修复 /v1/messages 端点 x-api-key 认证逻辑：

- handleDirectMessages 读取客户端 x-api-key header
- getAnthropicHeaders 优先使用客户端 x-api-key，避免同时设置 x-api-key 和 authorization

routes.js

@@ -392,10 +392,13 @@ async function handleDirectMessages(req, res) {
 
     logInfo(`Direct forwarding to ${model.type} endpoint: ${endpoint.base_url}`);
 
-    // Get API key
+    // Get API key - support client x-api-key for anthropic endpoint
     let authHeader;
     try {
-      authHeader = await getApiKey(req.headers.authorization);
+      const clientAuthFromXApiKey = req.headers['x-api-key']
+        ? `Bearer ${req.headers['x-api-key']}`
+        : null;
+      authHeader = await getApiKey(req.headers.authorization || clientAuthFromXApiKey);
     } catch (error) {
       logError('Failed to get API key', error);
       return res.status(500).json({