ros/claude-code-router
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix windows/linux get system uuid error

Browse Source
This commit is contained in:
musistudio
2025-08-12 21:41:42 +08:00
parent 075ec76ec1
commit cce1625534
7 changed files with 43 additions and 216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/cli.ts
View File

@@ -215,22 +215,10 @@ async function main() {
// Get service info and open UI // Get service info and open UI
const serviceInfo = await getServiceInfo(); const serviceInfo = await getServiceInfo();
// Generate temporary API key based on system UUID
let tempApiKey = "";
try {
const { getTempAPIKey } = require("./utils");
tempApiKey = await getTempAPIKey();
} catch (error: any) {
console.warn("Warning: Failed to generate temporary API key:", error.message);
console.warn("Continuing without temporary API key...");
}
// Add temporary API key as URL parameter if successfully generated // Add temporary API key as URL parameter if successfully generated
const uiUrl = tempApiKey const uiUrl = `${serviceInfo.endpoint}/ui/`;
? `${serviceInfo.endpoint}/ui/?tempApiKey=${tempApiKey}`
: `${serviceInfo.endpoint}/ui/`;
console.log(`Opening UI at ${uiUrl}`); console.log(`Opening UI at ${uiUrl}`);
// Open URL in browser based on platform // Open URL in browser based on platform

84
src/middleware/auth.ts
View File

@@ -1,40 +1,29 @@
import { FastifyRequest, FastifyReply } from "fastify"; import { FastifyRequest, FastifyReply } from "fastify";
import { getTempAPIKey } from "../utils/systemUUID";
export const apiKeyAuth = export const apiKeyAuth =
(config: any) => (config: any) =>
async (req: FastifyRequest, reply: FastifyReply, done: () => void) => { async (req: FastifyRequest, reply: FastifyReply, done: () => void) => {
// Check for temp API key in query parameters or headers
let tempApiKey = null;
if (req.query && (req.query as any).tempApiKey) {
tempApiKey = (req.query as any).tempApiKey;
} else if (req.headers['x-temp-api-key']) {
tempApiKey = req.headers['x-temp-api-key'] as string;
}
// If temp API key is provided, validate it
if (tempApiKey) {
try {
const expectedTempKey = await getTempAPIKey();
// If temp key matches, grant temporary full access
if (tempApiKey === expectedTempKey) {
(req as any).accessLevel = "full";
(req as any).isTempAccess = true;
return done();
}
} catch (error) {
// If there's an error generating temp key, continue with normal auth
console.warn("Failed to verify temporary API key:", error);
}
}
// Public endpoints that don't require authentication // Public endpoints that don't require authentication
if (["/", "/health"].includes(req.url) || req.url.startsWith("/ui")) { if (["/", "/health"].includes(req.url) || req.url.startsWith("/ui")) {
return done(); return done();
} }
const apiKey = config.APIKEY; const apiKey = config.APIKEY;
if (!apiKey) {
// If no API key is set, enable CORS for local
const allowedOrigins = [
`http://127.0.0.1:${config.PORT || 3456}`,
`http://localhost:${config.PORT || 3456}`,
];
if (req.headers.origin && allowedOrigins.includes(req.headers.origin)) {
reply.status(403).send("CORS not allowed for this origin");
return;
} else {
reply.header('Access-Control-Allow-Origin', `http://127.0.0.1:${config.PORT || 3456}`);
reply.header('Access-Control-Allow-Origin', `http://localhost:${config.PORT || 3456}`);
}
return done();
}
const isConfigEndpoint = req.url.startsWith("/api/config"); const isConfigEndpoint = req.url.startsWith("/api/config");
const isRestartEndpoint = req.url === "/api/restart"; const isRestartEndpoint = req.url === "/api/restart";
@@ -42,56 +31,47 @@ export const apiKeyAuth =
if (isConfigEndpoint || isRestartEndpoint) { if (isConfigEndpoint || isRestartEndpoint) {
// Attach access level to request for later use // Attach access level to request for later use
(req as any).accessLevel = "restricted"; (req as any).accessLevel = "restricted";
// If no API key is set in config, allow restricted access // If no API key is set in config, allow restricted access
if (!apiKey) { if (!apiKey) {
(req as any).accessLevel = "restricted"; (req as any).accessLevel = "restricted";
return done(); return done();
} }
// Check for temporary access via query parameter (for UI)
if ((req as any).isTempAccess) {
return done();
}
// If API key is set, check authentication // If API key is set, check authentication
const authHeaderValue = req.headers.authorization || req.headers["x-api-key"]; const authHeaderValue =
const authKey: string = Array.isArray(authHeaderValue) ? authHeaderValue[0] : authHeaderValue || ""; req.headers.authorization || req.headers["x-api-key"];
const authKey: string = Array.isArray(authHeaderValue)
? authHeaderValue[0]
: authHeaderValue || "";
if (!authKey) { if (!authKey) {
(req as any).accessLevel = "restricted"; (req as any).accessLevel = "restricted";
return done(); return done();
} }
let token = ""; let token = "";
if (authKey.startsWith("Bearer")) { if (authKey.startsWith("Bearer")) {
token = authKey.split(" ")[1]; token = authKey.split(" ")[1];
} else { } else {
token = authKey; token = authKey;
} }
if (token !== apiKey) { if (token !== apiKey) {
(req as any).accessLevel = "restricted"; (req as any).accessLevel = "restricted";
return done(); return done();
} }
// Full access for authenticated users // Full access for authenticated users
(req as any).accessLevel = "full"; (req as any).accessLevel = "full";
return done(); return done();
} }
// For other non-config endpoints, use existing logic const authHeaderValue =
if (!apiKey) { req.headers.authorization || req.headers["x-api-key"];
return done(); const authKey: string = Array.isArray(authHeaderValue)
} ? authHeaderValue[0]
: authHeaderValue || "";
// Check for temporary access via query parameter (for UI)
if ((req as any).isTempAccess) {
return done();
}
const authHeaderValue = req.headers.authorization || req.headers["x-api-key"];
const authKey: string = Array.isArray(authHeaderValue) ? authHeaderValue[0] : authHeaderValue || "";
if (!authKey) { if (!authKey) {
reply.status(401).send("APIKEY is missing"); reply.status(401).send("APIKEY is missing");
return; return;
@@ -102,7 +82,7 @@ export const apiKeyAuth =
} else { } else {
token = authKey; token = authKey;
} }
if (token !== apiKey) { if (token !== apiKey) {
reply.status(401).send("Invalid API key"); reply.status(401).send("Invalid API key");
return; return;

