1392 Commits

Author	SHA1	Message	Date
pham	649eb23091	fix confirmed deployment risks	2026-04-25 09:24:17 +08:00
pham	75d03e4713	feat add jwt secret ops status	2026-04-24 08:32:16 +08:00
pham	5c35a221dd	remove dead dashboard api key stats internals	2026-04-21 17:26:42 +08:00
pham	96d046d5c1	remove dead sora quota and dashboard wrappers	2026-04-21 11:11:34 +08:00
pham	7d1d185a2f	remove dead group stats and dashboard wrapper	2026-04-21 09:23:34 +08:00
pham	7bf0ed8681	remove dead proxy service and sora storage action	2026-04-20 23:05:30 +08:00
pham	4a105650c8	remove dead data management service	2026-04-20 22:41:40 +08:00
pham	258769883b	remove dead redeem stats service method	2026-04-20 20:35:27 +08:00
pham	b37df25fb1	remove dead admin refresh service path	2026-04-20 16:50:26 +08:00
pham	b3f112005e	remove deprecated mock admin endpoints	2026-04-20 13:05:44 +08:00
pham	ed642e8769	fix logger and redeem admin review findings	2026-04-20 11:24:36 +08:00
User	3a0ca7f57f	fix: concurrency safety and API correctness from code review ... B3 (HIGH): sora_generation_service.go - Add panic recovery to parallel S3 URL fetching goroutines. Without recovery, a panic in GetAccessURL would skip wg.Done() causing wg.Wait() to hang indefinitely. B2 (MEDIUM): subscription_service.go:549 - Replace bare goroutine with safego.Go() for consistent panic recovery pattern. All other async calls in this file already use safego. B4 (MEDIUM): admin/sora_handler.go - Change ClearUserStorage response from 200 no-op to 410 Gone. The per-user storage quota was fully removed; returning success was misleading to callers.	2026-04-18 13:16:05 +08:00
User	fded346295	refactor(goroutine): replace bare goroutines with managed executors ... - Add internal/pkg/safego/ utility for safe goroutine launching with panic recovery, structured logging (slog + zap), and optional error callback support - Replace 8 fire-and-forget goroutines in service layer: user_service.go (1), subscription_service.go (4), redeem_service.go (2), promo_service.go (1) — all now use safego.Go() - Add inline panic recovery to 6 long-running goroutines: pricing_service.go scheduler loop Redis PubSub subscribers: tls_fingerprint/error_passthrough/api_key caches OAuth session cleanup: openai/oauth/geminicli S3 stream upload in sora_s3_storage.go - All changes verified: go build PASS, service tests ALL PASS, repository tests ALL PASS	2026-04-18 10:43:00 +08:00
User	d1bf033f24	refactor(sora): remove per-user storage quota fields and simplify quota service ... - Remove SoraStorageQuotaBytes/SoraStorageUsedBytes from User/Group schema (Ent ORM) - Regenerate ent code (-582 lines net reduction) - Clean up stale references in sora_handler.go (4 sites) and service.User struct - Simplify SoraQuotaService constructor (3-param -> 1-param, system-default only) - Add Deprecated marker + HTTP headers to ClearUserStorage API - Change AddUsage/ReleaseUsage log level to Debug - Add 9 unit tests for simplified SoraQuotaService (boundary/negative/nil-safe) - Fix test files to remove deleted field references Code review: 8.0/10 overall rating, 0 critical issues remaining.	2026-04-18 10:12:37 +08:00
User	e34a59d720	test(ops): add partition status unit tests and fix test mocks ... - Add ops_partition_test.go with comprehensive unit tests: - Test partitioned table scenario - Test needs_partitioning warning level - Test info level warning (50K-100K rows) - Test below threshold scenario - Test error handling - Test nil repo handling - Fix ops_repo_mock_test.go to implement new interface methods: - IsUsageLogsPartitioned - GetUsageLogsRowCount - GetUsageLogsPartitionCount - Fix admin_basic_handlers_test.go password length: - Change "pass123" to "password123" (min=8 enforced)	2026-04-17 07:20:54 +08:00
