github/claude-relay-service
1
0
Fork 0
mirror of https://github.com/Wei-Shaw/claude-relay-service.git synced 2026-01-23 09:10:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github:v1.1.234
Branches Tags
github:main github:price-mirror github:web-dist github:dev github:revert-424-feat/i18n github:revert-401-main github:revert-292-dev
github:v1.1.264 github:v1.1.263 github:v1.1.262 github:v1.1.261 github:v1.1.260 github:v1.1.259 github:v1.1.258 github:v1.1.257 github:v1.1.256 github:v1.1.255 github:v1.1.254 github:v1.1.253 github:v1.1.252 github:v1.1.251 github:v1.1.250 github:v1.1.249 github:v1.1.248 github:v1.1.246 github:v1.1.245 github:v1.1.244 github:v1.1.243 github:v1.1.242 github:v1.1.241 github:v1.1.240 github:v1.1.239 github:v1.1.238 github:v1.1.237 github:v1.1.236 github:v1.1.235 github:v1.1.234 github:v1.1.233 github:v1.1.232 github:v1.1.231 github:v1.1.230 github:v1.1.229 github:v1.1.228 github:v1.1.227 github:v1.1.226 github:v1.1.225 github:v1.1.224 github:v1.1.223 github:v1.1.222 github:v1.1.221 github:v1.1.220 github:v1.1.219 github:v1.1.218 github:v1.1.217 github:v1.1.216 github:v1.1.215 github:v1.1.214
..
compare: github:revert-292-dev
Branches Tags
github:price-mirror github:web-dist github:main github:dev github:revert-424-feat/i18n github:revert-401-main github:revert-292-dev
github:v1.1.264 github:v1.1.263 github:v1.1.262 github:v1.1.261 github:v1.1.260 github:v1.1.259 github:v1.1.258 github:v1.1.257 github:v1.1.256 github:v1.1.255 github:v1.1.254 github:v1.1.253 github:v1.1.252 github:v1.1.251 github:v1.1.250 github:v1.1.249 github:v1.1.248 github:v1.1.246 github:v1.1.245 github:v1.1.244 github:v1.1.243 github:v1.1.242 github:v1.1.241 github:v1.1.240 github:v1.1.239 github:v1.1.238 github:v1.1.237 github:v1.1.236 github:v1.1.235 github:v1.1.234 github:v1.1.233 github:v1.1.232 github:v1.1.231 github:v1.1.230 github:v1.1.229 github:v1.1.228 github:v1.1.227 github:v1.1.226 github:v1.1.225 github:v1.1.224 github:v1.1.223 github:v1.1.222 github:v1.1.221 github:v1.1.220 github:v1.1.219 github:v1.1.218 github:v1.1.217 github:v1.1.216 github:v1.1.215 github:v1.1.214

1 Commits
v1.1.234 ... revert-292

Author SHA1 Message Date
Wesley Liddick
af06fe0f35 Revert "feat: 新增AD域控用户认证系统" 2025-08-28 08:49:05 +08:00
210 changed files with 31561 additions and 109418 deletions
Expand all files Collapse all files

1
.dockerignore
View File

@@ -15,7 +15,6 @@ logs/
# Data files
data/
temp/
redis_data/
# Git
.git/

77
.env.example
View File

@@ -22,47 +22,16 @@ REDIS_PASSWORD=
REDIS_DB=0
REDIS_ENABLE_TLS=
# 🔗 会话管理配置
# 粘性会话TTL配置小时默认1小时
STICKY_SESSION_TTL_HOURS=1
# 续期阈值分钟默认0分钟不续期
STICKY_SESSION_RENEWAL_THRESHOLD_MINUTES=15
# 🎯 Claude API 配置
CLAUDE_API_URL=https://api.anthropic.com/v1/messages
CLAUDE_API_VERSION=2023-06-01
CLAUDE_BETA_HEADER=claude-code-20250219,oauth-2025-04-20,interleaved-thinking-2025-05-14,fine-grained-tool-streaming-2025-05-14
# 🚫 529错误处理配置
# 启用529错误处理0表示禁用>0表示过载状态持续时间分钟
CLAUDE_OVERLOAD_HANDLING_MINUTES=0
# 400错误处理0表示禁用>0表示临时禁用时间分钟
# 只有匹配特定错误模式的 400 才会触发临时禁用
# - organization has been disabled
# - account has been disabled
# - account is disabled
# - no account supporting
# - account not found
# - invalid account
# - Too many active sessions
CLAUDE_CONSOLE_BLOCKED_HANDLING_MINUTES=10
# 🌐 代理配置
DEFAULT_PROXY_TIMEOUT=600000
DEFAULT_PROXY_TIMEOUT=60000
MAX_PROXY_RETRIES=3
# IP协议族配置true=IPv4, false=IPv6, 默认IPv4兼容性更好
PROXY_USE_IPV4=true
# 代理连接池 / Keep-Alive 配置(默认关闭,如需启用请取消注释)
# PROXY_KEEP_ALIVE=true
# PROXY_MAX_SOCKETS=50
# PROXY_MAX_FREE_SOCKETS=10
# ⏱️ 请求超时配置
REQUEST_TIMEOUT=600000 # 请求超时设置毫秒默认10分钟
# 🔧 请求体大小配置
REQUEST_MAX_SIZE_MB=60
# 📈 使用限制
DEFAULT_TOKEN_LIMIT=1000000
@@ -78,8 +47,6 @@ TOKEN_USAGE_RETENTION=2592000000
HEALTH_CHECK_INTERVAL=60000
TIMEZONE_OFFSET=8 # UTC偏移小时数默认+8中国时区
METRICS_WINDOW=5 # 实时指标统计窗口分钟可选1-60默认5分钟
# 启动时清理残留的并发排队计数器默认true多实例部署时建议设为false
CLEAR_CONCURRENCY_QUEUES_ON_STARTUP=true
# 🎨 Web 界面配置
WEB_TITLE=Claude Relay Service
@@ -88,46 +55,14 @@ WEB_LOGO_URL=/assets/logo.png
# 🛠️ 开发配置
DEBUG=false
DEBUG_HTTP_TRAFFIC=false # 启用HTTP请求/响应调试日志(仅开发环境)
ENABLE_CORS=true
TRUST_PROXY=true
# 🔒 客户端限制(可选)
# ALLOW_CUSTOM_CLIENTS=false
# 🔐 LDAP 认证配置
LDAP_ENABLED=false
LDAP_URL=ldaps://ldap-1.test1.bj.yxops.net:636
LDAP_BIND_DN=cn=admin,dc=example,dc=com
LDAP_BIND_PASSWORD=admin_password
LDAP_SEARCH_BASE=dc=example,dc=com
LDAP_SEARCH_FILTER=(uid={{username}})
LDAP_SEARCH_ATTRIBUTES=dn,uid,cn,mail,givenName,sn
LDAP_TIMEOUT=5000
LDAP_CONNECT_TIMEOUT=10000
# 🔒 LDAP TLS/SSL 配置 (用于 ldaps:// URL)
# 是否忽略证书验证错误 (设置为false可忽略自签名证书错误)
LDAP_TLS_REJECT_UNAUTHORIZED=true
# CA 证书文件路径 (可选用于自定义CA证书)
# LDAP_TLS_CA_FILE=/path/to/ca-cert.pem
# 客户端证书文件路径 (可选,用于双向认证)
# LDAP_TLS_CERT_FILE=/path/to/client-cert.pem
# 客户端私钥文件路径 (可选,用于双向认证)
# LDAP_TLS_KEY_FILE=/path/to/client-key.pem
# 服务器名称 (可选,用于 SNI)
# LDAP_TLS_SERVERNAME=ldap.example.com
# 🗺️ LDAP 用户属性映射
LDAP_USER_ATTR_USERNAME=uid
LDAP_USER_ATTR_DISPLAY_NAME=cn
LDAP_USER_ATTR_EMAIL=mail
LDAP_USER_ATTR_FIRST_NAME=givenName
LDAP_USER_ATTR_LAST_NAME=sn
# 👥 用户管理配置
USER_MANAGEMENT_ENABLED=false
DEFAULT_USER_ROLE=user
USER_SESSION_TIMEOUT=86400000
MAX_API_KEYS_PER_USER=1
ALLOW_USER_DELETE_API_KEYS=false
# 📢 Webhook 通知配置
WEBHOOK_ENABLED=true
WEBHOOK_URLS=https://your-webhook-url.com/notify,https://backup-webhook.com/notify
WEBHOOK_TIMEOUT=10000
WEBHOOK_RETRIES=3

12
.github/FUNDING.yml vendored
View File

@@ -1,12 +0,0 @@
# These are supported funding model platforms
github: # Your GitHub username for GitHub Sponsors
patreon: # Replace with your Patreon username if you have one
open_collective: # Replace with your Open Collective username if you have one
ko_fi: # Replace with your Ko-fi username if you have one
tidelift: # Replace with your Tidelift platform-name/package-name e.g., npm/babel
community_bridge: # Replace with your Community Bridge project-name
liberapay: # Replace with your Liberapay username
issuehunt: # Replace with your IssueHunt username
otechie: # Replace with your Otechie username
custom: ['https://afdian.com/a/claude-relay-service'] # Your custom donation link (Afdian)

75
.github/workflows/auto-release-pipeline.yml vendored
View File

@@ -4,7 +4,6 @@ on:
push:
branches:
- main
workflow_dispatch: # 支持手动触发
permissions:
contents: write
@@ -25,17 +24,6 @@ jobs:
- name: Check if version bump is needed
id: check
run: |
# 检查提交消息是否包含强制发布标记([force release]
COMMIT_MSG=$(git log -1 --pretty=%B | tr -d '\r')
echo "Latest commit message:"
echo "$COMMIT_MSG"
FORCE_RELEASE=false
if echo "$COMMIT_MSG" | grep -qi "\[force release\]"; then
echo "Detected [force release] marker, forcing version bump"
FORCE_RELEASE=true
fi
# 检测是否是合并提交
PARENT_COUNT=$(git rev-list --parents -n 1 HEAD | wc -w)
PARENT_COUNT=$((PARENT_COUNT - 1))
@@ -80,14 +68,7 @@ jobs:
fi
done <<< "$CHANGED_FILES"
# 检查是否是手动触发
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
echo "Manual workflow trigger detected, forcing version bump"
echo "needs_bump=true" >> $GITHUB_OUTPUT
elif [ "$FORCE_RELEASE" = true ]; then
echo "Force release marker detected, forcing version bump"
echo "needs_bump=true" >> $GITHUB_OUTPUT
elif [ "$SIGNIFICANT_CHANGES" = true ]; then
if [ "$SIGNIFICANT_CHANGES" = true ]; then
echo "Significant changes detected, version bump needed"
echo "needs_bump=true" >> $GITHUB_OUTPUT
else
@@ -265,23 +246,6 @@ jobs:
git tag -a "$NEW_TAG" -m "Release $NEW_TAG"
git push origin HEAD:main "$NEW_TAG"
- name: Prepare image names
id: image_names
if: steps.check.outputs.needs_bump == 'true'
run: |
DOCKER_USERNAME="${{ secrets.DOCKERHUB_USERNAME }}"
if [ -z "$DOCKER_USERNAME" ]; then
DOCKER_USERNAME="weishaw"
fi
DOCKER_IMAGE=$(echo "${DOCKER_USERNAME}/claude-relay-service" | tr '[:upper:]' '[:lower:]')
GHCR_IMAGE=$(echo "ghcr.io/${{ github.repository_owner }}/claude-relay-service" | tr '[:upper:]' '[:lower:]')
{
echo "docker_image=${DOCKER_IMAGE}"
echo "ghcr_image=${GHCR_IMAGE}"
} >> "$GITHUB_OUTPUT"
- name: Create GitHub Release
if: steps.check.outputs.needs_bump == 'true'
uses: softprops/action-gh-release@v1
@@ -292,10 +256,8 @@ jobs:
## 🐳 Docker 镜像
```bash
docker pull ${{ steps.image_names.outputs.docker_image }}:${{ steps.next_version.outputs.new_tag }}
docker pull ${{ steps.image_names.outputs.docker_image }}:latest
docker pull ${{ steps.image_names.outputs.ghcr_image }}:${{ steps.next_version.outputs.new_tag }}
docker pull ${{ steps.image_names.outputs.ghcr_image }}:latest
docker pull ${{ secrets.DOCKERHUB_USERNAME || 'weishaw' }}/claude-relay-service:${{ steps.next_version.outputs.new_tag }}
docker pull ${{ secrets.DOCKERHUB_USERNAME || 'weishaw' }}/claude-relay-service:latest
```
## 📦 主要更新
@@ -426,32 +388,20 @@ jobs:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Log in to GitHub Container Registry
if: steps.check.outputs.needs_bump == 'true'
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push Docker image
if: steps.check.outputs.needs_bump == 'true'
uses: docker/build-push-action@v6
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: |
${{ steps.image_names.outputs.docker_image }}:${{ steps.next_version.outputs.new_tag }}
${{ steps.image_names.outputs.docker_image }}:latest
${{ steps.image_names.outputs.docker_image }}:${{ steps.next_version.outputs.new_version }}
${{ steps.image_names.outputs.ghcr_image }}:${{ steps.next_version.outputs.new_tag }}
${{ steps.image_names.outputs.ghcr_image }}:latest
${{ steps.image_names.outputs.ghcr_image }}:${{ steps.next_version.outputs.new_version }}
${{ secrets.DOCKERHUB_USERNAME }}/claude-relay-service:${{ steps.next_version.outputs.new_tag }}
${{ secrets.DOCKERHUB_USERNAME }}/claude-relay-service:latest
${{ secrets.DOCKERHUB_USERNAME }}/claude-relay-service:${{ steps.next_version.outputs.new_version }}
labels: |
org.opencontainers.image.version=${{ steps.next_version.outputs.new_version }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.source=https://github.com/${{ github.repository }}
cache-from: type=gha
cache-to: type=gha,mode=max
@@ -460,8 +410,6 @@ jobs:
env:
TELEGRAM_BOT_TOKEN: ${{ secrets.TELEGRAM_BOT_TOKEN }}
TELEGRAM_CHAT_ID: ${{ secrets.TELEGRAM_CHAT_ID }}
DOCKER_IMAGE: ${{ steps.image_names.outputs.docker_image }}
GHCR_IMAGE: ${{ steps.image_names.outputs.ghcr_image }}
continue-on-error: true
run: |
VERSION="${{ steps.next_version.outputs.new_version }}"
@@ -482,16 +430,13 @@ jobs:
MESSAGE+="${CHANGELOG_TRUNCATED}"$'\n'$'\n'
MESSAGE+="🐳 *Docker 部署:*"$'\n'
MESSAGE+="\`\`\`bash"$'\n'
MESSAGE+="docker pull ${DOCKER_IMAGE}:${TAG}"$'\n'
MESSAGE+="docker pull ${DOCKER_IMAGE}:latest"$'\n'
MESSAGE+="docker pull ${GHCR_IMAGE}:${TAG}"$'\n'
MESSAGE+="docker pull ${GHCR_IMAGE}:latest"$'\n'
MESSAGE+="docker pull weishaw/claude-relay-service:${TAG}"$'\n'
MESSAGE+="docker pull weishaw/claude-relay-service:latest"$'\n'
MESSAGE+="\`\`\`"$'\n'$'\n'
MESSAGE+="🔗 *相关链接:*"$'\n'
MESSAGE+="• [GitHub Release](https://github.com/${REPO}/releases/tag/${TAG})"$'\n'
MESSAGE+="• [完整更新日志](https://github.com/${REPO}/releases)"$'\n'
MESSAGE+="• [Docker Hub](https://hub.docker.com/r/${DOCKER_IMAGE%/*}/claude-relay-service)"$'\n'
MESSAGE+="• [GHCR](https://ghcr.io/${GHCR_IMAGE#ghcr.io/})"$'\n'$'\n'
MESSAGE+="• [Docker Hub](https://hub.docker.com/r/weishaw/claude-relay-service)"$'\n'$'\n'
MESSAGE+="#ClaudeRelay #Update #v${VERSION//./_}"
# 使用 jq 构建 JSON 并发送

