Spaces:

nanoppa
/

ord

Running

App Files Files Community

nanoppa commited on Aug 30, 2025

Commit

e1ac4a8

verified ·

1 Parent(s): 99e3cc9

Update main.ts

Browse files

Files changed (1) hide show

main.ts +50 -54

main.ts CHANGED Viewed

@@ -1,8 +1,53 @@
 import { serve } from "https://deno.land/std@0.178.0/http/server.ts";
-// -------------------- 改造部分：使用内存 Map 和 Web Locks API 替代 Deno KV --------------------
 // 使用一个 Map 在内存中存储每个 provider 的轮询索引
 const rotationIndexes = new Map<string, number>();
 // -------------------- 改造部分结束 --------------------
@@ -28,16 +73,14 @@ const apiMapping: Record<string, string> = {
   "/telegram": "https://api.telegram.org",
 };
-// 密钥轮询配置：是否对各 provider 启用密钥轮询
-// 如果没有在这里配置，则默认过滤敏感请求头后直接转发请求
 const rotationConfig: Record<string, boolean> = {
   gemini: true,
   groq: true,
   openrouter: true
 };
-// 鉴权请求头格式声明：请在此处声明不同 provider 的鉴权请求头格式
-// 如果没有在这里声明，则默认使用 "Authorization: Bearer ${apiKey}"
 const authHeaderMapping: Record<string, (apiKey: string) => [string, string]> = {
   gemini: (apiKey: string) => ["x-goog-api-key", apiKey],
   claude: (apiKey: string) => ["x-api-key", apiKey],
@@ -76,45 +119,12 @@ function parseTarget(urlPath: string): { provider: string; targetUrl: string } {
 // -------------------- 4. 处理密钥池与轮询索引 --------------------
 async function getKeyPool(provider: string): Promise<string[]> {
-  const envKeyName = `${provider.toUpperCase()}_KEYS`; // 环境变量名通常大写，这里统一为大写
   const keyPoolStr = Deno.env.get(envKeyName);
   if (!keyPoolStr) return [];
   return keyPoolStr.split(",").map((k) => k.trim()).filter((k) => k.length > 0);
 }
-/**
- * 改造后的函数：
- * 使用 Web Locks API 原子性地获取并递增轮询索引。
- * 这可以防止并发请求时多个请求拿到同一个索引。
- * @param provider - 服务商名称
- * @param length - 密钥池的长度
- * @returns 将用于当前请求的索引
- */
-async function getAndIncrementRotationIndex(
-  provider: string,
-  length: number,
-): Promise<number> {
-  // 使用 provider 名称作为锁的唯一标识符
-  const lockName = `key-rotation-lock-${provider}`;
-  // navigator.locks.request 会确保回调函数中的代码以原子方式执行
-  // 对于同一个 lockName，一次只有一个回调可以运行
-  return await navigator.locks.request(lockName, () => {
-    // 从内存 Map 中获取当前索引，如果不存在则默认为 0
-    const currentIndex = rotationIndexes.get(provider) ?? 0;
-    // 计算下一个索引
-    const nextIndex = (currentIndex + 1) % length;
-    // 将新索引存回 Map
-    rotationIndexes.set(provider, nextIndex);
-    // 返回当前请求应该使用的索引
-    return currentIndex;
-  });
-}
 // -------------------- 5. 传入请求头鉴权 --------------------
 function extractInboundAuthKey(
   request: Request,
@@ -134,17 +144,14 @@ function extractInboundAuthKey(
 }
 function checkInboundAuth(request: Request, provider: string): boolean {
-  const envAuthKey = Deno.env.get("AUTH_KEY"); // 环境变量名通常大写
-  console.log(envAuthKey)
