Farhan Beg commited on
Commit ·
ff3dadd
1
Parent(s): 8da84d4
fix(router): explicit 404 for legacy /api/sessions/<id>/chat/stream
Browse filesThe hermes-workspace capability probe POSTs to that path to detect the
legacy enhanced-fork chat surface. With no rule it fell through to
WebUI, which didn't 404 it cleanly, so the probe set enhancedChat=true,
the workspace then sent chat there at runtime, and the UI showed a
generic 'Authentication error' instead of using /v1/chat/completions.
Returning an explicit 404 makes the workspace's chatMode resolve to
'portable' and route chat through the OpenAI-compat path the Space
actually exposes.
- health-server.js +30 -0
health-server.js
CHANGED
|
@@ -870,6 +870,36 @@ const server = http.createServer(async (req, res) => {
|
|
| 870 |
|
| 871 |
// 6c. /api/* routes — these are WebUI API calls when Referer isn't the
|
| 872 |
// dashboard. Fall through to the catch-all below.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 873 |
|
| 874 |
// 7. Anything else -> Hermes WebUI (primary UI) OR HuggingMes status page.
|
| 875 |
// WebUI handles its own auth internally via HERMES_WEBUI_PASSWORD.
|
|
|
|
| 870 |
|
| 871 |
// 6c. /api/* routes — these are WebUI API calls when Referer isn't the
|
| 872 |
// dashboard. Fall through to the catch-all below.
|
| 873 |
+
//
|
| 874 |
+
// Exception: hermes-workspace probes for the *legacy* enhanced-fork chat
|
| 875 |
+
// endpoint at POST /api/sessions/<id>/chat/stream. Without this rule the
|
| 876 |
+
// request falls through to WebUI's catch-all, which doesn't 404 it
|
| 877 |
+
// cleanly, so the workspace's detector sets `enhancedChat=true`, sends
|
| 878 |
+
// chat there at runtime, and the UI surfaces a generic "Authentication
|
| 879 |
+
// error". Returning an explicit 404 here makes the workspace fall back
|
| 880 |
+
// to the OpenAI-compatible /v1/chat/completions path on the gateway —
|
| 881 |
+
// which is the only chat surface this Space actually exposes.
|
| 882 |
+
//
|
| 883 |
+
// Anything the dashboard or WebUI legitimately need under /api/sessions/
|
| 884 |
+
// already has a more specific match above (referer check / /hmd
|
| 885 |
+
// passthrough), so this only fires for cross-origin probes.
|
| 886 |
+
if (
|
| 887 |
+
/^\/api\/sessions\/[^/]+\/chat\/stream\/?$/.test(path) &&
|
| 888 |
+
!refererIsDashboard
|
| 889 |
+
) {
|
| 890 |
+
res.writeHead(404, {
|
| 891 |
+
"content-type": "application/json",
|
| 892 |
+
"cache-control": "no-store",
|
| 893 |
+
});
|
| 894 |
+
res.end(
|
| 895 |
+
JSON.stringify({
|
| 896 |
+
error: "not_found",
|
| 897 |
+
message:
|
| 898 |
+
"Legacy enhanced-fork chat stream is not exposed by this Space. Use /v1/chat/completions.",
|
| 899 |
+
}),
|
| 900 |
+
);
|
| 901 |
+
return;
|
| 902 |
+
}
|
| 903 |
|
| 904 |
// 7. Anything else -> Hermes WebUI (primary UI) OR HuggingMes status page.
|
| 905 |
// WebUI handles its own auth internally via HERMES_WEBUI_PASSWORD.
|