Merge branch 'master' of github.com:apache/apisix into revolyssup/ai-prompt-guard

Author: Revolyssup

Makefile

@@ -382,9 +382,6 @@ install: runtime
 	$(ENV_INSTALL) -d $(ENV_INST_LUADIR)/apisix/plugins/ai-rag/vector-search
 	$(ENV_INSTALL) apisix/plugins/ai-rag/vector-search/*.lua $(ENV_INST_LUADIR)/apisix/plugins/ai-rag/vector-search
 
-	# ai-content-moderation plugin
-	$(ENV_INSTALL) -d $(ENV_INST_LUADIR)/apisix/plugins/ai
-	$(ENV_INSTALL) apisix/plugins/ai/*.lua $(ENV_INST_LUADIR)/apisix/plugins/ai
 
 	$(ENV_INSTALL) bin/apisix $(ENV_INST_BINDIR)/apisix
 

apisix/cli/config.lua

@@ -218,7 +218,7 @@ local _M = {
     "ai-prompt-decorator",
     "ai-prompt-guard",
     "ai-rag",
-    "ai-content-moderation",
+    "ai-aws-content-moderation",
     "proxy-mirror",
     "proxy-rewrite",
     "workflow",

apisix/core/config_etcd.lua

@@ -262,6 +262,14 @@ local function do_run_watch(premature)
             cancel_watch(http_cli)
             break
         end
+
+        if rev < watch_ctx.rev then
+            log.error("received smaller revision, rev=", rev, ", watch_ctx.rev=",
+                      watch_ctx.rev,". etcd may be restarted. resyncing....")
+            produce_res(nil, "restarted")
+            cancel_watch(http_cli)
+            break
+        end
         if rev > watch_ctx.rev then
             watch_ctx.rev = rev + 1
         end
@@ -569,6 +577,7 @@ local function load_full_data(self, dir_res, headers)
     end
 
     if headers then
+        self.prev_index = tonumber(headers["X-Etcd-Index"]) or 0
         self:upgrade_version(headers["X-Etcd-Index"])
     end
 
@@ -633,7 +642,7 @@ local function sync_data(self)
     log.info("res: ", json.delay_encode(dir_res, true), ", err: ", err)
 
     if not dir_res then
-        if err == "compacted" then
+        if err == "compacted" or err == "restarted" then
             self.need_reload = true
             log.error("waitdir [", self.key, "] err: ", err,
                      ", will read the configuration again via readdir")

apisix/plugins/ai-content-moderation.lua …ix/plugins/ai-aws-content-moderation.luaapisix/plugins/ai-content-moderation.lua renamed to apisix/plugins/ai-aws-content-moderation.lua apisix/plugins/ai-content-moderation.lua renamed to apisix/plugins/ai-aws-content-moderation.lua

@@ -19,48 +19,34 @@ local aws_instance = require("resty.aws")()
 local http = require("resty.http")
 local fetch_secrets = require("apisix.secret").fetch_secrets
 
-local next = next
 local pairs = pairs
 local unpack = unpack
 local type = type
 local ipairs = ipairs
-local require = require
 local HTTP_INTERNAL_SERVER_ERROR = ngx.HTTP_INTERNAL_SERVER_ERROR
 local HTTP_BAD_REQUEST = ngx.HTTP_BAD_REQUEST
 
-
-local aws_comprehend_schema = {
-    type = "object",
-    properties = {
-        access_key_id = { type = "string" },
-        secret_access_key = { type = "string" },
-        region = { type = "string" },
-        endpoint = {
-            type = "string",
-            pattern = [[^https?://]]
-        },
-        ssl_verify = {
-            type = "boolean",
-            default = true
-        }
-    },
-    required = { "access_key_id", "secret_access_key", "region", }
-}
-
 local moderation_categories_pattern = "^(PROFANITY|HATE_SPEECH|INSULT|"..
                                       "HARASSMENT_OR_ABUSE|SEXUAL|VIOLENCE_OR_THREAT)$"
 local schema = {
     type = "object",
     properties = {
-        provider = {
+        comprehend = {
             type = "object",
             properties = {
-                aws_comprehend = aws_comprehend_schema
+                access_key_id = { type = "string" },
+                secret_access_key = { type = "string" },
+                region = { type = "string" },
+                endpoint = {
+                    type = "string",
+                    pattern = [[^https?://]]
+                },
+                ssl_verify = {
+                    type = "boolean",
+                    default = true
+                }
             },
-            maxProperties = 1,
-            -- ensure only one provider can be configured while implementing support for
-            -- other providers
-            required = { "aws_comprehend" }
+            required = { "access_key_id", "secret_access_key", "region", }
         },
         moderation_categories = {
             type = "object",
@@ -78,20 +64,16 @@ local schema = {
             minimum = 0,
             maximum = 1,
             default = 0.5
-        },
-        llm_provider = {
-            type = "string",
-            enum = { "openai" },
         }
     },
-    required = { "provider", "llm_provider" },
+    required = { "comprehend" },
 }
 
 
 local _M = {
     version  = 0.1,
     priority = 1040, -- TODO: might change
-    name     = "ai-content-moderation",
+    name     = "ai-aws-content-moderation",
     schema   = schema,
 }
 
@@ -107,51 +89,44 @@ function _M.rewrite(conf, ctx)
         return HTTP_INTERNAL_SERVER_ERROR, "failed to retrieve secrets from conf"
     end
 
