import express from 'express'; import cors from 'cors'; import rateLimit from 'express-rate-limit'; import { Readable } from 'stream'; const app = express(); const PORT = 7860; // --- CONFIGURACIÓN DE SEGURIDAD Y PRIVACIDAD --- app.set('trust proxy', 1); app.disable('x-powered-by'); // Oculta que estamos usando Express app.use(cors()); // Inyección de cabeceras de seguridad estándar app.use((req, res, next) => { res.setHeader('X-Content-Type-Options', 'nosniff'); res.setHeader('X-Frame-Options', 'DENY'); res.setHeader('X-XSS-Protection', '1; mode=block'); res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'); res.setHeader('Referrer-Policy', 'no-referrer'); // Protege la privacidad del origen next(); }); // Aumentar límite a 50mb para soportar imágenes en Base64 (Visión / Multimodal) app.use(express.json({ limit: '50mb' })); app.use(express.urlencoded({ limit: '50mb', extended: true })); // --- FUNCIÓN DE LOGS (Sanitizada) --- function logError(providerId, reason) { const timestamp = new Date().toISOString(); // No guardamos IPs ni prompts de usuarios, solo el estado de nuestros proveedores console.error(`[${timestamp}] [ERROR] Proveedor: ${providerId} | Motivo: ${reason}`); } // --- CONFIGURACIÓN DE PROVEEDORES --- const PROVIDERS = [ { id: "llm7", url: "https://api.llm7.io/v1/chat/completions" }, { id: "airforce", url: "https://api.airforce/v1/chat/completions", imageUrl: "https://api.airforce/v1/images/generations" }, { id: "ventarys-mirror", url: "https://ventarys-mirror-1.hf.space/v1/chat/completions", proxySecret: "sk-52650650a50f0v10vg150vs0v" } ]; const MAX_PER_PROVIDER = 3; const QUEUE_TIMEOUT = 25000; let currentLoad = { "llm7": 0, "airforce": 0, "ventarys-mirror": 0 }; // --- RATE LIMITING (Basado en la IP real del usuario) --- const limiter = rateLimit({ windowMs: 60 * 1000, max: 25, keyGenerator: (req) => req.ip, message: { error: { message: "Límite de solicitudes alcanzado. Por favor, espera un momento.", code: 429 } }, standardHeaders: true, legacyHeaders: false, }); // --- AYUDANTES PARA FILTRAR MODELOS --- const IMAGE_KEYWORDS = ["flux", "dall", "midjourney", "sdxl", "stable-diffusion", "image", "vision"]; const AUDIO_KEYWORDS = ["suno", "udio", "music", "audio", "song", "voice", "tts"]; function isImageModel(model) { if (!model) return false; if (model.type === 'image' || model.supports_images === true) return true; const id = (model.id || model.name || "").toLowerCase(); return IMAGE_KEYWORDS.some(kw => id.includes(kw)); } function isAudioModel(model) { if (model.type === 'audio' || model.type === 'music') return true; const id = (model.id || model.name || "").toLowerCase(); return AUDIO_KEYWORDS.some(kw => id.includes(kw)); } async function fetchAllModels() { const fetchPromises = PROVIDERS.map(async (provider) => { const modelsUrl = provider.modelsUrl || provider.url.replace("/chat/completions", "/models"); const fetchHeaders = { "Content-Type": "application/json" }; if (provider.apiKey) fetchHeaders["Authorization"] = `Bearer ${provider.apiKey}`; if (provider.proxySecret) fetchHeaders["X-Proxy-Secret"] = provider.proxySecret; try { const resp = await fetch(modelsUrl, { method: "GET", headers: fetchHeaders }); if (!resp.ok) return []; const json = await resp.json(); let modelsArray = []; if (Array.isArray(json)) modelsArray = json; else if (json && Array.isArray(json.data)) modelsArray = json.data; if (modelsArray.length > 0) { return modelsArray // 1. Filtrar modelos de audio/música .filter(model => !isAudioModel(model)) // 2. CRÍTICO: Permitir estrictamente modelos con precio 0 (si la API reporta el precio) .filter(model => { if (model.pricepermilliontokens !== undefined && model.pricepermilliontokens !== null) { return model.pricepermilliontokens === 0; } // Si el proveedor (ej. llm7) no envía el campo de precio, lo asumimos como válido return true; }) // 3. Procesar y formatear campos .map(model => ({ ...model, id: model.id || model.name, owned_by: provider.id })); } return []; } catch (error) { return []; } }); const results = await Promise.allSettled(fetchPromises); let allModels = []; results.forEach(result => { if (result.status === "fulfilled") allModels = allModels.concat(result.value); }); return allModels; } // --- RUTAS INFORMATIVAS --- app.get('/health', (req, res) => { res.json({ status: "online", type: "hf-node-proxy", providers: PROVIDERS.map(p => p.id), current_load: currentLoad }); }); // Endpoint para modelos de TEXTO app.get('/v1/models', async (req, res) => { try { const allModels = await fetchAllModels(); const textModels = allModels .filter(m => !isImageModel(m) && m.supports_chat !