v4.5.1 (#417)

2025-07-23 21:13:50 +00:00 · 2023-10-22 23:54:04 +08:00
parent 3091a90df6
commit a3534407bf
365 changed files with 7266 additions and 6055 deletions
--- a/packages/service/support/openapi/auth.ts
+++ b/packages/service/support/openapi/auth.ts
@@ -0,0 +1,32 @@
+import { ERROR_ENUM } from '@fastgpt/global/common/error/errorCode';
+import { updateApiKeyUsedTime } from './tools';
+import { MongoOpenApi } from './schema';
+import { POST } from '../../common/api/plusRequest';
+import type { OpenApiSchema } from '@fastgpt/global/support/openapi/type';
+
+export type AuthOpenApiLimitProps = { openApi: OpenApiSchema };
+
+export async function authOpenApiKey({ apikey }: { apikey: string }) {
+  if (!apikey) {
+    return Promise.reject(ERROR_ENUM.unAuthApiKey);
+  }
+
+  try {
+    const openApi = await MongoOpenApi.findOne({ apiKey: apikey });
+    if (!openApi) {
+      return Promise.reject(ERROR_ENUM.unAuthApiKey);
+    }
+    const userId = String(openApi.userId);
+
+    // auth limit
+    if (global.feConfigs?.isPlus) {
+      await POST('/support/openapi/authLimit', { openApi } as AuthOpenApiLimitProps);
+    }
+
+    updateApiKeyUsedTime(openApi._id);
+
+    return { apikey, userId, appId: openApi.appId };
+  } catch (error) {
+    return Promise.reject(error);
+  }
+}
--- a/packages/service/support/openapi/schema.ts
+++ b/packages/service/support/openapi/schema.ts
@@ -0,0 +1,59 @@
+import { connectionMongo, type Model } from '../../common/mongo';
+const { Schema, model, models } = connectionMongo;
+import type { OpenApiSchema } from '@fastgpt/global/support/openapi/type';
+import { PRICE_SCALE } from '@fastgpt/global/common/bill/constants';
+import { formatPrice } from '@fastgpt/global/common/bill/tools';
+
+const OpenApiSchema = new Schema(
+  {
+    userId: {
+      type: Schema.Types.ObjectId,
+      ref: 'user',
+      required: true
+    },
+    apiKey: {
+      type: String,
+      required: true,
+      get: (val: string) => `******${val.substring(val.length - 4)}`
+    },
+    createTime: {
+      type: Date,
+      default: () => new Date()
+    },
+    lastUsedTime: {
+      type: Date
+    },
+    appId: {
+      type: String,
+      required: false
+    },
+    name: {
+      type: String,
+      default: 'Api Key'
+    },
+    usage: {
+      // total usage. value from bill total
+      type: Number,
+      default: 0,
+      get: (val: number) => formatPrice(val)
+    },
+    limit: {
+      expiredTime: {
+        type: Date
+      },
+      credit: {
+        // value from user settings
+        type: Number,
+        default: -1,
+        set: (val: number) => val * PRICE_SCALE,
+        get: (val: number) => formatPrice(val)
+      }
+    }
+  },
+  {
+    toObject: { getters: true }
+  }
+);
+
+export const MongoOpenApi: Model<OpenApiSchema> =
+  models['openapi'] || model('openapi', OpenApiSchema);
--- a/packages/service/support/openapi/tools.ts
+++ b/packages/service/support/openapi/tools.ts
@@ -0,0 +1,18 @@
+import { MongoOpenApi } from './schema';
+
+export async function updateApiKeyUsedTime(id: string) {
+  await MongoOpenApi.findByIdAndUpdate(id, {
+    lastUsedTime: new Date()
+  });
+}
+
+export async function updateApiKeyUsage({ apikey, usage }: { apikey: string; usage: number }) {
+  await MongoOpenApi.findOneAndUpdate(
+    { apiKey: apikey },
+    {
+      $inc: {
+        usage
+      }
+    }
+  );
+}
--- a/packages/service/support/outLink/auth.ts
+++ b/packages/service/support/outLink/auth.ts
@@ -0,0 +1,68 @@
+import { AuthUserTypeEnum, authBalanceByUid } from '../user/auth';
+import { MongoOutLink } from './schema';
+import { POST } from '../../common/api/plusRequest';
+import { OutLinkSchema } from '@fastgpt/global/support/outLink/type';
