mirror of
https://github.com/diegosouzapw/OmniRoute.git
synced 2026-05-05 09:46:30 +00:00
9e45baae58
Some checks are pending
CI / Lint (push) Waiting to run
CI / Build language matrix (push) Waiting to run
CI / i18n Validation (push) Blocked by required conditions
CI / PR Test Policy (push) Waiting to run
CI / Advanced Security Scans (push) Waiting to run
CI / Build (push) Waiting to run
CI / Package Artifact (push) Blocked by required conditions
CI / Unit Tests (push) Blocked by required conditions
CI / Coverage (push) Blocked by required conditions
CI / SonarQube (push) Blocked by required conditions
CI / PR Coverage Comment (push) Blocked by required conditions
CI / E2E Tests (1/4) (push) Blocked by required conditions
CI / E2E Tests (2/4) (push) Blocked by required conditions
CI / E2E Tests (3/4) (push) Blocked by required conditions
CI / E2E Tests (4/4) (push) Blocked by required conditions
CI / Integration Tests (push) Blocked by required conditions
CI / Security Tests (push) Blocked by required conditions
CI / CI Dashboard (push) Blocked by required conditions
Publish to Docker Hub / Build and Push Docker (multi-arch) (push) Waiting to run
* fix(streaming): #1211 greedy strip omniModel tags to prevent literal \n\n artifacts - Changed regex quantifier from ? to * in combo.ts, comboAgentMiddleware.ts, and contextHandoff.ts to greedily strip all JSON-escaped newline sequences surrounding <omniModel> tags in SSE streaming chunks - Added \r to the character class for cross-platform robustness - Fixed Playwright strict-mode violation in combo-unification.spec.ts - Bumped OpenAPI version and CHANGELOG to 3.6.6 * fix: 3 bugs found during issue triage (#1175, #1187/#1218, #1202) - fix(gemini): strip VS Code JSON Schema extensions from tool schemas (#1175) Add enumDescriptions, markdownDescription, markdownEnumDescriptions, enumItemLabels and tags to UNSUPPORTED_SCHEMA_CONSTRAINTS so the Gemini sanitizer removes them before forwarding. GitHub Copilot injects these non-standard fields into tool definitions, causing Gemini to reject with 'Unknown name enumDescriptions at functionDeclarations[n].parameters'. - fix(health-check): unwrap proxy config object before passing to getAccessToken (#1187 #1218) resolveProxyForConnection() returns { proxy, level, levelId } but the health check loop was passing the full wrapper to getAccessToken(), which expects the inner config object (.host, .port etc). The proxy dispatcher validated .host on the wrapper (undefined) and threw 'Context proxy host is required', silently marking every connection as unhealthy every sweep. Fix mirrors the pattern already used in chatHelpers.ts: proxyResult?.proxy || null. - fix(ui): debounce models.dev sync interval slider to save only on release (#1202) The slider's onChange fired updateInterval() on every drag tick, sending a PATCH per pixel of movement. Rapid API responses overwrote UI state mid-drag. Introduce draftIntervalHours for smooth visual feedback; the PATCH fires on onMouseUp / onBlur once the user releases the control. * fix(providers): update Xiaomi MiMo token-plan endpoints (#1238) Integrated into release/v3.6.6 * fix(cc-compatible): trim beta flags and preserve cache passthrough (#1230) Integrated into release/v3.6.6 * feat(memory+skills): full-featured memory & skills systems with tests (#1228) Integrated into release/v3.6.6 * fix: forward client x-initiator header to GitHub Copilot upstream (#1227) Integrated into release/v3.6.6 * feat(bailian-quota): add Alibaba Coding Plan quota monitoring (#1235) * fix: resolve v3.6.6 backlog bugs (#1206, #1211, #1220, #1231) - fix(core): #1206 inject startup guard against app/ and src/app/ conflict - fix(health): #1220 add HEALTHCHECK_STAGGER_MS to prevent token refresh bursting - fix(proxy): #1231 prioritize HTTP 429 over quota body heuristics - fix(sse): #1211 strip leading double-newlines in responses API stream * fix(tests): resolve memory migration and skills route pagination bugs from PR overlaps * docs: Update CHANGELOG.md with v3.6.6 features (#1182, #1165, #1177) * chore(release): bump version to 3.6.6 Update package versions for the electron app and open-sse package. Sync llm.txt metadata and feature headings with the 3.6.6 release. * feat(core): harden outbound provider calls and add cooldown retries Add guarded outbound fetch helpers with private/local URL blocking, controlled retries, timeout normalization, and route-level status propagation for provider validation and model discovery. Introduce cooldown-aware chat retries with configurable requestRetry and maxRetryIntervalSec settings, model-scoped cooldown responses, and improved rate-limit learning from headers and error bodies so short upstream lockouts can recover automatically. Also align Antigravity and Codex header handling, require API keys for Pollinations, validate web runtime env at startup, restore sanitized Gemini tool names in translated responses, and inject a synthetic Claude text block when upstream SSE completes empty. * feat(models): add glmt preset and hybrid token counting Introduce GLM Thinking as a first-class provider preset with shared GLM model metadata, pricing, usage sync, dashboard support, and provider request defaults for higher token budgets and