Supports 50 login-free uses

package.json

@@ -39,10 +39,12 @@
     "@radix-ui/react-toggle": "1.1.1",
     "@radix-ui/react-toggle-group": "1.1.1",
     "@radix-ui/react-tooltip": "latest",
+    "@types/crypto-js": "^4.2.2",
     "autoprefixer": "^10.4.20",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
     "cmdk": "1.0.4",
+    "crypto-js": "^4.2.0",
     "date-fns": "4.1.0",
     "embla-carousel-react": "8.5.1",
     "input-otp": "1.4.1",

pnpm-lock.yaml

@@ -98,6 +98,9 @@ importers:
       '@radix-ui/react-tooltip':
         specifier: latest
         version: 1.2.6(@types/react-dom@19.1.5(@types/react@19.1.4))(@types/react@19.1.4)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      '@types/crypto-js':
+        specifier: ^4.2.2
+        version: 4.2.2
       autoprefixer:
         specifier: ^10.4.20
         version: 10.4.21(postcss@8.5.3)
@@ -110,6 +113,9 @@ importers:
       cmdk:
         specifier: 1.0.4
         version: 1.0.4(@types/react-dom@19.1.5(@types/react@19.1.4))(@types/react@19.1.4)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      crypto-js:
+        specifier: ^4.2.0
+        version: 4.2.0
       date-fns:
         specifier: 4.1.0
         version: 4.1.0
@@ -1263,6 +1269,9 @@ packages:
   '@swc/helpers@0.5.15':
     resolution: {integrity: sha512-JQ5TuMi45Owi4/BIMAJBoSQoOJu12oOk/gADqlcUL9JEdHB8vyjUSsxqeNXnmXHjYKMi2WcYtezGEEhqUI/E2g==}
 
+  '@types/crypto-js@4.2.2':
+    resolution: {integrity: sha512-sDOLlVbHhXpAUAL0YHDUUwDZf3iN4Bwi4W6a0W0b+QcAezUbRtH4FVb+9J4h+XFPW7l/gQ9F8qC7P+Ec4k8QVQ==}
+
   '@types/d3-array@3.2.1':
     resolution: {integrity: sha512-Y2Jn2idRrLzUfAKV2LyRImR+y4oa2AntrgID95SHJxuMUrkNXmanDSed71sRNZysveJVt1hLLemQZIady0FpEg==}
 
@@ -1413,6 +1422,9 @@ packages:
     resolution: {integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==}
     engines: {node: '>= 8'}
 
+  crypto-js@4.2.0:
+    resolution: {integrity: sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q==}
+
   cssesc@3.0.0:
     resolution: {integrity: sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==}
     engines: {node: '>=4'}
@@ -3129,6 +3141,8 @@ snapshots:
     dependencies:
       tslib: 2.8.1
 
+  '@types/crypto-js@4.2.2': {}
+
   '@types/d3-array@3.2.1': {}
 
   '@types/d3-color@3.1.3': {}
@@ -3285,6 +3299,8 @@ snapshots:
       shebang-command: 2.0.0
       which: 2.0.2
 
+  crypto-js@4.2.0: {}
+
   cssesc@3.0.0: {}
 
   csstype@3.1.3: {}

src/app/api/auth/check-bypass/route.ts

@@ -0,0 +1,9 @@
+import { NextRequest, NextResponse } from "next/server";
+import { generateFingerprintFromHeaders } from "@/lib/inference-utils";
+import { evaluateLoginBypass } from "@/lib/runtime";
+
+export async function GET(request: NextRequest): Promise<NextResponse> {
+  const fingerprint = generateFingerprintFromHeaders(request);
+  const canBypass = evaluateLoginBypass(fingerprint, true);
+  return new NextResponse(String(canBypass), { status: 200 });
+} 

src/app/api/generate-code/route.ts

@@ -58,7 +58,7 @@ export async function POST(request: NextRequest) {
   
     // Use streaming response
     return createStreamResponse(async (controller) => {
-      const client = createInferenceClient(tokenResult.token);
+      const client = createInferenceClient(tokenResult);
       let completeResponse = "";
 
       const messages = [

src/app/api/improve-prompt/route.ts

@@ -51,7 +51,7 @@ export async function POST(request: NextRequest) {
 
     // Use streaming response
     return createStreamResponse(async (controller) => {
-      const client = createInferenceClient(tokenResult.token);
+      const client = createInferenceClient(tokenResult);
       
       const messages = [
         {

src/components/app-container.tsx

@@ -284,7 +284,6 @@ export function AppContainer() {
         )}
       </div>
       
-      {/* 全局错误显示组件 */}
       <ErrorMessage 
         message={improveError || generationError} 
         onClose={() => {

src/components/code-editor.tsx

@@ -90,10 +90,10 @@ export function CodeEditor({ code, isLoading = false, onCodeChange }: CodeEditor
             style={{ 
               fontSize: '0.875rem',
               lineHeight: '1.5',
-              fontFamily: 'ui-monospace, SFMono-Regular, "SF Mono", Consolas, "Liberation Mono", Menlo, monospace',
+              fontFamily: 'ui-monospace, SFMono-Regular, \"SF Mono\", Consolas, \"Liberation Mono\", Menlo, monospace',
               color: '#d4d4d4'
             }}
-            dangerouslySetInnerHTML={{ __html: highlightedCode + '\n' }}
+            dangerouslySetInnerHTML={{ __html: highlightedCode }}
           />
 