62
.github/workflows/sync-model-pricing.yml vendored
View File

@@ -1,62 +0,0 @@
name: 同步模型价格数据
on:
schedule:
- cron: '*/10 * * * *'
workflow_dispatch: {}
jobs:
sync-pricing:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: 检出 price-mirror 分支
uses: actions/checkout@v4
with:
ref: price-mirror
fetch-depth: 0
- name: 下载上游价格文件
id: fetch
run: |
set -euo pipefail
curl -fsSL https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json \
-o model_prices_and_context_window.json.new
NEW_HASH=$(sha256sum model_prices_and_context_window.json.new | awk '{print $1}')
if [ -f model_prices_and_context_window.sha256 ]; then
OLD_HASH=$(cat model_prices_and_context_window.sha256 | tr -d ' \n\r')
else
OLD_HASH=""
fi
if [ "$NEW_HASH" = "$OLD_HASH" ]; then
echo "价格文件无变化,跳过提交"
echo "changed=false" >> "$GITHUB_OUTPUT"
rm -f model_prices_and_context_window.json.new
exit 0
fi
mv model_prices_and_context_window.json.new model_prices_and_context_window.json
echo "$NEW_HASH" > model_prices_and_context_window.sha256
echo "changed=true" >> "$GITHUB_OUTPUT"
echo "hash=$NEW_HASH" >> "$GITHUB_OUTPUT"
- name: 提交并推送变更
if: steps.fetch.outputs.changed == 'true'
env:
NEW_HASH: ${{ steps.fetch.outputs.hash }}
run: |
set -euo pipefail
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add model_prices_and_context_window.json model_prices_and_context_window.sha256
COMMIT_MSG="chore: 同步模型价格数据"
if [ -n "${NEW_HASH}" ]; then
COMMIT_MSG="$COMMIT_MSG (${NEW_HASH})"
fi
git commit -m "$COMMIT_MSG"
git push origin price-mirror

5
.gitignore vendored
View File

@@ -26,7 +26,6 @@ redis_data/
# Logs directory
logs/
logs1/
*.log
startup.log
app.log
@@ -217,10 +216,6 @@ local/
debug.log
error.log
access.log
http-debug*.log
logs/http-debug-*.log
src/middleware/debugInterceptor.js
# Session files
sessions/