User	60d15d2ba4	feat(ops): add usage_logs partition status to ops dashboard ... Add partition management integration to the smart ops system: - Backend: Add GetUsageLogsPartitionStatus endpoint in OpsHandler - Backend: Add partition query methods in OpsRepository - Backend: Add UsageLogsPartitionStatus type in OpsService - Frontend: Add OpsPartitionStatusCard component - Frontend: Add partition status display in OpsDashboard - i18n: Add Chinese and English translations The partition status card shows: - Whether usage_logs is partitioned - Current row count vs threshold (100K) - Partition count (if partitioned) - Warning message when partitioning is recommended This allows administrators to monitor partition status directly from the ops dashboard without checking server logs.	2026-04-16 23:16:17 +08:00
User	c4007afe6b	feat: add Sora admin page and integrate DB/Redis Prometheus metrics ... - Create SoraAdminView with overview, user stats, and generations tabs - Add /admin/sora route for Sora management - Add i18n support (zh/en) for Sora admin page - Extract Prometheus metrics to prommetrics package to avoid import cycles - Integrate SetDBConnections/SetRedisConnections in OpsMetricsCollector	2026-04-16 12:01:12 +08:00
User	2d59b9ebfc	feat: add Sora admin backend and fix type inconsistencies ... Backend changes: - Add SoraHandler for admin Sora management APIs - GET /api/v1/admin/sora/stats - system statistics - GET /api/v1/admin/sora/users - user storage stats - GET /api/v1/admin/sora/generations - generation records - DELETE /api/v1/admin/sora/users/:id/storage - clear user storage - Add sora_storage_quota_bytes to AdminUser DTO - Add SoraStorageQuotaBytes to UpdateUserInput for admin user updates - Add comprehensive tests for SoraHandler Frontend changes: - Add soraAdminAPI for Sora management - Add sora_storage_quota_bytes and sora_storage_used_bytes to AdminUser type - Add Sora storage quota field to UserEditModal (GB unit) - Fix UsageLog type: add media_type, fix duration_ms to optional - Fix AdminUsageLog type: add channel_id, billing_tier Test fixes: - Add window.matchMedia mock to AccountUsageCell.spec.ts - Add tlsFingerprintProfileAPI mock to EditAccountModal.spec.ts - Fix loadTLSProfiles function order in EditAccountModal.vue - Fix translation key references in AccountStatusIndicator.spec.ts	2026-04-16 09:20:23 +08:00
User	eb5d32553d	feat: add webhook notification service and refactor data management ... ## Backend Changes - Add WebhookService for sending alert notifications via HTTP webhooks - Implement HMAC-SHA256 signature for webhook payload authentication - Add webhook configuration API endpoints and settings - Integrate webhook calls into OpsAlertEvaluatorService - Fix routes/common.go string conversion (use strconv.Itoa) - Add comprehensive webhook service tests ## Frontend Changes - Add webhook notification configuration UI in OpsSettingsDialog - Add WebhookNotificationConfig types and API functions - Add i18n translations for webhook features (zh/en) - Refactor DataManagementView.vue into modular components: - PostgresProfilesCard.vue (356 lines) - RedisProfilesCard.vue (331 lines) - S3ProfilesCard.vue (363 lines) - BackupJobsCard.vue (216 lines) - DataManagementView.vue (94 lines) - Add OpsSettingsDialog component tests ## Testing - All backend tests pass - All frontend tests pass - Webhook service tests cover signature, HTTP, timeout, error handling	2026-04-15 23:03:48 +08:00