longer timeouts. Use provider-side /messages/count_tokens when a Claude-compatible upstream supports it, while preserving estimated fallback behavior for missing models, missing credentials, and upstream failures. Also add startup seeding for default model aliases and normalize common cross-proxy model dialects so canonical slashful model ids do not get misrouted during resolution. * feat(api): add sync tokens and v1 websocket bridge Add dedicated sync token storage, issuance, revocation, and bundle download routes backed by stable config bundle versioning and ETag support. Expose the v1 websocket handshake route and custom Next server bridge so OpenAI-compatible websocket traffic can be upgraded and proxied through the dashboard and API bridge. Expand compliance auditing with structured metadata, pagination, request context, auth and provider credential events, and SSRF-blocked validation logging. * docs: Update all documentation for v3.6.6 - CHANGELOG: Add WebSocket bridge, GLM Thinking preset, safe outbound fetch/SSRF guard, cooldown-aware retries, compliance audit v2, model alias seeding, and all Internal Improvements for the 3 new commits - README: Expand v3.6.x highlights table with 10 new features; add SafeOutboundFetch, CooldownAwareRetry, SSRF guard, TPS metric, sync tokens, WebSocket bridge to Resilience/Observability/Deployment tables - ARCHITECTURE: Bump date; add new modules to executive summary, API routes, SSE core services, Auth/Security section; add SSRF/Outbound guard failure mode (section 6); expand module mapping - ENVIRONMENT: Add OMNIROUTE_CRYPT_KEY/OMNIROUTE_API_KEY_BASE64 legacy aliases, OUTBOUND_SSRF_GUARD_ENABLED, CODEX_CLIENT_VERSION, and REQUEST_RETRY/MAX_RETRY_INTERVAL_SEC cooldown retry settings - FEATURES: Add 6 new feature sections — V1 WebSocket Bridge, Sync Tokens & Config Bundle, GLM Thinking Preset, Safe Outbound Fetch & SSRF Guard, Cooldown-Aware Retries, Compliance Audit v2 * fix: use api64 for proxy test (#1255) Integrated into release/v3.6.6 — IPv6 proxy test fix * fix(page): update custom models section to include all providers #1200 (#1256) Integrated into release/v3.6.6 — Gemini custom model picker fix * fix: provide default client_id fallbacks to prevent broken OAuth requests (#1246) Integrated into release/v3.6.6 — OAuth client_id default fallbacks * fix: translate max_tokens/max_completion_tokens → max_output_tokens in Chat→Responses translator (#1245) Integrated into release/v3.6.6 — max_tokens → max_output_tokens Responses API translation + unit tests * feat(oauth): support cursor-agent CLI as Cursor credential source (#1258) Integrated into release/v3.6.6 — cursor-agent CLI credential source support * fix(cc-compatible): restore upstream SSE and correct stream/combo timeout behavior (#1257) Integrated into release/v3.6.6 — CC-compatible upstream SSE restore + stream timeout fix + README table repair * fix(cli-tools): resolve API key resolution and model mapping bugs in CLI tools (#1263) Integrated into release/v3.6.6 * feat(cli-tools): add Qwen Code CLI integration (#1266) Integrated into release/v3.6.6 * fix(i18n): add missing zh-CN translations and fix logger imports (#1269) Integrated into release/v3.6.6 * fix(i18n): add Chinese i18n support to dashboard components (#1274) Integrated into release/v3.6.6 * feat: update Pollinations to require API key, remove free tier flag (#1177) * feat: friendly error messages for crypto/encryption failures (#1165) * feat: add TPS (tokens per second) metric column to request logs (#1182) * feat: merge custom/imported models into filter list for all providers (#1191) * feat(fallback): Fix provider-profile-driven lockouts (#1267) This integrates rdself's unify-provider-profile-locks PR manually to handle structural conflicts. * fix(claude): proper Anthropic SDK integration (#1271) * fix(healthcheck): use correct proxy wrapper format for getAccessToken (#1272) * chore(release): v3.6.6 — skills registry stability fix + final integration * fix(auth): harden bootstrap auth and memory dashboard behavior Restrict unauthenticated writes to /api/settings/require-login to the initial bootstrap window while keeping read-only checks public. This prevents post-setup config changes without blocking first-run login setup, and the onboarding flow now logs in immediately after setting the password. Restore memory API filtering and pagination behavior by supporting q searches, honoring offset-based requests, and avoiding unrelated fallback results when FTS misses. Update dashboard stats fallback to use the response totals consistently. Package the MCP server with explicit file entries and add regression tests for bootstrap auth and memory route behavior * fix(codex): remove max_output_tokens from body for compatibility * chore(release): v3.6.6 — include PR 1274 fixes in changelog * chore: exclude additional build artifacts and internal directories from npm package distribution * fix: update Gemini OAuth test to match registry defaults + codex UI improvements * fix: restore .mjs refs for scripts/ in test imports after ts migration * fix: restore next.config.mjs ref in dev-origins test * fix: implement db migration safety checks and codex config format * fix: disable mass-migration abort during unit