Skip to content

Commit 06a1548

Browse files
committed
Merge branch 'main' into 17676_update_anthropic_models
2 parents 6f131d4 + 8bbb9d0 commit 06a1548

7 files changed

Lines changed: 441 additions & 42 deletions

File tree

cmd/bricksllm/main.go

Lines changed: 26 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -162,6 +162,11 @@ func main() {
162162
log.Sugar().Fatalf("error creating user id for users table: %v", err)
163163
}
164164

165+
err = store.InitializeSecondaryKeyTable()
166+
if err != nil {
167+
log.Sugar().Fatalf("error initializing secondary key table: %v", err)
168+
}
169+
165170
go store.PrepareEventsIndexes(log)
166171

167172
cpMemStore, err := memdb.NewCustomProvidersMemDb(store, log, cfg.InMemoryDbUpdateInterval)
@@ -190,79 +195,79 @@ func main() {
190195
rateLimitRedisCache := redis.NewClient(defaultRedisOption(cfg, 0))
191196
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
192197
defer cancel()
193-
if err := rateLimitRedisCache.Ping(ctx).Err(); err != nil {
198+
if err = rateLimitRedisCache.Ping(ctx).Err(); err != nil {
194199
log.Sugar().Fatalf("error connecting to rate limit redis cache: %v", err)
195200
}
196201

197202
costLimitRedisCache := redis.NewClient(defaultRedisOption(cfg, 1))
198203

199204
ctx, cancel = context.WithTimeout(context.Background(), 2*time.Second)
200205
defer cancel()
201-
if err := costLimitRedisCache.Ping(ctx).Err(); err != nil {
206+
if err = costLimitRedisCache.Ping(ctx).Err(); err != nil {
202207
log.Sugar().Fatalf("error connecting to cost limit redis cache: %v", err)
203208
}
204209

205210
costRedisStorage := redis.NewClient(defaultRedisOption(cfg, 2))
206211

207212
ctx, cancel = context.WithTimeout(context.Background(), 2*time.Second)
208213
defer cancel()
209-
if err := costRedisStorage.Ping(ctx).Err(); err != nil {
214+
if err = costRedisStorage.Ping(ctx).Err(); err != nil {
210215
log.Sugar().Fatalf("error connecting to cost limit redis storage: %v", err)
211216
}
212217

213218
apiRedisCache := redis.NewClient(defaultRedisOption(cfg, 3))
214219

215220
ctx, cancel = context.WithTimeout(context.Background(), 2*time.Second)
216221
defer cancel()
217-
if err := apiRedisCache.Ping(ctx).Err(); err != nil {
222+
if err = apiRedisCache.Ping(ctx).Err(); err != nil {
218223
log.Sugar().Fatalf("error connecting to api redis cache: %v", err)
219224
}
220225

221226
accessRedisCache := redis.NewClient(defaultRedisOption(cfg, 4))
222227

223228
ctx, cancel = context.WithTimeout(context.Background(), 2*time.Second)
224229
defer cancel()
225-
if err := accessRedisCache.Ping(ctx).Err(); err != nil {
230+
if err = accessRedisCache.Ping(ctx).Err(); err != nil {
226231
log.Sugar().Fatalf("error connecting to api redis cache: %v", err)
227232
}
228233

229234
userRateLimitRedisCache := redis.NewClient(defaultRedisOption(cfg, 5))
230235

231236
ctx, cancel = context.WithTimeout(context.Background(), 2*time.Second)
232237
defer cancel()
233-
if err := userRateLimitRedisCache.Ping(ctx).Err(); err != nil {
238+
if err = userRateLimitRedisCache.Ping(ctx).Err(); err != nil {
234239
log.Sugar().Fatalf("error connecting to user rate limit redis cache: %v", err)
235240
}
236241

237242
userCostLimitRedisCache := redis.NewClient(defaultRedisOption(cfg, 6))
238243

239244
ctx, cancel = context.WithTimeout(context.Background(), 2*time.Second)
240245
defer cancel()
241-
if err := userCostLimitRedisCache.Ping(ctx).Err(); err != nil {
246+
if err = userCostLimitRedisCache.Ping(ctx).Err(); err != nil {
242247
log.Sugar().Fatalf("error connecting to user cost limit redis cache: %v", err)
243248
}
244249

245250
userCostRedisStorage := redis.NewClient(defaultRedisOption(cfg, 7))
246251

247252
ctx, cancel = context.WithTimeout(context.Background(), 2*time.Second)
248253
defer cancel()
249-
if err := userCostRedisStorage.Ping(ctx).Err(); err != nil {
254+
if err = userCostRedisStorage.Ping(ctx).Err(); err != nil {
250255
log.Sugar().Fatalf("error connecting to user cost redis cache: %v", err)
251256
}
252257

