diff --git a/src/routes/api.js b/src/routes/api.js index 5c3f8e24..9aa11586 100644 --- a/src/routes/api.js +++ b/src/routes/api.js @@ -182,8 +182,7 @@ async function handleMessagesRequest(req, res) { // /v1/messages 的扩展:按路径强制分流到 Gemini OAuth 账户(避免 model 前缀混乱) if (forcedVendor === 'gemini-cli' || forcedVendor === 'antigravity') { - const permissions = req.apiKey?.permissions || 'all' - if (permissions !== 'all' && permissions !== 'gemini') { + if (!apiKeyService.hasPermission(req.apiKey?.permissions, 'gemini')) { return res.status(403).json({ error: { type: 'permission_error', @@ -197,11 +196,7 @@ async function handleMessagesRequest(req, res) { } // Claude 服务权限校验,阻止未授权的 Key(默认路径保持不变) - if ( - req.apiKey.permissions && - req.apiKey.permissions !== 'all' && - req.apiKey.permissions !== 'claude' - ) { + if (!apiKeyService.hasPermission(req.apiKey.permissions, 'claude')) { return res.status(403).json({ error: { type: 'permission_error', @@ -1240,8 +1235,7 @@ router.get('/v1/models', authenticateApiKey, async (req, res) => { //(通过 v1internal:fetchAvailableModels),避免依赖静态 modelService 列表。 const forcedVendor = req._anthropicVendor || null if (forcedVendor === 'antigravity') { - const permissions = req.apiKey?.permissions || 'all' - if (permissions !== 'all' && permissions !== 'gemini') { + if (!apiKeyService.hasPermission(req.apiKey?.permissions, 'gemini')) { return res.status(403).json({ error: { type: 'permission_error', @@ -1435,8 +1429,7 @@ router.post('/v1/messages/count_tokens', authenticateApiKey, async (req, res) => // 按路径强制分流到 Gemini OAuth 账户(避免 model 前缀混乱) const forcedVendor = req._anthropicVendor || null if (forcedVendor === 'gemini-cli' || forcedVendor === 'antigravity') { - const permissions = req.apiKey?.permissions || 'all' - if (permissions !== 'all' && permissions !== 'gemini') { + if (!apiKeyService.hasPermission(req.apiKey?.permissions, 'gemini')) { return res.status(403).json({ error: { type: 'permission_error', @@ -1449,11 +1442,7 @@ router.post('/v1/messages/count_tokens', authenticateApiKey, async (req, res) => } // 检查权限 - if ( - req.apiKey.permissions && - req.apiKey.permissions !== 'all' && - req.apiKey.permissions !== 'claude' - ) { + if (!apiKeyService.hasPermission(req.apiKey.permissions, 'claude')) { return res.status(403).json({ error: { type: 'permission_error', diff --git a/src/routes/openaiClaudeRoutes.js b/src/routes/openaiClaudeRoutes.js index 2bb7cc09..9e3395f7 100644 --- a/src/routes/openaiClaudeRoutes.js +++ b/src/routes/openaiClaudeRoutes.js @@ -19,8 +19,7 @@ const { getEffectiveModel } = require('../utils/modelHelper') // 🔧 辅助函数:检查 API Key 权限 function checkPermissions(apiKeyData, requiredPermission = 'claude') { - const permissions = apiKeyData.permissions || 'all' - return permissions === 'all' || permissions === requiredPermission + return apiKeyService.hasPermission(apiKeyData?.permissions, requiredPermission) } function queueRateLimitUpdate(rateLimitInfo, usageSummary, model, context = '') { diff --git a/src/routes/unified.js b/src/routes/unified.js index 57c4fe80..c1401137 100644 --- a/src/routes/unified.js +++ b/src/routes/unified.js @@ -46,11 +46,11 @@ async function routeToBackend(req, res, requestedModel) { logger.info(`🔀 Routing request - Model: ${requestedModel}, Backend: ${backend}`) // 检查权限 - const permissions = req.apiKey.permissions || 'all' + const { permissions } = req.apiKey if (backend === 'claude') { // Claude 后端:通过 OpenAI 兼容层 - if (permissions !== 'all' && permissions !== 'claude') { + if (!apiKeyService.hasPermission(permissions, 'claude')) { return res.status(403).json({ error: { message: 'This API key does not have permission to access Claude', @@ -62,7 +62,7 @@ async function routeToBackend(req, res, requestedModel) { await handleChatCompletion(req, res, req.apiKey) } else if (backend === 'openai') { // OpenAI 后端 - if (permissions !== 'all' && permissions !== 'openai') { + if (!apiKeyService.hasPermission(permissions, 'openai')) { return res.status(403).json({ error: { message: 'This API key does not have permission to access OpenAI',