mirror of
https://github.com/decolua/9router.git
synced 2026-05-08 12:01:28 +00:00
Fix MITM on window
This commit is contained in:
decolua
@@ -17,6 +17,7 @@ function convertMessages(messages, tools, model) {
|
||||
let pendingUserContent = [];
|
||||
let pendingAssistantContent = [];
|
||||
let pendingToolResults = [];
|
||||
let pendingImages = [];
|
||||
let currentRole = null;
|
||||
|
||||
const flushPending = () => {
|
||||
@@ -28,7 +29,12 @@ function convertMessages(messages, tools, model) {
|
||||
modelId: ""
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
// Attach images if present (Kiro API supports images field)
|
||||
if (pendingImages.length > 0) {
|
||||
userMsg.userInputMessage.images = pendingImages;
|
||||
}
|
||||
|
||||
if (pendingToolResults.length > 0) {
|
||||
userMsg.userInputMessage.userInputMessageContext = {
|
||||
toolResults: pendingToolResults
|
||||
@@ -64,6 +70,7 @@ function convertMessages(messages, tools, model) {
|
||||
currentMessage = userMsg;
|
||||
pendingUserContent = [];
|
||||
pendingToolResults = [];
|
||||
pendingImages = [];
|
||||
} else if (currentRole === "assistant") {
|
||||
const content = pendingAssistantContent.join("\n\n").trim() || "...";
|
||||
const assistantMsg = {
|
||||
@@ -97,9 +104,24 @@ function convertMessages(messages, tools, model) {
|
||||
if (typeof msg.content === "string") {
|
||||
content = msg.content;
|
||||
} else if (Array.isArray(msg.content)) {
|
||||
const textParts = msg.content
|
||||
.filter(c => c.type === "text" || c.text)
|
||||
.map(c => c.text || "");
|
||||
const textParts = [];
|
||||
for (const c of msg.content) {
|
||||
if (c.type === "text" || c.text) {
|
||||
textParts.push(c.text || "");
|
||||
} else if (c.type === "image_url") {
|
||||
const url = c.image_url?.url || "";
|
||||
const base64Match = url.match(/^data:([^;]+);base64,(.+)$/);
|
||||
if (base64Match) {
|
||||
// Extract format from media type (e.g. "image/png" → "png")
|
||||
const mediaType = base64Match[1];
|
||||
const format = mediaType.split("/")[1] || mediaType;
|
||||
pendingImages.push({ format, source: { bytes: base64Match[2] } });
|
||||
} else if (url.startsWith("http://") || url.startsWith("https://")) {
|
||||
// Kiro images field only supports base64 — fallback to URL text
|
||||
textParts.push(`[Image: ${url}]`);
|
||||
}
|
||||
}
|
||||
}
|
||||
content = textParts.join("\n");
|
||||
|
||||
// Check for tool_result blocks
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "9router-app",
|
||||
"version": "0.3.1",
|
||||
"version": "0.3.16",
|
||||
"description": "9Router web dashboard",
|
||||
"private": true,
|
||||
"scripts": {
|
||||
|
||||
@@ -240,7 +240,23 @@ export default function AntigravityToolCard({
|
||||
|
||||
{isExpanded && (
|
||||
<div className="mt-4 pt-4 border-t border-border flex flex-col gap-4">
|
||||
{/* Start/Stop Button - always on top */}
|
||||
{/* Status indicators */}
|
||||
<div className="flex items-center gap-3">
|
||||
{[
|
||||
{ label: "DNS", ok: status?.dnsConfigured },
|
||||
{ label: "Cert", ok: status?.certExists },
|
||||
{ label: "Server", ok: status?.running },
|
||||
].map(({ label, ok }) => (
|
||||
<div key={label} className="flex items-center gap-1">
|
||||
<span className={`material-symbols-outlined text-[14px] ${ok ? "text-green-500" : "text-text-muted"}`}>
|
||||
{ok ? "check_circle" : "radio_button_unchecked"}
|
||||
</span>
|
||||
<span className={`text-xs ${ok ? "text-green-500" : "text-text-muted"}`}>{label}</span>
|
||||
</div>
|
||||
))}
|
||||
</div>
|
||||
|
||||
{/* Start/Stop Button */}
|
||||
<div className="flex items-center gap-2">
|
||||
{isRunning ? (
|
||||
<button
|
||||
|
||||
@@ -26,6 +26,7 @@ export default function ProviderDetailPage() {
|
||||
const [headerImgError, setHeaderImgError] = useState(false);
|
||||
const [modelTestResults, setModelTestResults] = useState({});
|
||||
const [testingModels, setTestingModels] = useState(false);
|
||||
const [showAddCustomModel, setShowAddCustomModel] = useState(false);
|
||||
const { copied, copy } = useCopyToClipboard();
|
||||
|
||||
const providerInfo = providerNode
|
||||
@@ -307,9 +308,21 @@ export default function ProviderDetailPage() {
|
||||
/>
|
||||
);
|
||||
}
|
||||
if (models.length === 0) {
|
||||
return <p className="text-sm text-text-muted">No models configured</p>;
|
||||
}
|
||||
// Custom models added by user (stored as aliases: modelId → providerAlias/modelId)
|
||||
const customModels = Object.entries(modelAliases)
|
||||
.filter(([alias, fullModel]) => {
|
||||
const prefix = `${providerStorageAlias}/`;
|
||||
if (!fullModel.startsWith(prefix)) return false;
|
||||
const modelId = fullModel.slice(prefix.length);
|
||||
// Only show if not already in hardcoded list
|
||||
return !models.some((m) => m.id === modelId) && alias === modelId;
|
||||
})
|
||||
.map(([alias, fullModel]) => ({
|
||||
id: fullModel.slice(`${providerStorageAlias}/`.length),
|
||||
alias,
|
||||
fullModel,
|
||||
}));
|
||||
|
||||
return (
|
||||
<div className="flex flex-wrap gap-3">
|
||||
{models.map((model) => {
|
||||
@@ -332,6 +345,30 @@ export default function ProviderDetailPage() {
|
||||
/>
|
||||
);
|
||||
})}
|
||||
|
||||
{/* Custom models inline */}
|
||||
{customModels.map((model) => (
|
||||
<ModelRow
|
||||
key={model.id}
|
||||
model={{ id: model.id }}
|
||||
fullModel={`${providerDisplayAlias}/${model.id}`}
|
||||
alias={model.alias}
|
||||
copied={copied}
|
||||
onCopy={copy}
|
||||
onSetAlias={() => {}}
|
||||
onDeleteAlias={() => handleDeleteAlias(model.alias)}
|
||||
isCustom
|
||||
/>
|
||||
))}
|
||||
|
||||
{/* Add model button — inline, same style as model chips */}
|
||||
<button
|
||||
onClick={() => setShowAddCustomModel(true)}
|
||||
className="flex items-center gap-1.5 px-3 py-2 rounded-lg border border-dashed border-black/15 dark:border-white/15 text-xs text-text-muted hover:text-primary hover:border-primary/40 transition-colors"
|
||||
>
|
||||
<span className="material-symbols-outlined text-sm">add</span>
|
||||
Add Model
|
||||
</button>
|
||||
</div>
|
||||
);
|
||||
};
|
||||
@@ -526,7 +563,8 @@ export default function ProviderDetailPage() {
|
||||
<Button
|
||||
size="sm"
|
||||
variant="secondary"
|
||||
icon={testingModels ? "progress_activity" : "science"}
|
||||
icon="science"
|
||||
loading={testingModels}
|
||||
onClick={handleTestModels}
|
||||
disabled={testingModels}
|
||||
>
|
||||
@@ -584,11 +622,23 @@ export default function ProviderDetailPage() {
|
||||
isAnthropic={isAnthropicCompatible}
|
||||
/>
|
||||
)}
|
||||
{!isCompatible && !providerInfo?.passthroughModels && (
|
||||
<AddCustomModelModal
|
||||
isOpen={showAddCustomModel}
|
||||
providerAlias={providerStorageAlias}
|
||||
providerDisplayAlias={providerDisplayAlias}
|
||||
onSave={async (modelId) => {
|
||||
await handleSetAlias(modelId, modelId, providerStorageAlias);
|
||||
setShowAddCustomModel(false);
|
||||
}}
|
||||
onClose={() => setShowAddCustomModel(false)}
|
||||
/>
|
||||
)}
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
function ModelRow({ model, fullModel, alias, copied, onCopy, testStatus }) {
|
||||
function ModelRow({ model, fullModel, alias, copied, onCopy, testStatus, isCustom, onDeleteAlias }) {
|
||||
