airkjw/CLIProxyAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(antigravity): respect pinned auth in credits fallback, release deferred body on success

Browse Source 
- findAllAntigravityCreditsCandidateAuths now filters by PinnedAuthMetadataKey
  to prevent credential isolation violations during credits fallback
- Release deferredBody reference on success path to avoid holding large
  payloads in memory for the lifetime of the gin context
This commit is contained in:
sususu98
2026-04-23 17:38:02 +08:00
parent 4de5c29f86
commit e75daa299b
2 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/runtime/executor/helps/logging_helpers.go
+4
View File
@@ -134,6 +134,10 @@ func RecordAPIResponseMetadata(ctx context.Context, cfg *config.Config, status i
// Success responses (2xx) skip this — their deferred body is dropped with gin context. // Success responses (2xx) skip this — their deferred body is dropped with gin context.
if status >= http.StatusBadRequest { if status >= http.StatusBadRequest {
materializeDeferredBodies(ginCtx, attempts) materializeDeferredBodies(ginCtx, attempts)
} else {
for _, a := range attempts {
a.deferredBody = nil
}
} }
ensureResponseIntro(attempt) ensureResponseIntro(attempt)
sdk/cliproxy/auth/conductor.go
+7 -3
View File
@@ -2903,10 +2903,11 @@ func (m *Manager) pickNextMixed(ctx context.Context, providers []string, model s
return authCopy, executor, providerKey, nil return authCopy, executor, providerKey, nil
} }
func (m *Manager) findAllAntigravityCreditsCandidateAuths(routeModel string) []creditsCandidateEntry { func (m *Manager) findAllAntigravityCreditsCandidateAuths(routeModel string, opts cliproxyexecutor.Options) []creditsCandidateEntry {
if m == nil { if m == nil {
return nil return nil
} }
pinnedAuthID := pinnedAuthIDFromMetadata(opts.Metadata)
m.mu.RLock() m.mu.RLock()
defer m.mu.RUnlock() defer m.mu.RUnlock()
var candidates []creditsCandidateEntry var candidates []creditsCandidateEntry
@@ -2914,6 +2915,9 @@ func (m *Manager) findAllAntigravityCreditsCandidateAuths(routeModel string) []c
if auth == nil || auth.Disabled || auth.Status == StatusDisabled { if auth == nil || auth.Disabled || auth.Status == StatusDisabled {
continue continue
} }
if pinnedAuthID != "" && auth.ID != pinnedAuthID {
continue
}
if !antigravityCreditsAvailableForModel(auth, routeModel) { if !antigravityCreditsAvailableForModel(auth, routeModel) {
continue continue
} }
@@ -2981,7 +2985,7 @@ func shouldAttemptAntigravityCreditsFallback(m *Manager, lastErr error, provider
func (m *Manager) tryAntigravityCreditsExecute(ctx context.Context, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, bool) { func (m *Manager) tryAntigravityCreditsExecute(ctx context.Context, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (cliproxyexecutor.Response, bool) {
routeModel := req.Model routeModel := req.Model
candidates := m.findAllAntigravityCreditsCandidateAuths(routeModel) candidates := m.findAllAntigravityCreditsCandidateAuths(routeModel, opts)
for _, c := range candidates { for _, c := range candidates {
if ctx.Err() != nil { if ctx.Err() != nil {
return cliproxyexecutor.Response{}, false return cliproxyexecutor.Response{}, false
@@ -3023,7 +3027,7 @@ func (m *Manager) tryAntigravityCreditsExecute(ctx context.Context, req cliproxy
func (m *Manager) tryAntigravityCreditsExecuteStream(ctx context.Context, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (*cliproxyexecutor.StreamResult, bool) { func (m *Manager) tryAntigravityCreditsExecuteStream(ctx context.Context, req cliproxyexecutor.Request, opts cliproxyexecutor.Options) (*cliproxyexecutor.StreamResult, bool) {
routeModel := req.Model routeModel := req.Model
candidates := m.findAllAntigravityCreditsCandidateAuths(routeModel) candidates := m.findAllAntigravityCreditsCandidateAuths(routeModel, opts)
for _, c := range candidates { for _, c := range candidates {
if ctx.Err() != nil { if ctx.Err() != nil {
return nil, false return nil, false