mirror of
https://github.com/mudler/LocalAI.git
synced 2026-07-08 15:28:23 -04:00
* feat(usage): add Source, APIKeyID, APIKeyName columns to UsageRecord Adds three additive columns plus UsageSource* constants. The columns are auto-migrated by InitDB. APIKeyID is a nullable foreign reference to UserAPIKey.ID; APIKeyName is snapshotted on each row so revoked keys keep showing their name in history. Refs: #9862 Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * feat(usage): backfill Source on pre-feature usage rows InitDB now classifies any pre-existing usage_record with an empty source: 'legacy-api-key' user -> legacy, everything else -> web. The backfill is idempotent (only touches NULL/empty rows). Refs: #9862 Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * feat(usage): add GetUserUsageBySource aggregator Groups by (bucket, source, api_key_id, api_key_name). Filters out legacy by default. Returns both per-bucket detail and roll-ups (by_source, by_key sorted desc and capped at 200, grand_total). The MAX(created_at) projection is iterated via Rows().Scan into a string column and parsed manually because the SQLite driver surfaces the aggregated timestamp as a string, which database/sql refuses to scan directly into time.Time. Postgres returns a real timestamp; the same string path handles its RFC3339 form too. Refs: #9862 Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * fix(usage): log Rows() errors and assert LastUsed in tests Adds rows.Err() and Rows() open-failure logging in computeSourceTotals so silent data drops surface in logs. Logs on parseLastUsedString format misses for the same reason. Strengthens the snapshot-survival test to assert LastUsed is a recent timestamp, locking the SQLite time-string parser behaviour. Refs: #9862 Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * feat(usage): add admin GetAllUsageBySource with filters and truncation Optional user_id and api_key_id filters (composed with AND). Legacy bucket is included for admin callers. truncated=true when more than 200 distinct keys would be in the by_key roll-up. Refs: #9862 Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * feat(auth): plumb auth_source and auth_apikey through Echo context tryAuthenticate now sets auth_source on every successful branch (web for session/Bearer-session, apikey for Bearer-key/x-api-key/ token-cookie, legacy for legacy env key match). For named-key branches it also stores the resolved *UserAPIKey under auth_apikey so downstream middlewares can snapshot id+name without re-validating. Refs: #9862 Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * fix(auth): expand tryAuthenticate godoc and cover Bearer-session branch Documents all three context-keys side effects (auth_source, auth_apikey, _auth_session) plus the split of responsibilities with the parent Middleware. Adds a test for the Bearer-as-session-token classification so future regressions there fail loudly. Refs: #9862 Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * feat(usage): UsageMiddleware records source + snapshots key name Reads auth_source and auth_apikey from the Echo context (set by auth.Middleware in the previous task). Snapshots UserAPIKey.ID and Name onto each row so revoked keys remain readable in history. Falls back to source=web when no auth_source is set (auth disabled or unrecognised path). Refs: #9862 Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * feat(usage): add /api/auth/usage/sources and admin variant Self endpoint filters legacy server-side; admin endpoint includes legacy and accepts user_id + api_key_id filters. Response includes buckets, totals.