+
+export type AuthLinkProps = { ip?: string | null; authToken?: string; question: string };
+export type AuthLinkLimitProps = AuthLinkProps & { outLink: OutLinkSchema };
+
+export async function authOutLinkChat({
+  shareId,
+  ip,
+  authToken,
+  question
+}: AuthLinkProps & {
+  shareId: string;
+}) {
+  // get outLink
+  const outLink = await MongoOutLink.findOne({
+    shareId
+  });
+
+  if (!outLink) {
+    return Promise.reject('分享链接无效');
+  }
+
+  const uid = String(outLink.userId);
+
+  const [user] = await Promise.all([
+    authBalanceByUid(uid), // authBalance
+    ...(global.feConfigs?.isPlus ? [authOutLinkLimit({ outLink, ip, authToken, question })] : []) // limit auth
+  ]);
+
+  return {
+    user,
+    userId: String(outLink.userId),
+    appId: String(outLink.appId),
+    authType: AuthUserTypeEnum.token,
+    responseDetail: outLink.responseDetail
+  };
+}
+
+export function authOutLinkLimit(data: AuthLinkLimitProps) {
+  return POST('/support/outLink/authLimit', data);
+}
+
+export async function authOutLinkId({ id }: { id: string }) {
+  const outLink = await MongoOutLink.findOne({
+    shareId: id
+  });
+
+  if (!outLink) {
+    return Promise.reject('分享链接无效');
+  }
+
+  return {
+    userId: String(outLink.userId)
+  };
+}
+
+export type AuthShareChatInitProps = {
+  authToken?: string;
+  tokenUrl?: string;
+};
+
+export function authShareChatInit(data: AuthShareChatInitProps) {
+  if (!global.feConfigs?.isPlus) return;
+  return POST('/support/outLink/authShareChatInit', data);
+}
--- a/packages/service/support/outLink/schema.ts
+++ b/packages/service/support/outLink/schema.ts
@@ -0,0 +1,60 @@
+import { connectionMongo, type Model } from '../../common/mongo';
+const { Schema, model, models } = connectionMongo;
+import { OutLinkSchema as SchemaType } from '@fastgpt/global/support/outLink/type';
+import { OutLinkTypeEnum } from '@fastgpt/global/support/outLink/constant';
+
+const OutLinkSchema = new Schema({
+  shareId: {
+    type: String,
+    required: true
+  },
+  userId: {
+    type: Schema.Types.ObjectId,
+    ref: 'user',
+    required: true
+  },
+  appId: {
+    type: Schema.Types.ObjectId,
+    ref: 'model',
+    required: true
+  },
+  type: {
+    type: String,
+    default: OutLinkTypeEnum.share
+  },
+  name: {
+    type: String,
+    required: true
+  },
+  total: {
+    // total amount
+    type: Number,
+    default: 0
+  },
+  lastTime: {
+    type: Date
+  },
+  responseDetail: {
+    type: Boolean,
+    default: false
+  },
+  limit: {
+    expiredTime: {
+      type: Date
+    },
+    QPM: {
+      type: Number,
+      default: 1000
+    },
+    credit: {
+      type: Number,
+      default: -1
+    },
+    hookUrl: {
+      type: String
+    }
+  }
+});
+
+export const MongoOutLink: Model<SchemaType> =
+  models['outlinks'] || model('outlinks', OutLinkSchema);
--- a/packages/service/support/outLink/tools.ts
+++ b/packages/service/support/outLink/tools.ts
@@ -0,0 +1,50 @@
+import axios from 'axios';
+import { MongoOutLink } from './schema';
+
+export const updateOutLinkUsage = async ({
+  shareId,
+  total
+}: {
+  shareId: string;
+  total: number;
+}) => {
+  try {
+    await MongoOutLink.findOneAndUpdate(
+      { shareId },
+      {
+        $inc: { total },
+        lastTime: new Date()
+      }
+    );
+  } catch (err) {
+    console.log('update shareChat error', err);
+  }
+};
+
+export const pushResult2Remote = async ({
+  authToken,
+  shareId,
+  responseData
+}: {
+  authToken?: string;
+  shareId?: string;
+  responseData?: any[];
+}) => {
+  if (!shareId || !authToken) return;
+  try {
+    const outLink = await MongoOutLink.findOne({
+      shareId
+    });
+    if (!outLink?.limit?.hookUrl) return;
+
+    axios({