253258
userAccessRedisCache := redis.NewClient(defaultRedisOption(cfg, 8))
254259

255260
ctx, cancel = context.WithTimeout(context.Background(), 2*time.Second)
256261
defer cancel()
257-
if err := userAccessRedisCache.Ping(ctx).Err(); err != nil {
262+
if err = userAccessRedisCache.Ping(ctx).Err(); err != nil {
258263
log.Sugar().Fatalf("error connecting to user access redis storage: %v", err)
259264
}
260265

261266
providerSettingsRedisCache := redis.NewClient(defaultRedisOption(cfg, 9))
262267

263268
ctx, cancel = context.WithTimeout(context.Background(), 2*time.Second)
264269
defer cancel()
265-
if err := providerSettingsRedisCache.Ping(ctx).Err(); err != nil {
270+
if err = providerSettingsRedisCache.Ping(ctx).Err(); err != nil {
266271
log.Sugar().Fatalf("error connecting to provider settings redis storage: %v", err)
267272
}
268273

@@ -278,10 +283,18 @@ func main() {
278283

279284
ctx, cancel = context.WithTimeout(context.Background(), 2*time.Second)
280285
defer cancel()
281-
if err := requestsLimitRedisStorage.Ping(ctx).Err(); err != nil {
286+
if err = requestsLimitRedisStorage.Ping(ctx).Err(); err != nil {
282287
log.Sugar().Fatalf("error connecting to requests limit redis storage: %v", err)
283288
}
284289

290+
secondaryKeysRedisCache := redis.NewClient(defaultRedisOption(cfg, 12))
291+
292+
ctx, cancel = context.WithTimeout(context.Background(), 2*time.Second)
293+
defer cancel()
294+
if err = secondaryKeysRedisCache.Ping(ctx).Err(); err != nil {
295+
log.Sugar().Fatalf("error connecting to secondary keys redis storage: %v", err)
296+
}
297+
285298
rateLimitCache := redisStorage.NewCache(rateLimitRedisCache, cfg.RedisWriteTimeout, cfg.RedisReadTimeout)
286299
costLimitCache := redisStorage.NewCache(costLimitRedisCache, cfg.RedisWriteTimeout, cfg.RedisReadTimeout)
287300
costStorage := redisStorage.NewStore(costRedisStorage, cfg.RedisWriteTimeout, cfg.RedisReadTimeout)
@@ -295,6 +308,7 @@ func main() {
295308

296309
psCache := redisStorage.NewProviderSettingsCache(providerSettingsRedisCache, cfg.RedisWriteTimeout, cfg.RedisReadTimeout)
297310
keysCache := redisStorage.NewKeysCache(keysRedisCache, cfg.RedisWriteTimeout, cfg.RedisReadTimeout)
311+
secondaryKeysCache := redisStorage.NewSecondaryKeysCache(secondaryKeysRedisCache, cfg.RedisWriteTimeout, cfg.RedisReadTimeout)
298312
requestsLimitStorage := redisStorage.NewStore(requestsLimitRedisStorage, cfg.RedisWriteTimeout, cfg.RedisReadTimeout)
299313

300314
encryptor, err := encryptor.NewEncryptor(cfg.DecryptionEndpoint, cfg.EncryptionEndpoint, cfg.EnableEncrytion, cfg.EncryptionTimeout, cfg.Audience)
@@ -303,7 +317,7 @@ func main() {
303317
}
304318
v := validator.NewValidator(costLimitCache, rateLimitCache, costStorage, requestsLimitStorage)
305319

306-
m := manager.NewManager(store, costLimitCache, rateLimitCache, accessCache, keysCache, requestsLimitStorage)
320+
m := manager.NewManager(store, costLimitCache, rateLimitCache, accessCache, keysCache, secondaryKeysCache, requestsLimitStorage)
307321
krm := manager.NewReportingManager(costStorage, store, store, v)
308322
psm := manager.NewProviderSettingsManager(store, psCache, encryptor)
309323
cpm := manager.NewCustomProvidersManager(store, cpMemStore)

internal/authenticator/authenticator.go

Lines changed: 31 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ type routesManager interface {
3131

3232
type keysCache interface {
3333
GetKeyViaCache(hash string) (*key.ResponseKey, error)
34+
GetKeyHashBySecondary(kHash string) (string, error)
3435
}
3536

3637
type keyStorage interface {
@@ -206,6 +207,19 @@ func anonymize(input string) string {
206207
return string(input[0:5]) + "**********************************************"
207208
}
208209

