-
Notifications
You must be signed in to change notification settings - Fork 60k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Compatible for getting auth token from client #5899
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
@timqi is attempting to deploy a commit to the NextChat Team on Vercel. A member of the Team first needs to authorize it. |
Warning Rate limit exceeded@timqi has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 10 minutes and 52 seconds before requesting another review. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. WalkthroughThe changes in this pull request involve modifications to the Changes
Possibly related PRs
Suggested reviewers
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
🧹 Outside diff range and nitpick comments (1)
app/api/auth.ts (1)
28-29
: Consider documenting supported authentication methods.The auth function now supports two header variations (
Authorization
andx-api-key
). Consider adding a comment or updating documentation to clarify the supported authentication methods.Example comment:
+ // Supports both 'Authorization' and 'x-api-key' headers for authentication + // Format: Bearer <token> or direct API key const authToken = req.headers.get("Authorization") ?? req.headers.get("x-api-key") ?? "";
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (1)
app/api/auth.ts
(1 hunks)
🔇 Additional comments (1)
app/api/auth.ts (1)
28-29
: LGTM! Verify security policies.
The addition of the x-api-key
header fallback is a clean implementation that maintains backward compatibility while supporting clients that use this standard header.
Let's verify if there are any security policies or documentation about authentication methods:
✅ Verification successful
Let's examine the authentication implementation across the codebase to verify security policies and consistency.
**The x-api-key header addition is consistent with the codebase's authentication patterns **
The verification confirms that:
- The change aligns with the codebase's authentication patterns, particularly with Anthropic's client implementation which uses x-api-key
- The auth.ts implementation maintains proper security by:
- Treating both headers equally in the token parsing logic
- Applying the same validation rules for both headers
- Preserving all existing security checks (access codes, API key restrictions)
- The change is backward compatible and follows the same security policies as the Authorization header
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Search for authentication documentation and security policies
echo "Searching for authentication documentation..."
rg -l -g '*.md' -i 'authentication|authorization|security|api.?key'
echo "Searching for other authentication header usages..."
rg -l 'Authorization|x-api-key' --type ts --type js
Length of output: 1119
Script:
#!/bin/bash
# Check authentication implementation in key files
echo "Checking auth.ts implementation..."
cat app/api/auth.ts
echo -e "\nChecking anthropic client implementation..."
cat app/client/platforms/anthropic.ts
echo -e "\nChecking common API authentication..."
cat app/api/common.ts
Length of output: 22334
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 2
🧹 Outside diff range and nitpick comments (2)
.github/workflows/timqi.yml (2)
3-5
: Consider restricting permissions scopeThe current workflow has broad write permissions to repository contents. Consider limiting the permissions to only what's needed:
permissions: - contents: write + contents: write # Needed for sync + packages: write # Needed for Docker push
41-41
: Remove trailing whitespaceThere are trailing spaces on several lines that should be removed for cleaner YAML formatting.
Also applies to: 48-48, 58-58, 70-70, 73-73
🧰 Tools
🪛 yamllint (1.35.1)
[error] 41-41: trailing spaces
(trailing-spaces)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (1)
.github/workflows/timqi.yml
(1 hunks)
🧰 Additional context used
🪛 actionlint (1.7.4)
.github/workflows/timqi.yml
20-20: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
43-43: the runner of "docker/login-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
51-51: the runner of "docker/metadata-action@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
60-60: the runner of "docker/build-push-action@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🪛 yamllint (1.35.1)
.github/workflows/timqi.yml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[error] 41-41: trailing spaces
(trailing-spaces)
[error] 48-48: trailing spaces
(trailing-spaces)
[error] 58-58: trailing spaces
(trailing-spaces)
[error] 70-70: trailing spaces
(trailing-spaces)
[error] 73-73: trailing spaces
(trailing-spaces)
🔇 Additional comments (3)
.github/workflows/timqi.yml (3)
12-15
: LGTM! Fork detection is properly implemented
The job configuration correctly ensures the workflow only runs on forks using the if
condition.
35-40
: Well-documented error handling with bilingual support
The error messaging is clear and helpful, providing both English and Chinese instructions with documentation links.
23-34
: Verify upstream repository configuration
The sync configuration looks good and uses secure token handling. However, let's verify the upstream repository path.