== false) .map(m => { m.type = 'text'; return m; }); res.json({ object: "list", data: textModels }); } catch (error) { logError("ProxyMain", "Error recuperando modelos de texto."); res.status(500).json({ error: "No se pudieron recuperar los modelos." }); } }); // Endpoint para modelos de IMAGEN app.get('/v1/images/models', async (req, res) => { try { const allModels = await fetchAllModels(); let imageModels = allModels .filter(m => isImageModel(m)) .map(m => { m.type = 'image'; return m; }); const baseImages = [ { id: "flux", object: "model", type: "image", owned_by: "system", tier: "standard" }, { id: "dall-e-3", object: "model", type: "image", owned_by: "system", tier: "standard" } ]; baseImages.forEach(baseMod => { if (!imageModels.find(m => m.id.toLowerCase() === baseMod.id)) { imageModels.push(baseMod); } }); res.json({ object: "list", data: imageModels }); } catch (error) { logError("ProxyMain", "Error recuperando modelos de imagen."); res.status(500).json({ error: "No se pudieron recuperar los modelos." }); } }); // --- RUTA PRINCIPAL DE GENERACIÓN --- app.post(['/v1/chat/completions', '/v1/images/generations'], limiter, async (req, res) => { const isImage = req.path === '/v1/images/generations'; let availableProviders = isImage ? PROVIDERS.filter(p => p.imageUrl) : [...PROVIDERS]; const startTime = Date.now(); let responseSent = false; while (availableProviders.length > 0 && Date.now() - startTime < QUEUE_TIMEOUT) { let selectedProvider = null; let shuffled = [...availableProviders].sort(() => Math.random() - 0.5); for (let provider of shuffled) { if (currentLoad[provider.id] < MAX_PER_PROVIDER) { selectedProvider = provider; currentLoad[provider.id]++; break; } } if (!selectedProvider) { await new Promise(r => setTimeout(r, 1500)); continue; } let isReleased = false; const releaseSlot = () => { if (!isReleased) { currentLoad[selectedProvider.id] = Math.max(0, currentLoad[selectedProvider.id] - 1); isReleased = true; } }; try { let targetUrl = isImage ? selectedProvider.imageUrl : selectedProvider.url; let reqMethod = "POST"; let reqBody = JSON.stringify(req.body); const fetchHeaders = { "Content-Type": "application/json" }; if (selectedProvider.apiKey) fetchHeaders["Authorization"] = `Bearer ${selectedProvider.apiKey}`; if (selectedProvider.proxySecret) fetchHeaders["X-Proxy-Secret"] = selectedProvider.proxySecret; const response = await fetch(targetUrl, { method: reqMethod, headers: fetchHeaders, body: reqBody }); if (!response.ok) { logError(selectedProvider.id, `Fallo con código HTTP ${response.status}`); releaseSlot(); availableProviders = availableProviders.filter(p => p.id !== selectedProvider.id); continue; } // Sanitización: Evitar devolver cookies o cabeceras de servidor del proveedor original const responseHeaders = new Headers(response.headers); responseHeaders.delete('set-cookie'); responseHeaders.delete('server'); responseHeaders.delete('x-powered-by'); responseHeaders.delete('cf-ray'); if (isImage) { const contentType = responseHeaders.get("content-type") || ""; if (contentType.includes("application/json")) { const jsonResp = await response.json(); let dataArray = jsonResp.data; if (!dataArray && jsonResp.url) { dataArray = [{ url: jsonResp.url }]; } if (dataArray && Array.isArray(dataArray)) { for (let item of dataArray) { if (item.url && !item.b64_json) { try { const imgRes = await fetch(item.url); const arrayBuffer = await imgRes.arrayBuffer(); item.b64_json = Buffer.from(arrayBuffer).toString('base64'); delete item.url; } catch (e) { logError(selectedProvider.id, `Fallo convitiendo URL a Base64.`); } } } releaseSlot(); responseSent = true; return res.status(response.status).json({ created: Math.floor(Date.now() / 1000), data: dataArray }); } releaseSlot(); responseSent = true; return res.status(response.status).json(jsonResp); } else if (contentType.includes("image/")) { const arrayBuffer = await response.arrayBuffer(); const b64 = Buffer.from(arrayBuffer).toString('base64'); releaseSlot(); responseSent = true; return res.status(200).json({ created: Math.floor(Date.now() / 1000), data: [{ b64_json: b64 }] }); } else { const textResp = await response.text(); releaseSlot(); responseSent = true; return res.status(response.status).type(contentType).send(textResp); } } // Streaming (Texto) res.writeHead(response.status, { 'Content-Type': responseHeaders.get('content-type') || 'text/event-stream', 'Cache-Control': 'no-cache', 'Connection': 'keep-alive' }); if (response.body) { const stream = Readable.fromWeb(response.body); stream.pipe(res); stream.on('end', releaseSlot); stream.on('error', (err) => { logError(selectedProvider.id, `Stream interrumpido.`); releaseSlot(); }); req.on('close', releaseSlot); } else { releaseSlot(); res.end(); } responseSent = true; return; } catch (err) { logError(selectedProvider.id, `Excepción de red conectando al upstream.`); releaseSlot(); availableProviders = availableProviders.filter(p => p.id !== selectedProvider.id); } } if (!responseSent) { logError("ProxyMain", "Todos los proveedores fallaron o se agotó el tiempo de espera."); return res.status(503).json({ error: { message: "El servicio no está disponible temporalmente. Inténtalo de nuevo.", code: 503 } }); } }); app.listen(PORT, '0.0.0.0', () => { console.log(`🚀 API Proxy (Node.js) corriendo seguro en el puerto ${PORT}`); });