewReader(payload))
|
|
req.Header.Set("Authorization", "Bearer test-key")
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want %d; body=%s", rr.Code, http.StatusOK, rr.Body.String())
|
|
}
|
|
}
|
|
|
|
if got, want := len(executor.authIDs), 3; got != want {
|
|
t.Fatalf("selected auth count = %d, want %d", got, want)
|
|
}
|
|
if executor.authIDs[0] == executor.authIDs[1] {
|
|
t.Fatalf("different sessions selected the same auth %q", executor.authIDs[0])
|
|
}
|
|
if got, want := executor.authIDs[2], executor.authIDs[0]; got != want {
|
|
t.Fatalf("session-affinity auth = %q, want %q", got, want)
|
|
}
|
|
}
|
|
|
|
func TestCodexAlphaSearchRecordsRequestLog(t *testing.T) {
|
|
server := newTestServer(t)
|
|
server.cfg.RequestLog = true
|
|
|
|
executor := &codexSearchCaptureExecutor{}
|
|
server.handlers.AuthManager.RegisterExecutor(executor)
|
|
credential := &auth.Auth{
|
|
ID: "codex-auth",
|
|
Provider: "codex",
|
|
Status: auth.StatusActive,
|
|
Metadata: map[string]any{"access_token": "codex-token", "account_id": "account-123"},
|
|
}
|
|
if _, err := server.handlers.AuthManager.Register(context.Background(), credential); err != nil {
|
|
t.Fatalf("register Codex auth: %v", err)
|
|
}
|
|
|
|
rr := httptest.NewRecorder()
|
|
c, _ := gin.CreateTestContext(rr)
|
|
req := httptest.NewRequest(http.MethodPost, "/v1/alpha/search", strings.NewReader(`{"query":"GPT-5.6"}`))
|
|
req.Header.Set("Authorization", "Bearer test-key")
|
|
req.Header.Set("Content-Type", "application/json")
|
|
c.Request = req
|
|
|
|
server.codexAlphaSearch(c)
|
|
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want %d; body=%s", rr.Code, http.StatusOK, rr.Body.String())
|
|
}
|
|
rawAPIRequest, okRequest := c.Get("API_REQUEST")
|
|
if !okRequest {
|
|
t.Fatal("API_REQUEST was not captured")
|
|
}
|
|
apiRequest, _ := rawAPIRequest.([]byte)
|
|
if !strings.Contains(string(apiRequest), "=== API REQUEST 1 ===") {
|
|
t.Fatalf("API_REQUEST missing request header section: %q", apiRequest)
|
|
}
|
|
if !strings.Contains(string(apiRequest), "https://chatgpt.com/backend-api/codex/alpha/search") {
|
|
t.Fatalf("API_REQUEST missing upstream URL: %q", apiRequest)
|
|
}
|
|
if !strings.Contains(string(apiRequest), `{"query":"GPT-5.6"}`) {
|
|
t.Fatalf("API_REQUEST missing body: %q", apiRequest)
|
|
}
|
|
rawAPIResponse, okResponse := c.Get("API_RESPONSE")
|
|
if !okResponse {
|
|
t.Fatal("API_RESPONSE was not captured")
|
|
}
|
|
apiResponse, _ := rawAPIResponse.([]byte)
|
|
if !strings.Contains(string(apiResponse), "=== API RESPONSE 1 ===") {
|
|
t.Fatalf("API_RESPONSE missing response header section: %q", apiResponse)
|
|
}
|
|
if !strings.Contains(string(apiResponse), `{"results":[{"url":"https://example.com"}]}`) {
|
|
t.Fatalf("API_RESPONSE missing body: %q", apiResponse)
|
|
}
|
|
}
|
|
|
|
func TestManagementResponseExposesPluginSupportHeaderForCORS(t *testing.T) {
|
|
t.Setenv("MANAGEMENT_PASSWORD", "test-management-key")
|
|
|
|
server := newTestServer(t)
|
|
req := httptest.NewRequest(http.MethodGet, "/v0/management/config", nil)
|
|
req.Header.Set("Origin", "http://127.0.0.1:5173")
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
|
|
if rr.Code != http.StatusUnauthorized {
|
|
t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusUnauthorized, rr.Body.String())
|
|
}
|
|
if got := rr.Header().Get("X-CPA-SUPPORT-PLUGIN"); got != pluginhost.SupportPluginHeaderValue() {
|
|
t.Fatalf("X-CPA-SUPPORT-PLUGIN = %q, want %q", got, pluginhost.SupportPluginHeaderValue())
|
|
}
|
|
|
|
exposedHeaders := make(map[string]struct{})
|
|
for _, headerName := range strings.Split(rr.Header().Get("Access-Control-Expose-Headers"), ",") {
|
|
headerName = strings.ToLower(strings.TrimSpace(headerName))
|
|
if headerName != "" {
|
|
exposedHeaders[headerName] = struct{}{}
|
|
}
|
|
}
|
|
for _, headerName := range corsExposedResponseHeaders {
|
|
if _, ok := exposedHeaders[strings.ToLower(headerName)]; !ok {
|
|
t.Fatalf("Access-Control-Expose-Headers missing %s: %q", headerName, rr.Header().Get("Access-Control-Expose-Headers"))
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestOAuthCallbackRouteSkipsManagementKeyMiddleware(t *testing.T) {
|
|
t.Setenv("MANAGEMENT_PASSWORD", "test-management-key")
|
|
|
|
server := newTestServer(t)
|
|
state := "server-plugin-oauth-state"
|
|
if errRegister := managementHandlers.RegisterPluginOAuthSession(state, "gemini-cli", nil); errRegister != nil {
|
|
t.Fatalf("register plugin oauth session: %v", errRegister)
|
|
}
|
|
defer managementHandlers.CompleteOAuthSession(state)
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/v0/management/oauth-callback?state="+state+"&code=test-code", nil)
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusOK, rr.Body.String())
|
|
}
|
|
|
|
callbackPath := filepath.Join(server.cfg.AuthDir, ".oauth-gemini-cli-"+state+".oauth")
|
|
if _, errRead := os.ReadFile(callbackPath); errRead != nil {
|
|
t.Fatalf("expected callback file to be written without management key: %v", errRead)
|
|
}
|
|
}
|
|
|
|