{by_source, by_key, grand_total}, and a truncated flag set when the per-key roll-up was capped at 200. Refs: #9862 Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * docs(routes): mark test mirror handlers as keep-in-sync with production The newTestAuthApp helper duplicates production route handlers inline because it cannot use RegisterAuthRoutes (which requires a *application.Application). Naming the source path on each mirror makes the drift contract explicit for future maintainers. Refs: #9862 Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * feat(ui): add usageApi.getMySources/getAdminSources + i18n strings Refs: #9862 Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * feat(ui): add Sources tab skeleton with data fetch Adds Usage page tab that fetches /api/auth/usage/sources (or the admin variant). Renders raw totals plus a placeholder key list; real visualisations land in subsequent commits. Restructures the existing tab button block so Models and Sources are visible to non-admins (Users remains admin-only). Refs: #9862 Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * feat(ui): source mix ribbon + searchable/sortable sources table Replaces the SourcesTab placeholder rendering with two reusable components: SourceMixRibbon (one segmented bar per source class) and SourcesTable (search + sort + revoked-key dim). Pulls the current API key list to detect revoked keys. Refs: #9862 Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * fix(ui): skip revoked-key detection until the key list is known existingKeyIds defaulted to an empty Set, which made every live api_key row render as (revoked) during the brief window before apiKeysApi.list() resolved, and permanently after a fetch failure. Use null as the unknown state and suppress the revoked badge until the parent provides a real Set. Refs: #9862 Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * feat(ui): top-N stacked time chart and drill-in chip for Sources tab Top 7 sources by total tokens get distinct colours; the rest roll up into 'Other'. Clicking a row in the SourcesTable dims everything except that series in the chart; the chip is the canonical clear. Refs: #9862 Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * docs(usage): document per-API-key Sources tab and endpoints Extends features/authentication.md Usage Tracking section with: - A 'Sources' tab description and source-class taxonomy - Endpoint documentation for /api/auth/usage/sources and the admin variant - Response shape example with by_source / by_key / grand_total - Migration note about pre-feature row backfill Refs: #9862 Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * fix(usage): silence errcheck on deferred rows.Close CI errcheck flagged the bare 'defer rows.Close()' in computeSourceTotals. Wrap in a closure that discards the close error explicitly; an error here is non-actionable since we have already drained the rows and logged any iteration failure. Refs: #9862 Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * refactor(usage): bound batcher intake and add Shutdown/FlushNow hooks The pre-existing usage batcher had no cap on its add() path; the usageMaxPending=5000 constant only guarded the re-queue path after a failed write, leaving memory growth unbounded if the DB fell behind. This commit: - Adds the cap to add() so saturation drops new records (rate-limited warn at 1/1024) instead of growing unbounded. - Raises usageMaxPending to 50000 to absorb realistic inference bursts. - Replaces the package-level batcher global with a mutex-guarded pair plus a currentBatcher() accessor so Init / Shutdown cycles are race-free. - Adds ShutdownUsageRecorder() for graceful drain on process exit (not yet wired into app shutdown, just published). - Adds FlushNow() for deterministic tests; the middleware suite no longer needs 6s sleeps per spec and now runs in ~50ms instead of 18s. - Re-queue on failed flush is now cap-aware: prepends as much of the failed batch as fits alongside concurrent arrivals, instead of dropping the whole batch when full. Refs: #9862 Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * feat(usage): drain usage batcher on graceful shutdown Registers ShutdownUsageRecorder with the existing signals.RegisterGracefulTerminationHandler so SIGINT/SIGTERM synchronously flushes any in-memory usage records before the process exits. Without this, up to one flush interval (5s) of recorded usage was lost when LocalAI restarted. Refs: #9862 Signed-off-by: Ettore Di Giacinto <mudler@localai.io> --------- Signed-off-by: Ettore Di Giacinto <mudler@localai.io> Co-authored-by: Ettore Di Giacinto <mudler@localai.io>
