zfc/sub2api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,454 Commits 3 Branches 0 Tags
Commit Graph

707 Commits

Author SHA1 Message Date
Wesley Liddick
1f2c5dc573
Merge pull request #2574 from LiuZhouZhouJieLun/fix/wxpay-pending-reconcile 
Fix wxpay pending order reconciliation
 2026-05-19 17:14:02 +08:00
LiuZhouZhouJieLun
dbd80a0465 fix wxpay pending order reconciliation 2026-05-19 16:56:31 +08:00
Wesley Liddick
21ae52c01f
Merge pull request #2571 from sherlockwhite/fix/openai-account-email-and-usage-refresh 
fix(accounts): show email and fix usage refresh for OpenAI OAuth accounts
 2026-05-19 16:56:26 +08:00
Wesley Liddick
a929e285ce
Merge pull request #2271 from StarryKira/fix/redact-account-credentials 
fix(security): 屏蔽 admin 账号接口返回的敏感凭证字段
 2026-05-19 16:15:36 +08:00
shaw
90a389342c fix(openai): 新建账号弹窗补全 Responses API 路由选项 2026-05-19 16:00:15 +08:00
chenjian
6db02f0069 fix(accounts): show email and add usage refresh button for OpenAI OAuth 
- AccountsView: display email under account name by checking extra.email
  and credentials.email in addition to extra.email_address; OpenAI OAuth
  stores email under the 'email' key while Anthropic uses 'email_address'
- AccountUsageCell: add per-account refresh button to the OpenAI OAuth
  usage section, identical to the existing Anthropic OAuth pattern;
  reuses loadActiveUsage, activeQueryLoading, and the activeQuery i18n key
 2026-05-19 15:43:13 +08:00
Wesley Liddick
1b6ed24c33
Merge pull request #2492 from DaydreamCoding/feat/dingtalk-login 
feat(dingtalk): 钉钉 OAuth 登录接入 + internal_only 用户属性同步
 2026-05-19 15:36:13 +08:00
DaydreamCoding
b19da9c7fe feat(dingtalk): 钉钉 OAuth 登录接入与 internal_only 用户属性同步 
⚠️ 应用类型约束:当前实现仅支持「钉钉登录-企业内部应用」(DingTalk 开放平台
internal_app 类型)。第三方个人应用、第三方企业应用类型暂不支持——OAuth 流程
相同但 corp 校验、跨企业行为不同。backend 通过 DingTalkAppKind 校验对非
internal_app 类型 fail-closed(硬约束)。

钉钉 OAuth 登录主链
- 4 步 OAuth 链:ExchangeCodeForUserToken / GetUnionIdByUserToken /
  GetUserIdByUnionId / GetStaffInfoByUserId;app token 缓存
- pending session 机制持久化 OAuth 中间态;cookie-only token 持久化
- 三种分流:bind_login_required / email_completion / choose_account_action
- corp_restriction_policy 支持 none + internal_only;stale "whitelist" 在
  加载层与写入层均静默 coerce 为 none + slog.Warn
- bypass_registration 开关:企业内部模式豁免全局 REGISTRATION_DISABLED
- isReservedEmail / signup_source / canUnbindProvider / OAuth pending flow
  等横切点支持 dingtalk provider
- migration 136:4 表 CHECK 约束加入 'dingtalk' provider 值

internal_only 模式同步企业邮箱/姓名/部门到用户属性
- SyncCorpEmail / SyncDisplayName / SyncDept 三个独立开关 + 对应
  SyncXxxAttrKey 目标属性 key(默认 dingtalk_email / dingtalk_name /
  dingtalk_department);非 internal_only policy 在写入层与加载层均
  coerce 为 false,admin handler 与 setting_service 双层兜底
- 同步语义:首次注册写 users.username(昵称优先 → 企业姓名 fallback),
  之后每次登录刷新 3 个属性;空值也写入以覆盖旧值
- 邮箱三级 fallback:org_email > email > extension["企业邮箱"]
  (钉钉自定义字段 JSON)
- 部门路径递归向上拼接,跳过 dept_id=1 选首个真实子部门,剥离根组织名
- GetUnionIdByUserToken 同时返回 OIDC /contact/users/me 的 nick 字段;
  新增 GetDeptInfo 调用 OAPI /topapi/v2/department/get
- AuthHandler 注入 UserAttributeService;OAuth pending flow 在
  createPendingOAuthAccount / bindPendingOAuthLogin 分别派发到
  AfterRegistration(syncUsername=true)/ AfterLogin
- migration 137 seed dingtalk_email/name/department 三个用户属性定义

附带修复(同集成路径暴露的两个 OAuth 注册回归)
- LoginOrRegisterOAuthWithTokenPair 新建用户分支用 inferLegacySignupSource
  覆写 caller 显式传入的 signupSource,导致 dingtalk/linuxdo/oidc/wechat
  渠道授权按 email 渠道读取;改为只在 caller 未显式传入时回退邮箱推断
- mergeProviderDefaultGrantSettings 把 parse fallback 默认值
  (Concurrency=5 / Balance=0) 当作"未配置"哨兵,admin 显式设 5 时被误判
  退回全局默认(复现:全局默认 1 + 渠道默认并发 5 + grant_on_signup → 新
  用户实际 concurrency=1);去掉哨兵,admin 任何 >=0 值都覆盖 globalDefaults

前端
- DingTalk Login / Callback / EmailCompletion / ChoiceAccount / Error
  视图;router + auth API client
- admin SettingsView:corp policy radio(none / internal_only)+ bypass
  注册开关 + i18n;internal_only 下展示三同步开关 + 目标 attr key 下拉
  (拉取 user attribute definitions),展示 fieldEmail /
  qyapi_get_department_list 钉钉权限申请提示
- Profile:S1 主动绑定 / S5 解绑钉钉按钮 + 合成邮箱防自锁

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-19 15:27:47 +08:00
DaydreamCoding
664e9fdcd4 feat(usage): 用户用量按平台拆分 + UsersView 列设置可配置 + 用量列排序 
后端
- BatchUserUsageStats / UserDashboardStats 新增 ByPlatform 字段
  复用 ops 路径 COALESCE(g.platform, a.platform) 语义,不冗余 DB 字段
- 抽出 usageLogEffectivePlatformExpr 常量供管理员与用户两路径共用
- GetBatchUsersUsage cacheKey 加 v=2 + 当日日期,修复跨午夜旧缓存兼容新字段

前端
- 新建 PlatformUsageBreakdown:管理员用量列 hover tooltip 展示各平台 today/total
- 新建 PlatformCostCell:单平台 today/total 紧凑单元格
- UsersView 列设置新增 Claude/OpenAI/Gemini/Antigravity 四个平台子列,默认隐藏可手动启用
- 普通用户 Dashboard 新增 Row 3 平台拆分卡片,受 isSimple 控制
- 平台之和 < 总值时显式展示"其他"行,避免数字对不齐
- last_active_at 从 FORCED_VISIBLE_COLUMNS 移除,允许用户隐藏并持久化
- 列设置加 schema 版本号 + 迁移机制,老用户升级时新增默认隐藏列自动应用
- UsersView 用量列(汇总 + 4 平台子列)加入前端单页排序:列头单按钮 + 弹出菜单
  切换"今日 / 近30天",三态循环 desc → asc → off;菜单底部备注"仅对本页数据排序"
- sortedUsers computed 在 server-side-sort 结果之上叠加本地排序,缺失值按 0 处理;
  usageSort 状态独立 localStorage 持久化,互不干扰后端 sort_by
- i18n 新增 admin.users.sortBy / sortCurrentPageOnly