func TestNewServerWithPluginHostInjectsHandlerInterceptors(t *testing.T) {
|
|
host := pluginhost.New()
|
|
server := newTestServerWithOptions(t, WithPluginHost(host))
|
|
|
|
if server.handlers == nil {
|
|
t.Fatal("server handlers = nil")
|
|
}
|
|
got, ok := server.handlers.PluginHost.(*pluginhost.Host)
|
|
if !ok || got != host {
|
|
t.Fatalf("handler plugin host = %#v, want configured host", server.handlers.PluginHost)
|
|
}
|
|
}
|
|
|
|
func TestNewServerWithoutPluginHostLeavesHandlerInterceptorsDisabled(t *testing.T) {
|
|
server := newTestServer(t)
|
|
|
|
if server.handlers == nil {
|
|
t.Fatal("server handlers = nil")
|
|
}
|
|
if server.handlers.PluginHost != nil {
|
|
t.Fatalf("handler plugin host = %#v, want nil", server.handlers.PluginHost)
|
|
}
|
|
}
|
|
|
|
func TestManagementUsageRequiresManagementAuthAndPopsArray(t *testing.T) {
|
|
t.Setenv("MANAGEMENT_PASSWORD", "test-management-key")
|
|
|
|
prevQueueEnabled := redisqueue.Enabled()
|
|
redisqueue.SetEnabled(false)
|
|
t.Cleanup(func() {
|
|
redisqueue.SetEnabled(false)
|
|
redisqueue.SetEnabled(prevQueueEnabled)
|
|
})
|
|
|
|
server := newTestServer(t)
|
|
|
|
redisqueue.Enqueue([]byte(`{"id":1}`))
|
|
redisqueue.Enqueue([]byte(`{"id":2}`))
|
|
|
|
missingKeyReq := httptest.NewRequest(http.MethodGet, "/v0/management/usage-queue?count=2", nil)
|
|
missingKeyRR := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(missingKeyRR, missingKeyReq)
|
|
if missingKeyRR.Code != http.StatusUnauthorized {
|
|
t.Fatalf("missing key status = %d, want %d body=%s", missingKeyRR.Code, http.StatusUnauthorized, missingKeyRR.Body.String())
|
|
}
|
|
|
|
legacyReq := httptest.NewRequest(http.MethodGet, "/v0/management/usage?count=2", nil)
|
|
legacyReq.Header.Set("Authorization", "Bearer test-management-key")
|
|
legacyRR := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(legacyRR, legacyReq)
|
|
if legacyRR.Code != http.StatusNotFound {
|
|
t.Fatalf("legacy usage status = %d, want %d body=%s", legacyRR.Code, http.StatusNotFound, legacyRR.Body.String())
|
|
}
|
|
|
|
authReq := httptest.NewRequest(http.MethodGet, "/v0/management/usage-queue?count=2", nil)
|
|
authReq.Header.Set("Authorization", "Bearer test-management-key")
|
|
authRR := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(authRR, authReq)
|
|
if authRR.Code != http.StatusOK {
|
|
t.Fatalf("authenticated status = %d, want %d body=%s", authRR.Code, http.StatusOK, authRR.Body.String())
|
|
}
|
|
|
|
var payload []json.RawMessage
|
|
if errUnmarshal := json.Unmarshal(authRR.Body.Bytes(), &payload); errUnmarshal != nil {
|
|
t.Fatalf("unmarshal response: %v body=%s", errUnmarshal, authRR.Body.String())
|
|
}
|
|
if len(payload) != 2 {
|
|
t.Fatalf("response records = %d, want 2", len(payload))
|
|
}
|
|
for i, raw := range payload {
|
|
var record struct {
|
|
ID int `json:"id"`
|
|
}
|
|
if errUnmarshal := json.Unmarshal(raw, &record); errUnmarshal != nil {
|
|
t.Fatalf("unmarshal record %d: %v", i, errUnmarshal)
|
|
}
|
|
if record.ID != i+1 {
|
|
t.Fatalf("record %d id = %d, want %d", i, record.ID, i+1)
|
|
}
|
|
}
|
|
|
|
if remaining := redisqueue.PopOldest(1); len(remaining) != 0 {
|
|
t.Fatalf("remaining queue = %q, want empty", remaining)
|
|
}
|
|
}
|
|
|
|
func TestManagementPluginsRouteRegistered(t *testing.T) {
|
|
t.Setenv("MANAGEMENT_PASSWORD", "test-management-key")
|
|
|
|
server := newTestServer(t)
|
|
enabled := true
|
|
server.cfg.Plugins.Configs = map[string]proxyconfig.PluginInstanceConfig{
|
|
"sample": {Enabled: &enabled, Priority: 4},
|
|
}
|
|
if errWrite := os.WriteFile(server.configFilePath, []byte("{}\n"), 0o600); errWrite != nil {
|
|
t.Fatalf("failed to write config file: %v", errWrite)
|
|
}
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/v0/management/plugins", nil)
|
|
req.Header.Set("Authorization", "Bearer test-management-key")
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusOK, rr.Body.String())
|
|
}
|
|
|
|
var payload struct {
|
|
PluginsEnabled bool `json:"plugins_enabled"`
|
|
Plugins []any `json:"plugins"`
|
|
}
|
|
if errUnmarshal := json.Unmarshal(rr.Body.Bytes(), &payload); errUnmarshal != nil {
|
|
t.Fatalf("unmarshal response: %v body=%s", errUnmarshal, rr.Body.String())
|
|
}
|
|
if payload.Plugins == nil {
|
|
t.Fatalf("plugins field = nil, want array; body=%s", rr.Body.String())
|
|
}
|
|
|
|
req = httptest.NewRequest(http.MethodGet, "/v0/management/plugins/sample/config", nil)
|
|
req.Header.Set("Authorization", "Bearer test-management-key")
|
|
rr = httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("config status = %d, want %d body=%s", rr.Code, http.StatusOK, rr.Body.String())
|
|
}
|
|
var configPayload struct {
|
|
Enabled bool `json:"enabled"`
|
|
Priority int `json:"priority"`
|
|
}
|
|
if errUnmarshal := json.Unmarshal(rr.Body.Bytes(), &configPayload); errUnmarshal != nil {
|
|
t.Fatalf("unmarshal config response: %v body=%s", errUnmarshal, rr.Body.String())
|
|
}
|
|
if !configPayload.Enabled || configPayload.Priority != 4 {
|
|
t.Fatalf("plugin config = %#v, want enabled true priority 4", configPayload)
