github/claude-relay-service
1
0
Fork 0
mirror of https://github.com/Wei-Shaw/claude-relay-service.git synced 2026-03-29 23:14:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,803 Commits 8 Branches 50 Tags
main
Commit Graph

1803 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
shaw
1ff0d84e21 chore: update readme 2026-02-04 14:51:54 +08:00
github-actions[bot]
a1b695510b chore: sync VERSION file with release v1.1.268 [skip ci] v1.1.268 2026-01-30 01:33:26 +00:00
shaw
f96e21c615 chore: upgrade Antigravity User-Agent to 1.15.8 2026-01-30 09:33:04 +08:00
Wesley Liddick
6a45af3d0d Merge pull request #933 from foamzou/patch-1 [skip ci] 
Fix API endpoint for exchanging setup token
 2026-01-30 09:31:04 +08:00
foam
c2351e03f8 Fix API endpoint for exchanging setup token 2026-01-29 15:22:15 +08:00
sczheng
88c96f8813 Merge remote-tracking branch 'upstream/main' 2026-01-27 22:21:51 +08:00
shaw
2c2039d1a1 docs: update readme 2026-01-27 14:48:52 +08:00
shaw
56eb7c3c7d docs: update readme 2026-01-27 14:46:22 +08:00
github-actions[bot]
03dfedc3d9 chore: sync VERSION file with release v1.1.267 [skip ci] v1.1.267 2026-01-25 05:12:51 +00:00
Wesley Liddick
866806301f Merge pull request #924 from DaydreamCoding/feat/codex_exec 
feat(codex): 添加 codex_exec 用户代理支持
 2026-01-25 13:12:37 +08:00
QTom
816c47b51d feat(codex): 添加 codex_exec 用户代理支持 
支持 Codex CLI 的非交互式/脚本模式(codex exec),使其与 codex_vscode 和 codex_cli_rs 共享相同的验证逻辑和权限配置。修复 codex exec 0.89.0 版本因客户端限制导致的 403 错误。
 2026-01-25 12:24:19 +08:00
github-actions[bot]
c97bfb6478 chore: sync VERSION file with release v1.1.266 [skip ci] v1.1.266 2026-01-24 12:22:09 +00:00
Wesley Liddick
efda870e96 Merge pull request #923 from DaydreamCoding/feature/fix_api_auth 
fix(auth): 修复客户端限制绕过漏洞,添加路径白名单检查
 2026-01-24 20:21:52 +08:00
Wesley Liddick
1ae310f2a1 Merge pull request #920 from arksou/main [skip ci] 
fix: 配额超限优化
 2026-01-24 20:21:34 +08:00
QTom
6dc85b39c9 refactor(validators): 消除重复代码,使用映射表和复用函数 
代码审查后的重构:
- isPathAllowedForClient 复用 getClientDefinitionById 避免重复查找
- validateRequest 中使用 getClientDefinitionById 替代内联查找
- 使用 VALIDATOR_MAP 映射表替代 switch 语句
- getSupportedClients 改为从映射表动态获取,避免硬编码
- 导入 CLIENT_IDS 枚举,提高类型安全性

这些改动提高了代码的可维护性,添加新客户端时只需修改映射表。
 2026-01-24 17:45:13 +08:00
QTom
6c4670213e fix(auth): 修复客户端限制绕过漏洞,添加路径白名单检查 
当 API Key 启用客户端限制(如仅允许 Claude Code)时,攻击者可通过
/api/v1/chat/completions 等 OpenAI 兼容端点绕过验证。原因是
ClaudeCodeValidator 对非 messages 路径仅检查 User-Agent。

修复方案:
- 为每个客户端类型定义允许的路径白名单
- 在客户端验证前进行路径检查
- 路径不在白名单中则直接拒绝,无需继续验证

修改文件:
- src/validators/clientDefinitions.js:添加 allowedPathPrefixes 配置
- src/validators/clientValidator.js:添加路径白名单前置检查

Claude Code 限制时的路由保护:
- 允许访问:/api/v1/messages, /claude/v1/messages 等原生端点
- 拒绝访问:/api/v1/chat/completions, /openai/claude/v1/chat/completions 等
- 其他客户端类型(Gemini CLI、Codex CLI、Droid CLI)也同样适用