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-19 15:25:34 +08:00
Wesley Liddick
6a88e560c2
Merge pull request #2393 from hoobnn/fix/totp-autofill 
fix: add autocomplete for TOTP autofill support
 2026-05-19 15:16:28 +08:00
Wesley Liddick
f05670dd0f
Merge pull request #2454 from wucm667/codex/issue-2426-model-mapping 
fix(account): 保留模型白名单和模型映射组合配置
 2026-05-19 14:50:03 +08:00
Wesley Liddick
e365aae450
Merge pull request #2450 from wucm667/codex/issue-2431-responses-api-support 
feat: 支持后台配置 OpenAI Responses API 路由
 2026-05-19 14:47:10 +08:00
Wesley Liddick
03473d3ee8
Merge pull request #2554 from Arron196/feature/sync-upstream-models-pr 
feat: 支持从上游同步账号可用模型列表
 2026-05-19 14:42:47 +08:00
Wesley Liddick
c65522641d
Merge pull request #2473 from is7Qin/fix/image-tier-validation 
fix(channels): 按次/图片计费模式下区间校验跳过 token 上下文重叠规则
 2026-05-19 14:28:33 +08:00
Wesley Liddick
a340002c6d
Merge pull request #2401 from 2ue/fix/normalize-image-billing-size 
修复图片计费尺寸归一化与使用记录展示
 2026-05-19 14:00:24 +08:00
name
ddab7de916 Merge branch 'main' into fix/image-tier-validation 2026-05-19 11:06:17 +08:00
benjamin
5713820813 feat: add upstream model sync controls 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-05-18 19:01:55 +08:00
Yuhao Jiang
1b03240515 fix(payment): 修复支付宝官方扫码二维码生成错误 
支付宝官方服务商在 precreate(当面付)不可用回退到 page.pay 时,
错误地把网页跳转 URL 当作可扫码二维码内容返回。前端用 QRCode 库
把这段 URL 渲染成二维码后,支付宝 APP 无法识别(扫到的只是个 HTTP
URL,不是支付二维码),用户必须点"重新打开支付页面"跳转到支付宝
收银台才能扫到真正可用的二维码。

- 后端 alipay.go:createPagePayTrade 不再把 PayURL 塞给 QRCode;
  createDesktopTrade 在 paymentMode == "redirect" 时跳过 precreate
  直接走 page.pay,避免没开通"当面付"的商户走一次无用的 API 调用
- 前端管理端 PaymentProviderDialog:让支付宝官方实例可在"支付模式"
  中选择"跳转",开启后始终在新标签页打开支付宝收银台
- ProviderCard 的 modeLabel 增加 redirect 分支
- 补充 TestCreateTradeRedirectModeSkipsPrecreate 单元测试

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 15:01:17 -05:00
haruka
3ca232ad06 fix(frontend): 编辑弹窗回退旧 credentials 结构以兼容旧后端 
新代码仅依赖 credentials_status 会导致两种灰度场景被误判为未配置:
- 新前端 + 旧后端:旧后端未返回 credentials_status,前端读不到已脱敏的
  api_key / service_account_json,阻止保存。
- 旧前端 + 新后端:旧前端也读不到已脱敏字段(旧前端不在本 PR 范围)。

修复:
- API key 判断改为 credentials_status?.has_api_key ?? Boolean(currentCredentials.api_key)
- Vertex SA 判断:有 credentials_status 用 status,否则回退读
  credentials.service_account_json / service_account

补充测试覆盖:
- apikey/Vertex SA 各自的新后端脱敏响应、旧后端未脱敏响应、
  两者皆缺时阻止保存。

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 03:02:08 +08:00
name
b936925c8a fix(channels): 按次/图片计费模式跳过 token 区间重叠校验 
image 与 per_request 模式的层级按 tier_label (1K/2K/4K) 匹配,
不依赖 min/max token 范围, 多个层级共用 min=0/max=null 是预期形态。
原校验器一律按 token 上下文分段处理, 新增第二条图片层级时会被
"无上限区间只能是最后一个" 误拦, 导致 OpenAI gpt-image 等模型
无法保存按次定价。

validateIntervals 新增 mode 参数, image / per_request 模式跳过
区间重叠与 last-unlimited 检查, 保留单条 min/max 自洽与价格非负
校验。token 模式行为不变。
 2026-05-14 23:48:47 +08:00
wucm667
827764d7bd fix(account): preserve combined model restrictions 2026-05-14 15:00:28 +08:00
wucm667
862819042c feat(openai): 支持后台配置 Responses API 路由 2026-05-14 11:46:24 +08:00
2ue
bb4c1abe28 Fix image billing size normalization 2026-05-12 15:21:31 +08:00
hoobnn
4467922199 fix: add autocomplete="one-time-code" for TOTP autofill support 
Add a hidden input with autocomplete="one-time-code" so password managers
(1Password, Bitwarden, Chrome, Apple Keychain) can detect and auto-fill
TOTP verification codes during 2FA login.
 2026-05-12 13:54:41 +08:00
Wesley Liddick
8b0b507a95
Merge pull request #2314 from dexcoder6/fix/payment-result-nan 
Fix/payment result nan
 2026-05-11 11:24:46 +08:00
shaw
b23055af5b feat: add Airwallex payments and multi-currency support 2026-05-11 11:17:26 +08:00
dexcoder6
ba1c6fa5fd fix: 修复管理端订单详情充值金额显示 NaN 
与支付成功页同源问题:fee_rate=0 时后端 omitempty 剔除字段,前端
`fee_rate <= 0` 判断对 undefined 失效,进入除法分支得到 NaN。

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-09 13:47:57 +08:00
shaw
fda1ed459d feat: 优化 OAuth 账号导入流程 2026-05-08 11:36:09 +08:00
haruka
0f8e2d0934 fix(security): 屏蔽 admin 账号接口返回的敏感凭证字段 
Account.Credentials 是 JSONB map,混合存放可编辑的非敏感配置(base_url、
model_mapping、project_id 等)与敏感秘钥(OAuth access/refresh/id token、
API key、AWS secret、Vertex private key 等)。当前所有 admin 账号接口直接
透传该 map,token 经由浏览器 DevTools、抓包、日志等途径泄漏。

- service 包新增 SensitiveCredentialKeys 清单与 MergePreservingSensitiveCreds
  作为单一权威定义。
- dto 层 RedactCredentials 在响应里剥离敏感子键,输出 credentials_status
  (has_<key> 布尔标识)告知前端存在性,不暴露原值。
- AccountFromServiceShallow 接入脱敏,覆盖 list、get、create、update、
  refresh、batch、bulk-update、OAuth 创建等 9 个 handler。
- service.UpdateAccount 改为合并语义:incoming 没传敏感键则保留 existing,
  让前端"全对象 PUT"流程在脱敏后无感工作;显式提供新 token 仍会覆盖。
- 前端 EditAccountModal 修复脱敏后会崩的两处兜底:apikey 必填检查和
  Vertex SA JSON 存在性校验改读 credentials_status.has_*。
- 导出端点 /admin/accounts/data 走独立的 DataAccount 结构,按设计保留
  完整 credentials 作为管理员备份路径。

测试:RedactCredentials 单元测试、mapper 端到端 JSON 断言(确认序列化
后无 token 子串)、UpdateAccount 合并语义三种场景(保留 / 覆盖 / 空 map 跳过)。