   if (!envAuthKey) {
-    // 未在环境变量中配置 authKey 者无法执行鉴权流程，视作鉴权失败
     return false;
   }
   const inboundKey = extractInboundAuthKey(request, provider);
   if (inboundKey === envAuthKey) {
     return true;
   }
-  // 当 Gemini 有关的请求无法通过 "x-goog-api-key" 头完成鉴权时，尝试通过 url 中的参数 key 鉴权
   if (provider === "gemini") {
     const url = new URL(request.url);
     const keyParam = url.searchParams.get("key");
@@ -158,7 +165,6 @@ serve(async (request: Request) => {
   const url = new URL(request.url);
   const pathname = url.pathname + url.search;
-  // 特殊路由：根路径, /robots.txt
   if (pathname === "/" || pathname === "/index.html") {
     return new Response("Service is running!", {
       status: 200,
@@ -172,14 +178,12 @@ serve(async (request: Request) => {
     });
   }
-  // 解析目标地址，判断是否启用密钥轮询
   let { provider, targetUrl } = parseTarget(pathname);
   if (!targetUrl) {
     return new Response("无效路径: " + pathname, { status: 404 });
   }
   const rotationEnabled = rotationConfig[provider] ?? false;
-  // 过滤敏感请求头
   const headers = new Headers();
   for (const [key, value] of request.headers.entries()) {
     if (isAllowedHeader(key)) {
@@ -187,7 +191,6 @@ serve(async (request: Request) => {
     }
   }
-  // -------------------- 无需轮询者直接转发 --------------------
   if (!rotationEnabled) {
     try {
       return await fetch(targetUrl, {
@@ -203,7 +206,6 @@ serve(async (request: Request) => {
     }
   }
-  // -------------------- 需轮询者，鉴权后重新构造请求头与转发 --------------------
   if (!checkInboundAuth(request, provider)) {
     return new Response("轮询模式：脚本鉴权未通过", { status: 401 });
   }
@@ -215,22 +217,18 @@ serve(async (request: Request) => {
     });
   }
-  // 移除原有的鉴权请求头
   headers.delete("Authorization");
   headers.delete("x-api-key");
   headers.delete("x-goog-api-key");
-  // 轮询模式代理 Gemini 时，删去 URL 中的参数 key
   if (provider === "gemini") {
     const targetUrlObj = new URL(targetUrl);
     targetUrlObj.searchParams.delete("key");
     targetUrl = targetUrlObj.toString();
   }
-  // 读取并更新内存中的轮询索引，确定使用的密钥
   let currentIndex: number;
   try {
-    // 调用改造后的函数
     currentIndex = await getAndIncrementRotationIndex(provider, keyPool.length);
   } catch (err) {
     return new Response(`轮询模式：密钥轮询索引更新失败: ${err.message}`, {
@@ -239,7 +237,6 @@ serve(async (request: Request) => {
   }
   const apiKey = keyPool[currentIndex];
-  // 根据 authHeaderMapping 确定目标格式，构造新的鉴权请求头
   const buildAuthHeader = authHeaderMapping[provider];
   let authHeaderKey = "Authorization";
   let authHeaderValue = `Bearer ${apiKey}`;
@@ -248,7 +245,6 @@ serve(async (request: Request) => {
   }
   headers.set(authHeaderKey, authHeaderValue);
-  // 发起请求
   try {
     return await fetch(targetUrl, {
       method: request.method,