相关问题:/api/v1/chat/completions 端点在启用 Claude Code 限制后
依然可以使用,深入分析原因并提供修复方案 #security #client-restriction
 2026-01-24 17:37:42 +08:00
gaozitian
d16b75293d fix: optimize Claude Console quota exceeded status display 
- Keep account status as 'active' when quota exceeded (not 'quota_exceeded')
- Keep isActive as true, only use quotaStoppedAt to mark quota exceeded
- Show green status in UI for quota exceeded accounts (normal state)
- Show '余额不足' as unschedulable reason instead of '已暂停'
- Simplify resetDailyUsage() to only check quotaStoppedAt field

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-24 12:06:09 +08:00
github-actions[bot]
2ac31a5706 chore: sync VERSION file with release v1.1.265 [skip ci] v1.1.265 2026-01-23 11:16:24 +00:00
Wesley Liddick
a3a922ac09 Merge pull request #919 from arksou/hotfix/claude-console-quota-exceeded-recovery 
fix: Claude Console 配额超限状态优化,支持主动自动恢复
 2026-01-23 19:16:10 +08:00
Wesley Liddick
0073d40299 Merge pull request #916 from enzyme2013/fix/allow-new-session-after-clear [skip ci] 
fix: allow new session binding after /clear command
 2026-01-23 19:15:59 +08:00
jett.gao
d812af9159 fix: Claude Console 配额超限状态优化,支持主动自动恢复 
- 新增 rateLimitCleanupService 配额超限恢复检查(每5分钟)
- 调度器预检查配额超限账户,到达重置时间自动恢复
- 前端显示"余额不足"替代默认的"手动停止调度"

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-23 18:19:34 +08:00
github-actions[bot]
4ed5cc631a chore: sync VERSION file with release v1.1.264 [skip ci] v1.1.264 2026-01-23 02:41:20 +00:00
Wesley Liddick
4019b043ec Merge pull request #918 from Chapoly1305/fix/crypto-import 
fix: add missing crypto module import in geminiAccountService
 2026-01-23 10:41:04 +08:00
Junming Chen
9d70110139 fix: add missing crypto module import in geminiAccountService 2026-01-22 21:32:49 -05:00
sczheng
c0c944f904 mod: 补充API KEY详情页进度条 2026-01-23 09:54:00 +08:00
github-actions[bot]
2180c42b84 chore: sync VERSION file with release v1.1.263 [skip ci] v1.1.263 2026-01-22 13:57:22 +00:00
Wesley Liddick
0883bb6b39 Merge pull request #859 from SunSeekerX/feat/optimize 
feat: 大规模性能优化 - Redis Pipeline 批量操作、索引系统、连接池优化
 2026-01-22 21:57:07 +08:00
enzyme2013
16e2bcfedb fix: allow new session binding after /clear command 
- 移除 isOldSession 检查,信任客户端的 session ID 作为新会话标识
- 将 sessionBindingTtlDays 默认值从 30 天改为 1 天,避免 Redis 内存累积
- 添加新会话绑定的监控日志(包含 sessionId、messages 数量、accountId 等)
- 完美支持 Claude Code /clear 等合法的新会话场景
- 同步更新前端界面的默认值配置

问题背景:
用户在 Claude Code 中执行 /clear 后,会生成新的 session ID,
但旧的逻辑会检查请求内容判定为"旧会话",导致返回"本地session已污染"错误。

修复方案:
采用方案2(放宽新会话检测)+ TTL 优化,信任客户端的 session ID,
不再检查请求内容是否"看起来像旧会话",由 1 天的 TTL 自动清理过期绑定。

影响范围:
- src/routes/api.js (流式和非流式两处)
- src/services/claudeRelayConfigService.js
- web/admin-spa/src/views/SettingsView.vue
 2026-01-22 17:31:11 +08:00
SunSeekerX
ea6d1f1b36 1 2026-01-22 17:07:52 +08:00
SunSeekerX
4367fa47da 1 2026-01-22 17:02:00 +08:00
root
55c876fad5 fix: unify weekly cost key to usage:opus:* 
- redis.getWeeklyOpusCost: read only usage:opus:weekly:* (remove claude fallback)
- weeklyClaudeCostInitService: write to usage:opus:weekly:* instead of claude