const borderColor = testStatus === "ok"
|
||||
? "border-green-500/40"
|
||||
: testStatus === "error"
|
||||
@@ -602,7 +652,7 @@ function ModelRow({ model, fullModel, alias, copied, onCopy, testStatus }) {
|
||||
: undefined;
|
||||
|
||||
return (
|
||||
<div className={`flex items-center gap-2 px-3 py-2 rounded-lg border ${borderColor} hover:bg-sidebar/50`}>
|
||||
<div className={`group flex items-center gap-2 px-3 py-2 rounded-lg border ${borderColor} hover:bg-sidebar/50`}>
|
||||
<span
|
||||
className="material-symbols-outlined text-base"
|
||||
style={iconColor ? { color: iconColor } : undefined}
|
||||
@@ -619,6 +669,15 @@ function ModelRow({ model, fullModel, alias, copied, onCopy, testStatus }) {
|
||||
{copied === `model-${model.id}` ? "check" : "content_copy"}
|
||||
</span>
|
||||
</button>
|
||||
{isCustom && (
|
||||
<button
|
||||
onClick={onDeleteAlias}
|
||||
className="p-0.5 hover:bg-red-500/10 rounded text-text-muted hover:text-red-500 opacity-0 group-hover:opacity-100 transition-opacity ml-auto"
|
||||
title="Remove custom model"
|
||||
>
|
||||
<span className="material-symbols-outlined text-sm">close</span>
|
||||
</button>
|
||||
)}
|
||||
</div>
|
||||
);
|
||||
}
|
||||
@@ -632,6 +691,8 @@ ModelRow.propTypes = {
|
||||
copied: PropTypes.string,
|
||||
onCopy: PropTypes.func.isRequired,
|
||||
testStatus: PropTypes.oneOf(["ok", "error"]),
|
||||
isCustom: PropTypes.bool,
|
||||
onDeleteAlias: PropTypes.func,
|
||||
};
|
||||
|
||||
function PassthroughModelsSection({ providerAlias, modelAliases, copied, onCopy, onSetAlias, onDeleteAlias }) {
|
||||
@@ -1553,3 +1614,115 @@ EditCompatibleNodeModal.propTypes = {
|
||||
isAnthropic: PropTypes.bool,
|
||||
};
|
||||
|
||||
function AddCustomModelModal({ isOpen, providerAlias, providerDisplayAlias, onSave, onClose }) {
|
||||
const [modelId, setModelId] = useState("");
|
||||
const [testStatus, setTestStatus] = useState(null); // null | "testing" | "ok" | "error"
|
||||
const [testError, setTestError] = useState("");
|
||||
const [saving, setSaving] = useState(false);
|
||||
|
||||
// Reset state when modal opens
|
||||
useEffect(() => {
|
||||
if (isOpen) { setModelId(""); setTestStatus(null); setTestError(""); }
|
||||
}, [isOpen]);
|
||||
|
||||
const handleTest = async () => {
|
||||
if (!modelId.trim()) return;
|
||||
setTestStatus("testing");
|
||||
setTestError("");
|
||||
try {
|
||||
const res = await fetch("/api/models/test", {
|
||||
method: "POST",
|
||||
headers: { "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ model: `${providerAlias}/${modelId.trim()}` }),
|
||||
});
|
||||
const data = await res.json();
|
||||
setTestStatus(data.ok ? "ok" : "error");
|
||||
setTestError(data.error || "");
|
||||
} catch (err) {
|
||||
setTestStatus("error");
|
||||
setTestError(err.message);
|
||||
}
|
||||
};
|
||||
|
||||
const handleSave = async () => {
|
||||
if (!modelId.trim() || saving) return;
|
||||
setSaving(true);
|
||||
try {
|
||||
await onSave(modelId.trim());
|
||||
} finally {
|
||||
setSaving(false);
|
||||
}
|
||||
};
|
||||
|
||||
const handleKeyDown = (e) => {
|
||||
if (e.key === "Enter") handleTest();
|
||||
};
|
||||
|
||||
return (
|
||||
<Modal isOpen={isOpen} onClose={onClose} title="Add Custom Model">
|
||||
<div className="flex flex-col gap-4">
|
||||
<div>
|
||||
<label className="text-sm font-medium mb-1.5 block">Model ID</label>
|
||||
<div className="flex gap-2">
|
||||
<input
|
||||
type="text"
|
||||
value={modelId}
|
||||
onChange={(e) => { setModelId(e.target.value); setTestStatus(null); setTestError(""); }}
|
||||
onKeyDown={handleKeyDown}
|
||||
placeholder="e.g. claude-opus-4-5"
|
||||
className="flex-1 px-3 py-2 text-sm border border-border rounded-lg bg-background focus:outline-none focus:border-primary"
|
||||
autoFocus
|
||||
/>
|
||||
<Button
|
||||
variant="secondary"
|
||||
icon="science"
|
||||
loading={testStatus === "testing"}
|
||||
onClick={handleTest}
|
||||
disabled={!modelId.trim() || testStatus === "testing"}
|
||||
>
|
||||
{testStatus === "testing" ? "Testing..." : "Test"}
|
||||
</Button>
|
||||
</div>
|
||||
<p className="text-xs text-text-muted mt-1">
|
||||
Sent to provider as: <code className="font-mono bg-sidebar px-1 rounded">{modelId.trim() || "model-id"}</code>
|
||||
</p>
|
||||
</div>
|
||||
|
||||
{/* Test result */}
|
||||
{testStatus === "ok" && (
|
||||
<div className="flex items-center gap-2 text-sm text-green-600">
|
||||
<span className="material-symbols-outlined text-base">check_circle</span>
|
||||
Model is reachable
|
||||
</div>
|
||||
)}
|
||||
{testStatus === "error" && (
|
||||
<div className="flex items-start gap-2 text-sm text-red-500">
|
||||
<span className="material-symbols-outlined text-base shrink-0">cancel</span>
|
||||
<span>{testError || "Model not reachable"}</span>
|
||||
</div>
|
||||
)}
|
||||
|
||||
<div className="flex gap-2 pt-1">
|
||||
<Button onClick={onClose} variant="ghost" fullWidth size="sm">Cancel</Button>
|
||||
<Button
|
||||
onClick={handleSave}
|
||||
fullWidth
|
||||
size="sm"
|
||||
disabled={!modelId.trim() || saving}
|
||||
>
|
||||
{saving ? "Adding..." : "Add Model"}
|
||||
</Button>
|
||||
</div>
|
||||
</div>
|
||||
</Modal>
|
||||
);
|
||||
}
|
||||
|
||||
AddCustomModelModal.propTypes = {
|
||||
isOpen: PropTypes.bool.isRequired,
|
||||
providerAlias: PropTypes.string.isRequired,
|
||||
providerDisplayAlias: PropTypes.string.isRequired,
|
||||
onSave: PropTypes.func.isRequired,
|
||||
onClose: PropTypes.func.isRequired,
|
||||
};
|
||||
|
||||
|
||||
@@ -222,7 +222,7 @@ export default function ProvidersPage() {
|
||||
title="Test all OAuth connections"
|
||||
aria-label="Test all OAuth connections"
|
||||
>
|
||||
<span className="material-symbols-outlined text-[14px]">
|
||||
<span className={`material-symbols-outlined text-[14px]${testingMode === "oauth" ? " animate-spin" : ""}`}>
|
||||
{testingMode === "oauth" ? "sync" : "play_arrow"}
|
||||
</span>
|
||||
{testingMode === "oauth" ? "Testing..." : "Test All"}
|
||||
@@ -260,7 +260,7 @@ export default function ProvidersPage() {
|
||||
title="Test all Free connections"
|
||||
aria-label="Test all Free provider connections"
|
||||
>
|
||||
<span className="material-symbols-outlined text-[14px]">
|
||||
<span className={`material-symbols-outlined text-[14px]${testingMode === "free" ? " animate-spin" : ""}`}>
|
||||
{testingMode === "free" ? "sync" : "play_arrow"}
|
||||
</span>
|
||||
{testingMode === "free" ? "Testing..." : "Test All"}
|
||||
@@ -297,7 +297,7 @@ export default function ProvidersPage() {
|
||||
title="Test all API Key connections"
|
||||
aria-label="Test all API Key connections"
|
||||
>
|
||||
<span className="material-symbols-outlined text-[14px]">
|
||||
<span className={`material-symbols-outlined text-[14px]${testingMode === "apikey" ? " animate-spin" : ""}`}>
|
||||
{testingMode === "apikey" ? "sync" : "play_arrow"}
|
||||
</span>
|
||||
{testingMode === "apikey" ? "Testing..." : "Test All"}
|
||||
@@ -335,7 +335,7 @@ export default function ProvidersPage() {
|
||||
}`}
|
||||
title="Test all Compatible connections"
|
||||
>
|
||||
<span className="material-symbols-outlined text-[14px]">
|
||||
<span className={`material-symbols-outlined text-[14px]${testingMode === "compatible" ? " animate-spin" : ""}`}>