354 lines
11 KiB
Go
354 lines
11 KiB
Go
//go:build auth
|
|
|
|
package auth_test
|
|
|
|
import (
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/mudler/LocalAI/core/http/auth"
|
|
. "github.com/onsi/ginkgo/v2"
|
|
. "github.com/onsi/gomega"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
var _ = Describe("Usage", func() {
|
|
Describe("RecordUsage", func() {
|
|
It("inserts a usage record", func() {
|
|
db := testDB()
|
|
record := &auth.UsageRecord{
|
|
UserID: "user-1",
|
|
UserName: "Test User",
|
|
Model: "gpt-4",
|
|
Endpoint: "/v1/chat/completions",
|
|
PromptTokens: 100,
|
|
CompletionTokens: 50,
|
|
TotalTokens: 150,
|
|
Duration: 1200,
|
|
CreatedAt: time.Now(),
|
|
}
|
|
err := auth.RecordUsage(db, record)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Expect(record.ID).ToNot(BeZero())
|
|
})
|
|
})
|
|
|
|
Describe("GetUserUsage", func() {
|
|
It("returns aggregated usage for a specific user", func() {
|
|
db := testDB()
|
|
|
|
// Insert records for two users
|
|
for range 3 {
|
|
err := auth.RecordUsage(db, &auth.UsageRecord{
|
|
UserID: "user-a",
|
|
UserName: "Alice",
|
|
Model: "gpt-4",
|
|
Endpoint: "/v1/chat/completions",
|
|
PromptTokens: 100,
|
|
TotalTokens: 150,
|
|
CreatedAt: time.Now(),
|
|
})
|
|
Expect(err).ToNot(HaveOccurred())
|
|
}
|
|
err := auth.RecordUsage(db, &auth.UsageRecord{
|
|
UserID: "user-b",
|
|
UserName: "Bob",
|
|
Model: "gpt-4",
|
|
PromptTokens: 200,
|
|
TotalTokens: 300,
|
|
CreatedAt: time.Now(),
|
|
})
|
|
Expect(err).ToNot(HaveOccurred())
|
|
|
|
buckets, err := auth.GetUserUsage(db, "user-a", "month")
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Expect(buckets).ToNot(BeEmpty())
|
|
|
|
// All returned buckets should be for user-a's model
|
|
totalPrompt := int64(0)
|
|
for _, b := range buckets {
|
|
totalPrompt += b.PromptTokens
|
|
}
|
|
Expect(totalPrompt).To(Equal(int64(300)))
|
|
})
|
|
|
|
It("filters by period", func() {
|
|
db := testDB()
|
|
|
|
// Record in the past (beyond day window)
|
|
err := auth.RecordUsage(db, &auth.UsageRecord{
|
|
UserID: "user-c",
|
|
UserName: "Carol",
|
|
Model: "gpt-4",
|
|
PromptTokens: 100,
|
|
TotalTokens: 100,
|
|
CreatedAt: time.Now().Add(-48 * time.Hour),
|
|
})
|
|
Expect(err).ToNot(HaveOccurred())
|
|
|
|
// Record now
|
|
err = auth.RecordUsage(db, &auth.UsageRecord{
|
|
UserID: "user-c",
|
|
UserName: "Carol",
|
|
Model: "gpt-4",
|
|
PromptTokens: 200,
|
|
TotalTokens: 200,
|
|
CreatedAt: time.Now(),
|
|
})
|
|
Expect(err).ToNot(HaveOccurred())
|
|
|
|
// Day period should only include recent record
|
|
buckets, err := auth.GetUserUsage(db, "user-c", "day")
|
|
Expect(err).ToNot(HaveOccurred())
|
|
totalPrompt := int64(0)
|
|
for _, b := range buckets {
|
|
totalPrompt += b.PromptTokens
|
|
}
|
|
Expect(totalPrompt).To(Equal(int64(200)))
|
|
|
|
// Month period should include both
|
|
buckets, err = auth.GetUserUsage(db, "user-c", "month")
|
|
Expect(err).ToNot(HaveOccurred())
|
|
totalPrompt = 0
|
|
for _, b := range buckets {
|
|
totalPrompt += b.PromptTokens
|
|
}
|
|
Expect(totalPrompt).To(Equal(int64(300)))
|
|
})
|
|
})
|
|
|
|
Describe("GetAllUsage", func() {
|
|
It("returns usage for all users", func() {
|
|
db := testDB()
|
|
|
|
for _, uid := range []string{"user-x", "user-y"} {
|
|
err := auth.RecordUsage(db, &auth.UsageRecord{
|
|
UserID: uid,
|
|
UserName: uid,
|
|
Model: "gpt-4",
|
|
