Files
lijiaoqiao/gateway
Your Name ad776e4079 fix: P0/P1 security fixes across gateway, token-runtime, and supply-api
P0 fixes:
- platform-token-runtime: Add store.Save() after Refresh token update (P0-3)
- platform-token-runtime: Add sync.RWMutex to InMemoryRuntimeStore (P0-4)
- platform-token-runtime: Add bearer token auth to /audit-events endpoint (P0-5)
- gateway: Fail startup in production if PASSWORD_ENCRYPTION_KEY uses default (P0-1)
- gateway: Require explicit CORS_ALLOW_ORIGINS in production (P0-2)

P1 fixes:
- gateway: Add TrustedProxies config field + env var GATEWAY_TRUSTED_PROXIES (P1-5)
- gateway: Sanitize X-Request-ID header to prevent log injection (P1-6)
- gateway: Strip internal error details from error responses to clients (P1-7)
- supply-api: Upgrade deriveDEK from trivial byte-rotation to HKDF-SHA256 (P1-1)
- supply-api: Reject HS256/HS384/HS512 in production, require RSA (P1-2)

Code quality fixes:
- supply-api: Add BruteForceMaxAttempts + BruteForceLockoutDuration to AuthConfig (MED-12)
- supply-api: Add TrustedProxies to token_auth_middleware (IP spoofing protection)
- supply-api: Use shared pathutil.SplitPath instead of duplicate splitPath
- supply-api: Fix query_key_reject_middleware call sites with trustedProxies param
- gateway: Wire TrustedProxies into AuthMiddlewareConfig and extractClientIP
- gateway: Add CORSAllowOrigins to AuthConfig, wire into CORSMiddleware
- gateway: Fix CompletionsHandle to have context and RecordResult like ChatCompletions
- gateway: Add sanitizeRequestID helper for X-Request-ID log injection prevention
- gateway: Add os import for PASSWORD_ENCRYPTION_KEY check
- gateway: Add strings import to handler.go for sanitizeRequestID

Environment issues documented in TEST_ENVIRONMENT_ISSUES.md
2026-04-17 14:36:02 +08:00
..

Gateway

OpenAI 兼容入口网关,负责接入、鉴权、限流、上游路由与基础审计。

当前真实状态

  • 服务入口是 cmd/gateway/main.go
  • 当前对外暴露的主要接口是 /v1/chat/completions/v1/completions/v1/models,以及对应的 /api/v1/* 兼容路径。
  • 鉴权运行时支持两种模式:
    • inmemory
    • remote_introspection
  • provider 注册已经从配置装配;如果未显式配置 provider启动时会基于环境变量生成默认 OpenAI provider。
  • 审计发射器支持 PostgreSQL 与内存实现;数据库未配置时会显式回退到内存实现。

与其他服务的边界

  • gateway 不签发业务 token。
  • gatewayremote_introspection 模式下依赖 platform-token-runtime 提供 token introspection。
  • gateway 只承载入口控制,不承载 supply-apiplatform-token-runtime 的业务逻辑。

本地运行

cd "/home/long/project/立交桥/gateway"
export OPENAI_API_KEY="..."
export OPENAI_BASE_URL="https://api.openai.com"
export OPENAI_MODELS="gpt-4,gpt-3.5-turbo"
export GATEWAY_ENV="dev"
export GATEWAY_TOKEN_RUNTIME_MODE="inmemory"
go run ./cmd/gateway

如果要切到远程 token 校验:

export GATEWAY_TOKEN_RUNTIME_MODE="remote_introspection"
export GATEWAY_TOKEN_RUNTIME_URL="http://127.0.0.1:18081"

默认监听 0.0.0.0:8080

验证命令

模块级验证:

cd "/home/long/project/立交桥/gateway"
GOCACHE=/tmp/lijiaoqiao-go-cache-gateway go test ./...

仓库级统一验证:

cd "/home/long/project/立交桥"
bash scripts/ci/repo_integrity_check.sh

关键目录

  • internal/config/:环境变量配置与 provider 配置加载。
  • internal/handler/OpenAI 兼容 HTTP handler。
  • internal/middleware/鉴权、CORS、远程 introspection。
  • internal/router/provider 路由、打分与 fallback。