zfc/sub2api
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
sub2api/backend/internal/handler/admin
History
haruka 0f8e2d0934 fix(security): 屏蔽 admin 账号接口返回的敏感凭证字段 
Account.Credentials 是 JSONB map,混合存放可编辑的非敏感配置(base_url、
model_mapping、project_id 等)与敏感秘钥(OAuth access/refresh/id token、
API key、AWS secret、Vertex private key 等)。当前所有 admin 账号接口直接
透传该 map,token 经由浏览器 DevTools、抓包、日志等途径泄漏。

- service 包新增 SensitiveCredentialKeys 清单与 MergePreservingSensitiveCreds
  作为单一权威定义。
- dto 层 RedactCredentials 在响应里剥离敏感子键,输出 credentials_status
  (has_<key> 布尔标识)告知前端存在性,不暴露原值。
- AccountFromServiceShallow 接入脱敏,覆盖 list、get、create、update、
  refresh、batch、bulk-update、OAuth 创建等 9 个 handler。
- service.UpdateAccount 改为合并语义:incoming 没传敏感键则保留 existing,
  让前端"全对象 PUT"流程在脱敏后无感工作;显式提供新 token 仍会覆盖。
- 前端 EditAccountModal 修复脱敏后会崩的两处兜底:apikey 必填检查和
  Vertex SA JSON 存在性校验改读 credentials_status.has_*。
- 导出端点 /admin/accounts/data 走独立的 DataAccount 结构,按设计保留
  完整 credentials 作为管理员备份路径。

测试:RedactCredentials 单元测试、mapper 端到端 JSON 断言(确认序列化
后无 token 子串)、UpdateAccount 合并语义三种场景(保留 / 覆盖 / 空 map 跳过)。

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-08 03:44:04 +08:00
..
account_data_handler_test.go
fix(export): 导出逻辑与当前筛选条件对齐
2026-04-09 18:14:28 +08:00
account_data.go
fix(security): 屏蔽 admin 账号接口返回的敏感凭证字段
2026-05-08 03:44:04 +08:00
account_handler_available_models_test.go
fix: respect OpenAI model mapping in admin available models
2026-03-14 12:45:10 +08:00
account_handler_mixed_channel_test.go
test: cover filter-target account bulk update
2026-04-27 17:32:34 +08:00
account_handler_passthrough_test.go
fix: sync test constructor calls with new rpmCache parameter
2026-02-28 20:38:35 +08:00
account_handler.go
fix(openai-gateway): address PR review — probe URL /v1 prefix, Create trigger, tests
2026-04-30 21:46:46 +08:00
account_today_stats_cache.go
refactor: 消除重复的 normalizeAccountIDList,补充 PR#754 新增组件的单元测试
2026-03-04 15:22:46 +08:00
admin_basic_handlers_test.go
refactor(admin): remove auth migration reports
2026-04-21 17:34:18 +08:00
admin_helpers_test.go
feat(openai): OpenAI Fast/Flex Policy 完整实现(HTTP + WebSocket + Admin)
2026-04-28 11:15:09 +08:00
admin_service_stub_test.go
feat: add redeem code affiliate rebate, batch concurrency API, and markdown page rendering
2026-05-05 06:44:37 -07:00
affiliate_handler.go
feat: add admin affiliate record pages
2026-05-03 20:33:13 +08:00
announcement_handler_sort_test.go
feat(table): 表格排序与搜索改为后端处理
2026-04-09 18:14:28 +08:00
announcement_handler.go
feat(table): 表格排序与搜索改为后端处理
2026-04-09 18:14:28 +08:00
antigravity_oauth_handler.go
feat(antigravity): 支持 Refresh Token 批量导入创建 OAuth 账号
2026-02-11 01:23:21 +08:00
apikey_handler_test.go
fix(api-key): reset rate limit usage cache
2026-04-27 16:47:44 +08:00
apikey_handler.go
fix(api-key): reset rate limit usage cache
2026-04-27 16:47:44 +08:00
backup_handler.go