tests based on auto-backup flag * fix: update script regex in auto-update tests to use .mjs * feat: Add Perplexity Web (Session) provider (#1289) Integrated into release/v3.6.6 * fix(cli): resolve codex routing config parsing, standardize select model button positioning, and clarify oauth documentation * docs(changelog): record recent cli, provider, and test updates Document the latest fixes for Codex routing configuration parsing and Lobehub provider icon fallback behavior. Add the note that the remaining JavaScript test files were migrated to TypeScript ES modules to reflect the completed test stack transition. * chore(release): merge #1286 minor improvements manually to avoid testing conflict * chore(test): rename perplexity-web.test.mjs to .ts to maintain 100% TS codebase * chore(docs): update CHANGELOG.md for perplexity-web provider * fix(security): resolve CodeQL incomplete URL substring sanitization via URL parsing in test mocks * fix: integrate compressContext() into chatCore.ts request pipeline Proactively compress oversized contexts before sending to upstream providers, preventing context_length_exceeded errors. Compression triggers at 85% of model's context limit using the existing 3-layer compressContext() function. - Import compressContext, estimateTokens, getTokenLimit from contextManager - Add compression check after translation, before executor dispatch - Estimate tokens and compare against 85% threshold of model's context limit - Apply 3-layer compression (trim tools, compress thinking, purify history) - Log compression events with before/after token counts and layers applied - Audit compression events for observability - Add unit tests verifying integration behavior Closes #1290 * fix(tests): align reasoning expectations with GLM thinking structure * fix: prevent orphaned tool_result messages in purifyHistory() When purifyHistory() drops oldest messages to fit context window, it can split tool_use/tool_result pairs — keeping the tool_result but dropping the tool_use that initiated it. This causes upstream providers to reject the request with format errors. Add fixToolPairs() that runs after each purification pass to remove: - OpenAI format: orphaned role='tool' messages without matching tool_calls ID - Claude format: orphaned tool_result content blocks without matching tool_use ID Closes #1291 * fix(tests): supply tool_use in mock so it is not dropped * chore: convert remaining test to TypeScript * fix(tests): restore compatibility with compressContext threshold test after tsx migration * docs: finalize v3.6.6 release documentation * fix(core): finalize provider removal, type issues, and codex API key config * fix(dashboard): render Web/Cookie, Search, Audio provider sections and fix TypeScript errors * fix: increase MCP web_search timeout to 60s (#1278) * fix: route combo testing properly for embedding models (#1260) * fix: accumulate excluded accounts in combo fallback loop (#1233) * fix: strip leading whitespace and newlines from first streaming chunk (#1211) * docs: clarify VPS and Docker settings for OAuth credentials (#1204) * fix: return real retry-after for pipeline gates (#1301) Integrated into release/v3.6.6 — returns real Retry-After values from pipeline gates * feat: streaming semantic cache, Cursor auto-version detection, and call-log enhancements (#1296) Integrated into release/v3.6.6 — streaming semantic cache, Cursor auto-version detection, call-log cache_source tracking * feat(api): support more OpenAI types (image, embeddings, audio-transcriptions, audio-speech) (#1297) Integrated into release/v3.6.6 — adds embeddings, audio-transcriptions, audio-speech, and images-generations support for custom OpenAI-compatible providers, plus Pollinations image registry * deps: bump hono from 4.12.12 to 4.12.14 (#1302) Integrated into release/v3.6.6 * deps: bump hono from 4.12.12 to 4.12.14 (#1306) Integrated into release/v3.6.6 * chore: stabilization fixes for v3.6.6 (#1298, #1254, #59, CI) * fix(providers): match correct endpoint for Xiaomi MiMo, strip routing prefix for custom openai endpoints (#1303, #1261) * feat(storage): add database backup cleanup controls * chore(release): v3.6.6 — Final Stabilization Push * Backport call log storage refactor to release/v3.6.6 (#1307) Integrated into release/v3.6.6 * deps: update dompurify to 3.4.0 to resolve CVE-XYZ (#60) * test: disable sqlite auto backup in CI to resolve E2E timeout (#24481475058) * chore(docs): sync CHANGELOG for v3.6.6 with missing features and fixes * chore(release): prep v3.6.6 infrastructure and type safety fixes - Migrated legacy .mjs scripts to .ts (bin, prepublish, policies) - Resolved pre-commit strict lint (t11 budget) errors in combo.ts - Explicitly typed all TS bindings in pack-artifact policies - Updated package.json commands to run Node via tsx/esm internally - Hardened CI/CD with explicit node version 22.22.2 checks - Completed stage validations for v3.6.6 final release * chore: fix TS build errors and e2e timeouts in CI - Migrate nodeRuntimeSupport to TS interfaces avoiding implicit any - Increase visibility timeouts in skills-marketplace E2E test to 15s to bypass CI flakiness - Complete migration of .mjs scripts to .ts ensuring type safety * chore(release): sync package version 3.6.6 across workspaces * test(e2e): universally increase UI component visibility timeouts from 5s to 15s to bypass CI starvation * chore(build): inject baseUrl, paths, and types:node into MITM tsconfig within prepublish hook to fix missing types in CI check --------- Co-authored-by: diegosouzapw <diegosouzapw@users.noreply.github.com> Co-authored-by: Jack <5443152+hijak@users.noreply.github.com> Co-authored-by: Randi <55005611+rdself@users.noreply.github.com> Co-authored-by: Paijo <14921983+oyi77@users.noreply.github.com> Co-authored-by: Samuel Cedric <ceds.sam@gmail.com> Co-authored-by: Max Garmash <max@37bytes.com> Co-authored-by: Markus Hartung <mail@hartmark.se> Co-authored-by: Gi99lin <74502520+Gi99lin@users.noreply.github.com> Co-authored-by: Payne <baboialex95@gmail.com> Co-authored-by: Benson K B <bensonkbmca@gmail.com> Co-authored-by: clousky2020 <33016567+clousky2020@users.noreply.github.com> Co-authored-by: Ravi Tharuma <25951435+RaviTharuma@users.noreply.github.com> Co-authored-by: oyi77 <oyi77@users.noreply.github.com> Co-authored-by: Hdsje <vovan877@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: xiaoge1688 <moyekongling@gmail.com>
648 lines
20 KiB
TypeScript
648 lines
20 KiB
TypeScript
import test from "node:test";
|
|
import assert from "node:assert/strict";
|
|
import fs from "node:fs";
|
|
import os from "node:os";
|
|
import path from "node:path";
|
|
import net from "node:net";
|
|
|
|
const isWindows = process.platform === "win32";
|
|
const TEST_DATA_DIR = fs.mkdtempSync(path.join(os.tmpdir(), "omniroute-fixes-"));
|
|
process.env.DATA_DIR = TEST_DATA_DIR;
|
|
|
|
const core = await import("../../src/lib/db/core.ts");
|
|
const backupDb = await import("../../src/lib/db/backup.ts");
|
|
const providersDb = await import("../../src/lib/db/providers.ts");
|
|
const combosDb = await import("../../src/lib/db/combos.ts");
|
|
const settingsDb = await import("../../src/lib/db/settings.ts");
|
|
const localDb = await import("../../src/lib/localDb.ts");
|
|
const tokenRefresh = await import("../../open-sse/services/tokenRefresh.ts");
|
|
const proxyFetch = await import("../../open-sse/utils/proxyFetch.ts");
|
|
const proxyDispatcher = await import("../../open-sse/utils/proxyDispatcher.ts");
|
|
const proxySettingsRoute = await import("../../src/app/api/settings/proxy/route.ts");
|
|
const proxyTestRoute = await import("../../src/app/api/settings/proxy/test/route.ts");
|
|
const shutdownRoute = await import("../../src/app/api/shutdown/route.ts");
|
|
const restartRoute = await import("../../src/app/api/restart/route.ts");
|
|
|
|
async function withEnv(name, value, fn) {
|
|
const previous = process.env[name];
|
|
if (value === undefined) {
|
|
delete process.env[name];
|
|
} else {
|
|
process.env[name] = value;
|
|
}
|
|
|
|
try {
|
|
return await fn();
|
|
} finally {
|
|
if (previous === undefined) {
|
|
delete process.env[name];
|
|
} else {
|
|
process.env[name] = previous;
|
|
}
|
|
}
|
|
}
|
|
|
|
async function resetStorage() {
|
|
core.resetDbInstance();
|
|
for (let attempt = 0; attempt < 10; attempt++) {
|
|
try {
|
|
if (fs.existsSync(TEST_DATA_DIR)) {
|
|
fs.rmSync(TEST_DATA_DIR, { recursive: true, force: true });
|
|
}
|
|
break;
|
|
} catch (err) {
|
|
if ((err?.code === "EBUSY" || err?.code === "EPERM") && attempt < 9) {
|
|
await new Promise((r) => setTimeout(r, 100 * (attempt + 1)));
|
|
} else {
|
|
throw err;
|
|
}
|
|
}
|
|
}
|
|
fs.mkdirSync(TEST_DATA_DIR, { recursive: true });
|
|
}
|
|
|
|
test.after(async () => {
|
|
core.resetDbInstance();
|
|
fs.rmSync(TEST_DATA_DIR, { recursive: true, force: true });
|
|
});
|
|
|
|
test("token refresh dedupe key avoids collision for same-prefix tokens", async () => {
|
|
const originalFetch = globalThis.fetch;
|
|
const requests = [];
|
|
|
|
globalThis.fetch = async (_url, options = {}) => {
|
|
const refreshToken = options.body?.get?.("refresh_token") || "unknown";
|
|
requests.push(refreshToken);
|
|
return new Response(
|
|
JSON.stringify({
|
|
access_token: `access-${refreshToken}`,
|
|
refresh_token: `refresh-${refreshToken}`,
|
|
expires_in: 3600,
|
|
}),
|
|
{
|
|
status: 200,
|
|
headers: { "content-type": "application/json" },
|
|
}
|
|
);
|
|
};
|
|
|
|
try {
|
|
const prefix = "abcdefghijklmnop";
|
|
const tokenA = `${prefix}-account-a`;
|
|
const tokenB = `${prefix}-account-b`;
|
|
|
|
const [resultA, resultB] = await Promise.all([
|
|
tokenRefresh.getAccessToken("codex", { refreshToken: tokenA }, null),
|
|
tokenRefresh.getAccessToken("codex", { refreshToken: tokenB }, null),
|
|
]);
|
|
|
|
assert.equal(requests.length, 2);
|
|
assert.equal(resultA.accessToken, `access-${tokenA}`);
|
|
assert.equal(resultB.accessToken, `access-${tokenB}`);
|
|
assert.notEqual(resultA.accessToken, resultB.accessToken);
|
|
} finally {
|
|
globalThis.fetch = originalFetch;
|
|
}
|
|
});
|
|
|
|
test(
|
|
"restoreDbBackup clears stale sqlite sidecars before reopen",
|
|
{ skip: isWindows },
|
|
async () => {
|
|
await resetStorage();
|
|
|
|
const db = core.getDbInstance();
|
|
const now = new Date().toISOString();
|
|
db.prepare(
|
|
"INSERT INTO provider_connections (id, provider, auth_type, name, is_active, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?, ?)"