482
CLAUDE.md
View File

@@ -6,89 +6,34 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
## 项目概述
Claude Relay Service 是一个多平台 AI API 中转服务,支持 **Claude (官方/Console)、Gemini、OpenAI Responses (Codex)、AWS Bedrock、Azure OpenAI、Droid (Factory.ai)、CCR** 等多种账户类型。提供完整的多账户管理、API Key 认证、代理配置、用户管理、LDAP认证、Webhook通知和现代化 Web 管理界面。该服务作为客户端(如 Claude Code、Gemini CLI、Codex、Droid CLI、Cherry Studio 等)与 AI API 之间的中间件,提供认证、限流、监控、定价计算、成本统计等功能。
Claude Relay Service 是一个功能完整的 AI API 中转服务,支持 Claude 和 Gemini 双平台。提供多账户管理、API Key 认证、代理配置和现代化 Web 管理界面。该服务作为客户端(如 SillyTavern、Claude Code、Gemini CLI与 AI API 之间的中间件,提供认证、限流、监控等功能。
## 核心架构
### 关键架构概念
- **统一调度系统**: 使用 unifiedClaudeScheduler、unifiedGeminiScheduler、unifiedOpenAIScheduler、droidScheduler 实现跨账户类型的智能调度
- **多账户类型支持**: 支持 claude-official、claude-console、bedrock、ccr、droid、gemini、openai-responses、azure-openai 等账户类型
- **代理认证流**: 客户端用自建API Key → 验证 → 统一调度器选择账户 → 获取账户token → 转发到对应API
- **代理认证流**: 客户端用自建API Key → 验证 → 获取Claude账户OAuth token → 转发到Anthropic
- **Token管理**: 自动监控OAuth token过期并刷新支持10秒提前刷新策略
- **代理支持**: 每个账户支持独立代理配置OAuth token交换也通过代理进行
- **数据加密**: 敏感数据refreshToken, accessToken, credentials使用AES加密存储在Redis
- **粘性会话**: 支持会话级别的账户绑定,同一会话使用同一账户,确保上下文连续性
- **权限控制**: API Key支持权限配置all/claude/gemini/openai等控制可访问的服务类型
- **客户端限制**: 基于User-Agent的客户端识别和限制支持ClaudeCode、Gemini-CLI等预定义客户端
- **模型黑名单**: 支持API Key级别的模型访问限制
- **并发请求排队**: 当API Key并发数超限时请求进入队列等待而非立即返回429支持配置最大排队数、超时时间适用于Claude Code Agent并行工具调用场景
- **代理支持**: 每个Claude账户支持独立代理配置OAuth token交换也通过代理进行
- **数据加密**: 敏感数据refreshToken, accessToken使用AES加密存储在Redis
### 主要服务组件
#### 核心转发服务
- **claudeRelayService.js**: Claude官方API转发处理OAuth认证和流式响应
- **claudeConsoleRelayService.js**: Claude Console账户转发服务
- **geminiRelayService.js**: Gemini API转发服务
- **bedrockRelayService.js**: AWS Bedrock API转发服务
- **azureOpenaiRelayService.js**: Azure OpenAI API转发服务
- **droidRelayService.js**: Droid (Factory.ai) API转发服务
- **ccrRelayService.js**: CCR账户转发服务
- **openaiResponsesRelayService.js**: OpenAI Responses (Codex) 转发服务
#### 账户管理服务
- **claudeAccountService.js**: Claude官方账户管理OAuth token刷新和账户选择
- **claudeConsoleAccountService.js**: Claude Console账户管理
- **geminiAccountService.js**: Gemini账户管理Google OAuth token刷新
- **bedrockAccountService.js**: AWS Bedrock账户管理
- **azureOpenaiAccountService.js**: Azure OpenAI账户管理
- **droidAccountService.js**: Droid账户管理
- **ccrAccountService.js**: CCR账户管理
- **openaiResponsesAccountService.js**: OpenAI Responses账户管理
- **openaiAccountService.js**: OpenAI兼容账户管理
- **accountGroupService.js**: 账户组管理,支持账户分组和优先级
#### 统一调度器
- **unifiedClaudeScheduler.js**: Claude多账户类型统一调度claude-official/console/bedrock/ccr
- **unifiedGeminiScheduler.js**: Gemini账户统一调度
- **unifiedOpenAIScheduler.js**: OpenAI兼容服务统一调度
- **droidScheduler.js**: Droid账户调度
#### 核心功能服务
- **apiKeyService.js**: API Key管理验证、限流、使用统计、成本计算
- **userService.js**: 用户管理系统支持用户注册、登录、API Key管理
- **userMessageQueueService.js**: 用户消息串行队列,防止同账户并发用户消息触发限流
- **pricingService.js**: 定价服务,模型价格管理和成本计算
- **costInitService.js**: 成本数据初始化服务
- **webhookService.js**: Webhook通知服务
- **webhookConfigService.js**: Webhook配置管理
- **ldapService.js**: LDAP认证服务
- **tokenRefreshService.js**: Token自动刷新服务
- **rateLimitCleanupService.js**: 速率限制状态清理服务
- **claudeCodeHeadersService.js**: Claude Code客户端请求头处理
#### 工具服务
- **claudeRelayService.js**: 核心代理服务,处理请求转发和流式响应
- **claudeAccountService.js**: Claude账户管理OAuth token刷新和账户选择
- **geminiAccountService.js**: Gemini账户管理Google OAuth token刷新和账户选择
- **apiKeyService.js**: API Key管理验证、限流和使用统计
- **oauthHelper.js**: OAuth工具PKCE流程实现和代理支持
- **workosOAuthHelper.js**: WorkOS OAuth集成
- **openaiToClaude.js**: OpenAI格式到Claude格式的转换
### 认证和代理流程
1. 客户端使用自建API Keycr\_前缀格式发送请求到对应路由(/api、/claude、/gemini、/openai、/droid等
2. **authenticateApiKey中间件**验证API Key有效性速率限制、权限、客户端限制、模型黑名单
3. **统一调度器**(如 unifiedClaudeScheduler根据请求模型、会话hash、API Key权限选择最优账户
4. 检查选中账户的token有效性过期则自动刷新使用代理
5. 根据账户类型调用对应的转发服务claudeRelayService、geminiRelayService等
6. 移除客户端API Key使用账户凭据OAuth Bearer token、API Key等转发请求
7. 通过账户配置的代理发送到目标APIAnthropic、Google、AWS等
8. 流式或非流式返回响应捕获真实usage数据
9. 记录使用统计input/output/cache_create/cache_read tokens和成本计算
10. 更新速率限制计数器和并发控制
1. 客户端使用自建API Keycr\_前缀格式发送请求
2. authenticateApiKey中间件验证API Key有效性速率限制
3. claudeAccountService自动选择可用Claude账户
4. 检查OAuth access token有效性过期则自动刷新使用代理
5. 移除客户端API Key使用OAuth Bearer token转发请求
6. 通过账户配置的代理发送到Anthropic API
7. 流式或非流式返回响应,记录使用统计
### OAuth集成
@@ -97,51 +42,6 @@ Claude Relay Service 是一个多平台 AI API 中转服务,支持 **Claude (
- **代理支持**: OAuth授权和token交换全程支持代理配置
- **安全存储**: claudeAiOauth数据加密存储包含accessToken、refreshToken、scopes
## 新增功能概览(相比旧版本)
### 多平台支持
-**Claude Console账户**: 支持Claude Console类型账户
-**AWS Bedrock**: 完整的AWS Bedrock API支持
-**Azure OpenAI**: Azure OpenAI服务支持
-**Droid (Factory.ai)**: Factory.ai API支持
-**CCR账户**: CCR凭据支持
-**OpenAI兼容**: OpenAI格式转换和Responses格式支持
### 用户和权限系统
-**用户管理**: 完整的用户注册、登录、API Key管理系统
-**LDAP认证**: 企业级LDAP/Active Directory集成
-**权限控制**: API Key级别的服务权限all/claude/gemini/openai
-**客户端限制**: 基于User-Agent的客户端识别和限制
-**模型黑名单**: API Key级别的模型访问控制
### 统一调度和会话管理
-**统一调度器**: 跨账户类型的智能调度系统
-**粘性会话**: 会话级账户绑定,支持自动续期
-**并发控制**: Redis Sorted Set实现的并发限制
-**负载均衡**: 自动账户选择和故障转移
### 成本和监控
-**定价服务**: 模型价格管理和自动成本计算
-**成本统计**: 详细的token使用和费用统计
-**缓存监控**: 全局缓存统计和命中率分析
-**实时指标**: 可配置窗口的实时统计METRICS_WINDOW
### Webhook和通知
-**Webhook系统**: 事件通知和Webhook配置管理
-**多URL支持**: 支持多个Webhook URL逗号分隔
### 高级功能
-**529错误处理**: 自动识别Claude过载状态并暂时排除账户
-**HTTP调试**: DEBUG_HTTP_TRAFFIC模式详细记录HTTP请求/响应
-**数据迁移**: 完整的数据导入导出工具(含加密/脱敏)
-**自动清理**: 并发计数、速率限制、临时错误状态自动清理
## 常用命令
### 基本开发命令
@@ -169,52 +69,19 @@ npm run service:logs # 查看日志
npm run service:stop # 停止服务
### 开发环境配置
#### 必须配置的环境变量
必须配置的环境变量:
- `JWT_SECRET`: JWT密钥32字符以上随机字符串
- `ENCRYPTION_KEY`: 数据加密密钥32字符固定长度
- `REDIS_HOST`: Redis主机地址默认localhost
- `REDIS_PORT`: Redis端口默认6379
- `REDIS_PASSWORD`: Redis密码可选
#### 新增重要环境变量(可选)
- `USER_MANAGEMENT_ENABLED`: 启用用户管理系统默认false
- `LDAP_ENABLED`: 启用LDAP认证默认false
- `LDAP_URL`: LDAP服务器地址如 ldaps://ldap.example.com:636
- `LDAP_TLS_REJECT_UNAUTHORIZED`: LDAP证书验证默认true
- `WEBHOOK_ENABLED`: 启用Webhook通知默认true
- `WEBHOOK_URLS`: Webhook通知URL列表逗号分隔
- `CLAUDE_OVERLOAD_HANDLING_MINUTES`: Claude 529错误处理持续时间分钟0表示禁用
- `STICKY_SESSION_TTL_HOURS`: 粘性会话TTL小时默认1
- `STICKY_SESSION_RENEWAL_THRESHOLD_MINUTES`: 粘性会话续期阈值分钟默认0
- `USER_MESSAGE_QUEUE_ENABLED`: 启用用户消息串行队列默认false
- `USER_MESSAGE_QUEUE_DELAY_MS`: 用户消息请求间隔毫秒默认200
- `USER_MESSAGE_QUEUE_TIMEOUT_MS`: 队列等待超时毫秒默认5000锁持有时间短无需长等待
- `USER_MESSAGE_QUEUE_LOCK_TTL_MS`: 锁TTL毫秒默认5000请求发送后立即释放无需长TTL
- `METRICS_WINDOW`: 实时指标统计窗口分钟1-60默认5
- `MAX_API_KEYS_PER_USER`: 每用户最大API Key数量默认1
- `ALLOW_USER_DELETE_API_KEYS`: 允许用户删除自己的API Keys默认false
- `DEBUG_HTTP_TRAFFIC`: 启用HTTP请求/响应调试日志默认false仅开发环境
- `PROXY_USE_IPV4`: 代理使用IPv4默认true
- `REQUEST_TIMEOUT`: 请求超时时间毫秒默认600000即10分钟
- `CLEAR_CONCURRENCY_QUEUES_ON_STARTUP`: 启动时清理残留的并发排队计数器默认true多实例部署时建议设为false
#### AWS Bedrock配置可选
- `CLAUDE_CODE_USE_BEDROCK`: 启用Bedrock设置为1启用
- `AWS_REGION`: AWS默认区域默认us-east-1
- `ANTHROPIC_MODEL`: Bedrock默认模型
- `ANTHROPIC_SMALL_FAST_MODEL`: Bedrock小型快速模型
- `ANTHROPIC_SMALL_FAST_MODEL_AWS_REGION`: 小型模型区域
- `CLAUDE_CODE_MAX_OUTPUT_TOKENS`: 最大输出tokens默认4096
- `MAX_THINKING_TOKENS`: 最大思考tokens默认1024
- `DISABLE_PROMPT_CACHING`: 禁用提示缓存设置为1禁用
#### 初始化命令
初始化命令:
```bash
cp config/config.example.js config/config.js
cp .env.example .env
npm run setup # 自动生成密钥并创建管理员账户
```
````
## Web界面功能
@@ -228,82 +95,31 @@ npm run setup # 自动生成密钥并创建管理员账户
### 核心管理功能
- **实时仪表板**: 系统统计、账户状态、使用量监控、实时指标METRICS_WINDOW配置窗口
- **API Key管理**: 创建、配额设置、使用统计查看、权限配置、客户端限制、模型黑名单
- **多平台账户管理**:
- Claude账户官方/Console: OAuth账户添加、代理配置、状态监控
- Gemini账户: Google OAuth授权、代理配置
- OpenAI Responses (Codex)账户: API Key配置
- AWS Bedrock账户: AWS凭据配置
- Azure OpenAI账户: Azure凭据和端点配置
- Droid账户: Factory.ai API Key配置
- CCR账户: CCR凭据配置
- **用户管理**: 用户注册、登录、API Key分配USER_MANAGEMENT_ENABLED启用时
- **系统日志**: 实时日志查看多级别过滤HTTP调试日志DEBUG_HTTP_TRAFFIC启用时
- **Webhook配置**: Webhook URL管理、事件配置
- **实时仪表板**: 系统统计、账户状态、使用量监控
- **API Key管理**: 创建、配额设置、使用统计查看
- **Claude账户管理**: OAuth账户添加、代理配置、状态监控
- **系统日志**: 实时日志查看,多级别过滤
- **主题系统**: 支持明亮/暗黑模式切换,自动保存用户偏好设置
- **成本分析**: 详细的token使用和成本统计基于pricingService
- **缓存监控**: 解密缓存统计和性能监控
## 重要端点
### API转发端点(多路由支持)
### API转发端点
#### Claude服务路由
- `POST /api/v1/messages` - Claude消息处理支持流式
- `POST /claude/v1/messages` - Claude消息处理别名路由
- `POST /v1/messages/count_tokens` - Token计数Beta API
- `GET /api/v1/models` - 模型列表
- `POST /api/v1/messages` - 主要消息处理端点(支持流式)
- `GET /api/v1/models` - 模型列表(兼容性
- `GET /api/v1/usage` - 使用统计查询
- `GET /api/v1/key-info` - API Key信息
- `GET /v1/me` - 用户信息Claude Code客户端需要
- `GET /v1/organizations/:org_id/usage` - 组织使用统计
#### Gemini服务路由
- `POST /gemini/v1/models/:model:generateContent` - 标准Gemini API格式
- `POST /gemini/v1/models/:model:streamGenerateContent` - Gemini流式
- `GET /gemini/v1/models` - Gemini模型列表
- 其他Gemini兼容路由保持向后兼容
### OAuth管理端点
#### OpenAI兼容路由
- `POST /openai/v1/chat/completions` - OpenAI格式转发支持responses格式
- `POST /openai/claude/v1/chat/completions` - OpenAI格式转Claude
- `POST /openai/gemini/v1/chat/completions` - OpenAI格式转Gemini
- `GET /openai/v1/models` - OpenAI格式模型列表
#### Droid (Factory.ai) 路由
- `POST /droid/claude/v1/messages` - Droid Claude转发
- `POST /droid/openai/v1/chat/completions` - Droid OpenAI转发
#### Azure OpenAI 路由
- `POST /azure/...` - Azure OpenAI API转发
### 管理端点
#### OAuth和账户管理
- `POST /admin/claude-accounts/generate-auth-url` - 生成OAuth授权URL含代理
- `POST /admin/claude-accounts/exchange-code` - 交换authorization code
- `POST /admin/claude-accounts` - 创建Claude OAuth账户
- 各平台账户CRUD端点gemini、openai、bedrock、azure、droid、ccr
#### 用户管理USER_MANAGEMENT_ENABLED启用时
- `POST /users/register` - 用户注册
- `POST /users/login` - 用户登录
- `GET /users/profile` - 用户资料
- `POST /users/api-keys` - 创建用户API Key
#### Webhook管理
- `GET /admin/webhook/configs` - 获取Webhook配置
- `POST /admin/webhook/configs` - 创建Webhook配置
- `PUT /admin/webhook/configs/:id` - 更新Webhook配置
- `DELETE /admin/webhook/configs/:id` - 删除Webhook配置
- `POST /admin/claude-accounts` - 创建OAuth账户
### 系统端点
- `GET /health` - 健康检查(包含组件状态、版本、内存等)
- `GET /metrics` - 系统指标使用统计、uptime、内存
- `GET /web` - 传统Web管理界面
- `GET /admin-next/` - 新版SPA管理界面主界面
- `GET /health` - 健康检查
- `GET /web` - Web管理界面
- `GET /admin/dashboard` - 系统概览数据
## 故障排除
@@ -322,72 +138,17 @@ npm run setup # 自动生成密钥并创建管理员账户
### 常见开发问题
1. **Redis连接失败**: 确认Redis服务运行检查REDIS_HOST、REDIS_PORT、REDIS_PASSWORD配置
2. **管理员登录失败**: 检查data/init.json存在运行npm run setup重新初始化
3. **API Key格式错误**: 确保使用cr\_前缀格式可通过API_KEY_PREFIX配置修改
4. **代理连接问题**: 验证SOCKS5/HTTP代理配置和认证信息检查PROXY_USE_IPV4设置
5. **粘性会话失效**: 检查Redis中session数据确认STICKY_SESSION_TTL_HOURS配置通过Nginx代理时需添加 `underscores_in_headers on;`
6. **LDAP认证失败**:
- 检查LDAP_URL、LDAP_BIND_DN、LDAP_BIND_PASSWORD配置
- 自签名证书问题:设置 LDAP_TLS_REJECT_UNAUTHORIZED=false
- 查看日志中的LDAP连接错误详情
7. **用户管理功能不可用**: 确认USER_MANAGEMENT_ENABLED=true检查userService初始化
8. **Webhook通知失败**:
- 确认WEBHOOK_ENABLED=true
- 检查WEBHOOK_URLS格式逗号分隔
- 查看logs/webhook-*.log日志
9. **统一调度器选择账户失败**:
- 检查账户状态status: 'active'
- 确认账户类型与请求路由匹配
- 查看粘性会话绑定情况
10. **并发计数泄漏**: 系统每分钟自动清理过期并发计数concurrency cleanup task重启时也会自动清理
11. **速率限制未清理**: rateLimitCleanupService每5分钟自动清理过期限流状态
12. **成本统计不准确**: 运行 `npm run init:costs` 初始化成本数据检查pricingService是否正确加载模型价格
13. **缓存命中率低**: 查看缓存监控统计调整LRU缓存大小配置
14. **用户消息队列超时**: 优化后锁持有时间已从分钟级降到毫秒级(请求发送后立即释放),默认 `USER_MESSAGE_QUEUE_TIMEOUT_MS=5000` 已足够。如仍有超时,检查网络延迟或禁用此功能(`USER_MESSAGE_QUEUE_ENABLED=false`
15. **并发请求排队问题**:
- 排队超时:检查 `concurrentRequestQueueTimeoutMs` 配置是否合理默认10秒
- 排队数过多:调整 `concurrentRequestQueueMaxSize` 和 `concurrentRequestQueueMaxSizeMultiplier`
- 查看排队统计:访问 `/admin/concurrency-queue/stats` 接口查看 entered/success/timeout/cancelled/socket_changed/rejected_overload 统计
- 排队计数泄漏:系统重启时自动清理,或访问 `/admin/concurrency-queue` DELETE 接口手动清理
- Socket 身份验证失败:查看 `socket_changed` 统计,如果频繁发生,检查代理配置或客户端连接稳定性
- 健康检查拒绝:查看 `rejected_overload` 统计,表示队列过载时的快速失败次数
### 代理配置要求(并发请求排队)
使用并发请求排队功能时,需要正确配置代理(如 Nginx的超时参数
- **推荐配置**: `proxy_read_timeout >= max(2 × concurrentRequestQueueTimeoutMs, 60s)`
- 当前默认排队超时 10 秒Nginx 默认 `proxy_read_timeout = 60s` 已满足要求
- 如果调整排队超时到 60 秒,推荐代理超时 ≥ 120 秒
- **Nginx 配置示例**:
```nginx
location /api/ {
proxy_read_timeout 120s; # 排队超时 60s 时推荐 120s
proxy_connect_timeout 10s;
# ...其他配置
}
```
- **企业防火墙环境**:
- 某些企业防火墙可能静默关闭长时间无数据的连接20-40 秒)
- 如遇此问题,联系网络管理员调整空闲连接超时策略
- 或降低 `concurrentRequestQueueTimeoutMs` 配置
- **后续升级说明**: 如有需要,后续版本可能提供可选的轻量级心跳机制
1. **Redis连接失败**: 确认Redis服务运行检查连接配置
2. **管理员登录失败**: 检查init.json同步到Redis运行npm run setup
3. **API Key格式错误**: 确保使用cr\_前缀格式
4. **代理连接问题**: 验证SOCKS5/HTTP代理配置和认证信息
### 调试工具
- **日志系统**: Winston结构化日志支持不同级别logs/目录下分类存储
- `logs/claude-relay-*.log` - 应用主日志
- `logs/token-refresh-error.log` - Token刷新错误
- `logs/webhook-*.log` - Webhook通知日志
- `logs/http-debug-*.log` - HTTP调试日志DEBUG_HTTP_TRAFFIC=true时
- **CLI工具**: 命令行状态查看和管理npm run cli
- **Web界面**: 实时日志查看和系统监控(/admin-next/
- **健康检查**: /health端点提供系统状态redis、logger、内存、版本等
- **系统指标**: /metrics端点提供详细的使用统计和性能指标
- **缓存监控**: cacheMonitor提供全局缓存统计和命中率分析
- **数据导出工具**: npm run data:export 导出Redis数据进行调试
- **Redis Key调试**: npm run data:debug 查看所有Redis键
- **日志系统**: Winston结构化日志支持不同级别
- **CLI工具**: 命令行状态查看和管理
- **Web界面**: 实时日志查看和系统监控
- **健康检查**: /health端点提供系统状态
## 开发最佳实践
@@ -436,66 +197,23 @@ npm run setup # 自动生成密钥并创建管理员账户
### 常见文件位置
- 核心服务逻辑:`src/services/` 目录30+服务文件)
- 路由处理:`src/routes/` 目录api.js、admin.js、geminiRoutes.js、openaiRoutes.js等13个路由文件
- 中间件:`src/middleware/` 目录auth.js、browserFallback.js、debugInterceptor.js等
- 配置管理:`config/config.js`(完整的多平台配置)
- 核心服务逻辑:`src/services/` 目录
- 路由处理:`src/routes/` 目录
- 中间件:`src/middleware/` 目录
- 配置管理:`config/config.js`
- Redis 模型:`src/models/redis.js`
- 工具函数:`src/utils/` 目录
- `logger.js` - 日志系统
- `oauthHelper.js` - OAuth工具
- `proxyHelper.js` - 代理工具
- `sessionHelper.js` - 会话管理
- `cacheMonitor.js` - 缓存监控
- `costCalculator.js` - 成本计算
- `rateLimitHelper.js` - 速率限制
- `webhookNotifier.js` - Webhook通知
- `tokenMask.js` - Token脱敏
- `workosOAuthHelper.js` - WorkOS OAuth
- `modelHelper.js` - 模型工具
- `inputValidator.js` - 输入验证
- CLI工具`cli/index.js` 和 `src/cli/` 目录
- 脚本目录:`scripts/` 目录
- `setup.js` - 初始化脚本
- `manage.js` - 服务管理
- `migrate-apikey-expiry.js` - API Key过期迁移
- `fix-usage-stats.js` - 使用统计修复
- `data-transfer.js` / `data-transfer-enhanced.js` - 数据导入导出
- `update-model-pricing.js` - 模型价格更新
- `test-pricing-fallback.js` - 价格回退测试
- `debug-redis-keys.js` - Redis调试
- 前端主题管理:`web/admin-spa/src/stores/theme.js`
- 前端组件:`web/admin-spa/src/components/` 目录
- 前端页面:`web/admin-spa/src/views/` 目录
- 初始化数据:`data/init.json`(管理员凭据存储)
- 日志目录:`logs/`(各类日志文件)
### 重要架构决策
- **统一调度系统**: 使用统一调度器unifiedClaudeScheduler等实现跨账户类型的智能调度支持粘性会话、负载均衡、故障转移
- **多账户类型支持**: 支持8种账户类型claude-official、claude-console、bedrock、ccr、droid、gemini、openai-responses、azure-openai
- **加密存储**: 所有敏感数据OAuth token、refreshToken、credentials都使用 AES 加密存储在 Redis
- **独立代理**: 每个账户支持独立的代理配置SOCKS5/HTTP包括OAuth授权流程
- **API Key哈希**: 使用SHA-256哈希存储支持自定义前缀默认 `cr_`
- **权限系统**: API Key支持细粒度权限控制all/claude/gemini/openai等
- **请求流程**: API Key验证含权限、客户端、模型黑名单 → 统一调度器选择账户 → Token刷新如需→ 请求转发 → Usage捕获 → 成本计算
- **流式响应**: 支持SSE流式响应实时捕获真实usage数据客户端断开时自动清理资源AbortController
- **粘性会话**: 基于请求内容hash的会话绑定同一会话始终使用同一账户支持自动续期
- **自动清理**: 定时清理任务过期Key、错误账户、临时错误、并发计数、速率限制状态
- **缓存优化**: 多层LRU缓存解密缓存、账户缓存全局缓存监控和统计
- **成本追踪**: 实时token使用统计input/output/cache_create/cache_read和成本计算基于pricingService
- **并发控制**: Redis Sorted Set实现的并发计数支持自动过期清理
- **并发请求排队**: 当API Key并发超限时请求进入队列等待而非直接返回429
- **工作原理**: 采用「先占后检查」模式,每次轮询尝试占位,超限则释放继续等待
- **指数退避**: 初始200ms指数增长至最大2秒带±20%抖动防惊群效应
- **智能清理**: 排队计数有TTL保护超时+30秒进程崩溃也能自动清理
- **Socket身份验证**: 使用UUID token + socket对象引用双重验证避免HTTP Keep-Alive连接复用导致的身份混淆
- **健康检查**: P90等待时间超过阈值时快速失败返回429避免新请求在过载时继续排队
- **配置参数**: `concurrentRequestQueueEnabled`默认false、`concurrentRequestQueueMaxSize`默认3、`concurrentRequestQueueMaxSizeMultiplier`默认0、`concurrentRequestQueueTimeoutMs`默认10秒、`concurrentRequestQueueMaxRedisFailCount`默认5、`concurrentRequestQueueHealthCheckEnabled`默认true、`concurrentRequestQueueHealthThreshold`默认0.8
- **最大排队数**: max(固定值, 并发限制×倍数),例如并发限制=10、倍数=2时最大排队数=20
- **适用场景**: Claude Code Agent并行工具调用、批量请求处理
- **客户端识别**: 基于User-Agent的客户端限制支持预定义客户端ClaudeCode、Gemini-CLI等
- **错误处理**: 529错误自动标记账户过载状态配置时长内自动排除该账户
- 所有敏感数据OAuth token、refreshToken都使用 AES 加密存储在 Redis
- 每个 Claude 账户支持独立的代理配置,包括 SOCKS5 和 HTTP 代理
- API Key 使用哈希存储,支持 `cr_` 前缀格式
- 请求流程API Key 验证 → 账户选择 → Token 刷新(如需)→ 请求转发
- 支持流式和非流式响应,客户端断开时自动清理资源
### 核心数据流和性能优化
@@ -517,115 +235,36 @@ npm run setup # 自动生成密钥并创建管理员账户
### Redis 数据结构
- **API Keys**:
- `api_key:{id}` - API Key详细信息含权限、客户端限制、模型黑名单等
- `api_key_hash:{hash}` - 哈希到ID的快速映射
- `api_key_usage:{keyId}` - 使用统计数据
- `api_key_cost:{keyId}` - 成本统计数据
- **账户数据**(多类型):
- `claude_account:{id}` - Claude官方账户加密的OAuth数据
- `claude_console_account:{id}` - Claude Console账户
- `gemini_account:{id}` - Gemini账户
- `openai_responses_account:{id}` - OpenAI Responses账户
- `bedrock_account:{id}` - AWS Bedrock账户
- `azure_openai_account:{id}` - Azure OpenAI账户
- `droid_account:{id}` - Droid账户
- `ccr_account:{id}` - CCR账户
- **用户管理**:
- `user:{id}` - 用户信息
- `user_email:{email}` - 邮箱到用户ID映射
- `user_session:{token}` - 用户会话
- **管理员**:
- `admin:{id}` - 管理员信息
- `admin_username:{username}` - 用户名映射
- `admin_credentials` - 管理员凭据从data/init.json同步
- **会话管理**:
- `session:{token}` - JWT会话管理
- `sticky_session:{sessionHash}` - 粘性会话账户绑定
- `session_window:{accountId}` - 账户会话窗口
- **使用统计**:
- `usage:daily:{date}:{key}:{model}` - 按日期、Key、模型的使用统计
- `usage:account:{accountId}:{date}` - 按账户的使用统计
- `usage:global:{date}` - 全局使用统计
- **速率限制**:
- `rate_limit:{keyId}:{window}` - 速率限制计数器
- `rate_limit_state:{accountId}` - 账户限流状态
- `overload:{accountId}` - 账户过载状态529错误
- **并发控制**:
- `concurrency:{accountId}` - Redis Sorted Set实现的并发计数
- **并发请求排队**:
- `concurrency:queue:{apiKeyId}` - API Key级别的排队计数器TTL由 `concurrentRequestQueueTimeoutMs` + 30秒缓冲决定
- `concurrency:queue:stats:{apiKeyId}` - 排队统计entered/success/timeout/cancelled
- `concurrency:queue:wait_times:{apiKeyId}` - 按API Key的等待时间记录用于P50/P90/P99计算
- `concurrency:queue:wait_times:global` - 全局等待时间记录
- **Webhook配置**:
- `webhook_config:{id}` - Webhook配置
- **用户消息队列**:
- `user_msg_queue_lock:{accountId}` - 用户消息队列锁当前持有者requestId
- `user_msg_queue_last:{accountId}` - 上次请求完成时间戳(用于延迟计算)
- **系统信息**:
- `system_info` - 系统状态缓存
- `model_pricing` - 模型价格数据pricingService
- **API Keys**: `api_key:{id}` (详细信息) + `api_key_hash:{hash}` (快速查找)
- **Claude 账户**: `claude_account:{id}` (加密的 OAuth 数据)
- **管理员**: `admin:{id}` + `admin_username:{username}` (用户名映射)
- **会话**: `session:{token}` (JWT 会话管理)
- **使用统计**: `usage:daily:{date}:{key}:{model}` (多维度统计)
- **系统信息**: `system_info` (系统状态缓存)
### 流式响应处理
- 支持 SSE (Server-Sent Events) 流式传输,实时推送响应数据
- 自动从SSE流中解析真实usage数据input/output/cache_create/cache_read tokens
- 客户端断开时通过 AbortController 清理资源和并发计数
- 错误时发送适当的 SSE 错误事件(带时间戳和错误类型)
- 支持大文件流式传输REQUEST_TIMEOUT配置超时时间
- 禁用Nagle算法确保数据立即发送socket.setNoDelay
- 设置 `X-Accel-Buffering: no` 禁用Nginx缓冲
- 支持 SSE (Server-Sent Events) 流式传输
- 自动从流中解析 usage 数据并记录
- 客户端断开时通过 AbortController 清理资源
- 错误时发送适当的 SSE 错误事件
### CLI 工具使用示例
```bash
# API Key管理
# 创建新的 API Key
npm run cli keys create -- --name "MyApp" --limit 1000
npm run cli keys list
npm run cli keys delete -- --id <keyId>
npm run cli keys update -- --id <keyId> --limit 2000
# 系统状态查看
npm run cli status # 查看系统概况
npm run status # 统一状态脚本
npm run status:detail # 详细状态
# 查看系统状态
npm run cli status
# Claude账户管理
# 管理 Claude 账户
npm run cli accounts list
npm run cli accounts refresh <accountId>
npm run cli accounts add -- --name "Account1"
# Gemini账户管理
npm run cli gemini list
npm run cli gemini add -- --name "Gemini1"
# 管理员操作
npm run cli admin create -- --username admin2
npm run cli admin reset-password -- --username admin
npm run cli admin list
# 数据管理
npm run data:export # 导出Redis数据
npm run data:export:sanitized # 导出脱敏数据
npm run data:export:enhanced # 增强导出(含解密)
npm run data:export:encrypted # 导出加密数据
npm run data:import # 导入数据
npm run data:import:enhanced # 增强导入
npm run data:debug # 调试Redis键
# 数据迁移和修复
npm run migrate:apikey-expiry # API Key过期时间迁移
npm run migrate:apikey-expiry:dry # 干跑模式
npm run migrate:fix-usage-stats # 修复使用统计
# 成本和定价
npm run init:costs # 初始化成本数据
npm run update:pricing # 更新模型价格
npm run test:pricing-fallback # 测试价格回退
# 监控
npm run monitor # 增强监控脚本
```
# important-instruction-reminders
@@ -634,4 +273,3 @@ Do what has been asked; nothing more, nothing less.
NEVER create files unless they're absolutely necessary for achieving your goal.
ALWAYS prefer editing an existing file to creating a new one.
NEVER proactively create documentation files (\*.md) or README files. Only create documentation files if explicitly requested by the User.
````