|
||||
{testingMode === "compatible" ? "sync" : "play_arrow"}
|
||||
</span>
|
||||
{testingMode === "compatible" ? "Testing..." : "Test All"}
|
||||
|
||||
@@ -144,7 +144,7 @@ function buildLayout(providers, activeSet, lastSet, errorSet) {
|
||||
const error = !active && errorSet.has(p.provider?.toLowerCase());
|
||||
const nodeId = `provider-${p.provider}`;
|
||||
const data = {
|
||||
label: config.name || p.name || p.provider,
|
||||
label: (config.name !== p.provider ? config.name : null) || p.name || p.provider,
|
||||
color: config.color || "#6b7280",
|
||||
imageUrl: getProviderImageUrl(p.provider),
|
||||
textIcon: config.textIcon || (p.provider || "?").slice(0, 2).toUpperCase(),
|
||||
|
||||
@@ -21,7 +21,7 @@ const checkClaudeInstalled = async () => {
|
||||
try {
|
||||
const isWindows = os.platform() === "win32";
|
||||
const command = isWindows ? "where claude" : "command -v claude";
|
||||
await execAsync(command);
|
||||
await execAsync(command, { windowsHide: true });
|
||||
return true;
|
||||
} catch {
|
||||
return false;
|
||||
|
||||
@@ -76,7 +76,7 @@ const checkCodexInstalled = async () => {
|
||||
try {
|
||||
const isWindows = os.platform() === "win32";
|
||||
const command = isWindows ? "where codex" : "command -v codex";
|
||||
await execAsync(command);
|
||||
await execAsync(command, { windowsHide: true });
|
||||
return true;
|
||||
} catch {
|
||||
return false;
|
||||
|
||||
@@ -17,7 +17,7 @@ const checkDroidInstalled = async () => {
|
||||
try {
|
||||
const isWindows = os.platform() === "win32";
|
||||
const command = isWindows ? "where droid" : "command -v droid";
|
||||
await execAsync(command);
|
||||
await execAsync(command, { windowsHide: true });
|
||||
return true;
|
||||
} catch {
|
||||
return false;
|
||||
|
||||
@@ -17,7 +17,7 @@ const checkOpenClawInstalled = async () => {
|
||||
try {
|
||||
const isWindows = os.platform() === "win32";
|
||||
const command = isWindows ? "where openclaw" : "command -v openclaw";
|
||||
await execAsync(command);
|
||||
await execAsync(command, { windowsHide: true });
|
||||
return true;
|
||||
} catch {
|
||||
return false;
|
||||
|
||||
49
src/app/api/models/test/route.js
Normal file
49
src/app/api/models/test/route.js
Normal file
@@ -0,0 +1,49 @@
|
||||
import { NextResponse } from "next/server";
|
||||
import { getApiKeys } from "@/lib/localDb";
|
||||
|
||||
// POST /api/models/test - Ping a single model via internal completions
|
||||
export async function POST(request) {
|
||||
try {
|
||||
const { model } = await request.json();
|
||||
if (!model) return NextResponse.json({ error: "Model required" }, { status: 400 });
|
||||
|
||||
const url = new URL(request.url);
|
||||
const baseUrl = `${url.protocol}//${url.host}`;
|
||||
|
||||
// Get an active internal API key for auth (if requireApiKey is enabled)
|
||||
let apiKey = null;
|
||||
try {
|
||||
const keys = await getApiKeys();
|
||||
apiKey = keys.find((k) => k.isActive !== false)?.key || null;
|
||||
} catch {}
|
||||
|
||||
const headers = { "Content-Type": "application/json" };
|
||||
if (apiKey) headers["Authorization"] = `Bearer ${apiKey}`;
|
||||
|
||||
const start = Date.now();
|
||||
const res = await fetch(`${baseUrl}/api/v1/chat/completions`, {
|
||||
method: "POST",
|
||||
headers,
|
||||
body: JSON.stringify({
|
||||
model,
|
||||
max_tokens: 1,
|
||||
stream: false,
|
||||
messages: [{ role: "user", content: "hi" }],
|
||||
}),
|
||||
signal: AbortSignal.timeout(15000),
|
||||
});
|
||||
const latencyMs = Date.now() - start;
|
||||
|
||||
// 200 = ok; 400 = bad request but auth passed (model reachable)
|
||||
const ok = res.status === 200 || res.status === 400;
|
||||
let error = null;
|
||||
if (!ok) {
|
||||
const text = await res.text().catch(() => "");
|
||||
error = `HTTP ${res.status}${text ? `: ${text.slice(0, 120)}` : ""}`;
|
||||
}
|
||||
|
||||
return NextResponse.json({ ok, latencyMs, error });
|
||||
} catch (err) {
|
||||
return NextResponse.json({ ok: false, error: err.message }, { status: 500 });
|
||||
}
|
||||
}
|
||||
@@ -1,5 +1,5 @@
|
||||
import { NextResponse } from "next/server";
|
||||
import { getProviderConnections, createProviderConnection, getProviderNodeById } from "@/models";
|
||||
import { getProviderConnections, createProviderConnection, getProviderNodeById, getProviderNodes } from "@/models";
|
||||
import { APIKEY_PROVIDERS } from "@/shared/constants/config";
|
||||
import { isOpenAICompatibleProvider, isAnthropicCompatibleProvider } from "@/shared/constants/providers";
|
||||
|
||||
@@ -7,15 +7,31 @@ import { isOpenAICompatibleProvider, isAnthropicCompatibleProvider } from "@/sha
|
||||
export async function GET() {
|
||||
try {
|
||||
const connections = await getProviderConnections();
|
||||
|
||||
// Build nodeNameMap for compatible providers (id → name)
|
||||
let nodeNameMap = {};
|
||||
try {
|
||||
const nodes = await getProviderNodes();
|
||||
for (const node of nodes) {
|
||||
if (node.id && node.name) nodeNameMap[node.id] = node.name;
|
||||
}
|
||||
} catch {}
|
||||
|
||||
// Hide sensitive fields
|
||||
const safeConnections = connections.map(c => ({
|
||||
...c,
|
||||
apiKey: undefined,
|
||||
accessToken: undefined,
|
||||
refreshToken: undefined,
|
||||
idToken: undefined,
|
||||
}));
|
||||
// Hide sensitive fields, enrich name for compatible providers
|
||||
const safeConnections = connections.map(c => {
|
||||
const isCompatible = isOpenAICompatibleProvider(c.provider) || isAnthropicCompatibleProvider(c.provider);
|
||||
const name = isCompatible
|
||||
? (nodeNameMap[c.provider] || c.providerSpecificData?.nodeName || c.provider)
|
||||
: c.name;
|
||||
return {
|
||||
...c,
|
||||
name,
|
||||
apiKey: undefined,
|
||||
accessToken: undefined,
|
||||
refreshToken: undefined,
|
||||
idToken: undefined,
|
||||
};
|
||||
});
|
||||
|
||||
return NextResponse.json({ connections: safeConnections });
|
||||
} catch (error) {
|
||||
|
||||
@@ -436,7 +436,7 @@ export async function getUsageStats() {
|
||||
const history = db.data.history || [];
|
||||
|
||||
// Import localDb to get provider connection names and API keys
|
||||
const { getProviderConnections, getApiKeys } = await import("@/lib/localDb.js");
|
||||
const { getProviderConnections, getApiKeys, getProviderNodes } = await import("@/lib/localDb.js");
|
||||
|
||||
// Fetch all provider connections to get account names
|
||||
let allConnections = [];
|
||||
@@ -453,6 +453,15 @@ export async function getUsageStats() {
|
||||
connectionMap[conn.id] = conn.name || conn.email || conn.id;
|
||||
}
|
||||
|
||||
// Build map from compatible provider ID → friendly name (from providerNodes)
|
||||
const providerNodeNameMap = {};
|
||||
try {
|
||||
const nodes = await getProviderNodes();
|
||||
for (const node of nodes) {
|
||||
if (node.id && node.name) providerNodeNameMap[node.id] = node.name;
|
||||
}
|
||||
} catch {}
|
||||
|
||||
// Fetch all API keys to get key names
|
||||
let allApiKeys = [];
|
||||
try {
|
||||
@@ -596,6 +605,8 @@ export async function getUsageStats() {
|
||||
// By Model
|
||||
// Format: "modelName (provider)" if provider is known
|
||||
const modelKey = entry.provider ? `${entry.model} (${entry.provider})` : entry.model;
