sub2api

Author	SHA1	Message	Date
benjamin	09cec311e8	fix: 统一 Ops 请求错误图表 SLA 口径 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-05-18 16:52:44 +08:00
Yuhao Jiang	1b03240515	fix(payment): 修复支付宝官方扫码二维码生成错误支付宝官方服务商在 precreate（当面付）不可用回退到 page.pay 时，错误地把网页跳转 URL 当作可扫码二维码内容返回。前端用 QRCode 库把这段 URL 渲染成二维码后，支付宝 APP 无法识别（扫到的只是个 HTTP URL，不是支付二维码），用户必须点"重新打开支付页面"跳转到支付宝收银台才能扫到真正可用的二维码。 - 后端 alipay.go：createPagePayTrade 不再把 PayURL 塞给 QRCode； createDesktopTrade 在 paymentMode == "redirect" 时跳过 precreate 直接走 page.pay，避免没开通"当面付"的商户走一次无用的 API 调用 - 前端管理端 PaymentProviderDialog：让支付宝官方实例可在"支付模式" 中选择"跳转"，开启后始终在新标签页打开支付宝收银台 - ProviderCard 的 modeLabel 增加 redirect 分支 - 补充 TestCreateTradeRedirectModeSkipsPrecreate 单元测试 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-17 15:01:17 -05:00
haruka	3ca232ad06	fix(frontend): 编辑弹窗回退旧 credentials 结构以兼容旧后端新代码仅依赖 credentials_status 会导致两种灰度场景被误判为未配置： - 新前端 + 旧后端：旧后端未返回 credentials_status，前端读不到已脱敏的 api_key / service_account_json，阻止保存。 - 旧前端 + 新后端：旧前端也读不到已脱敏字段（旧前端不在本 PR 范围）。修复： - API key 判断改为 credentials_status?.has_api_key ?? Boolean(currentCredentials.api_key) - Vertex SA 判断：有 credentials_status 用 status，否则回退读 credentials.service_account_json / service_account 补充测试覆盖： - apikey/Vertex SA 各自的新后端脱敏响应、旧后端未脱敏响应、两者皆缺时阻止保存。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-17 03:02:08 +08:00
Brisbanehuang	26ca73a4cd	fix: hide model scopes for non-antigravity plans	2026-05-17 02:20:41 +08:00
honue	360f8dec1a	fix: 修复管理后台分组页可用账号数显示错误	2026-05-16 11:16:56 +08:00
yetone	b0c7723393	fix(admin/settings): make tab shell readable in dark mode Vue's scoped-CSS compiler was dropping the `:global(.dark) .settings-tabs-shell` rules in the production build, so the tab strip kept its light-mode white background and the inactive tab labels (text-gray-300) showed at ~1.6:1 contrast — effectively unreadable. Hoist the three dark-mode overrides into an unscoped `<style>` block so they survive the scoped-CSS transform.	2026-05-16 01:00:03 +08:00
Agoniedi	e46d2c2112	fix: avoid ops deep link initialization error	2026-05-15 23:59:51 +08:00
name	b936925c8a	fix(channels): 按次/图片计费模式跳过 token 区间重叠校验 image 与 per_request 模式的层级按 tier_label (1K/2K/4K) 匹配, 不依赖 min/max token 范围, 多个层级共用 min=0/max=null 是预期形态。原校验器一律按 token 上下文分段处理, 新增第二条图片层级时会被 "无上限区间只能是最后一个" 误拦, 导致 OpenAI gpt-image 等模型无法保存按次定价。 validateIntervals 新增 mode 参数, image / per_request 模式跳过区间重叠与 last-unlimited 检查, 保留单条 min/max 自洽与价格非负校验。token 模式行为不变。	2026-05-14 23:48:47 +08:00
wucm667	827764d7bd	fix(account): preserve combined model restrictions	2026-05-14 15:00:28 +08:00
wucm667	862819042c	feat(openai): 支持后台配置 Responses API 路由	2026-05-14 11:46:24 +08:00
wucm667	4d51e53d20	fix(redeem): 修复批量复制兑换码兼容性	2026-05-14 11:35:00 +08:00
2ue	bb4c1abe28	Fix image billing size normalization	2026-05-12 15:21:31 +08:00
imlewc	224e9fc6c2	fix(auth): prefer OIDC compat email in pending flow	2026-05-12 14:35:20 +08:00
hoobnn	4467922199	fix: add autocomplete="one-time-code" for TOTP autofill support Add a hidden input with autocomplete="one-time-code" so password managers (1Password, Bitwarden, Chrome, Apple Keychain) can detect and auto-fill TOTP verification codes during 2FA login.	2026-05-12 13:54:41 +08:00
win	35c6c2b097	chore: merge upstream v0.1.126 — Airwallex, OpenAI fixes, Antigravity UA config 吸收上游 26 个新 commit: - feat: Airwallex 支付 + 多币种支持 (b23055af) - feat: Antigravity user agent 版本可配置 (a07a0dac) - fix(mimic): 同步 messages 里 tool_use 名称 (f97b8534) - fix: cache_control 改写默认关闭 (9377c967) - fix(openai): 多 tool_use 上下文延续 (87d73236) - fix(openai): 未定价模型零成本记录 (6d69ae87) - fix(openai): WS replay tool 输出延续 (16a31557) - fix(openai): 429 plan type 同步 (c3a14717) - fix(gemini): Vertex token 走 account proxy (2a17c0b2) - fix(ccswitch): codex 模型 import deeplink (65493df9) - fix: 订单详情/支付页 NaN 修复 (ba1c6fa5, 6884b03e) - 系统设置标签导航优化 (18cc4691) 本地解决: - config.go CSP: 合并 Firebase Auth (Windsurf) + Airwallex 域名 - KeysView.vue: 删除死代码（已被 buildCcSwitchImportDeeplink 取代） - ccswitchImport.ts: 补充 windsurf 平台 case - 修复 NewOpsHandler/RegisterGatewayRoutes/SelectAccountWithScheduler 测试签名保留: - Antigravity newapi 兼容 (ForwardUpstream /v1/messages 透传) - Antigravity 核心（gateway_service, oauth, client, credits_overages 等） - Windsurf 全套 - Claude 网关 + TLS 指纹路由 - 其他本地 feat: P2C 调度 / viewer / context 压缩 / RPM / fallback / health	2026-05-12 13:48:40 +08:00
win	8d0ef3d2ef	chore: antigravity 瘦身，删除边缘文件保留核心	2026-05-12 12:19:22 +08:00
shaw	a07a0dac63	feat: add configurable Antigravity user agent version	2026-05-11 22:25:20 +08:00
shaw	9377c96746	fix: 让消息 cache_control 改写默认关闭	2026-05-11 21:26:41 +08:00
Wesley Liddick	1e2f55078c	Merge pull request #2289 from wucm667/fix/ccswitch-import-model fix(ccswitch): 修复 Codex 导入缺少模型参数	2026-05-11 16:12:47 +08:00
shaw	18cc4691e6	优化系统设置页标签导航	2026-05-11 16:10:40 +08:00
Wesley Liddick	8b0b507a95	Merge pull request #2314 from dexcoder6/fix/payment-result-nan Fix/payment result nan	2026-05-11 11:24:46 +08:00
shaw	b23055af5b	feat: add Airwallex payments and multi-currency support	2026-05-11 11:17:26 +08:00
dexcoder6	ba1c6fa5fd	fix: 修复管理端订单详情充值金额显示 NaN 与支付成功页同源问题：fee_rate=0 时后端 omitempty 剔除字段，前端 `fee_rate <= 0` 判断对 undefined 失效，进入除法分支得到 NaN。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-09 13:47:57 +08:00
dexcoder6	6884b03e59	fix: 修复支付成功页充值金额显示 NaN 后端 ent 模型 PaymentOrder.FeeRate 带 omitempty，fee_rate=0 的订单在 JSON 序列化时该字段会被剔除。前端 baseAmount 计算用 `fee_rate <= 0` 判断走分支，但 `undefined <= 0` 为 false，因此进入除法分支得到 NaN。将 fee_rate 通过 Number(...) \|\| 0 归一化，使缺失字段等价于 0。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-09 13:45:49 +08:00
win	7347dfffc1	chore: merge upstream v0.1.124-125, keep Windsurf/Antigravity customizations Upstream changes: - feat: 邮箱 + GitHub + Google OAuth 快捷登录 - feat: Codex image bridge 开关 - feat: 内容审核 (content moderation) — 新增 contentModerationService/Handler - feat: redeem code 返利、批量并发 API、markdown 页面渲染 - feat: 登录注册条款确认 - fix(security): pages API 加 JWT + 可见性校验 - fix: 修复 markdown 页面图片路径 - fix(gateway): 不再默认注入 redact thinking beta - fix: 稳定 anthropic passthrough 超时错误 - chore: VERSION 升到 0.1.125 + golang:1.26.3-alpine Conflict resolutions: - Dockerfile/backend/Dockerfile: 取 upstream golang:1.26.3-alpine - backend/go.mod: 取 upstream term v0.42.0，保留定制 protobuf v1.36.10 - frontend/src/api/admin/index.ts: 并集 (windsurf + riskControl) - backend/cmd/server/wire_gen.go: 接 upstream contentModeration*，保留 windsurfHandler/windsurfGatewayService/billingCacheService/requestEventBus；并通过 wire 重生成 - frontend/src/views/admin/AccountsView.vue: 采用 upstream 双层布局 + OpenAI Meta，保留 is_enterprise prop 和 Windsurf tier badge Note: - WIP commit (de048fad) preserved Windsurf tier access service / NLU extractor / ops log stream / Google OAuth login modal et al before merge. - 3 pre-existing go vet issues in test files (NewOpsHandler, RegisterGatewayRoutes, DefaultCLIProductVersion) are unrelated to this merge — leftover from local customization refactors; production code (go build ./...) passes.	2026-05-09 01:42:39 +08:00
win	de048fad25	chore(wip): save Windsurf/Antigravity/ops customizations before upstream merge WIP commit保存以下定制工作以便后续合并 upstream v0.1.124-125: - Windsurf: tier access service, NLU extractor, cold threshold, Google login - Antigravity: client/oauth 调整 - Ops: log stream handler/broadcaster/middleware, OpsLogStreamView - Frontend: WindsurfLoginModal Google, GoogleIcon, AccountsView, sidebar/router/i18n	2026-05-09 00:41:19 +08:00
wucm667	65493df95a	fix(ccswitch): add codex model to import deeplink	2026-05-08 17:31:36 +08:00
shaw	fda1ed459d	feat: 优化 OAuth 账号导入流程	2026-05-08 11:36:09 +08:00
haruka	0f8e2d0934	fix(security): 屏蔽 admin 账号接口返回的敏感凭证字段 Account.Credentials 是 JSONB map，混合存放可编辑的非敏感配置（base_url、 model_mapping、project_id 等）与敏感秘钥（OAuth access/refresh/id token、 API key、AWS secret、Vertex private key 等）。当前所有 admin 账号接口直接透传该 map，token 经由浏览器 DevTools、抓包、日志等途径泄漏。 - service 包新增 SensitiveCredentialKeys 清单与 MergePreservingSensitiveCreds 作为单一权威定义。 - dto 层 RedactCredentials 在响应里剥离敏感子键，输出 credentials_status （has_<key> 布尔标识）告知前端存在性，不暴露原值。 - AccountFromServiceShallow 接入脱敏，覆盖 list、get、create、update、 refresh、batch、bulk-update、OAuth 创建等 9 个 handler。 - service.UpdateAccount 改为合并语义：incoming 没传敏感键则保留 existing，让前端"全对象 PUT"流程在脱敏后无感工作；显式提供新 token 仍会覆盖。 - 前端 EditAccountModal 修复脱敏后会崩的两处兜底：apikey 必填检查和 Vertex SA JSON 存在性校验改读 credentials_status.has_*。 - 导出端点 /admin/accounts/data 走独立的 DataAccount 结构，按设计保留完整 credentials 作为管理员备份路径。测试：RedactCredentials 单元测试、mapper 端到端 JSON 断言（确认序列化后无 token 子串）、UpdateAccount 合并语义三种场景（保留 / 覆盖 / 空 map 跳过）。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-08 03:44:04 +08:00
shaw	e872cbec0b	feat: 添加登录注册条款确认	2026-05-07 17:35:05 +08:00
shaw	6681aee98d	更新账号模型白名单	2026-05-07 15:11:38 +08:00
shaw	0eca600ffa	fix moderation key handling and key UI	2026-05-07 14:31:19 +08:00
shaw	7a9c1d7edd	feat(frontend): add account Codex image bridge control	2026-05-07 11:07:33 +08:00
Wesley Liddick	45b1e6ae41	Merge pull request #2233 from Arron196/fix/codex-image-generation-bridge-switch fix(openai): 增加 Codex 图片生成桥接显式开关	2026-05-07 10:30:26 +08:00
Wesley Liddick	e69319e747	Merge pull request #2224 from lyen1688/feat-email-oauth-github-google feat: 增加 GitHub 和 Google 邮箱快捷登录	2026-05-07 10:07:28 +08:00
shaw	989f87fe08	fix: harden markdown page image paths	2026-05-07 10:05:49 +08:00
Wesley Liddick	d52da45363	Merge pull request #2202 from Michael-Jetson/main 新增三大功能：兑换码邀请返利、批量修改用户并发数、Markdown页面渲染	2026-05-07 09:35:14 +08:00