|
|
}
|
|
|
|
req = httptest.NewRequest(http.MethodDelete, "/v0/management/plugins/sample", nil)
|
|
req.Header.Set("Authorization", "Bearer test-management-key")
|
|
rr = httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("delete status = %d, want %d body=%s", rr.Code, http.StatusOK, rr.Body.String())
|
|
}
|
|
}
|
|
|
|
func TestVideosRoutesKeepXAINativeAndExposeOpenAIPrefix(t *testing.T) {
|
|
server := newTestServer(t)
|
|
|
|
nativeReq := httptest.NewRequest(http.MethodPost, "/v1/videos", strings.NewReader(`{"model":"sora-2","prompt":"make a video"}`))
|
|
nativeReq.Header.Set("Authorization", "Bearer test-key")
|
|
nativeReq.Header.Set("Content-Type", "application/json")
|
|
nativeRR := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(nativeRR, nativeReq)
|
|
if nativeRR.Code != http.StatusBadRequest {
|
|
t.Fatalf("native status = %d, want %d body=%s", nativeRR.Code, http.StatusBadRequest, nativeRR.Body.String())
|
|
}
|
|
if !strings.Contains(nativeRR.Body.String(), "/v1/videos/generations") {
|
|
t.Fatalf("expected /v1/videos to keep xAI native validation, body=%s", nativeRR.Body.String())
|
|
}
|
|
|
|
openAIReq := httptest.NewRequest(http.MethodPost, "/openai/v1/videos", strings.NewReader(`{"model":`))
|
|
openAIReq.Header.Set("Authorization", "Bearer test-key")
|
|
openAIReq.Header.Set("Content-Type", "application/json")
|
|
openAIRR := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(openAIRR, openAIReq)
|
|
if openAIRR.Code != http.StatusBadRequest {
|
|
t.Fatalf("openai create status = %d, want %d body=%s", openAIRR.Code, http.StatusBadRequest, openAIRR.Body.String())
|
|
}
|
|
if !strings.Contains(openAIRR.Body.String(), "body must be valid JSON") {
|
|
t.Fatalf("expected /openai/v1/videos create handler, body=%s", openAIRR.Body.String())
|
|
}
|
|
|
|
contentReq := httptest.NewRequest(http.MethodGet, "/openai/v1/videos/video_123/content?variant=thumbnail", nil)
|
|
contentReq.Header.Set("Authorization", "Bearer test-key")
|
|
contentRR := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(contentRR, contentReq)
|
|
if contentRR.Code != http.StatusBadRequest {
|
|
t.Fatalf("content status = %d, want %d body=%s", contentRR.Code, http.StatusBadRequest, contentRR.Body.String())
|
|
}
|
|
if !strings.Contains(contentRR.Body.String(), "variant") {
|
|
t.Fatalf("expected /openai/v1/videos content handler, body=%s", contentRR.Body.String())
|
|
}
|
|
}
|
|
|
|
func TestHomeEnabledHidesManagementEndpointsAndControlPanel(t *testing.T) {
|
|
t.Setenv("MANAGEMENT_PASSWORD", "test-management-key")
|
|
|
|
server := newTestServer(t)
|
|
server.cfg.Home.Enabled = true
|
|
|
|
t.Run("management endpoints return 404", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodGet, "/v0/management/config", nil)
|
|
req.Header.Set("Authorization", "Bearer test-management-key")
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
if rr.Code != http.StatusNotFound {
|
|
t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusNotFound, rr.Body.String())
|
|
}
|
|
})
|
|
|
|
t.Run("management control panel returns 404", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodGet, "/management.html", nil)
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
if rr.Code != http.StatusNotFound {
|
|
t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusNotFound, rr.Body.String())
|
|
}
|
|
})
|
|
}
|
|
|
|
func TestExampleAPIKeySafeModeShowsWarningAndKeepsManagement(t *testing.T) {
|
|
t.Setenv("MANAGEMENT_PASSWORD", "test-management-key")
|
|
staticDir := t.TempDir()
|
|
t.Setenv("MANAGEMENT_STATIC_PATH", staticDir)
|
|
if err := os.WriteFile(filepath.Join(staticDir, "management.html"), []byte("<html>management app</html>"), 0o600); err != nil {
|
|
t.Fatalf("failed to write management asset: %v", err)
|
|
}
|
|
|
|
server := newTestServerWithOptions(t, WithExampleAPIKeySafeMode())
|
|
cfg := *server.cfg
|
|
cfg.APIKeys = []string{"your-api-key-1"}
|
|
server.UpdateClients(&cfg)
|
|
|
|
t.Run("root warning page includes management link", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusOK, rr.Body.String())
|
|
}
|
|
body := rr.Body.String()
|
|
for _, want := range []string{"Example API key detected", "Open Management", `href="/management.html?safe-mode=configure"`} {
|
|
if !strings.Contains(body, want) {
|
|
t.Fatalf("warning page missing %q: %s", want, body)
|
|
}
|
|
}
|
|
})
|
|
|
|
t.Run("management html defaults to warning page", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodGet, "/management.html", nil)
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusOK, rr.Body.String())
|
|
}
|
|
if !strings.Contains(rr.Body.String(), "Example API key detected") {
|
|
t.Fatalf("management.html did not show warning page: %s", rr.Body.String())
|
|
}
|
|
})
|
|
|
|
t.Run("management html head stops at warning page", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodHead, "/management.html", nil)
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusOK, rr.Body.String())
|
|
}
|
|
if rr.Body.Len() != 0 {
|
|