29
Dockerfile
View File

@@ -1,17 +1,4 @@
# 🎯 后端依赖阶段 (与前端构建并行)
FROM node:18-alpine AS backend-deps
# 📁 设置工作目录
WORKDIR /app
# 📦 复制 package 文件
COPY package*.json ./
# 🔽 安装依赖 (生产环境) - 使用 BuildKit 缓存加速
RUN --mount=type=cache,target=/root/.npm \
npm ci --only=production
# 🎯 前端构建阶段 (与后端依赖并行)
# 🎯 前端构建阶段
FROM node:18-alpine AS frontend-builder
# 📁 设置工作目录
@@ -20,9 +7,8 @@ WORKDIR /app/web/admin-spa
# 📦 复制前端依赖文件
COPY web/admin-spa/package*.json ./
# 🔽 安装前端依赖 - 使用 BuildKit 缓存加速
RUN --mount=type=cache,target=/root/.npm \
npm ci
# 🔽 安装前端依赖
RUN npm ci
# 📋 复制前端源代码
COPY web/admin-spa/ ./
@@ -48,16 +34,17 @@ RUN apk add --no-cache \
# 📁 设置工作目录
WORKDIR /app
# 📦 复制 package 文件 (用于版本信息等)
# 📦 复制 package 文件
COPY package*.json ./
# 📦 从后端依赖阶段复制 node_modules (已预装好)
COPY --from=backend-deps /app/node_modules ./node_modules
# 🔽 安装依赖 (生产环境)
RUN npm ci --only=production && \
npm cache clean --force
# 📋 复制应用代码
COPY . .
# 📦 从前端构建阶段复制前端产物
# 📦 从构建阶段复制前端产物
COPY --from=frontend-builder /app/web/admin-spa/dist /app/web/admin-spa/dist
# 🔧 复制并设置启动脚本权限

6
Makefile
View File

@@ -1,7 +1,7 @@
# Claude Relay Service Makefile
# 功能完整的 AI API 中转服务,支持 Claude 和 Gemini 双平台
.PHONY: help install setup dev start test lint clean docker-up docker-down service-start service-stop service-status logs cli-admin cli-keys cli-accounts cli-status ci-release-trigger
.PHONY: help install setup dev start test lint clean docker-up docker-down service-start service-stop service-status logs cli-admin cli-keys cli-accounts cli-status
# 默认目标:显示帮助信息
help:
@@ -185,10 +185,6 @@ quick-daemon: setup service-daemon
@echo "运行 'make service-status' 查看状态"
@echo "运行 'make logs-follow' 查看实时日志"
# CI 触发占位目标:用于在不影响功能的情况下触发自动发布
ci-release-trigger:
@echo "⚙️ 触发自动发布流水线的占位目标,避免引入功能变更"
# 全栈开发环境
dev-full: install install-web build-web setup dev
@echo "🚀 全栈开发环境启动!"