+      method: 'post',
+      baseURL: outLink.limit.hookUrl,
+      url: '/shareAuth/finish',
+      data: {
+        token: authToken,
+        responseData
+      }
+    });
+  } catch (error) {}
+};
--- a/packages/service/support/user/auth.ts
+++ b/packages/service/support/user/auth.ts
@@ -0,0 +1,206 @@
+import type { NextApiResponse, NextApiRequest } from 'next';
+import Cookie from 'cookie';
+import jwt from 'jsonwebtoken';
+import { authOpenApiKey } from '../openapi/auth';
+import { authOutLinkId } from '../outLink/auth';
+import { MongoUser } from './schema';
+import type { UserModelSchema } from '@fastgpt/global/support/user/type';
+import { ERROR_ENUM } from '@fastgpt/global/common/error/errorCode';
+
+export enum AuthUserTypeEnum {
+  token = 'token',
+  root = 'root',
+  apikey = 'apikey',
+  outLink = 'outLink'
+}
+
+/* auth balance */
+export const authBalanceByUid = async (uid: string) => {
+  const user = await MongoUser.findById<UserModelSchema>(
+    uid,
+    '_id username balance openaiAccount timezone'
+  );
+  if (!user) {
+    return Promise.reject(ERROR_ENUM.unAuthorization);
+  }
+
+  if (user.balance <= 0) {
+    return Promise.reject(ERROR_ENUM.insufficientQuota);
+  }
+  return user;
+};
+
+/* uniform auth user */
+export const authUser = async ({
+  req,
+  authToken = false,
+  authRoot = false,
+  authApiKey = false,
+  authBalance = false,
+  authOutLink
+}: {
+  req: NextApiRequest;
+  authToken?: boolean;
+  authRoot?: boolean;
+  authApiKey?: boolean;
+  authBalance?: boolean;
+  authOutLink?: boolean;
+}) => {
+  const authCookieToken = async (cookie?: string, token?: string): Promise<string> => {
+    // 获取 cookie
+    const cookies = Cookie.parse(cookie || '');
+    const cookieToken = cookies.token || token;
+
+    if (!cookieToken) {
+      return Promise.reject(ERROR_ENUM.unAuthorization);
+    }
+
+    return await authJWT(cookieToken);
+  };
+  // from authorization get apikey
+  const parseAuthorization = async (authorization?: string) => {
+    if (!authorization) {
+      return Promise.reject(ERROR_ENUM.unAuthorization);
+    }
+
+    // Bearer fastgpt-xxxx-appId
+    const auth = authorization.split(' ')[1];
+    if (!auth) {
+      return Promise.reject(ERROR_ENUM.unAuthorization);
+    }
+
+    const { apikey, appId: authorizationAppid = '' } = await (async () => {
+      const arr = auth.split('-');
+      // abandon
+      if (arr.length === 3) {
+        return {
+          apikey: `${arr[0]}-${arr[1]}`,
+          appId: arr[2]
+        };
+      }
+      if (arr.length === 2) {
+        return {
+          apikey: auth
+        };
+      }
+      return Promise.reject(ERROR_ENUM.unAuthorization);
+    })();
+
+    // auth apikey
+    const { userId, appId: apiKeyAppId = '' } = await authOpenApiKey({ apikey });
+
+    return {
+      uid: userId,
+      apikey,
+      appId: apiKeyAppId || authorizationAppid
+    };
+  };
+  // root user
+  const parseRootKey = async (rootKey?: string, userId = '') => {
+    if (!rootKey || !process.env.ROOT_KEY || rootKey !== process.env.ROOT_KEY) {
+      return Promise.reject(ERROR_ENUM.unAuthorization);
+    }
+    return userId;
+  };
+
+  const { cookie, token, apikey, rootkey, userid, authorization } = (req.headers || {}) as {
+    cookie?: string;
+    token?: string;
+    apikey?: string;
+    rootkey?: string; // abandon
+    userid?: string;
+    authorization?: string;
+  };
+  const { shareId } = (req?.body || {}) as { shareId?: string };
+
+  let uid = '';
+  let appId = '';
+  let openApiKey = apikey;
+  let authType: `${AuthUserTypeEnum}` = AuthUserTypeEnum.token;
+
+  if (authOutLink && shareId) {
+    const res = await authOutLinkId({ id: shareId });
+    uid = res.userId;
