zfc/sub2api
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
3,752 Commits 3 Branches 0 Tags
Commit Graph

1974 Commits

Author SHA1 Message Date
benjamin
5d7df678b1 fix(openai): mark local gateway denials business-limited 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-05-26 17:19:50 +08:00
benjamin
47fe90eab4 fix(antigravity): mark whitelist denials business-limited 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-05-26 17:19:37 +08:00
benjamin
5c4101ac53 feat(ops): add local business limit reasons 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-05-26 17:18:27 +08:00
Wesley Liddick
bebc082306
Merge pull request #2766 from DaydreamCoding/feat/user-platform-quota 
feat(quota): 用户 × 平台 USD 配额
 2026-05-26 14:13:18 +08:00
Wesley Liddick
83248478e2
Merge pull request #2777 from lyen1688/feat/content-moderation-risk-threshold 
feat: 支持内容审计风险阈值配置
 2026-05-26 14:12:54 +08:00
lyen1688
23f3d426c6 feat: 支持内容审计风险阈值配置 2026-05-26 13:58:02 +08:00
mt21625457
33ac8eb27d fix openai http2 response header timeout 2026-05-26 13:57:59 +08:00
DaydreamCoding
6b39b344d8 feat(quota): 用户 × 平台 USD 配额 
为用户在 anthropic/openai/gemini/antigravity 四个平台上提供日/周/月
三个窗口的 USD 配额管控。配额语义:未设置=不限制,0=禁用,>0=美元上限。

两层模型:
- 配置层:系统默认配额,以及 email/linuxdo/oidc/wechat/github/google/
  dingtalk 七个鉴权来源的默认配额,存于 settings,以嵌套 JSON 整体读写
  (系统 1 个 key + 每个来源 1 个 key),整体替换语义。
- 运行时层:user_platform_quota 表按用户记录实际配额,与配置层解耦。

后端:新增 ent schema 与 140_user_platform_quotas.sql 迁移、repository
与 service 端口、计费链路集成、管理端与用户端读写接口。
前端:管理端设置页配额编辑、用户配额管理 Modal、用户 Dashboard 展示、
中英文案。

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-26 10:49:20 +08:00
wucm667
a9c7a3a095 fix(bedrock): strip context_management when beta is removed 2026-05-25 14:15:39 +08:00
siyuan
fc66cd704a fix: recognize codex tool outputs in ws continuation 2026-05-25 10:46:58 +08:00
win
e938be5f3f chore: merge upstream Wei-Shaw/sub2api latest (v0.1.130+) 
Upstream features: bedrock CC compat, email whitelist wildcard,
content moderation per-model toggle, redeem code batch update,
OIDC verified-email fast path, subscription expiry email,
cache hit rate fix, audit dedup, js-cookie security fix,
x/net vulnerability fix, OpenAI account cooldown optimization,
reverse proxy client IP fix, API key ACL trusted forwarded IP.

Local additions preserved: rpmTokenBucketService, quotaFactor
scoring, P2C scheduler selection.
 2026-05-24 15:54:54 +08:00
Wesley Liddick
3c5a444802
Merge pull request #2698 from deqiying/fix/log-real-client-ip 
fix: 修复反代部署下拒绝日志客户端 IP 不准确
 2026-05-23 11:08:47 +08:00
shaw
1e406fed52 fix: optimize OpenAI account cooldown scheduling 2026-05-23 10:18:43 +08:00
deqiying
0af44ce4c2 fix: 修复反代部署下拒绝日志客户端 IP 不准确 
将 OpenAI codex_cli_only 拒绝诊断日志中的 request_client_ip
改为复用 ip.GetClientIP,与 usage 记录和 access log 的真实客户端
IP 解析逻辑保持一致。

