selfapi-v2 / docs /api-gateway.md
akashyadav758
Add HOWTOUSE.md and docs/ for fast, error-free new setup
8ea09fa
|
Raw
History Blame Contribute Delete
1.8 kB

API gateway

The monitor Go binary (port 3001) is also a reverse-proxy gateway. HF exposes only one public port, so all three backend APIs are reached under one base URL by path prefix.

Routing (monitor/main.go)

Public prefix β†’ forwards to Prefix stripped
/gpt/… 127.0.0.1:9225 /gpt/api/chat β†’ /api/chat
/gemini/… 127.0.0.1:8000 /gemini/chat β†’ /chat
/flow/… 127.0.0.1:8101 /flow/generate/video β†’ /generate/video

gatewayHandler(prefix, target) builds one httputil.ReverseProxy whose Director rewrites the host and strips the prefix. The monitor's own routes (/, /api/*, /chrome.log) are untouched.

Auth β€” API_KEY (fail-closed)

authOK() gates the three prefixes:

  • Reads API_KEY from env once at startup.
  • Requires Authorization: Bearer <API_KEY> (also accepts ?key=).
  • Unset API_KEY β†’ every gateway call returns 503 (so accounts are never accidentally open).
  • Wrong/missing key β†’ 401.
  • The monitor UI stays open (no key) so the live view keeps working.

Set it: HF secret API_KEY (Settings) or Docker .env API_KEY=…. Use a long random string, e.g. openssl rand -hex 24.

Why not a separate Space for the servers?

The extensions dial ws://127.0.0.1:9225/9226/9227 β€” hardcoded localhost (*/background.js). A second Space is a different machine with a different 127.0.0.1, so its servers could never receive the extension connections. Hence: one container, gateway out front.

Adding a new route

  1. Server listens on a new localhost port inside the container.
  2. Launch it in start_hf.sh (step 6a).
  3. Add http.HandleFunc("/x/", gatewayHandler("/x", "http://127.0.0.1:PORT")) in monitor/main.go.