t.Fatalf("HEAD body length = %d, want 0", rr.Body.Len())
|
|
}
|
|
if got := rr.Header().Get("Cache-Control"); got != "no-store" {
|
|
t.Fatalf("Cache-Control = %q, want no-store", got)
|
|
}
|
|
})
|
|
|
|
t.Run("management button query opens control panel", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodGet, "/management.html?safe-mode=configure", nil)
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusOK, rr.Body.String())
|
|
}
|
|
if !strings.Contains(rr.Body.String(), "management app") {
|
|
t.Fatalf("management panel body missing: %s", rr.Body.String())
|
|
}
|
|
})
|
|
|
|
t.Run("proxy endpoints are blocked", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodGet, "/v1/models", nil)
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
if rr.Code != http.StatusForbidden {
|
|
t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusForbidden, rr.Body.String())
|
|
}
|
|
if got := rr.Header().Get("X-CPA-SAFE-MODE"); got != "example-api-key" {
|
|
t.Fatalf("X-CPA-SAFE-MODE = %q, want example-api-key", got)
|
|
}
|
|
if !strings.Contains(rr.Body.String(), "unsafe_example_api_key") {
|
|
t.Fatalf("body missing safe-mode error: %s", rr.Body.String())
|
|
}
|
|
if strings.Contains(rr.Body.String(), "management_url") {
|
|
t.Fatalf("body should not include management_url field: %s", rr.Body.String())
|
|
}
|
|
if !strings.Contains(rr.Body.String(), "/management.html?safe-mode=configure") {
|
|
t.Fatalf("body missing management link in message: %s", rr.Body.String())
|
|
}
|
|
})
|
|
|
|
t.Run("management endpoints still work", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodGet, "/v0/management/config", nil)
|
|
req.Header.Set("Authorization", "Bearer test-management-key")
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusOK, rr.Body.String())
|
|
}
|
|
})
|
|
|
|
t.Run("safe mode clears after key update", func(t *testing.T) {
|
|
nextCfg := cfg
|
|
nextCfg.APIKeys = []string{"real-key"}
|
|
server.UpdateClients(&nextCfg)
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/v1/models", nil)
|
|
req.Header.Set("Authorization", "Bearer real-key")
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
if rr.Code == http.StatusForbidden && strings.Contains(rr.Body.String(), "unsafe_example_api_key") {
|
|
t.Fatalf("proxy endpoint still blocked after key update: %s", rr.Body.String())
|
|
}
|
|
})
|
|
}
|
|
|
|
func TestModelsDispatchByAnthropicVersionHeader(t *testing.T) {
|
|
modelRegistry := registry.GetGlobalRegistry()
|
|
clientID := "test-anthropic-version-dispatch"
|
|
modelRegistry.RegisterClient(clientID, "claude", []*registry.ModelInfo{
|
|
{
|
|
ID: "claude-sonnet-4-6",
|
|
Object: "model",
|
|
OwnedBy: "anthropic",
|
|
Type: "claude",
|
|
DisplayName: "Claude 4.6 Sonnet",
|
|
ContextLength: 200000,
|
|
MaxCompletionTokens: 64000,
|
|
},
|
|
{
|
|
ID: "gpt-4o",
|
|
Object: "model",
|
|
OwnedBy: "openai",
|
|
Type: "openai",
|
|
},
|
|
})
|
|
t.Cleanup(func() {
|
|
modelRegistry.UnregisterClient(clientID)
|
|
})
|
|
|
|
server := newTestServer(t)
|
|
|
|
// Anthropic API request (Anthropic-Version header, non-claude-cli User-Agent) -> Claude format.
|
|
t.Run("anthropic version header routes to claude format", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodGet, "/v1/models", nil)
|
|
req.Header.Set("Authorization", "Bearer test-key")
|
|
req.Header.Set("User-Agent", "Zed/1.0")
|
|
req.Header.Set("Anthropic-Version", "2023-06-01")
|
|
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusOK, rr.Body.String())
|
|
}
|
|
|
|
var resp struct {
|
|
Object string `json:"object"`
|
|
HasMore *bool `json:"has_more"`
|
|
Data []map[string]any `json:"data"`
|
|
}
|
|
if err := json.Unmarshal(rr.Body.Bytes(), &resp); err != nil {
|
|
t.Fatalf("failed to parse response JSON: %v; body=%s", err, rr.Body.String())
|
|
}
|
|
if resp.Object == "list" {
|
|
t.Fatalf("expected Claude format (no object=list), got OpenAI format: %s", rr.Body.String())
|
|
}
|
|
if resp.HasMore == nil {
|
|
t.Fatalf("expected Claude envelope with has_more, got %s", rr.Body.String())
|
|
}
|
|
|
|
var claudeModel map[string]any
|
|
var rewrittenModel map[string]any
|
|
for _, m := range resp.Data {
|
|
id, _ := m["id"].(string)
|
|
switch id {
|
|
case "claude-sonnet-4-6":
|
|
claudeModel = m
|
|
case "claude-fable-5-dd-o4-tpg":
|
|
rewrittenModel = m
|
|
case "gpt-4o", "claude-gpt-4o":
|
|
t.Fatalf("expected non-claude model id to be rewritten as claude-fable-5-dd-<reversed>, got %q", id)
|
|
}
|
|
}
|
|
if claudeModel == nil {
|
|
t.Fatalf("expected claude-sonnet-4-6 in response, got %s", rr.Body.String())
|
|
}
|
|
if rewrittenModel == nil {
|
|
t.Fatalf("expected claude-fable-5-dd-o4-tpg in response, got %s", rr.Body.String())
|
|
}
|
|
for _, field := range []string{"max_input_tokens", "max_tokens", "display_name"} {
|
|
if _, ok := claudeModel[field]; !ok {
|
|
t.Fatalf("expected Claude model to include %q, got %v", field, claudeModel)
|
|
}
|
|
}
|
|
})
|
|
|
|
// Plain request (no Anthropic-Version, non-claude-cli User-Agent) -> OpenAI format, unaffected.