PromptTokens: 100,
|
|
TotalTokens: 150,
|
|
CreatedAt: time.Now(),
|
|
})
|
|
Expect(err).ToNot(HaveOccurred())
|
|
}
|
|
|
|
buckets, err := auth.GetAllUsage(db, "month", "")
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Expect(len(buckets)).To(BeNumerically(">=", 2))
|
|
})
|
|
|
|
It("filters by user ID when specified", func() {
|
|
db := testDB()
|
|
|
|
err := auth.RecordUsage(db, &auth.UsageRecord{
|
|
UserID: "user-p", UserName: "Pat", Model: "gpt-4",
|
|
PromptTokens: 100, TotalTokens: 100, CreatedAt: time.Now(),
|
|
})
|
|
Expect(err).ToNot(HaveOccurred())
|
|
|
|
err = auth.RecordUsage(db, &auth.UsageRecord{
|
|
UserID: "user-q", UserName: "Quinn", Model: "gpt-4",
|
|
PromptTokens: 200, TotalTokens: 200, CreatedAt: time.Now(),
|
|
})
|
|
Expect(err).ToNot(HaveOccurred())
|
|
|
|
buckets, err := auth.GetAllUsage(db, "month", "user-p")
|
|
Expect(err).ToNot(HaveOccurred())
|
|
for _, b := range buckets {
|
|
Expect(b.UserID).To(Equal("user-p"))
|
|
}
|
|
})
|
|
})
|
|
|
|
Describe("Usage source backfill", func() {
|
|
It("backfills 'web' for pre-feature rows", func() {
|
|
db := testDB()
|
|
|
|
rawDB, err := db.DB()
|
|
Expect(err).ToNot(HaveOccurred())
|
|
_, err = rawDB.Exec(
|
|
`INSERT INTO usage_records (user_id, source, model, created_at, total_tokens, prompt_tokens, completion_tokens, duration) VALUES (?, '', ?, ?, 0, 0, 0, 0)`,
|
|
"user-x", "gpt-4", time.Now())
|
|
Expect(err).ToNot(HaveOccurred())
|
|
|
|
Expect(auth.BackfillUsageSource(db)).To(Succeed())
|
|
|
|
var loaded auth.UsageRecord
|
|
Expect(db.Where("user_id = ?", "user-x").First(&loaded).Error).To(Succeed())
|
|
Expect(loaded.Source).To(Equal(auth.UsageSourceWeb))
|
|
})
|
|
|
|
It("backfills 'legacy' for pre-feature rows with legacy-api-key user_id", func() {
|
|
db := testDB()
|
|
|
|
rawDB, err := db.DB()
|
|
Expect(err).ToNot(HaveOccurred())
|
|
_, err = rawDB.Exec(
|
|
`INSERT INTO usage_records (user_id, source, model, created_at, total_tokens, prompt_tokens, completion_tokens, duration) VALUES (?, '', ?, ?, 0, 0, 0, 0)`,
|
|
"legacy-api-key", "gpt-4", time.Now())
|
|
Expect(err).ToNot(HaveOccurred())
|
|
|
|
Expect(auth.BackfillUsageSource(db)).To(Succeed())
|
|
|
|
var loaded auth.UsageRecord
|
|
Expect(db.Where("user_id = ?", "legacy-api-key").First(&loaded).Error).To(Succeed())
|
|
Expect(loaded.Source).To(Equal(auth.UsageSourceLegacy))
|
|
})
|
|
|
|
It("is idempotent on re-run", func() {
|
|
db := testDB()
|
|
Expect(auth.BackfillUsageSource(db)).To(Succeed())
|
|
Expect(auth.BackfillUsageSource(db)).To(Succeed())
|
|
})
|
|
})
|
|
|
|
Describe("UsageRecord with source fields", func() {
|
|
It("persists Source, APIKeyID, APIKeyName", func() {
|
|
db := testDB()
|
|
keyID := "key-uuid-1"
|
|
record := &auth.UsageRecord{
|
|
UserID: "user-1",
|
|
UserName: "Test User",
|
|
Source: auth.UsageSourceAPIKey,
|
|
APIKeyID: &keyID,
|
|
APIKeyName: "ci-runner",
|
|
Model: "gpt-4",
|
|
Endpoint: "/v1/chat/completions",
|
|
TotalTokens: 150,
|
|
CreatedAt: time.Now(),
|
|
}
|
|
Expect(auth.RecordUsage(db, record)).To(Succeed())
|
|
|
|
var loaded auth.UsageRecord
|
|
Expect(db.First(&loaded, record.ID).Error).To(Succeed())
|
|
Expect(loaded.Source).To(Equal(auth.UsageSourceAPIKey))
|
|
Expect(loaded.APIKeyID).ToNot(BeNil())
|
|
Expect(*loaded.APIKeyID).To(Equal("key-uuid-1"))
|
|
Expect(loaded.APIKeyName).To(Equal("ci-runner"))
|
|
})
|
|
|
|
It("allows nil APIKeyID for web/legacy sources", func() {
|
|
db := testDB()
|
|
record := &auth.UsageRecord{
|
|
UserID: "user-1",
|
|
Source: auth.UsageSourceWeb,
|
|
Model: "gpt-4",
|
|
CreatedAt: time.Now(),
|
|
}
|
|
Expect(auth.RecordUsage(db, record)).To(Succeed())
|
|
|
|
var loaded auth.UsageRecord
|
|
Expect(db.First(&loaded, record.ID).Error).To(Succeed())
|
|
Expect(loaded.Source).To(Equal(auth.UsageSourceWeb))
|
|
Expect(loaded.APIKeyID).To(BeNil())
|
|
Expect(loaded.APIKeyName).To(BeEmpty())