 import { serve } from "https://deno.land/std@0.178.0/http/server.ts";
+// -------------------- 改造部分：使用内存 Map 和自定义的异步锁 --------------------
 // 使用一个 Map 在内存中存储每个 provider 的轮询索引
 const rotationIndexes = new Map<string, number>();
+// 使用一个 Set 来实现一个简单的 provider 锁，防止并发更新时的竞态条件
+const providerLocks = new Set<string>();
+/**
+ * 延时函数
+ * @param ms 毫秒数
+ */
+const delay = (ms: number) => new Promise(res => setTimeout(res, ms));
+/**
+ * 改造后的函数 v2：
+ * 使用自定义的异步锁来原子性地获取并递增轮询索引。
+ * 这可以防止并发请求时多个请求拿到同一个索引。
+ * @param provider - 服务商名称
+ * @param length - 密钥池的长度
+ * @returns 将用于当前请求的索引
+ */
+async function getAndIncrementRotationIndex(
+  provider: string,
+  length: number,
+): Promise<number> {
+  // 1. 等待获取锁
+  // 当 provider 在锁集合中时，持续等待
+  while (providerLocks.has(provider)) {
+    await delay(10); // 等待10毫秒后重试，避免CPU空转
+  }
+  try {
+    // 2. 成功获取锁
+    providerLocks.add(provider);
+    // --- 临界区开始 (Critical Section) ---
+    // 这部分代码在同一时间只允许一个请求为同一个 provider 执行
+    const currentIndex = rotationIndexes.get(provider) ?? 0;
+    const nextIndex = (currentIndex + 1) % length;
+    rotationIndexes.set(provider, nextIndex);
+    // --- 临界区结束 ---
+    return currentIndex;
+  } finally {
+    // 3. 释放锁
+    // 无论 try 块中是否发生错误，都必须释放锁，否则会造成死锁
+    providerLocks.delete(provider);
+  }
+}
 // -------------------- 改造部分结束 --------------------
   "/telegram": "https://api.telegram.org",
 };
+// 密钥轮询配置
 const rotationConfig: Record<string, boolean> = {
   gemini: true,
   groq: true,
   openrouter: true
 };
+// 鉴权请求头格式声明
 const authHeaderMapping: Record<string, (apiKey: string) => [string, string]> = {
   gemini: (apiKey: string) => ["x-goog-api-key", apiKey],
   claude: (apiKey: string) => ["x-api-key", apiKey],
 // -------------------- 4. 处理密钥池与轮询索引 --------------------
 async function getKeyPool(provider: string): Promise<string[]> {
+  const envKeyName = `${provider.toUpperCase()}_KEYS`;
   const keyPoolStr = Deno.env.get(envKeyName);
   if (!keyPoolStr) return [];
   return keyPoolStr.split(",").map((k) => k.trim()).filter((k) => k.length > 0);
 }
 // -------------------- 5. 传入请求头鉴权 --------------------
 function extractInboundAuthKey(
   request: Request,
 }
 function checkInboundAuth(request: Request, provider: string): boolean {
+  const envAuthKey = Deno.env.get("AUTH_KEY");
   if (!envAuthKey) {
     return false;
   }
   const inboundKey = extractInboundAuthKey(request, provider);
   if (inboundKey === envAuthKey) {
     return true;
   }
   if (provider === "gemini") {
     const url = new URL(request.url);
     const keyParam = url.searchParams.get("key");
   const url = new URL(request.url);
   const pathname = url.pathname + url.search;
   if (pathname === "/" || pathname === "/index.html") {
     return new Response("Service is running!", {
       status: 200,
     });
   }
   let { provider, targetUrl } = parseTarget(pathname);
   if (!targetUrl) {
     return new Response("无效路径: " + pathname, { status: 404 });
   }
   const rotationEnabled = rotationConfig[provider] ?? false;
   const headers = new Headers();
   for (const [key, value] of request.headers.entries()) {
     if (isAllowedHeader(key)) {
     }
   }
   if (!rotationEnabled) {
     try {
       return await fetch(targetUrl, {
     }
   }
   if (!checkInboundAuth(request, provider)) {
     return new Response("轮询模式：脚本鉴权未通过", { status: 401 });
   }
     });
   }
   headers.delete("Authorization");
   headers.delete("x-api-key");
   headers.delete("x-goog-api-key");
   if (provider === "gemini") {
     const targetUrlObj = new URL(targetUrl);
     targetUrlObj.searchParams.delete("key");
     targetUrl = targetUrlObj.toString();
   }
   let currentIndex: number;
   try {
     currentIndex = await getAndIncrementRotationIndex(provider, keyPool.length);
   } catch (err) {
     return new Response(`轮询模式：密钥轮询索引更新失败: ${err.message}`, {
   }
   const apiKey = keyPool[currentIndex];
   const buildAuthHeader = authHeaderMapping[provider];
   let authHeaderKey = "Authorization";
   let authHeaderValue = `Bearer ${apiKey}`;
   }
   headers.set(authHeaderKey, authHeaderValue);
   try {
     return await fetch(targetUrl, {
       method: request.method,