+    authType = AuthUserTypeEnum.outLink;
+  } else if (authToken && (cookie || token)) {
+    // user token(from fastgpt web)
+    uid = await authCookieToken(cookie, token);
+    authType = AuthUserTypeEnum.token;
+  } else if (authRoot && rootkey) {
+    // root user
+    uid = await parseRootKey(rootkey, userid);
+    authType = AuthUserTypeEnum.root;
+  } else if (authApiKey && apikey) {
+    // apikey
+    const parseResult = await authOpenApiKey({ apikey });
+    uid = parseResult.userId;
+    authType = AuthUserTypeEnum.apikey;
+    openApiKey = parseResult.apikey;
+  } else if (authApiKey && authorization) {
+    // apikey from authorization
+    const authResponse = await parseAuthorization(authorization);
+    uid = authResponse.uid;
+    appId = authResponse.appId;
+    openApiKey = authResponse.apikey;
+    authType = AuthUserTypeEnum.apikey;
+  }
+
+  // not rootUser and no uid, reject request
+  if (!rootkey && !uid) {
+    return Promise.reject(ERROR_ENUM.unAuthorization);
+  }
+
+  // balance check
+  const user = await (() => {
+    if (authBalance) {
+      return authBalanceByUid(uid);
+    }
+  })();
+
+  return {
+    userId: String(uid),
+    appId,
+    authType,
+    user,
+    apikey: openApiKey
+  };
+};
+
+/* 生成 token */
+export function generateToken(userId: string) {
+  const key = process.env.TOKEN_KEY as string;
+  const token = jwt.sign(
+    {
+      userId,
+      exp: Math.floor(Date.now() / 1000) + 60 * 60 * 24 * 7
+    },
+    key
+  );
+  return token;
+}
+// auth token
+export function authJWT(token: string) {
+  return new Promise<string>((resolve, reject) => {
+    const key = process.env.TOKEN_KEY as string;
+
+    jwt.verify(token, key, function (err, decoded: any) {
+      if (err || !decoded?.userId) {
+        reject(ERROR_ENUM.unAuthorization);
+        return;
+      }
+      resolve(decoded.userId);
+    });
+  });
+}
+
+/* set cookie */
+export const setCookie = (res: NextApiResponse, token: string) => {
+  res.setHeader(
+    'Set-Cookie',
+    `token=${token}; Path=/; HttpOnly; Max-Age=604800; Samesite=None; Secure;`
+  );
+};
+/* clear cookie */
+export const clearCookie = (res: NextApiResponse) => {
+  res.setHeader('Set-Cookie', 'token=; Path=/; Max-Age=0');
+};
--- a/packages/service/support/user/schema.ts
+++ b/packages/service/support/user/schema.ts
@@ -0,0 +1,63 @@
+import { connectionMongo, type Model } from '../../common/mongo';
+const { Schema, model, models } = connectionMongo;
+import { hashStr } from '@fastgpt/global/common/string/tools';
+import { PRICE_SCALE } from '@fastgpt/global/common/bill/constants';
+import type { UserModelSchema } from '@fastgpt/global/support/user/type';
+
+const UserSchema = new Schema({
+  username: {
+    // 可以是手机/邮箱，新的验证都只用手机
+    type: String,
+    required: true,
+    unique: true // 唯一
+  },
+  password: {
+    type: String,
+    required: true,
+    set: (val: string) => hashStr(val),
+    get: (val: string) => hashStr(val),
+    select: false
+  },
+  createTime: {
+    type: Date,
+    default: () => new Date()
+  },
+  avatar: {
+    type: String,
+    default: '/icon/human.svg'
+  },
+  balance: {
+    type: Number,
+    default: 2 * PRICE_SCALE
+  },
+  inviterId: {
+    // 谁邀请注册的
+    type: Schema.Types.ObjectId,
+    ref: 'user'
+  },
+  promotionRate: {
+    type: Number,
+    default: 15
+  },
+  limit: {
+    exportKbTime: {
+      // Every half hour
+      type: Date
+    },
+    datasetMaxCount: {
+      type: Number
+    }
+  },
+  openaiAccount: {
+    type: {
+      key: String,
+      baseUrl: String
+    }
+  },
+  timezone: {
+    type: String,
+    default: 'Asia/Shanghai'
+  }
+});
+
+export const MongoUser: Model<UserModelSchema> = models['user'] || model('user', UserSchema);