保留 request_remote_addr 用于排查底层 Docker/反代 peer 地址,并补充
单元测试覆盖反代头与 remote addr 分离的场景。
 2026-05-22 23:28:21 +08:00
Wesley Liddick
f59d9a5f8e
Merge pull request #2674 from wucm667/feat/moderation-per-model-toggle 
feat(risk-control): 内容审计支持按模型生效
 2026-05-22 20:10:38 +08:00
Wesley Liddick
301032dc72
Merge pull request #2672 from wucm667/feat/email-whitelist-wildcard-suffix 
feat(registration): 邮箱白名单支持后缀通配符匹配(*.edu.cn)
 2026-05-22 17:33:29 +08:00
Wesley Liddick
9f91a8af17
Merge pull request #2662 from touwaeriol/feat/bedrock-cc-compat 
feat(bedrock): add Claude Code compatibility for AWS Bedrock
 2026-05-22 17:32:11 +08:00
Wesley Liddick
a33a294970
Merge pull request #2658 from wucm667/feat/account-test-chat-completions-path 
feat(account): 测试连接支持 OpenAI-compatible Chat Completions 路径
 2026-05-22 17:31:14 +08:00
wucm667
199a5bcc69 fix(risk-control): Agent 工具循环中同一用户消息重复审计去重 
末尾 role 检查方案:当 messages / input / contents 数组末尾一项不是用户消息
(而是 assistant、tool / function_call_output 等)时,直接跳过内容审计,
从而避免 Agent 工具循环中同一用户输入被反复审计、计费、写日志。

Fixes #2678
 2026-05-22 14:54:06 +08:00
wucm667
0d5c6f7cc7 feat(risk-control): 内容审计支持按模型生效 2026-05-21 21:18:43 +08:00
wucm667
a5b9b68b76 feat(registration): 支持邮箱白名单后缀通配符 2026-05-21 21:02:26 +08:00
wucm667
ca60cede14 feat(account): 支持测试连接 Chat Completions 路径 2026-05-21 16:37:20 +08:00
Wesley Liddick
35901a174b
Merge pull request #2655 from ye4241/feat/oidc-trust-verified-email-fast-path 
feat(oidc): 上游邮箱已验证时跳过 choice 页直接登录注册
 2026-05-21 14:47:08 +08:00
shaw
a613a587ba feat: add subscription expiry email toggle 2026-05-21 14:27:50 +08:00
ye4241
39fe7aa0eb feat(oidc): 上游邮箱已验证时跳过 choice 页直接登录注册 
当前 OIDC 首次登录无条件创建 choose_account_action_required 的 pending
session,即使 force_email_on_third_party_signup 关闭,前端仍然会强制
弹出"创建账号 / 绑定已有账号"的二选一界面,并展示内部合成邮箱
(oidc-xxx@oidc-connect.invalid),用户体验差。

本次复用已存在的 LoginOrRegisterVerifiedEmailOAuth 路径(原本仅供
github/google 使用),在以下条件全部满足时跳过 choice 页,直接
信任上游身份完成注册/登录:

- force_email_on_third_party_signup = false
- 邀请码模式未启用
- 上游声明 email_verified = true 且 compat_email 非空
- 本地不存在同邮箱已有账号

失败时(如邮箱后缀不在白名单、注册关闭等)自动回退到现有 choice
流程,行为完全向后兼容。

测试覆盖:
- TestTryOIDCVerifiedEmailFastPathCreatesUserAndIdentity
- TestTryOIDCVerifiedEmailFastPathSkippedWhenInvitationCodeRequired
- TestTryOIDCVerifiedEmailFastPathSkippedWhenForceEmailEnabled
 2026-05-21 13:32:20 +08:00
erio
fe1c6c958b feat(bedrock): add Claude Code compatibility for AWS Bedrock 
- Export ApplyBedrockCCCompat() in GatewayService, called after channel
  model mapping to ensure mapped model ID is used for Opus 4.7+ detection
- Add sanitizeBedrockCCFields(): remove service_tier/interface_geo/
  context_management, inject max_tokens/anthropic_version defaults
- Add sanitizeBedrockCCBetaTokens(): filter anthropic_beta to keep only
  Bedrock-supported tokens, reusing autoInjectBedrockBetaTokens and
  filterBedrockBetaTokens for consistent rules
- Remove unsupported beta tokens (interleaved-thinking, context-management)
  from whitelist based on AWS official docs
- Simplify IsBedrockCCCompatEnabled() to check boolean toggle directly,
  applying CC compat to all accounts regardless of platform
- Add unit tests for IsBedrockCCCompatEnabled (8 cases),
  sanitizeBedrockCCFields (8 cases), sanitizeBedrockCCBetaTokens (7 cases)
- Update bedrock beta policy tests for removed auto-injection
 2026-05-21 11:46:24 +08:00
Wesley Liddick
bd3d4d9a24
Merge pull request #2399 from gaoren002/fix/openai-image-upstream-errors 
fix(openai): surface image moderation errors
 2026-05-21 11:31:22 +08:00
Wesley Liddick
131d4b3050
Merge pull request #2374 from gaoren002/fix/openai-refresh-token-reused 
fix: mark reused refresh tokens non-retryable and unschedule errored accounts
 2026-05-21 11:30:52 +08:00
Wesley Liddick
eda04c6129
Merge pull request #2615 from wucm667/feat/redeem-code-batch-update 
feat(redeem): 兑换码支持批量修改
 2026-05-21 10:39:46 +08:00
Wesley Liddick
d3c4e50753
Merge pull request #2645 from lyen1688/fix/trusted-forwarded-ip-acl 
PR:为 API Key IP 白/黑名单增加可配置的反代真实 IP 判断
 2026-05-21 10:34:28 +08:00
lyen1688
1d2445ff52 修复 API Key ACL 开关的 CI 校验 2026-05-20 23:51:39 +08:00
lyen1688
08c8c67df7 为 API Key ACL 增加反代真实 IP 开关 2026-05-20 22:51:46 +08:00
win
82bc1e199f chore: remove unused real-time log stream / request event bus 
删除 fork 独有的实时日志相关功能(上游 Wei-Shaw/sub2api 不存在):

