Merge branch 'main' into chore/test-workflow

Author: VisargD

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@portkey-ai/gateway",
-  "version": "1.7.7",
+  "version": "1.8.0",
   "description": "A fast AI gateway by Portkey",
   "repository": {
     "type": "git",

package.json

@@ -139,3 +139,52 @@ export const MULTIPART_FORM_DATA_ENDPOINTS: endpointStrings[] = [
   'createTranscription',
   'createTranslation',
 ];
+
+export const fileExtensionMimeTypeMap = {
+  mp4: 'video/mp4',
+  jpeg: 'image/jpeg',
+  jpg: 'image/jpeg',
+  png: 'image/png',
+  bmp: 'image/bmp',
+  tiff: 'image/tiff',
+  webp: 'image/webp',
+  pdf: 'application/pdf',
+  csv: 'text/csv',
+  doc: 'application/msword',
+  docx: 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+  xls: 'application/vnd.ms-excel',
+  xlsx: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+  html: 'text/html',
+  md: 'text/markdown',
+  mp3: 'audio/mp3',
+  wav: 'audio/wav',
+  txt: 'text/plain',
+  mov: 'video/mov',
+  mpeg: 'video/mpeg',
+  mpg: 'video/mpg',
+  avi: 'video/avi',
+  wmv: 'video/wmv',
+  mpegps: 'video/mpegps',
+  flv: 'video/flv',
+};
+
+export const imagesMimeTypes = [
+  fileExtensionMimeTypeMap.jpeg,
+  fileExtensionMimeTypeMap.jpg,
+  fileExtensionMimeTypeMap.png,
+  fileExtensionMimeTypeMap.bmp,
+  fileExtensionMimeTypeMap.tiff,
+  fileExtensionMimeTypeMap.webp,
+];
+
+export const documentMimeTypes = [
+  fileExtensionMimeTypeMap.pdf,
+  fileExtensionMimeTypeMap.csv,
+  fileExtensionMimeTypeMap.doc,
+  fileExtensionMimeTypeMap.docx,
+  fileExtensionMimeTypeMap.xls,
+  fileExtensionMimeTypeMap.xlsx,
+  fileExtensionMimeTypeMap.html,
+  fileExtensionMimeTypeMap.md,
+  fileExtensionMimeTypeMap.txt,
+];

src/globals.ts

@@ -269,6 +269,7 @@ export async function tryPostProxy(
     : (providerOption.urlToFetch as string);
 
   const headers = await apiConfig.headers({
+    c,
     providerOptions: providerOption,
     fn,
     transformedRequestBody: params,
@@ -520,6 +521,7 @@ export async function tryPost(
   const url = `${baseUrl}${endpoint}`;
 
   const headers = await apiConfig.headers({
+    c,
     providerOptions: providerOption,
     fn,
     transformedRequestBody,
@@ -1011,6 +1013,13 @@ export function constructConfigFromRequestHeaders(
     resourceName: requestHeaders[`x-${POWERED_BY}-azure-resource-name`],
     deploymentId: requestHeaders[`x-${POWERED_BY}-azure-deployment-id`],
     apiVersion: requestHeaders[`x-${POWERED_BY}-azure-api-version`],
+    azureAuthMode: requestHeaders[`x-${POWERED_BY}-azure-auth-mode`],
+    azureManagedClientId:
+      requestHeaders[`x-${POWERED_BY}-azure-managed-client-id`],
+    azureEntraClientId: requestHeaders[`x-${POWERED_BY}-azure-entra-client-id`],
+    azureEntraClientSecret:
+      requestHeaders[`x-${POWERED_BY}-azure-entra-client-secret`],
+    azureEntraTenantId: requestHeaders[`x-${POWERED_BY}-azure-entra-tenant-id`],
     azureModelName: requestHeaders[`x-${POWERED_BY}-azure-model-name`],
   };
 
@@ -1037,6 +1046,9 @@ export function constructConfigFromRequestHeaders(
     awsSecretAccessKey: requestHeaders[`x-${POWERED_BY}-aws-secret-access-key`],
     awsSessionToken: requestHeaders[`x-${POWERED_BY}-aws-session-token`],
     awsRegion: requestHeaders[`x-${POWERED_BY}-aws-region`],
+    awsRoleArn: requestHeaders[`x-${POWERED_BY}-aws-role-arn`],
+    awsAuthType: requestHeaders[`x-${POWERED_BY}-aws-auth-type`],
+    awsExternalId: requestHeaders[`x-${POWERED_BY}-aws-external-id`],
   };
 
