Introduce a separate backend service for LLM calls (#15831)

This PR introduces a separate backend service for making LLM calls. It exposes an HTTP interface that can be called by Zed clients. To call these endpoints, the client must provide a `Bearer` token. These tokens are issued/refreshed by the collab service over RPC. We're adding this in a backwards-compatible way. Right now the access tokens can only be minted for Zed staff, and calling this separate LLM service is behind the `llm-service` feature flag (which is not automatically enabled for Zed staff). Release Notes: - N/A --------- Co-authored-by: Marshall <marshall@zed.dev> Co-authored-by: Marshall Bowers <elliott.codes@gmail.com>
2024-08-05 17:26:21 -07:00 · 2024-08-05 17:26:21 -07:00 · 8e9c2b1125
commit 8e9c2b1125
parent 4ed43e6e6f
20 changed files with 478 additions and 102 deletions
--- a/crates/collab/src/auth.rs
+++ b/crates/collab/src/auth.rs
@ -33,7 +33,7 @@ pub async fn validate_header<B>(mut req: Request<B>, next: Next<B>) -> impl Into
        .get(http::header::AUTHORIZATION)
        .and_then(|header| header.to_str().ok())
        .ok_or_else(|| {
-            Error::Http(
+            Error::http(
                StatusCode::UNAUTHORIZED,
                "missing authorization header".to_string(),
            )
@ -45,14 +45,14 @@ pub async fn validate_header<B>(mut req: Request<B>, next: Next<B>) -> impl Into
    let first = auth_header.next().unwrap_or("");
    if first == "dev-server-token" {
        let dev_server_token = auth_header.next().ok_or_else(|| {
-            Error::Http(
+            Error::http(
                StatusCode::BAD_REQUEST,
                "missing dev-server-token token in authorization header".to_string(),
            )
        })?;
        let dev_server = verify_dev_server_token(dev_server_token, &state.db)
            .await
-            .map_err(|e| Error::Http(StatusCode::UNAUTHORIZED, format!("{}", e)))?;
+            .map_err(|e| Error::http(StatusCode::UNAUTHORIZED, format!("{}", e)))?;

        req.extensions_mut()
            .insert(Principal::DevServer(dev_server));
@ -60,14 +60,14 @@ pub async fn validate_header<B>(mut req: Request<B>, next: Next<B>) -> impl Into
    }

    let user_id = UserId(first.parse().map_err(|_| {
-        Error::Http(
+        Error::http(
            StatusCode::BAD_REQUEST,
            "missing user id in authorization header".to_string(),
        )
    })?);

    let access_token = auth_header.next().ok_or_else(|| {
-        Error::Http(
+        Error::http(
            StatusCode::BAD_REQUEST,
            "missing access token in authorization header".to_string(),
        )
@ -111,7 +111,7 @@ pub async fn validate_header<B>(mut req: Request<B>, next: Next<B>) -> impl Into
        }
    }

-    Err(Error::Http(
+    Err(Error::http(
        StatusCode::UNAUTHORIZED,
        "invalid credentials".to_string(),
    ))