Merge remote-tracking branch 'github/master' into dev-apisix

Author: laz-xyr

apisix/balancer.lua

@@ -27,7 +27,6 @@ local set_more_tries   = balancer.set_more_tries
 local get_last_failure = balancer.get_last_failure
 local set_timeouts     = balancer.set_timeouts
 local ngx_now          = ngx.now
-local str_byte         = string.byte
 
 local module_name = "balancer"
 local pickers = {}
@@ -195,12 +194,6 @@ end
 local function pick_server(route, ctx)
     local up_conf = ctx.upstream_conf
 
-    for _, node in ipairs(up_conf.nodes) do
-        if core.utils.parse_ipv6(node.host) and str_byte(node.host, 1) ~= str_byte("[") then
-            node.host = '[' .. node.host .. ']'
-        end
-    end
-
     local nodes_count = #up_conf.nodes
     if nodes_count == 1 then
         local node = up_conf.nodes[1]

apisix/upstream.lua

@@ -25,6 +25,7 @@ local tostring = tostring
 local ipairs = ipairs
 local pairs = pairs
 local pcall = pcall
+local str_byte = string.byte
 local ngx_var = ngx.var
 local is_http = ngx.config.subsystem == "http"
 local upstreams
@@ -325,10 +326,16 @@ function _M.upstreams()
 end
 
 
-function _M.check_schema(conf)
+local function check_schema(conf)
+    for _, node in ipairs(conf.nodes or {}) do
+        if core.utils.parse_ipv6(node.host) and str_byte(node.host, 1) ~= str_byte("[") then
+            return false, "IPv6 address must be enclosed with '[' and ']'"
+        end
+    end
     return core.schema.check(core.schema.upstream, conf)
 end
 
+_M.check_schema = check_schema
 
 local function get_chash_key_schema(hash_on)
     if not hash_on then
@@ -357,7 +364,7 @@ end
 
 local function check_upstream_conf(in_dp, conf)
     if not in_dp then
-        local ok, err = core.schema.check(core.schema.upstream, conf)
+        local ok, err = check_schema(conf)
         if not ok then
             return false, "invalid configuration: " .. err
         end
@@ -396,6 +403,12 @@ local function check_upstream_conf(in_dp, conf)
                                     .. "wrong ssl type"
             end
         end
+    else
+        for i, node in ipairs(conf.nodes or {}) do
+            if core.utils.parse_ipv6(node.host) and str_byte(node.host, 1) ~= str_byte("[") then
+                conf.nodes[i].host = "[" .. node.host .. "]"
+            end
+        end
     end
 
     if is_http then

apisix/utils/batch-processor.lua

@@ -51,8 +51,14 @@ batch_processor.schema = schema
 local function schedule_func_exec(self, delay, batch)
     local hdl, err = timer_at(delay, execute_func, self, batch)
     if not hdl then
-        core.log.error("failed to create process timer: ", err)
-        return
+        if err == "process exiting" then
+            -- it is allowed to create zero-delay timers even when
+            -- the Nginx worker process starts shutting down
+            timer_at(0, execute_func, self)
+        else
+            core.log.error("failed to create process timer: ", err)
+            return
+        end
     end
 end
 
@@ -78,10 +84,6 @@ end
 
 
 function execute_func(premature, self, batch)
-    if premature then
-        return
-    end
-
     -- In case of "err" and a valid "first_fail" batch processor considers, all first_fail-1
     -- entries have been successfully consumed and hence reschedule the job for entries with
     -- index first_fail to #entries based on the current retry policy.
@@ -116,10 +118,6 @@ end
 
 
 local function flush_buffer(premature, self)
-    if premature then
-        return
-    end
-
     if now() - self.last_entry_t >= self.inactive_timeout or
        now() - self.first_entry_t >= self.buffer_duration
     then
@@ -140,8 +138,12 @@ end
 function create_buffer_timer(self)
     local hdl, err = timer_at(self.inactive_timeout, flush_buffer, self)
     if not hdl then
-        core.log.error("failed to create buffer timer: ", err)
-        return
+        if err == "process exiting" then
+            timer_at(0, flush_buffer, self)
+        else
+            core.log.error("failed to create buffer timer: ", err)
+            return
+        end
     end
     self.is_timer_running = true
 end

docs/en/latest/plugins/ai-aliyun-content-moderation.md

@@ -1,11 +1,11 @@
 ---
-title: ai-aws-content-moderation
+title: ai-aliyun-content-moderation
 keywords:
   - Apache APISIX
   - API Gateway
   - Plugin
   - ai-aliyun-content-moderation
-description: This document contains information about the Apache APISIX ai-aws-content-moderation Plugin.
+description: This document contains information about the Apache APISIX ai-aliyun-content-moderation Plugin.
 ---
 
 <!--
@@ -29,7 +29,7 @@ description: This document contains information about the Apache APISIX ai-aws-c
 
 ## Description
 
-The ai-aliyun-content-moderation plugin integrates with Aliyun's content moderation service to check both request and response content for inappropriate material when working with LLMs. It supports both real-time streaming checks and final packet moderation.
+The `ai-aliyun-content-moderation` plugin integrates with Aliyun's content moderation service to check both request and response content for inappropriate material when working with LLMs. It supports both real-time streaming checks and final packet moderation.
 