✅ Verification successful
Upstream repository configuration is valid and accessible
The upstream repository ChatGPTNextWeb/ChatGPT-Next-Web
exists, is active (not archived), and its default branch is 'main' which matches the sync configuration.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Verify the upstream repository exists and is accessible
gh repo view ChatGPTNextWeb/ChatGPT-Next-Web --json name,isArchived,defaultBranchRef
Length of output: 168
- name: Checkout target repo | ||
uses: actions/checkout@v3 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Update checkout action to v4
The actions/checkout
action has a newer version available with security improvements and better performance.
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
- name: Checkout target repo | |
uses: actions/checkout@v3 | |
- name: Checkout target repo | |
uses: actions/checkout@v4 |
🧰 Tools
🪛 actionlint (1.7.4)
20-20: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
.github/workflows/timqi.yml
Outdated
- name: Log in to Docker Hub | ||
uses: docker/login-action@v2 | ||
# if: steps.sync.outputs.has_new_commits == 'true' | ||
with: | ||
username: ${{ secrets.DOCKER_USERNAME }} | ||
password: ${{ secrets.DOCKER_PASSWORD }} | ||
|
||
- name: Extract metadata (tags, labels) for Docker | ||
id: meta | ||
uses: docker/metadata-action@v4 | ||
# if: steps.sync.outputs.has_new_commits == 'true' | ||
with: | ||
images: timqi/chatgpt-next-web | ||
tags: | | ||
type=raw,value=latest | ||
type=ref,event=tag | ||
|
||
- name: Build and push Docker image | ||
uses: docker/build-push-action@v4 | ||
# if: steps.sync.outputs.has_new_commits == 'true' | ||
with: | ||
context: . | ||
platforms: linux/amd64 | ||
push: true | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
cache-from: type=gha | ||
cache-to: type=gha,mode=max |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Several improvements needed for Docker configuration
- There are commented-out conditions (
# if: steps.sync.outputs.has_new_commits == 'true'
) that should be either removed or uncommented. - Using only the
latest
tag is risky. Consider adding version-based tags. - Docker-related actions have newer versions available.
Apply these improvements:
- uses: docker/login-action@v2
+ uses: docker/login-action@v3
- uses: docker/metadata-action@v4
+ uses: docker/metadata-action@v5
- uses: docker/build-push-action@v4
+ uses: docker/build-push-action@v5
tags: |
type=raw,value=latest
+ type=sha,prefix={{date 'YYYYMMDD'}}-
+ type=semver,pattern={{version}}
Also, consider uncommenting the sync conditions to avoid unnecessary builds when there are no changes:
+ if: steps.sync.outputs.has_new_commits == 'true'
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
- name: Log in to Docker Hub | |
uses: docker/login-action@v2 | |
# if: steps.sync.outputs.has_new_commits == 'true' | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v4 | |
# if: steps.sync.outputs.has_new_commits == 'true' | |
with: | |
images: timqi/chatgpt-next-web | |
tags: | | |
type=raw,value=latest | |
type=ref,event=tag | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v4 | |
# if: steps.sync.outputs.has_new_commits == 'true' | |
with: | |
context: . | |
platforms: linux/amd64 | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Log in to Docker Hub | |
uses: docker/login-action@v3 | |
if: steps.sync.outputs.has_new_commits == 'true' | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v5 | |
if: steps.sync.outputs.has_new_commits == 'true' | |
with: | |
images: timqi/chatgpt-next-web | |
tags: | | |
type=raw,value=latest | |
type=sha,prefix={{date 'YYYYMMDD'}}- | |
type=semver,pattern={{version}} | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v5 | |
if: steps.sync.outputs.has_new_commits == 'true' | |
with: | |
context: . | |
platforms: linux/amd64 | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max |
🧰 Tools
🪛 actionlint (1.7.4)
43-43: the runner of "docker/login-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