46
src/server.ts
View File

@@ -1,8 +1,6 @@
import Server from "@musistudio/llms"; import Server from "@musistudio/llms";
import { readConfigFile, writeConfigFile } from "./utils"; import { readConfigFile, writeConfigFile, backupConfigFile } from "./utils";
import { CONFIG_FILE } from "./constants";
import { join } from "path"; import { join } from "path";
import { readFileSync } from "fs";
import fastifyStatic from "@fastify/static"; import fastifyStatic from "@fastify/static";
export const createServer = (config: any): Server => { export const createServer = (config: any): Server => {
@@ -10,16 +8,6 @@ export const createServer = (config: any): Server => {
// Add endpoint to read config.json with access control // Add endpoint to read config.json with access control
server.app.get("/api/config", async (req, reply) => { server.app.get("/api/config", async (req, reply) => {
// Get access level from request (set by auth middleware)
const accessLevel = (req as any).accessLevel || "restricted";
// If restricted access, return 401
if (accessLevel === "restricted") {
reply.status(401).send("API key required to access configuration");
return;
}
// For full access (including temp API key), return complete config
return await readConfigFile(); return await readConfigFile();
}); });
@@ -37,38 +25,17 @@ export const createServer = (config: any): Server => {
// Add endpoint to save config.json with access control // Add endpoint to save config.json with access control
server.app.post("/api/config", async (req, reply) => { server.app.post("/api/config", async (req, reply) => {
// Only allow full access users to save config
const accessLevel = (req as any).accessLevel || "restricted";
if (accessLevel !== "full") {
reply.status(403).send("Full access required to modify configuration");
return;
}
const newConfig = req.body; const newConfig = req.body;
// Backup existing config file if it exists // Backup existing config file if it exists
const { backupConfigFile } = await import("./utils");
const backupPath = await backupConfigFile(); const backupPath = await backupConfigFile();
if (backupPath) { if (backupPath) {
console.log(`Backed up existing configuration file to ${backupPath}`); console.log(`Backed up existing configuration file to ${backupPath}`);
} }
await writeConfigFile(newConfig); await writeConfigFile(newConfig);
return { success: true, message: "Config saved successfully" }; return { success: true, message: "Config saved successfully" };
}); });
// Add endpoint for testing full access without modifying config
server.app.post("/api/config/test", async (req, reply) => {
// Only allow full access users to test config access
const accessLevel = (req as any).accessLevel || "restricted";
if (accessLevel !== "full") {
reply.status(403).send("Full access required to test configuration access");
return;
}
// Return success without modifying anything
return { success: true, message: "Access granted" };
});
// Add endpoint to restart the service with access control // Add endpoint to restart the service with access control
server.app.post("/api/restart", async (req, reply) => { server.app.post("/api/restart", async (req, reply) => {
@@ -78,13 +45,16 @@ export const createServer = (config: any): Server => {
reply.status(403).send("Full access required to restart service"); reply.status(403).send("Full access required to restart service");
return; return;
} }
reply.send({ success: true, message: "Service restart initiated" }); reply.send({ success: true, message: "Service restart initiated" });
// Restart the service after a short delay to allow response to be sent // Restart the service after a short delay to allow response to be sent
setTimeout(() => { setTimeout(() => {
const { spawn } = require("child_process"); const { spawn } = require("child_process");
spawn(process.execPath, [process.argv[1], "restart"], { detached: true, stdio: "ignore" }); spawn(process.execPath, [process.argv[1], "restart"], {
detached: true,
stdio: "ignore",
});
}, 1000); }, 1000);
}); });