 This plugin must be used in routes that utilize the ai-proxy or ai-proxy-multi plugins.
 

docs/en/latest/plugins/ai-proxy-multi.md

@@ -35,7 +35,7 @@ description: The ai-proxy-multi Plugin extends the capabilities of ai-proxy with
 
 ## Description
 
-The `ai-proxy-multi` Plugin simplifies access to LLM and embedding models by transforming Plugin configurations into the designated request format for OpenAI, DeepSeek, Azure, AIMLAPI, and other OpenAI-compatible APIs. It extends the capabilities of [`ai-proxy-multi`](./ai-proxy.md) with load balancing, retries, fallbacks, and health checks.
+The `ai-proxy-multi` Plugin simplifies access to LLM and embedding models by transforming Plugin configurations into the designated request format for OpenAI, DeepSeek, Azure, AIMLAPI, and other OpenAI-compatible APIs. It extends the capabilities of [`ai-proxy`](./ai-proxy.md) with load balancing, retries, fallbacks, and health checks.
 
 In addition, the Plugin also supports logging LLM request information in the access log, such as token usage, model, time to the first response, and more.
 

docs/en/latest/plugins/inspect.md

@@ -68,8 +68,8 @@ be flushed, and it would not affect other caches to avoid slowing down other par
 * If the breakpointis related to local function or anonymous function,
 then you have to set it to `nil` (because no way to get function reference), which would flush the whole jit cache of Lua vm.
 
-You attach a `filter_func` function of the breakpoint, the function takes the `info` as argument and returns
-true of false to determine whether the breakpoint would be removed. You could setup one-shot breakpoint
+You attach a `filter_func` function to the breakpoint. The function takes the `info` as an argument and returns
+true or false to determine whether the breakpoint would be removed. This allows you to set up a one-shot breakpoint
 at ease.
 
 The `info` is a hash table which contains below keys:

docs/zh/latest/config.json

@@ -29,7 +29,9 @@
         "tutorials/observe-your-api",
         "tutorials/health-check",
         "tutorials/client-to-apisix-mtls",
-        "tutorials/keycloak-oidc"
+        "tutorials/keycloak-oidc",
+        "tutorials/manage-api-consumers",
+        "tutorials/cache-api-responses"
       ]
     },
     {
@@ -56,6 +58,22 @@
       "type": "category",
       "label": "插件",
       "items": [
+        {
+          "type": "category",
+          "label": "人工智能",
+          "items": [
+            "plugins/ai-proxy",
+            "plugins/ai-proxy-multi",
+            "plugins/ai-rate-limiting",
+            "plugins/ai-prompt-guard",
+            "plugins/ai-aws-content-moderation",
+            "plugins/ai-aliyun-content-moderation",
+            "plugins/ai-prompt-decorator",
+            "plugins/ai-prompt-template",
+            "plugins/ai-rag",
+            "plugins/ai-request-rewrite"
+          ]
+        },
         {
           "type": "category",
           "label": "普通插件",