-    local body, err = core.request.get_json_request_body_table()
+    local body, err = core.request.get_body()
     if not body then
         return HTTP_BAD_REQUEST, err
     end
 
-    local msgs = body.messages
-    if type(msgs) ~= "table" or #msgs < 1 then
-        return HTTP_BAD_REQUEST, "messages not found in request body"
-    end
-
-    local provider = conf.provider[next(conf.provider)]
+    local comprehend = conf.comprehend
 
     local credentials = aws_instance:Credentials({
-        accessKeyId = provider.access_key_id,
-        secretAccessKey = provider.secret_access_key,
-        sessionToken = provider.session_token,
+        accessKeyId = comprehend.access_key_id,
+        secretAccessKey = comprehend.secret_access_key,
+        sessionToken = comprehend.session_token,
     })
 
-    local default_endpoint = "https://comprehend." .. provider.region .. ".amazonaws.com"
-    local scheme, host, port = unpack(http:parse_uri(provider.endpoint or default_endpoint))
+    local default_endpoint = "https://comprehend." .. comprehend.region .. ".amazonaws.com"
+    local scheme, host, port = unpack(http:parse_uri(comprehend.endpoint or default_endpoint))
     local endpoint = scheme .. "://" .. host
     aws_instance.config.endpoint = endpoint
-    aws_instance.config.ssl_verify = provider.ssl_verify
+    aws_instance.config.ssl_verify = comprehend.ssl_verify
 
     local comprehend = aws_instance:Comprehend({
         credentials = credentials,
         endpoint = endpoint,
-        region = provider.region,
+        region = comprehend.region,
         port = port,
     })
 
-    local ai_module = require("apisix.plugins.ai." .. conf.llm_provider)
-    local create_request_text_segments = ai_module.create_request_text_segments
-
-    local text_segments = create_request_text_segments(msgs)
     local res, err = comprehend:detectToxicContent({
         LanguageCode = "en",
-        TextSegments = text_segments,
+        TextSegments = {{
+            Text = body
+        }},
     })
 
     if not res then
         core.log.error("failed to send request to ", endpoint, ": ", err)
         return HTTP_INTERNAL_SERVER_ERROR, err
     end
-
+    core.log.warn("dibag: ", core.json.encode(res))
     local results = res.body and res.body.ResultList
     if type(results) ~= "table" or core.table.isempty(results) then
         return HTTP_INTERNAL_SERVER_ERROR, "failed to get moderation results from response"

apisix/plugins/ai-drivers/deepseek.lua

@@ -15,7 +15,7 @@
 -- limitations under the License.
 --
 
-return require("apisix.plugins.ai-drivers.openai-compatible").new(
+return require("apisix.plugins.ai-drivers.openai-base").new(
     {
         host = "api.deepseek.com",
         path = "/chat/completions",

apisix/plugins/ai-drivers/openai-base.lua

@@ -0,0 +1,112 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements.  See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License.  You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+local _M = {}
+
+local mt = {
+    __index = _M
+}
+
+local core = require("apisix.core")
+local http = require("resty.http")
+local url  = require("socket.url")
+
+local pairs = pairs
+local type  = type
+local setmetatable = setmetatable
+
+
+function _M.new(opts)
+
+    local self = {
+        host = opts.host,
+        port = opts.port,
+        path = opts.path,
+    }
+    return setmetatable(self, mt)
+end
+
+
+function _M.request(self, conf, request_table, extra_opts)
+    local httpc, err = http.new()
+    if not httpc then
+        return nil, "failed to create http client to send request to LLM server: " .. err
+    end
+    httpc:set_timeout(conf.timeout)
+
+    local endpoint = extra_opts.endpoint
+    local parsed_url
+    if endpoint then
+        parsed_url = url.parse(endpoint)
+    end
+
+    local ok, err = httpc:connect({
+        scheme = endpoint and parsed_url.scheme or "https",
+        host = endpoint and parsed_url.host or self.host,
+        port = endpoint and parsed_url.port or self.port,
+        ssl_verify = conf.ssl_verify,
+        ssl_server_name = endpoint and parsed_url.host or self.host,
+        pool_size = conf.keepalive and conf.keepalive_pool,
+    })
+
+    if not ok then
+        return nil, "failed to connect to LLM server: " .. err
+    end
+
+    local query_params = extra_opts.query_params
+
+    if type(parsed_url) == "table" and parsed_url.query and #parsed_url.query > 0 then
+        local args_tab = core.string.decode_args(parsed_url.query)
+        if type(args_tab) == "table" then
+            core.table.merge(query_params, args_tab)
+        end
+    end
+
+    local path = (endpoint and parsed_url.path or self.path)
+
+    local headers = extra_opts.headers
+    headers["Content-Type"] = "application/json"
+    local params = {
+        method = "POST",
+        headers = headers,
+        keepalive = conf.keepalive,
+        ssl_verify = conf.ssl_verify,
+        path = path,
+        query = query_params
+    }
+
+    if extra_opts.model_options then
+        for opt, val in pairs(extra_opts.model_options) do
+            request_table[opt] = val
+        end
+    end
+
+    local req_json, err = core.json.encode(request_table)
+    if not req_json then
+        return nil, err
+    end
+
+    params.body = req_json
+
+    local res, err = httpc:request(params)
+    if not res then
+        return nil, err
+    end
+
+    return res, nil, httpc
+end
+
+return _M