jlintw/llmbackend
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
llmbackend/doc/llm中介平台需求.txt
Jethro Lin dca86354ba agnet step 1 add auth
2024-12-04 11:24:47 +08:00

227 lines
No EOL
9.7 KiB
Text
Raw Blame History

# Requirements and Rules Document for LLM API Forwarding Platform
## 1. Introduction
This document outlines the requirements and rules for an LLM (Large Language Model) API forwarding platform. The system enables clients to send prompts to various LLMs and receive responses, managing access through a token-based authentication system. The platform includes separate components for administrators and clients, each with distinct functionalities and access levels.
## 2. System Overview
The platform consists of two main components:
- **Frontend API**: Receives prompts from clients and forwards them to the appropriate LLM based on the client's token.
- **Admin Backend**: Enables administrators to manage client users and other administrators via a separate frontend interface.
The system employs a token-based authentication mechanism, using authentication tokens and access tokens to control access and usage. Client users do not need to log in; they interact with the system using tokens provided by administrators.
## 3. Components
### 3.1 Frontend API
- **Type**: Pure API endpoint (no user interface).
- **Functionality**:
- Receives prompts from clients.
- Determines which LLM to route the prompt to based on the client's token.
- Forwards the prompt to the designated LLM.
- Returns the LLM's response to the client in JSON format.
- **Token Handling**:
- Validates the client's access token before processing the request.
- Access tokens are short-term and obtained using authentication tokens.
### 3.2 Admin Backend
- **Type**: Backend API endpoint with a separate frontend interface for administrators.
- **Functionality**:
- Administrators log in via the frontend interface using a username and password.
- Provides APIs for administrative tasks.
- Administrators can:
- Change their passwords.
- Add new client users.
- Manage authentication tokens for clients.
- Add new administrators (if they have Super Administrator privileges).
- **Client User Management**:
- When adding a new client user, the system:
- Generates one or more authentication tokens for the client.
- Displays the authentication tokens to the administrator.
- Administrators provide these tokens to the client users securely.
- **User Roles**:
- **Super Administrator**: Has full control, including adding other administrators.
- **Administrator**: Can manage client users and their tokens but can only add administrators if they have the necessary privileges.
## 4. User Roles
- **Super Administrator**
- Highest level of access.
- Can add and manage administrators and client users.
- Issues authentication tokens to clients.
- **Administrator**
- Can manage client users.
- Issues authentication tokens.
- Can change their own password.
- **Client User**
- Does not have a username or password.
- Uses tokens provided by administrators to interact with the system.
- Can have multiple authentication tokens.
- Obtains access tokens using their authentication tokens to use the LLM services.
## 5. Authentication and Authorization
### 5.1 Tokens
- **Authentication Tokens**
- Long-term tokens provided by administrators.
- Clients can have multiple authentication tokens.
- Used to obtain short-term access tokens.
- **Access Tokens**
- Short-term tokens (valid for one hour).
- Used to authenticate requests to the Frontend API.
### 5.2 Token Workflow
1. **Issuance**
- Administrators generate authentication tokens for client users.
- Administrators can generate multiple authentication tokens per client for different purposes.
- The system displays the authentication tokens to the administrator upon creation.
- Administrators securely provide these tokens to the client users.
2. **Access Token Retrieval**
- Clients use their authentication tokens to request access tokens.
3. **Service Access**
- Clients use the access tokens to interact with the Frontend API and send prompts to the LLM.
### 5.3 Access Control
- Access to different LLMs is determined by the client's tokens.
- The system ensures that clients can only access LLMs they are authorized to use.
- Authentication tokens can have specific permissions or access levels assigned by administrators.
## 6. Site-Wide Rules
- **Frontend and Backend Separation**
- The system architecture separates frontend interfaces from backend services.
- Communication occurs through APIs.
- **Frontends**
- **Admin Frontend**: For administrators to perform management tasks.
- **No Open Registration**
- New client users are added exclusively by administrators.
- There is no public registration API or interface.
- **User Levels**
- Users are categorized into three levels: Super Administrator, Administrator, and Client User.
- **Token Types**
- Clients use two types of tokens: authentication tokens and access tokens.
