sub2api

Author	SHA1	Message	Date
shaw	3d22dd34d3	feat: add gemini-3.5-flash model support across backend and frontend	2026-05-20 09:28:46 +08:00
Wesley Liddick	21ae52c01f	Merge pull request #2571 from sherlockwhite/fix/openai-account-email-and-usage-refresh fix(accounts): show email and fix usage refresh for OpenAI OAuth accounts	2026-05-19 16:56:26 +08:00
Wesley Liddick	a929e285ce	Merge pull request #2271 from StarryKira/fix/redact-account-credentials fix(security): 屏蔽 admin 账号接口返回的敏感凭证字段	2026-05-19 16:15:36 +08:00
shaw	90a389342c	fix(openai): 新建账号弹窗补全 Responses API 路由选项	2026-05-19 16:00:15 +08:00
chenjian	6db02f0069	fix(accounts): show email and add usage refresh button for OpenAI OAuth - AccountsView: display email under account name by checking extra.email and credentials.email in addition to extra.email_address; OpenAI OAuth stores email under the 'email' key while Anthropic uses 'email_address' - AccountUsageCell: add per-account refresh button to the OpenAI OAuth usage section, identical to the existing Anthropic OAuth pattern; reuses loadActiveUsage, activeQueryLoading, and the activeQuery i18n key	2026-05-19 15:43:13 +08:00
Wesley Liddick	f05670dd0f	Merge pull request #2454 from wucm667/codex/issue-2426-model-mapping fix(account): 保留模型白名单和模型映射组合配置	2026-05-19 14:50:03 +08:00
Wesley Liddick	e365aae450	Merge pull request #2450 from wucm667/codex/issue-2431-responses-api-support feat: 支持后台配置 OpenAI Responses API 路由	2026-05-19 14:47:10 +08:00
benjamin	5713820813	feat: add upstream model sync controls Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-05-18 19:01:55 +08:00
haruka	3ca232ad06	fix(frontend): 编辑弹窗回退旧 credentials 结构以兼容旧后端新代码仅依赖 credentials_status 会导致两种灰度场景被误判为未配置： - 新前端 + 旧后端：旧后端未返回 credentials_status，前端读不到已脱敏的 api_key / service_account_json，阻止保存。 - 旧前端 + 新后端：旧前端也读不到已脱敏字段（旧前端不在本 PR 范围）。修复： - API key 判断改为 credentials_status?.has_api_key ?? Boolean(currentCredentials.api_key) - Vertex SA 判断：有 credentials_status 用 status，否则回退读 credentials.service_account_json / service_account 补充测试覆盖： - apikey/Vertex SA 各自的新后端脱敏响应、旧后端未脱敏响应、两者皆缺时阻止保存。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-17 03:02:08 +08:00
wucm667	827764d7bd	fix(account): preserve combined model restrictions	2026-05-14 15:00:28 +08:00
wucm667	862819042c	feat(openai): 支持后台配置 Responses API 路由	2026-05-14 11:46:24 +08:00
shaw	fda1ed459d	feat: 优化 OAuth 账号导入流程	2026-05-08 11:36:09 +08:00
haruka	0f8e2d0934	fix(security): 屏蔽 admin 账号接口返回的敏感凭证字段 Account.Credentials 是 JSONB map，混合存放可编辑的非敏感配置（base_url、 model_mapping、project_id 等）与敏感秘钥（OAuth access/refresh/id token、 API key、AWS secret、Vertex private key 等）。当前所有 admin 账号接口直接透传该 map，token 经由浏览器 DevTools、抓包、日志等途径泄漏。 - service 包新增 SensitiveCredentialKeys 清单与 MergePreservingSensitiveCreds 作为单一权威定义。 - dto 层 RedactCredentials 在响应里剥离敏感子键，输出 credentials_status （has_<key> 布尔标识）告知前端存在性，不暴露原值。 - AccountFromServiceShallow 接入脱敏，覆盖 list、get、create、update、 refresh、batch、bulk-update、OAuth 创建等 9 个 handler。 - service.UpdateAccount 改为合并语义：incoming 没传敏感键则保留 existing，让前端"全对象 PUT"流程在脱敏后无感工作；显式提供新 token 仍会覆盖。 - 前端 EditAccountModal 修复脱敏后会崩的两处兜底：apikey 必填检查和 Vertex SA JSON 存在性校验改读 credentials_status.has_*。 - 导出端点 /admin/accounts/data 走独立的 DataAccount 结构，按设计保留完整 credentials 作为管理员备份路径。测试：RedactCredentials 单元测试、mapper 端到端 JSON 断言（确认序列化后无 token 子串）、UpdateAccount 合并语义三种场景（保留 / 覆盖 / 空 map 跳过）。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-08 03:44:04 +08:00
shaw	7a9c1d7edd	feat(frontend): add account Codex image bridge control	2026-05-07 11:07:33 +08:00
KnowSky404	3953dc9ce4	fix: add OpenAI compact bulk edit fields	2026-04-30 10:19:59 +08:00
