Spaces:

ServiceX
/

PDF

Runtime error

App Files Files Community

BirkhoffLee commited on Mar 11

Commit

8bff983

unverified ·

0 Parent(s):

init

Browse files

Files changed (7) hide show

.cnb.yml +46 -0
.gitattributes +35 -0
.gitignore +1 -0
Caddyfile +15 -0
Dockerfile +29 -0
README.md +46 -0
entrypoint.sh +66 -0

.cnb.yml ADDED Viewed

	@@ -0,0 +1,46 @@

+$:
+  vscode:
+    - runner:
+        cpus: 4
+        tags: cnb:arch:amd64
+      docker:
+        image: cnbcool/default-dev-env:latest
+      imports:
+        - https://cnb.cool/maikebuke/Tools/Huggingface/AccessToken/-/blob/main/key.yml
+      env:
+        HF_SPACE_URL: "https://huggingface.co/spaces/ServiceX/Sublink"
+      services:
+        - vscode
+        - docker
+      stages:
+        - name: vscode go
+          type: vscode:go
+main:
+  push:
+    - runner:
+        cpus: 1
+      imports:
+          - https://cnb.cool/maikebuke/Tools/Huggingface/AccessToken/-/blob/main/key.yml
+      env:
+        HF_SPACE_URL: "https://huggingface.co/spaces/ServiceX/Sublink"
+      stages:
+        - name: Force Push To Huggingface Spaces
+          script: |
+            # 从 HF_SPACE_URL 提取 owner/repo 路径用于构造带认证的 git remote
+            HF_REPO_PATH=$(echo "$HF_SPACE_URL" | sed 's|https://huggingface.co/spaces/||')
+            HF_REMOTE="https://user:${HF_TOKEN_FULL}@huggingface.co/spaces/${HF_REPO_PATH}"
+            # 删除 CI 文件，避免推送到目标仓库
+            rm -f .cnb.yml
+            git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+            git config user.name "github-actions[bot]"
+            # 将删除操作提交（基于当前 HEAD）
+            git add -A
+            git diff --cached --quiet || git commit -m "ci: remove CI config before sync"
+            # 强制推送到 Huggingface Space
+            git push "$HF_REMOTE" HEAD:main --force

.gitattributes ADDED Viewed

	@@ -0,0 +1,35 @@

+*.7z filter=lfs diff=lfs merge=lfs -text
+*.arrow filter=lfs diff=lfs merge=lfs -text
+*.bin filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.ckpt filter=lfs diff=lfs merge=lfs -text
+*.ftz filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.h5 filter=lfs diff=lfs merge=lfs -text
+*.joblib filter=lfs diff=lfs merge=lfs -text
+*.lfs.* filter=lfs diff=lfs merge=lfs -text
+*.mlmodel filter=lfs diff=lfs merge=lfs -text
+*.model filter=lfs diff=lfs merge=lfs -text
+*.msgpack filter=lfs diff=lfs merge=lfs -text
+*.npy filter=lfs diff=lfs merge=lfs -text
+*.npz filter=lfs diff=lfs merge=lfs -text
+*.onnx filter=lfs diff=lfs merge=lfs -text
+*.ot filter=lfs diff=lfs merge=lfs -text
+*.parquet filter=lfs diff=lfs merge=lfs -text
+*.pb filter=lfs diff=lfs merge=lfs -text
+*.pickle filter=lfs diff=lfs merge=lfs -text
+*.pkl filter=lfs diff=lfs merge=lfs -text
+*.pt filter=lfs diff=lfs merge=lfs -text
+*.pth filter=lfs diff=lfs merge=lfs -text
+*.rar filter=lfs diff=lfs merge=lfs -text
+*.safetensors filter=lfs diff=lfs merge=lfs -text
+saved_model/**/* filter=lfs diff=lfs merge=lfs -text
+*.tar.* filter=lfs diff=lfs merge=lfs -text
+*.tar filter=lfs diff=lfs merge=lfs -text
+*.tflite filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.wasm filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
+*tfevents* filter=lfs diff=lfs merge=lfs -text

.gitignore ADDED Viewed

	@@ -0,0 +1 @@


1	+ uv.lock

Caddyfile ADDED Viewed

	@@ -0,0 +1,15 @@

+:7860 {
+    # 健康检查不需要认证
+    @health path /healthz
+    handle @health {
+        respond "ok" 200
+    }
+    # 其他请求走基础认证后转发到 pdf2zh_next
+    handle {
+        basic_auth {
+            import /etc/caddy/users.auth
+        }
+        reverse_proxy 127.0.0.1:7861
+    }
+}