4
src/utils/index.ts
View File

@@ -8,7 +8,6 @@ import {
HOME_DIR, HOME_DIR,
PLUGINS_DIR, PLUGINS_DIR,
} from "../constants"; } from "../constants";
import { getSystemUUID, generateTempAPIKey, getTempAPIKey } from "./systemUUID";
import { cleanupLogFiles } from "./logCleanup"; import { cleanupLogFiles } from "./logCleanup";
const ensureDir = async (dir_path: string) => { const ensureDir = async (dir_path: string) => {
@@ -139,8 +138,5 @@ export const initConfig = async () => {
return config; return config;
}; };
// 导出系统UUID相关函数
export { getSystemUUID, generateTempAPIKey, getTempAPIKey };
// 导出日志清理函数 // 导出日志清理函数
export { cleanupLogFiles }; export { cleanupLogFiles };

77
src/utils/systemUUID.ts
View File

@@ -1,77 +0,0 @@
import { execSync } from "child_process";
import { createHash } from "crypto";
import os from "os";
/**
* 跨平台获取系统UUID
* @returns 系统UUID字符串
*/
export async function getSystemUUID(): Promise<string> {
const platform = os.platform();
try {
let uuid: string;
switch (platform) {
case "win32": // Windows
uuid = execSync("wmic csproduct get UUID", { encoding: "utf8" })
.split("\n")[1]
.trim();
break;
case "darwin": // macOS
uuid = execSync(
"system_profiler SPHardwareDataType | grep 'Hardware UUID'",
{ encoding: "utf8" }
)
.split(":")[1]
.trim();
break;
case "linux": // Linux
// 尝试使用 dmidecode (需要 root 权限)
try {
uuid = execSync("dmidecode -s system-uuid", { encoding: "utf8" }).trim();
} catch (dmidecodeError) {
// 如果 dmidecode 失败,尝试读取 sysfs (不需要 root 权限,但可能没有权限)
try {
uuid = execSync("cat /sys/class/dmi/id/product_uuid", { encoding: "utf8" }).trim();
} catch (sysfsError) {
throw new Error("无法在Linux系统上获取系统UUID可能需要root权限");
}
}
break;
default:
throw new Error(`不支持的操作系统: ${platform}`);
}
return uuid;
} catch (error) {
throw new Error(`获取系统UUID失败: ${error instanceof Error ? error.message : String(error)}`);
}
}
/**
* 基于系统UUID生成固定的临时API密钥
* @param systemUUID 系统UUID
* @returns 生成的API密钥
*/
export function generateTempAPIKey(systemUUID: string): string {
// 使用SHA-256哈希算法确保一致性
const hash = createHash("sha256");
hash.update(systemUUID);
// 添加盐值以增加安全性
hash.update("claude-code-router-temp-key-salt");
// 生成32字符的十六进制字符串
return hash.digest("hex").substring(0, 32);
}
/**
* 获取临时API密钥完整的便利函数
* @returns 临时API密钥
*/
export async function getTempAPIKey(): Promise<string> {
const uuid = await getSystemUUID();
return generateTempAPIKey(uuid);
}

14
ui/src/components/ConfigProvider.tsx
View File

@@ -128,20 +128,6 @@ export function ConfigProvider({ children }: ConfigProviderProps) {
fetchConfig(); fetchConfig();
}, [hasFetched, apiKey]); }, [hasFetched, apiKey]);
// Check if user has full access
useEffect(() => {
const checkAccess = async () => {
if (config) {
const hasFullAccess = await api.checkFullAccess();
// Store access level in a global state or context if needed
// For now, we'll just log it
console.log('User has full access:', hasFullAccess);
}
};
checkAccess();
}, [config]);
return ( return (
<ConfigContext.Provider value={{ config, setConfig, error }}> <ConfigContext.Provider value={{ config, setConfig, error }}>
{children} {children}

16
ui/src/lib/api.ts
View File

@@ -140,22 +140,6 @@ class ApiClient {
return this.post<Config>('/config', config); return this.post<Config>('/config', config);
} }
// Check if user has full access
async checkFullAccess(): Promise<boolean> {
try {
// Try to access test endpoint (won't actually modify anything)
// This will return 403 if user doesn't have full access
await this.post<Config>('/config/test', { test: true });
return true;
} catch (error: any) {
if (error.message && error.message.includes('403')) {
return false;
}
// For other errors, assume user has access (to avoid blocking legitimate users)
return true;
}
}
// Get providers // Get providers
async getProviders(): Promise<Provider[]> { async getProviders(): Promise<Provider[]> {
return this.get<Provider[]>('/api/providers'); return this.get<Provider[]>('/api/providers');