sub2api

Author	SHA1	Message	Date
Wesley Liddick	2a242aec0f	Merge pull request #2573 from wucm667/feat/redeem-code-expiry feat(redeem): 兑换码支持设置使用有效期	2026-05-19 16:25:12 +08:00
Wesley Liddick	a929e285ce	Merge pull request #2271 from StarryKira/fix/redact-account-credentials fix(security): 屏蔽 admin 账号接口返回的敏感凭证字段	2026-05-19 16:15:36 +08:00
wucm667	e4aaf0af29	feat(redeem): 兑换码支持设置使用有效期	2026-05-19 15:53:28 +08:00
DaydreamCoding	b19da9c7fe	feat(dingtalk): 钉钉 OAuth 登录接入与 internal_only 用户属性同步 ⚠️ 应用类型约束：当前实现仅支持「钉钉登录-企业内部应用」（DingTalk 开放平台 internal_app 类型）。第三方个人应用、第三方企业应用类型暂不支持——OAuth 流程相同但 corp 校验、跨企业行为不同。backend 通过 DingTalkAppKind 校验对非 internal_app 类型 fail-closed（硬约束）。钉钉 OAuth 登录主链 - 4 步 OAuth 链：ExchangeCodeForUserToken / GetUnionIdByUserToken / GetUserIdByUnionId / GetStaffInfoByUserId；app token 缓存 - pending session 机制持久化 OAuth 中间态；cookie-only token 持久化 - 三种分流：bind_login_required / email_completion / choose_account_action - corp_restriction_policy 支持 none + internal_only；stale "whitelist" 在加载层与写入层均静默 coerce 为 none + slog.Warn - bypass_registration 开关：企业内部模式豁免全局 REGISTRATION_DISABLED - isReservedEmail / signup_source / canUnbindProvider / OAuth pending flow 等横切点支持 dingtalk provider - migration 136：4 表 CHECK 约束加入 'dingtalk' provider 值 internal_only 模式同步企业邮箱/姓名/部门到用户属性 - SyncCorpEmail / SyncDisplayName / SyncDept 三个独立开关 + 对应 SyncXxxAttrKey 目标属性 key（默认 dingtalk_email / dingtalk_name / dingtalk_department）；非 internal_only policy 在写入层与加载层均 coerce 为 false，admin handler 与 setting_service 双层兜底 - 同步语义：首次注册写 users.username（昵称优先 → 企业姓名 fallback），之后每次登录刷新 3 个属性；空值也写入以覆盖旧值 - 邮箱三级 fallback：org_email > email > extension["企业邮箱"] （钉钉自定义字段 JSON） - 部门路径递归向上拼接，跳过 dept_id=1 选首个真实子部门，剥离根组织名 - GetUnionIdByUserToken 同时返回 OIDC /contact/users/me 的 nick 字段；新增 GetDeptInfo 调用 OAPI /topapi/v2/department/get - AuthHandler 注入 UserAttributeService；OAuth pending flow 在 createPendingOAuthAccount / bindPendingOAuthLogin 分别派发到 AfterRegistration（syncUsername=true）/ AfterLogin - migration 137 seed dingtalk_email/name/department 三个用户属性定义附带修复（同集成路径暴露的两个 OAuth 注册回归） - LoginOrRegisterOAuthWithTokenPair 新建用户分支用 inferLegacySignupSource 覆写 caller 显式传入的 signupSource，导致 dingtalk/linuxdo/oidc/wechat 渠道授权按 email 渠道读取；改为只在 caller 未显式传入时回退邮箱推断 - mergeProviderDefaultGrantSettings 把 parse fallback 默认值 (Concurrency=5 / Balance=0) 当作"未配置"哨兵，admin 显式设 5 时被误判退回全局默认（复现：全局默认 1 + 渠道默认并发 5 + grant_on_signup → 新用户实际 concurrency=1）；去掉哨兵，admin 任何 >=0 值都覆盖 globalDefaults 前端 - DingTalk Login / Callback / EmailCompletion / ChoiceAccount / Error 视图；router + auth API client - admin SettingsView：corp policy radio（none / internal_only）+ bypass 注册开关 + i18n；internal_only 下展示三同步开关 + 目标 attr key 下拉（拉取 user attribute definitions），展示 fieldEmail / qyapi_get_department_list 钉钉权限申请提示 - Profile：S1 主动绑定 / S5 解绑钉钉按钮 + 合成邮箱防自锁 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-19 15:27:47 +08:00
haruka	0f8e2d0934	fix(security): 屏蔽 admin 账号接口返回的敏感凭证字段 Account.Credentials 是 JSONB map，混合存放可编辑的非敏感配置（base_url、 model_mapping、project_id 等）与敏感秘钥（OAuth access/refresh/id token、 API key、AWS secret、Vertex private key 等）。当前所有 admin 账号接口直接透传该 map，token 经由浏览器 DevTools、抓包、日志等途径泄漏。 - service 包新增 SensitiveCredentialKeys 清单与 MergePreservingSensitiveCreds 作为单一权威定义。 - dto 层 RedactCredentials 在响应里剥离敏感子键，输出 credentials_status （has_<key> 布尔标识）告知前端存在性，不暴露原值。 - AccountFromServiceShallow 接入脱敏，覆盖 list、get、create、update、 refresh、batch、bulk-update、OAuth 创建等 9 个 handler。 - service.UpdateAccount 改为合并语义：incoming 没传敏感键则保留 existing，让前端"全对象 PUT"流程在脱敏后无感工作；显式提供新 token 仍会覆盖。 - 前端 EditAccountModal 修复脱敏后会崩的两处兜底：apikey 必填检查和 Vertex SA JSON 存在性校验改读 credentials_status.has_*。 - 导出端点 /admin/accounts/data 走独立的 DataAccount 结构，按设计保留完整 credentials 作为管理员备份路径。测试：RedactCredentials 单元测试、mapper 端到端 JSON 断言（确认序列化后无 token 子串）、UpdateAccount 合并语义三种场景（保留 / 覆盖 / 空 map 跳过）。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-08 03:44:04 +08:00
Michael-Jetson	4cbd4932a0	feat: add redeem code affiliate rebate, batch concurrency API, and markdown page rendering 1. Redeem code affiliate rebate: balance-type redeem codes now trigger invite rebate for the inviter. Payment fulfillment uses context key to prevent double-rebate. 2. Batch concurrency update: new POST /admin/users/batch-concurrency endpoint supporting mode=set/add with all=true for all users. 3. Markdown page rendering: new GET /api/v1/pages/:slug API serves local .md files. Custom menu items with url="md:slug" render markdown with collapsible TOC sidebar, scroll spy, and copy buttons on code blocks. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-05 06:44:37 -07:00
2ue	6faa344916	feat: add OpenAI image generation controls	2026-05-05 03:26:54 +08:00
lyen1688	3ab40269b4	完善返利转入余额历史显示	2026-05-03 20:33:14 +08:00
Wesley Liddick	17ced6b73a	Merge pull request #2027 from hansnow/codex/fix-api-key-rate-limit-reset fix(api-key): reset rate limit usage cache	2026-04-29 21:27:52 +08:00
KnowSky404	25c7b0d9f4	feat: support filter-target account bulk update	2026-04-27 17:59:49 +08:00
hansnow	53f919f8f0	fix(api-key): reset rate limit usage cache	2026-04-27 16:47:44 +08:00
james-6-23	dc5d42addc	feat(rpm): RPM 限流模块优化 P0: - rpm_override 嵌入 Auth Cache Snapshot，消除每请求 DB 查询 (snapshot v6→v7) - 429 RPM 响应返回 Retry-After 头（当前分钟剩余秒数） P1: - ClearAll 按钮直连 DELETE API，带 loading 防重复 - 新增 GET /admin/users/:id/rpm-status 管理员 RPM 用量查询端点优化: - checkRPM 从级联互斥改为并行取最严，user.rpm_limit 作为全局硬上限始终生效 - Override/Group 变更后自动失效 auth cache - fail-open 语义不变，Redis 故障不阻塞业务	2026-04-23 16:34:37 +08:00
IanShaw027	a94d89efa7	fix(unit): restore secure oidc defaults and wechat alias reuse	2026-04-22 16:51:23 +08:00
IanShaw027	b13e34f831	fix(ci): align auth and payment verification tests	2026-04-22 02:32:53 +08:00
IanShaw027	da1d26001f	Merge branch 'main' into rebuild/auth-identity-foundation	2026-04-22 00:35:34 +08:00
IanShaw027	d08757ce9e	refactor(admin): remove auth migration reports	2026-04-21 17:34:18 +08:00
IanShaw027	ea27ac6fd7	fix: unify email identity sync and retry first-bind defaults	2026-04-21 01:00:59 +08:00
IanShaw027	bf3ef2d19a	add admin user last used support	2026-04-21 00:22:17 +08:00
IanShaw027	5d58c7c6fb	Add auth identity legacy backfill and email sync	2026-04-21 00:13:40 +08:00
IanShaw027	724f8e89a1	feat: resolve auth identity migration reports	2026-04-20 22:29:21 +08:00
IanShaw027	452e55a53c	feat: add admin auth identity repair binding	2026-04-20 22:22:14 +08:00
IanShaw027	3bd3027251	feat: expose auth identity migration reports	2026-04-20 22:05:33 +08:00
erio	df57d2776b	fix(billing): reject rate_multiplier <= 0 on save; clamp negatives to 0 in compute 分组倍率和用户专属倍率在保存时没有校验，0 会触发计费层的 `<=0 → 1.0` 防御条款，结果订阅/余额分组按标准价扣费；完全是沉默地绕过了业务规则。 - 保存校验（admin_service）：CreateGroup / UpdateGroup / BatchSetGroupRateMultipliers / UpdateUser.SyncUserGroupRates 全部要求 > 0 - 计算层（billing_service）：三处 `<=0 → 1.0` 改为 `<0 → 0`；负数按 0 结算，避免配置异常被静默按 1x 收费 - 前端：分组倍率 / 用户专属倍率输入 min 统一到 0.001 - 删除未使用的 IsFreeSubscription 方法测试：新增 billing_service_rate_multiplier_test.go 端到端验证；更新原有锁定旧 `<=0 → 1.0` 行为的测试。	2026-04-17 22:06:32 +08:00
Wesley Liddick	7451b6f9ae	修复 OpenAI 账号限流回流误判：7d 窗口可用时不因 5h 窗口为 0 回写 429	2026-04-15 15:29:52 +08:00
IanShaw027	2b70d1d332	merge upstream main into fix/bug-cleanup-main	2026-04-09 21:35:48 +08:00
IanShaw027	5f8e60a1b7	feat(table): 表格排序与搜索改为后端处理	2026-04-09 18:14:28 +08:00
IanShaw027	23c4d592f8	feat(group): 增加messages调度模型映射配置	2026-04-09 12:29:28 +08:00
erio	0c72be0403	fix: gofmt alignment and remove media_type from usage_log repo queries	2026-04-05 17:22:22 +08:00
erio	62e80c602d	revert: completely remove all Sora functionality	2026-04-05 17:11:01 +08:00
Wesley Liddick	0507852a34	Merge pull request #1437 from DaydreamCoding/fix/openai-oauth-improvements feat(openai): OpenAI OAuth 账号管理增强：订阅状态、隐私设置、Token 刷新修复	2026-04-03 09:22:10 +08:00
QTom	cf70fb1b4e	fix(openai): Mobile RT 账号隐私设置失败 1. CreateAccount 补齐 OpenAI OAuth 隐私入口（与 BatchCreate 对齐） 2. disableOpenAITraining 请求头修正：覆盖 ImpersonateChrome() 的浏览器导航默认头（accept: text/html, sec-fetch-mode: navigate），改为 API 请求语义（Accept: application/json, sec-fetch-mode: cors），避免 Cloudflare 将 PATCH API 请求误判为异常导航流量而拦截 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-02 20:44:22 +08:00