feat(backup): 备份/恢复异步化,解决 504 超时
2026-03-16 20:22:10 +08:00
batch_update_credentials_test.go
fix: sync test constructor calls with new rpmCache parameter
2026-02-28 20:38:35 +08:00
channel_handler_test.go
refactor(channels): centralize BillingModelSource normalization and exhaustive enum maps
2026-04-21 11:31:54 +08:00
channel_handler.go
refactor(channels): centralize BillingModelSource normalization and exhaustive enum maps
2026-04-21 11:31:54 +08:00
channel_monitor_handler.go
feat(channel-monitor): request templates with snapshot apply + headers/body override
2026-04-21 14:14:49 +08:00
channel_monitor_template_handler.go
feat(channel-monitor): apply template via subset picker; CC 2.1.114 baseline doc
2026-04-21 14:39:19 +08:00
content_moderation_handler.go
fix moderation key handling and key UI
2026-05-07 14:31:19 +08:00
dashboard_handler_cache_test.go
Reduce admin dashboard read amplification
2026-03-11 16:46:58 +08:00
dashboard_handler_request_type_test.go
test(backend): add tests for upstream model tracking and model source filtering
2026-03-17 19:26:30 +08:00
dashboard_handler_user_breakdown_test.go
test(backend): add tests for upstream model tracking and model source filtering
2026-03-17 19:26:30 +08:00
dashboard_handler.go
feat(channel): 渠道管理全链路集成 — 模型映射、定价、限制、用量统计
2026-04-04 11:13:58 +08:00
dashboard_query_cache.go
feat(api): expose model_source filter in dashboard endpoints
2026-03-17 19:26:11 +08:00
dashboard_snapshot_v2_handler.go
feat(api): expose model_source filter in dashboard endpoints
2026-03-17 19:26:11 +08:00
data_management_handler_test.go
feat(sync): full code sync from release
2026-02-28 15:01:20 +08:00
data_management_handler.go
fix(lint): resolve data management staticcheck warnings
2026-02-28 15:05:54 +08:00
error_passthrough_handler.go
feat: 错误透传规则支持 skip_monitoring 跳过运维监控记录
2026-02-10 11:42:39 +08:00
gemini_oauth_handler.go
fix: 修复 Gemini 授权链接生成失败并改进错误提示
2026-02-24 20:04:05 +08:00
group_handler.go
feat: add OpenAI image generation controls
2026-05-05 03:26:54 +08:00
id_list_utils_test.go
refactor: 消除重复的 normalizeAccountIDList,补充 PR#754 新增组件的单元测试
2026-03-04 15:22:46 +08:00
id_list_utils.go
perf(admin): optimize large-dataset loading for dashboard/users/accounts/ops
2026-03-04 13:45:49 +08:00
idempotency_helper_test.go
feat(idempotency): 为关键写接口接入幂等并完善并发容错
2026-02-23 12:45:37 +08:00
idempotency_helper.go
feat(idempotency): 为关键写接口接入幂等并完善并发容错
2026-02-23 12:45:37 +08:00
openai_oauth_handler.go
revert: completely remove all Sora functionality
2026-04-05 17:11:01 +08:00
ops_alerts_handler.go
fix: 补充缺失的组级和账户级运维告警指标
2026-03-10 11:29:31 +08:00
ops_dashboard_handler.go
feat(ops): 运维监控新增 OpenAI Token 请求统计表
2026-02-12 14:20:14 +08:00
ops_handler.go
feat(ops): 添加用户信息显示和搜索功能
2026-01-14 23:56:45 +08:00
ops_realtime_handler.go
feat(antigravity): comprehensive enhancements - model mapping, rate limiting, scheduling & ops
