admin/Gemini_Draw
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity

require api auth token

Browse Source
This commit is contained in:
admin
2026-05-09 17:39:18 +08:00
parent 57287cbc67
commit a23ce5b08f
4 changed files with 93 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
README.md
View File

@@ -23,17 +23,38 @@ View your app in AI Studio: https://ai.studio/apps/96002e3b-5eec-4566-85e8-71871
The UI runs on port `3000`. The HTTP API runs separately on port `3002`.
1. Set `GEMINI_API_KEY` in `.env.local` or your shell.
1. Set `GEMINI_API_KEY` and `API_AUTH_TOKEN` in `.env.local` or your shell.
2. Start the API:
`npm run api`
3. Check the API:
`http://localhost:3002/api/health`
Example `.env.local`:
```env
GEMINI_API_KEY="YOUR_GEMINI_API_KEY"
API_AUTH_TOKEN="YOUR_LONG_RANDOM_API_TOKEN"
API_PORT="3002"
```
All protected API calls must send one of these headers:
```txt
Authorization: Bearer YOUR_LONG_RANDOM_API_TOKEN
```
or:
```txt
x-api-key: YOUR_LONG_RANDOM_API_TOKEN
```
You can change the server API key without restarting:
```bash
curl -X POST http://localhost:3002/api/config/api-key \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_LONG_RANDOM_API_TOKEN" \
-d "{\"apiKey\":\"YOUR_GEMINI_API_KEY\",\"persist\":true}"
```
@@ -42,6 +63,7 @@ You can also pass a temporary Gemini key for one call:
```bash
curl -X POST http://localhost:3002/api/generate \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_LONG_RANDOM_API_TOKEN" \
-H "x-gemini-api-key: YOUR_GEMINI_API_KEY" \
-d "{\"prompt\":\"Create a clean product poster\"}"
```
@@ -53,6 +75,7 @@ Generate or edit with JSON/base64:
```bash
curl -X POST http://localhost:3002/api/generate \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_LONG_RANDOM_API_TOKEN" \
-d "{\"prompt\":\"Create a clean product poster for a white coffee mug\",\"imageSize\":\"1K\",\"aspectRatio\":\"1:1\"}"
```
@@ -60,6 +83,7 @@ Upload an image or document with a prompt:
```bash
curl -X POST http://localhost:3002/api/generate/upload \
-H "Authorization: Bearer YOUR_LONG_RANDOM_API_TOKEN" \
-F "prompt=Change the background to a bright studio scene" \
-F "imageSize=1K" \
-F "aspectRatio=1:1" \
@@ -70,10 +94,11 @@ Analyze a document:
```bash
curl -X POST http://localhost:3002/api/analyze-document \
-H "Authorization: Bearer YOUR_LONG_RANDOM_API_TOKEN" \
-F "prompt=Summarize this document in Chinese" \
-F "files=@report.pdf"
```
Optional API auth: set `API_AUTH_TOKEN`, then send either `Authorization: Bearer <token>` or `x-api-key: <token>`.
API auth is required by default. For local-only development, you can set `API_AUTH_DISABLED=true`, but do not use that on a LAN or server.
For Agent-facing image editing instructions, see `API图片修改-Agent.md`.