|
|
t.Run("plain request stays on openai format", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodGet, "/v1/models", nil)
|
|
req.Header.Set("Authorization", "Bearer test-key")
|
|
req.Header.Set("User-Agent", "Mozilla/5.0")
|
|
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusOK, rr.Body.String())
|
|
}
|
|
|
|
var resp struct {
|
|
Object string `json:"object"`
|
|
Data []map[string]any `json:"data"`
|
|
}
|
|
if err := json.Unmarshal(rr.Body.Bytes(), &resp); err != nil {
|
|
t.Fatalf("failed to parse response JSON: %v; body=%s", err, rr.Body.String())
|
|
}
|
|
if resp.Object != "list" {
|
|
t.Fatalf("expected OpenAI format (object=list), got %s", rr.Body.String())
|
|
}
|
|
foundRawGPT := false
|
|
for _, m := range resp.Data {
|
|
if _, ok := m["max_input_tokens"]; ok {
|
|
t.Fatalf("did not expect max_input_tokens in OpenAI format, got %v", m)
|
|
}
|
|
if id, _ := m["id"].(string); id == "gpt-4o" {
|
|
foundRawGPT = true
|
|
}
|
|
if id, _ := m["id"].(string); id == "claude-gpt-4o" || id == "claude-fable-5-dd-o4-tpg" {
|
|
t.Fatalf("did not expect Anthropic id rewrite on OpenAI format models, got %v", m)
|
|
}
|
|
}
|
|
if !foundRawGPT {
|
|
t.Fatalf("expected raw gpt-4o in OpenAI format response, got %s", rr.Body.String())
|
|
}
|
|
})
|
|
}
|
|
|
|
func TestModelsWithClientVersionReturnsCodexCatalog(t *testing.T) {
|
|
modelRegistry := registry.GetGlobalRegistry()
|
|
clientID := "test-client-version-catalog"
|
|
modelRegistry.RegisterClient(clientID, "openai", []*registry.ModelInfo{
|
|
{
|
|
ID: "gpt-5.5",
|
|
Object: "model",
|
|
Created: 1776902400,
|
|
OwnedBy: "openai",
|
|
Type: "openai",
|
|
DisplayName: "GPT 5.5",
|
|
Description: "Frontier model for complex coding, research, and real-world work.",
|
|
ContextLength: 272000,
|
|
Thinking: ®istry.ThinkingSupport{Levels: []string{"low", "medium", "high", "xhigh"}},
|
|
},
|
|
{
|
|
ID: "custom-codex-model-test",
|
|
Object: "model",
|
|
OwnedBy: "test",
|
|
Type: "openai",
|
|
DisplayName: "Custom Codex Model",
|
|
Description: "Custom model from registry",
|
|
ContextLength: 123456,
|
|
Thinking: ®istry.ThinkingSupport{Levels: []string{"none", "minimal", "low", "medium", "unsupported", "high", "xhigh"}},
|
|
},
|
|
{ID: "grok-imagine-image-quality", Object: "model", OwnedBy: "xai", Type: "openai"},
|
|
{ID: "gpt-image-2", Object: "model", OwnedBy: "openai", Type: "openai"},
|
|
{ID: "grok-imagine-image", Object: "model", OwnedBy: "xai", Type: "openai"},
|
|
{ID: "grok-imagine-video", Object: "model", OwnedBy: "xai", Type: "openai"},
|
|
{ID: "grok-imagine-video-1.5-preview", Object: "model", OwnedBy: "xai", Type: "openai"},
|
|
})
|
|
t.Cleanup(func() {
|
|
modelRegistry.UnregisterClient(clientID)
|
|
})
|
|
|
|
server := newTestServer(t)
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/v1/models?client_version", nil)
|
|
req.Header.Set("Authorization", "Bearer test-key")
|
|
req.Header.Set("User-Agent", "claude-cli/1.0")
|
|
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusOK, rr.Body.String())
|
|
}
|
|
|
|
var resp struct {
|
|
Models []map[string]any `json:"models"`
|
|
Object string `json:"object"`
|
|
Data []any `json:"data"`
|
|
}
|
|
if err := json.Unmarshal(rr.Body.Bytes(), &resp); err != nil {
|
|
t.Fatalf("failed to parse response JSON: %v; body=%s", err, rr.Body.String())
|
|
}
|
|
if resp.Object != "" || resp.Data != nil {
|
|
t.Fatalf("expected codex catalog format without object/data, got object=%q data=%v", resp.Object, resp.Data)
|
|
}
|
|
if len(resp.Models) == 0 {
|
|
t.Fatal("expected codex catalog models")
|
|
}
|
|
|
|
var gpt55 map[string]any
|
|
var custom map[string]any
|
|
for _, model := range resp.Models {
|
|
switch slug, _ := model["slug"].(string); slug {
|
|
case "gpt-5.5":
|
|
gpt55 = model
|
|
case "custom-codex-model-test":
|
|
custom = model
|
|
}
|
|
}
|
|
if gpt55 == nil {
|
|
t.Fatal("expected gpt-5.5 codex catalog entry")
|
|
}
|
|
if _, ok := gpt55["minimal_client_version"]; !ok {
|
|
t.Fatal("expected minimal_client_version in codex catalog")
|
|
}
|
|
serviceTiers, ok := gpt55["service_tiers"].([]any)
|
|
if !ok || len(serviceTiers) != 1 {
|
|
t.Fatalf("expected gpt-5.5 priority service tier, got %#v", gpt55["service_tiers"])
|
|
}
|
|
if custom == nil {
|
|
