Skip to content

fix(openai-compat): resolve alias for header-only auth#4081

Open
GreenTeodoro839 wants to merge 2 commits into
router-for-me:devfrom
GreenTeodoro839:fix/openai-compat-header-alias-resolution
Open

fix(openai-compat): resolve alias for header-only auth#4081
GreenTeodoro839 wants to merge 2 commits into
router-for-me:devfrom
GreenTeodoro839:fix/openai-compat-header-alias-resolution

Conversation

@GreenTeodoro839

Copy link
Copy Markdown

修复openai completion某些极端情况下(例如上游使用header鉴权而不用key),alias会直接透传到上游而没有被替换成真实的name

OpenAI-compatibility providers that authenticate via custom headers (no api_key) had AuthKind() return empty, causing the entire model-alias resolution chain to skip. The client-visible alias was forwarded to the upstream verbatim, resulting in 'Not supported model' errors.

Add IsOpenAICompatibleProvider() helper and teach AuthKind() to recognize openai-compat auths as API-key auths, enabling alias resolution for both api-key and header-authenticated entries.

Copilot AI review requested due to automatic review settings July 2, 2026 02:56
@github-actions github-actions Bot changed the base branch from main to dev July 2, 2026 02:57
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

This pull request targeted main.

The base branch has been automatically changed to dev.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces logic to identify OpenAI-compatible providers and classify their authentication as API-key authentication. It adds the IsOpenAICompatibleProvider helper in internal/util and updates the classification logic in sdk/cliproxy/auth. The review feedback suggests simplifying the isOpenAICompatibilityAuth function by using the existing authAttribute helper to retrieve the compat_name attribute, which automatically handles nil checks and string trimming.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread sdk/cliproxy/auth/classification.go Outdated
Comment on lines +66 to +69
if a.Attributes != nil && strings.TrimSpace(a.Attributes["compat_name"]) != "" {
return true
}
return false

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

isOpenAICompatibilityAuth 函数中,可以直接使用已有的 authAttribute 辅助函数来获取 compat_name 属性。\n\nauthAttribute 内部已经安全地处理了 authauth.Attributesnil 检查,并自动进行了 strings.TrimSpace。使用它可以简化代码并提高可维护性。

\treturn authAttribute(a, \"compat_name\") != \"\"

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a gap in OpenAI-compat model-alias resolution when an upstream authenticates via custom headers (no api_key), by ensuring such auth entries are still classified as API-key style credentials so the alias/pool logic applies.

Changes:

  • Teach AuthKind() to treat OpenAI-compatibility auth entries (provider key and/or compat_name) as apikey auth kind.
  • Add util.IsOpenAICompatibleProvider() helper to centralize provider-key detection for OpenAI-compatibility providers.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File Description
sdk/cliproxy/auth/classification.go Extends auth-kind classification so OpenAI-compat header-only auths participate in alias resolution.
internal/util/provider.go Adds a helper to recognize OpenAI-compatibility provider keys (generic and prefixed forms).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread sdk/cliproxy/auth/classification.go Outdated
Comment on lines 47 to 52
if isOpenAICompatibilityAuth(a) {
return AuthKindAPIKey
}
if authHasOAuthMetadata(a) {
return AuthKindOAuth
}
Comment thread sdk/cliproxy/auth/classification.go Outdated
Comment on lines +66 to +68
if a.Attributes != nil && strings.TrimSpace(a.Attributes["compat_name"]) != "" {
return true
}
Comment on lines +43 to +47
// OpenAI-compatibility providers always use static credentials: either an API
// key or custom headers (e.g. cookie/device headers) when no api-key is set.
// Treat them as API-key auths so model-alias resolution and per-auth model
// pools apply even for header-authenticated entries.
if isOpenAICompatibilityAuth(a) {
Comment thread internal/util/provider.go
Comment on lines +33 to +37
func IsOpenAICompatibleProvider(provider string) bool {
provider = strings.ToLower(strings.TrimSpace(provider))
if provider == "" {
return false
}

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7c44826951

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +63 to +64
if util.IsOpenAICompatibleProvider(a.Provider) {
return true

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Normalize named OpenAI-compatible providers for aliases

When an auth is identified only by its normalized provider key (for example Provider: "openai-compatible-vast") and has no compat_name/provider_key attributes, this branch now classifies it as an API-key auth, but the API-key alias/pool path still looks up OpenAI-compat config via those attributes or by comparing the raw provider string in resolveOpenAICompatConfig. Since that lookup never strips the openai-compatible- prefix to match a config named vast, these header-only provider-key auths still forward client aliases upstream while also skipping the OAuth alias fallback. Please derive the compat name/provider key from the prefix here or update the resolver to handle the normalized provider key.

Useful? React with 👍 / 👎.

@GreenTeodoro839 GreenTeodoro839 marked this pull request as draft July 2, 2026 12:06
@GreenTeodoro839 GreenTeodoro839 force-pushed the fix/openai-compat-header-alias-resolution branch from f35c609 to 2364fdf Compare July 2, 2026 12:08
@GreenTeodoro839 GreenTeodoro839 marked this pull request as ready for review July 2, 2026 12:10
OpenAI-compatibility providers that authenticate via custom headers
(no api_key) had AuthKind() return empty, causing the entire
model-alias resolution chain to skip. The client-visible alias was
forwarded to the upstream verbatim, resulting in 'Not supported model'
errors.

Add IsOpenAICompatibleProvider() helper and teach AuthKind() to
recognize openai-compat auths as API-key auths, enabling alias
resolution for both api-key and header-authenticated entries.
@GreenTeodoro839 GreenTeodoro839 force-pushed the fix/openai-compat-header-alias-resolution branch from 2364fdf to 0afcca3 Compare July 3, 2026 02:27

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0afcca357e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +50 to +51
if isOpenAICompatibilityAuth(a) {
return AuthKindAPIKey

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Prefer OpenAI-compatible classification before OAuth metadata

For OpenAI-compatible auth files that include an email field only as a label/account identifier, authHasOAuthMetadata returns OAuth before this new provider check can run, so a header-only openai-compatible-* auth is still excluded from the API-key alias/pool path this change is meant to enable. The file synthesizer preserves arbitrary email metadata for any provider, so these header-auth entries continue forwarding client aliases upstream unless the OpenAI-compatible/provider check runs before the legacy OAuth metadata fallback (while still letting explicit auth_kind: oauth win).

Useful? React with 👍 / 👎.

@GreenTeodoro839 GreenTeodoro839 force-pushed the fix/openai-compat-header-alias-resolution branch 2 times, most recently from e759e7b to 0afcca3 Compare July 3, 2026 02:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants