zfc/sub2api
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
3,753 Commits 3 Branches 0 Tags
Commit Graph

199 Commits

Author SHA1 Message Date
win
a420179abb chore: merge upstream Wei-Shaw/sub2api v0.1.133 2026-05-29 17:48:27 +08:00
shaw
514ac5c6a1 feat: 适配 claude-opus-4-8 2026-05-29 09:56:48 +08:00
win
f519a02ec9 chore: merge upstream Wei-Shaw/sub2api v0.1.132 
Conflicts resolved (preserving fork customizations):
- config.go: keep NodeTLSProxy + add upstream OpenAIHTTP2
- gateway_service.go: NewGatewayService now takes both rpmTokenBucketSvc
  (local) and userPlatformQuotaRepo (upstream)
- wire_gen.go: wire both new args into the call site
- http_upstream.go: drop redundant settings re-assignment; keep proxy
  URL log redaction
- http_upstream_test.go: adopt upstream's explicit-0-disables semantics;
  keep 600s default constant in nil-cfg fallback test
- user_handler_test.go / gateway_record_usage_test.go: pick up new
  userPlatformQuotaRepo nil parameter

Also updated test stubs (windsurf_google_login_test.go,
windsurf_tier_access_service_test.go, gateway_models_test.go) for new
SetModelRateLimit variadic signature and the extra NewGatewayService arg.

Upstream highlights: OpenAI embeddings gateway, user x platform USD
quota, content-moderation risk thresholds, OAuth 401 credentials
no-overwrite fix, HTTP/2 OpenAI upstream config, pool retry status code
configurability, long-context cache pricing multipliers.
 2026-05-29 07:21:32 +08:00
lyen1688
f597c1581b feat(group): 支持自定义 /v1/models 模型列表 2026-05-27 18:00:45 +08:00
DaydreamCoding
6b39b344d8 feat(quota): 用户 × 平台 USD 配额 
为用户在 anthropic/openai/gemini/antigravity 四个平台上提供日/周/月
三个窗口的 USD 配额管控。配额语义:未设置=不限制,0=禁用,>0=美元上限。

两层模型:
- 配置层:系统默认配额,以及 email/linuxdo/oidc/wechat/github/google/
  dingtalk 七个鉴权来源的默认配额,存于 settings,以嵌套 JSON 整体读写
  (系统 1 个 key + 每个来源 1 个 key),整体替换语义。
- 运行时层:user_platform_quota 表按用户记录实际配额,与配置层解耦。

后端:新增 ent schema 与 140_user_platform_quotas.sql 迁移、repository
与 service 端口、计费链路集成、管理端与用户端读写接口。
前端:管理端设置页配额编辑、用户配额管理 Modal、用户 Dashboard 展示、
中英文案。

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-26 10:49:20 +08:00
win
e938be5f3f chore: merge upstream Wei-Shaw/sub2api latest (v0.1.130+) 
Upstream features: bedrock CC compat, email whitelist wildcard,
content moderation per-model toggle, redeem code batch update,
OIDC verified-email fast path, subscription expiry email,
cache hit rate fix, audit dedup, js-cookie security fix,
x/net vulnerability fix, OpenAI account cooldown optimization,
reverse proxy client IP fix, API key ACL trusted forwarded IP.

Local additions preserved: rpmTokenBucketService, quotaFactor
scoring, P2C scheduler selection.
 2026-05-24 15:54:54 +08:00
shaw
a613a587ba feat: add subscription expiry email toggle 2026-05-21 14:27:50 +08:00
DaydreamCoding
4bfb707ff3 fix(auth): user_provider_default_grants 加入 github/google/dingtalk 
migration 135/136 把 github、google、dingtalk 加到 users / auth_identities /
auth_identity_channels / pending_auth_sessions 的 check 约束时,漏改
user_provider_default_grants。一旦管理员开启 grant_on_first_bind,OAuth 首次
绑定就会在 INSERT user_provider_default_grants 时撞约束,触发 500。
 2026-05-21 00:48:38 +08:00
win
158785bfc9 chore: merge upstream v0.1.127 — keep omniroute customizations 
Upstream highlights:
- v0.1.127 release (150 commits): channel-monitor 协议管理、OpenAI
  Responses 路由配置、模型定价 LiteLLM 默认、payment 强制扫码、
  钉钉 OAuth、用户用量按平台拆分、Ops 错误分类 SLA 调整、
  Anthropic passthrough keepalive、Gemini chat completions 路由 ...
- 91da8159 feat(risk-control): 内容审计新增关键词拦截
- 3d22dd34 feat: gemini-3.5-flash 模型支持

Conflicts resolved:
- Dockerfile: keep pnpm pin to 9.15.9 (upstream pinned generic v9 floating).
- wire_gen.go: combine upstream NewSettingHandler(+userAttributeService)
  with local NewOpsHandler(opsService, requestEventBus, opsLogBroadcaster).
  Verified by re-running wire generate.
- scheduler_cache.go: keep both upstream openai_responses_{mode,supported}
  keys and local model_rate_limits key in filterSchedulerExtra().
- gateway_service.go: keep local context-compression block; drop now-dead
  setOpsUpstreamRequestBody call (upstream removed ops retry replay).
- docker-compose.yml: keep local windsurf-ls service profile and named
  volumes; keep local healthcheck start_period values.

Test mock signatures bumped to match current constructors:
- gateway_models_test.go: add nil for RPMTokenBucketService.
- account_handler_available_models_test.go: add nil for windsurfChatService.
 2026-05-20 12:39:40 +08:00
Wesley Liddick
03730fbcf3
Merge pull request #2585 from Arron196/feature/channel-monitor-openai-detection 
优化渠道监控 OpenAI 检测协议与内置模板
 2026-05-20 08:50:44 +08:00
benjamin
b685fe69a4 feat(channel-monitor): 内置 OpenAI 检测模板 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-05-19 22:05:43 +08:00
benjamin
3eff5f512a feat(channel-monitor): 添加 API 模式迁移 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-05-19 22:05:43 +08:00
name
2eb622f2f6 Remove ops retry replay storage 2026-05-19 19:37:41 +08:00
Wesley Liddick
2a242aec0f
Merge pull request #2573 from wucm667/feat/redeem-code-expiry 
feat(redeem): 兑换码支持设置使用有效期
 2026-05-19 16:25:12 +08:00
wucm667
e4aaf0af29 feat(redeem): 兑换码支持设置使用有效期 2026-05-19 15:53:28 +08:00
DaydreamCoding
b19da9c7fe feat(dingtalk): 钉钉 OAuth 登录接入与 internal_only 用户属性同步 
⚠️ 应用类型约束:当前实现仅支持「钉钉登录-企业内部应用」(DingTalk 开放平台
internal_app 类型)。第三方个人应用、第三方企业应用类型暂不支持——OAuth 流程
相同但 corp 校验、跨企业行为不同。backend 通过 DingTalkAppKind 校验对非
internal_app 类型 fail-closed(硬约束)。

钉钉 OAuth 登录主链
- 4 步 OAuth 链:ExchangeCodeForUserToken / GetUnionIdByUserToken /
  GetUserIdByUnionId / GetStaffInfoByUserId;app token 缓存
- pending session 机制持久化 OAuth 中间态;cookie-only token 持久化
- 三种分流:bind_login_required / email_completion / choose_account_action
- corp_restriction_policy 支持 none + internal_only;stale "whitelist" 在
  加载层与写入层均静默 coerce 为 none + slog.Warn
- bypass_registration 开关:企业内部模式豁免全局 REGISTRATION_DISABLED
- isReservedEmail / signup_source / canUnbindProvider / OAuth pending flow
  等横切点支持 dingtalk provider
- migration 136:4 表 CHECK 约束加入 'dingtalk' provider 值