|
||||
// Resolve friendly name for compatible providers
|
||||
const providerDisplayName = providerNodeNameMap[entry.provider] || entry.provider;
|
||||
|
||||
if (!stats.byModel[modelKey]) {
|
||||
stats.byModel[modelKey] = {
|
||||
@@ -604,7 +615,7 @@ export async function getUsageStats() {
|
||||
completionTokens: 0,
|
||||
cost: 0,
|
||||
rawModel: entry.model,
|
||||
provider: entry.provider,
|
||||
provider: providerDisplayName,
|
||||
lastUsed: entry.timestamp
|
||||
};
|
||||
}
|
||||
@@ -629,7 +640,7 @@ export async function getUsageStats() {
|
||||
completionTokens: 0,
|
||||
cost: 0,
|
||||
rawModel: entry.model,
|
||||
provider: entry.provider,
|
||||
provider: providerDisplayName,
|
||||
connectionId: entry.connectionId,
|
||||
accountName: accountName,
|
||||
lastUsed: entry.timestamp
|
||||
@@ -660,7 +671,7 @@ export async function getUsageStats() {
|
||||
completionTokens: 0,
|
||||
cost: 0,
|
||||
rawModel: entry.model,
|
||||
provider: entry.provider,
|
||||
provider: providerDisplayName,
|
||||
apiKey: entry.apiKey,
|
||||
keyName: keyName,
|
||||
apiKeyKey: apiKeyKey,
|
||||
@@ -686,7 +697,7 @@ export async function getUsageStats() {
|
||||
completionTokens: 0,
|
||||
cost: 0,
|
||||
rawModel: entry.model,
|
||||
provider: entry.provider,
|
||||
provider: providerDisplayName,
|
||||
apiKey: null,
|
||||
keyName: keyName,
|
||||
apiKeyKey: apiKeyKey,
|
||||
@@ -715,7 +726,7 @@ export async function getUsageStats() {
|
||||
cost: 0,
|
||||
endpoint: endpoint,
|
||||
rawModel: entry.model,
|
||||
provider: entry.provider,
|
||||
provider: providerDisplayName,
|
||||
lastUsed: entry.timestamp
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
const path = require("path");
|
||||
const fs = require("fs");
|
||||
const os = require("os");
|
||||
const { MITM_DIR } = require("../paths");
|
||||
|
||||
const TARGET_HOST = "daily-cloudcode-pa.googleapis.com";
|
||||
|
||||
@@ -8,7 +8,7 @@ const TARGET_HOST = "daily-cloudcode-pa.googleapis.com";
|
||||
* Generate self-signed SSL certificate using selfsigned (pure JS, no openssl needed)
|
||||
*/
|
||||
async function generateCert() {
|
||||
const certDir = path.join(os.homedir(), ".9router", "mitm");
|
||||
const certDir = MITM_DIR;
|
||||
const keyPath = path.join(certDir, "server.key");
|
||||
const certPath = path.join(certDir, "server.crt");
|
||||
|
||||
|
||||
@@ -80,17 +80,17 @@ async function installCertMac(sudoPassword, certPath) {
|
||||
}
|
||||
|
||||
async function installCertWindows(certPath) {
|
||||
// Use PowerShell elevated to add cert to Root store
|
||||
const psCommand = `Start-Process certutil -ArgumentList '-addstore','Root','${certPath.replace(/'/g, "''")}' -Verb RunAs -Wait`;
|
||||
const escaped = certPath.replace(/'/g, "''");
|
||||
const psCommand = `Start-Process certutil -ArgumentList '-addstore','Root','${escaped}' -Verb RunAs -Wait -WindowStyle Hidden`;
|
||||
return new Promise((resolve, reject) => {
|
||||
exec(`powershell -Command "${psCommand}"`, (error) => {
|
||||
if (error) {
|
||||
reject(new Error(`Failed to install certificate: ${error.message}`));
|
||||
} else {
|
||||
console.log(`✅ Installed certificate to Windows Root store`);
|
||||
resolve();
|
||||
exec(
|
||||
`powershell -NonInteractive -WindowStyle Hidden -Command "${psCommand}"`,
|
||||
{ windowsHide: true },
|
||||
(error) => {
|
||||
if (error) reject(new Error(`Failed to install certificate: ${error.message}`));
|
||||
else { console.log("✅ Installed certificate to Windows Root store"); resolve(); }
|
||||
}
|
||||
});
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
@@ -125,16 +125,16 @@ async function uninstallCertMac(sudoPassword, certPath) {
|
||||
}
|
||||
|
||||
async function uninstallCertWindows() {
|
||||
const psCommand = `Start-Process certutil -ArgumentList '-delstore','Root','daily-cloudcode-pa.googleapis.com' -Verb RunAs -Wait`;
|
||||
const psCommand = `Start-Process certutil -ArgumentList '-delstore','Root','daily-cloudcode-pa.googleapis.com' -Verb RunAs -Wait -WindowStyle Hidden`;
|
||||
return new Promise((resolve, reject) => {
|
||||
exec(`powershell -Command "${psCommand}"`, (error) => {
|
||||
if (error) {
|
||||
reject(new Error(`Failed to uninstall certificate: ${error.message}`));
|
||||
} else {
|
||||
console.log("✅ Uninstalled certificate from Windows Root store");
|
||||
resolve();
|
||||
exec(
|
||||
`powershell -NonInteractive -WindowStyle Hidden -Command "${psCommand}"`,
|
||||
{ windowsHide: true },
|
||||
(error) => {
|
||||
if (error) reject(new Error(`Failed to uninstall certificate: ${error.message}`));
|
||||
else { console.log("✅ Uninstalled certificate from Windows Root store"); resolve(); }
|
||||
}
|
||||
});
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
@@ -38,18 +38,20 @@ function execWithPassword(command, password) {
|
||||
}
|
||||
|
||||
/**
|
||||
* Execute elevated command on Windows via PowerShell RunAs
|
||||
* Execute elevated command on Windows via PowerShell RunAs (hidden window)
|
||||
*/
|
||||
function execElevatedWindows(command) {
|
||||
return new Promise((resolve, reject) => {
|
||||
const psCommand = `Start-Process cmd -ArgumentList '/c','${command.replace(/'/g, "''")}' -Verb RunAs -Wait`;
|
||||
exec(`powershell -Command "${psCommand}"`, (error, stdout, stderr) => {
|
||||
if (error) {
|
||||
reject(new Error(`Elevated command failed: ${error.message}\n${stderr}`));
|
||||
} else {
|
||||
resolve(stdout);
|
||||
const escaped = command.replace(/'/g, "''");
|
||||
const psCommand = `Start-Process cmd -ArgumentList '/c','${escaped}' -Verb RunAs -Wait -WindowStyle Hidden`;
|
||||
exec(
|
||||
`powershell -NonInteractive -WindowStyle Hidden -Command "${psCommand}"`,
|
||||
{ windowsHide: true },
|
||||
(error, stdout, stderr) => {
|
||||
if (error) reject(new Error(`Elevated command failed: ${error.message}\n${stderr}`));
|
||||
else resolve(stdout);
|
||||
}
|
||||
});
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
@@ -84,17 +86,26 @@ async function addDNSEntry(sudoPassword) {
|
||||
|
||||
try {
|
||||
if (IS_WIN) {
|
||||
// Windows: add each entry separately
|
||||
for (const host of entriesToAdd) {
|
||||
const entry = `127.0.0.1 ${host}`;
|
||||
await execElevatedWindows(`echo ${entry} >> "${HOSTS_FILE}"`);
|
||||
}
|
||||
// Windows: add all entries + flush in one elevated PowerShell call (single UAC)
|
||||
const hostsPath = HOSTS_FILE.replace(/'/g, "''");
|
||||
const addLines = entriesToAdd.map(host =>
|
||||
`$hc = Get-Content -Path '${hostsPath}' -Raw -ErrorAction SilentlyContinue; if ($hc -notmatch '${host}') { Add-Content -Path '${hostsPath}' -Value '127.0.0.1 ${host}' -Encoding UTF8 }`
|
||||
).join("; ");
|
||||
const psScript = `${addLines}; ipconfig /flushdns | Out-Null`;
|
||||
await new Promise((resolve, reject) => {
|
||||
const escaped = psScript.replace(/"/g, '\\"');
|
||||
exec(
|
||||
`powershell -NonInteractive -WindowStyle Hidden -Command "Start-Process powershell -ArgumentList '-NonInteractive -WindowStyle Hidden -Command \\"${escaped}\\"' -Verb RunAs -Wait"`,
|
||||
{ windowsHide: true },
|
||||
(error) => { if (error) reject(new Error(`Failed to add DNS: ${error.message}`)); else resolve(); }
|
||||
);
|
||||
});
|
||||
} else {
|
||||