t.Fatal("expected custom model codex catalog entry")
|
|
}
|
|
if got, _ := custom["display_name"].(string); got != "Custom Codex Model" {
|
|
t.Fatalf("custom display_name = %q, want Custom Codex Model", got)
|
|
}
|
|
if got := int(codexClientTestPriority(custom["priority"])); got != 129 {
|
|
t.Fatalf("custom priority = %v, want 129", custom["priority"])
|
|
}
|
|
if got, _ := custom["description"].(string); got != "Custom model from registry" {
|
|
t.Fatalf("custom description = %q, want Custom model from registry", got)
|
|
}
|
|
if got, _ := custom["context_window"].(float64); got != 123456 {
|
|
t.Fatalf("custom context_window = %v, want 123456", custom["context_window"])
|
|
}
|
|
assertCodexSupportedReasoningLevels(t, custom, []string{"none", "low", "medium", "high", "xhigh"})
|
|
if custom["base_instructions"] != gpt55["base_instructions"] {
|
|
t.Fatal("expected custom model to use gpt-5.5 base_instructions fallback")
|
|
}
|
|
if _, ok := custom["available_in_plans"].([]any); !ok {
|
|
t.Fatalf("expected custom model to use gpt-5.5 available_in_plans fallback, got %#v", custom["available_in_plans"])
|
|
}
|
|
if got, _ := custom["prefer_websockets"].(bool); got {
|
|
t.Fatalf("custom prefer_websockets = %v, want false", custom["prefer_websockets"])
|
|
}
|
|
customServiceTiers, ok := custom["service_tiers"].([]any)
|
|
if !ok || len(customServiceTiers) != 0 {
|
|
t.Fatalf("expected custom model service_tiers = [], got %#v", custom["service_tiers"])
|
|
}
|
|
if _, ok := custom["apply_patch_tool_type"]; ok {
|
|
t.Fatal("expected custom model to omit apply_patch_tool_type")
|
|
}
|
|
if _, ok := custom["upgrade"]; ok {
|
|
t.Fatal("expected custom model to omit upgrade")
|
|
}
|
|
if _, ok := custom["availability_nux"]; ok {
|
|
t.Fatal("expected custom model to omit availability_nux")
|
|
}
|
|
|
|
hiddenModels := map[string]bool{
|
|
"grok-imagine-image-quality": false,
|
|
"gpt-image-2": false,
|
|
"grok-imagine-image": false,
|
|
"grok-imagine-video": false,
|
|
"grok-imagine-video-1.5-preview": false,
|
|
}
|
|
for _, model := range resp.Models {
|
|
slug, _ := model["slug"].(string)
|
|
if _, ok := hiddenModels[slug]; !ok {
|
|
continue
|
|
}
|
|
if visibility, _ := model["visibility"].(string); visibility != "hide" {
|
|
t.Fatalf("%s visibility = %q, want hide", slug, visibility)
|
|
}
|
|
hiddenModels[slug] = true
|
|
}
|
|
for slug, found := range hiddenModels {
|
|
if !found {
|
|
t.Fatalf("expected hidden model %s in codex catalog", slug)
|
|
}
|
|
}
|
|
}
|
|
|
|
func codexClientTestPriority(raw any) int {
|
|
switch value := raw.(type) {
|
|
case int:
|
|
return value
|
|
case float64:
|
|
return int(value)
|
|
default:
|
|
return -1
|
|
}
|
|
}
|
|
|
|
func assertCodexSupportedReasoningLevels(t *testing.T, model map[string]any, want []string) {
|
|
t.Helper()
|
|
|
|
rawLevels, ok := model["supported_reasoning_levels"].([]any)
|
|
if !ok {
|
|
t.Fatalf("expected supported_reasoning_levels, got %#v", model["supported_reasoning_levels"])
|
|
}
|
|
if len(rawLevels) != len(want) {
|
|
t.Fatalf("supported_reasoning_levels length = %d, want %d: %#v", len(rawLevels), len(want), rawLevels)
|
|
}
|
|
for index, rawLevel := range rawLevels {
|
|
levelEntry, ok := rawLevel.(map[string]any)
|
|
if !ok {
|
|
t.Fatalf("supported_reasoning_levels[%d] = %#v, want object", index, rawLevel)
|
|
}
|
|
if got, _ := levelEntry["effort"].(string); got != want[index] {
|
|
t.Fatalf("supported_reasoning_levels[%d].effort = %q, want %q", index, got, want[index])
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestDefaultRequestLoggerFactory_UsesResolvedLogDirectory(t *testing.T) {
|
|
t.Setenv("WRITABLE_PATH", "")
|
|
t.Setenv("writable_path", "")
|
|
|
|
originalWD, errGetwd := os.Getwd()
|
|
if errGetwd != nil {
|
|
t.Fatalf("failed to get current working directory: %v", errGetwd)
|
|
}
|
|
|
|
tmpDir := t.TempDir()
|
|
if errChdir := os.Chdir(tmpDir); errChdir != nil {
|
|
t.Fatalf("failed to switch working directory: %v", errChdir)
|
|
}
|
|
defer func() {
|
|
if errChdirBack := os.Chdir(originalWD); errChdirBack != nil {
|
|
t.Fatalf("failed to restore working directory: %v", errChdirBack)
|
|
}
|
|
}()
|
|
|
|
// Force ResolveLogDirectory to fallback to auth-dir/logs by making ./logs not a writable directory.