internal_only 模式同步企业邮箱/姓名/部门到用户属性
- SyncCorpEmail / SyncDisplayName / SyncDept 三个独立开关 + 对应
  SyncXxxAttrKey 目标属性 key(默认 dingtalk_email / dingtalk_name /
  dingtalk_department);非 internal_only policy 在写入层与加载层均
  coerce 为 false,admin handler 与 setting_service 双层兜底
- 同步语义:首次注册写 users.username(昵称优先 → 企业姓名 fallback),
  之后每次登录刷新 3 个属性;空值也写入以覆盖旧值
- 邮箱三级 fallback:org_email > email > extension["企业邮箱"]
  (钉钉自定义字段 JSON)
- 部门路径递归向上拼接,跳过 dept_id=1 选首个真实子部门,剥离根组织名
- GetUnionIdByUserToken 同时返回 OIDC /contact/users/me 的 nick 字段;
  新增 GetDeptInfo 调用 OAPI /topapi/v2/department/get
- AuthHandler 注入 UserAttributeService;OAuth pending flow 在
  createPendingOAuthAccount / bindPendingOAuthLogin 分别派发到
  AfterRegistration(syncUsername=true)/ AfterLogin
- migration 137 seed dingtalk_email/name/department 三个用户属性定义

附带修复(同集成路径暴露的两个 OAuth 注册回归)
- LoginOrRegisterOAuthWithTokenPair 新建用户分支用 inferLegacySignupSource
  覆写 caller 显式传入的 signupSource,导致 dingtalk/linuxdo/oidc/wechat
  渠道授权按 email 渠道读取;改为只在 caller 未显式传入时回退邮箱推断
- mergeProviderDefaultGrantSettings 把 parse fallback 默认值
  (Concurrency=5 / Balance=0) 当作"未配置"哨兵,admin 显式设 5 时被误判
  退回全局默认(复现:全局默认 1 + 渠道默认并发 5 + grant_on_signup → 新
  用户实际 concurrency=1);去掉哨兵,admin 任何 >=0 值都覆盖 globalDefaults

前端
- DingTalk Login / Callback / EmailCompletion / ChoiceAccount / Error
  视图;router + auth API client
- admin SettingsView:corp policy radio(none / internal_only)+ bypass
  注册开关 + i18n;internal_only 下展示三同步开关 + 目标 attr key 下拉
  (拉取 user attribute definitions),展示 fieldEmail /
  qyapi_get_department_list 钉钉权限申请提示
- Profile:S1 主动绑定 / S5 解绑钉钉按钮 + 合成邮箱防自锁

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-19 15:27:47 +08:00
2ue
bb4c1abe28 Fix image billing size normalization 2026-05-12 15:21:31 +08:00
win
7347dfffc1 chore: merge upstream v0.1.124-125, keep Windsurf/Antigravity customizations 
Upstream changes:
- feat: 邮箱 + GitHub + Google OAuth 快捷登录
- feat: Codex image bridge 开关
- feat: 内容审核 (content moderation) — 新增 contentModerationService/Handler
- feat: redeem code 返利、批量并发 API、markdown 页面渲染
- feat: 登录注册条款确认
- fix(security): pages API 加 JWT + 可见性校验
- fix: 修复 markdown 页面图片路径
- fix(gateway): 不再默认注入 redact thinking beta
- fix: 稳定 anthropic passthrough 超时错误
- chore: VERSION 升到 0.1.125 + golang:1.26.3-alpine

Conflict resolutions:
- Dockerfile/backend/Dockerfile: 取 upstream golang:1.26.3-alpine
- backend/go.mod: 取 upstream term v0.42.0,保留定制 protobuf v1.36.10
- frontend/src/api/admin/index.ts: 并集 (windsurf + riskControl)
- backend/cmd/server/wire_gen.go: 接 upstream contentModeration*,保留 windsurfHandler/windsurfGatewayService/billingCacheService/requestEventBus;并通过 wire 重生成
- frontend/src/views/admin/AccountsView.vue: 采用 upstream 双层布局 + OpenAI Meta,保留 is_enterprise prop 和 Windsurf tier badge