await execWithPassword(`echo "${entries}" >> ${HOSTS_FILE}`, sudoPassword);
|
||||
}
|
||||
// Flush DNS cache
|
||||
// Flush DNS cache (non-Windows)
|
||||
if (IS_WIN) {
|
||||
await execElevatedWindows("ipconfig /flushdns");
|
||||
// already flushed above
|
||||
} else if (IS_MAC) {
|
||||
await execWithPassword("dscacheutil -flushcache && killall -HUP mDNSResponder", sudoPassword);
|
||||
} else {
|
||||
@@ -121,7 +132,7 @@ async function removeDNSEntry(sudoPassword) {
|
||||
|
||||
try {
|
||||
if (IS_WIN) {
|
||||
// Read in Node, filter, write to temp file, then elevated-copy over hosts
|
||||
// Read in Node, filter, write to temp file, then single elevated-copy + flush (1 UAC)
|
||||
const content = fs.readFileSync(HOSTS_FILE, "utf8");
|
||||
const filtered = content.split(/\r?\n/).filter(l => !TARGET_HOSTS.some(host => l.includes(host))).join("\r\n");
|
||||
if (!filtered.trim() && content.trim()) {
|
||||
@@ -129,14 +140,21 @@ async function removeDNSEntry(sudoPassword) {
|
||||
}
|
||||
const tmpFile = path.join(os.tmpdir(), "hosts_filtered.tmp");
|
||||
fs.writeFileSync(tmpFile, filtered, "utf8");
|
||||
// Use elevated cmd to copy temp file over hosts (safe: original untouched until copy succeeds)
|
||||
const psCommand = `Start-Process cmd -ArgumentList '/c','copy /Y "${tmpFile}" "${HOSTS_FILE}"' -Verb RunAs -Wait`;
|
||||
const tmpEsc = tmpFile.replace(/'/g, "''");
|
||||
const hostsEsc = HOSTS_FILE.replace(/'/g, "''");
|
||||
// Single UAC: copy temp file over hosts + flush DNS
|
||||
const psScript = `Copy-Item -Path '${tmpEsc}' -Destination '${hostsEsc}' -Force; ipconfig /flushdns | Out-Null; Remove-Item '${tmpEsc}' -ErrorAction SilentlyContinue`;
|
||||
await new Promise((resolve, reject) => {
|
||||
exec(`powershell -Command "${psCommand}"`, (error) => {
|
||||
try { fs.unlinkSync(tmpFile); } catch { /* ignore */ }
|
||||
if (error) reject(new Error(`Failed to remove DNS entry: ${error.message}`));
|
||||
else resolve();
|
||||
});
|
||||
const escaped = psScript.replace(/"/g, '\\"');
|
||||
exec(
|
||||
`powershell -NonInteractive -WindowStyle Hidden -Command "Start-Process powershell -ArgumentList '-NonInteractive -WindowStyle Hidden -Command \\"${escaped}\\"' -Verb RunAs -Wait"`,
|
||||
{ windowsHide: true },
|
||||
(error) => {
|
||||
try { fs.unlinkSync(tmpFile); } catch { /* ignore */ }
|
||||
if (error) reject(new Error(`Failed to remove DNS entry: ${error.message}`));
|
||||
else resolve();
|
||||
}
|
||||
);
|
||||
});
|
||||
} else {
|
||||
// Remove all target hosts using sed
|
||||
@@ -147,9 +165,9 @@ async function removeDNSEntry(sudoPassword) {
|
||||
await execWithPassword(sedCmd, sudoPassword);
|
||||
}
|
||||
}
|
||||
// Flush DNS cache
|
||||
// Flush DNS cache (non-Windows, already flushed above for Windows)
|
||||
if (IS_WIN) {
|
||||
await execElevatedWindows("ipconfig /flushdns");
|
||||
// already flushed above
|
||||
} else if (IS_MAC) {
|
||||
await execWithPassword("dscacheutil -flushcache && killall -HUP mDNSResponder", sudoPassword);
|
||||
} else {
|
||||
|
||||
@@ -10,9 +10,12 @@ const { addDNSEntry, removeDNSEntry, checkDNSEntry } = require("./dns/dnsConfig"
|
||||
const IS_WIN = process.platform === "win32";
|
||||
const { generateCert } = require("./cert/generate");
|
||||
const { installCert } = require("./cert/install");
|
||||
const { MITM_DIR } = require("./paths");
|
||||
|
||||
const MITM_PORT = 443;
|
||||
const PID_FILE = path.join(os.homedir(), ".9router", "mitm", ".mitm.pid");
|
||||
// Windows: node listens on 8443, netsh portproxy forwards 443→8443
|
||||
const MITM_WIN_NODE_PORT = 8443;
|
||||
const PID_FILE = path.join(MITM_DIR, ".mitm.pid");
|
||||
|
||||
// Resolve server.js path robustly:
|
||||
// __dirname is unreliable inside Next.js bundles, so we use DATA_DIR env or
|
||||
@@ -48,20 +51,15 @@ const ENCRYPT_SALT = "9router-mitm-pwd";
|
||||
function getProcessUsingPort443() {
|
||||
try {
|
||||
if (IS_WIN) {
|
||||
// Windows: use netstat to find PID, then tasklist to get process name
|
||||
const netstatResult = execSync("netstat -ano | findstr :443", { encoding: "utf8" });
|
||||
const lines = netstatResult.trim().split("\n");
|
||||
if (lines.length > 0) {
|
||||
// Extract PID from last column (format: TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 1234)
|
||||
const pidMatch = lines[0].match(/\s+(\d+)\s*$/);
|
||||
if (pidMatch) {
|
||||
const pid = pidMatch[1];
|
||||
const tasklistResult = execSync(`tasklist /FI "PID eq ${pid}" /FO CSV /NH`, { encoding: "utf8" });
|
||||
const processMatch = tasklistResult.match(/"([^"]+)"/);
|
||||
if (processMatch) {
|
||||
return processMatch[1].replace(".exe", "");
|
||||
}
|
||||
}
|
||||
// Use PowerShell for precise port 443 owner lookup
|
||||
const psCmd = `powershell -NonInteractive -WindowStyle Hidden -Command ` +
|
||||
`"$c = Get-NetTCPConnection -LocalPort 443 -State Listen -ErrorAction SilentlyContinue | Select-Object -First 1; if ($c) { $c.OwningProcess } else { 0 }"`;
|
||||
const pidStr = execSync(psCmd, { encoding: "utf8", windowsHide: true }).trim();
|
||||
const pid = parseInt(pidStr, 10);
|
||||
if (pid && pid > 4) {
|
||||
const tasklistResult = execSync(`tasklist /FI "PID eq ${pid}" /FO CSV /NH`, { encoding: "utf8", windowsHide: true });
|
||||
const processMatch = tasklistResult.match(/"([^"]+)"/);
|
||||
if (processMatch) return processMatch[1].replace(".exe", "");
|
||||
}
|
||||
} else {
|
||||
// macOS/Linux: use lsof
|
||||
@@ -208,20 +206,19 @@ function checkPort443Free() {
|
||||
function getPort443Owner(sudoPassword) {
|
||||
return new Promise((resolve) => {
|
||||
if (IS_WIN) {
|
||||
exec(`netstat -ano | findstr ":443 "`, (err, stdout) => {
|
||||
if (err || !stdout.trim()) return resolve(null);
|
||||
for (const line of stdout.split("\n")) {
|
||||
const match = line.match(/LISTENING\s+(\d+)/i);
|
||||
if (match) {
|
||||
const pid = parseInt(match[1], 10);
|
||||
exec(`tasklist /FI "PID eq ${pid}" /FO CSV /NH`, (e2, out2) => {
|
||||
const m = out2?.match(/"([^"]+)"/);
|
||||
resolve({ pid, name: m ? m[1] : "unknown" });
|
||||
});
|
||||
return;
|
||||
}
|
||||
}
|
||||
resolve(null);
|
||||
// Use PowerShell Get-NetTCPConnection for precise port 443 owner lookup
|
||||
const psCmd = `powershell -NonInteractive -WindowStyle Hidden -Command "` +
|
||||
`$c = Get-NetTCPConnection -LocalPort 443 -State Listen -ErrorAction SilentlyContinue | Select-Object -First 1; ` +
|
||||
`if ($c) { $c.OwningProcess } else { 0 }"`;
|
||||
exec(psCmd, { windowsHide: true }, (err, stdout) => {
|
||||
if (err) return resolve(null);
|
||||
const pid = parseInt(stdout.trim(), 10);
|
||||
// 0 = no owner, <=4 = System/Idle — not real port owners
|
||||
if (!pid || pid <= 4) return resolve(null);
|
||||
exec(`tasklist /FI "PID eq ${pid}" /FO CSV /NH`, { windowsHide: true }, (e2, out2) => {
|
||||
const m = out2?.match(/"([^"]+)"/);
|
||||
resolve({ pid, name: m ? m[1] : "unknown" });
|
||||
});
|
||||
});
|
||||
} else {
|
||||
// Use ps to find node process running server.js (no sudo needed)
|
||||
@@ -281,12 +278,12 @@ async function killLeftoverMitm(sudoPassword) {
|
||||
* Poll MITM health endpoint until server is up or timeout.
|
||||
* Returns { ok, pid } on success, null on timeout.
