Create main.ts

main.ts

@@ -0,0 +1,263 @@
+import { serve } from "https://deno.land/std@0.178.0/http/server.ts";
+
+// -------------------- 改造部分：使用内存 Map 和 Web Locks API 替代 Deno KV --------------------
+// 使用一个 Map 在内存中存储每个 provider 的轮询索引
+const rotationIndexes = new Map<string, number>();
+// -------------------- 改造部分结束 --------------------
+
+
+// -------------------- 1. 自定义配置--------------------
+// 路径映射
+// 键名中斜杠后的部分（如`gemini`）将会作为后续变量 provider 的值，用以标记服务商
+const apiMapping: Record<string, string> = {
+  "/openai": "https://api.openai.com",
+  "/claude": "https://api.anthropic.com",
+  "/gemini": "https://generativelanguage.googleapis.com",
+  "/xai": "https://api.x.ai",
+  "/groq": "https://api.groq.com/openai",
+  "/openrouter": "https://openrouter.ai/api",
+  "/meta": "https://www.meta.ai/api",
+  "/cohere": "https://api.cohere.ai",
+  "/huggingface": "https://api-inference.huggingface.co",
+  "/together": "https://api.together.xyz",
+  "/novita": "https://api.novita.ai",
+  "/portkey": "https://api.portkey.ai",
+  "/fireworks": "https://api.fireworks.ai",
+  "/cerebras": "https://api.cerebras.ai",
+  "/discord": "https://discord.com/api",
+  "/telegram": "https://api.telegram.org",
+};
+
+// 密钥轮询配置：是否对各 provider 启用密钥轮询
+// 如果没有在这里配置，则默认过滤敏感请求头后直接转发请求
+const rotationConfig: Record<string, boolean> = {
+  gemini: true,
+  groq: true,
+  openrouter: true
+};
+
+// 鉴权请求头格式声明：请在此处声明不同 provider 的鉴权请求头格式
+// 如果没有在这里声明，则默认使用 "Authorization: Bearer ${apiKey}"
+const authHeaderMapping: Record<string, (apiKey: string) => [string, string]> = {
+  gemini: (apiKey: string) => ["x-goog-api-key", apiKey],
+  claude: (apiKey: string) => ["x-api-key", apiKey],
+};
+
+// -------------------- 2. 敏感请求头过滤 --------------------
+const deniedHeaders = ["host", "referer", "cf-", "forward", "cdn"];
+function isAllowedHeader(key: string): boolean {
+  const lowerKey = key.toLowerCase();
+  for (const deniedHeader of deniedHeaders) {
+    if (lowerKey.includes(deniedHeader)) {
+      return false;
+    }
+  }
+  return true;
+}
+
+// -------------------- 3. parseTarget：尝试匹配 provider 并且提取路径 --------------------
+function parseTarget(urlPath: string): { provider: string; targetUrl: string } {
+  const splitIndex = urlPath.indexOf("/", 1);
+  if (splitIndex === -1) {
+    return { provider: "", targetUrl: "" };
+  }
+  const prefix = urlPath.substring(0, splitIndex);
+  const provider = prefix.replace("/", "");
+  const mappedBase = apiMapping[prefix];
+  if (!mappedBase) {
+    return { provider: "", targetUrl: "" };
+  }
+  const restPath = urlPath.substring(prefix.length);
+  return {
+    provider,
+    targetUrl: mappedBase + restPath,
+  };
+}
+
+// -------------------- 4. 处理密钥池与轮询索引 --------------------
+async function getKeyPool(provider: string): Promise<string[]> {
+  const envKeyName = `${provider.toUpperCase()}_KEYS`; // 环境变量名通常大写，这里统一为大写
+  const keyPoolStr = Deno.env.get(envKeyName);
+  if (!keyPoolStr) return [];
+  return keyPoolStr.split(",").map((k) => k.trim()).filter((k) => k.length > 0);
+}
+
+/**
+ * 改造后的函数：
+ * 使用 Web Locks API 原子性地获取并递增轮询索引。
+ * 这可以防止并发请求时多个请求拿到同一个索引。
+ * @param provider - 服务商名称
+ * @param length - 密钥池的长度
+ * @returns 将用于当前请求的索引
+ */
+async function getAndIncrementRotationIndex(
+  provider: string,
+  length: number,
+): Promise<number> {
+  // 使用 provider 名称作为锁的唯一标识符
+  const lockName = `key-rotation-lock-${provider}`;
+  
+  // navigator.locks.request 会确保回调函数中的代码以原子方式执行
+  // 对于同一个 lockName，一次只有一个回调可以运行
+  return await navigator.locks.request(lockName, () => {
+    // 从内存 Map 中获取当前索引，如果不存在则默认为 0
+    const currentIndex = rotationIndexes.get(provider) ?? 0;
+    
+    // 计算下一个索引
+    const nextIndex = (currentIndex + 1) % length;
+    
+    // 将新索引存回 Map
+    rotationIndexes.set(provider, nextIndex);
+    
+    // 返回当前请求应该使用的索引
+    return currentIndex;
+  });
+}
+
+
+// -------------------- 5. 传入请求头鉴权 --------------------
+function extractInboundAuthKey(
+  request: Request,
+  provider: string,
+): string | undefined {
+  const buildAuthHeader = authHeaderMapping[provider];
+  if (buildAuthHeader) {
+    const [customHeaderKey] = buildAuthHeader("");