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-08 03:44:04 +08:00
shaw
e872cbec0b feat: 添加登录注册条款确认 2026-05-07 17:35:05 +08:00
shaw
7a9c1d7edd feat(frontend): add account Codex image bridge control 2026-05-07 11:07:33 +08:00
Wesley Liddick
e69319e747
Merge pull request #2224 from lyen1688/feat-email-oauth-github-google 
feat: 增加 GitHub 和 Google 邮箱快捷登录
 2026-05-07 10:07:28 +08:00
shaw
fff4a300c6 feat(risk-control): add content moderation audit 2026-05-07 09:14:47 +08:00
lyen1688
7f185422a5 fix: 修复邮箱快捷登录前端回调兜底 2026-05-06 20:03:44 +08:00
lyen1688
af550fa64e feat: 增加 GitHub 和 Google 邮箱快捷登录 2026-05-06 16:06:11 +08:00
Wesley Liddick
a1106e8167
Merge pull request #2165 from zhangdeyu/feature/support-select-search 
feat: Select 和 GroupSelector 组件支持自动搜索
 2026-05-05 21:10:07 +08:00
2ue
6faa344916 feat: add OpenAI image generation controls 2026-05-05 03:26:54 +08:00
Wesley Liddick
c129825f9b
Merge pull request #2116 from KnowSky404/fix/openai-bulk-edit-compact-config 
fix: add OpenAI compact bulk edit fields
 2026-05-04 00:14:46 +08:00
lyen1688
3ab40269b4 完善返利转入余额历史显示 2026-05-03 20:33:14 +08:00
lyen1688
6a41cf6a51 feat: add admin affiliate record pages 2026-05-03 20:33:13 +08:00
Derek
f2f6bc6c04 feat: Select 和 GroupSelector 组件支持自动搜索 
当选项数量 > 5 时自动启用搜索过滤,无需修改任何使用处代码。
- Select.vue: searchable 默认值改为 'auto',内部自动判断
- GroupSelector.vue: 新增 searchable prop 和搜索输入框
 2026-05-02 23:57:10 +08:00
DaydreamCoding
f084d30d65 fix: 恢复表格分页大小 localStorage 持久化 
- usePersistedPageSize: 恢复 localStorage 读写,以系统配置为 fallback
- useTableLoader: handlePageSizeChange 时写入 localStorage
- Pagination.vue: handlePageSizeChange 时写入 localStorage

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-30 10:35:15 +08:00
KnowSky404
3953dc9ce4 fix: add OpenAI compact bulk edit fields 2026-04-30 10:19:59 +08:00
Wesley Liddick
27cad10d30
Merge pull request #2030 from KnowSky404/feature/account-bulk-edit-scope-and-compact 
feat: support filtered account bulk edit and align compact OpenAI bulk fields
 2026-04-29 20:56:43 +08:00
shaw
93d91e20b9 fix(vertex): audit fixes for Vertex Service Account feature (#1977) 
- Security: force token_uri to Google default, preventing SSRF via crafted service account JSON
- Dedup: extract shared getVertexServiceAccountAccessToken() to eliminate ~35 lines of duplication between ClaudeTokenProvider and GeminiTokenProvider
- Fix: apply model mapping + Vertex model ID normalization in forward_as_responses and forward_as_chat_completions paths
- Fix: exclude service_account from AI Studio endpoint selection (Vertex cannot serve generativelanguage.googleapis.com)
- Feature: add model restriction/mapping UI for service_account in EditAccountModal
- Dedup: extract VERTEX_LOCATION_OPTIONS to shared constants
- i18n: replace all hardcoded Chinese strings in Vertex UI with translation keys
 2026-04-29 16:53:09 +08:00
KnowSky404
a161f9d045 feat: align OpenAI bulk edit compact settings 2026-04-27 18:15:23 +08:00
KnowSky404
c5a1a82223 test: cover missing OpenAI bulk edit fields 2026-04-27 18:13:14 +08:00
KnowSky404
2ab6b34fd1 feat: add filtered-result account bulk edit 2026-04-27 18:12:24 +08:00
KnowSky404
764afbe37a test: cover account bulk edit target scopes 2026-04-27 18:08:22 +08:00
Oliver Li
3f05ef2ae3
Merge branch 'Wei-Shaw:main' into vertex 2026-04-26 08:39:41 -04:00