sub2api

Author	SHA1	Message	Date
wucm667	862819042c	feat(openai): 支持后台配置 Responses API 路由	2026-05-14 11:46:24 +08:00
wucm667	4d51e53d20	fix(redeem): 修复批量复制兑换码兼容性	2026-05-14 11:35:00 +08:00
2ue	bb4c1abe28	Fix image billing size normalization	2026-05-12 15:21:31 +08:00
imlewc	224e9fc6c2	fix(auth): prefer OIDC compat email in pending flow	2026-05-12 14:35:20 +08:00
hoobnn	4467922199	fix: add autocomplete="one-time-code" for TOTP autofill support Add a hidden input with autocomplete="one-time-code" so password managers (1Password, Bitwarden, Chrome, Apple Keychain) can detect and auto-fill TOTP verification codes during 2FA login.	2026-05-12 13:54:41 +08:00
shaw	a07a0dac63	feat: add configurable Antigravity user agent version	2026-05-11 22:25:20 +08:00
shaw	9377c96746	fix: 让消息 cache_control 改写默认关闭	2026-05-11 21:26:41 +08:00
Wesley Liddick	1e2f55078c	Merge pull request #2289 from wucm667/fix/ccswitch-import-model fix(ccswitch): 修复 Codex 导入缺少模型参数	2026-05-11 16:12:47 +08:00
shaw	18cc4691e6	优化系统设置页标签导航	2026-05-11 16:10:40 +08:00
Wesley Liddick	8b0b507a95	Merge pull request #2314 from dexcoder6/fix/payment-result-nan Fix/payment result nan	2026-05-11 11:24:46 +08:00
shaw	b23055af5b	feat: add Airwallex payments and multi-currency support	2026-05-11 11:17:26 +08:00
dexcoder6	ba1c6fa5fd	fix: 修复管理端订单详情充值金额显示 NaN 与支付成功页同源问题：fee_rate=0 时后端 omitempty 剔除字段，前端 `fee_rate <= 0` 判断对 undefined 失效，进入除法分支得到 NaN。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-09 13:47:57 +08:00
dexcoder6	6884b03e59	fix: 修复支付成功页充值金额显示 NaN 后端 ent 模型 PaymentOrder.FeeRate 带 omitempty，fee_rate=0 的订单在 JSON 序列化时该字段会被剔除。前端 baseAmount 计算用 `fee_rate <= 0` 判断走分支，但 `undefined <= 0` 为 false，因此进入除法分支得到 NaN。将 fee_rate 通过 Number(...) \|\| 0 归一化，使缺失字段等价于 0。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-09 13:45:49 +08:00
wucm667	65493df95a	fix(ccswitch): add codex model to import deeplink	2026-05-08 17:31:36 +08:00
shaw	fda1ed459d	feat: 优化 OAuth 账号导入流程	2026-05-08 11:36:09 +08:00
haruka	0f8e2d0934	fix(security): 屏蔽 admin 账号接口返回的敏感凭证字段 Account.Credentials 是 JSONB map，混合存放可编辑的非敏感配置（base_url、 model_mapping、project_id 等）与敏感秘钥（OAuth access/refresh/id token、 API key、AWS secret、Vertex private key 等）。当前所有 admin 账号接口直接透传该 map，token 经由浏览器 DevTools、抓包、日志等途径泄漏。 - service 包新增 SensitiveCredentialKeys 清单与 MergePreservingSensitiveCreds 作为单一权威定义。 - dto 层 RedactCredentials 在响应里剥离敏感子键，输出 credentials_status （has_<key> 布尔标识）告知前端存在性，不暴露原值。 - AccountFromServiceShallow 接入脱敏，覆盖 list、get、create、update、 refresh、batch、bulk-update、OAuth 创建等 9 个 handler。 - service.UpdateAccount 改为合并语义：incoming 没传敏感键则保留 existing，让前端"全对象 PUT"流程在脱敏后无感工作；显式提供新 token 仍会覆盖。 - 前端 EditAccountModal 修复脱敏后会崩的两处兜底：apikey 必填检查和 Vertex SA JSON 存在性校验改读 credentials_status.has_*。 - 导出端点 /admin/accounts/data 走独立的 DataAccount 结构，按设计保留完整 credentials 作为管理员备份路径。测试：RedactCredentials 单元测试、mapper 端到端 JSON 断言（确认序列化后无 token 子串）、UpdateAccount 合并语义三种场景（保留 / 覆盖 / 空 map 跳过）。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-08 03:44:04 +08:00
shaw	e872cbec0b	feat: 添加登录注册条款确认	2026-05-07 17:35:05 +08:00
shaw	6681aee98d	更新账号模型白名单	2026-05-07 15:11:38 +08:00
shaw	0eca600ffa	fix moderation key handling and key UI	2026-05-07 14:31:19 +08:00
