Spaces:

codey-lab
/

Multi-LLM-API-Gateway

Running

App Files Files Community

Alibrown commited on 4 days ago

Commit

92368cc

verified ·

1 Parent(s): eb496e0

Update app/providers.py

Browse files

Files changed (1) hide show

app/providers.py +45 -17

app/providers.py CHANGED Viewed

@@ -21,6 +21,11 @@
 #   anthropic → fails → openrouter → fails → RuntimeError
 #   Visited set prevents infinite loops.
 #
 # DEPENDENCY CHAIN (app/* only, no fundaments!):
 #   config.py    → parses app/.pyfun — single source of truth
 #   providers.py → LLM + Search registry + fallback chain
@@ -48,12 +53,18 @@ class BaseProvider:
     Subclasses only implement complete() — HTTP logic lives here.
     """
     def __init__(self, name: str, cfg: dict):
-        self.name     = name
-        self.key      = os.getenv(cfg.get("env_key", ""))
-        self.base_url = cfg.get("base_url", "")
-        self.fallback = cfg.get("fallback_to", "")
-        self.timeout  = int(config.get_limits().get("REQUEST_TIMEOUT_SEC", "60"))
-        self.model    = cfg.get("default_model", "")
     async def complete(self, prompt: str, model: str, max_tokens: int) -> str:
         """Override in each provider subclass."""
@@ -62,9 +73,10 @@ class BaseProvider:
     async def _post(self, url: str, headers: dict, payload: dict) -> dict:
         """
         Shared HTTP POST — used by all providers.
-        Raises httpx.HTTPStatusError on non-2xx responses.
         """
-        safe_url = url.split("?")[0]  # strip query params from logs
         logger.debug(f"POST → {safe_url}")
         async with httpx.AsyncClient() as client:
             r = await client.post(
@@ -73,11 +85,16 @@ class BaseProvider:
                 json=payload,
                 timeout=self.timeout,
             )
-            r.raise_for_status()
             return r.json()
 # =============================================================================
 # SECTION 2 — LLM Provider Implementations
 # Only the API-specific parsing logic differs per provider.
@@ -108,18 +125,25 @@ class GeminiProvider(BaseProvider):
     """Google Gemini API — generateContent endpoint."""
     async def complete(self, prompt: str, model: str = None, max_tokens: int = 1024) -> str:
-        m = model or self.model
         async with httpx.AsyncClient() as client:
             r = await client.post(
-                f"{self.base_url}/models/{m}:generateContent",
-                params={"key": self.key},
                 json={
-                    "contents":        [{"parts": [{"text": prompt}]}],
                     "generationConfig": {"maxOutputTokens": max_tokens},
                 },
                 timeout=self.timeout,
             )
-            r.raise_for_status()
             return r.json()["candidates"][0]["content"]["parts"][0]["text"]
@@ -246,7 +270,11 @@ async def llm_complete(
                 logger.info(f"Response from provider: '{current}'")
                 return f"[{current}] {result}"
             except Exception as e:
-                logger.warning(f"Provider '{current}' failed: {e} — trying fallback.")
         # Next in fallback chain from .pyfun
         cfg     = config.get_active_llm_providers().get(current, {})
@@ -335,4 +363,4 @@ def get(name: str) -> BaseProvider:
 # =============================================================================
 if __name__ == "__main__":
-    print("WARNING: Run via main.py → app.py, not directly.")

 #   anthropic → fails → openrouter → fails → RuntimeError
 #   Visited set prevents infinite loops.
 #
+# SECURITY NOTE:
+#   API keys are NEVER logged or included in exception messages.
+#   All errors are sanitized before propagation — only HTTP status codes
+#   and safe_url (query params stripped) are ever exposed in logs.
+#
 # DEPENDENCY CHAIN (app/* only, no fundaments!):
 #   config.py    → parses app/.pyfun — single source of truth
 #   providers.py → LLM + Search registry + fallback chain
     Subclasses only implement complete() — HTTP logic lives here.
     """
     def __init__(self, name: str, cfg: dict):
+        self.name      = name
+        self.key       = os.getenv(cfg.get("env_key", ""))
+        self.base_url  = cfg.get("base_url", "")
+        self.fallback  = cfg.get("fallback_to", "")
+        self.timeout   = int(config.get_limits().get("REQUEST_TIMEOUT_SEC", "60"))
+        self.model     = cfg.get("default_model", "")
+        # Safe key hint for debug logs — never log the full key
+        self._key_hint = (
+            f"{self.key[:4]}...{self.key[-4:]}"
+            if self.key and len(self.key) > 8
+            else "***"
+        )
     async def complete(self, prompt: str, model: str, max_tokens: int) -> str:
         """Override in each provider subclass."""
     async def _post(self, url: str, headers: dict, payload: dict) -> dict:
         """
         Shared HTTP POST — used by all providers.
+        Raises RuntimeError with sanitized message on non-2xx responses.
+        API keys are never included in raised exceptions or log output.
         """
+        safe_url = url.split("?")[0]  # strip query params (may contain API keys)
         logger.debug(f"POST → {safe_url}")
         async with httpx.AsyncClient() as client:
             r = await client.post(
                 json=payload,
                 timeout=self.timeout,
             )
+            try:
+                r.raise_for_status()
+            except httpx.HTTPStatusError as e:
+                # Sanitize: only status code + safe_url, never headers or body
+                raise RuntimeError(
+                    f"HTTP {e.response.status_code} from {safe_url}"
+                ) from None
             return r.json()
 # =============================================================================
 # SECTION 2 — LLM Provider Implementations
 # Only the API-specific parsing logic differs per provider.
     """Google Gemini API — generateContent endpoint."""
     async def complete(self, prompt: str, model: str = None, max_tokens: int = 1024) -> str:
+        m        = model or self.model
+        safe_url = f"{self.base_url}/models/{m}:generateContent"
         async with httpx.AsyncClient() as client:
             r = await client.post(
+                safe_url,
+                params={"key": self.key},  # key in query param, never in logs
                 json={
+                    "contents":         [{"parts": [{"text": prompt}]}],
                     "generationConfig": {"maxOutputTokens": max_tokens},
                 },
                 timeout=self.timeout,
             )
+            try:
+                r.raise_for_status()
+            except httpx.HTTPStatusError as e:
+                # safe_url has no key — params are NOT part of safe_url string
+                raise RuntimeError(
+                    f"HTTP {e.response.status_code} from {safe_url}"
+                ) from None
             return r.json()["candidates"][0]["content"]["parts"][0]["text"]
                 logger.info(f"Response from provider: '{current}'")
                 return f"[{current}] {result}"
             except Exception as e:
+                # Log only exception type + sanitized message — never raw {e}
+                # which may contain headers, keys, or response bodies
+                logger.warning(
+                    f"Provider '{current}' failed: {type(e).__name__}: {e} — trying fallback."
+                )
         # Next in fallback chain from .pyfun
         cfg     = config.get_active_llm_providers().get(current, {})
 # =============================================================================
 if __name__ == "__main__":
+    print("WARNING: Run via main.py → app.py, not directly.")