|
||||
*/
|
||||
function pollMitmHealth(timeoutMs) {
|
||||
function pollMitmHealth(timeoutMs, port = MITM_PORT) {
|
||||
return new Promise((resolve) => {
|
||||
const deadline = Date.now() + timeoutMs;
|
||||
const check = () => {
|
||||
const req = https.request(
|
||||
{ hostname: "127.0.0.1", port: 443, path: "/_mitm_health", method: "GET", rejectUnauthorized: false },
|
||||
{ hostname: "127.0.0.1", port, path: "/_mitm_health", method: "GET", rejectUnauthorized: false },
|
||||
(res) => {
|
||||
let body = "";
|
||||
res.on("data", (d) => { body += d; });
|
||||
@@ -332,8 +329,7 @@ async function getMitmStatus() {
|
||||
}
|
||||
|
||||
const dnsConfigured = checkDNSEntry();
|
||||
const certDir = path.join(os.homedir(), ".9router", "mitm");
|
||||
const certExists = fs.existsSync(path.join(certDir, "server.crt"));
|
||||
const certExists = fs.existsSync(path.join(MITM_DIR, "server.crt"));
|
||||
|
||||
return { running, pid, dnsConfigured, certExists };
|
||||
}
|
||||
@@ -372,71 +368,132 @@ async function startMitm(apiKey, sudoPassword) {
|
||||
// Kill any leftover MITM server from a previous failed start attempt
|
||||
await killLeftoverMitm(sudoPassword);
|
||||
|
||||
// Check port 443 availability BEFORE modifying system
|
||||
// "no-permission" = EACCES: port may be held by a root process, check via lsof/netstat
|
||||
const portStatus = await checkPort443Free();
|
||||
if (portStatus === "in-use" || portStatus === "no-permission") {
|
||||
const owner = await getPort443Owner(sudoPassword);
|
||||
if (owner && owner.name === "node") {
|
||||
// Orphan MITM node process — kill it and continue
|
||||
console.log(`[MITM] Killing orphan node process on port 443 (PID ${owner.pid})...`);
|
||||
try {
|
||||
if (IS_WIN) {
|
||||
await new Promise((resolve) => exec(`taskkill /F /PID ${owner.pid}`, resolve));
|
||||
} else {
|
||||
if (!IS_WIN) {
|
||||
// Check port 443 availability — Windows handles this inside elevated script
|
||||
const portStatus = await checkPort443Free();
|
||||
if (portStatus === "in-use" || portStatus === "no-permission") {
|
||||
const owner = await getPort443Owner(sudoPassword);
|
||||
if (owner && owner.name === "node") {
|
||||
// Orphan MITM node process — kill it and continue
|
||||
console.log(`[MITM] Killing orphan node process on port 443 (PID ${owner.pid})...`);
|
||||
try {
|
||||
const { execWithPassword } = require("./dns/dnsConfig");
|
||||
await execWithPassword(`kill -9 ${owner.pid}`, sudoPassword);
|
||||
}
|
||||
await new Promise(r => setTimeout(r, 800));
|
||||
} catch {
|
||||
// best effort — continue anyway
|
||||
await new Promise(r => setTimeout(r, 800));
|
||||
} catch { /* best effort */ }
|
||||
} else if (owner) {
|
||||
const shortName = owner.name.includes("/")
|
||||
? owner.name.split("/").filter(Boolean).pop()
|
||||
: owner.name;
|
||||
throw new Error(
|
||||
`Port 443 is already in use by "${shortName}" (PID ${owner.pid}). Stop that process first, then retry.`
|
||||
);
|
||||
}
|
||||
} else if (owner) {
|
||||
const shortName = owner.name.includes("/")
|
||||
? owner.name.split("/").filter(Boolean).pop()
|
||||
: owner.name;
|
||||
throw new Error(
|
||||
`Port 443 is already in use by "${shortName}" (PID ${owner.pid}). Stop that process first, then retry.`
|
||||
);
|
||||
}
|
||||
// owner === null + no-permission → likely just needs sudo, proceed
|
||||
}
|
||||
|
||||
// 1. Generate SSL certificate if not exists
|
||||
const certPath = path.join(os.homedir(), ".9router", "mitm", "server.crt");
|
||||
// 1. Generate SSL certificate if not exists (no elevation needed)
|
||||
const certPath = path.join(MITM_DIR, "server.crt");
|
||||
if (!fs.existsSync(certPath)) {
|
||||
console.log("Generating SSL certificate...");
|
||||
await generateCert();
|
||||
}
|
||||
|
||||
// 2. Install certificate to system keychain
|
||||
// Skip if db flag says installed AND cert file still exists (same cert in keychain)
|
||||
const settings = _getSettings ? await _getSettings().catch(() => ({})) : {};
|
||||
const certAlreadyInstalled = settings.mitmCertInstalled && fs.existsSync(certPath);
|
||||
if (!certAlreadyInstalled) {
|
||||
await installCert(sudoPassword, certPath);
|
||||
if (_updateSettings) await _updateSettings({ mitmCertInstalled: true }).catch(() => { });
|
||||
}
|
||||
|
||||
// 3. Add DNS entry
|
||||
console.log("Adding DNS entry...");
|
||||
await addDNSEntry(sudoPassword);
|
||||
|
||||
// 4. Spawn MITM server with sudo (port 443 requires root on macOS/Linux)
|
||||
// 4. Spawn MITM server
|
||||
console.log("Starting MITM server...");
|
||||
|
||||
if (IS_WIN) {
|
||||
// Use cmd /c to set env vars inline before launching node (env vars survive RunAs)
|
||||
const nodePath = process.execPath.replace(/"/g, '\\"');
|
||||
const serverPath = SERVER_PATH.replace(/"/g, '\\"');
|
||||
const cmdLine = `set ROUTER_API_KEY=${apiKey}&& set NODE_ENV=production&& "${nodePath}" "${serverPath}"`;
|
||||
serverProcess = spawn("powershell", [
|
||||
"-NoProfile", "-Command",
|
||||
`Start-Process cmd -ArgumentList '/c','${cmdLine.replace(/'/g, "''")}' -Verb RunAs -WindowStyle Hidden`
|
||||
], { stdio: "ignore" });
|
||||
// Windows: single UAC via VBScript → elevated PowerShell script that:
|
||||
// 1. Installs SSL cert 2. Adds DNS entries 3. Starts node server.js (elevated → can bind 443) 4. Writes flag
|
||||
// Node polls flag file to know when server is ready, then health-checks port 443
|
||||
const hostsFile = path.join(process.env.SystemRoot || "C:\\Windows", "System32", "drivers", "etc", "hosts");
|
||||
const TARGET_HOSTS_WIN = ["daily-cloudcode-pa.googleapis.com", "cloudcode-pa.googleapis.com"];
|
||||
|
||||
// Use Chr(34) in VBScript for quotes — avoid escaping issues
|
||||
const flagFile = path.join(os.tmpdir(), `mitm_ready_${Date.now()}.flag`);
|
||||
|
||||
// PowerShell uses single-quoted strings — escape single quotes only
|
||||
const psSQ = (s) => s.replace(/'/g, "''");
|
||||
const certPs = psSQ(certPath);
|
||||
const hostsPs = psSQ(hostsFile);
|
||||
const nodePs = psSQ(process.execPath);
|
||||
const serverPs = psSQ(SERVER_PATH);
|
||||
const flagPs = psSQ(flagFile);
|
||||
|
||||
const dnsLines = TARGET_HOSTS_WIN.map(h =>
|
||||
`$hc = Get-Content -Path '${hostsPs}' -Raw -ErrorAction SilentlyContinue\n` +
|
||||
`if ($hc -notmatch [regex]::Escape('${h}')) { Add-Content -Path '${hostsPs}' -Value '127.0.0.1 ${h}' -Encoding UTF8 }`
|
||||
).join("\n");
|
||||
|
||||
const psScript = [
|
||||
`# 0. Kill any orphan node process on port 443`,
|
||||
`$conn = Get-NetTCPConnection -LocalPort 443 -State Listen -ErrorAction SilentlyContinue | Select-Object -First 1`,
|
||||
`if ($conn -and $conn.OwningProcess -gt 4) { Stop-Process -Id $conn.OwningProcess -Force -ErrorAction SilentlyContinue }`,
|
||||
`Start-Sleep -Milliseconds 500`,
|
||||
``,
|
||||
`# 1. Install SSL cert to Windows Root store (always run to ensure trust)`,
|
||||
`& certutil -addstore Root '${certPs}' | Out-Null`,
|
||||
``,
|
||||
`# 2. Add DNS entries to hosts file`,
|
||||
dnsLines,
|
||||
`& ipconfig /flushdns | Out-Null`,
|
||||
``,
|
||||
`# 3. Start node MITM server elevated (required to bind port 443)`,