Note:
- WIP commit (de048fad) preserved Windsurf tier access service / NLU
  extractor / ops log stream / Google OAuth login modal et al before merge.
- 3 pre-existing go vet issues in test files (NewOpsHandler, RegisterGatewayRoutes,
  DefaultCLIProductVersion) are unrelated to this merge — leftover from local
  customization refactors; production code (go build ./...) passes.
 2026-05-09 01:42:39 +08:00
Wesley Liddick
e69319e747
Merge pull request #2224 from lyen1688/feat-email-oauth-github-google 
feat: 增加 GitHub 和 Google 邮箱快捷登录
 2026-05-07 10:07:28 +08:00
shaw
fff4a300c6 feat(risk-control): add content moderation audit 2026-05-07 09:14:47 +08:00
lyen1688
81edaa8986 fix: 放行 GitHub 和 Google 登录来源约束 2026-05-06 20:03:44 +08:00
win
3fe228d143 chore: merge upstream v0.1.122-123, keep Windsurf/Antigravity customizations 
New upstream features:
- feat: improve OpenAI messages compatibility for Claude Code
- feat: image generation stream & concurrency controls
- fix(rate-limit): remove 429 cooldown config option
- fix: skip previous_response_id recovery when payload has function_call_output
- feat: support select search in group/account views
- fix: ops cleanup settings
- chore: remove openspec and update axios

Conflict resolutions:
- config.go: kept AntigravityLSWorker+NodeTLSProxy AND added ImageConcurrency
- account_test_service.go: kept windsurf import AND added openai_compat import
- docker-compose.yml: kept Windsurf env vars AND added image concurrency env vars
 2026-05-06 11:50:54 +08:00
2ue
6faa344916 feat: add OpenAI image generation controls 2026-05-05 03:26:54 +08:00
shaw
0b84d12dbb fix: correct affiliate audit record sources 2026-05-03 22:12:57 +08:00
win
c5eb305f7f chore: merge upstream v0.1.119-121, keep Windsurf/Antigravity customizations 
Upstream changes merged:
- fix(scheduler): resolve SetSnapshot race conditions with Lua CAS script
- fix: improve sticky session scheduling (debug logs + layer 1.5 checks)
- feat: Anthropic cache TTL injection toggle
- fix(gateway): stream EOF failover + sanitize stream errors
- feat(httputil): zstd/gzip/deflate request decompression + bomb guard
- feat(openai): OpenAI Fast/Flex Policy (HTTP + WebSocket + Admin)
- feat(vertex): Vertex Service Account support
- feat: account bulk edit scope and compact settings
- feat(affiliate): rebate freeze migration
- fix(openai): various fixes (passthrough fields, compact payload, etc.)