   const workersAiConfig = {

src/handlers/handlerUtils.ts

@@ -33,7 +33,10 @@ function getPayloadFromAWSChunk(chunk: Uint8Array): string {
 
   const payloadLength = chunkLength - headersEnd - 4; // Subtracting 4 for the message crc
   const payload = chunk.slice(headersEnd, headersEnd + payloadLength);
-  return decoder.decode(payload);
+  const decodedJson = JSON.parse(decoder.decode(payload));
+  return decodedJson.bytes
+    ? Buffer.from(decodedJson.bytes, 'base64').toString()
+    : JSON.stringify(decodedJson);
 }
 
 function concatenateUint8Arrays(a: Uint8Array, b: Uint8Array): Uint8Array {
@@ -60,10 +63,7 @@ export async function* readAWSStream(
           const data = buffer.subarray(0, expectedLength);
           buffer = buffer.subarray(expectedLength);
           expectedLength = readUInt32BE(buffer, 0);
-          const payload = Buffer.from(
-            JSON.parse(getPayloadFromAWSChunk(data)).bytes,
-            'base64'
-          ).toString();
+          const payload = getPayloadFromAWSChunk(data);
           if (transformFunction) {
             const transformedChunk = transformFunction(
               payload,
@@ -96,11 +96,7 @@ export async function* readAWSStream(
       buffer = buffer.subarray(expectedLength);
 
       expectedLength = readUInt32BE(buffer, 0);
-      const payload = Buffer.from(
-        JSON.parse(getPayloadFromAWSChunk(data)).bytes,
-        'base64'
-      ).toString();
-
+      const payload = getPayloadFromAWSChunk(data);
       if (transformFunction) {
         const transformedChunk = transformFunction(
           payload,

src/handlers/streamHandler.ts

@@ -2,14 +2,20 @@ import { ProviderAPIConfig } from '../types';
 
 const AnthropicAPIConfig: ProviderAPIConfig = {
   getBaseURL: () => 'https://api.anthropic.com/v1',
-  headers: ({ providerOptions, fn }) => {
+  headers: ({ providerOptions, fn, gatewayRequestBody }) => {
     const headers: Record<string, string> = {
       'X-API-Key': `${providerOptions.apiKey}`,
     };
 
+    // Accept anthropic_beta and anthropic_version in body to support enviroments which cannot send it in headers.
     const betaHeader =
-      providerOptions?.['anthropicBeta'] ?? 'messages-2023-12-15';
-    const version = providerOptions?.['anthropicVersion'] ?? '2023-06-01';
+      providerOptions?.['anthropicBeta'] ??
+      gatewayRequestBody?.['anthropic_beta'] ??
+      'messages-2023-12-15';
+    const version =
+      providerOptions?.['anthropicVersion'] ??
+      gatewayRequestBody?.['anthropic_version'] ??
+      '2023-06-01';
 
     if (fn === 'chatComplete') {
       headers['anthropic-beta'] = betaHeader;

src/providers/anthropic/api.ts

@@ -1,13 +1,46 @@
 import { ProviderAPIConfig } from '../types';
+import {
+  getAccessTokenFromEntraId,
+  getAzureManagedIdentityToken,
+} from './utils';
 
 const AzureOpenAIAPIConfig: ProviderAPIConfig = {
   getBaseURL: ({ providerOptions }) => {
     const { resourceName, deploymentId } = providerOptions;
     return `https://${resourceName}.openai.azure.com/openai/deployments/${deploymentId}`;
   },
-  headers: ({ providerOptions, fn }) => {
+  headers: async ({ providerOptions, fn }) => {
+    const { apiKey, azureAuthMode } = providerOptions;
+
+    if (azureAuthMode === 'entra') {
+      const { azureEntraTenantId, azureEntraClientId, azureEntraClientSecret } =
+        providerOptions;
+      if (azureEntraTenantId && azureEntraClientId && azureEntraClientSecret) {
+        const scope = 'https://cognitiveservices.azure.com/.default';
+        const accessToken = await getAccessTokenFromEntraId(
+          azureEntraTenantId,
+          azureEntraClientId,
+          azureEntraClientSecret,
+          scope
+        );
+        return {
+          Authorization: `Bearer ${accessToken}`,
+        };
+      }
+    }
+    if (azureAuthMode === 'managed') {
+      const { azureManagedClientId } = providerOptions;
+      const resource = 'https://cognitiveservices.azure.com/';
+      const accessToken = await getAzureManagedIdentityToken(
+        resource,
+        azureManagedClientId
+      );
+      return {
+        Authorization: `Bearer ${accessToken}`,
+      };
+    }
     const headersObj: Record<string, string> = {
-      'api-key': `${providerOptions.apiKey}`,
+      'api-key': `${apiKey}`,
     };
     if (fn === 'createTranscription' || fn === 'createTranslation')
       headersObj['Content-Type'] = 'multipart/form-data';