538
README.md
View File

@@ -11,23 +11,16 @@
**🔐 自行搭建Claude API中转服务支持多账户管理**
[English](README_EN.md) • [快速开始](https://pincc.ai/) • [演示站点](https://demo.pincc.ai/admin-next/login) • [公告频道](https://t.me/claude_relay_service)
[English](#english) • [中文文档](#中文文档) • [📸 界面预览](docs/preview.md) • [📢 公告频道](https://t.me/claude_relay_service)
</div>
---
## 💎 Claude/Codex 拼车服务推荐
## ⭐ 如果觉得有用点个Star支持一下吧
<div align="center">
| 平台 | 类型 | 服务 | 介绍 |
|:---|:---|:---|:---|
| **[pincc.ai](https://pincc.ai/)** | 🏆 **官方运营** | <small>✅ Claude Code<br>✅ Codex CLI</small> | 项目直营,提供稳定的 Claude Code / Codex CLI 拼车服务 |
| **[ctok.ai](https://ctok.ai/)** | 🤝 合作伙伴 | <small>✅ Claude Code<br>✅ Codex CLI</small> | 社区认证,提供 Claude Code / Codex CLI 拼车 |
</div>
> 开源不易你的Star是我持续更新的动力 🚀
> 欢迎加入 [Telegram 公告频道](https://t.me/claude_relay_service) 获取最新动态
---
@@ -49,14 +42,27 @@
如果有以上困惑,那这个项目可能适合你。
> 💡 **热心网友福利**
> 热心网友正在用本项目正在拼车官方Claude Code Max 20X 200刀版本是现在最稳定的方案。
> 有需要自取: [https://ctok.ai/](https://ctok.ai/)
### 适合的场景
**找朋友拼车**: 三五好友一起分摊Claude Code Max订阅
**找朋友拼车**: 三五好友一起分摊Claude Code Max订阅Opus爽用
**隐私敏感**: 不想让第三方镜像看到你的对话内容
**技术折腾**: 有基本的技术基础,愿意自己搭建和维护
**稳定需求**: 需要长期稳定的Claude访问不想受制于镜像站
**地区受限**: 无法直接访问Claude官方服务
### 不适合的场景
**纯小白**: 完全不懂技术,连服务器都不会买
**偶尔使用**: 一个月用不了几次,没必要折腾
**注册问题**: 无法自行注册Claude账号
**支付问题**: 没有支付渠道订阅Claude Code
**如果你只是普通用户,对隐私要求不高,随便玩玩、想快速体验 Claude那选个你熟知的镜像站会更合适。**
---
## 💭 为什么要自己搭?
@@ -78,6 +84,8 @@
## 🚀 核心功能
> 📸 **[点击查看界面预览](docs/preview.md)** - 查看Web管理界面的详细截图
### 基础功能
-**多账户管理**: 可以添加多个Claude账户自动轮换
@@ -126,7 +134,13 @@
### 快速安装
```bash
curl -fsSL https://pincc.ai/manage.sh -o manage.sh && chmod +x manage.sh && ./manage.sh install
# 下载并运行管理脚本
curl -fsSL https://raw.githubusercontent.com/Wei-Shaw/claude-relay-service/main/scripts/manage.sh -o manage.sh
chmod +x manage.sh
./manage.sh install
# 安装后可以使用 crs 命令管理服务
crs # 显示交互式菜单
```
### 脚本功能
@@ -236,6 +250,11 @@ REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_PASSWORD=
# Webhook通知配置可选
WEBHOOK_ENABLED=true
WEBHOOK_URLS=https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=your-key
WEBHOOK_TIMEOUT=10000
WEBHOOK_RETRIES=3
```
**编辑 `config/config.js` 文件:**
@@ -284,15 +303,60 @@ npm run service:status
## 🐳 Docker 部署
### Docker compose
### 使用 Docker Hub 镜像(最简单)
#### 第一步下载构建docker-compose.yml文件的脚本并执行
```bash
curl -fsSL https://pincc.ai/crs-compose.sh -o crs-compose.sh && chmod +x crs-compose.sh && ./crs-compose.sh
```
> 🚀 使用官方镜像,自动构建,始终保持最新版本
#### 第二步:启动
```bash
# 拉取镜像(支持 amd64 和 arm64
docker pull weishaw/claude-relay-service:latest
# 使用 docker-compose
# 创建 .env 文件用于 docker-compose 的环境变量:
cat > .env << 'EOF'
# 必填:安全密钥(请修改为随机值)
JWT_SECRET=your-random-secret-key-at-least-32-chars
ENCRYPTION_KEY=your-32-character-encryption-key
# 可选:管理员凭据
ADMIN_USERNAME=cr_admin
ADMIN_PASSWORD=your-secure-password
EOF
# 创建 docker-compose.yml 文件:
cat > docker-compose.yml << 'EOF'
version: '3.8'
services:
claude-relay:
image: weishaw/claude-relay-service:latest
container_name: claude-relay-service
restart: unless-stopped
ports:
- "3000:3000"
environment:
- JWT_SECRET=${JWT_SECRET}
- ENCRYPTION_KEY=${ENCRYPTION_KEY}
- REDIS_HOST=redis
- ADMIN_USERNAME=${ADMIN_USERNAME:-}
- ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
volumes:
- ./logs:/app/logs
- ./data:/app/data
depends_on:
- redis
redis:
image: redis:7-alpine
container_name: claude-relay-redis
restart: unless-stopped
volumes:
- redis_data:/data
volumes:
redis_data:
EOF
# 启动服务
docker-compose up -d
```
@@ -305,6 +369,7 @@ docker-compose.yml 已包含:
- ✅ Redis数据库
- ✅ 健康检查
- ✅ 自动重启
- ✅ 所有配置通过环境变量管理
### 环境变量说明
@@ -389,52 +454,19 @@ docker-compose.yml 已包含:
**Claude Code 设置环境变量:**
默认使用标准 Claude 账号池:
```bash
export ANTHROPIC_BASE_URL="http://127.0.0.1:3000/api/" # 根据实际填写你服务器的ip地址或者域名
export ANTHROPIC_AUTH_TOKEN="后台创建的API密钥"
```
**VSCode Claude 插件配置:**
如果使用 VSCode 的 Claude 插件,需要在 `~/.claude/config.json` 文件中配置:
```json
{
"primaryApiKey": "crs"
}
```
如果该文件不存在请手动创建。Windows 用户路径为 `C:\Users\你的用户名\.claude\config.json`。
**Gemini CLI 设置环境变量:**
**方式一(推荐):通过 Gemini Assist API 方式访问**
```bash
CODE_ASSIST_ENDPOINT="http://127.0.0.1:3000/gemini" # 根据实际填写你服务器的ip地址或者域名
GOOGLE_CLOUD_ACCESS_TOKEN="后台创建的API密钥"
GOOGLE_GENAI_USE_GCA="true"
GEMINI_MODEL="gemini-2.5-pro" # 如果你有gemini3权限可以填 gemini-3-pro-preview
export CODE_ASSIST_ENDPOINT="http://127.0.0.1:3000/gemini" # 根据实际填写你服务器的ip地址或者域名
export GOOGLE_CLOUD_ACCESS_TOKEN="后台创建的API密钥" # 使用相同的API密钥即可
export GOOGLE_GENAI_USE_GCA="true"
```
> **认证**:只能选 ```Login with Google``` 进行认证,如果跳 Google请删除 ```~/.gemini/settings.json``` 后再尝试启动```gemini```。
> **注意**gemini-cli 控制台会提示 `Failed to fetch user info: 401 Unauthorized`,但使用不受任何影响。
**方式二:通过 Gemini API 方式访问**
```bash
GOOGLE_GEMINI_BASE_URL="http://127.0.0.1:3000/gemini" # 根据实际填写你服务器的ip地址或者域名
GEMINI_API_KEY="后台创建的API密钥"
GEMINI_MODEL="gemini-2.5-pro" # 如果你有gemini3权限可以填 gemini-3-pro-preview
```
> **认证**:只能选 ```Use Gemini API Key``` 进行认证,如果提示 ```Enter Gemini API Key``` 请直接留空按回车。如果一打开就跳 Google请删除 ```~/.gemini/settings.json``` 后再尝试启动```gemini```。
> 💡 **进阶用法**:想在 Claude Code 中直接使用 Gemini 3 模型?请参考 [Claude Code 调用 Gemini 3 模型指南](docs/claude-code-gemini3-guide/README.md)
**使用 Claude Code**
```bash
@@ -447,167 +479,103 @@ claude
gemini # 或其他 Gemini CLI 命令
```
**Codex 配置**
在 `~/.codex/config.toml` 文件**开头**添加以下配置:
```toml
model_provider = "crs"
model = "gpt-5.1-codex-max"
model_reasoning_effort = "high"
disable_response_storage = true
preferred_auth_method = "apikey"
[model_providers.crs]
name = "crs"
base_url = "http://127.0.0.1:3000/openai" # 根据实际填写你服务器的ip地址或者域名
wire_api = "responses"
requires_openai_auth = true
env_key = "CRS_OAI_KEY"
```
在 `~/.codex/auth.json` 文件中配置API密钥为 null
```json
{
"OPENAI_API_KEY": null
}
```
环境变量设置:
**Codex 设置环境变量**
```bash
export CRS_OAI_KEY="后台创建的API密钥"
export OPENAI_BASE_URL="http://127.0.0.1:3000/openai" # 根据实际填写你服务器的ip地址或者域名
export OPENAI_API_KEY="后台创建的API密钥" # 使用后台创建的API密钥
```
> ⚠️ 在通过 Nginx 反向代理 CRS 服务并使用 Codex CLI 时,需要在 http 块中添加 underscores_in_headers on;。因为 Nginx 默认会移除带下划线的请求头(如 session_id一旦该头被丢弃多账号环境下的粘性会话功能将失效。
**Droid CLI 配置:**
Droid CLI 读取 `~/.factory/config.json`。可以在该文件中添加自定义模型以指向本服务的新端点:
```json
{
"custom_models": [
{
"model_display_name": "Opus 4.5 [crs]",
"model": "claude-opus-4-5-20251101",
"base_url": "http://127.0.0.1:3000/droid/claude",
"api_key": "后台创建的API密钥",
"provider": "anthropic",
"max_tokens": 64000
},
{
"model_display_name": "GPT5-Codex [crs]",
"model": "gpt-5-codex",
"base_url": "http://127.0.0.1:3000/droid/openai",
"api_key": "后台创建的API密钥",
"provider": "openai",
"max_tokens": 16384
},
{
"model_display_name": "Gemini-3-Pro [crs]",
"model": "gemini-3-pro-preview",
"base_url": "http://127.0.0.1:3000/droid/comm/v1/",
"api_key": "后台创建的API密钥",
"provider": "generic-chat-completion-api",
"max_tokens": 65535
},
{
"model_display_name": "GLM-4.6 [crs]",
"model": "glm-4.6",
"base_url": "http://127.0.0.1:3000/droid/comm/v1/",
"api_key": "后台创建的API密钥",
"provider": "generic-chat-completion-api",
"max_tokens": 202800
}
]
}
```
> 💡 将示例中的 `http://127.0.0.1:3000` 替换为你的服务域名或公网地址,并写入后台生成的 API 密钥cr_ 开头)。
### 5. 第三方工具API接入
本服务支持多种API端点格式方便接入不同的第三方工具如Cherry Studio等
本服务支持多种API端点格式方便接入不同的第三方工具如Cherry Studio等
#### Cherry Studio 接入示例
Cherry Studio支持多种AI服务的接入下面是不同账号类型的详细配置
**1. Claude账号接入**
**Claude标准格式**
```
# API地址
http://你的服务器:3000/claude
# 模型ID示例
claude-sonnet-4-5-20250929 # Claude Sonnet 4.5
claude-opus-4-20250514 # Claude Opus 4
# 如果工具支持Claude标准格式请使用该接口
http://你的服务器:3000/claude/
```
配置步骤:
- 供应商类型选择"Anthropic"
- API地址填入`http://你的服务器:3000/claude`
- API Key填入后台创建的API密钥cr_开头
**2. Gemini账号接入**
**OpenAI兼容格式**
```
# API地址
http://你的服务器:3000/gemini
# 模型ID示例
gemini-2.5-pro # Gemini 2.5 Pro
# 适用于需要OpenAI格式的第三方工具
http://你的服务器:3000/openai/claude/v1/
```
配置步骤:
- 供应商类型选择"Gemini"
- API地址填入`http://你的服务器:3000/gemini`
- API Key填入后台创建的API密钥cr_开头
**接入示例:**
**3. Codex接入**
```
# API地址
http://你的服务器:3000/openai
# 模型ID固定
gpt-5 # Codex使用固定模型ID
```
配置步骤:
- 供应商类型选择"Openai-Response"
- API地址填入`http://你的服务器:3000/openai`
- API Key填入后台创建的API密钥cr_开头
- **重要**Codex只支持Openai-Response标准
**Cherry Studio 地址格式重要说明:**
- ✅ **推荐格式**`http://你的服务器:3000/claude`(不加结尾 `/`,让 Cherry Studio 自动加上 v1
- ✅ **等效格式**`http://你的服务器:3000/claude/v1/`(手动指定 v1 并加结尾 `/`
- 💡 **说明**:这两种格式在 Cherry Studio 中是完全等效的
- ❌ **错误格式**`http://你的服务器:3000/claude/`(单独的 `/` 结尾会被 Cherry Studio 忽略 v1 版本)
#### 其他第三方工具接入
**接入要点:**
- 所有账号类型都使用相同的API密钥在后台统一创建
- 根据不同的路由前缀自动识别账号类型
- `/claude/` - 使用Claude账号池
- `/droid/claude/` - 使用Droid类型Claude账号池只建议api调用或Droid Cli中使用
- `/gemini/` - 使用Gemini账号池
- `/openai/` - 使用Codex账号只支持Openai-Response格式
- `/droid/openai/` - 使用Droid类型OpenAI兼容账号池只建议api调用或Droid Cli中使用
- 支持所有标准API端点messages、models等
- **Cherry Studio**: 使用OpenAI格式 `http://你的服务器:3000/openai/claude/v1/` 使用Codex cli API `http://你的服务器:3000/openai/responses`
- **其他支持自定义API的工具**: 根据工具要求选择合适的格式
**重要说明:**
- 确保在后台已添加对应类型的账号Claude/Gemini/Codex
- API密钥可以通用系统会根据路由自动选择账号类型
- 建议为不同用户创建不同的API密钥便于使用统计
- 所有格式都支持相同的功能,仅是路径不同
- `/api/v1/messages` = `/claude/v1/messages` = `/openai/claude/v1/messages`
- 选择适合你使用工具的格式即可
- 支持所有Claude API端点messages、models等
---
## 📢 Webhook 通知功能
### 功能说明
当系统检测到账号异常时,会自动发送 webhook 通知支持企业微信、钉钉、Slack 等平台。
### 通知触发场景
- **Claude OAuth 账户**: token 过期或未授权时
- **Claude Console 账户**: 系统检测到账户被封锁时
- **Gemini 账户**: token 刷新失败时
- **手动禁用账户**: 管理员手动禁用账户时
### 配置方法
**1. 环境变量配置**
```bash
# 启用 webhook 通知
WEBHOOK_ENABLED=true
# 企业微信 webhook 地址(替换为你的实际地址)
WEBHOOK_URLS=https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=your-key
# 多个地址用逗号分隔
WEBHOOK_URLS=https://webhook1.com,https://webhook2.com
# 请求超时时间毫秒默认10秒
WEBHOOK_TIMEOUT=10000
# 重试次数默认3次
WEBHOOK_RETRIES=3
```
**2. 企业微信设置**
1. 在企业微信群中添加「群机器人」
2. 获取 webhook 地址:`https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxx`
3. 将地址配置到 `WEBHOOK_URLS` 环境变量
### 通知内容格式
系统会发送结构化的通知消息:
```
账户名称 账号异常,异常代码 ERROR_CODE
平台claude-oauth
时间2025-08-14 17:30:00
原因Token expired
```
### 测试 Webhook
可以通过管理后台测试 webhook 连通性:
1. 登录管理后台:`http://你的服务器:3000/web`
2. 访问:`/admin/webhook/test`
3. 发送测试通知确认配置正确
---
@@ -693,6 +661,23 @@ npm run service:status
- 客户端验证失败时会返回403错误并记录详细信息
- 通过日志可以查看实际的User-Agent格式方便配置自定义客户端
### 自定义客户端配置
如需添加自定义客户端,可以修改 `config/config.js` 文件:
```javascript
clientRestrictions: {
predefinedClients: [
// ... 现有客户端配置
{
id: 'my_custom_client',
name: 'My Custom Client',
description: '我的自定义客户端',
userAgentPattern: /^MyClient\/[\d\.]+/i
}
]
}
```
### 日志示例
@@ -739,15 +724,11 @@ redis-cli ping
## 🛠️ 进阶
### 反向代理部署指南
### 生产环境部署建议(重要!)
在生产环境中,建议通过反向代理进行连接,以便使用自动 HTTPS、安全头部和性能优化。下面提供两种常用方案: **Caddy** 和 **Nginx Proxy Manager (NPM)**。
**强烈建议使用Caddy反向代理自动HTTPS**
---
## Caddy 方案
Caddy 是一款自动管理 HTTPS 证书的 Web 服务器,配置简单、性能优秀,很适合不需要 Docker 环境的部署方案。
建议使用Caddy作为反向代理它会自动申请和更新SSL证书配置更简单
**1. 安装Caddy**
@@ -765,15 +746,15 @@ sudo yum copr enable @caddy/caddy
sudo yum install caddy
```
**2. Caddy 配置**
**2. Caddy配置(超简单!)**
编辑 `/etc/caddy/Caddyfile`
```caddy
```
your-domain.com {
# 反向代理到本地服务
reverse_proxy 127.0.0.1:3000 {
# 支持流式响应SSE
# 支持流式响应SSE
flush_interval -1
# 传递真实IP
@@ -781,7 +762,7 @@ your-domain.com {
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
# 长读/写超时配置
# 超时设置(适合长连接)
transport http {
read_timeout 300s
write_timeout 300s
@@ -802,129 +783,39 @@ your-domain.com {
**3. 启动Caddy**
```bash
# 测试配置
sudo caddy validate --config /etc/caddy/Caddyfile
# 启动服务
sudo systemctl start caddy
sudo systemctl enable caddy
# 查看状态
sudo systemctl status caddy
```
**4. 服务配置**
**4. 更新服务配置**
Caddy 会自动管理 HTTPS因此可以将服务限制在本地进行监听
修改你的服务配置,让它只监听本地
```javascript
// config/config.js
module.exports = {
server: {
port: 3000,
host: '127.0.0.1' // 只监听本地
host: '127.0.0.1' // 只监听本地通过nginx代理
}
// ... 其他配置
}
```
**Caddy 特点**
**Caddy优势:**
* 🔒 自动 HTTPS零配置证书管理
* 🛡️ 安全默认配置,启用现代 TLS 套件
* ⚡ HTTP/2 和流式传输支持
* 🔧 配置文件简洁,易于维护
---
## Nginx Proxy Manager (NPM) 方案
Nginx Proxy Manager 通过图形化界面管理反向代理和 HTTPS 证书,並以 Docker 容器部署。
**1. 在 NPM 创建新的 Proxy Host**
Details 配置如下:
| 项目 | 设置 |
| --------------------- | ----------------------- |
| Domain Names | relay.example.com |
| Scheme | http |
| Forward Hostname / IP | 192.168.0.1 (docker 机器 IP) |
| Forward Port | 3000 |
| Block Common Exploits | ☑️ |
| Websockets Support | ❌ **关闭** |
| Cache Assets | ❌ **关闭** |
| Access List | Publicly Accessible |
> 注意:
> - 请确保 Claude Relay Service **监听 host 为 `0.0.0.0` 、容器 IP 或本机 IP**,以便 NPM 实现内网连接。
> - **Websockets Support 和 Cache Assets 必须关闭**,否则会导致 SSE / 流式响应失败。
**2. Custom locations**
無需添加任何内容,保持为空。
**3. SSL 设置**
* **SSL Certificate**: Request a new SSL Certificate (Let's Encrypt) 或已有证书
* ☑️ **Force SSL**
* ☑️ **HTTP/2 Support**
* ☑️ **HSTS Enabled**
* ☑️ **HSTS Subdomains**
**4. Advanced 配置**
Custom Nginx Configuration 中添加以下内容:
```nginx
# 传递真实用户 IP
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 支持 WebSocket / SSE 等流式通信
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
# 长连接 / 超时设置(适合 AI 聊天流式传输)
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_connect_timeout 30s;
# ---- 安全性设置 ----
# 严格 HTTPS 策略 (HSTS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# 阻挡点击劫持与内容嗅探
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
# Referrer / Permissions 限制策略
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
# 隐藏服务器信息(等效于 Caddy 的 `-Server`
proxy_hide_header Server;
# ---- 性能微调 ----
# 关闭代理端缓存确保即时响应SSE / Streaming
proxy_cache_bypass $http_upgrade;
proxy_no_cache $http_upgrade;
proxy_request_buffering off;
```
**4. 启动和验证**
* 保存后等待 NPM 自动申请 Let's Encrypt 证书(如果有)。
* Dashboard 中查看 Proxy Host 状态,确保显示为 "Online"。
* 访问 `https://relay.example.com`,如果显示绿色锁图标即表示 HTTPS 正常。
**NPM 特点**
* 🔒 自动申请和续期证书
* 🔧 图形化界面,方便管理多服务
* ⚡ 原生支持 HTTP/2 / HTTPS
* 🚀 适合 Docker 容器部署
---
上述两种方案均可用于生产部署。
- 🔒 **自动HTTPS**: 自动申请和续期Let's Encrypt证书,零配置
- 🛡️ **安全默认**: 默认启用现代安全协议和加密套件
- 🚀 **流式支持**: 原生支持SSE/WebSocket等流式传输
- 📊 **简单配置**: 配置文件极其简洁,易于维护
- ⚡ **HTTP/2**: 默认启用HTTP/2提升传输性能
---
@@ -962,27 +853,6 @@ proxy_request_buffering off;
---
## ❤️ 赞助支持
如果您觉得这个项目对您有帮助,请考虑赞助支持项目的持续开发。您的支持是我们最大的动力!
<div align="center">
<a href="https://afdian.com/a/claude-relay-service" target="_blank">
<img src="https://img.shields.io/badge/请我喝杯咖啡-爱发电-946ce6?style=for-the-badge&logo=buy-me-a-coffee&logoColor=white" alt="Sponsor">
</a>
<table>
<tr>
<td><img src="docs/sponsoring/wechat.jpg" width="200" alt="wechat" /></td>
<td><img src="docs/sponsoring/alipay.jpg" width="200" alt="alipay" /></td>
</tr>
</table>
</div>
---
## 📄 许可证
本项目采用 [MIT许可证](LICENSE)。