210+
const secondaryPrefix = "secondary_"
211+
212+
func (a *Authenticator) getHashViaSecondary(rawKey string) (string, error) {
213+
if len(rawKey) > 0 && rawKey[0] != secondaryPrefix[0] {
214+
return hasher.Hash(rawKey), nil
215+
}
216+
if !strings.HasPrefix(rawKey, secondaryPrefix) {
217+
return hasher.Hash(rawKey), nil
218+
}
219+
hash := hasher.Hash(rawKey)
220+
return a.kc.GetKeyHashBySecondary(hash)
221+
}
222+
209223
func (a *Authenticator) AuthenticateHttpRequest(req *http.Request, xCustomProviderId string) (*key.ResponseKey, []*provider.Setting, error) {
210224
var raw string
211225
var err error
@@ -224,31 +238,35 @@ func (a *Authenticator) AuthenticateHttpRequest(req *http.Request, xCustomProvid
224238
return nil, nil, err
225239
}
226240

227-
hash := hasher.Hash(raw)
241+
hash, err := a.getHashViaSecondary(raw)
242+
if err != nil {
243+
return nil, nil, err
244+
}
228245

229-
key, err := a.kc.GetKeyViaCache(hash)
230-
if key != nil {
246+
rKey, err := a.kc.GetKeyViaCache(hash)
247+
if rKey != nil {
231248
telemetry.Incr(metricname.COUNTER_AUTHENTICATOR_FOUND_KEY_FROM_MEMDB, nil, 1)
232249
}
233250

234-
if key == nil {
235-
key, err = a.kc.GetKeyViaCache(raw)
251+
if rKey == nil {
252+
rKey, err = a.kc.GetKeyViaCache(raw)
236253
}
237254

238255
if err != nil {
239-
_, ok := err.(notFoundError)
256+
var nFoundError notFoundError
257+
ok := errors.As(err, &nFoundError)
240258
if ok {
241259
return nil, nil, internal_errors.NewAuthError(fmt.Sprintf("key %s is not found", anonymize(raw)))
242260
}
243261

244262
return nil, nil, err
245263
}
246264

247-
if key == nil {
265+
if rKey == nil {
248266
return nil, nil, internal_errors.NewAuthError(fmt.Sprintf("key %s is not found", anonymize(raw)))
249267
}
250268

251-
if key.Revoked {
269+
if rKey.Revoked {
252270
return nil, nil, internal_errors.NewAuthError(fmt.Sprintf("key %s has been revoked", anonymize(raw)))
253271
}
254272

@@ -271,17 +289,17 @@ func (a *Authenticator) AuthenticateHttpRequest(req *http.Request, xCustomProvid
271289
default:
272290
return nil, nil, errors.New("invalid xCustomAuth location")
273291
}
274-
return key, settings, nil
292+
return rKey, settings, nil
275293
}
276294

277295
if strings.HasPrefix(req.URL.Path, "/api/routes") {
278-
err = a.canKeyAccessCustomRoute(req.URL.Path, key.KeyId)
296+
err = a.canKeyAccessCustomRoute(req.URL.Path, rKey.KeyId)
279297
if err != nil {
280298
return nil, nil, err
281299
}
282300
}
283301

284-
settingIds := key.GetSettingIds()
302+
settingIds := rKey.GetSettingIds()
285303
allSettings := []*provider.Setting{}
286304
selected := []*provider.Setting{}
287305
for _, settingId := range settingIds {
@@ -308,7 +326,7 @@ func (a *Authenticator) AuthenticateHttpRequest(req *http.Request, xCustomProvid
308326

309327
if len(selected) != 0 {
310328
used := selected[0]
311-
if key.RotationEnabled {
329+
if rKey.RotationEnabled {
312330
used = selected[rand.Intn(len(selected))]
313331
}
314332

@@ -337,7 +355,7 @@ func (a *Authenticator) AuthenticateHttpRequest(req *http.Request, xCustomProvid
337355
return nil, nil, err
338356
}
339357

340-
return key, selected, nil
358+
return rKey, selected, nil
341359
}
342360

343361
return nil, nil, internal_errors.NewAuthError(fmt.Sprintf("provider setting not found for key %s", raw))

internal/manager/key.go

Lines changed: 79 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ import (
1111
"github.com/bricks-cloud/bricksllm/internal/key"
1212
"github.com/bricks-cloud/bricksllm/internal/policy"
1313
"github.com/bricks-cloud/bricksllm/internal/provider"
14+
secondarykey "github.com/bricks-cloud/bricksllm/internal/secondary-key"
1415
"github.com/bricks-cloud/bricksllm/internal/telemetry"
1516
"github.com/bricks-cloud/bricksllm/internal/util"
1617
)
@@ -26,6 +27,9 @@ type Storage interface {
2627
GetProviderSettings(withSecret bool, ids []string) ([]*provider.Setting, error)
2728
GetKey(keyId string) (*key.ResponseKey, error)
2829
GetKeyByHash(hash string) (*key.ResponseKey, error)
30+
GetKeyHashBySecondary(sHash string) (string, error)
31+
CreateSecondaryKey(secondaryHash string) error
32+
UpdateSecondaryKey(secondaryHash, keyHash string) error
2933
}
3034