docs/zh/latest/plugins/ai-aliyun-content-moderation.md

@@ -0,0 +1,129 @@
+---
+title: ai-aliyun-content-moderation
+keywords:
+  - Apache APISIX
+  - API 网关
+  - Plugin
+  - ai-aliyun-content-moderation
+description: 本文档包含有关 Apache APISIX ai-aliyun-content-moderation 插件的信息。
+---
+
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## 描述
+
+`ai-aliyun-content-moderation` 插件集成了阿里云的内容审核服务，用于在与大语言模型 (LLM) 交互时检查请求和响应内容是否包含不当材料。它支持实时流式检查和最终数据包审核两种模式。
+
+此插件必须在使用 `ai-proxy` 或 `ai-proxy-multi` 插件的路由中使用。
+
+## 插件属性
+
+| **字段**                     | **必选项** | **类型**  | **描述**                                                                                                                                                                    |
+| ---------------------------- | ---------- | --------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| endpoint                     | 是         | String    | 阿里云服务端点 URL                                                                                                                                                          |
+| region_id                    | 是         | String    | 阿里云区域标识符                                                                                                                                                            |
+| access_key_id                | 是         | String    | 阿里云访问密钥 ID                                                                                                                                                           |
+| access_key_secret            | 是         | String    | 阿里云访问密钥密码                                                                                                                                                          |
+| check_request                | 否         | Boolean   | 启用请求内容审核。默认值：`true`                                                                                                                                            |
+| check_response               | 否         | Boolean   | 启用响应内容审核。默认值：`false`                                                                                                                                           |
+| stream_check_mode            | 否         | String    | 流式审核模式。默认值：`"final_packet"`。有效值：`["realtime", "final_packet"]`                                                                                             |
+| stream_check_cache_size      | 否         | Integer   | 实时模式下每次审核批次的最大字符数。默认值：`128`。必须 `>= 1`                                                                                                              |
+| stream_check_interval        | 否         | Number    | 实时模式下批次检查之间的间隔秒数。默认值：`3`。必须 `>= 0.1`                                                                                                                |
+| request_check_service        | 否         | String    | 用于请求审核的阿里云服务。默认值：`"llm_query_moderation"`                                                                                                                  |
+| request_check_length_limit   | 否         | Number    | 每个请求审核块的最大字符数。默认值：`2000`                                                                                                                                  |
+| response_check_service       | 否         | String    | 用于响应审核的阿里云服务。默认值：`"llm_response_moderation"`                                                                                                               |
+| response_check_length_limit  | 否         | Number    | 每个响应审核块的最大字符数。默认值：`5000`                                                                                                                                  |
+| risk_level_bar               | 否         | String    | 内容拒绝的阈值。默认值：`"high"`。有效值：`["none", "low", "medium", "high", "max"]`                                                                                       |
+| deny_code                    | 否         | Number    | 被拒绝内容的 HTTP 状态码。默认值：`200`                                                                                                                                     |
+| deny_message                 | 否         | String    | 被拒绝内容的自定义消息。默认值：`-`                                                                                                                                         |
+| timeout                      | 否         | Integer   | 请求超时时间（毫秒）。默认值：`10000`。必须 `>= 1`                                                                                                                          |
+| ssl_verify                   | 否         | Boolean   | 启用 SSL 证书验证。默认值：`true`                                                                                                                                           |
+
+## 使用示例
+
+首先初始化这些 shell 变量：
+
+```shell
+ADMIN_API_KEY=edd1c9f034335f136f87ad84b625c8f1
+ALIYUN_ACCESS_KEY_ID=your-aliyun-access-key-id
+ALIYUN_ACCESS_KEY_SECRET=your-aliyun-access-key-secret
+ALIYUN_REGION=cn-hangzhou
+ALIYUN_ENDPOINT=https://green.cn-hangzhou.aliyuncs.com
+OPENAI_KEY=your-openai-api-key
+```
+
+创建一个带有 `ai-aliyun-content-moderation` 和 `ai-proxy` 插件的路由：
+
+```shell
+curl "http://127.0.0.1:9180/apisix/admin/routes/1" -X PUT \
+  -H "X-API-KEY: ${ADMIN_API_KEY}" \
+  -d '{
+    "uri": "/v1/chat/completions",
+    "plugins": {
+      "ai-proxy": {
+        "provider": "openai",
+        "auth": {
+          "header": {
+            "Authorization": "Bearer '"$OPENAI_KEY"'"
+          }
+        },
+        "override": {
+          "endpoint": "http://localhost:6724/v1/chat/completions"
+        }
+      },
+      "ai-aliyun-content-moderation": {
+        "endpoint": "'"$ALIYUN_ENDPOINT"'",
+        "region_id": "'"$ALIYUN_REGION"'",
+        "access_key_id": "'"$ALIYUN_ACCESS_KEY_ID"'",
+        "access_key_secret": "'"$ALIYUN_ACCESS_KEY_SECRET"'",
+        "risk_level_bar": "high",
+        "check_request": true,
+        "check_response": true,
+        "deny_code": 400,
+        "deny_message": "您的请求违反了内容政策"
+      }
+    }
+  }'
+```
+
+这里使用 `ai-proxy` 插件是因为它简化了对 LLM 的访问。不过，您也可以在上游配置中配置 LLM。
+
+现在发送一个请求：
+
+```shell
+curl http://127.0.0.1:9080/v1/chat/completions -i \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "gpt-3.5-turbo",
+    "messages": [
+      {"role": "user", "content": "I want to kill you"}
+    ],
+    "stream": false
+  }'
+```
+
+然后请求将被阻止，并返回如下错误：
+
+```text
+HTTP/1.1 400 Bad Request
+Content-Type: application/json
+
+{"id":"chatcmpl-123","object":"chat.completion","model":"gpt-3.5-turbo","choices":[{"index":0,"message":{"role":"assistant","content":"您的请求违反了内容政策"},"finish_reason":"stop"}],"usage":{"prompt_tokens":0,"completion_tokens":0,"total_tokens":0}}
+```