A. OpsLogBroadcaster + SSE 日志流(前端有用但用户不需要):
- backend/internal/service/ops_log_broadcaster{,_test}.go
- backend/internal/handler/ops_log_stream_middleware.go
- backend/internal/handler/admin/ops_log_stream_handler.go
- backend/internal/server/routes/admin.go: GET /admin/ops/logs/{stream,recent}
- backend/internal/server/routes/{gateway,windsurf_gateway}.go: opsLogStream middleware
- backend/internal/service/wire.go: ProvideOpsLogBroadcaster
- frontend/src/views/admin/ops/OpsLogStreamView.vue
- frontend/src/api/admin/ops.ts: subscribeOpsLogStream, getRecentOpsLogs,
  OpsLogEntry/OpsLogFilter/OpsLogRecentResponse 类型
- frontend/src/router/index.ts: AdminOpsLogStream 路由
- frontend/src/components/layout/AppSidebar.vue: 侧边栏入口
- frontend/src/i18n/locales/{en,zh}.ts: nav.opsLogStream + admin.ops.logStream 全部文案

B. RequestEventBus + WS 请求事件流(前端零调用 dead code):
- backend/internal/service/request_event_bus{,_test}.go
- backend/internal/handler/admin/ops_ws_requests_handler.go
- backend/internal/server/routes/admin.go: GET /admin/ops/ws/requests
- backend/internal/handler/gateway_handler.go: RequestEventBus 字段/参数 +
  reqStartTime + reqEventAccountID/reqEventStatus 跟踪 + defer Publish
- backend/internal/service/wire.go: NewRequestEventBus
- backend/internal/handler/admin/ops_handler.go: OpsHandler 中
  requestEventBus + logBroadcaster 字段,简化 NewOpsHandler 签名

保留:
- /admin/ops/ws/qps (前端 QPS 监控仍在用)
- /admin/ops/realtime-traffic (前端在用)
- OpsErrorLoggerMiddleware (与本次无关)

签名变更:
- NewOpsHandler(opsService) — 移除 requestEventBus, logBroadcaster
- NewGatewayHandler(...): 移除 requestEventBus 末位参数
- ProvideRouter / SetupRouter / registerRoutes / RegisterGatewayRoutes /
  RegisterWindsurfGatewayRoutes: 移除 opsLogBroadcaster 参数
- 同步更新 wire_gen.go + 测试调用点

验证:
- 后端 go build/vet 通过
- 前端 pnpm run build 通过 (9.48s)
- 测试: 2 个 baseline 既存失败 (TestProxyImportData...,
  TestWindsurfTierAccessService_Snapshot_HappyPath) 与本次无关
 2026-05-20 22:43:20 +08:00
Wesley Liddick
e5d6f1727f
Merge pull request #2641 from Arron196/fix/channel-monitor-responses-reasoning 
fix(channel-monitor): 兼容 Responses reasoning 输出
 2026-05-20 22:36:46 +08:00
win
502d57652f chore: merge upstream Wei-Shaw/sub2api v0.1.130-fix 
Upstream 改动 (PR #2636):
- fix(gateway): retry on "thinking block must contain thinking" upstream error
  跨模型切换时,其他模型回过的 assistant 历史里有 type=thinking 但缺
  thinking 文本,送给开启 extended thinking 的 Claude 会被拒,通过
  signature error 重试机制可恢复。