|
|
).run("restore-test-conn", "openai", "apikey", "restore-test", 1, now, now);
|
|
|
|
const backupId = "db_2000-01-01T00-00-00-000Z_manual.sqlite";
|
|
const backupPath = path.join(core.DB_BACKUPS_DIR, backupId);
|
|
fs.mkdirSync(core.DB_BACKUPS_DIR, { recursive: true });
|
|
await db.backup(backupPath);
|
|
|
|
core.resetDbInstance();
|
|
fs.writeFileSync(`${core.SQLITE_FILE}-wal`, "STALE-WAL-MARKER");
|
|
fs.writeFileSync(`${core.SQLITE_FILE}-shm`, "STALE-SHM-MARKER");
|
|
fs.writeFileSync(`${core.SQLITE_FILE}-journal`, "STALE-JOURNAL-MARKER");
|
|
|
|
await backupDb.restoreDbBackup(backupId);
|
|
|
|
for (const suffix of ["-wal", "-shm", "-journal"]) {
|
|
const sidecarPath = `${core.SQLITE_FILE}${suffix}`;
|
|
if (!fs.existsSync(sidecarPath)) continue;
|
|
const text = fs.readFileSync(sidecarPath, "utf8");
|
|
assert.equal(text.includes("STALE-"), false, `sidecar ${suffix} still contains stale marker`);
|
|
}
|
|
|
|
const reopenedDb = core.getDbInstance();
|
|
const row = reopenedDb
|
|
.prepare("SELECT COUNT(*) AS cnt FROM provider_connections WHERE id = ?")
|
|
.get("restore-test-conn");
|
|
assert.equal(row.cnt, 1);
|
|
}
|
|
);
|
|
|
|
test("closeDbInstance checkpoints WAL changes into the primary SQLite file", async () => {
|
|
await resetStorage();
|
|
|
|
const db = core.getDbInstance();
|
|
const now = new Date().toISOString();
|
|
db.prepare(
|
|
"INSERT INTO provider_connections (id, provider, auth_type, name, is_active, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?, ?)"
|
|
).run("checkpoint-test-conn", "openai", "apikey", "checkpoint-test", 1, now, now);
|
|
|
|
core.closeDbInstance();
|
|
|
|
const snapshotPath = path.join(TEST_DATA_DIR, "storage-snapshot.sqlite");
|
|
fs.copyFileSync(core.SQLITE_FILE, snapshotPath);
|
|
|
|
const Database = (await import("better-sqlite3")).default;
|
|
const snapshotDb = new Database(snapshotPath, { readonly: true });
|
|
try {
|
|
const row = snapshotDb
|
|
.prepare("SELECT name FROM provider_connections WHERE id = ?")
|
|
.get("checkpoint-test-conn");
|
|
assert.equal(row?.name, "checkpoint-test");
|
|
} finally {
|
|
snapshotDb.close();
|
|
}
|
|
});
|
|
|
|
test("shutdown route uses SIGTERM for graceful shutdown", async () => {
|
|
const originalKill = process.kill;
|
|
const originalSetTimeout = globalThis.setTimeout;
|
|
const calls = [];
|
|
|
|
process.kill = (pid, signal) => {
|
|
calls.push({ pid, signal });
|
|
return true;
|
|
};
|
|
globalThis.setTimeout = (callback) => {
|
|
callback();
|
|
return 0;
|
|
};
|
|
|
|
try {
|
|
const response = await shutdownRoute.POST();
|
|
assert.equal(response.status, 200);
|
|
assert.deepEqual(calls, [{ pid: process.pid, signal: "SIGTERM" }]);
|
|
} finally {
|
|
process.kill = originalKill;
|
|
globalThis.setTimeout = originalSetTimeout;
|
|
}
|
|
});
|
|
|
|
test("restart route uses SIGTERM for graceful restart", async () => {
|
|
const originalKill = process.kill;
|
|
const originalSetTimeout = globalThis.setTimeout;
|
|
const calls = [];
|
|
|
|
process.kill = (pid, signal) => {
|
|
calls.push({ pid, signal });
|
|
return true;
|
|
};
|
|
globalThis.setTimeout = (callback) => {
|
|
callback();
|
|
return 0;
|
|
};
|
|
|
|
try {
|
|
const response = await restartRoute.POST();
|
|
assert.equal(response.status, 200);
|
|
assert.deepEqual(calls, [{ pid: process.pid, signal: "SIGTERM" }]);
|
|
} finally {
|
|
process.kill = originalKill;
|
|
globalThis.setTimeout = originalSetTimeout;
|
|
}
|
|
});
|
|
|
|
test("unlinkFileWithRetry retries EBUSY/EPERM and eventually succeeds", async () => {
|
|
const target = path.join(TEST_DATA_DIR, "retry-target.tmp");
|
|
fs.writeFileSync(target, "retry-me");
|
|
|
|
const originalExistsSync = fs.existsSync;
|
|
const originalUnlinkSync = fs.unlinkSync;
|
|
const seenCodes = [];
|
|
let attempts = 0;
|
|
|
|
fs.existsSync = (filePath) => {
|
|
if (filePath === target) return attempts < 3 || originalExistsSync(filePath);
|
|
return originalExistsSync(filePath);
|
|
};
|
|
|
|
fs.unlinkSync = (filePath) => {
|
|
if (filePath === target) {
|
|
attempts++;
|
|
if (attempts === 1) {
|
|
const err = new Error("busy");
|
|
err.code = "EBUSY";
|
|
seenCodes.push(err.code);