- Access tokens are required for using LLM services.
## 7. Additional Requirements and Considerations
### 7.1 Client User Management
- **Multiple Authentication Tokens**
- Clients can have multiple authentication tokens.
- Each authentication token is unique and can be managed independently.
- **Token Management Features**
- **Token List**: Administrators can view and manage all authentication tokens for a client.
- **Token Revocation**: Administrators can deactivate or revoke authentication tokens if necessary.
- **Token Naming**: Administrators can assign names or descriptions to tokens for easier management.
- **Permissions and Access Levels**: Authentication tokens can have different access levels or permissions assigned.
### 7.2 Security
- **Encryption**
- All data transmissions should use HTTPS to secure communications.
- **Token Security**
- Tokens should be securely stored and transmitted.
- Implement measures to prevent token theft and misuse.
- **Administrator Password Policies**
- Enforce strong password requirements for administrators.
- **Vulnerability Protection**
- Protect against common security threats like SQL injection, XSS, CSRF, etc.
- **Token Rotation**
- Encourage regular rotation of authentication tokens for enhanced security.
### 7.3 Error Handling
- Provide clear and descriptive error messages in JSON format.
- Handle token expiration and invalidation gracefully, prompting clients to obtain a new access token if necessary.
### 7.4 Logging and Monitoring
- **Activity Logging**
- Log all authentication attempts, token issuances, user creations, token revocations, and API interactions.
- **Monitoring**
- Implement monitoring tools to track system performance and detect anomalies.
### 7.5 Scalability
- Design the system to handle increasing numbers of clients and requests.
- Consider load balancing and resource optimization strategies.
### 7.6 Rate Limiting
- Implement rate limiting to prevent abuse and ensure fair usage.
- Define rate limits per client or per token as necessary.
### 7.7 Documentation
- Provide comprehensive documentation for administrators and clients.
- Include guidelines on token management, API usage, and best practices.
### 7.8 Internationalization and Localization
- Consider supporting multiple languages for the admin frontend interface.
- Ensure date, time, and numerical formats are adaptable to different locales.
### 7.9 Compliance
- Ensure the system complies with relevant laws and regulations, such as data protection and privacy laws (e.g., GDPR).
- Implement data retention and deletion policies as required.
### 7.10 Backup and Recovery
- Establish regular backup procedures for critical data.
- Develop a disaster recovery plan to restore services in case of system failure.
### 7.11 Future Enhancements
- **Self-Service Features**
- Allow clients to request additional services or features through secure channels.
- **Analytics**
- Provide analytics and reporting tools for administrators to monitor usage patterns.
- **Third-Party Integrations**
- Explore integration with external services or additional LLM providers.
## 8. Assumptions and Constraints
- **No Code or API Specifications Provided**
- This document focuses on functional requirements and rules, not implementation details.
- **Closed System**
- The platform is intended for use by authorized clients and administrators only.
- **Token Validity Periods**
- Authentication tokens have long-term validity, while access tokens expire after one hour.
- **System Availability**
- The platform should aim for high availability, minimizing downtime and maintenance windows.
## 9. Summary of Key Points
- **Clients Use Tokens Exclusively**
- Clients interact with the system using tokens provided by administrators.
- Clients do not have usernames and passwords.
- **Administrator Responsibilities**
- Administrators manage client users and tokens.
- When adding client users, administrators generate and provide authentication tokens.
- **Multiple Authentication Tokens per Client**
- Clients can have multiple authentication tokens for different purposes.
- This allows for greater flexibility and security in managing access.
- **Access Control via Tokens**
- Permissions and access to specific LLMs can be controlled via tokens.
- Tokens can have specific permissions or access levels assigned.
---
This comprehensive requirements document integrates all previous adjustments and considerations, including:
- The removal of client usernames and passwords.
- The use of tokens exclusively for client authentication.
- The ability for clients to have multiple authentication tokens.
- The inclusion of token management features for administrators.
- The display of authentication tokens to administrators when creating client users.
I hope this document meets your needs and accurately reflects all the requirements and adjustments discussed.
Reference in a new issue View git blame Copy permalink