QTom	b155bc564b	fix(antigravity): 修复批量刷新令牌不设置隐私模式的问题 - refreshSingleAccount ProjectIDMissing 提前返回前补上 EnsureAntigravityPrivacy 调用 - EnsureAntigravityPrivacy 跳过条件从"有任何值"改为"仅 privacy_set 成功时跳过"， privacy_set_failed 允许重试，对齐 OpenAI shouldSkipOpenAIPrivacyEnsure 的行为 - 后台 TokenRefreshService.ensureAntigravityPrivacy 同步修改 - ExchangeCode/ValidateRefreshToken 获得令牌后立即调用 setAntigravityPrivacy，不依赖后续账号创建流程 Made-with: Cursor	2026-04-01 12:24:52 +08:00
Wesley Liddick	820c531814	Merge pull request #1406 from DaydreamCoding/feat/group-account-filter feat(group-filter): 分组账号过滤控制 — require_oauth_only + require_privacy_set	2026-03-31 14:01:05 +08:00
QTom	aeed2eb9ad	feat(group-filter): 分组账号过滤控制 — require_oauth_only + require_privacy_set 为 OpenAI/Antigravity/Anthropic/Gemini 分组新增两个布尔控制字段： - require_oauth_only: 创建/更新账号绑定分组时拒绝 apikey 类型加入 - require_privacy_set: 调度选号时跳过 privacy 未成功设置的账号并标记 error 后端：Ent schema 新增字段 + 迁移、Group CRUD 全链路透传、 gateway_service 与 openai_account_scheduler 两套调度路径过滤前端：创建/编辑表单 toggle 开关（OpenAI/Antigravity/Anthropic/Gemini 平台可见） Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-31 13:04:55 +08:00
QTom	46bc5ca73b	feat(antigravity): 令牌刷新失败及创建账号时也设置隐私 - token_refresh: 不可重试错误和重试耗尽两条路径添加 ensureAntigravityPrivacy - admin_service: CreateAccount 为 Antigravity OAuth 账号异步设置隐私 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-31 11:42:23 +08:00
weak-fox	e298a71834	fix: clear temp unsched when resetting account status	2026-03-30 00:22:02 +08:00
QTom	c13c81f09d	feat(privacy): 为 OpenAI OAuth 账号添加前端手动设置隐私按钮复用已有的 set-privacy API 端点，Handler 通过 platform 分发到 ForceOpenAIPrivacy / ForceAntigravityPrivacy，前端 AccountActionMenu 扩展隐私按钮支持 OpenAI OAuth 账号。 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-27 14:51:36 +08:00
Wesley Liddick	b688ebeefa	Merge pull request #1215 from weak-fox/fix/privacy-retry-failed-mode fix: 允许 OpenAI privacy_mode修改失败后能在 token 刷新时重试	2026-03-27 14:46:38 +08:00
QTom	975e6b1563	fix: 修复 golangci-lint 报告的 5 个问题 - gofmt: 修复 admin_service/antigravity_oauth_service/token_refresh_service 格式 - staticcheck S1009: 移除 SetUserSettingsResponse.IsSuccess 中冗余的 nil 检查 - unused: 将仅测试使用的 applyAntigravitySubscriptionResult 移至测试文件 Made-with: Cursor	2026-03-25 19:03:12 +08:00
QTom	c2965c0fb0	feat(antigravity): 自动设置隐私并支持后台手动重试新增 Antigravity OAuth 隐私设置能力，在账号创建、刷新、导入和后台 Token 刷新路径自动调用 setUserSettings + fetchUserInfo 关闭遥测；持久化后同步内存 Extra，错误处理改为日志记录。 Made-with: Cursor	2026-03-25 17:38:41 +08:00
weak-fox	4838ab74b3	feat(admin): add account privacy mode filter	2026-03-23 10:16:52 +08:00
weak-fox	ccd42c1d1a	Retry OpenAI privacy opt-out after failed states	2026-03-23 00:10:22 +08:00
QTom	ba7d2aecbb	feat(admin): 用户管理新增分组列、分组筛选与专属分组一键替换 - 新增分组列：展示用户的专属/公开分组，支持 hover 查看详情 - 新增分组筛选：下拉选择或模糊搜索分组名过滤用户 - 专属分组替换：点击专属分组弹出操作菜单，选择目标分组后自动授予新分组权限、迁移绑定的 Key、移除旧分组权限 - 后端新增 POST /admin/users/:id/replace-group 端点，事务内完成分组替换并失效认证缓存	2026-03-19 22:27:55 +08:00