|
|
throw err;
|
|
}
|
|
if (attempts === 2) {
|
|
const err = new Error("perm");
|
|
err.code = "EPERM";
|
|
seenCodes.push(err.code);
|
|
throw err;
|
|
}
|
|
}
|
|
return originalUnlinkSync(filePath);
|
|
};
|
|
|
|
try {
|
|
await backupDb.unlinkFileWithRetry(target, { maxAttempts: 5, baseDelayMs: 1 });
|
|
assert.equal(attempts, 3);
|
|
assert.deepEqual(seenCodes, ["EBUSY", "EPERM"]);
|
|
assert.equal(fs.existsSync(target), false);
|
|
} finally {
|
|
fs.existsSync = originalExistsSync;
|
|
fs.unlinkSync = originalUnlinkSync;
|
|
if (originalExistsSync(target)) originalUnlinkSync(target);
|
|
}
|
|
});
|
|
|
|
test("provider connection persists rateLimitProtection across reopen", async () => {
|
|
await resetStorage();
|
|
|
|
const created = await providersDb.createProviderConnection({
|
|
provider: "openai",
|
|
authType: "apikey",
|
|
name: "rl-test",
|
|
apiKey: "sk-test",
|
|
});
|
|
|
|
await providersDb.updateProviderConnection(created.id, { rateLimitProtection: true });
|
|
|
|
const firstRead = await providersDb.getProviderConnectionById(created.id);
|
|
assert.equal(firstRead.rateLimitProtection, true);
|
|
|
|
core.resetDbInstance();
|
|
const secondRead = await providersDb.getProviderConnectionById(created.id);
|
|
assert.equal(secondRead.rateLimitProtection, true);
|
|
});
|
|
|
|
test('provider connection migration adds "group" column for existing databases', async () => {
|
|
await resetStorage();
|
|
|
|
const sqlitePath = core.SQLITE_FILE;
|
|
core.resetDbInstance();
|
|
|
|
const Database = (await import("better-sqlite3")).default;
|
|
const db = new Database(sqlitePath);
|
|
db.exec(`
|
|
CREATE TABLE provider_connections (
|
|
id TEXT PRIMARY KEY,
|
|
provider TEXT NOT NULL,
|
|
auth_type TEXT,
|
|
name TEXT,
|
|
email TEXT,
|
|
priority INTEGER DEFAULT 0,
|
|
is_active INTEGER DEFAULT 1,
|
|
access_token TEXT,
|
|
refresh_token TEXT,
|
|
expires_at TEXT,
|
|
token_expires_at TEXT,
|
|
scope TEXT,
|
|
project_id TEXT,
|
|
test_status TEXT,
|
|
error_code TEXT,
|
|
last_error TEXT,
|
|
last_error_at TEXT,
|
|
last_error_type TEXT,
|
|
last_error_source TEXT,
|
|
backoff_level INTEGER DEFAULT 0,
|
|
rate_limited_until TEXT,
|
|
health_check_interval INTEGER,
|
|
last_health_check_at TEXT,
|
|
last_tested TEXT,
|
|
api_key TEXT,
|
|
id_token TEXT,
|
|
provider_specific_data TEXT,
|
|
expires_in INTEGER,
|
|
display_name TEXT,
|
|
global_priority INTEGER,
|
|
default_model TEXT,
|
|
token_type TEXT,
|
|
consecutive_use_count INTEGER DEFAULT 0,
|
|
rate_limit_protection INTEGER DEFAULT 0,
|
|
last_used_at TEXT,
|
|
created_at TEXT NOT NULL,
|
|
updated_at TEXT NOT NULL
|
|
)
|
|
`);
|
|
db.close();
|
|
|
|
const reopened = core.getDbInstance();
|
|
const columns = reopened.prepare("PRAGMA table_info(provider_connections)").all();
|
|
const names = new Set(columns.map((column) => column.name));
|
|
assert.equal(names.has("group"), true);
|
|
});
|
|
|
|
test("resolveProxyForConnection applies combo proxy for object/string model entries", async () => {
|
|
await resetStorage();
|
|
|
|
const conn = await providersDb.createProviderConnection({
|
|
provider: "claude",
|
|
authType: "oauth",
|
|
email: "combo-test@example.com",
|
|
accessToken: "access",
|
|
refreshToken: "refresh",
|
|
});
|
|
|
|
const combo = await combosDb.createCombo({
|
|
id: "combo-proxy-test",
|
|
name: "combo-proxy-test",
|
|
strategy: "priority",
|
|
models: ["openai/gpt-5", { model: "cc/claude-sonnet-4-5-20250929", weight: 100 }],
|
|
});
|
|
|
|
await settingsDb.setProxyForLevel("combo", combo.id, {
|
|
type: "http",
|
|
host: "127.0.0.1",
|
|
port: "8080",
|
|
});
|
|
|
|
const resolved = await settingsDb.resolveProxyForConnection(conn.id);
|
|
assert.equal(resolved.level, "combo");
|
|
assert.equal(resolved.levelId, combo.id);
|
|
});
|
|
|
|
test("normalizeProxyUrl accepts socks5 only when explicitly allowed", () => {
|
|
const socksUrl = "socks5://127.0.0.1:1080";
|
|
|
|
const normalized = proxyDispatcher.normalizeProxyUrl(socksUrl, "test proxy", {
|
|
allowSocks5: true,
|
|
});
|
|
assert.match(normalized, /^socks5:\/\/127\.0\.0\.1:1080\/?$/);
|
|
|
|
assert.throws(
|
|
() =>
|
|
proxyDispatcher.normalizeProxyUrl(socksUrl, "test proxy", {