Wesley Liddick	27cad10d30	Merge pull request #2030 from KnowSky404/feature/account-bulk-edit-scope-and-compact feat: support filtered account bulk edit and align compact OpenAI bulk fields	2026-04-29 20:56:43 +08:00
shaw	93d91e20b9	fix(vertex): audit fixes for Vertex Service Account feature (#1977 ) - Security: force token_uri to Google default, preventing SSRF via crafted service account JSON - Dedup: extract shared getVertexServiceAccountAccessToken() to eliminate ~35 lines of duplication between ClaudeTokenProvider and GeminiTokenProvider - Fix: apply model mapping + Vertex model ID normalization in forward_as_responses and forward_as_chat_completions paths - Fix: exclude service_account from AI Studio endpoint selection (Vertex cannot serve generativelanguage.googleapis.com) - Feature: add model restriction/mapping UI for service_account in EditAccountModal - Dedup: extract VERTEX_LOCATION_OPTIONS to shared constants - i18n: replace all hardcoded Chinese strings in Vertex UI with translation keys	2026-04-29 16:53:09 +08:00
KnowSky404	a161f9d045	feat: align OpenAI bulk edit compact settings	2026-04-27 18:15:23 +08:00
KnowSky404	c5a1a82223	test: cover missing OpenAI bulk edit fields	2026-04-27 18:13:14 +08:00
KnowSky404	2ab6b34fd1	feat: add filtered-result account bulk edit	2026-04-27 18:12:24 +08:00
KnowSky404	764afbe37a	test: cover account bulk edit target scopes	2026-04-27 18:08:22 +08:00
Oliver	6d11f9ed77	Add Vertex service account support	2026-04-25 20:39:58 -04:00
Oliver	489a4d934e	Show today stats for Vertex usage window	2026-04-25 19:46:32 -04:00
shaw	095f457c57	feat(openai): port /responses/compact account support flow (PR #1555 ) 将 vansour/sub2api#1555 的 OpenAI compact 能力建模手工移植到当前 main：账号级 compact 状态/auto-force_on-force_off 模式、compact-only 模型映射、调度器 tier 分层（已支持 > 未知 > 已知不支持）、管理后台 compact 主动探测，以及对应 i18n/状态徽章。普通 /responses 流量行为不变，无数据库迁移。	2026-04-25 14:52:58 +08:00
shaw	4d0483f5b8	feat: 补充gpt生图模型测试功能	2026-04-22 18:12:03 +08:00
erio	258fd145ff	fix(account): prevent quota-exceeded API key/Bedrock accounts from being scheduled Add quota exceeded check to IsSchedulable() and refactor shouldClearStickySession to delegate to IsSchedulable(), eliminating duplicated logic and fixing missed overload/rate-limit/expired checks. Frontend displays quota exceeded status independently via quota fields.	2026-04-19 18:45:04 +08:00
erio	948d8e6d02	fix(admin): prevent browser password manager from autofilling account API key Chrome's password manager matched the apikey-type account's Base URL + API Key inputs as a login form and autofilled the last saved password by domain, so editing a Gemini account could overwrite its apikey with a Claude key that shared the same Base URL. Add autocomplete="new-password" plus data-*-ignore attributes for 1Password / LastPass / Bitwarden to opt the field out of every major password manager's autofill.	2026-04-17 22:06:32 +08:00
Wesley Liddick	e6e73b4f52	Merge pull request #1690 from KnowSky404/fix/ws-codex-scheduler-cache-1662 fix: preserve openai ws flags in scheduler cache	2026-04-16 17:21:32 +08:00
KnowSky404	836092a666	fix: restore ctx pool ws mode option in account ui	2026-04-16 02:13:04 +00:00
erio	38c00872e1	fix(ui): allow closing test dialog during active SSE stream Replace dead EventSource variable with AbortController to enable cancelling fetch streams. Remove close-button disable during connecting status so users can dismiss the dialog at any time.	2026-04-15 11:34:31 +08:00