211
README_EN.md
View File

@@ -9,7 +9,7 @@
**🔐 Self-hosted Claude API relay service with multi-account management**
[中文文档](README.md) • [Preview](https://demo.pincc.ai/admin-next/login) • [Telegram Channel](https://t.me/claude_relay_service)
[English](#english) • [中文文档](#中文文档) • [📸 Interface Preview](docs/preview.md) • [📢 Telegram Channel](https://t.me/claude_relay_service)
</div>
@@ -30,6 +30,17 @@
📖 **Disclaimer**: This project is for technical learning and research purposes only. The author is not responsible for any account bans, service interruptions, or other losses caused by using this project.
---
> 💡 **Thanks to [@vista8](https://x.com/vista8) for the recommendation!**
>
> If you're interested in Vibe coding, follow:
>
> - 🐦 **X**: [@vista8](https://x.com/vista8) - Sharing cutting-edge tech trends
> - 📱 **WeChat**: 向阳乔木推荐看
---
## 🤔 Is This Project Right for You?
- 🌍 **Regional Restrictions**: Can't directly access Claude Code service in your region?
@@ -232,68 +243,21 @@ Assign a key to each user:
4. Set usage limits (optional)
5. Save, note down the generated key
### 4. Start Using Claude Code and Gemini CLI
### 4. Start Using Claude Code
Now you can replace the official API with your own service:
**Claude Code Set Environment Variables:**
Default uses standard Claude account pool:
**Set environment variables:**
```bash
export ANTHROPIC_BASE_URL="http://127.0.0.1:3000/api/" # Fill in your server's IP address or domain
export ANTHROPIC_BASE_URL="http://127.0.0.1:3000/api/" # Fill in your server's IP address or domain according to actual situation
export ANTHROPIC_AUTH_TOKEN="API key created in the backend"
```
**VSCode Claude Plugin Configuration:**
If using VSCode Claude plugin, configure in `~/.claude/config.json`:
```json
{
"primaryApiKey": "crs"
}
```
If the file doesn't exist, create it manually. Windows users path is `C:\Users\YourUsername\.claude\config.json`.
**Gemini CLI Set Environment Variables:**
**Method 1 (Recommended): Via Gemini Assist API**
Each account enjoys 1000 requests per day, 60 requests per minute free quota.
```bash
CODE_ASSIST_ENDPOINT="http://127.0.0.1:3000/gemini" # Fill in your server's IP address or domain
GOOGLE_CLOUD_ACCESS_TOKEN="API key created in the backend"
GOOGLE_GENAI_USE_GCA="true"
GEMINI_MODEL="gemini-2.5-pro"
```
> **Note**: gemini-cli console will show `Failed to fetch user info: 401 Unauthorized`, but this doesn't affect usage.
**Method 2: Via Gemini API**
Very limited free quota, easily triggers 429 errors.
```bash
GOOGLE_GEMINI_BASE_URL="http://127.0.0.1:3000/gemini" # Fill in your server's IP address or domain
GEMINI_API_KEY="API key created in the backend"
GEMINI_MODEL="gemini-2.5-pro"
```
**Use Claude Code:**
**Use claude:**
```bash
claude
```
**Use Gemini CLI:**
```bash
gemini
```
---
## 🔧 Daily Maintenance
@@ -374,18 +338,13 @@ redis-cli ping
## 🛠️ Advanced Usage
### Reverse Proxy Deployment Guide
### Production Deployment Recommendations (Important!)
For production environments, it is recommended to use a reverse proxy for automatic HTTPS, security headers, and performance optimization. Two common solutions are provided below: **Caddy** and **Nginx Proxy Manager (NPM)**.
**Strongly recommend using Caddy reverse proxy (Automatic HTTPS)**
---
## Caddy Solution
Caddy is a web server that automatically manages HTTPS certificates, with simple configuration and excellent performance, ideal for deployments without Docker environments.
Recommend using Caddy as reverse proxy, it will automatically apply and renew SSL certificates with simpler configuration:
**1. Install Caddy**
```bash
# Ubuntu/Debian
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
@@ -400,15 +359,14 @@ sudo yum copr enable @caddy/caddy
sudo yum install caddy
```
**2. Caddy Configuration**
**2. Caddy Configuration (Super Simple!)**
Edit `/etc/caddy/Caddyfile`:
```caddy
```
your-domain.com {
# Reverse proxy to local service
reverse_proxy 127.0.0.1:3000 {
# Support streaming responses or SSE
# Support streaming responses (SSE)
flush_interval -1
# Pass real IP
@@ -416,7 +374,7 @@ your-domain.com {
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
# Long read/write timeout configuration
# Timeout settings (suitable for long connections)
transport http {
read_timeout 300s
write_timeout 300s
@@ -435,131 +393,38 @@ your-domain.com {
```
**3. Start Caddy**
```bash
# Test configuration
sudo caddy validate --config /etc/caddy/Caddyfile
# Start service
sudo systemctl start caddy
sudo systemctl enable caddy
# Check status
sudo systemctl status caddy
```
**4. Service Configuration**
Since Caddy automatically manages HTTPS, you can restrict the service to listen locally only:
**4. Update service configuration**
Modify your service configuration to listen only locally:
```javascript
// config/config.js
module.exports = {
server: {
port: 3000,
host: '127.0.0.1' // Listen locally only
host: '127.0.0.1' // Listen only locally, proxy through nginx
}
// ... other configurations
}
```
**Caddy Features**
* 🔒 Automatic HTTPS with zero-configuration certificate management
* 🛡️ Secure default configuration with modern TLS suites
* ⚡ HTTP/2 and streaming support
* 🔧 Concise configuration files, easy to maintain
---
## Nginx Proxy Manager (NPM) Solution
Nginx Proxy Manager manages reverse proxies and HTTPS certificates through a graphical interface, deployed as a Docker container.
**1. Create a New Proxy Host in NPM**
Configure the Details as follows:
| Item | Setting |
| --------------------- | ------------------------ |
| Domain Names | relay.example.com |
| Scheme | http |
| Forward Hostname / IP | 192.168.0.1 (docker host IP) |
| Forward Port | 3000 |
| Block Common Exploits | ☑️ |
| Websockets Support | ❌ **Disable** |
| Cache Assets | ❌ **Disable** |
| Access List | Publicly Accessible |
> Note:
> - Ensure Claude Relay Service **listens on `0.0.0.0`, container IP, or host IP** to allow NPM internal network connections.
> - **Websockets Support and Cache Assets must be disabled**, otherwise SSE / streaming responses will fail.
**2. Custom locations**
No content needed, keep it empty.
**3. SSL Settings**
* **SSL Certificate**: Request a new SSL Certificate (Let's Encrypt) or existing certificate
* ☑️ **Force SSL**
* ☑️ **HTTP/2 Support**
* ☑️ **HSTS Enabled**
* ☑️ **HSTS Subdomains**
**4. Advanced Configuration**
Add the following to Custom Nginx Configuration:
```nginx
# Pass real user IP
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Support WebSocket / SSE streaming
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
# Long connection / timeout settings (for AI chat streaming)
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_connect_timeout 30s;
# ---- Security Settings ----
# Strict HTTPS policy (HSTS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# Block clickjacking and content sniffing
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
# Referrer / Permissions restriction policies
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
# Hide server information (equivalent to Caddy's `-Server`)
proxy_hide_header Server;
# ---- Performance Tuning ----
# Disable proxy caching for real-time responses (SSE / Streaming)
proxy_cache_bypass $http_upgrade;
proxy_no_cache $http_upgrade;
proxy_request_buffering off;
```
**5. Launch and Verify**
* After saving, wait for NPM to automatically request Let's Encrypt certificate (if applicable).
* Check Proxy Host status in Dashboard to ensure it shows "Online".
* Visit `https://relay.example.com`, if the green lock icon appears, HTTPS is working properly.
**NPM Features**
* 🔒 Automatic certificate application and renewal
* 🔧 Graphical interface for easy multi-service management
* ⚡ Native HTTP/2 / HTTPS support
* 🚀 Ideal for Docker container deployments
---
Both solutions are suitable for production deployment. If you use a Docker environment, **Nginx Proxy Manager is more convenient**; if you want to keep software lightweight and automated, **Caddy is a better choice**.
**Caddy Advantages:**
- 🔒 **Automatic HTTPS**: Automatically apply and renew Let's Encrypt certificates, zero configuration
- 🛡️ **Secure by Default**: Modern security protocols and cipher suites enabled by default
- 🚀 **Streaming Support**: Native support for SSE/WebSocket streaming
- 📊 **Simple Configuration**: Extremely concise configuration files, easy to maintain
-**HTTP/2**: HTTP/2 enabled by default for improved performance
---

2
VERSION
View File

@@ -1 +1 @@
1.1.234
1.1.120

131
config/config.example.js
View File

@@ -32,28 +32,13 @@ const config = {
enableTLS: process.env.REDIS_ENABLE_TLS === 'true'
},
// 🔗 会话管理配置
session: {
// 粘性会话TTL配置小时默认1小时
stickyTtlHours: parseFloat(process.env.STICKY_SESSION_TTL_HOURS) || 1,
// 续期阈值分钟默认0分钟不续期
renewalThresholdMinutes: parseInt(process.env.STICKY_SESSION_RENEWAL_THRESHOLD_MINUTES) || 0
},
// 🎯 Claude API配置
claude: {
apiUrl: process.env.CLAUDE_API_URL || 'https://api.anthropic.com/v1/messages',
apiVersion: process.env.CLAUDE_API_VERSION || '2023-06-01',
betaHeader:
process.env.CLAUDE_BETA_HEADER ||
'claude-code-20250219,oauth-2025-04-20,interleaved-thinking-2025-05-14,fine-grained-tool-streaming-2025-05-14',
overloadHandling: {
enabled: (() => {
const minutes = parseInt(process.env.CLAUDE_OVERLOAD_HANDLING_MINUTES) || 0
// 验证配置值限制在0-1440分钟(24小时)内
return Math.max(0, Math.min(minutes, 1440))
})()
}
'claude-code-20250219,oauth-2025-04-20,interleaved-thinking-2025-05-14,fine-grained-tool-streaming-2025-05-14'
},
// ☁️ Bedrock API配置
@@ -71,39 +56,12 @@ const config = {
// 🌐 代理配置
proxy: {
timeout: parseInt(process.env.DEFAULT_PROXY_TIMEOUT) || 600000, // 10分钟
timeout: parseInt(process.env.DEFAULT_PROXY_TIMEOUT) || 30000,
maxRetries: parseInt(process.env.MAX_PROXY_RETRIES) || 3,
// 连接池与 Keep-Alive 配置(默认关闭,需要显式开启)
keepAlive: (() => {
if (process.env.PROXY_KEEP_ALIVE === undefined || process.env.PROXY_KEEP_ALIVE === '') {
return false
}
return process.env.PROXY_KEEP_ALIVE === 'true'
})(),
maxSockets: (() => {
if (process.env.PROXY_MAX_SOCKETS === undefined || process.env.PROXY_MAX_SOCKETS === '') {
return undefined
}
const parsed = parseInt(process.env.PROXY_MAX_SOCKETS)
return Number.isFinite(parsed) && parsed > 0 ? parsed : undefined
})(),
maxFreeSockets: (() => {
if (
process.env.PROXY_MAX_FREE_SOCKETS === undefined ||
process.env.PROXY_MAX_FREE_SOCKETS === ''
) {
return undefined
}
const parsed = parseInt(process.env.PROXY_MAX_FREE_SOCKETS)
return Number.isFinite(parsed) && parsed >= 0 ? parsed : undefined
})(),
// IP协议族配置true=IPv4, false=IPv6, 默认IPv4兼容性更好
useIPv4: process.env.PROXY_USE_IPV4 !== 'false' // 默认 true只有明确设置为 'false' 才使用 IPv6
},
// ⏱️ 请求超时配置
requestTimeout: parseInt(process.env.REQUEST_TIMEOUT) || 600000, // 默认 10 分钟
// 📈 使用限制
limits: {
defaultTokenLimit: parseInt(process.env.DEFAULT_TOKEN_LIMIT) || 1000000
@@ -137,56 +95,36 @@ const config = {
sessionSecret: process.env.WEB_SESSION_SECRET || 'CHANGE-THIS-SESSION-SECRET'
},
// 🔐 LDAP 认证配置
ldap: {
enabled: process.env.LDAP_ENABLED === 'true',
server: {
url: process.env.LDAP_URL || 'ldap://localhost:389',
bindDN: process.env.LDAP_BIND_DN || 'cn=admin,dc=example,dc=com',
bindCredentials: process.env.LDAP_BIND_PASSWORD || 'admin',
searchBase: process.env.LDAP_SEARCH_BASE || 'dc=example,dc=com',
searchFilter: process.env.LDAP_SEARCH_FILTER || '(uid={{username}})',
searchAttributes: process.env.LDAP_SEARCH_ATTRIBUTES
? process.env.LDAP_SEARCH_ATTRIBUTES.split(',')
: ['dn', 'uid', 'cn', 'mail', 'givenName', 'sn'],
timeout: parseInt(process.env.LDAP_TIMEOUT) || 5000,
connectTimeout: parseInt(process.env.LDAP_CONNECT_TIMEOUT) || 10000,
// TLS/SSL 配置
tls: {
// 是否忽略证书错误 (用于自签名证书)
rejectUnauthorized: process.env.LDAP_TLS_REJECT_UNAUTHORIZED !== 'false', // 默认验证证书设置为false则忽略
// CA证书文件路径 (可选用于自定义CA证书)
ca: process.env.LDAP_TLS_CA_FILE
? require('fs').readFileSync(process.env.LDAP_TLS_CA_FILE)
: undefined,
// 客户端证书文件路径 (可选,用于双向认证)
cert: process.env.LDAP_TLS_CERT_FILE
? require('fs').readFileSync(process.env.LDAP_TLS_CERT_FILE)
: undefined,
// 客户端私钥文件路径 (可选,用于双向认证)
key: process.env.LDAP_TLS_KEY_FILE
? require('fs').readFileSync(process.env.LDAP_TLS_KEY_FILE)
: undefined,
// 服务器名称 (用于SNI可选)
servername: process.env.LDAP_TLS_SERVERNAME || undefined
}
// 🔒 客户端限制配置
clientRestrictions: {
// 预定义的客户端列表
predefinedClients: [
{
id: 'claude_code',
name: 'ClaudeCode',
description: 'Official Claude Code CLI',
// 匹配 Claude CLI 的 User-Agent
// 示例: claude-cli/1.0.58 (external, cli)
userAgentPattern: /^claude-cli\/[\d.]+\s+\(/i
},
userMapping: {
username: process.env.LDAP_USER_ATTR_USERNAME || 'uid',
displayName: process.env.LDAP_USER_ATTR_DISPLAY_NAME || 'cn',
email: process.env.LDAP_USER_ATTR_EMAIL || 'mail',
firstName: process.env.LDAP_USER_ATTR_FIRST_NAME || 'givenName',
lastName: process.env.LDAP_USER_ATTR_LAST_NAME || 'sn'
{
id: 'gemini_cli',
name: 'Gemini-CLI',
description: 'Gemini Command Line Interface',
// 匹配 GeminiCLI 的 User-Agent
// 示例: GeminiCLI/v18.20.8 (darwin; arm64)
userAgentPattern: /^GeminiCLI\/v?[\d.]+\s+\(/i
}
},
// 👥 用户管理配置
userManagement: {
enabled: process.env.USER_MANAGEMENT_ENABLED === 'true',
defaultUserRole: process.env.DEFAULT_USER_ROLE || 'user',
userSessionTimeout: parseInt(process.env.USER_SESSION_TIMEOUT) || 86400000, // 24小时
maxApiKeysPerUser: parseInt(process.env.MAX_API_KEYS_PER_USER) || 1,
allowUserDeleteApiKeys: process.env.ALLOW_USER_DELETE_API_KEYS === 'true' // 默认不允许用户删除自己的API Keys
// 添加自定义客户端示例:
// {
// id: 'custom_client',
// name: 'My Custom Client',
// description: 'My custom API client',
// userAgentPattern: /^MyClient\/[\d\.]+/i
// }
],
// 是否允许自定义客户端(未来功能)
allowCustomClients: process.env.ALLOW_CUSTOM_CLIENTS === 'true'
},
// 📢 Webhook通知配置