src/providers/azure-openai/api.ts

@@ -0,0 +1,60 @@
+export async function getAccessTokenFromEntraId(
+  tenantId: string,
+  clientId: string,
+  clientSecret: string,
+  scope = 'https://cognitiveservices.azure.com/.default'
+) {
+  try {
+    const url = `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token`;
+    const params = new URLSearchParams({
+      client_id: clientId,
+      client_secret: clientSecret,
+      scope: scope,
+      grant_type: 'client_credentials',
+    });
+
+    const response = await fetch(url, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded',
+      },
+      body: params,
+    });
+
+    if (!response.ok) {
+      const errorMessage = await response.text();
+      console.log({ message: `Error from Entra ${errorMessage}` });
+      return undefined;
+    }
+    const data: { access_token: string } = await response.json();
+    return data.access_token;
+  } catch (error) {
+    console.log(error);
+  }
+}
+
+export async function getAzureManagedIdentityToken(
+  resource: string,
+  clientId?: string
+) {
+  try {
+    const response = await fetch(
+      `http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=${encodeURIComponent(resource)}${clientId ? `&client_id=${encodeURIComponent(clientId)}` : ''}`,
+      {
+        method: 'GET',
+        headers: {
+          Metadata: 'true',
+        },
+      }
+    );
+    if (!response.ok) {
+      const errorMessage = await response.text();
+      console.log({ message: `Error from Managed ${errorMessage}` });
+      return undefined;
+    }
+    const data: { access_token: string } = await response.json();
+    return data.access_token;
+  } catch (error) {
+    console.log({ error });
+  }
+}

src/providers/azure-openai/utils.ts

@@ -1,10 +1,14 @@
+import { env } from 'hono/adapter';
+import { GatewayError } from '../../errors/GatewayError';
 import { ProviderAPIConfig } from '../types';
-import { generateAWSHeaders } from './utils';
+import { bedrockInvokeModels } from './constants';
+import { generateAWSHeaders, getAssumedRoleCredentials } from './utils';
 
 const BedrockAPIConfig: ProviderAPIConfig = {
   getBaseURL: ({ providerOptions }) =>
     `https://bedrock-runtime.${providerOptions.awsRegion || 'us-east-1'}.amazonaws.com`,
   headers: async ({
+    c,
     providerOptions,
     transformedRequestBody,
     transformedRequestUrl,
@@ -13,6 +17,41 @@ const BedrockAPIConfig: ProviderAPIConfig = {
       'content-type': 'application/json',
     };
 
+    if (providerOptions.awsAuthType === 'assumedRole') {
+      try {
+        // Assume the role in the source account
+        const sourceRoleCredentials = await getAssumedRoleCredentials(
+          c,
+          env(c).AWS_ASSUME_ROLE_SOURCE_ARN, // Role ARN in the source account
+          env(c).AWS_ASSUME_ROLE_SOURCE_EXTERNAL_ID || '', // External ID for source role (if needed)
+          providerOptions.awsRegion || ''
+        );
+
+        if (!sourceRoleCredentials) {
+          throw new Error('Server Error while assuming internal role');
+        }
+
+        // Assume role in destination account using temporary creds obtained in first step
+        const { accessKeyId, secretAccessKey, sessionToken } =
+          (await getAssumedRoleCredentials(
+            c,
+            providerOptions.awsRoleArn || '',
+            providerOptions.awsExternalId || '',
+            providerOptions.awsRegion || '',
+            {
+              accessKeyId: sourceRoleCredentials.accessKeyId,
+              secretAccessKey: sourceRoleCredentials.secretAccessKey,
+              sessionToken: sourceRoleCredentials.sessionToken,
+            }
+          )) || {};
+        providerOptions.awsAccessKeyId = accessKeyId;
+        providerOptions.awsSecretAccessKey = secretAccessKey;
+        providerOptions.awsSessionToken = sessionToken;
+      } catch (e) {
+        throw new GatewayError('Error while assuming bedrock role');
+      }
+    }
+
     return generateAWSHeaders(
       transformedRequestBody,
       headers,
@@ -27,12 +66,20 @@ const BedrockAPIConfig: ProviderAPIConfig = {
   },
   getEndpoint: ({ fn, gatewayRequestBody }) => {
     const { model, stream } = gatewayRequestBody;
+    if (!model) throw new GatewayError('Model is required');
     let mappedFn = fn;
     if (stream) {
       mappedFn = `stream-${fn}`;
     }
-    const endpoint = `/model/${model}/invoke`;
-    const streamEndpoint = `/model/${model}/invoke-with-response-stream`;
+    let endpoint = `/model/${model}/invoke`;
+    let streamEndpoint = `/model/${model}/invoke-with-response-stream`;
+    if (
+      (mappedFn === 'chatComplete' || mappedFn === 'stream-chatComplete') &&
+      !bedrockInvokeModels.includes(model)
+    ) {
+      endpoint = `/model/${model}/converse`;
+      streamEndpoint = `/model/${model}/converse-stream`;
+    }
     switch (mappedFn) {
       case 'chatComplete': {
         return endpoint;