erio	3fa5b8bca5	fix: flaky WebSocket test, usage request queue, and test improvements - Fix flaky WebSocket passthrough test: allow StatusNormalClosure after client close instead of requiring NoError (race condition fix) - Fix ratelimit 401 test: use PlatformOpenAI instead of PlatformGemini for OAuth token cache invalidation scenario (more accurate) - Add usageLoadQueue: Anthropic OAuth/setup-token accounts sharing the same proxy exit are serialized with 1-2s jitter to prevent upstream 429 - AccountUsageCell: add module-level usage cache (5min TTL), unmounted safety guard, and integrate enqueueUsageRequest for throttled fetching	2026-04-14 20:13:59 +08:00
erio	a56151fec9	refactor: extract CapacityBadge component from AccountCapacityCell Extract repeated badge template (SVG icon + current/max display) into a reusable CapacityBadge component. Reduces AccountCapacityCell from ~300 lines to ~180 lines with identical behavior.	2026-04-14 19:39:22 +08:00
erio	63f539b382	fix: merge general improvements from release branch Backend: - gateway_handler: pass subject.UserID instead of int64(0) for user-level routing - setting_handler: add missing BalanceLowNotifyRechargeURL to UpdateSettings response - openai_gateway_service: use applyAccountStatsCost for account stats pricing integration - embed_on: add local file override (data/public/) for embedded frontend assets Frontend: - useTableSelection: add batchUpdate method for batch operations - AccountsView: virtual scrolling params, Set-based isSelected, swipe virtualization - ProxiesView: add batchUpdate to selection and swipe-select - BulkEditAccountModal: fix submit handler to prevent event object as argument - SettingsView: move payload construction outside try block - i18n: add general translation keys (saved, deleted, view, validation, allowUserRefund) - api/client: reorder error fields for consistency - stores/payment: clarify pollOrderStatus JSDoc	2026-04-14 19:29:37 +08:00
erio	a9880ee7b9	fix: round-2 audit fixes — security, code quality, and UI improvements Security (HIGH): - Normalize all Redis cache keys to lowercase (verifyCode, passwordReset) - Fix verify code TTL renewal on failed attempts: use remaining TTL via ExpiresAt field instead of resetting to full 15-minute window - Add 3 missing fields to diffSettings audit log (promo_code, invitation_code, custom_endpoints) Code quality (MEDIUM): - Extract filterVerifiedEmails shared helper (balance_notify_service.go) - Add Pricing array non-empty validation for channel pricing rules - Add platform token semantics comment in gateway_service.go - Complete validatePlanPatch test coverage (+10 test cases) - Replace string types with QuotaThresholdType/QuotaResetMode across frontend - Remove duplicate getPlatformTextColor/getRateBadgeClass in ChannelsView - Return EMAIL_NOT_FOUND error on RemoveNotifyEmail miss UI improvements: - Reorder cost tooltip: user billing above separator, account billing below - Add NaN guard to accountBilled function - Move timezone selector inline into reset-mode row (no longer standalone)	2026-04-14 09:35:05 +08:00
erio	1b7c295199	refactor: M5 useQuotaNotifyState composable + H14 Vue file splits M5: New composable frontend/src/composables/useQuotaNotifyState.ts - Replaces 9 individual refs in both Create/Edit modals with reactive state - Provides loadFromExtra/writeToExtra/reset helpers - Eliminates ~120 lines of duplicated code across the two modals H14: Vue file length violations fixed - AdminPaymentPlansView.vue: 325 → 183 lines (extracted PlanEditDialog.vue) - QuotaLimitCard.vue: 327 → 268 lines (extracted QuotaDimensionRow.vue) - PlanEditDialog.vue: 181 lines (new, plan create/edit form) - QuotaDimensionRow.vue: 108 lines (new, single quota dimension row)	2026-04-14 09:33:39 +08:00