Conflict resolutions:
- domain/constants.go: keep both AccountTypeWindsurfSession + AccountTypeServiceAccount
- scheduler_cache_unit_test.go: keep both test functions
- gateway_service.go: remove dead code (claudeCodeUserAgentRe, isClaudeCodeRequest)
- wire_gen.go: keep Windsurf service chain + add upstream claudeTokenProvider param
- frontend/src/types/index.ts: keep windsurf + service_account types
- frontend CreateAccountModal.vue: keep Windsurf login + Vertex service_account blocks
- frontend PlatformTypeBadge.vue: keep both Session + Vertex cases
- account_test_service.go: fix createTestPayload call to pass empty prompt arg
 2026-05-02 16:52:21 +08:00
shaw
9b6dcc57bd feat(affiliate): 完善邀请返利系统 
- 修复返利不到账的根因:tryClaimAffiliateRebateAudit 中 PostgreSQL 参数类型推断冲突
  - 补全 OAuth 注册路径(LinuxDo/OIDC/WeChat/Pending Flow)的邀请码绑定
  - 前端 OAuth 注册页面传递 aff_code 参数
  - 新增返利冻结期机制:可配置冻结时间,到期后自动解冻(懒解冻)
  - 新增返利有效期:绑定后 N 天内有效,过期不再产生返利
  - 新增单人返利上限:超出上限部分精确截断
  - 增强返利流程 slog 结构化日志,便于排查问题
  - 已邀请用户列表增加返利明细列
 2026-04-26 12:42:35 +08:00
win
2064c1a19f chore: merge upstream Wei-Shaw/sub2api 至 v0.1.118 
- 保留 Windsurf 订制代码
- 上游新增:Affiliate 邀返佣功能、OpenAI compact 支持、Claude Code 完整 mimicry
- 解决冲突:handler/wire.go、wire_gen.go、constants.go、gateway_service.go 等
 2026-04-25 22:08:18 +08:00
shaw
4e1bb2b445 feat(affiliate): add feature toggle and per-user custom invite settings 
- 在系统设置「功能开关」中新增邀请返利总开关,默认关闭;
  关闭态:菜单隐藏、注册忽略 aff、新充值不返利,但已有 quota 仍可转余额
- 支持管理员为指定用户设置专属邀请码(覆盖随机码,全局唯一)
- 支持管理员为指定用户设置专属返利比例(覆盖全局比例,可单条/批量调整)
- 在系统设置邀请返利卡片内嵌入专属用户管理表格(搜索/编辑/批量/删除),
  删除采用项目通用 ConfirmDialog,会同时清除专属比例并把邀请码重置为系统随机码
- /affiliate 用户页新增「我的返利比例」卡片与动态使用说明,让用户直观看到
  分享后能拿到多少(同源 resolveRebateRatePercent 计算,与实际充值一致)
- 新增数据库迁移 132 添加 aff_rebate_rate_percent 与 aff_code_custom 列
- 新增 admin 路由组 /api/v1/admin/affiliates/users/* 共 5 个端点
- AffiliateService 改为只依赖 *SettingService,去除冗余的 SettingRepository
- 邀请码格式校验放宽到 [A-Z0-9_-]{4,32},兼容旧 12 位系统码与新自定义码
- 补充单元测试与集成测试覆盖新方法、冲突路径与边界值
 2026-04-25 20:22:07 +08:00
VpSanta33
f03de00cb9 feat: add affiliate invite rebate flow and admin rebate-rate setting 2026-04-24 22:22:26 +08:00
win
2d2f677a64 chore: merge upstream Wei-Shaw/sub2api 至 v0.1.117 
主要合并内容:
- feat(channel-monitor): admin 渠道监控 MVP + 日聚合/模板/用户端卡片
- feat(available-channels): 新增"可用渠道"聚合视图与平台聚合
- feat(settings): 功能开关联动到配置页
- refactor(channel-monitor): 事件驱动调度器 / runner 生命周期 + 单测
- fix(openai/codex): 图像生成桥接修复、支付 webhook 未知单号处理
- misc: i18n/UI polish, typing tightening

冲突已手动解决,保留本地订制:
- handler.Handlers / AdminHandlers 联合 windsurf + channel_monitor/available_channel 字段
- wire/wire_gen 清理步骤同时注册 WindsurfRefreshService 与 ChannelMonitorRunner
- routes/admin 同时注册 windsurf 与 channel-monitor 路由
- service/wire 合并 Windsurf* 与 ChannelMonitor* 的 provider
- frontend admin API barrel 取两侧并集
- 采纳上游对 migrationChecksumCompatibilityRule 字段的重命名(非订制代码)
 2026-04-24 11:52:21 +08:00
win
2a4103298e Merge remote-tracking branch 'origin/main' 
# Conflicts:
#	backend/cmd/server/wire_gen.go
 2026-04-24 01:21:36 +08:00
erio
5e060b2222 Merge remote-tracking branch 'upstream/main' into feat/channel-insights 
# Conflicts:
#	backend/cmd/server/wire_gen.go
 2026-04-23 22:30:45 +08:00
erio
67518a59ac revert: remove fork-only changes from release sync 
Revert payment/wechat, sora/claude-max cleanup, fork-only migrations,
and cosmetic changes that were brought in by the release sync commit.
Keep only channel-monitor related improvements:
- PublicSettingsInjectionPayload named struct with drift test
- ChannelMonitorRunner graceful shutdown in wire
- image_output_price in SupportedModelChip
- Simplified buildSelfNavItems in AppSidebar
- Gateway WARN logs for 503 branches
 2026-04-23 21:40:58 +08:00
erio
748a84d871 sync: bring over remaining release/custom-0.1.115 changes 
- Extract PublicSettingsInjectionPayload named struct with drift test
- Add channel_monitor_default_interval_seconds to SSR injection
- Add image_output_price to SupportedModelChip
- Simplify AppSidebar buildSelfNavItems (admins see available channels)
- Add gateway WARN logs for 503 no-available-accounts branches
- Wire ChannelMonitorRunner into provideCleanup for graceful shutdown
- Add migrations 130/131 (CC template userid fix + mimicry field cleanup)
- Clean up fork-only features (sora, claude max simulation, client affinity)
- Remove ~320 obsolete i18n keys
- Add codexUsage utility, WechatServiceButton, BulkEditAccountModal
- Tidy go.sum
 2026-04-23 20:55:18 +08:00
james-6-23
dc5d42addc feat(rpm): RPM 限流模块优化 
P0:
- rpm_override 嵌入 Auth Cache Snapshot,消除每请求 DB 查询 (snapshot v6→v7)
- 429 RPM 响应返回 Retry-After 头(当前分钟剩余秒数)

