AlinsRan commented on code in PR #12530: URL: https://github.com/apache/apisix/pull/12530#discussion_r2297641719
########## apisix/plugins/ai-aliyun-content-moderation.lua: ########## @@ -0,0 +1,450 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local ngx = ngx +local ngx_ok = ngx.OK +local os = os +local pairs = pairs +local ipairs = ipairs +local table = table +local string = string +local url = require("socket.url") +local utf8 = require("lua-utf8") +local core = require("apisix.core") +local http = require("resty.http") +local uuid = require("resty.jit-uuid") +local ai_schema = require("apisix.plugins.ai-drivers.schema") + +local sse = require("apisix.plugins.ai-drivers.sse") + +local schema = { + type = "object", + properties = { + stream_check_mode = { + type = "string", + enum = {"realtime", "final_packet"}, + default = "final_packet", + description = [[ + realtime: batched checks during streaming | final_packet: append risk_level at end + ]] + }, + stream_check_cache_size = { + type = "integer", + minimum = 1, + default = 128, + description = "max characters per moderation batch in realtime mode" + }, + stream_check_interval = { + type = "number", + minimum = 0.1, + default = 3, + description = "seconds between batch checks in realtime mode" + }, + endpoint = {type = "string", minLength = 1}, + region_id = {type ="string", minLength = 1}, + access_key_id = {type = "string", minLength = 1}, + access_key_secret = {type ="string", minLength = 1}, + check_request = {type = "boolean", default = true}, + check_response = {type = "boolean", default = false}, + request_check_service = {type = "string", minLength = 1, default = "llm_query_moderation"}, + request_check_length_limit = {type = "number", default = 2000}, + response_check_service = {type = "string", minLength = 1, + default = "llm_response_moderation"}, + response_check_length_limit = {type = "number", default = 5000}, + risk_level_bar = {type = "string", + enum = {"none", "low", "medium", "high", "max"}, + default = "high"}, + deny_code = {type = "number", default = 200}, + deny_message = {type = "string"}, + timeout = { + type = "integer", + minimum = 1, + default = 10000, + description = "timeout in milliseconds", + }, + ssl_verify = {type = "boolean", default = true }, + }, + encrypt_fields = {"access_key_secret"}, + required = { "endpoint", "region_id", "access_key_id", "access_key_secret" }, +} + + +local _M = { + version = 0.1, + priority = 1029, + name = "ai-aliyun-content-moderation", + schema = schema, +} + + +function _M.check_schema(conf) + return core.schema.check(schema, conf) +end + + +local function risk_level_to_int(risk_level) + local risk_levels = { + ["max"] = 4, + ["high"] = 3, + ["medium"] = 2, + ["low"] = 1, + ["none"] = 0 + } + return risk_levels[risk_level] or -1 +end + + +-- openresty ngx.escape_uri don't escape some sub-delimis in rfc 3986 but aliyun do it, +-- in order to we can calculate same signature with aliyun, we need escape those chars manually +local sub_delims_rfc3986 = { + ["!"] = "%%21", + ["'"] = "%%27", + ["%("] = "%%28", + ["%)"] = "%%29", + ["*"] = "%%2A", +} +local function url_encoding(raw_str) + local encoded_str = ngx.escape_uri(raw_str) + for k, v in pairs(sub_delims_rfc3986) do + encoded_str = string.gsub(encoded_str, k, v) + end + return encoded_str +end + + +local function calculate_sign(params, secret) + local params_arr = {} + for k, v in pairs(params) do + table.insert(params_arr, ngx.escape_uri(k) .. "=" .. url_encoding(v)) + end + table.sort(params_arr) + local canonical_str = table.concat(params_arr, "&") + local str_to_sign = "POST&%2F&" .. ngx.escape_uri(canonical_str) + core.log.debug("string to calculate signature: ", str_to_sign) + return ngx.encode_base64(ngx.hmac_sha1(secret, str_to_sign)) +end + + +local function check_single_content(ctx, conf, content, service_name) + local timestamp = os.date("!%Y-%m-%dT%TZ") + local random_id = uuid.generate_v4() + local params = { + ["AccessKeyId"] = conf.access_key_id, + ["Action"] = "TextModerationPlus", + ["Format"] = "JSON", + ["RegionId"] = conf.region_id, + ["Service"] = service_name, + ["ServiceParameters"] = core.json.encode({sessionId = ctx.session_id, content = content}), + ["SignatureMethod"] = "HMAC-SHA1", + ["SignatureNonce"] = random_id, + ["SignatureVersion"] = "1.0", + ["Timestamp"] = timestamp, + ["Version"] = "2022-03-02", + } + params["Signature"] = calculate_sign(params, conf.access_key_secret .. "&") + + local httpc = http.new() + httpc:set_timeout(conf.timeout) + + local parsed_url = url.parse(conf.endpoint) + local ok, err = httpc:connect({ + scheme = parsed_url and parsed_url.scheme or "https", + host = parsed_url and parsed_url.host, + port = parsed_url and parsed_url.port, + ssl_verify = conf.ssl_verify, + ssl_server_name = parsed_url and parsed_url.host, + pool_size = conf.keepalive and conf.keepalive_pool, Review Comment: pool_size is only set when conf.keepalive exists, but keepalive isn't defined in the schema. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
