sub2api

Author	SHA1	Message	Date
win	158785bfc9	chore: merge upstream v0.1.127 — keep omniroute customizations Upstream highlights: - v0.1.127 release (150 commits): channel-monitor 协议管理、OpenAI Responses 路由配置、模型定价 LiteLLM 默认、payment 强制扫码、钉钉 OAuth、用户用量按平台拆分、Ops 错误分类 SLA 调整、 Anthropic passthrough keepalive、Gemini chat completions 路由 ... - 91da8159 feat(risk-control): 内容审计新增关键词拦截 - 3d22dd34 feat: gemini-3.5-flash 模型支持 Conflicts resolved: - Dockerfile: keep pnpm pin to 9.15.9 (upstream pinned generic v9 floating). - wire_gen.go: combine upstream NewSettingHandler(+userAttributeService) with local NewOpsHandler(opsService, requestEventBus, opsLogBroadcaster). Verified by re-running wire generate. - scheduler_cache.go: keep both upstream openai_responses_{mode,supported} keys and local model_rate_limits key in filterSchedulerExtra(). - gateway_service.go: keep local context-compression block; drop now-dead setOpsUpstreamRequestBody call (upstream removed ops retry replay). - docker-compose.yml: keep local windsurf-ls service profile and named volumes; keep local healthcheck start_period values. Test mock signatures bumped to match current constructors: - gateway_models_test.go: add nil for RPMTokenBucketService. - account_handler_available_models_test.go: add nil for windsurfChatService.	2026-05-20 12:39:40 +08:00
haruka	0f8e2d0934	fix(security): 屏蔽 admin 账号接口返回的敏感凭证字段 Account.Credentials 是 JSONB map，混合存放可编辑的非敏感配置（base_url、 model_mapping、project_id 等）与敏感秘钥（OAuth access/refresh/id token、 API key、AWS secret、Vertex private key 等）。当前所有 admin 账号接口直接透传该 map，token 经由浏览器 DevTools、抓包、日志等途径泄漏。 - service 包新增 SensitiveCredentialKeys 清单与 MergePreservingSensitiveCreds 作为单一权威定义。 - dto 层 RedactCredentials 在响应里剥离敏感子键，输出 credentials_status （has_<key> 布尔标识）告知前端存在性，不暴露原值。 - AccountFromServiceShallow 接入脱敏，覆盖 list、get、create、update、 refresh、batch、bulk-update、OAuth 创建等 9 个 handler。 - service.UpdateAccount 改为合并语义：incoming 没传敏感键则保留 existing，让前端"全对象 PUT"流程在脱敏后无感工作；显式提供新 token 仍会覆盖。 - 前端 EditAccountModal 修复脱敏后会崩的两处兜底：apikey 必填检查和 Vertex SA JSON 存在性校验改读 credentials_status.has_*。 - 导出端点 /admin/accounts/data 走独立的 DataAccount 结构，按设计保留完整 credentials 作为管理员备份路径。测试：RedactCredentials 单元测试、mapper 端到端 JSON 断言（确认序列化后无 token 子串）、UpdateAccount 合并语义三种场景（保留 / 覆盖 / 空 map 跳过）。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-08 03:44:04 +08:00
win	002066e700	chore(wip): 保存订制改动以便合并上游 - windsurf: client/pool/local_ls/tool_emulation/tool_names/models 调整 - handler: admin account_data / failover_loop / gateway_handler - repository: scheduler_cache 及测试 - service: windsurf_chat_service / windsurf_gateway_service - deploy: compose 合并为单文件（含 windsurf-ls profile），Dockerfile.ls - cmd: 新增 dump_ls_models / dump_preamble / test_windsurf_tools 辅助工具	2026-04-24 11:14:36 +08:00
win	32c98292e7	chore: merge upstream v0.1.111, keep Antigravity customizations # Conflicts: # backend/cmd/server/wire_gen.go # backend/go.mod # backend/internal/server/router.go # backend/internal/service/wire.go	2026-04-13 01:14:28 +08:00
IanShaw027	66e15a54a4	fix(export): 导出逻辑与当前筛选条件对齐	2026-04-09 18:14:28 +08:00
win	3ba3a17652	chore: merge upstream origin/main (v0.1.109) - delete Sora, add group account filter, Cache-Driven RPM, Beta model whitelist, OpenAI normalize fixes, refresh token race fix, Gemini customtools fix	2026-04-08 06:28:50 +08:00
erio	62e80c602d	revert: completely remove all Sora functionality	2026-04-05 17:11:01 +08:00
win	b856586412	修复h1 Some checks failed CI / test (push) Failing after 16m30s Details CI / golangci-lint (push) Failing after 4s Details Security Scan / backend-security (push) Failing after 1m35s Details Security Scan / frontend-security (push) Failing after 1m31s Details	2026-04-01 01:35:49 +08:00
QTom	c2965c0fb0	feat(antigravity): 自动设置隐私并支持后台手动重试新增 Antigravity OAuth 隐私设置能力，在账号创建、刷新、导入和后台 Token 刷新路径自动调用 setUserSettings + fetchUserInfo 关闭遥测；持久化后同步内存 Extra，错误处理改为日志记录。 Made-with: Cursor	2026-03-25 17:38:41 +08:00
weak-fox	4838ab74b3	feat(admin): add account privacy mode filter	2026-03-23 10:16:52 +08:00
QTom	7a4e65ad4b	feat: 导入账号时 best-effort 从 id_token 提取用户信息提取 DecodeIDToken（跳过过期校验）供导入场景使用， ParseIDToken 复用它并保留原有过期检查行为。导入 OpenAI/Sora OAuth 账号时自动补充缺失的 email、 plan_type、chatgpt_account_id 等字段，不覆盖已有值。	2026-03-09 21:53:46 +08:00
yangjianbo	5fa45f3b8c	feat(idempotency): 为关键写接口接入幂等并完善并发容错	2026-02-23 12:45:37 +08:00
kyx236	fe1d46a8ea	feat(admin): Add group filtering for account listings - Add groupID parameter to ListAccounts and ListWithFilters methods - Implement account filtering by group ID in repository query - Add group query parameter parsing in account handler - Update all ListAccounts/ListWithFilters call sites with groupID parameter - Add group filter UI component to AccountTableFilters - Add i18n translations for group filter label in English and Chinese - Update API contract and test stubs to reflect new signature - Enable filtering accounts by their assigned groups in admin panel	2026-02-12 03:47:06 +08:00
LLLLLLiulei	029994a83b	fix: remove unused listAllAccounts	2026-02-05 19:13:00 +08:00
LLLLLLiulei	37047919ab	fix: harden import/export flow	2026-02-05 18:59:30 +08:00
LLLLLLiulei	0b45d48e85	perf: batch fetch proxies for account export	2026-02-05 18:40:49 +08:00
LLLLLLiulei	ce9a247a9d	feat: add proxy import flow	2026-02-05 18:23:49 +08:00
LLLLLLiulei	b4bd46d067	feat: add data import/export bundle	2026-02-05 17:46:08 +08:00

18 Commits