@@ -203,15 +141,6 @@ const config = {
development: {
debug: process.env.DEBUG === 'true',
hotReload: process.env.HOT_RELOAD === 'true'
},
// 📬 用户消息队列配置
// 优化说明:锁在请求发送成功后立即释放(而非请求完成后),因为 Claude API 限流基于请求发送时刻计算
userMessageQueue: {
enabled: process.env.USER_MESSAGE_QUEUE_ENABLED === 'true', // 默认关闭
delayMs: parseInt(process.env.USER_MESSAGE_QUEUE_DELAY_MS) || 200, // 请求间隔(毫秒)
timeoutMs: parseInt(process.env.USER_MESSAGE_QUEUE_TIMEOUT_MS) || 5000, // 队列等待超时(毫秒),锁持有时间短,无需长等待
lockTtlMs: parseInt(process.env.USER_MESSAGE_QUEUE_LOCK_TTL_MS) || 5000 // 锁TTL毫秒5秒足以覆盖请求发送
}
}

17
config/pricingSource.js
View File

@@ -1,17 +0,0 @@
const repository =
process.env.PRICE_MIRROR_REPO || process.env.GITHUB_REPOSITORY || 'Wei-Shaw/claude-relay-service'
const branch = process.env.PRICE_MIRROR_BRANCH || 'price-mirror'
const pricingFileName = process.env.PRICE_MIRROR_FILENAME || 'model_prices_and_context_window.json'
const hashFileName = process.env.PRICE_MIRROR_HASH_FILENAME || 'model_prices_and_context_window.sha256'
const baseUrl = process.env.PRICE_MIRROR_BASE_URL
? process.env.PRICE_MIRROR_BASE_URL.replace(/\/$/, '')
: `https://raw.githubusercontent.com/${repository}/${branch}`
module.exports = {
pricingFileName,
hashFileName,
pricingUrl:
process.env.PRICE_MIRROR_JSON_URL || `${baseUrl}/${pricingFileName}`,
hashUrl: process.env.PRICE_MIRROR_HASH_URL || `${baseUrl}/${hashFileName}`
}

7
docker-compose.yml
View File

@@ -21,9 +21,6 @@ services:
- PORT=3000
- HOST=0.0.0.0
# 🔧 请求体大小配置
- REQUEST_MAX_SIZE_MB=60
# 🔐 安全配置(必填)
- JWT_SECRET=${JWT_SECRET} # 必填至少32字符的随机字符串
- ENCRYPTION_KEY=${ENCRYPTION_KEY} # 必填32字符的加密密钥
@@ -49,10 +46,6 @@ services:
# 🌐 代理配置
- DEFAULT_PROXY_TIMEOUT=${DEFAULT_PROXY_TIMEOUT:-60000}
- MAX_PROXY_RETRIES=${MAX_PROXY_RETRIES:-3}
- PROXY_USE_IPV4=${PROXY_USE_IPV4:-true}
- PROXY_KEEP_ALIVE=${PROXY_KEEP_ALIVE:-}
- PROXY_MAX_SOCKETS=${PROXY_MAX_SOCKETS:-}
- PROXY_MAX_FREE_SOCKETS=${PROXY_MAX_FREE_SOCKETS:-}
# 📈 使用限制
- DEFAULT_TOKEN_LIMIT=${DEFAULT_TOKEN_LIMIT:-1000000}

240
docs/claude-code-gemini3-guide/README.md
View File

@@ -1,240 +0,0 @@
# Claude Code 调用 Gemini 3 模型指南
本文档介绍如何通过 **claude-code-router (CCR)** 在 Claude Code 中调用 Gemini 3 模型,其他模型也可以参照此教程尝试。
---
## 概述
通过 CCR 转换格式,你可以让 Claude Code 客户端无缝使用 Gemini 3 模型。
### 工作原理
```
Claude Code → CCR (模型路由) → CRS (账户调度) → Gemini API
```
---
## 第一步:安装 claude-code-router
安装 CCR
> **安装位置建议**
> - 如果只是本地使用,可以只安装到使用 Claude Code 的电脑上
> - 如果需要 CRS 项目接入 CCR建议安装在与 CRS 同一台服务器上
```bash
npm install -g @musistudio/claude-code-router
```
验证安装:
```bash
ccr -v
```
---
## 第二步:配置 CCR
创建或编辑 CCR 配置文件(通常位于 `~/.claude-code-router/config.json`
```json
{
"APIKEY": "sk-c0e7fed7b-这里随便你自定义",
"LOG": true,
"HOST": "127.0.0.1",
"API_TIMEOUT_MS": 600000,
"NON_INTERACTIVE_MODE": false,
"Providers": [
{
"name": "gemini",
"api_base_url": "http://127.0.0.1:3000/gemini/v1beta/models/",
"api_key": "cr_xxxxxxxxxxxxxxxxxxxxx",
"models": ["gemini-2.5-flash", "gemini-2.5-pro", "gemini-3-pro-preview"],
"transformer": {
"use": ["gemini"]
}
}
],
"Router": {
"default": "gemini",
"background": "gemini,gemini-3-pro-preview",
"think": "gemini,gemini-3-pro-preview",
"longContext": "gemini,gemini-3-pro-preview",
"longContextThreshold": 60000,
"webSearch": "gemini,gemini-2.5-flash"
}
}
```
### 配置说明
| 字段 | 说明 |
|------|------|
| `APIKEY` | CCR 自定义的 API KeyClaude Code 将使用这个 Key 访问 CCR |
| `api_base_url` | CRS 服务的 Gemini API 地址 |
| `api_key` | CRS 后台创建的 API Keycr_ 开头),用于调度 OAuth、Gemini-API 账号 |
---
## 第三步:在 CRS 中配置 Gemini 账号
确保你的 CRS 服务已添加 Gemini 账号:
1. 登录 CRS 管理界面
2. 进入「Gemini 账户」页面
3. 添加 Gemini OAuth 账号或 API Key 账号
4. 确保账号状态为「活跃」
---
## 第四步:启动 CCR 服务
保存配置后,启动 CCR 服务:
```bash
ccr start
```
查看服务状态:
```bash
ccr status
```
输出示例:
```
API Endpoint: http://127.0.0.1:3456
```
**重要**:每次修改配置后,需要重启 CCR 服务才能生效:
```bash
ccr restart
```
---
## 第五步:配置 Claude Code
现在需要让 Claude Code 连接到 CCR 服务。有两种方式:
### 方式一:本地直接使用
设置环境变量让 Claude Code 直接连接 CCR
```bash
export ANTHROPIC_BASE_URL="http://127.0.0.1:3456/"
export ANTHROPIC_AUTH_TOKEN="sk-c0e7fed7b-你的自定义Key"
```
然后启动 Claude Code
```bash
claude
```
### 方式二:通过 CRS 统一管理(推荐)
如果你希望通过 CRS 统一管理所有用户的访问,可以在 CRS 中添加 Claude Console 类型账号来代理 CCR。
#### 1. 在 CRS 添加 Claude Console 账号
登录 CRS 管理界面,添加一个 **Claude Console** 类型的账号:
| 字段 | 值 |
|------|-----|
| 账户名称 | CCR-Gemini3或自定义名称|
| 账户类型 | Claude Console |
| API 地址 | `http://127.0.0.1:3456`CCR 服务地址)|
| API Key | `sk-c0e7fed7b-你的自定义Key`CCR 配置中的 APIKEY|
> **注意**:如果 CCR 运行在其他服务器上,请将 `127.0.0.1` 替换为实际的服务器地址配置文件中需要修改HOST参数为```0.0.0.0```。
#### 2. 配置模型映射
在 CRS 中配置模型映射,将 Claude 模型名映射到 Gemini 模型:
| Claude 模型 | 映射到 Gemini 模型 |
|-------------|-------------------|
| `claude-opus-4-1-20250805` | `gemini-3-pro-preview` |
| `claude-sonnet-4-5-20250929` | `gemini-3-pro-preview` |
| `claude-haiku-4-5-20251001` | `gemini-2.5-flash` |
**配置界面示例:**
![模型映射配置](./model-mapping.png)
> **说明**
> - Opus 和 Sonnet 映射到性能更强的 `gemini-3-pro-preview`
> - Haiku 映射到响应更快的 `gemini-2.5-flash`
#### 3. 用户使用方式
用户现在可以通过 CRS 统一入口使用 Claude Code
```bash
export ANTHROPIC_BASE_URL="http://你的CRS服务器:3000/api/"
export ANTHROPIC_AUTH_TOKEN="cr_用户的APIKey"
```
Claude Code 会自动将请求路由到 CCR再由 CCR 转发到 Gemini API。
---
## 常见问题
### Q: CCR 配置修改后没有生效?
A: 配置修改后必须重启 CCR 服务:
```bash
ccr restart
```
### Q: 连接超时怎么办?
A: 检查以下几点:
1. CRS 服务是否正常运行
2. CCR 配置中的 `api_base_url` 是否正确
3. 防火墙是否允许相应端口
4. 尝试增加 `API_TIMEOUT_MS` 的值
### Q: 模型映射不生效?
A: 确保:
1. CRS 中已正确配置 Claude Console 账号
2. 模型映射配置已保存
3. 重启 CRS 服务使配置生效
### Q: 如何测试连接?
A: 使用 curl 测试 CCR 服务:
```bash
curl -X POST http://127.0.0.1:3456/api/v1/messages \
-H "Content-Type: application/json" \
-H "x-api-key: sk-c0e7fed7b-你的自定义Key" \
-d '{
"model": "claude-sonnet-4-5-20250929",
"max_tokens": 100,
"messages": [{"role": "user", "content": "Hello"}]
}'
```
---
## 最佳实践
1. **生产环境**:将 CCR 部署在与 CRS 相同的服务器上,减少网络延迟
2. **API Key 管理**:为每个用户创建独立的 CRS API Key便于使用统计
3. **超时配置**:对于长时间运行的任务,适当增加 `API_TIMEOUT_MS`
---
## 相关资源
- [CCR 官方文档](https://github.com/musistudio/claude-code-router)

BIN
docs/claude-code-gemini3-guide/model-mapping.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 90 KiB

BIN
docs/images/add-claude-account.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 553 KiB

BIN
docs/images/api-keys-list.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 562 KiB

BIN
docs/images/claude-accounts-list.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.6 MiB

BIN
docs/images/dashboard-overview.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 641 KiB

BIN
docs/images/tutorial.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 346 KiB

47
docs/preview.md Normal file
View File

@@ -0,0 +1,47 @@
# Claude Relay Service 界面预览
<div align="center">
**🎨 Web管理界面截图展示**
</div>
---
## 📊 管理面板概览
### 仪表板
![仪表板](./images/dashboard-overview.png)
*实时显示API调用次数、Token使用量、成本统计等关键指标*
---
## 🔑 API密钥管理
### API密钥列表
![API密钥管理](./images/api-keys-list.png)
*查看和管理所有创建的API密钥包括使用量统计和状态信息*
---
## 👤 Claude账户管理
### 账户列表
![Claude账户列表](./images/claude-accounts-list.png)
*管理多个Claude账户查看账户状态和使用情况*
### 添加新账户
![添加Claude账户](./images/add-claude-account.png)
*通过OAuth授权添加新的Claude账户*
### 使用教程
![使用教程](./images/tutorial.png)
*windows、macos、linux、wsl不同环境的claude code安装教程*
---

BIN
docs/sponsoring/alipay.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 159 KiB

BIN
docs/sponsoring/wechat.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 127 KiB

2019
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

4
package.json
View File

@@ -63,13 +63,10 @@
"https-proxy-agent": "^7.0.2",
"inquirer": "^8.2.6",
"ioredis": "^5.3.2",
"ldapjs": "^3.0.7",
"morgan": "^1.10.0",
"nodemailer": "^7.0.6",
"ora": "^5.4.1",
"rate-limiter-flexible": "^5.0.5",
"socks-proxy-agent": "^8.0.2",
"string-similarity": "^4.0.4",
"table": "^6.8.1",
"uuid": "^9.0.1",
"winston": "^3.11.0",
@@ -83,7 +80,6 @@
"jest": "^29.7.0",
"nodemon": "^3.0.1",
"prettier": "^3.6.2",
"prettier-plugin-tailwindcss": "^0.7.2",
"supertest": "^6.3.3"
},
"engines": {

6357
pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff

10
resources/model-pricing/README.md
View File

@@ -1,11 +1,11 @@
# Model Pricing Data
This directory contains a local copy of the mirrored model pricing data as a fallback mechanism.
This directory contains a local copy of the LiteLLM model pricing data as a fallback mechanism.
## Source
The original file is maintained by the LiteLLM project and mirrored into the `price-mirror` branch of this repository via GitHub Actions:
- Mirror branch (configurable via `PRICE_MIRROR_REPO`): https://raw.githubusercontent.com/<your-repo>/price-mirror/model_prices_and_context_window.json
- Upstream source: https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json
The original file is maintained by the LiteLLM project:
- Repository: https://github.com/BerriAI/litellm
- File: https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json
## Purpose
This local copy serves as a fallback when the remote file cannot be downloaded due to:
@@ -22,7 +22,7 @@ The pricingService will:
3. Log a warning when using the fallback file
## Manual Update
To manually update this file with the latest pricing data (if automation is unavailable):
To manually update this file with the latest pricing data:
```bash
curl -s https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json -o model_prices_and_context_window.json
```

38413
resources/model-pricing/model_prices_and_context_window.json
View File

File diff suppressed because it is too large Load Diff

65
scripts/data-transfer-enhanced.js
View File

@@ -86,33 +86,6 @@ function decryptGeminiData(encryptedData) {
}
}
// API Key 哈希函数与apiKeyService保持一致
function hashApiKey(apiKey) {
if (!apiKey || !config.security.encryptionKey) {
return apiKey
}
return crypto
.createHash('sha256')
.update(apiKey + config.security.encryptionKey)
.digest('hex')
}
// 检查是否为明文API Key通过格式判断不依赖前缀
function isPlaintextApiKey(apiKey) {
if (!apiKey || typeof apiKey !== 'string') {
return false
}
// SHA256哈希值固定为64个十六进制字符如果是哈希值则返回false
if (apiKey.length === 64 && /^[a-f0-9]+$/i.test(apiKey)) {
return false // 已经是哈希值
}
// 其他情况都认为是明文API Key包括sk-ant-、cr_、自定义前缀等
return true
}
// 数据加密函数(用于导入)
function encryptClaudeData(data) {
if (!data || !config.security.encryptionKey) {
@@ -678,13 +651,6 @@ Important Notes:
- If importing decrypted data, it will be re-encrypted automatically
- If importing encrypted data, it will be stored as-is
- Sanitized exports cannot be properly imported (missing sensitive data)
- Automatic handling of plaintext API Keys
* Uses your configured API_KEY_PREFIX from config (sk-, cr_, etc.)
* Automatically detects plaintext vs hashed API Keys by format
* Plaintext API Keys are automatically hashed during import
* Hash mappings are created correctly for plaintext keys
* Supports custom prefixes and legacy format detection
* No manual conversion needed - just import your backup file
Examples:
# Export all data with decryption (for migration)
@@ -693,7 +659,7 @@ Examples:
# Export without decrypting (for backup)
node scripts/data-transfer-enhanced.js export --decrypt=false
# Import data (auto-handles encryption and plaintext API keys)
# Import data (auto-handles encryption)
node scripts/data-transfer-enhanced.js import --input=backup.json
# Import with force overwrite
@@ -807,26 +773,6 @@ async function importData() {
const apiKeyData = { ...apiKey }
delete apiKeyData.usageStats
// 检查并处理API Key哈希
let plainTextApiKey = null
let hashedApiKey = null
if (apiKeyData.apiKey && isPlaintextApiKey(apiKeyData.apiKey)) {
// 如果是明文API Key保存明文并计算哈希
plainTextApiKey = apiKeyData.apiKey
hashedApiKey = hashApiKey(plainTextApiKey)
logger.info(`🔐 Detected plaintext API Key for: ${apiKey.name} (${apiKey.id})`)
} else if (apiKeyData.apiKey) {
// 如果已经是哈希值,直接使用
hashedApiKey = apiKeyData.apiKey
logger.info(`🔍 Using existing hashed API Key for: ${apiKey.name} (${apiKey.id})`)
}
// API Key字段始终存储哈希值
if (hashedApiKey) {
apiKeyData.apiKey = hashedApiKey
}
// 使用 hset 存储到哈希表
const pipeline = redis.client.pipeline()
for (const [field, value] of Object.entries(apiKeyData)) {
@@ -834,12 +780,9 @@ async function importData() {
}
await pipeline.exec()
// 更新哈希映射hash_map的key必须是哈希值
if (!importDataObj.metadata.sanitized && hashedApiKey) {
await redis.client.hset('apikey:hash_map', hashedApiKey, apiKey.id)
logger.info(
`📝 Updated hash mapping: ${hashedApiKey.substring(0, 8)}... -> ${apiKey.id}`
)
// 更新哈希映射
if (apiKey.apiKey && !importDataObj.metadata.sanitized) {
await redis.client.hset('apikey:hash_map', apiKey.apiKey, apiKey.id)
}
// 导入使用统计数据

221
scripts/data-transfer.js
View File

@@ -84,214 +84,16 @@ function sanitizeData(data, type) {
return sanitized
}
// CSV 字段映射配置
const CSV_FIELD_MAPPING = {
// 基本信息
id: 'ID',
name: '名称',
description: '描述',
isActive: '状态',
createdAt: '创建时间',
lastUsedAt: '最后使用时间',
createdBy: '创建者',
// API Key 信息
apiKey: 'API密钥',
tokenLimit: '令牌限制',
// 过期设置
expirationMode: '过期模式',
expiresAt: '过期时间',
activationDays: '激活天数',
activationUnit: '激活单位',
isActivated: '已激活',
activatedAt: '激活时间',
// 权限设置
permissions: '服务权限',
// 限制设置
rateLimitWindow: '速率窗口(分钟)',
rateLimitRequests: '请求次数限制',
rateLimitCost: '费用限制(美元)',
concurrencyLimit: '并发限制',
dailyCostLimit: '日费用限制(美元)',
totalCostLimit: '总费用限制(美元)',
weeklyOpusCostLimit: '周Opus费用限制(美元)',
// 账户绑定
claudeAccountId: 'Claude专属账户',
claudeConsoleAccountId: 'Claude控制台账户',
geminiAccountId: 'Gemini专属账户',
openaiAccountId: 'OpenAI专属账户',
azureOpenaiAccountId: 'Azure OpenAI专属账户',
bedrockAccountId: 'Bedrock专属账户',
// 限制配置
enableModelRestriction: '启用模型限制',
restrictedModels: '限制的模型',
enableClientRestriction: '启用客户端限制',
allowedClients: '允许的客户端',
// 标签和用户
tags: '标签',
userId: '用户ID',
userUsername: '用户名',
// 其他信息
icon: '图标'
}
// 数据格式化函数
function formatCSVValue(key, value, shouldSanitize = false) {
if (!value || value === '' || value === 'null' || value === 'undefined') {