shaw	fff4a300c6	feat(risk-control): add content moderation audit	2026-05-07 09:14:47 +08:00
Jlypx	246e48215d	feat(frontend): add Codex image bridge toggle Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-05-07 00:10:20 +08:00
lyen1688	e69256a706	fix: 完善邮箱快捷登录注册流程	2026-05-06 20:52:10 +08:00
lyen1688	7f185422a5	fix: 修复邮箱快捷登录前端回调兜底	2026-05-06 20:03:44 +08:00
lyen1688	af550fa64e	feat: 增加 GitHub 和 Google 邮箱快捷登录	2026-05-06 16:06:11 +08:00
win	3fe228d143	chore: merge upstream v0.1.122-123, keep Windsurf/Antigravity customizations New upstream features: - feat: improve OpenAI messages compatibility for Claude Code - feat: image generation stream & concurrency controls - fix(rate-limit): remove 429 cooldown config option - fix: skip previous_response_id recovery when payload has function_call_output - feat: support select search in group/account views - fix: ops cleanup settings - chore: remove openspec and update axios Conflict resolutions: - config.go: kept AntigravityLSWorker+NodeTLSProxy AND added ImageConcurrency - account_test_service.go: kept windsurf import AND added openai_compat import - docker-compose.yml: kept Windsurf env vars AND added image concurrency env vars	2026-05-06 11:50:54 +08:00
Michael-Jetson	cf2d5067c3	fix(security): add JWT auth + visibility check to pages API - GET /pages/:slug now requires JWT + checks custom_menu_items visibility - GET /pages (list) is admin-only - GET /pages/:slug/images/* uses visibility check without JWT (browser img tags cannot carry auth headers), blocks admin-only page images - Frontend fetch adds Authorization header from authStore.token - settingService nil guard changed to fail-closed (deny access) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-05 07:00:08 -07:00
Michael-Jetson	4cbd4932a0	feat: add redeem code affiliate rebate, batch concurrency API, and markdown page rendering 1. Redeem code affiliate rebate: balance-type redeem codes now trigger invite rebate for the inviter. Payment fulfillment uses context key to prevent double-rebate. 2. Batch concurrency update: new POST /admin/users/batch-concurrency endpoint supporting mode=set/add with all=true for all users. 3. Markdown page rendering: new GET /api/v1/pages/:slug API serves local .md files. Custom menu items with url="md:slug" render markdown with collapsible TOC sidebar, scroll spy, and copy buttons on code blocks. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-05 06:44:37 -07:00
Wesley Liddick	a1106e8167	Merge pull request #2165 from zhangdeyu/feature/support-select-search feat: Select 和 GroupSelector 组件支持自动搜索	2026-05-05 21:10:07 +08:00
Wesley Liddick	37f7c7128c	Merge pull request #2120 from gaoren002/fix/rate-limit-429-cooldown-config fix(rate-limit): make 429 fallback cooldown configurable	2026-05-05 19:46:11 +08:00
2ue	6faa344916	feat: add OpenAI image generation controls	2026-05-05 03:26:54 +08:00
Wesley Liddick	c129825f9b	Merge pull request #2116 from KnowSky404/fix/openai-bulk-edit-compact-config fix: add OpenAI compact bulk edit fields	2026-05-04 00:14:46 +08:00
shaw	0b84d12dbb	fix: correct affiliate audit record sources	2026-05-03 22:12:57 +08:00

1 2 3 4 5 ...

1244 Commits