3135
type costLimitCache interface {
@@ -46,27 +50,35 @@ type keyCache interface {
4650
Get(keyId string) (*key.ResponseKey, error)
4751
}
4852

53+
type secondaryKeyCache interface {
54+
Set(sHash string, value string, ttl time.Duration) error
55+
Delete(sHash string) error
56+
Get(sHash string) (string, error)
57+
}
58+
4959
type requestsLimitStorage interface {
5060
DeleteCounter(keyId string) error
5161
}
5262

5363
type Manager struct {
54-
s Storage
55-
clc costLimitCache
56-
rlc rateLimitCache
57-
ac accessCache
58-
kc keyCache
59-
rqls requestsLimitStorage
64+
s Storage
65+
clc costLimitCache
66+
rlc rateLimitCache
67+
ac accessCache
68+
kc keyCache
69+
secondaryKC secondaryKeyCache
70+
rqls requestsLimitStorage
6071
}
6172

62-
func NewManager(s Storage, clc costLimitCache, rlc rateLimitCache, ac accessCache, kc keyCache, rqls requestsLimitStorage) *Manager {
73+
func NewManager(s Storage, clc costLimitCache, rlc rateLimitCache, ac accessCache, kc keyCache, secondaryKC secondaryKeyCache, rqls requestsLimitStorage) *Manager {
6374
return &Manager{
64-
s: s,
65-
clc: clc,
66-
rlc: rlc,
67-
ac: ac,
68-
kc: kc,
69-
rqls: rqls,
75+
s: s,
76+
clc: clc,
77+
rlc: rlc,
78+
ac: ac,
79+
kc: kc,
80+
secondaryKC: secondaryKC,
81+
rqls: rqls,
7082
}
7183
}
7284

@@ -241,6 +253,60 @@ func (m *Manager) GetKeyViaCache(raw string) (*key.ResponseKey, error) {
241253
return k, nil
242254
}
243255

256+
func (m *Manager) GetKeyHashBySecondary(sHash string) (string, error) {
257+
h, _ := m.secondaryKC.Get(sHash)
258+
if h == "" {
259+
telemetry.Incr("bricksllm.manager.get_key_hash_by_secondary.cache_miss", nil, 1)
260+
stored, err := m.s.GetKeyHashBySecondary(sHash)
261+
if err != nil {
262+
return "", err
263+
}
264+
if stored == "" {
265+
return "", errors.New("key hash not found")
266+
}
267+
err = m.secondaryKC.Set(sHash, stored, 24*time.Hour)
268+
if err != nil {
269+
telemetry.Incr("bricksllm.manager.get_key_hash_by_secondary.set_error", nil, 1)
270+
}
271+
h = stored
272+
return h, nil
273+
}
274+
telemetry.Incr("bricksllm.manager.get_key_hash_by_secondary.cache_hit", nil, 1)
275+
return h, nil
276+
}
277+
278+
func (m *Manager) CreateSecondaryKey(keyCreate secondarykey.SecondaryKeyCreate) error {
279+
if keyCreate.Key == "" {
280+
return errors.New("key is required for creating secondary key")
281+
}
282+
return m.s.CreateSecondaryKey(hasher.Hash(keyCreate.Key))
283+
}
284+
285+
func (m *Manager) UpdateSecondaryKey(keyUpdate secondarykey.SecondaryKeyUpdate) error {
286+
if keyUpdate.Key == "" {
287+
return errors.New("key is required for updating secondary key")
288+
}
289+
if keyUpdate.LinkedKeyId == "" {
290+
return errors.New("linkedKeyId is required for updating secondary key")
291+
}
292+
rKey, err := m.s.GetKey(keyUpdate.LinkedKeyId)
293+
if err != nil {
294+
return err
295+
}
296+
if rKey == nil {
297+
return errors.New("linked key not found for updating secondary key")
298+
}
299+
err = m.s.UpdateSecondaryKey(hasher.Hash(keyUpdate.Key), rKey.Key)
300+
if err != nil {
301+
return err
302+
}
303+
err = m.secondaryKC.Set(hasher.Hash(keyUpdate.Key), rKey.Key, 24*time.Hour)
304+
if err != nil {
305+
telemetry.Incr("bricksllm.manager.update_secondary_key.set_cache_error", nil, 1)
306+
}
307+
return nil
308+
}
309+
244310
func (m *Manager) DeleteKey(id string) error {
245311
return m.s.DeleteKey(id)
246312
}
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
package secondary_key
2+
3+
type SecondaryKeyCreate struct {
4+
Key string `json:"key"`
5+
}
6+
7+
type SecondaryKeyUpdate struct {
8+
Key string `json:"key"`
9+
LinkedKeyId string `json:"linkedKeyId"`
10+
}

0 commit comments

Comments
 (0)