|
||||
`# Use cmd /c to pass env vars inline — Start-Process does not inherit current env`,
|
||||
`$nodeCmd = 'set ROUTER_API_KEY=${psSQ(apiKey)}&& set NODE_ENV=production&& "${nodePs}" "${serverPs}"'`,
|
||||
`Start-Process cmd -ArgumentList '/c',$nodeCmd -WindowStyle Hidden`,
|
||||
``,
|
||||
`# 4. Signal ready`,
|
||||
`Start-Sleep -Milliseconds 500`,
|
||||
`Set-Content -Path '${flagPs}' -Value 'ready' -Encoding UTF8`,
|
||||
].join("\n");
|
||||
|
||||
const tmpPs1 = path.join(os.tmpdir(), `mitm_start_${Date.now()}.ps1`);
|
||||
fs.writeFileSync(tmpPs1, psScript, "utf8");
|
||||
|
||||
// VBScript uses Shell.Application.ShellExecute to trigger UAC from any context
|
||||
// Chr(34) = double-quote, avoids VBScript string escaping issues
|
||||
const vbs = [
|
||||
`Set oShell = CreateObject("Shell.Application")`,
|
||||
`Dim ps`,
|
||||
`ps = Chr(34) & "powershell.exe" & Chr(34)`,
|
||||
`Dim args`,
|
||||
`args = "-NoProfile -ExecutionPolicy Bypass -File " & Chr(34) & "${tmpPs1}" & Chr(34)`,
|
||||
`oShell.ShellExecute ps, args, "", "runas", 1`,
|
||||
].join("\r\n");
|
||||
const tmpVbs = path.join(os.tmpdir(), `mitm_uac_${Date.now()}.vbs`);
|
||||
fs.writeFileSync(tmpVbs, vbs, "utf8");
|
||||
|
||||
// Launch VBScript — shows UAC dialog, user confirms, script runs elevated
|
||||
spawn("wscript.exe", [tmpVbs], { stdio: "ignore", windowsHide: false, detached: true }).unref();
|
||||
|
||||
// Poll flag file — resolves when elevated script completes
|
||||
await new Promise((resolve, reject) => {
|
||||
const deadline = Date.now() + 90000; // 90s: UAC wait + cert install + node start
|
||||
const poll = () => {
|
||||
if (fs.existsSync(flagFile)) {
|
||||
try { fs.unlinkSync(flagFile); fs.unlinkSync(tmpPs1); fs.unlinkSync(tmpVbs); } catch { /* ignore */ }
|
||||
return resolve();
|
||||
}
|
||||
if (Date.now() > deadline) return reject(new Error("Timed out waiting for UAC confirmation. Please try again."));
|
||||
setTimeout(poll, 500);
|
||||
};
|
||||
poll();
|
||||
});
|
||||
|
||||
if (_updateSettings) await _updateSettings({ mitmCertInstalled: true }).catch(() => { });
|
||||
} else {
|
||||
// macOS/Linux: install cert + add DNS (requires sudo), then spawn server
|
||||
const settings = _getSettings ? await _getSettings().catch(() => ({})) : {};
|
||||
const certAlreadyInstalled = settings.mitmCertInstalled && fs.existsSync(certPath);
|
||||
if (!certAlreadyInstalled) {
|
||||
await installCert(sudoPassword, certPath);
|
||||
if (_updateSettings) await _updateSettings({ mitmCertInstalled: true }).catch(() => { });
|
||||
}
|
||||
console.log("Adding DNS entry...");
|
||||
await addDNSEntry(sudoPassword);
|
||||
|
||||
// sudo -S: read password from stdin, -E: preserve env vars
|
||||
// Pass ROUTER_API_KEY inline via env=... wrapper to avoid sudo stripping env
|
||||
const inlineCmd = `ROUTER_API_KEY='${apiKey}' NODE_ENV='production' '${process.execPath}' '${SERVER_PATH}'`;
|
||||
serverProcess = spawn(
|
||||
"sudo", ["-S", "-E", "sh", "-c", inlineCmd],
|
||||
@@ -447,8 +504,11 @@ async function startMitm(apiKey, sudoPassword) {
|
||||
serverProcess.stdin.end();
|
||||
}
|
||||
|
||||
serverPid = serverProcess.pid;
|
||||
fs.writeFileSync(PID_FILE, String(serverPid));
|
||||
// Windows: node was started by elevated script — PID comes from health check later
|
||||
if (!IS_WIN && serverProcess) {
|
||||
serverPid = serverProcess.pid;
|
||||
fs.writeFileSync(PID_FILE, String(serverPid));
|
||||
}
|
||||
|
||||
let startError = null;
|
||||
if (!IS_WIN) {
|
||||
@@ -471,8 +531,8 @@ async function startMitm(apiKey, sudoPassword) {
|
||||
});
|
||||
}
|
||||
|
||||
// Wait for server to be ready by polling health endpoint
|
||||
const health = await pollMitmHealth(IS_WIN ? 12000 : 8000);
|
||||
// Wait for server to be ready by polling health endpoint on port 443
|
||||
const health = await pollMitmHealth(IS_WIN ? 15000 : 8000, MITM_PORT);
|
||||
|
||||
if (!health) {
|
||||
if (IS_WIN) serverProcess = null;
|
||||
@@ -483,6 +543,9 @@ async function startMitm(apiKey, sudoPassword) {
|
||||
throw new Error(`MITM server failed to start. ${reason}`);
|
||||
}
|
||||
|
||||
// On Windows, mark cert as installed after successful start
|
||||
if (IS_WIN && _updateSettings) await _updateSettings({ mitmCertInstalled: true }).catch(() => { });
|
||||
|
||||
// On Windows, use real PID from health check (launcher exits immediately after UAC)
|
||||
if (IS_WIN && health.pid) {
|
||||
serverPid = health.pid;
|
||||
@@ -524,8 +587,58 @@ async function stopMitm(sudoPassword) {
|
||||
serverPid = null;
|
||||
}
|
||||
|
||||
console.log("Removing DNS entry...");
|
||||
await removeDNSEntry(sudoPassword);
|
||||
if (IS_WIN) {
|
||||
// Windows stop: remove DNS entries via elevated VBScript (1 UAC)
|
||||
const hostsFile = path.join(process.env.SystemRoot || "C:\\Windows", "System32", "drivers", "etc", "hosts");
|
||||
const TARGET_HOSTS_WIN = ["daily-cloudcode-pa.googleapis.com", "cloudcode-pa.googleapis.com"];
|
||||
const psSQ = (s) => s.replace(/'/g, "''");
|
||||
|
||||
// Filter hosts content in Node (read doesn't need elevation)
|
||||
let hostsContent = "";
|
||||
try { hostsContent = fs.readFileSync(hostsFile, "utf8"); } catch { /* ignore */ }
|
||||
const filtered = hostsContent.split(/\r?\n/)
|
||||
.filter(l => !TARGET_HOSTS_WIN.some(h => l.includes(h)))
|
||||
.join("\r\n");
|
||||
const tmpHosts = path.join(os.tmpdir(), "mitm_hosts_clean.tmp");
|
||||
fs.writeFileSync(tmpHosts, filtered, "utf8");
|
||||
|
||||
const flagFile = path.join(os.tmpdir(), "mitm_stop_done.flag");
|
||||
const psScript = [
|
||||
`Copy-Item -Path '${psSQ(tmpHosts)}' -Destination '${psSQ(hostsFile)}' -Force`,
|
||||
`& ipconfig /flushdns | Out-Null`,
|
||||
`Remove-Item '${psSQ(tmpHosts)}' -ErrorAction SilentlyContinue`,
|
||||
`Set-Content -Path '${psSQ(flagFile)}' -Value 'done' -Encoding UTF8`,
|
||||
].join("\n");
|
||||
const tmpPs1 = path.join(os.tmpdir(), "mitm_stop.ps1");
|
||||
fs.writeFileSync(tmpPs1, psScript, "utf8");
|
||||
|
||||
const vbs = [
|
||||
`Set oShell = CreateObject("Shell.Application")`,
|
||||
`Dim args`,
|
||||
`args = "-NoProfile -ExecutionPolicy Bypass -File " & Chr(34) & "${tmpPs1}" & Chr(34)`,
|
||||
`oShell.ShellExecute "powershell.exe", args, "", "runas", 1`,
|
||||
].join("\r\n");
|
||||
const tmpVbs = path.join(os.tmpdir(), "mitm_stop_uac.vbs");
|
||||
fs.writeFileSync(tmpVbs, vbs, "utf8");
|
||||
spawn("wscript.exe", [tmpVbs], { stdio: "ignore", windowsHide: false, detached: true }).unref();
|
||||
|
||||
// Poll flag — best effort, don't block UI if user cancels UAC
|
||||
await new Promise((resolve) => {
|
||||
const deadline = Date.now() + 30000;
|
||||
const poll = () => {
|
||||
if (fs.existsSync(flagFile)) {
|
||||
try { fs.unlinkSync(flagFile); fs.unlinkSync(tmpPs1); fs.unlinkSync(tmpVbs); } catch { /* ignore */ }
|
||||
return resolve();
|
||||
}
|
||||
if (Date.now() > deadline) return resolve();
|
||||
setTimeout(poll, 500);
|
||||
};
|
||||
poll();
|
||||
});
|
||||
} else {
|
||||
console.log("Removing DNS entry...");
|
||||
await removeDNSEntry(sudoPassword);
|
||||
}
|
||||
|
||||
