feat: 支持仅使用x-api-key获取anthropic格式的模型列表 #2422

[atopos31]

对于/v1/models请求也尝试从x-api-key 获取Bearer Token

Summary by CodeRabbit

• Bug Fixes
  • Authentication now consistently requires and selects the API token for both messaging and model endpoints (/v1/messages and /v1/models), ensuring uniform access control and correct key handling across these paths.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The TokenAuth middleware in middleware/auth.go was updated to select Anthropic x-api-key tokens for both the /v1/messages and /v1/models endpoints instead of only /v1/messages.

Changes

Cohort / File(s)	Change Summary
Auth middleware token handling middleware/auth.go	Extended path check so TokenAuth recognizes and applies Anthropic x-api-key token handling for both /v1/messages and /v1/models requests. No other control flow or error handling changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 I nibbled paths where tokens roam,
Found /v1/models missing a home,
Now messages and models both share the key,
A tiny hop for auth — hooray, whee! 🥕✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title in Chinese accurately describes the main change: adding support for retrieving Anthropic-format model lists using only x-api-key, which aligns with the code change expanding TokenAuth to match /v1/models paths.

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8e629a2 and ae2ca94.

📒 Files selected for processing (1)

• middleware/auth.go

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

middleware/auth.go (1)

197-202: Consider using more precise path matching.

The change successfully extends x-api-key handling to /v1/models as intended. However, using strings.Contains may match unintended paths like /api/v1/models or /v1/models-legacy.

Additionally, paths like /v1/models/model-name will match both this Anthropic block and the Gemini handling block below (lines 204-216). If both x-api-key and Gemini keys are present, the Gemini block will overwrite the Authorization header.

Consider using more precise matching:

-		if strings.Contains(c.Request.URL.Path, "/v1/messages") || strings.Contains(c.Request.URL.Path, "/v1/models") {
+		if strings.HasPrefix(c.Request.URL.Path, "/v1/messages") || c.Request.URL.Path == "/v1/models" || strings.HasPrefix(c.Request.URL.Path, "/v1/models/") {
 			anthropicKey := c.Request.Header.Get("x-api-key")
 			if anthropicKey != "" {
 				c.Request.Header.Set("Authorization", "Bearer "+anthropicKey)
 			}
 		}

Note: The /v1/messages check may also benefit from this pattern, though that's outside the scope of this PR.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4e69c98 and 2a16c37.

📒 Files selected for processing (1)

• middleware/auth.go (1 hunks)

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

middleware/auth.go (1)

198-204: Use HasPrefix instead of Contains for more precise path matching.

The current implementation uses strings.Contains() to match paths, which is overly broad and inconsistent with the Gemini logic (line 208) that uses HasPrefix. While the current codebase has no routes that would be unintended matches, using Contains is less defensive against future route additions like /v1/models_admin or /v1/messages_internal.

-		// 检查path包含/v1/messages 或 /v1/models 
-		if strings.Contains(c.Request.URL.Path, "/v1/messages") || strings.Contains(c.Request.URL.Path, "/v1/models") {
+		// 检查path是/v1/messages 或 /v1/models 开头
+		if strings.HasPrefix(c.Request.URL.Path, "/v1/messages") || strings.HasPrefix(c.Request.URL.Path, "/v1/models") {
 			anthropicKey := c.Request.Header.Get("x-api-key")
 			if anthropicKey != "" {
 				c.Request.Header.Set("Authorization", "Bearer "+anthropicKey)
 			}
 		}

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8e629a2 and ae2ca94.

📒 Files selected for processing (1)

• middleware/auth.go