fix(ai-client): parse Runware host by hostname; doc nits

- inferImageProtocol: match runware.ai by parsed hostname (exact match or
  subdomain) instead of a bare substring, so notrunware.ai /
  runware.ai.evil.com no longer misroute to the Runware protocol
- README: document the image-2-vip → OpenAI-compatible exception; correct the
  Imagen wording (deprecated, EOL 2026-06-24 — not yet discontinued)

Addresses Copilot review on #30.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
yuanzonghao
2026-06-04 16:47:56 +08:00
parent 83fd5717e7
commit 865bf322e9
2 changed files with 15 additions and 3 deletions
+13 -1
View File
@@ -71,12 +71,24 @@ export type GenerateImageResult = {
imageUuid: string;
};
// Match the Runware host by parsed hostname (exact match or subdomain), not a
// bare substring — otherwise `notrunware.ai` or `api.runware.ai.evil.com` would
// misroute to the Runware protocol. Falls back to false on an unparseable URL.
function isRunwareHost(baseUrl: string): boolean {
try {
const host = new URL(baseUrl).hostname.toLowerCase();
return host === "runware.ai" || host.endsWith(".runware.ai");
} catch {
return false;
}
}
// Image roles support more protocols than text/vision. When IMAGE_PROVIDER is
// unset we keep the historical URL-based inference so existing deployments
// (Runware, or an OpenAI-compatible gateway) behave exactly as before.
function inferImageProtocol(config: ProviderConfig): ProviderProtocol {
const isOpenAiCompat =
!config.baseUrl.includes("runware.ai") || config.model === "image-2-vip";
!isRunwareHost(config.baseUrl) || config.model === "image-2-vip";
return isOpenAiCompat ? "openai_compatible" : "runware";
}