erio	9d319cfa2d	fix: batch 2 audit fixes — diffSettings notify fields, slog migration, frontend constants H5: diffSettings now tracks 5 balance/quota notify fields in audit log M15: log.Printf audit log migrated to slog.Info, removed "log" import M14: New frontend/src/constants/account.ts with shared constants QuotaNotifyToggle.vue uses QUOTA_THRESHOLD_TYPE_FIXED/PERCENTAGE L2: UsageTable.vue uses BILLING_MODE_TOKEN/IMAGE from billingMode.ts	2026-04-14 09:32:24 +08:00
erio	ed8a9d975b	fix: batch 1 audit fixes — quota SQL fixed mode, public recharge URL, WebSearch bool fallback, UpdatePlan validation H1: incrementUsageBillingAccountQuota now uses shared dailyExpiredExpr/weeklyExpiredExpr constants (supporting fixed reset mode) instead of hardcoded '24 hours'/'168 hours' H4: public settings endpoint now maps balance_low_notify_recharge_url H6: GetWebSearchEmulationMode tolerates legacy bool values (true→enabled) H7: UpdatePlan validates non-nil patch fields (rejects negative price, empty name, etc.) H8: UsageTable accountBilled() helper with total_cost ?? 0 null guard H9: AdminUsageLog TS type adds channel_id + billing_tier M2: account.go "fixed" literals replaced with thresholdTypeFixed constant M13: SystemSettings TS type adds web_search_emulation_enabled UI: QuotaLimitCard title labels now use flex-1 to align with flex-1 input boxes	2026-04-14 09:32:11 +08:00
erio	a43da62254	fix(accounts): unify modal width, add notify props to create, fix quota layout - EditAccountModal width changed from "normal" to "wide" (match CreateAccountModal) - CreateAccountModal now passes all quota notify props to QuotaLimitCard - QuotaLimitCard: when global notify disabled, hide title row, input takes full width - Quota alert email: show remaining quota + threshold (fixed/$, percentage/%) instead of usage trigger point	2026-04-14 09:31:32 +08:00
erio	e27335acdd	fix(ui): widen notify type dropdown to show % fully, align quota input widths	2026-04-14 09:30:02 +08:00
erio	216bda58da	fix: change quota notify threshold semantics to "remaining quota" Threshold now represents remaining quota instead of usage amount: - Fixed ($): threshold=400, limit=1000 → alert when remaining drops to $400 (i.e., usage reaches $600) - Percentage (%): threshold=30%, limit=1000 → alert when remaining drops to 30% (i.e., usage reaches $700) Also: - Rename 告警阈值 → 提醒阈值 in i18n - Widen type dropdown to w-16 for proper $ / % display	2026-04-14 09:29:25 +08:00
erio	7141dceee2	fix(frontend): place quota notify toggle inline with limit input Move QuotaNotifyToggle to the same row as the limit $ input for all three dimensions (daily/weekly/total), significantly reducing card height.	2026-04-14 09:29:01 +08:00
erio	ac55443278	fix(frontend): collapsible quota card and compact notify layout - QuotaLimitCard: add collapse/expand toggle (chevron icon + click header) - QuotaNotifyToggle: show $ or % suffix in threshold input - Reduce vertical spacing between reset mode hint and notify toggle	2026-04-14 09:28:48 +08:00
erio	2066c478ab	fix(frontend): quota notify UI improvements - QuotaNotifyToggle: add $ or % suffix to threshold input based on type - QuotaLimitCard: combine reset mode and notify toggle on same row to reduce vertical height for daily/weekly sections - Remove redundant ml-4 indentation from QuotaNotifyToggle	2026-04-14 09:28:24 +08:00
erio	245f47cebb	fix(frontend): simplify websearch select labels and reduce width - "默认（跟随渠道）" → "默认", "Default (follow channel)" → "Default" - Move "follows channel config" info to description text - Reduce select width from w-32 to w-24 in both Edit and Create modals	2026-04-14 09:27:46 +08:00
erio	48e8efe3e8	fix(frontend): hide quota notify toggle when global setting is disabled QuotaLimitCard now requires quotaNotifyGlobalEnabled prop to control visibility of QuotaNotifyToggle components. When the global account quota notification is disabled in admin settings, per-account threshold toggles are hidden in both Edit and Create account modals.	2026-04-14 09:27:33 +08:00