|
|
allowSocks5: false,
|
|
}),
|
|
/SOCKS5 proxy is disabled/i
|
|
);
|
|
});
|
|
|
|
test("createProxyDispatcher builds dispatchers for http, https, and socks5", async () => {
|
|
await withEnv("ENABLE_SOCKS5_PROXY", "true", async () => {
|
|
const httpDispatcher = proxyDispatcher.createProxyDispatcher("http://127.0.0.1:8080");
|
|
const httpsDispatcher = proxyDispatcher.createProxyDispatcher("https://127.0.0.1:8443");
|
|
const socksDispatcher = proxyDispatcher.createProxyDispatcher("socks5://127.0.0.1:1080");
|
|
|
|
assert.equal(typeof httpDispatcher.dispatch, "function");
|
|
assert.equal(typeof httpsDispatcher.dispatch, "function");
|
|
assert.equal(typeof socksDispatcher.dispatch, "function");
|
|
});
|
|
});
|
|
|
|
test("proxy fetch fails closed when context proxy is invalid", async () => {
|
|
await assert.rejects(
|
|
proxyFetch.runWithProxyContext({ type: "http", host: "127.0.0.1", port: "9" }, async () =>
|
|
fetch("https://example.com")
|
|
)
|
|
);
|
|
});
|
|
|
|
test("proxy fetch rejects socks5 context when feature flag is disabled", async () => {
|
|
await withEnv("ENABLE_SOCKS5_PROXY", "false", async () => {
|
|
await assert.rejects(
|
|
proxyFetch.runWithProxyContext(
|
|
{ type: "socks5", host: "127.0.0.1", port: "1080" },
|
|
async () => fetch("https://example.com")
|
|
),
|
|
/ENABLE_SOCKS5_PROXY/i
|
|
);
|
|
});
|
|
});
|
|
|
|
test("proxy fetch accepts socks5 context when feature flag is enabled", async () => {
|
|
await withEnv("ENABLE_SOCKS5_PROXY", "true", async () => {
|
|
const server = net.createServer();
|
|
await new Promise((resolve, reject) => {
|
|
server.once("error", reject);
|
|
server.listen(0, "127.0.0.1", resolve);
|
|
});
|
|
|
|
const address = server.address();
|
|
assert.ok(address && typeof address === "object");
|
|
|
|
try {
|
|
const result = await proxyFetch.runWithProxyContext(
|
|
{ type: "socks5", host: "127.0.0.1", port: String(address.port) },
|
|
async () => "ok"
|
|
);
|
|
assert.equal(result, "ok");
|
|
} finally {
|
|
await new Promise((resolve, reject) => {
|
|
server.close((err) => {
|
|
if (err) reject(err);
|
|
else resolve();
|
|
});
|
|
});
|
|
}
|
|
});
|
|
});
|
|
|
|
test("proxy settings route blocks socks5 with backend flag disabled", async () => {
|
|
await resetStorage();
|
|
|
|
await withEnv("ENABLE_SOCKS5_PROXY", "false", async () => {
|
|
const request = new Request("http://localhost/api/settings/proxy", {
|
|
method: "PUT",
|
|
headers: { "content-type": "application/json" },
|
|
body: JSON.stringify({
|
|
level: "global",
|
|
proxy: {
|
|
type: "socks5",
|
|
host: "127.0.0.1",
|
|
port: "1080",
|
|
},
|
|
}),
|
|
});
|
|
|
|
const response = await proxySettingsRoute.PUT(request);
|
|
const payload = await response.json();
|
|
assert.equal(response.status, 400);
|
|
assert.match(payload.error.message, /SOCKS5 proxy is disabled/i);
|
|
});
|
|
});
|
|
|
|
test("proxy settings route accepts socks5 with backend flag enabled", async () => {
|
|
await resetStorage();
|
|
|
|
await withEnv("ENABLE_SOCKS5_PROXY", "true", async () => {
|
|
const request = new Request("http://localhost/api/settings/proxy", {
|
|
method: "PUT",
|
|
headers: { "content-type": "application/json" },
|
|
body: JSON.stringify({
|
|
level: "global",
|
|
proxy: {
|
|
type: "SOCKS5",
|
|
host: "127.0.0.1",
|
|
port: "1080",
|
|
},
|
|
}),
|
|
});
|
|
|
|
const response = await proxySettingsRoute.PUT(request);
|
|
const payload = await response.json();
|
|
assert.equal(response.status, 200);
|
|
assert.equal(payload.global.type, "socks5");
|
|
});
|
|
});
|
|
|
|
test("proxy test route rejects socks5 when backend flag is disabled", async () => {
|
|
await withEnv("ENABLE_SOCKS5_PROXY", "false", async () => {
|
|
const request = new Request("http://localhost/api/settings/proxy/test", {
|
|
method: "POST",
|
|
headers: { "content-type": "application/json" },
|
|
body: JSON.stringify({
|
|
proxy: {
|
|
type: "socks5",
|
|
host: "127.0.0.1",
|
|
port: "1080",
|
|
},
|
|
}),
|
|
});
|
|
|
|
const response = await proxyTestRoute.POST(request);
|
|
const payload = await response.json();
|
|
|
|
assert.equal(response.status, 400);
|
|