shaw	7a9c1d7edd	feat(frontend): add account Codex image bridge control	2026-05-07 11:07:33 +08:00
Wesley Liddick	45b1e6ae41	Merge pull request #2233 from Arron196/fix/codex-image-generation-bridge-switch fix(openai): 增加 Codex 图片生成桥接显式开关	2026-05-07 10:30:26 +08:00
Wesley Liddick	e69319e747	Merge pull request #2224 from lyen1688/feat-email-oauth-github-google feat: 增加 GitHub 和 Google 邮箱快捷登录	2026-05-07 10:07:28 +08:00
shaw	989f87fe08	fix: harden markdown page image paths	2026-05-07 10:05:49 +08:00
Wesley Liddick	d52da45363	Merge pull request #2202 from Michael-Jetson/main 新增三大功能：兑换码邀请返利、批量修改用户并发数、Markdown页面渲染	2026-05-07 09:35:14 +08:00
shaw	fff4a300c6	feat(risk-control): add content moderation audit	2026-05-07 09:14:47 +08:00
Jlypx	246e48215d	feat(frontend): add Codex image bridge toggle Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>	2026-05-07 00:10:20 +08:00
lyen1688	e69256a706	fix: 完善邮箱快捷登录注册流程	2026-05-06 20:52:10 +08:00
lyen1688	7f185422a5	fix: 修复邮箱快捷登录前端回调兜底	2026-05-06 20:03:44 +08:00
lyen1688	af550fa64e	feat: 增加 GitHub 和 Google 邮箱快捷登录	2026-05-06 16:06:11 +08:00
Michael-Jetson	cf2d5067c3	fix(security): add JWT auth + visibility check to pages API - GET /pages/:slug now requires JWT + checks custom_menu_items visibility - GET /pages (list) is admin-only - GET /pages/:slug/images/* uses visibility check without JWT (browser img tags cannot carry auth headers), blocks admin-only page images - Frontend fetch adds Authorization header from authStore.token - settingService nil guard changed to fail-closed (deny access) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-05 07:00:08 -07:00
Michael-Jetson	4cbd4932a0	feat: add redeem code affiliate rebate, batch concurrency API, and markdown page rendering 1. Redeem code affiliate rebate: balance-type redeem codes now trigger invite rebate for the inviter. Payment fulfillment uses context key to prevent double-rebate. 2. Batch concurrency update: new POST /admin/users/batch-concurrency endpoint supporting mode=set/add with all=true for all users. 3. Markdown page rendering: new GET /api/v1/pages/:slug API serves local .md files. Custom menu items with url="md:slug" render markdown with collapsible TOC sidebar, scroll spy, and copy buttons on code blocks. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-05-05 06:44:37 -07:00
Wesley Liddick	a1106e8167	Merge pull request #2165 from zhangdeyu/feature/support-select-search feat: Select 和 GroupSelector 组件支持自动搜索	2026-05-05 21:10:07 +08:00
Wesley Liddick	37f7c7128c	Merge pull request #2120 from gaoren002/fix/rate-limit-429-cooldown-config fix(rate-limit): make 429 fallback cooldown configurable	2026-05-05 19:46:11 +08:00
shaw	dc05d4b250	chore: remove openspec and update axios	2026-05-05 17:13:25 +08:00
2ue	6faa344916	feat: add OpenAI image generation controls	2026-05-05 03:26:54 +08:00
Wesley Liddick	c129825f9b	Merge pull request #2116 from KnowSky404/fix/openai-bulk-edit-compact-config fix: add OpenAI compact bulk edit fields	2026-05-04 00:14:46 +08:00
shaw	0b84d12dbb	fix: correct affiliate audit record sources	2026-05-03 22:12:57 +08:00
lyen1688	3ab40269b4	完善返利转入余额历史显示	2026-05-03 20:33:14 +08:00