|
|
if errWriteFile := os.WriteFile(filepath.Join(tmpDir, "logs"), []byte("not-a-directory"), 0o644); errWriteFile != nil {
|
|
t.Fatalf("failed to create blocking logs file: %v", errWriteFile)
|
|
}
|
|
|
|
configDir := filepath.Join(tmpDir, "config")
|
|
if errMkdirConfig := os.MkdirAll(configDir, 0o755); errMkdirConfig != nil {
|
|
t.Fatalf("failed to create config dir: %v", errMkdirConfig)
|
|
}
|
|
configPath := filepath.Join(configDir, "config.yaml")
|
|
|
|
authDir := filepath.Join(tmpDir, "auth")
|
|
if errMkdirAuth := os.MkdirAll(authDir, 0o700); errMkdirAuth != nil {
|
|
t.Fatalf("failed to create auth dir: %v", errMkdirAuth)
|
|
}
|
|
|
|
cfg := &proxyconfig.Config{
|
|
SDKConfig: proxyconfig.SDKConfig{
|
|
RequestLog: false,
|
|
},
|
|
AuthDir: authDir,
|
|
ErrorLogsMaxFiles: 10,
|
|
}
|
|
|
|
logger := defaultRequestLoggerFactory(cfg, configPath)
|
|
fileLogger, ok := logger.(*internallogging.FileRequestLogger)
|
|
if !ok {
|
|
t.Fatalf("expected *FileRequestLogger, got %T", logger)
|
|
}
|
|
|
|
errLog := fileLogger.LogRequestWithOptions(
|
|
"/v1/chat/completions",
|
|
http.MethodPost,
|
|
map[string][]string{"Content-Type": []string{"application/json"}},
|
|
[]byte(`{"input":"hello"}`),
|
|
http.StatusBadGateway,
|
|
map[string][]string{"Content-Type": []string{"application/json"}},
|
|
[]byte(`{"error":"upstream failure"}`),
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
true,
|
|
"issue-1711",
|
|
time.Now(),
|
|
time.Now(),
|
|
)
|
|
if errLog != nil {
|
|
t.Fatalf("failed to write forced error request log: %v", errLog)
|
|
}
|
|
|
|
authLogsDir := filepath.Join(authDir, "logs")
|
|
authEntries, errReadAuthDir := os.ReadDir(authLogsDir)
|
|
if errReadAuthDir != nil {
|
|
t.Fatalf("failed to read auth logs dir %s: %v", authLogsDir, errReadAuthDir)
|
|
}
|
|
foundErrorLogInAuthDir := false
|
|
for _, entry := range authEntries {
|
|
if strings.HasPrefix(entry.Name(), "error-") && strings.HasSuffix(entry.Name(), ".log") {
|
|
foundErrorLogInAuthDir = true
|
|
break
|
|
}
|
|
}
|
|
if !foundErrorLogInAuthDir {
|
|
t.Fatalf("expected forced error log in auth fallback dir %s, got entries: %+v", authLogsDir, authEntries)
|
|
}
|
|
|
|
configLogsDir := filepath.Join(configDir, "logs")
|
|
configEntries, errReadConfigDir := os.ReadDir(configLogsDir)
|
|
if errReadConfigDir != nil && !os.IsNotExist(errReadConfigDir) {
|
|
t.Fatalf("failed to inspect config logs dir %s: %v", configLogsDir, errReadConfigDir)
|
|
}
|
|
for _, entry := range configEntries {
|
|
if strings.HasPrefix(entry.Name(), "error-") && strings.HasSuffix(entry.Name(), ".log") {
|
|
t.Fatalf("unexpected forced error log in config dir %s", configLogsDir)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestFormatHomeClaudeModelIncludesAnthropicSchemaFields(t *testing.T) {
|
|
withMetadata := formatHomeClaudeModel(homeModelEntry{
|
|
id: "claude-sonnet-4-6",
|
|
created: 1771372800,
|
|
ownedBy: "anthropic",
|
|
displayName: "Claude 4.6 Sonnet",
|
|
contextLength: 200000,
|
|
maxCompletionTokens: 64000,
|
|
})
|
|
if got := withMetadata["created_at"]; got != "2026-02-18T00:00:00Z" {
|
|
t.Fatalf("created_at = %v, want RFC3339 timestamp", got)
|
|
}
|
|
if got := withMetadata["type"]; got != "model" {
|
|
t.Fatalf("type = %v, want model", got)
|
|
}
|
|
if got := withMetadata["display_name"]; got != "Claude 4.6 Sonnet" {
|
|
t.Fatalf("display_name = %v, want Claude 4.6 Sonnet", got)
|
|
}
|
|
if got := withMetadata["max_input_tokens"]; got != 200000 {
|
|
t.Fatalf("max_input_tokens = %v, want 200000", got)
|
|
}
|
|
if got := withMetadata["max_tokens"]; got != 64000 {
|
|
t.Fatalf("max_tokens = %v, want 64000", got)
|
|
}
|
|
|
|
withDefaults := formatHomeClaudeModel(homeModelEntry{id: "claude-no-limits"})
|
|
if got := withDefaults["display_name"]; got != "claude-no-limits" {
|
|
t.Fatalf("display_name fallback = %v, want claude-no-limits", got)
|
|
}
|
|
|
|
prefixed := formatHomeClaudeModel(homeModelEntry{id: "gpt-4o", displayName: "GPT-4o"})
|
|
if got := prefixed["id"]; got != "claude-fable-5-dd-o4-tpg" {
|
|
t.Fatalf("id = %v, want claude-fable-5-dd-o4-tpg", got)
|
|
}
|
|
if got := prefixed["display_name"]; got != "GPT-4o" {
|
|
t.Fatalf("display_name = %v, want GPT-4o", got)
|
|
}
|
|
if got := withDefaults["max_input_tokens"]; got != registry.DefaultClaudeMaxInputTokens {
|
|