           {/* Editable textarea - always transparent */}

src/components/prompt-input.tsx

@@ -38,7 +38,6 @@ export function PromptInput({
     setPrompt(initialPrompt);
   }, [initialPrompt]);
 
-  // 当 improveError 改变时通知父组件
   useEffect(() => {
     if (onImproveError) {
       onImproveError(improveError);
@@ -48,7 +47,14 @@ export function PromptInput({
   const checkAuth = async (): Promise<boolean> => {
     try {
       const token = await getInferenceToken();
-      return !!token;
+      if (token) {
+        return true;
+      }
+      const canBypass = await fetch("/api/auth/check-bypass").then(res => res.json());
+      if (!canBypass) {
+        throw new Error("Authentication required");
+      }
+      return true;
     } catch (error) {
       setShowAuthError(true);
       return false;

src/lib/auth.ts

@@ -12,9 +12,5 @@ export async function getInferenceToken(): Promise<string> {
   const tokenCookie = cookies.find(cookie => cookie.startsWith('hf_token='));
   const token = tokenCookie?.split('=')[1];
 
-  if (!token) {
-    throw new Error('Authentication required');
-  }
-
-  return token;
+  return token || "";
 } 

src/lib/inference-utils.ts

@@ -1,5 +1,9 @@
 import { NextRequest, NextResponse } from "next/server";
 import { InferenceClient } from "@huggingface/inference";
+import sha256 from "crypto-js/sha256";
+import HmacSHA256 from 'crypto-js/hmac-sha256';
+import Base64 from 'crypto-js/enc-base64';
+import { evaluateLoginBypass } from "@/lib/runtime";
 
 // Create a shared TextEncoder instance to be reused
 const sharedEncoder = new TextEncoder();
@@ -12,10 +16,34 @@ export interface ModelConfig {
   default_enable_thinking?: boolean;
 }
 
+export function generateFingerprintFromHeaders(request: NextRequest): string {
+  const forwarded = request.headers.get("x-forwarded-for");
+  const realIp = request.headers.get("x-real-ip");
+  console.log("[Request IP] ", forwarded, realIp);
+  const ipFingerprint = forwarded || realIp || "unknown";
+  const userAgent = request.headers.get("user-agent") || '';
+  const accept = request.headers.get("accept") || '';
+  const language = request.headers.get("accept-language") || '';
+  const encoding = request.headers.get("accept-encoding") || '';
+  const dnt = request.headers.get("dnt") || '';
+  const fingerprint = sha256(`${ipFingerprint}-${userAgent}-${accept}-${language}-${encoding}-${dnt}`);
+  return Base64.stringify(HmacSHA256(fingerprint, "novita-anysite"));
+}
+
 export async function getInferenceToken(request: NextRequest): Promise<{
   token: string;
+  bypassToken?: string;
   error?: { message: string; status: number; openLogin?: boolean };
 }> {
+  const fingerprint = generateFingerprintFromHeaders(request);
+  const canBypass = evaluateLoginBypass(fingerprint);
+  if (canBypass) {
+    return {
+      token: "",
+      bypassToken: process.env.NOVITA_API_TOKEN,
+    };
+  }
+
   const hf_token = request.cookies.get("hf_token")?.value || process.env.DEFAULT_HF_TOKEN;
   if (!hf_token) {
     return {
@@ -42,11 +70,11 @@ export function checkTokenLimit(tokensUsed: number, modelConfig: ModelConfig) {
   return null;
 }
 
-export function createInferenceClient(token: string): InferenceClient {
-  const inferenceEndpointUrl = process.env.INFERENCE_ENDPOINT_URL;
+export function createInferenceClient({token, bypassToken}: {token: string, bypassToken?: string}): InferenceClient {
+  const inferenceEndpointUrl = token ? process.env.INFERENCE_ENDPOINT_URL : process.env.NOVITA_BASE_URL;
 
   if (inferenceEndpointUrl) {
-    return new InferenceClient(token, {
+    return new InferenceClient(token || bypassToken, {
       endpointUrl: inferenceEndpointUrl,
     });
   }

src/lib/runtime.ts

@@ -0,0 +1,48 @@
+const store = new Map<
+  string,
+  {
+    count: number;
+    expiresAt: number;
+  }
+>();
+
+let lastCleanup = 0;
+const CLEANUP_INTERVAL = 1000 * 60 * 60; // Cleanup every 1 hour
+
+function clearStore() {
+  const now = Date.now();
+  for (const [fingerprint, target] of store.entries()) {
+    if (target.expiresAt < now) {
+      store.delete(fingerprint);
+    }
+  }
+}
+
+
+export function evaluateLoginBypass(fingerprint: string, isSkipCount?: boolean): boolean {
+  const now = Date.now();
+  if (now - lastCleanup > CLEANUP_INTERVAL) {
+    clearStore();
+    lastCleanup = now;
+  }
+
+  const target = store.get(fingerprint);
+  console.log("[Bypass store keys] ", store.keys());
+  console.log("[Bypass store target] ", target);
+
+  if (!target || target.expiresAt < Date.now()) {
+    const now = Date.now();
+    const expiresAt = now + 1000 * 60 * 60 * 24;
+    store.set(fingerprint, { count: 1, expiresAt });
+    return true;
+  }
+
+  if (target.count > 50) {
+    return false;
+  }
+
+  if (!isSkipCount) {
+    target.count++;
+  }
+  return true;
+}