User	d96a9f384a	feat: merge sub2apipro features and add Chinese model pricing ... ## Merged Features from sub2apipro - Sora video generation integration (OpenAI Sora API) - Group management enhancements - Usage log improvements - Security headers middleware ## Chinese Model Pricing Updates - GLM-5, GLM-5-Turbo, GLM-5.1, GLM-4.7, GLM-4.5-Air - Baichuan4, Baichuan4-Turbo, Baichuan4-Air, Baichuan-M3-Plus - DeepSeek-V3, DeepSeek-V3.2, DeepSeek-R1 - Qwen3-8B (free), Qwen2.5-72B-Instruct ## URL Whitelist Additions - api.baichuan-ai.com (百川智能) - api.siliconflow.cn (硅基流动) - api.z.ai (智谱国际) - api.groq.com (Groq加速推理) ## Documentation - Added merge guide (docs/MERGE_GUIDE.md) - Added quick reference (docs/MERGE_QUICKREF.md) - Added review reports (docs/reviews/)	2026-04-15 12:02:07 +08:00
Wesley Liddick	ad6c328135	Merge pull request #1575 from shuanbao0/fix/cursor-responses-body-compat ... fix(gateway): 兼容 Cursor /v1/chat/completions 的 Responses API body	2026-04-13 22:02:44 +08:00
Wesley Liddick	7d80b5ad28	Merge pull request #1610 from touwaeriol/fix/alipay-wxpay-type-mapping ... fix(payment): register Alipay/Wxpay providers for base payment types	2026-04-13 21:44:19 +08:00
sakurawztlt	a1e299a355	fix: Anthropic 非流式路径在上游终态事件 output 为空时从 delta 事件重建响应内容 ... b2e379cf 引入的 BufferedResponseAccumulator 已修复了 chat_completions 非流式路径和 responses OAuth 非流式路径，但遗漏了 Anthropic /v1/messages 非流式路径 (handleAnthropicBufferedStreamingResponse)。 当客户端请求 stream=false 且模型开启思考时，上游 response.completed 终态事件的 output 字段可能为空，实际 message 内容通过 response.output_text.delta 增量事件下发。旧代码只读终态事件的 Response， 导致客户端收到的 content 字段为空 ([{"type":"text"}])。 本 commit 将 b2e379cf 的相同修复模式镜像到 Anthropic 路径：在 SSE 扫描 过程中用 BufferedResponseAccumulator 累积 delta 内容，终态 output 为空 时通过 SupplementResponseOutput 补充重建。 同时修复 handleAnthropicBufferedStreamingResponse 遗漏 response.done 事件类型的问题，与 chat completions 路径保持一致，避免上游发送 response.done 时 handler 认不出终态事件、最终返回 502 的潜在问题。 BufferedResponseAccumulator 已在 chatcompletions_responses_test.go 有 完整单元测试覆盖（TextOnly/ToolCalls/Reasoning/Mixed/SupplementEmpty/ NoSupplementWhenOutputExists/EmptyDeltas/IgnoresNonFunctionCallItems）， 本次复用相同累加器无需新增测试。	2026-04-13 18:51:49 +08:00
erio	f498eb8fde	fix(payment): fix Alipay/Wxpay direct provider type mapping and enable cross-provider load balancing ... Two issues fixed: 1. Alipay.SupportedTypes() returned ["alipay_direct"] and Wxpay returned ["wxpay_direct"], but the frontend sends payment_type="alipay"/"wxpay". The registry lookup failed with "payment method (alipay) is not configured". Fix: return the base types ["alipay"]/["wxpay"]. 2. When multiple providers support the same payment type (e.g. EasyPay and Alipay direct both handle "alipay"), only the last-registered provider's instances were reachable — the registry mapped one type to one provider key, and SelectInstance queried by that single key. Fix: bypass the registry in invokeProvider and let SelectInstance query across all providers when providerKey is empty. The selected instance's own ProviderKey (now included in InstanceSelection) is used to create the correct provider, enabling true cross-provider load balancing. Closes #1592	2026-04-13 14:07:12 +08:00