修改文件: backend/internal/service/gateway_service.go (+9),
gateway_request_test.go (+31 测试)
 2026-05-20 22:06:26 +08:00
erio
4fd21994c5 feat(bedrock): add Claude Code compatibility transformations for Bedrock accounts 
Add channel-level Bedrock CC compatibility toggle (similar to web_search_emulation)
that fixes 4 types of Bedrock 400 errors seen with Claude Code:

1. thinking.type "enabled" → "adaptive" for Opus 4.7+ (only supports adaptive)
2. Add default budget_tokens when missing for older models
3. Replace illegal characters in tool_use IDs to match Bedrock's ^[a-zA-Z0-9_-]+$ pattern
4. anthropic_version / invalid beta flag (already handled elsewhere)

Transformations run in Forward() before any forwarding path, so both native Bedrock
accounts and apikey passthrough accounts pointing to Bedrock relays benefit.

Includes channel-level toggle UI and unit tests.
 2026-05-20 21:47:38 +08:00
benjamin
d3d5843b9d fix(channel-monitor): 兼容 Responses reasoning 输出 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-05-20 21:19:06 +08:00
name
8211aa7066 fix: retry on "thinking block must contain thinking" upstream error 
Some clients reuse assistant history from other models when switching to
claude with extended thinking enabled. If a prior thinking block lacks the
thinking text field, upstream returns:
  messages.X.content.Y.thinking: each thinking block must contain thinking

Add this pattern to isThinkingBlockSignatureError so the existing
FilterThinkingBlocksForRetry retry path triggers and rewrites/drops the
offending blocks.
 2026-05-20 18:46:50 +08:00
win
92433656f5 chore: merge upstream Wei-Shaw/sub2api v0.1.128 — keep fork customizations 
Upstream 新功能 (34 commits, ~main..origin/main):
- feat(email): 通知邮件模板服务、模板编辑器、订阅/余额提醒邮件
- feat(notification): NotificationEmailService 注入到 Balance/Payment/Setting
- feat(payment): 支付成功通知邮件
- feat(usage): 用户 API Key 用量页支持按日明细
- feat(openai-gateway): Codex OAuth 浏览器 UA 自动改写规避 Cloudflare 质询
- feat(admin): 邮件模板管理接口
- fix(auth): 停用/删除分组后阻断 API Key
- fix(group): 修正分组账号可用计数口径
- fix(openai): /v1/responses respect force chat completions, images n 参数透传
- test(repository): AES Encryptor 单元测试
- chore: VERSION 0.1.128

冲突解决 (backend/cmd/server/wire_gen.go):
- 引入 upstream 新 wire providers: notificationEmailService,
  ProvidePaymentService(10 args), ProvideAdminSettingHandler(8 args)
- 保留 fork 独有依赖: rpmTokenBucketService (RPM 平滑),
  NewOpsHandler 3 参数版本 (requestEventBus, opsLogBroadcaster)
- ProvideBalanceNotifyService 接受 4 参数 (含 notificationEmailService)

修复 session-id helper 设计 (claude_code_session_id.go):
- 发现: TestGatewayService_AnthropicOAuth_InjectsClaudeCodeSessionHeaderFromMetadata
  在 OAuth + mimicClaudeCode=false 场景失败
- 重新审视设计原则: OAuth 凭证本身就是 Claude Code 客户端,可信任 metadata
  派生 session_id;不应受 mimicClaudeCode 标志阻止
- 修复: metadata 派生只看 tokenType=="oauth";UUID 兜底仍需 oauth && mimic
- 更新测试: OAuthNonMimicDerivesFromMetadata 取代原 IgnoresMetadata

所有 fork 独有功能保留:
- Claude Code 2.1.145 mimicry bundle (上个 commit 引入)
- RPM token bucket smoothing (commit 95814974)
- Windsurf/Antigravity/Omniroute 定制
- claudemask/ 校验包 (upstream 已删除,我们仍在 gateway_service 中使用)

不在范围:
- 不修复 baseline 既存的 2 个测试失败 (TestProxyImportData...,
  TestWindsurfTierAccessService_Snapshot_HappyPath) - 与 merge 无关
 2026-05-20 17:50:44 +08:00
gaoren002
49b415e333 fix: mark reused refresh tokens non-retryable 2026-05-20 09:24:51 +00:00
gaoren002
888cd8092d fix(openai): surface image moderation errors 2026-05-20 09:19:20 +00:00
win
0fefedf9cd feat(claude-mimic): upgrade Claude Code mimicry to 2.1.145 via bundle abstraction 
反编译本地 Claude Code 2.1.145 二进制 (Bun 1.3.14 打包,
@anthropic-ai/sdk@0.94.0 嵌入) 提取真实指纹,系统性升级 mimicry。