2026-02-07 12:31:10 +08:00
ops_runtime_logging_handler_test.go
feat(log): 落地统一日志底座与系统日志运维能力
2026-02-12 16:27:29 +08:00
ops_settings_handler.go
feat(log): 落地统一日志底座与系统日志运维能力
2026-02-12 16:27:29 +08:00
ops_snapshot_v2_handler.go
perf(admin): optimize large-dataset loading for dashboard/users/accounts/ops
2026-03-04 13:45:49 +08:00
ops_system_log_handler_test.go
test(ops): 提升日志链路覆盖率并修复lint阻塞
2026-02-12 16:25:44 +08:00
ops_system_log_handler.go
feat(log): 落地统一日志底座与系统日志运维能力
2026-02-12 16:27:29 +08:00
ops_ws_handler.go
feat(sync): full code sync from release
2026-02-28 15:01:20 +08:00
payment_handler.go
feat: add payment order provider snapshots
2026-04-21 12:41:27 +08:00
promo_handler.go
feat(table): 表格排序与搜索改为后端处理
2026-04-09 18:14:28 +08:00
proxy_data_handler_test.go
fix(export): 导出逻辑与当前筛选条件对齐
2026-04-09 18:14:28 +08:00
proxy_data.go
fix(export): 导出逻辑与当前筛选条件对齐
2026-04-09 18:14:28 +08:00
proxy_handler.go
feat(table): 表格排序与搜索改为后端处理
2026-04-09 18:14:28 +08:00
redeem_export_handler_test.go
fix(export): 导出逻辑与当前筛选条件对齐
2026-04-09 18:14:28 +08:00
redeem_handler_test.go
feat(redeem): support negative values for refund/deduction
2026-04-03 01:50:26 +08:00
redeem_handler.go
fix(export): 导出逻辑与当前筛选条件对齐
2026-04-09 18:14:28 +08:00
scheduled_test_handler.go
feat(admin): 支持定时测试自动恢复并统一账号恢复入口
2026-03-08 06:59:53 +08:00
search_truncate_test.go
fix(audit): 第二批审计修复 — P0 生产 Bug、安全加固、性能优化、缓存一致性、代码质量
2026-02-07 19:46:42 +08:00
setting_handler_auth_source_defaults_test.go
feat(openai): OpenAI Fast/Flex Policy 完整实现(HTTP + WebSocket + Admin)
2026-04-28 11:15:09 +08:00
setting_handler.go
feat: 添加登录注册条款确认
2026-05-07 17:35:05 +08:00
snapshot_cache_test.go
Reduce admin dashboard read amplification
2026-03-11 16:46:58 +08:00
snapshot_cache.go
Reduce admin dashboard read amplification
2026-03-11 16:46:58 +08:00
subscription_handler.go
feat: add platform type filter to subscription management page
2026-03-18 09:23:19 +08:00
system_handler.go
feat(idempotency): 为关键写接口接入幂等并完善并发容错
2026-02-23 12:45:37 +08:00
tls_fingerprint_profile_handler.go
feat(tls-fingerprint): 新增 TLS 指纹 Profile 数据库管理及代码质量优化
2026-03-27 14:33:05 +08:00
usage_cleanup_handler_test.go
feat(sync): full code sync from release
2026-02-28 15:01:20 +08:00
usage_handler_request_type_test.go
fix(lint): 修复 CI 中的 ineffassign 和 unused 代码告警,修正 group 排序集成测试兼容性
2026-04-09 19:25:08 +08:00
usage_handler_sort_test.go
feat(table): 表格排序与搜索改为后端处理
2026-04-09 18:14:28 +08:00
usage_handler.go
feat(table): 表格排序与搜索改为后端处理
2026-04-09 18:14:28 +08:00
user_attribute_handler.go
perf(admin): optimize large-dataset loading for dashboard/users/accounts/ops
2026-03-04 13:45:49 +08:00
user_handler_activity_test.go
refactor(admin): remove auth migration reports
2026-04-21 17:34:18 +08:00
user_handler.go
feat: add redeem code affiliate rebate, batch concurrency API, and markdown page rendering
2026-05-05 06:44:37 -07:00