erio	1262654d97	feat: WebSearch tri-state, account stats pricing fix, quota cache fix, usage tooltip WebSearch tri-state switch: - Account-level web_search_emulation changed from bool to tri-state string: "default" (follow channel) / "enabled" / "disabled" - shouldEmulateWebSearch checks channel config when account is "default" - SQL migration converts old bool values - Frontend select replaces toggle in Edit/CreateAccountModal Account stats pricing: - resolveAccountStatsCost uses upstream model (post-mapping) for matching - Priority: custom rules → model pricing file (when toggle on) → default - Custom rules always configurable, independent of toggle - Account ID field changed to searchable selector filtered by platform - Description updated to reflect new behavior Quota notification cache fix: - CheckAccountQuotaAfterIncrement fetches real-time account from DB - Reconstructs pre-increment usage for accurate threshold crossing detection - New AccountQuotaReader interface (minimal: GetByID only) Usage tooltip: - Per-request/image billing shows per-request price instead of $0 token price - Token billing continues to show input/output price per million tokens	2026-04-14 09:26:08 +08:00
erio	eba289a7ff	feat(notify): add global toggles, percentage threshold, and visibility control - Add global toggle for account quota notification in admin settings - Add percentage-based threshold type for per-account quota alerts - Hide balance notify card on user profile when global toggle is off - Expose balance_low_notify_enabled and account_quota_notify_enabled in PublicSettings - Add threshold type (fixed/percentage) to QuotaNotifyToggle with $ / % switcher	2026-04-14 09:25:49 +08:00
erio	889b5b4f3b	fix(websearch): improve settings UI and hide config when globally disabled - API Key show/copy buttons moved inside input field (inline icons) - Proxy selector and test button on same row to save vertical space - Test opens a dialog modal instead of inline display - Hide all websearch config in channels/accounts when global toggle is off	2026-04-14 09:25:36 +08:00
erio	c3812ce1e3	fix(notify): address review findings - accountCost formula, dedup, refactor - Fix accountCost calculation in finalizePostUsageBilling to match postUsageBilling (always multiply by AccountRateMultiplier) - Use strings.EqualFold for email dedup in collectBalanceNotifyRecipients - Extract CheckAccountQuotaAfterIncrement into smaller functions: buildQuotaDims + asyncSendQuotaAlert (< 30 lines each) - Add "not splittable" comments for HTML template functions - Extract QuotaNotifyToggle.vue sub-component to reduce QuotaLimitCard.vue from 404 to 339 lines	2026-04-14 09:23:16 +08:00
erio	b32d1a2c9f	feat(notify): add balance low & account quota notification system - User balance low notification: email alert when balance drops below configurable threshold (user email + verified extra emails) - Account quota notification: broadcast email to admin-configured recipients when daily/weekly/total quota usage exceeds alert threshold - Admin settings: global enable/disable, default threshold, quota notification email list (Email Settings tab) - User profile: enable/disable, custom threshold, add/remove extra notification emails with verification code flow - Account quota: per-dimension alert toggle and threshold in quota control card - Trigger logic: first-crossing only (old >= threshold && new < threshold for balance; old < threshold && new >= threshold for quota), naturally prevents duplicate notifications without Redis dedup	2026-04-14 09:23:02 +08:00

1 2 3 4 5 ...

289 Commits