t.Fatalf("max_input_tokens fallback = %v, want %d", got, registry.DefaultClaudeMaxInputTokens)
|
|
}
|
|
if got := withDefaults["max_tokens"]; got != registry.DefaultClaudeMaxOutputTokens {
|
|
t.Fatalf("max_tokens fallback = %v, want %d", got, registry.DefaultClaudeMaxOutputTokens)
|
|
}
|
|
if _, ok := withDefaults["created_at"]; ok {
|
|
t.Fatalf("created_at should be omitted when source created is missing, got %v", withDefaults)
|
|
}
|
|
}
|
|
|
|
func TestFormatHomeClaudeModelsSortsByDisplayName(t *testing.T) {
|
|
out := formatHomeClaudeModels([]homeModelEntry{
|
|
{id: "claude-z", displayName: "Zebra"},
|
|
{id: "gpt-4o", displayName: "Alpha"},
|
|
{id: "claude-b", displayName: "Beta"},
|
|
})
|
|
if len(out) != 3 {
|
|
t.Fatalf("len(out) = %d, want 3", len(out))
|
|
}
|
|
wantNames := []string{"Alpha", "Beta", "Zebra"}
|
|
for i, want := range wantNames {
|
|
got, _ := out[i]["display_name"].(string)
|
|
if got != want {
|
|
t.Fatalf("out[%d].display_name = %q, want %q", i, got, want)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestDecodeHomeModelsKeepsTokenMetadata(t *testing.T) {
|
|
entries, errDecode := decodeHomeModels([]byte(`{
|
|
"claude": [
|
|
{
|
|
"id": "claude-sonnet-4-6",
|
|
"created": 1771372800,
|
|
"owned_by": "anthropic",
|
|
"context_length": 200000,
|
|
"max_completion_tokens": 64000
|
|
}
|
|
],
|
|
"gemini": [
|
|
{
|
|
"name": "models/gemini-3-pro",
|
|
"inputTokenLimit": 1048576,
|
|
"outputTokenLimit": 65536
|
|
}
|
|
]
|
|
}`))
|
|
if errDecode != nil {
|
|
t.Fatalf("decodeHomeModels returned error: %v", errDecode)
|
|
}
|
|
|
|
byID := make(map[string]homeModelEntry, len(entries))
|
|
for _, entry := range entries {
|
|
byID[entry.id] = entry
|
|
}
|
|
claudeEntry, ok := byID["claude-sonnet-4-6"]
|
|
if !ok {
|
|
t.Fatalf("expected claude-sonnet-4-6 entry, got %v", byID)
|
|
}
|
|
if claudeEntry.contextLength != 200000 || claudeEntry.maxCompletionTokens != 64000 {
|
|
t.Fatalf("claude token metadata = %d/%d, want 200000/64000", claudeEntry.contextLength, claudeEntry.maxCompletionTokens)
|
|
}
|
|
geminiEntry, ok := byID["gemini-3-pro"]
|
|
if !ok {
|
|
t.Fatalf("expected gemini-3-pro entry, got %v", byID)
|
|
}
|
|
if geminiEntry.contextLength != 1048576 || geminiEntry.maxCompletionTokens != 65536 {
|
|
t.Fatalf("gemini token metadata = %d/%d, want 1048576/65536", geminiEntry.contextLength, geminiEntry.maxCompletionTokens)
|
|
}
|
|
}
|
|
|
|
func TestHomeModelsAuthStatus(t *testing.T) {
|
|
cases := []struct {
|
|
name string
|
|
raw string
|
|
wantStatus int
|
|
wantHandled bool
|
|
}{
|
|
{"no credentials", `{"error":{"type":"no_credentials","message":"Missing API key"}}`, http.StatusUnauthorized, true},
|
|
{"invalid credential", `{"error":{"type":"invalid_credential","message":"Invalid API key"}}`, http.StatusUnauthorized, true},
|
|
{"internal error maps to bad gateway", `{"error":{"type":"internal_error","message":"boom"}}`, http.StatusBadGateway, true},
|
|
{"models payload not an error", `{"openai":[{"id":"gpt-5.5"}]}`, 0, false},
|
|
{"empty payload not an error", `{}`, 0, false},
|
|
}
|
|
|
|
for _, tc := range cases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
status, handled := homeModelsAuthStatus([]byte(tc.raw))
|
|
if handled != tc.wantHandled {
|
|
t.Fatalf("handled = %v, want %v (status=%d)", handled, tc.wantHandled, status)
|
|
}
|
|
if handled && status != tc.wantStatus {
|
|
t.Fatalf("status = %d, want %d", status, tc.wantStatus)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestHomeModelsErrorMessage(t *testing.T) {
|
|
if msg := homeModelsErrorMessage([]byte(`{"error":{"type":"invalid_credential","message":"Invalid API key"}}`)); msg != "Invalid API key" {
|
|
t.Fatalf("message = %q, want %q", msg, "Invalid API key")
|
|
}
|
|
if msg := homeModelsErrorMessage([]byte(`{"openai":[]}`)); msg != "home models request failed" {
|
|
t.Fatalf("default message = %q, want fallback", msg)
|
|
}
|
|
}
|
|
|
|
func TestInteractionsRouteRegistered(t *testing.T) {
|
|
server := newTestServer(t)
|
|
req := httptest.NewRequest(http.MethodPost, "/v1beta/interactions", strings.NewReader(`{"model":"gemini-3.5-flash","input":"hi"}`))
|
|
req.Header.Set("Authorization", "Bearer test-key")
|
|
rr := httptest.NewRecorder()
|
|
server.engine.ServeHTTP(rr, req)
|
|
if rr.Code == http.StatusNotFound {
|
|
t.Fatalf("status = %d, want route registered; body=%s", rr.Code, rr.Body.String())
|
|
}
|
|
}
|