bot	cb016ad861	fix: handle Anthropic credit balance exhausted (400) as account error ... When an Anthropic API key's credit balance is depleted, the upstream returns HTTP 400 with message containing "credit balance". Previously, the 400 handler only checked for "organization has been disabled", so credit-exhausted accounts kept being scheduled — every request returned the same error. Treat this case identically to 402 (Payment Required): call handleAuthError → SetError to stop scheduling the account until an admin manually recovers it after topping up credits. Closes #1586	2026-04-12 13:30:15 +08:00
shuanbao0	422e25c99f	fix(gateway): 剥离 Cursor raw body 透传路径中 Codex 不支持的 Responses API 参数 ... 在前一个 commit 的 isResponsesShape 短路路径基础上,补充对 Cursor 云端 带过来的、Codex 上游统一不支持的顶层 Responses API 参数的剥离: - prompt_cache_retention - safety_identifier - metadata - stream_options 根因补充:这条 raw-body 透传路径为了保留 Cursor 的 input 数组整体结构, 不再经过 ChatCompletionsRequest 的反序列化过滤,所以这些 Go 结构体里 没有对应字段的参数会被原样发到上游,上游返回: Unsupported parameter: <field> 常规 Chat Completions 转换路径天然通过 ChatCompletionsRequest 丢弃未知字段, 不受影响;此处仅在 isResponsesShape 分支内用 sjson.DeleteBytes 显式过滤, 作用域最小。剥离列表与 openai_gateway_service.go:2034 的 unsupportedFields 语义对齐。 另外在 applyCodexOAuthTransform 的 OAuth 兜底 strip 列表里同步追加 prompt_cache_retention,作为对该函数所有其他 OAuth 调用点的 defense in depth(当前只有 Cursor 路径的短路已在前面剥过,但保留这一层更稳)。 测试: - TestCursorMixedShape_StripsUnsupportedFields — 验证所有 4 个字段都被剥 - TestApplyCodexOAuthTransform_StripsPromptCacheRetention — OAuth 兜底路径 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-11 22:48:45 +08:00
shuanbao0	b7edc3ed82	fix(gateway): 兼容 Cursor /v1/chat/completions 的 Responses API body ... Cursor 云端 (User-Agent: Go-http-client/2.0) 发往 /v1/chat/completions 的 body 使用 Responses API 格式: {"model":"gpt-5.4","input":[{"role":"system","content":"..."}],"stream":true} 原代码用 ChatCompletionsRequest 反序列化,该结构体没有 Input 字段, Cursor 的 input 数组被静默丢弃,ChatCompletionsToResponses 转换后产出 input: null,Codex 上游以 "Invalid type for 'input': expected a string, but got an object" 拒绝请求(上游 typeof null === 'object')。 修复:在 ForwardAsChatCompletions 里用 gjson 检测 body shape,当 input 存在且 messages 缺失时,跳过 Chat→Responses 转换,用 sjson 仅改写 model 字段后原样透传 body。billing 所需的 ServiceTier 和 Reasoning.Effort 通过 gjson 从 raw body 提取,下游 codex OAuth transform 路径保持不变。 测试:新增 openai_cursor_warmup_pipeline_test.go,覆盖 5 个 shape 检测 用例(正向/标准请求不误伤/两字段共存/空 body/JSON 回读)。 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-11 20:22:18 +08:00
erio	fa833f7684	Merge remote-tracking branch 'upstream/main' into feat/payment-system-v2 ... # Conflicts: # frontend/src/api/admin/settings.ts # frontend/src/stores/app.ts # frontend/src/types/index.ts # frontend/src/views/admin/SettingsView.vue	2026-04-11 18:25:06 +08:00
erio	e3a000e0d4	refactor(payment): code standards fixes and regression repairs ... Backend: - Split payment_order.go (546→314 lines) into payment_order_lifecycle.go - Replace magic strings with constants in factory, easypay, webhook handler - Add rate limit/validity unit constants in payment_order_lifecycle, payment_service - Fix critical regression: add PaymentEnabled to GetPublicSettings response - Add missing migration 099_fix_migrated_purchase_menu_label_icon.sql Frontend: - Fix StripePopupView.vue: replace `as any` with typed interface, use extractApiErrorMessage - Fix AdminOrderTable.vue: replace hardcoded column labels with i18n t() calls - Fix SubscriptionsView.vue: replace hardcoded Today/Tomorrow with i18n - Extract duplicate statusBadgeClass/canRefund/formatOrderDateTime to orderUtils.ts - Add missing i18n keys: common.today, common.tomorrow, payment.orders.orderType/actions - Remove dead PurchaseSubscriptionView.vue (replaced by PaymentView)	2026-04-11 13:16:35 +08:00