P1:
- ClearAll 按钮直连 DELETE API,带 loading 防重复
- 新增 GET /admin/users/:id/rpm-status 管理员 RPM 用量查询端点

优化:
- checkRPM 从级联互斥改为并行取最严,user.rpm_limit 作为全局硬上限始终生效
- Override/Group 变更后自动失效 auth cache
- fail-open 语义不变,Redis 故障不阻塞业务
 2026-04-23 16:34:37 +08:00
win
ff7eab0392 Merge remote-tracking branch 'origin/main' 
# Conflicts:
#	backend/go.mod
#	backend/go.sum
#	backend/internal/repository/migrations_runner.go
 2026-04-22 21:27:18 +08:00
IanShaw027
9de7a72cce fix(upgrade): close payment and oidc compatibility gaps 2026-04-22 18:01:51 +08:00
IanShaw027
1aab084ecb fix(payment): restore upgrade-safe payment flows 2026-04-22 14:57:16 +08:00
IanShaw027
36aed35957 fix(auth): harden oauth identity upgrade paths 2026-04-22 14:56:56 +08:00
IanShaw027
06136af805 fix(upgrade): preserve legacy auth and payment compatibility 2026-04-22 13:18:10 +08:00
IanShaw027
1ffebbb568 fix(migrations): keep auth identity and payment upgrades safe 2026-04-22 12:29:52 +08:00
IanShaw027
be9df2bea7 fix(auth): scrub legacy pending oauth tokens on upgrade 2026-04-22 11:29:05 +08:00
IanShaw027
18481a100b fix(migrations): defer online ddl follow-ups safely 2026-04-22 11:17:45 +08:00
IanShaw027
c229f33e9e fix(review): harden payment, oauth, and migration paths 2026-04-22 10:26:22 +08:00
IanShaw027
2cebb0dc60 feat(settings): support dual-mode wechat oauth defaults 2026-04-21 20:36:10 +08:00
IanShaw027
c624cce88e fix: unblock auth identity compat backfill migration 2026-04-21 15:56:30 +08:00
IanShaw027
561405ab00 feat: add payment order provider snapshots 2026-04-21 12:41:27 +08:00
IanShaw027
0a461d8248 fix: harden auth identity legacy migrations 2026-04-21 01:30:37 +08:00
IanShaw027
7a9488ff37 Add legacy identity safety remediation migration 2026-04-21 00:59:20 +08:00
erio
a7415d4d2e feat(monitor): 30-day raw retention + timeline 4-tier style + CC template seed + JSON format button 
- History retention 1d → 30d(60s × 30d ≈ 43200 行/model,PG 无压力);
  ComputeAvailability* 不再 UNION rollup 表,直接扫 histories 精度更高。
- Timeline bar 四级高度+颜色双重编码:operational 高+绿 / degraded 中+黄 /
  failed+error 短+红 / 未测试 很短+灰。
- migration 113 seed「Claude Code 伪装」模板(ON CONFLICT DO NOTHING)。
  user_id 用 legacy 格式(user_<64hex>_account_<uuid>_session_<uuid>),
  避免新版 JSON 字符串内嵌 JSON 在编辑器里一长串 \" 难读。
- MonitorAdvancedRequestConfig 加「格式化」按钮 + white-space:pre
  让 body textarea 对长字符串不压扁。
 2026-04-21 15:24:48 +08:00