|
|
})
|
|
})
|
|
|
|
Describe("GetUserUsageBySource", func() {
|
|
insert := func(db *gorm.DB, userID, source, keyID, keyName string, tokens int64, when time.Time) {
|
|
rec := &auth.UsageRecord{
|
|
UserID: userID,
|
|
Source: source,
|
|
Model: "gpt-4",
|
|
TotalTokens: tokens,
|
|
CreatedAt: when,
|
|
}
|
|
if keyID != "" {
|
|
rec.APIKeyID = &keyID
|
|
rec.APIKeyName = keyName
|
|
}
|
|
Expect(auth.RecordUsage(db, rec)).To(Succeed())
|
|
}
|
|
|
|
It("returns only the caller's rows, never legacy", func() {
|
|
db := testDB()
|
|
now := time.Now()
|
|
insert(db, "alice", auth.UsageSourceAPIKey, "k1", "ci", 100, now)
|
|
insert(db, "alice", auth.UsageSourceWeb, "", "", 50, now)
|
|
insert(db, "alice", auth.UsageSourceLegacy, "", "", 30, now)
|
|
insert(db, "bob", auth.UsageSourceAPIKey, "k2", "bobk", 90, now)
|
|
|
|
buckets, totals, err := auth.GetUserUsageBySource(db, "alice", "month")
|
|
Expect(err).ToNot(HaveOccurred())
|
|
|
|
for _, b := range buckets {
|
|
Expect(b.UserID).To(Or(BeEmpty(), Equal("alice")))
|
|
Expect(b.Source).ToNot(Equal(auth.UsageSourceLegacy))
|
|
}
|
|
|
|
Expect(totals.GrandTotal.Tokens).To(Equal(int64(150)))
|
|
Expect(totals.BySource[auth.UsageSourceAPIKey].Tokens).To(Equal(int64(100)))
|
|
Expect(totals.BySource[auth.UsageSourceWeb].Tokens).To(Equal(int64(50)))
|
|
_, hasLegacy := totals.BySource[auth.UsageSourceLegacy]
|
|
Expect(hasLegacy).To(BeFalse())
|
|
})
|
|
|
|
It("snapshots survive key deletion", func() {
|
|
db := testDB()
|
|
now := time.Now()
|
|
insert(db, "alice", auth.UsageSourceAPIKey, "deleted-key", "old-name", 42, now)
|
|
_, totals, err := auth.GetUserUsageBySource(db, "alice", "month")
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Expect(totals.ByKey).To(HaveLen(1))
|
|
Expect(totals.ByKey[0].APIKeyName).To(Equal("old-name"))
|
|
Expect(totals.ByKey[0].APIKeyID).To(Equal("deleted-key"))
|
|
Expect(totals.ByKey[0].LastUsed).ToNot(BeZero())
|
|
Expect(totals.ByKey[0].LastUsed).To(BeTemporally("~", now, 2*time.Second))
|
|
})
|
|
})
|
|
|
|
Describe("GetAllUsageBySource", func() {
|
|
insert := func(db *gorm.DB, userID, source, keyID string, tokens int64) {
|
|
rec := &auth.UsageRecord{
|
|
UserID: userID,
|
|
Source: source,
|
|
Model: "gpt-4",
|
|
TotalTokens: tokens,
|
|
CreatedAt: time.Now(),
|
|
}
|
|
if keyID != "" {
|
|
rec.APIKeyID = &keyID
|
|
rec.APIKeyName = "name-" + keyID
|
|
}
|
|
Expect(auth.RecordUsage(db, rec)).To(Succeed())
|
|
}
|
|
|
|
It("includes legacy for admins", func() {
|
|
db := testDB()
|
|
insert(db, "alice", auth.UsageSourceAPIKey, "k1", 10)
|
|
insert(db, "legacy-api-key", auth.UsageSourceLegacy, "", 5)
|
|
|
|
_, totals, _, err := auth.GetAllUsageBySource(db, "month", "", "")
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Expect(totals.BySource).To(HaveKey(auth.UsageSourceLegacy))
|
|
Expect(totals.BySource[auth.UsageSourceLegacy].Tokens).To(Equal(int64(5)))
|
|
})
|
|
|
|
It("filters by user_id AND api_key_id", func() {
|
|
db := testDB()
|
|
insert(db, "alice", auth.UsageSourceAPIKey, "k1", 10)
|
|
insert(db, "alice", auth.UsageSourceAPIKey, "k2", 20)
|
|
insert(db, "bob", auth.UsageSourceAPIKey, "k3", 30)
|
|
|
|
_, totals, _, err := auth.GetAllUsageBySource(db, "month", "alice", "k2")
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Expect(totals.GrandTotal.Tokens).To(Equal(int64(20)))
|
|
})
|
|
|
|
It("sets truncated=true when by_key exceeds the cap", func() {
|
|
db := testDB()
|
|
for i := 0; i < 210; i++ {
|
|
insert(db, "alice", auth.UsageSourceAPIKey, fmt.Sprintf("key-%03d", i), int64(210-i))
|
|
}
|
|
|
|
_, totals, truncated, err := auth.GetAllUsageBySource(db, "month", "", "")
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Expect(truncated).To(BeTrue())
|
|
Expect(totals.ByKey).To(HaveLen(200))
|
|
Expect(totals.ByKey[0].Tokens > totals.ByKey[199].Tokens).To(BeTrue())
|
|
})
|
|
})
|
|
})
|