pub async fn handle_reverse_proxy(
first_line: &str,
stream: &mut TcpStream,
remaining_header: &[u8],
ctx: &ReverseProxyCtx<'_>,
buffered_body: &[u8],
) -> Result<()>Expand description
Handle a non-CONNECT HTTP request (reverse proxy mode).
buffered_body contains any bytes the BufReader read ahead beyond the
headers. These are prepended to the body read from the stream to prevent
data loss.
§Phantom Token Pattern
The client (SDK) sends the session token as its “API key”. The proxy:
- Extracts the service from the path (e.g.,
/openai/v1/chat→openai) - Looks up which header that service uses (e.g.,
Authorizationorx-api-key) - Validates the phantom token from that header
- Replaces it with the real credential from keyring