51-51: the runner of "docker/metadata-action@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
60-60: the runner of "docker/build-push-action@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🪛 yamllint (1.35.1)
[error] 48-48: trailing spaces
(trailing-spaces)
[error] 58-58: trailing spaces
(trailing-spaces)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
🧹 Outside diff range and nitpick comments (3)
.github/workflows/timqi.yml (3)
3-4
: Consider using more specific permissionsThe current
contents: write
permission is broader than necessary. Consider limiting it to only the required permissions:permissions: - contents: write + contents: read + pull-requests: write # Required for sync action
35-40
: Enhance error handling with status checkConsider adding a status check to distinguish between workflow file changes and other sync failures:
- name: Sync check if: failure() run: | + if [[ "${{ steps.sync.outputs.has_workflow_changes }}" == "true" ]]; then echo "[Error] 由于上游仓库的 workflow 文件变更,导致 GitHub 自动暂停了本次自动更新,你需要手动 Sync Fork 一次,详细教程请查看:https://github.com/Yidadaa/ChatGPT-Next-Web/blob/main/README_CN.md#%E6%89%93%E5%BC%80%E8%87%AA%E5%8A%A8%E6%9B%B4%E6%96%B0" echo "[Error] Due to a change in the workflow file of the upstream repository, GitHub has automatically suspended the scheduled automatic update. You need to manually sync your fork. Please refer to the detailed tutorial for instructions: https://github.com/Yidadaa/ChatGPT-Next-Web#enable-automatic-updates" + else + echo "[Error] Sync failed for unknown reasons. Please check the action logs for more details." + fi exit 1
72-72
: Consider adding multi-platform supportCurrently building only for
linux/amd64
. Consider adding support for more platforms:-platforms: linux/amd64 +platforms: linux/amd64,linux/arm64,linux/arm/v7
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (1)
.github/workflows/timqi.yml
(1 hunks)
🧰 Additional context used
🪛 actionlint (1.7.4)
.github/workflows/timqi.yml
12-12: could not parse as YAML: yaml: line 12: did not find expected key
(syntax-check)
🪛 yamllint (1.35.1)
.github/workflows/timqi.yml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[error] 41-41: trailing spaces
(trailing-spaces)
[warning] 46-46: wrong indentation: expected 6 but found 10
(indentation)
[error] 48-48: trailing spaces
(trailing-spaces)
[error] 49-49: syntax error: expected , but found ''
(syntax)
[error] 58-58: trailing spaces
(trailing-spaces)
[error] 78-78: trailing spaces
(trailing-spaces)
[error] 81-81: trailing spaces
(trailing-spaces)
🔇 Additional comments (2)
.github/workflows/timqi.yml (2)
19-20
: Update checkout action to v4
The actions/checkout
action has a newer version available with security improvements and better performance.
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
43-43
: Update Docker-related actions to latest versions
Several Docker-related actions are using outdated versions.
-uses: docker/login-action@v2
+uses: docker/login-action@v3
-uses: docker/metadata-action@v4
+uses: docker/metadata-action@v5
-uses: docker/setup-qemu-action@v2
+uses: docker/setup-qemu-action@v3
-uses: docker/setup-buildx-action@v2
+uses: docker/setup-buildx-action@v3
-uses: docker/build-push-action@v4
+uses: docker/build-push-action@v5
Also, consider adding version-based tags:
tags: |
type=raw,value=latest
+ type=sha,prefix={{date 'YYYYMMDD'}}-
+ type=semver,pattern={{version}}
Also applies to: 51-51, 60-60, 64-64, 68-68
.github/workflows/timqi.yml
Outdated
|
||
- name: Log in to Docker Hub | ||
uses: docker/login-action@v2 | ||
# if: steps.sync.outputs.has_new_commits == 'true' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Uncomment the sync condition checks
The commented out conditions # if: steps.sync.outputs.has_new_commits == 'true'
should be uncommented to avoid unnecessary Docker operations when there are no changes:
-# if: steps.sync.outputs.has_new_commits == 'true'
+if: steps.sync.outputs.has_new_commits == 'true'
Also applies to: 52-52, 61-61, 65-65, 69-69
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