Dockerfile ADDED Viewed

	@@ -0,0 +1,29 @@

+FROM python:3.12-slim-bookworm
+# 安装基础依赖
+RUN apt-get update && apt-get install -y --no-install-recommends \
+        ca-certificates \
+        bash \
+    && rm -rf /var/lib/apt/lists/*
+# 从官方镜像直接复制 caddy 和 uv 二进制
+COPY --from=caddy:latest /usr/bin/caddy /usr/local/bin/caddy
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
+ENV PATH="/root/.local/bin:${PATH}" \
+    PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    GRADIO_SERVER_NAME=127.0.0.1 \
+    GRADIO_SERVER_PORT=7861
+# 安装 pdf2zh-next
+RUN uv tool install --python 3.12 pdf2zh-next
+# 复制并启用配置
+COPY Caddyfile /etc/caddy/Caddyfile
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+EXPOSE 7860
+CMD ["/entrypoint.sh"]

README.md ADDED Viewed

	@@ -0,0 +1,46 @@

+---
+title: PDFMathTranslate Next
+emoji: 📄
+colorFrom: blue
+colorTo: green
+sdk: docker
+pinned: false
+---
+## PDFMathTranslate-next on HuggingFace Spaces
+这个仓库用于部署 `pdf2zh_next --gui`，并通过 Caddy BasicAuth 做访问门控。
+### 运行架构
+1. `pdf2zh_next --gui` 在容器内监听 `127.0.0.1:7861`
+2. Caddy 监听外部端口 `7860`
+3. 除 `/healthz` 外，所有请求都需要 BasicAuth
+4. 认证通过后，Caddy 反向代理到 `pdf2zh_next`
+### 必需 Secret
+在 HuggingFace Space 设置 `BASIC_AUTH_USERS`（多行文本）：
+```text
+alice:your_password_1
+bob:your_password_2
+```
+规则：
+- 每行一个账号，格式 `username:password`
+- 空行和 `#` 开头行会被忽略
+- 容器启动时会把明文密码转换为 bcrypt 哈希，仓库不保存真实密码
+### 健康检查
+`/healthz` 无需认证，返回 `200 ok`。
+### 本地构建示例
+```bash
+docker build -t pdf2zh-gated .
+docker run --rm -p 7860:7860 \
+  -e BASIC_AUTH_USERS=$'alice:pass1\nbob:pass2' \
+  pdf2zh-gated
+```

entrypoint.sh ADDED Viewed

	@@ -0,0 +1,66 @@

+#!/usr/bin/env bash
+set -euo pipefail
+# 解析 HF Secret，支持多行或 \n 形式
+RAW_USERS="${BASIC_AUTH_USERS:-}"
+if [[ -z "${RAW_USERS}" ]]; then
+    echo "[ERROR] BASIC_AUTH_USERS is required. Use one 'username:password' per line." >&2
+    exit 1
+fi
+RAW_USERS="${RAW_USERS//\\n/$'\n'}"
+AUTH_FILE="/etc/caddy/users.auth"
+> "${AUTH_FILE}"
+chmod 600 "${AUTH_FILE}"
+# 逐行生成 caddy 可用的哈希密码
+while IFS= read -r line || [[ -n "${line}" ]]; do
+    line="${line%$'\r'}"
+    [[ -z "${line}" ]] && continue
+    [[ "${line}" == \#* ]] && continue
+    if [[ "${line}" != *:* ]]; then
+        echo "[ERROR] Invalid BASIC_AUTH_USERS line: '${line}'" >&2
+        exit 1
+    fi
+    user="${line%%:*}"
+    pass="${line#*:}"
+    if [[ -z "${user}" || -z "${pass}" ]]; then
+        echo "[ERROR] Empty username or password is not allowed: '${line}'" >&2
+        exit 1
+    fi
+    hash="$(caddy hash-password --plaintext "${pass}")"
+    printf "%s %s\n" "${user}" "${hash}" >> "${AUTH_FILE}"
+done <<< "${RAW_USERS}"
+if [[ ! -s "${AUTH_FILE}" ]]; then
+    echo "[ERROR] No valid user entries found in BASIC_AUTH_USERS." >&2
+    exit 1
+fi
+# 固定内部监听，确保只能经由 caddy 访问
+export GRADIO_SERVER_NAME="${GRADIO_SERVER_NAME:-127.0.0.1}"
+export GRADIO_SERVER_PORT="${GRADIO_SERVER_PORT:-7861}"
+echo "[INFO] Starting pdf2zh_next on ${GRADIO_SERVER_NAME}:${GRADIO_SERVER_PORT}"
+pdf2zh_next --gui &
+PDF_PID=$!
+echo "[INFO] Starting caddy on :7860"
+caddy run --config /etc/caddy/Caddyfile &
+CADDY_PID=$!
+cleanup() {
+    kill "${PDF_PID}" "${CADDY_PID}" 2>/dev/null || true
+}
+trap cleanup INT TERM EXIT
+# 任一进程退出都结束容器
+set +e
+wait -n "${PDF_PID}" "${CADDY_PID}"
+EXIT_CODE=$?
+set -e
+echo "[ERROR] A service exited unexpectedly. Shutting down."
+exit "${EXIT_CODE}"