核心改动:
- 新增 ClaudeCodeBundle struct 作为单一事实源,DefaultBundle 描述当前
  伪装目标的完整快照 (CLIVersion/SDKVersion/RuntimeVersion/OS/Arch)
- DefaultCLIVersion/DefaultStainlessPackageVersion/CLICurrentVersion/
  DefaultHeaders 全部派生自 DefaultBundle,消除三处 (2.1.92, 2.1.104,
  0.70.0, 0.81.0) 版本分裂
- CLI 版本 2.1.92/2.1.104 -> 2.1.145
- SDK 版本 0.70.0/0.81.0 -> 0.94.0
- 新增 12 个 2.1.145 反编译确认的 anthropic-beta token:
  advanced-tool-use, tool-search-tool, mcp-servers, mcp-client,
  mid-conversation-system, afk-mode, cache-diagnosis, context-hint,
  environments, managed-agents, skills, compact
- FullClaudeCodeMimicryBetas() 从 7 个 token 升级到 21 个 ordered list
- 修正 BetaTokenEfficientTools 错日期 (2026-03-28 -> 2025-02-19)
- 从默认 beta header 移除已 GA 的 BetaFineGrainedToolStreaming /
  BetaTokenEfficientTools (常量保留供客户端显式 merge)
- claudemask.RequiredNodeHeaders 加 X-Claude-Code-Session-Id 强制

新增 ensureClaudeCodeSessionID helper (claude_code_session_id.go):
- 真实 CLI 在 SDK 内强制 X-Claude-Code-Session-Id:y_(),缺失被判第三方
- OAuth mimic 路径: metadata.user_id 派生 -> canonical UUID 写入
  -> 兜底 uuid.NewString()
- API key passthrough 路径: 不从 body 派生,保护客户端原始语义
- 所有路径均对客户端传入的非法 UUID 执行删除 (避免恶意值上游透传)
- 所有写入 header 的 session-id 都通过 uuid.Parse 校验

测试:
- 新增 14 个 ensureClaudeCodeSessionID 单元测试,含恶意 UUID 注入拒绝
  + API key 路径隔离 + canonical 形式校验
- 新增 3 个 bundle 派生一致性测试
- mask_test 加 session-id 缺失校验 case
- 老 UA 断言 2.1.104 -> 2.1.145

不在范围:
- TLS 指纹 (utls 已处理)
- Bun.hash vs xxHash64 算法验证 (需 golden vectors,独立项目)

References:
- VERSION:2.1.145 BUILD_TIME:2026-05-19T01:36:35Z
  GIT_SHA:daa4c3755d45ab0cf97bb41db8c03bd2dfd2ff5f
 2026-05-20 17:18:47 +08:00
Wesley Liddick
51f72186a5
Merge pull request #2613 from wucm667/feat/api-key-usage-daily-detail 
feat(usage): 用户 API Key 用量页支持按日明细
 2026-05-20 16:55:42 +08:00
Wesley Liddick
a6db05c824
Merge pull request #2612 from wucm667/fix/group-status-key-auth-block 
fix(auth): 停用/删除分组后阻断已发放 API Key 的请求
 2026-05-20 16:55:08 +08:00
shaw
dd4d482a70 fix email reminder dedup keys 2026-05-20 16:40:18 +08:00
wucm667
3263ca63c7 feat(redeem): add redeem code batch update 2026-05-20 16:08:41 +08:00
wucm667
22ff1acde3 fix(auth): 停用/删除分组后阻断 API Key 2026-05-20 15:52:00 +08:00
wucm667
90b2b2a757 feat(usage): 用户 API Key 用量页支持按日明细 2026-05-20 15:48:38 +08:00
Wesley Liddick
7ec61eb2f5
Merge pull request #2606 from wucm667/fix/openai-responses-respect-force-chat-completions 
fix(openai): /v1/responses 入口尊重 force_chat_completions 设置
 2026-05-20 15:13:43 +08:00
Wesley Liddick
378a0a6a61
Merge pull request #2599 from Arron196/feature/email-template-editor 
feat: 添加邮件模板编辑器与通知邮件模板化
 2026-05-20 15:12:57 +08:00