🧹 Outside diff range and nitpick comments (2)
.github/workflows/timqi.yml (2)
14-14
: Specify Ubuntu version explicitlyUsing
ubuntu-latest
may lead to unexpected behavior when Ubuntu releases new versions. Consider using a specific version for better stability.- runs-on: ubuntu-latest + runs-on: ubuntu-22.04
1-79
: Fix YAML formatting issuesThere are several formatting issues in the file:
- Incorrect indentation (e.g., line 46)
- Trailing spaces (lines 41, 48, 58, 76, 79)
Consider using a YAML formatter to automatically fix these issues. For example:
yamlfmt -w .github/workflows/timqi.yml🧰 Tools
🪛 actionlint (1.7.4)
12-12: could not parse as YAML: yaml: line 12: did not find expected key
(syntax-check)
🪛 yamllint (1.35.1)
[error] 1-1: wrong new line character: expected \n
(new-lines)
[error] 41-41: trailing spaces
(trailing-spaces)
[warning] 46-46: wrong indentation: expected 6 but found 10
(indentation)
[error] 48-48: trailing spaces
(trailing-spaces)
[error] 49-49: syntax error: expected , but found ''
(syntax)
[error] 58-58: trailing spaces
(trailing-spaces)
[error] 76-76: trailing spaces
(trailing-spaces)
[error] 79-79: trailing spaces
(trailing-spaces)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (1)
.github/workflows/timqi.yml
(1 hunks)
🧰 Additional context used
🪛 actionlint (1.7.4)
.github/workflows/timqi.yml
12-12: could not parse as YAML: yaml: line 12: did not find expected key
(syntax-check)
🪛 yamllint (1.35.1)
.github/workflows/timqi.yml
[error] 1-1: wrong new line character: expected \n
(new-lines)
[error] 41-41: trailing spaces
(trailing-spaces)
[warning] 46-46: wrong indentation: expected 6 but found 10
(indentation)
[error] 48-48: trailing spaces
(trailing-spaces)
[error] 49-49: syntax error: expected , but found ''
(syntax)
[error] 58-58: trailing spaces
(trailing-spaces)
[error] 76-76: trailing spaces
(trailing-spaces)
[error] 79-79: trailing spaces
(trailing-spaces)
🔇 Additional comments (3)
.github/workflows/timqi.yml (3)
1-10
: LGTM! Workflow configuration is well-structured.
The workflow configuration includes appropriate triggers (daily schedule and manual) with correct permissions setup.
🧰 Tools
🪛 yamllint (1.35.1)
[error] 1-1: wrong new line character: expected \n
(new-lines)
19-20
: Update checkout action to v4
The actions/checkout
action has a newer version available with security improvements and better performance.
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
42-76
: 🛠️ Refactor suggestion
Docker configuration needs several improvements
- Uncomment the sync conditions to avoid unnecessary builds
- Update Docker actions to latest versions
- Consider adding more platform support
- Enhance the tagging strategy
Apply these improvements:
- uses: docker/login-action@v2
+ uses: docker/login-action@v3
- uses: docker/metadata-action@v4
+ uses: docker/metadata-action@v5
- uses: docker/setup-qemu-action@v2
+ uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v2
+ uses: docker/setup-buildx-action@v3
- uses: docker/build-push-action@v4
+ uses: docker/build-push-action@v5
# Uncomment sync conditions
-# if: steps.sync.outputs.has_new_commits == 'true'
+if: steps.sync.outputs.has_new_commits == 'true'
# Enhance platform support
- platforms: linux/amd64
+ platforms: linux/amd64,linux/arm64
# Improve tagging strategy
tags: |
type=raw,value=latest
+ type=sha,prefix={{date 'YYYYMMDD'}}-
type=ref,event=tag
+ type=semver,pattern={{version}}
Likely invalid or redundant comment.
🧰 Tools
🪛 yamllint (1.35.1)
[warning] 46-46: wrong indentation: expected 6 but found 10
(indentation)
[error] 48-48: trailing spaces
(trailing-spaces)
[error] 49-49: syntax error: expected , but found ''
(syntax)
[error] 58-58: trailing spaces
(trailing-spaces)
[error] 76-76: trailing spaces
(trailing-spaces)
💻 变更类型 | Change Type
🔀 变更说明 | Description of Change
注意到一些客户端尤其是 anthropic 相关的,使用
x-api-key
头来传递服务的 auth token,所以做此修改用来兼容这一种情况Summary by CodeRabbit
New Features
Authorization
andx-api-key
headers for token retrieval.Bug Fixes
Chores