assert.match(payload.error.message, /SOCKS5 proxy is disabled/i);
|
|
});
|
|
});
|
|
|
|
test("proxy test route runs socks5 test when backend flag is enabled", async () => {
|
|
await withEnv("ENABLE_SOCKS5_PROXY", "true", async () => {
|
|
const request = new Request("http://localhost/api/settings/proxy/test", {
|
|
method: "POST",
|
|
headers: { "content-type": "application/json" },
|
|
body: JSON.stringify({
|
|
proxy: {
|
|
type: "socks5",
|
|
host: "127.0.0.1",
|
|
port: "1",
|
|
},
|
|
}),
|
|
});
|
|
|
|
const response = await proxyTestRoute.POST(request);
|
|
const payload = await response.json();
|
|
|
|
assert.notEqual(response.status, 400);
|
|
assert.equal(payload.success, false);
|
|
assert.equal(payload.proxyUrl, "socks5://127.0.0.1:1");
|
|
});
|
|
});
|
|
|
|
test("proxy test route validates JSON, schema, and proxy types before dispatching", async () => {
|
|
await resetStorage();
|
|
|
|
const invalidJsonResponse = await proxyTestRoute.POST(
|
|
new Request("http://localhost/api/settings/proxy/test", {
|
|
method: "POST",
|
|
headers: { "content-type": "application/json" },
|
|
body: "{",
|
|
})
|
|
);
|
|
const invalidJsonBody = await invalidJsonResponse.json();
|
|
assert.equal(invalidJsonResponse.status, 400);
|
|
assert.equal(invalidJsonBody.error.message, "Invalid JSON body");
|
|
|
|
const invalidBodyResponse = await proxyTestRoute.POST(
|
|
new Request("http://localhost/api/settings/proxy/test", {
|
|
method: "POST",
|
|
headers: { "content-type": "application/json" },
|
|
body: JSON.stringify({ proxy: { port: "8080" } }),
|
|
})
|
|
);
|
|
const invalidBody = await invalidBodyResponse.json();
|
|
assert.equal(invalidBodyResponse.status, 400);
|
|
assert.equal(invalidBody.error.message, "Invalid request");
|
|
|
|
const socks4Response = await proxyTestRoute.POST(
|
|
new Request("http://localhost/api/settings/proxy/test", {
|
|
method: "POST",
|
|
headers: { "content-type": "application/json" },
|
|
body: JSON.stringify({
|
|
proxy: {
|
|
type: "socks4",
|
|
host: "127.0.0.1",
|
|
port: "1080",
|
|
},
|
|
}),
|
|
})
|
|
);
|
|
const socks4Body = await socks4Response.json();
|
|
assert.equal(socks4Response.status, 400);
|
|
assert.match(socks4Body.error.message, /proxy\.type must be http or https/i);
|
|
|
|
const unsupportedResponse = await proxyTestRoute.POST(
|
|
new Request("http://localhost/api/settings/proxy/test", {
|
|
method: "POST",
|
|
headers: { "content-type": "application/json" },
|
|
body: JSON.stringify({
|
|
proxy: {
|
|
type: "ftp",
|
|
host: "127.0.0.1",
|
|
port: "21",
|
|
},
|
|
}),
|
|
})
|
|
);
|
|
const unsupportedBody = await unsupportedResponse.json();
|
|
assert.equal(unsupportedResponse.status, 400);
|
|
assert.match(unsupportedBody.error.message, /proxy\.type must be http or https/i);
|
|
});
|
|
|
|
test("proxy test route handles invalid proxy ports and uses stored proxy config when proxyId is provided", async () => {
|
|
await resetStorage();
|
|
|
|
const invalidPortResponse = await proxyTestRoute.POST(
|
|
new Request("http://localhost/api/settings/proxy/test", {
|
|
method: "POST",
|
|
headers: { "content-type": "application/json" },
|
|
body: JSON.stringify({
|
|
proxy: {
|
|
type: "http",
|
|
host: "127.0.0.1",
|
|
port: "70000",
|
|
},
|
|
}),
|
|
})
|
|
);
|
|
const invalidPortBody = await invalidPortResponse.json();
|
|
assert.equal(invalidPortResponse.status, 400);
|
|
assert.match(invalidPortBody.error.message, /invalid proxy port/i);
|
|
|
|
const storedProxy = await localDb.createProxy({
|
|
name: "Stored Proxy",
|
|
type: "http",
|
|
host: "127.0.0.1",
|
|
port: 1,
|
|
username: "alice",
|
|
password: "secret",
|
|
});
|
|
|
|
const proxyIdResponse = await proxyTestRoute.POST(
|
|
new Request("http://localhost/api/settings/proxy/test", {
|
|
method: "POST",
|
|
headers: { "content-type": "application/json" },
|
|
body: JSON.stringify({
|
|
proxyId: storedProxy.id,
|
|
proxy: {
|
|
host: "127.0.0.1",
|
|
port: 0,
|
|
},
|
|
}),
|
|
})
|
|
);
|
|
const proxyIdBody = await proxyIdResponse.json();
|
|
assert.notEqual(proxyIdResponse.status, 400);
|
|
assert.equal(proxyIdBody.success, false);
|
|
assert.equal(proxyIdBody.proxyUrl, "http://127.0.0.1:1");
|
|
});
|