Ethan0x0000	afd72abc6e	fix: allow empty extra payload to clear account quota limits UpdateAccount previously required len(input.Extra) > 0, causing explicit empty payloads (extra:{}) to be silently skipped. Change condition to input.Extra != nil so clearing quota keys actually persists.	2026-03-16 16:22:31 +08:00
erio	552a4b998a	fix: resolve golangci-lint issues (gofmt, errcheck) - Fix gofmt alignment in admin_service.go and trailing newline in antigravity_credits_overages.go - Suppress errcheck for fmt.Sscanf in client.go GetMinimumAmount	2026-03-16 05:15:27 +08:00
erio	0d2061b268	fix: remove ClaudeMax references not yet in upstream/main Remove SimulateClaudeMaxEnabled field and related logic from admin_service.go, and remove applyClaudeMaxCacheBillingPolicyToUsage, applyClaudeMaxNonStreamingRewrite, setupClaudeMaxStreamingHook calls from antigravity_gateway_service.go. These symbols are not yet available in upstream/main.	2026-03-16 05:01:42 +08:00
erio	8a260defc2	refactor: replace sync.Map credits state with AICredits rate limit key Replace process-memory sync.Map + per-model runtime state with a single "AICredits" key in model_rate_limits, making credits exhaustion fully isomorphic with model-level rate limiting. Scheduler: rate-limited accounts with overages enabled + credits available are now scheduled instead of excluded. Forwarding: when model is rate-limited + credits available, inject credits proactively without waiting for a 429 round trip. Storage: credits exhaustion stored as model_rate_limits["AICredits"] with 5h duration, reusing SetModelRateLimit/isRateLimitActiveForKey. Frontend: show credits_active (yellow ⚡) when model rate-limited but credits available, credits_exhausted (red) when AICredits key active. Tests: add unit tests for shouldMarkCreditsExhausted, injectEnabledCreditTypes, clearCreditsExhausted, and update existing overages tests.	2026-03-16 04:58:58 +08:00
SilentFlower	f3f19d35aa	feat: enhance Antigravity account overages handling and improve UI credit display	2026-03-16 04:58:35 +08:00
SilentFlower	17e4033340	feat: implement resolveCreditsOveragesModelKey function to stabilize model key resolution for credit overages	2026-03-16 04:58:12 +08:00
erio	5899784aa4	fix(billing): allow clearing group quota limits and treat 0 as zero-limit Previously, v-model.number produced "" when input was cleared, causing JSON decode errors on the backend. Also, normalizeLimit treated 0 as "unlimited" which prevented setting a zero quota. Now "" is converted to null (unlimited) in frontend, and 0 is preserved as a valid limit. Closes Wei-Shaw/sub2api#1021	2026-03-15 16:15:15 +08:00

1 2 3 4

162 Commits