Files
Momento/memento-note/app/api/user/api-keys/verify/route.ts
Antigravity a623454347
Some checks failed
CI / Lint, Unit Tests & Build (push) Failing after 1m32s
CI / Deploy production (on server) (push) Has been skipped
perf: memo GridCard, fuse save fns, fix slash tab active color
2026-06-14 14:06:05 +00:00

83 lines
3.1 KiB
TypeScript

import { NextRequest, NextResponse } from 'next/server';
import { auth } from '@/auth';
import { getEffectiveTier } from '@/lib/entitlements';
import { isByokProviderAllowed } from '@/lib/byok';
import { fetchLiveModelsForProvider, type FetchModelsResult } from '@/lib/ai/models-list';
import { VALID_PROVIDERS, type AiGatewayProvider } from '@/lib/ai/router';
/**
* GET /api/user/api-keys/verify?provider=<provider>&key=<api_key>&baseUrl=<optional_custom_url>
*
* Verifies that the user's API key is valid by attempting to fetch models.
* Returns validity status and available models if successful.
*
* Key is only considered VALID if we can fetch models from the actual provider API.
* Fallback to hardcoded suggestions is NOT considered valid verification.
*/
export async function GET(request: NextRequest) {
const session = await auth();
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const tier = await getEffectiveTier(session.user.id);
if (tier === 'BASIC') {
return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
}
const { searchParams } = request.nextUrl;
const provider = searchParams.get('provider') as AiGatewayProvider;
const apiKey = searchParams.get('key');
const baseUrl = searchParams.get('baseUrl') ?? undefined;
if (!provider || !apiKey) {
return NextResponse.json({ error: 'Missing parameters' }, { status: 400 });
}
if (!VALID_PROVIDERS.has(provider)) {
return NextResponse.json({ error: 'Invalid provider' }, { status: 400 });
}
if (!isByokProviderAllowed(tier, provider)) {
return NextResponse.json({ error: 'Tier restricted' }, { status: 403 });
}
try {
const result: FetchModelsResult = await fetchLiveModelsForProvider(provider, apiKey, baseUrl);
console.log(`[verify] ${provider}: fromApi=${result.fromApi}, models=${result.models.length}`, result.models);
// Only consider key valid if we got models from the REAL API (not fallbacks)
// Exception: Anthropic/Google/custom don't guarantee public /models endpoints, so we accept fallbacks for them
const acceptsFallbacks =
provider === 'anthropic' ||
provider === 'anthropic_custom' ||
provider === 'custom_anthropic' ||
provider === 'google' ||
provider === 'minimax' ||
provider === 'custom' ||
provider === 'custom_openai';
const isValid = result.models.length > 0 && (result.fromApi || acceptsFallbacks);
return NextResponse.json({
valid: isValid,
models: result.models,
fromApi: result.fromApi,
message: isValid
? result.fromApi
? `${result.models.length} modèle(s) trouvé(s) via l'API ${provider}`
: `${result.models.length} modèle(s) suggéré(s) pour ${provider}`
: 'Aucun modèle trouvé - vérifiez votre clé API'
});
} catch (error) {
const message = error instanceof Error ? error.message : 'Clé API invalide';
console.error(`[verify] ${provider} failed:`, error);
return NextResponse.json({
valid: false,
models: [],
fromApi: false,
message
}, { status: 200 }); // Return 200 with valid:false for UI handling
}
}