lyen1688	650ddb2e39	fix: make affiliate record users clickable	2026-05-03 20:33:14 +08:00
lyen1688	6a41cf6a51	feat: add admin affiliate record pages	2026-05-03 20:33:13 +08:00
Derek	f2f6bc6c04	feat: Select 和 GroupSelector 组件支持自动搜索当选项数量 > 5 时自动启用搜索过滤，无需修改任何使用处代码。 - Select.vue: searchable 默认值改为 'auto'，内部自动判断 - GroupSelector.vue: 新增 searchable prop 和搜索输入框	2026-05-02 23:57:10 +08:00
Wesley Liddick	9c448f89a8	Merge pull request #2118 from DaydreamCoding/fix/restore-pagination-localStorage fix: 恢复表格分页大小 localStorage 持久化	2026-04-30 13:42:18 +08:00
shaw	73b872998e	feat: 添加 Anthropic 缓存 TTL 注入开关	2026-04-30 13:38:22 +08:00
gaoren002	4b904c887c	fix(rate-limit): make 429 fallback cooldown configurable	2026-04-30 03:01:39 +00:00
DaydreamCoding	f084d30d65	fix: 恢复表格分页大小 localStorage 持久化 - usePersistedPageSize: 恢复 localStorage 读写，以系统配置为 fallback - useTableLoader: handlePageSizeChange 时写入 localStorage - Pagination.vue: handlePageSizeChange 时写入 localStorage Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-30 10:35:15 +08:00
KnowSky404	3953dc9ce4	fix: add OpenAI compact bulk edit fields	2026-04-30 10:19:59 +08:00
shaw	8bf2a7b88a	fix(scheduler): resolve SetSnapshot race conditions and remove usage throttle Backend: Fix three race conditions in SetSnapshot that caused account scheduling anomalies and broken sticky sessions: - Use Lua CAS script for atomic version activation, preventing version rollback when concurrent goroutines write snapshots simultaneously - Add UnlockBucket to release rebuild lock immediately after completion instead of waiting 30s TTL expiry - Replace immediate DEL of old snapshots with 60s EXPIRE grace period, preventing readers from hitting empty ZRANGE during version switches Frontend: Remove serial queue throttle (1-2s delay per request) from usage loading since backend now uses passive sampling. All usage requests execute immediately in parallel.	2026-04-29 22:48:39 +08:00
Wesley Liddick	27cad10d30	Merge pull request #2030 from KnowSky404/feature/account-bulk-edit-scope-and-compact feat: support filtered account bulk edit and align compact OpenAI bulk fields	2026-04-29 20:56:43 +08:00
shaw	93d91e20b9	fix(vertex): audit fixes for Vertex Service Account feature (#1977 ) - Security: force token_uri to Google default, preventing SSRF via crafted service account JSON - Dedup: extract shared getVertexServiceAccountAccessToken() to eliminate ~35 lines of duplication between ClaudeTokenProvider and GeminiTokenProvider - Fix: apply model mapping + Vertex model ID normalization in forward_as_responses and forward_as_chat_completions paths - Fix: exclude service_account from AI Studio endpoint selection (Vertex cannot serve generativelanguage.googleapis.com) - Feature: add model restriction/mapping UI for service_account in EditAccountModal - Dedup: extract VERTEX_LOCATION_OPTIONS to shared constants - i18n: replace all hardcoded Chinese strings in Vertex UI with translation keys	2026-04-29 16:53:09 +08:00
Wesley Liddick	63ef23108c	Merge pull request #1977 from sholiverlee/vertex feat: 支持 Vertex Service Account（Anthropic / Gemini）	2026-04-29 15:48:26 +08:00

1 2 3 4 5 ...

1289 Commits