erio	63d1860dc0	feat(payment): add complete payment system with multi-provider support ... Add a full payment and subscription system supporting EasyPay (Alipay/WeChat), Stripe, and direct Alipay/WeChat Pay providers with multi-instance load balancing.	2026-04-11 13:16:35 +08:00
IanShaw027	67a05dfccd	fix: honor table defaults and preserve dispatch mappings	2026-04-10 17:55:37 +08:00
IanShaw027	2b70d1d332	merge upstream main into fix/bug-cleanup-main	2026-04-09 21:35:48 +08:00
IanShaw027	b37afd68ec	fix(lint): format setting service	2026-04-09 21:31:48 +08:00
Wesley Liddick	bbc79796dc	Merge pull request #1529 from IanShaw027/feat/group-messages-dispatch-redo ... feat: 为openai分组增加messages调度模型映射并支持instructions模板注入	2026-04-09 21:14:38 +08:00
Wesley Liddick	760cc7d6be	Merge pull request #1481 from alfadb/fix/increase-error-log-body-limit ... fix(ops): 将错误日志请求体存储限制从 10KB 提升至 256KB	2026-04-09 21:14:13 +08:00
Wesley Liddick	9a72025afb	Merge pull request #1523 from octo-patch/fix/issue-1519-home-content-csp-frame-src ... fix: include home_content URL in CSP frame-src origins	2026-04-09 21:13:46 +08:00
Wesley Liddick	74302f60ab	Merge pull request #1010 from Glorhop/pr/oidc-login ... feat(auth): support OIDC login and prefer IdP real email on sign-in	2026-04-09 21:13:22 +08:00
IanShaw027	62962c05f1	fix(lint): 修复 CI 中的 ineffassign 和 unused 代码告警，修正 group 排序集成测试兼容性	2026-04-09 19:25:08 +08:00
IanShaw027	5f8e60a1b7	feat(table): 表格排序与搜索改为后端处理	2026-04-09 18:14:28 +08:00
IanShaw027	ad80606a44	feat(settings): 增加全局表格分页配置,支持自定义	2026-04-09 18:14:28 +08:00
alfadb	6401dd7cc7	fix(ops): increase error log request body limit from 10KB to 256KB ... 10KB is too aggressive for modern LLM API requests where conversation context routinely exceeds 1MB. This causes error logs to contain only a minimal placeholder, making it impossible to debug upstream failures. 256KB retains enough context for effective debugging while the existing multi-pass trimming logic handles larger payloads gracefully. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 17:49:02 +08:00
IanShaw027	7d008bd5b6	fix(test): 修正 admin service 分组测试平台字段赋值	2026-04-09 12:42:37 +08:00
IanShaw027	66ff2def8c	fix(test): 补充 admin service 分组测试字符串指针辅助函数	2026-04-09 12:39:05 +08:00
IanShaw027	4de4823a65	feat(openai): 支持messages模型映射与instructions模板注入	2026-04-09 12:29:49 +08:00
IanShaw027	23c4d592f8	feat(group): 增加messages调度模型映射配置	2026-04-09 12:29:28 +08:00
ruiqurm	02a66a01c3	feat: support OIDC login.	2026-04-09 02:20:51 +00:00
octo-patch	ce833d91ce	fix: include home_content URL in CSP frame-src origins (fixes #1519)	2026-04-09 09:47:27 +08:00
ius	265687b56d	fix: 优化调度快照缓存以避免 Redis 大 MGET	2026-04-08 10:39:15 -07:00
shaw	b982076e52	fix: resolve errcheck lint and add missing enable_cch_signing to test ... - Suppress errcheck for xxhash Digest.Write (never returns error) - Add enable_cch_signing field to settings API contract test	2026-04-08 16:23:02 +08:00
shaw	e51c9e50b5	feat: sync billing header cc_version with User-Agent and add opt-in CCH signing ... - Sync cc_version in x-anthropic-billing-header with the fingerprint User-Agent version, preserving the message-derived suffix - Implement xxHash64-based CCH signing to replace the cch=00000 placeholder with a computed hash - Add admin toggle (enable_cch_signing) under gateway forwarding settings, disabled by default	2026-04-08 16:11:19 +08:00