+    return request.headers.get(customHeaderKey) || undefined;
+  } else {
+    const incomingAuth = request.headers.get("Authorization");
+    if (!incomingAuth || !incomingAuth.startsWith("Bearer ")) {
+      return undefined;
+    }
+    return incomingAuth.substring("Bearer ".length).trim();
+  }
+}
+
+function checkInboundAuth(request: Request, provider: string): boolean {
+  const envAuthKey = Deno.env.get("AUTH_KEY"); // 环境变量名通常大写
+  if (!envAuthKey) {
+    // 未在环境变量中配置 authKey 者无法执行鉴权流程，视作鉴权失败
+    return false;
+  }
+  const inboundKey = extractInboundAuthKey(request, provider);
+  if (inboundKey === envAuthKey) {
+    return true;
+  }
+  // 当 Gemini 有关的请求无法通过 "x-goog-api-key" 头完成鉴权时，尝试通过 url 中的参数 key 鉴权
+  if (provider === "gemini") {
+    const url = new URL(request.url);
+    const keyParam = url.searchParams.get("key");
+    return keyParam === envAuthKey;
+  }
+  return false;
+}
+
+// -------------------- 6. 启动服务，处理请求 --------------------
+serve(async (request: Request) => {
+  const url = new URL(request.url);
+  const pathname = url.pathname + url.search;
+
+  // 特殊路由：根路径, /robots.txt
+  if (pathname === "/" || pathname === "/index.html") {
+    return new Response("Service is running!", {
+      status: 200,
+      headers: { "Content-Type": "text/html" },
+    });
+  }
+  if (pathname === "/robots.txt") {
+    return new Response("User-agent: *\nDisallow: /", {
+      status: 200,
+      headers: { "Content-Type": "text/plain" },
+    });
+  }
+
+  // 解析目标地址，判断是否启用密钥轮询
+  let { provider, targetUrl } = parseTarget(pathname);
+  if (!targetUrl) {
+    return new Response("无效路径: " + pathname, { status: 404 });
+  }
+  const rotationEnabled = rotationConfig[provider] ?? false;
+
+  // 过滤敏感请求头
+  const headers = new Headers();
+  for (const [key, value] of request.headers.entries()) {
+    if (isAllowedHeader(key)) {
+      headers.set(key, value);
+    }
+  }
+
+  // -------------------- 无需轮询者直接转发 --------------------
+  if (!rotationEnabled) {
+    try {
+      return await fetch(targetUrl, {
+        method: request.method,
+        headers,
+        body: request.body,
+      });
+    } catch (error) {
+      const message = `转发模式： ${targetUrl}\n\n` +
+                      `错误消息: ${error.message}\n\n` +
+                      `堆栈跟踪:\n${error.stack ?? 'No stack trace'}`;
+      return new Response(message, { status: 500 });
+    }
+  }
+
+  // -------------------- 需轮询者，鉴权后重新构造请求头与转发 --------------------
+  if (!checkInboundAuth(request, provider)) {
+    return new Response("轮询模式：脚本鉴权未通过", { status: 401 });
+  }
+
+  const keyPool = await getKeyPool(provider);
+  if (keyPool.length === 0) {
+    return new Response(`轮询模式：${provider} 缺少密钥池`, {
+      status: 500,
+    });
+  }
+
+  // 移除原有的鉴权请求头
+  headers.delete("Authorization");
+  headers.delete("x-api-key");
+  headers.delete("x-goog-api-key");
+
+  // 轮询模式代理 Gemini 时，删去 URL 中的参数 key
+  if (provider === "gemini") {
+    const targetUrlObj = new URL(targetUrl);
+    targetUrlObj.searchParams.delete("key");
+    targetUrl = targetUrlObj.toString();
+  }
+
+  // 读取并更新内存中的轮询索引，确定使用的密钥
+  let currentIndex: number;
+  try {
+    // 调用改造后的函数
+    currentIndex = await getAndIncrementRotationIndex(provider, keyPool.length);
+  } catch (err) {
+    return new Response(`轮询模式：密钥轮询索引更新失败: ${err.message}`, {
+      status: 500,
+    });
+  }
+  const apiKey = keyPool[currentIndex];
+
+  // 根据 authHeaderMapping 确定目标格式，构造新的鉴权请求头
+  const buildAuthHeader = authHeaderMapping[provider];
+  let authHeaderKey = "Authorization";
+  let authHeaderValue = `Bearer ${apiKey}`;
+  if (buildAuthHeader) {
+    [authHeaderKey, authHeaderValue] = buildAuthHeader(apiKey);
+  }
+  headers.set(authHeaderKey, authHeaderValue);
+
+  // 发起请求
+  try {
+    return await fetch(targetUrl, {
+      method: request.method,
+      headers,
+      body: request.body,
+    });
+  } catch (error) {
+    const message = `轮询模式 - 请求失败： ${targetUrl}\n\n` +
+                    `错误消息: ${error.message}\n\n` +
+                    `堆栈跟踪:\n${error.stack ?? 'No stack trace'}`;
+    return new Response(message, { status: 500 });
+  }
+},{port:7860});