diff --git a/proxy/csswitch_proxy.py b/proxy/csswitch_proxy.py index 60780dd..22cd21d 100644 --- a/proxy/csswitch_proxy.py +++ b/proxy/csswitch_proxy.py @@ -360,6 +360,12 @@ def _auth_ok(self): return False def do_GET(self): + # /health 免鉴权(健康检查不含敏感信息) + # 注意:path 可能尚未经 _auth_ok 剥离前缀,故同时匹配裸路径和带 secret 前缀的路径。 + if self.path == "/health" or self.path.startswith("/health?") \ + or self.path.endswith("/health") or "/health?" in self.path: + self._send_json(200, {"status": "ok", "provider": PROV_NAME}) + return if not self._auth_ok(): return if self.path.startswith("/v1/models"): @@ -368,8 +374,6 @@ def do_GET(self): log(f"GET /v1/models -> {PROV_NAME}: {', '.join(m[0] for m in PROV['models'])}") self._send_json(200, {"data": data, "has_more": False, "first_id": data[0]["id"], "last_id": data[-1]["id"]}) - elif self.path.startswith("/health"): - self._send_json(200, {"status": "ok", "provider": PROV_NAME}) else: self._send_json(404, {"type": "error", "error": {"type": "not_found_error", "message": self.path}}) diff --git a/test/test_proxy_auth.py b/test/test_proxy_auth.py index a32d3e1..6716ca7 100644 --- a/test/test_proxy_auth.py +++ b/test/test_proxy_auth.py @@ -61,9 +61,10 @@ def test_health_with_secret_ok(self): s, _b = _req(f"{self.base}/{SEC}/health") self.assertEqual(s, 200) - def test_health_without_secret_forbidden(self): + def test_health_without_secret_ok(self): + # /health 免鉴权(自 #12 起),便于监控探活不依赖 secret 一致性 s, _b = _req(f"{self.base}/health") - self.assertEqual(s, 403) + self.assertEqual(s, 200) def test_messages_without_secret_forbidden_and_upstream_untouched(self): before = len(self.hits)