try { fs.unlinkSync(PID_FILE); } catch { /* ignore */ }
|
||||
|
||||
|
||||
16
src/mitm/paths.js
Normal file
16
src/mitm/paths.js
Normal file
@@ -0,0 +1,16 @@
|
||||
const path = require("path");
|
||||
const os = require("os");
|
||||
|
||||
// Single source of truth for data directory — matches localDb.js logic
|
||||
function getDataDir() {
|
||||
if (process.env.DATA_DIR) return process.env.DATA_DIR;
|
||||
if (process.platform === "win32") {
|
||||
return path.join(process.env.APPDATA || path.join(os.homedir(), "AppData", "Roaming"), "9router");
|
||||
}
|
||||
return path.join(os.homedir(), ".9router");
|
||||
}
|
||||
|
||||
const DATA_DIR = getDataDir();
|
||||
const MITM_DIR = path.join(DATA_DIR, "mitm");
|
||||
|
||||
module.exports = { DATA_DIR, MITM_DIR };
|
||||
@@ -3,8 +3,6 @@ const fs = require("fs");
|
||||
const path = require("path");
|
||||
const dns = require("dns");
|
||||
const { promisify } = require("util");
|
||||
const os = require("os");
|
||||
|
||||
// Configuration
|
||||
const INTERNAL_REQUEST_HEADER = { name: "x-request-source", value: "local" };
|
||||
const TARGET_HOSTS = [
|
||||
@@ -14,7 +12,8 @@ const TARGET_HOSTS = [
|
||||
const LOCAL_PORT = 443;
|
||||
const ROUTER_URL = "http://localhost:20128/v1/chat/completions";
|
||||
const API_KEY = process.env.ROUTER_API_KEY;
|
||||
const DB_FILE = path.join(os.homedir(), ".9router", "db.json");
|
||||
const { DATA_DIR, MITM_DIR } = require("./paths");
|
||||
const DB_FILE = path.join(DATA_DIR, "db.json");
|
||||
|
||||
// Toggle logging (set true to enable file logging for debugging)
|
||||
const ENABLE_FILE_LOG = false;
|
||||
@@ -25,7 +24,7 @@ if (!API_KEY) {
|
||||
}
|
||||
|
||||
// Load SSL certificates
|
||||
const certDir = path.join(os.homedir(), ".9router", "mitm");
|
||||
const certDir = MITM_DIR;
|
||||
let sslOptions;
|
||||
try {
|
||||
sslOptions = {
|
||||
@@ -92,17 +91,18 @@ function collectBodyRaw(req) {
|
||||
});
|
||||
}
|
||||
|
||||
function extractModel(body) {
|
||||
try {
|
||||
return JSON.parse(body.toString()).model || null;
|
||||
} catch {
|
||||
return null;
|
||||
}
|
||||
// Extract model from URL path (Gemini format: /v1beta/models/gemini-2.0-flash:generateContent)
|
||||
// Fallback to body.model (OpenAI format)
|
||||
function extractModel(url, body) {
|
||||
const urlMatch = url.match(/\/models\/([^/:]+)/);
|
||||
if (urlMatch) return urlMatch[1];
|
||||
try { return JSON.parse(body.toString()).model || null; } catch { return null; }
|
||||
}
|
||||
|
||||
function getMappedModel(model) {
|
||||
if (!model) return null;
|
||||
try {
|
||||
if (!fs.existsSync(DB_FILE)) return null;
|
||||
const db = JSON.parse(fs.readFileSync(DB_FILE, "utf-8"));
|
||||
return db.mitmAlias?.antigravity?.[model] || null;
|
||||
} catch {
|
||||
@@ -200,8 +200,8 @@ const server = https.createServer(sslOptions, async (req, res) => {
|
||||
return passthrough(req, res, bodyBuffer);
|
||||
}
|
||||
|
||||
const model = extractModel(bodyBuffer);
|
||||
console.log(`📡 ${model} (passthrough)`);
|
||||
const model = extractModel(req.url, bodyBuffer);
|
||||
console.log(`📡 intercepted: ${req.url} | model: ${model}`);
|
||||
const mappedModel = getMappedModel(model);
|
||||
|
||||
if (!mappedModel) {
|
||||
|
||||
@@ -187,7 +187,7 @@ async function handleSingleModelChat(body, modelStr, clientRawRequest = null, re
|
||||
});
|
||||
},
|
||||
onRequestSuccess: async () => {
|
||||
await clearAccountError(credentials.connectionId, credentials);
|
||||
await clearAccountError(credentials.connectionId, credentials, model);
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
@@ -122,7 +122,7 @@ export async function handleEmbeddings(request) {
|
||||
});
|
||||
},
|
||||
onRequestSuccess: async () => {
|
||||
await clearAccountError(credentials.connectionId, credentials);
|
||||
await clearAccountError(credentials.connectionId, credentials, model);
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
@@ -178,30 +178,47 @@ export async function markAccountUnavailable(connectionId, status, errorText, pr
|
||||
}
|
||||
|
||||
/**
|
||||
* Clear account error status (only if currently has error)
|
||||
* Clears all modelLock_* fields and resets error state.
|
||||
* Clear account error status on successful request.
|
||||
* - Clears modelLock_${model} (the model that just succeeded)
|
||||
* - Lazy-cleans any other expired modelLock_* keys
|
||||
* - Resets error state only if no active locks remain
|
||||
* @param {string} connectionId
|
||||
* @param {object} currentConnection - credentials object (has _connection) or raw connection
|
||||
* @param {string|null} model - model that succeeded
|
||||
*/
|
||||
export async function clearAccountError(connectionId, currentConnection) {
|
||||
// Support both direct connection object and credentials wrapper
|
||||
export async function clearAccountError(connectionId, currentConnection, model = null) {
|
||||
const conn = currentConnection._connection || currentConnection;
|
||||
const now = Date.now();
|
||||
|
||||
// Collect all modelLock_* keys (both active and expired)
|
||||
const allLockKeys = Object.keys(conn).filter(k => k.startsWith("modelLock_"));
|
||||
const hasError = conn.testStatus === "unavailable" || conn.lastError || allLockKeys.length > 0;
|
||||
|
||||
if (!hasError) return; // Skip if already clean
|
||||
if (!conn.testStatus && !conn.lastError && allLockKeys.length === 0) return;
|
||||
|
||||
// Clear all modelLock_* keys (lazy cleanup of expired ones included)
|
||||
const clearLocks = Object.fromEntries(allLockKeys.map(k => [k, null]));
|
||||
await updateProviderConnection(connectionId, {
|
||||
...clearLocks,
|
||||
testStatus: "active",
|
||||
lastError: null,
|
||||
lastErrorAt: null,
|
||||
backoffLevel: 0
|
||||
// Keys to clear: current model's lock + all expired locks
|
||||
const keysToClear = allLockKeys.filter(k => {
|
||||
if (model && k === `modelLock_${model}`) return true; // succeeded model
|
||||
if (model && k === "modelLock___all") return true; // account-level lock
|
||||
const expiry = conn[k];
|
||||
return expiry && new Date(expiry).getTime() <= now; // expired
|
||||
});
|
||||
log.info("AUTH", `Account ${connectionId.slice(0, 8)} error cleared`);
|
||||
|
||||
if (keysToClear.length === 0 && conn.testStatus !== "unavailable" && !conn.lastError) return;
|
||||
|
||||
// Check if any active locks remain after clearing
|
||||
const remainingActiveLocks = allLockKeys.filter(k => {
|
||||
if (keysToClear.includes(k)) return false;
|
||||
const expiry = conn[k];
|
||||
return expiry && new Date(expiry).getTime() > now;
|
||||
});
|
||||
|
||||
const clearObj = Object.fromEntries(keysToClear.map(k => [k, null]));
|
||||
|
||||
// Only reset error state if no active locks remain
|
||||
if (remainingActiveLocks.length === 0) {
|
||||
Object.assign(clearObj, { testStatus: "active", lastError: null, lastErrorAt: null, backoffLevel: 0 });
|
||||
}
|
||||
|
||||
await updateProviderConnection(connectionId, clearObj);
|
||||
log.info("AUTH", `Account ${connectionId.slice(0, 8)} cleared lock for model=${model || "__all"}`);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user