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-22 16:09:01 +08:00
root
f9df276d0c merge: resolve conflicts from main branch 
- auth.js: keep 402 status code with Opus message
- redis.js: keep dual-cost tracking (rated/real) with opus key prefix, add setWeeklyOpusCost method
- apiKeyService.js: keep both imports, serviceRates handling, and 5-param recordOpusCost

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-22 15:27:52 +08:00
github-actions[bot]
9ebef1b116 chore: sync VERSION file with release v1.1.262 [skip ci] v1.1.262 2026-01-22 07:18:31 +00:00
Wesley Liddick
35f755246e Merge pull request #914 from sczheng189/main 
mod: 修改opus周限额为Claude模型的周限额
 2026-01-22 15:18:16 +08:00
root
83cbaf7c3e fix: resolve all ESLint errors 
- droidRelayService: add missing keyId variable declaration
- quotaCardService: use object destructuring for actualDeducted
- apiKeyService: remove unused variables and duplicate requires
- redis: remove shadowed logger/config requires
- unifiedGeminiScheduler: rename isActive param to avoid shadow
- commonHelper: add comments to empty catch blocks
- testPayloadHelper: prefix unused model param with underscore

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-22 15:14:22 +08:00
github-actions[bot]
338d44faee chore: sync VERSION file with release v1.1.261 [skip ci] v1.1.261 2026-01-22 07:08:02 +00:00
shaw
968398ffa5 fix: API Key permissions multi-select save and display issue 
- Fix updateApiKey to use JSON.stringify for permissions field
- Add comma-separated string handling in normalizePermissions
- Add frontend parsing for comma-separated permissions format

Fixes issue where selecting multiple permissions (e.g. Claude + OpenAI)
would be saved as "claude,openai" instead of '["claude","openai"]'
 2026-01-22 15:07:19 +08:00
shaw
645ab43675 chore: sync latest Claude Code system prompt definitions 
Add claudeOtherSystemPrompt5 for CLI billing header detection
 2026-01-22 15:07:10 +08:00
root
24f825f60d style: format all files with prettier 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-22 15:05:58 +08:00
root
ac7d28f9ce style: format quotaCardService.js with prettier 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-22 15:04:55 +08:00
sczheng
1027a2e3e2 mod: 修改opus周限额为Claude模型的周限额 2026-01-22 15:04:34 +08:00
SunSeekerX
cb935ea0f0 1 2026-01-22 14:56:09 +08:00
SunSeekerX
73a241df1a Merge branch 'main' into feat/optimize 2026-01-21 11:56:02 +08:00
SunSeekerX
029bdf3719 1 2026-01-21 11:55:28 +08:00
github-actions[bot]
0f5321b0ef chore: sync VERSION file with release v1.1.260 [skip ci] v1.1.260 2026-01-21 02:19:34 +00:00
shaw
c7d7bf47d6 fix: 更新claude账号oauth链接生成规则 2026-01-21 10:06:24 +08:00
Wesley Liddick
ebc30b6026 Merge pull request #906 from 0xRichardH/fix-bedrock-sse-stream-event [skip ci] 
Fix bedrock sse stream event
 2026-01-21 09:38:19 +08:00
Wesley Liddick
d5a7af2d7d Merge pull request #903 from RedwindA/main [skip ci] 
feat(droid): add prompt_cache_retention and safety_identifier to fiel…
 2026-01-21 09:37:19 +08:00
SunSeekerX
76ecbe18a5 1 2026-01-19 20:24:47 +08:00
Richard Hao
81a3e26e27 fix: correct Bedrock SSE stream event format to match Claude API spec 
- message_start: nest fields inside 'message' object with type: 'message'
- content_block_delta: add type field to data
- message_delta: add type field to data
- message_stop: remove usage field, just return type
- Extract usage from message_delta instead of message_stop
 2026-01-18 11:38:38 +08:00