return ''
}
switch (key) {
case 'apiKey':
if (shouldSanitize && value.length > 10) {
return `${value.substring(0, 10)}...[已脱敏]`
}
return value
case 'isActive':
case 'isActivated':
case 'enableModelRestriction':
case 'enableClientRestriction':
return value === 'true' ? '是' : '否'
case 'expirationMode':
return value === 'activation' ? '首次使用后激活' : value === 'fixed' ? '固定时间' : value
case 'activationUnit':
return value === 'hours' ? '小时' : value === 'days' ? '天' : value
case 'permissions':
switch (value) {
case 'all':
return '全部服务'
case 'claude':
return '仅Claude'
case 'gemini':
return '仅Gemini'
case 'openai':
return '仅OpenAI'
default:
return value
}
case 'restrictedModels':
case 'allowedClients':
case 'tags':
try {
const parsed = JSON.parse(value)
return Array.isArray(parsed) ? parsed.join('; ') : value
} catch {
return value
}
case 'createdAt':
case 'lastUsedAt':
case 'activatedAt':
case 'expiresAt':
if (value) {
try {
return new Date(value).toLocaleString('zh-CN', {
year: 'numeric',
month: '2-digit',
day: '2-digit',
hour: '2-digit',
minute: '2-digit',
second: '2-digit'
})
} catch {
return value
}
}
return ''
case 'rateLimitWindow':
case 'rateLimitRequests':
case 'concurrencyLimit':
case 'activationDays':
case 'tokenLimit':
return value === '0' || value === 0 ? '无限制' : value
case 'rateLimitCost':
case 'dailyCostLimit':
case 'totalCostLimit':
case 'weeklyOpusCostLimit':
return value === '0' || value === 0 ? '无限制' : `$${value}`
default:
return value
}
}
// 转义 CSV 字段
function escapeCSVField(field) {
if (field === null || field === undefined) {
return ''
}
const str = String(field)
// 如果包含逗号、引号或换行符,需要用引号包围
if (str.includes(',') || str.includes('"') || str.includes('\n') || str.includes('\r')) {
// 先转义引号(双引号变成两个双引号)
const escaped = str.replace(/"/g, '""')
return `"${escaped}"`
}
return str
}
// 转换数据为 CSV 格式
function convertToCSV(exportDataObj, shouldSanitize = false) {
if (!exportDataObj.data.apiKeys || exportDataObj.data.apiKeys.length === 0) {
throw new Error('CSV format only supports API Keys export. Please use --types=apikeys')
}
const { apiKeys } = exportDataObj.data
const fields = Object.keys(CSV_FIELD_MAPPING)
const headers = Object.values(CSV_FIELD_MAPPING)
// 生成标题行
const csvLines = [headers.map(escapeCSVField).join(',')]
// 生成数据行
for (const apiKey of apiKeys) {
const row = fields.map((field) => {
const value = formatCSVValue(field, apiKey[field], shouldSanitize)
return escapeCSVField(value)
})
csvLines.push(row.join(','))
}
return csvLines.join('\n')
}
// 导出数据
async function exportData() {
try {
const format = params.format || 'json'
const fileExtension = format === 'csv' ? '.csv' : '.json'
const defaultFileName = `backup-${new Date().toISOString().split('T')[0]}${fileExtension}`
const outputFile = params.output || defaultFileName
const outputFile = params.output || `backup-${new Date().toISOString().split('T')[0]}.json`
const types = params.types ? params.types.split(',') : ['all']
const shouldSanitize = params.sanitize === true
// CSV 格式验证
if (format === 'csv' && !types.includes('apikeys') && !types.includes('all')) {
logger.error('❌ CSV format only supports API Keys export. Please use --types=apikeys')
process.exit(1)
}
logger.info('🔄 Starting data export...')
logger.info(`📁 Output file: ${outputFile}`)
logger.info(`📋 Data types: ${types.join(', ')}`)
logger.info(`📄 Output format: ${format.toUpperCase()}`)
logger.info(`🔒 Sanitize sensitive data: ${shouldSanitize ? 'YES' : 'NO'}`)
// 连接 Redis
@@ -401,16 +203,8 @@ async function exportData() {
logger.success(`✅ Exported ${admins.length} admins`)
}
// 根据格式写入文件
let fileContent
if (format === 'csv') {
fileContent = convertToCSV(exportDataObj, shouldSanitize)
// 添加 UTF-8 BOM 以便 Excel 正确识别中文
fileContent = `\ufeff${fileContent}`
await fs.writeFile(outputFile, fileContent, 'utf8')
} else {
await fs.writeFile(outputFile, JSON.stringify(exportDataObj, null, 2))
}
// 写入文件
await fs.writeFile(outputFile, JSON.stringify(exportData, null, 2))
// 显示导出摘要
console.log(`\n${'='.repeat(60)}`)
@@ -677,9 +471,8 @@ Commands:
import Import data from a JSON file to Redis
Export Options:
--output=FILE Output filename (default: backup-YYYY-MM-DD.json/.csv)
--output=FILE Output filename (default: backup-YYYY-MM-DD.json)
--types=TYPE,... Data types to export: apikeys,accounts,admins,all (default: all)
--format=FORMAT Output format: json,csv (default: json)
--sanitize Remove sensitive data from export
Import Options:
@@ -699,12 +492,6 @@ Examples:
# Export specific data types
node scripts/data-transfer.js export --types=apikeys,accounts --output=prod-data.json
# Export API keys to CSV format
node scripts/data-transfer.js export --types=apikeys --format=csv --sanitize
# Export to CSV with custom filename
node scripts/data-transfer.js export --types=apikeys --format=csv --output=api-keys.csv
`)
}

2
scripts/manage.js
View File

@@ -185,7 +185,7 @@ class ServiceManager {
restart(daemon = false) {
console.log('🔄 重启服务...')
this.stop()
// 等待停止完成
setTimeout(() => {
this.start(daemon)

147
scripts/manage.sh
View File

@@ -288,12 +288,12 @@ check_redis() {
# 测试Redis连接
print_info "测试 Redis 连接..."
if command_exists redis-cli; then
local redis_args=(-h "$REDIS_HOST" -p "$REDIS_PORT")
local redis_test_cmd="redis-cli -h $REDIS_HOST -p $REDIS_PORT"
if [ -n "$REDIS_PASSWORD" ]; then
redis_args+=(-a "$REDIS_PASSWORD")
redis_test_cmd="$redis_test_cmd -a '$REDIS_PASSWORD'"
fi
if redis-cli "${redis_args[@]}" ping 2>/dev/null | grep -q "PONG"; then
if $redis_test_cmd ping 2>/dev/null | grep -q "PONG"; then
print_success "Redis 连接成功"
return 0
else
@@ -363,19 +363,6 @@ check_installation() {
return 1
}
# 将安装路径持久化到本地(用于后续 update/status 自动识别自定义安装目录)
persist_install_path() {
local conf_dir="$HOME/.config/crs"
local conf_file="$conf_dir/install.conf"
mkdir -p "$conf_dir" 2>/dev/null || true
if ! { echo "INSTALL_DIR=\"$INSTALL_DIR\"" > "$conf_file" && echo "APP_DIR=\"$APP_DIR\"" >> "$conf_file"; }; then
print_warning "无法写入 $conf_file,后续 update 可能找不到安装目录"
return 1
fi
return 0
}
# 安装服务
install_service() {
print_info "开始安装 Claude Relay Service..."
@@ -753,9 +740,6 @@ update_service() {
# 更新软链接到最新版本
create_symlink
# 持久化安装路径,便于后续 update/status 自动识别
persist_install_path || true
# 如果之前在运行,则重新启动服务
if [ "$was_running" = true ]; then
print_info "重新启动服务..."
@@ -953,61 +937,15 @@ stop_service() {
# 强制停止所有相关进程
pkill -f "node.*src/app.js" 2>/dev/null || true
# 等待进程完全退出最多等待10秒
local wait_count=0
while pgrep -f "node.*src/app.js" > /dev/null; do
if [ $wait_count -ge 10 ]; then
print_warning "进程停止超时,尝试强制终止..."
pkill -9 -f "node.*src/app.js" 2>/dev/null || true
sleep 1
break
fi
sleep 1
wait_count=$((wait_count + 1))
done
# 最终确认进程已停止
if pgrep -f "node.*src/app.js" > /dev/null; then
print_error "无法完全停止服务进程"
return 1
fi
print_success "服务已停止"
}
# 重启服务
restart_service() {
print_info "重启服务..."
# 停止服务并检查结果
if ! stop_service; then
print_error "停止服务失败"
return 1
fi
# 短暂等待,确保端口释放
sleep 1
# 启动服务,如果失败则重试
local retry_count=0
while [ $retry_count -lt 3 ]; do
# 清除可能的僵尸进程检测
if ! pgrep -f "node.*src/app.js" > /dev/null; then
# 进程确实已停止,可以启动
if start_service; then
return 0
fi
fi
retry_count=$((retry_count + 1))
if [ $retry_count -lt 3 ]; then
print_warning "启动失败等待2秒后重试$retry_count 次)..."
stop_service
sleep 2
fi
done
print_error "重启服务失败"
return 1
start_service
}
# 更新模型价格
@@ -1647,88 +1585,31 @@ create_symlink() {
# 加载已安装的配置
load_config() {
# 1) 优先使用外部显式提供的 APP_DIR
if [ -n "$APP_DIR" ] && [ -f "$APP_DIR/package.json" ]; then
:
else
# 2) 若提供了 INSTALL_DIR则据此推导 APP_DIR
if [ -n "$INSTALL_DIR" ]; then
if [ -d "$INSTALL_DIR/app" ] && [ -f "$INSTALL_DIR/app/package.json" ]; then
APP_DIR="$INSTALL_DIR/app"
elif [ -f "$INSTALL_DIR/package.json" ]; then
APP_DIR="$INSTALL_DIR"
fi
fi
# 3) 尝试从持久化配置读取安装位置
if [ -z "$APP_DIR" ]; then
local conf_file="$HOME/.config/crs/install.conf"
if [ -f "$conf_file" ]; then
local conf_install_dir
local conf_app_dir
conf_install_dir=$(awk -F= '/^INSTALL_DIR=/{sub(/^"/,"",$2); sub(/"$/, "", $2); print $2}' "$conf_file" 2>/dev/null)
conf_app_dir=$(awk -F= '/^APP_DIR=/{sub(/^"/,"",$2); sub(/"$/, "", $2); print $2}' "$conf_file" 2>/dev/null)
if [ -n "$conf_app_dir" ] && [ -f "$conf_app_dir/package.json" ]; then
APP_DIR="$conf_app_dir"
[ -z "$INSTALL_DIR" ] && INSTALL_DIR="$(cd "$conf_app_dir/.." 2>/dev/null && pwd)"
elif [ -n "$conf_install_dir" ]; then
if [ -d "$conf_install_dir/app" ] && [ -f "$conf_install_dir/app/package.json" ]; then
INSTALL_DIR="$conf_install_dir"
APP_DIR="$conf_install_dir/app"
elif [ -f "$conf_install_dir/package.json" ]; then
INSTALL_DIR="$conf_install_dir"
APP_DIR="$conf_install_dir"
fi
fi
fi
fi
# 4) 基于脚本自身路径推导(处理从 app/scripts/manage.sh 或软链调用的情形)
if [ -z "$APP_DIR" ]; then
local script_path=""
if [ -n "$APP_DIR" ] && [ -f "$APP_DIR/scripts/manage.sh" ]; then
script_path="$APP_DIR/scripts/manage.sh"
elif command_exists realpath; then
script_path="$(realpath "$0" 2>/dev/null)"
elif command_exists readlink && readlink -f "$0" >/dev/null 2>&1; then
script_path="$(readlink -f "$0")"
else
script_path="$(cd "$(dirname "$0")" && pwd)/$(basename "$0")"
fi
local script_dir="$(cd "$(dirname "$script_path")" && pwd)"
local parent_dir="$(cd "$script_dir/.." && pwd)"
if [ -f "$parent_dir/package.json" ]; then
APP_DIR="$parent_dir"
INSTALL_DIR="$(cd "$parent_dir/.." 2>/dev/null && pwd)"
elif [ -f "$parent_dir/app/package.json" ]; then
APP_DIR="$parent_dir/app"
INSTALL_DIR="$parent_dir"
fi
fi
# 5) 退回到默认目录逻辑
# 尝试找到安装目录
if [ -z "$INSTALL_DIR" ]; then
if [ -d "$DEFAULT_INSTALL_DIR" ]; then
INSTALL_DIR="$DEFAULT_INSTALL_DIR"
fi
fi
if [ -n "$INSTALL_DIR" ] && [ -z "$APP_DIR" ]; then
if [ -n "$INSTALL_DIR" ]; then
# 检查是否使用了标准的安装结构(项目在 app 子目录)
if [ -d "$INSTALL_DIR/app" ] && [ -f "$INSTALL_DIR/app/package.json" ]; then
APP_DIR="$INSTALL_DIR/app"
# 检查是否直接克隆了项目(项目在根目录)
elif [ -f "$INSTALL_DIR/package.json" ]; then
APP_DIR="$INSTALL_DIR"
else
APP_DIR="$INSTALL_DIR/app"
fi
fi
fi
# 6) 加载 .env 配置(如存在)
if [ -n "$APP_DIR" ] && [ -f "$APP_DIR/.env" ]; then
# 加载.env配置
if [ -f "$APP_DIR/.env" ]; then
export $(cat "$APP_DIR/.env" | grep -v '^#' | xargs)
# 特别加载端口配置
APP_PORT=$(grep "^PORT=" "$APP_DIR/.env" 2>/dev/null | cut -d'=' -f2)
fi
fi
}
# 主函数

340
scripts/test-billing-events.js
View File

@@ -1,340 +0,0 @@
#!/usr/bin/env node
/**
* 计费事件测试脚本
*
* 用于测试计费事件的发布和消费功能
*
* 使用方法:
* node scripts/test-billing-events.js [command]
*
* 命令:
* publish - 发布测试事件
* consume - 消费事件(测试模式)
* info - 查看队列状态
* clear - 清空队列(危险操作)
*/
const path = require('path')
const Redis = require('ioredis')
// 加载配置
require('dotenv').config({ path: path.join(__dirname, '../.env') })
const config = {
host: process.env.REDIS_HOST || 'localhost',
port: parseInt(process.env.REDIS_PORT) || 6379,
password: process.env.REDIS_PASSWORD || '',
db: parseInt(process.env.REDIS_DB) || 0
}
const redis = new Redis(config)
const STREAM_KEY = 'billing:events'
// ========================================
// 命令实现
// ========================================
/**
* 发布测试事件
*/
async function publishTestEvent() {
console.log('📤 Publishing test billing event...')
const testEvent = {
eventId: `test-${Date.now()}-${Math.random().toString(36).substr(2, 9)}`,
eventType: 'usage.recorded',
timestamp: new Date().toISOString(),
version: '1.0',
apiKey: {
id: 'test-key-123',
name: 'Test API Key',
userId: 'test-user-456'
},
usage: {
model: 'claude-sonnet-4-20250514',
inputTokens: 1500,
outputTokens: 800,
cacheCreateTokens: 200,
cacheReadTokens: 100,
ephemeral5mTokens: 150,
ephemeral1hTokens: 50,
totalTokens: 2600
},
cost: {
total: 0.0156,
currency: 'USD',
breakdown: {
input: 0.0045,
output: 0.012,
cacheCreate: 0.00075,
cacheRead: 0.00003,
ephemeral5m: 0.0005625,
ephemeral1h: 0.0001875
}
},
account: {
id: 'test-account-789',
type: 'claude-official'
},
context: {
isLongContext: false,
requestTimestamp: new Date().toISOString()
}
}
try {
const messageId = await redis.xadd(
STREAM_KEY,
'MAXLEN',
'~',
100000,
'*',
'data',
JSON.stringify(testEvent)
)
console.log('✅ Event published successfully!')
console.log(` Message ID: ${messageId}`)
console.log(` Event ID: ${testEvent.eventId}`)
console.log(` Cost: $${testEvent.cost.total}`)
} catch (error) {
console.error('❌ Failed to publish event:', error.message)
process.exit(1)
}
}
/**
* 消费事件(测试模式,不创建消费者组)
*/
async function consumeTestEvents() {
console.log('📬 Consuming test events...')
console.log(' Press Ctrl+C to stop\n')
let isRunning = true
process.on('SIGINT', () => {
console.log('\n⏹ Stopping consumer...')
isRunning = false
})
let lastId = '0' // 从头开始
while (isRunning) {
try {
// 使用 XREAD 而不是 XREADGROUP测试模式
const messages = await redis.xread('BLOCK', 5000, 'COUNT', 10, 'STREAMS', STREAM_KEY, lastId)
if (!messages || messages.length === 0) {
continue
}
const [streamKey, entries] = messages[0]
console.log(`📬 Received ${entries.length} messages from ${streamKey}\n`)
for (const [messageId, fields] of entries) {
try {
const data = {}
for (let i = 0; i < fields.length; i += 2) {
data[fields[i]] = fields[i + 1]
}
const event = JSON.parse(data.data)
console.log(`📊 Event: ${event.eventId}`)
console.log(` API Key: ${event.apiKey.name} (${event.apiKey.id})`)
console.log(` Model: ${event.usage.model}`)
console.log(` Tokens: ${event.usage.totalTokens}`)
console.log(` Cost: $${event.cost.total.toFixed(6)}`)
console.log(` Timestamp: ${event.timestamp}`)
console.log('')
lastId = messageId // 更新位置
} catch (parseError) {
console.error(`❌ Failed to parse message ${messageId}:`, parseError.message)
}
}
} catch (error) {
if (isRunning) {
console.error('❌ Error consuming messages:', error.message)
await new Promise((resolve) => setTimeout(resolve, 5000))
}
}
}
console.log('👋 Consumer stopped')
}
/**
* 查看队列状态
*/
async function showQueueInfo() {
console.log('📊 Queue Information\n')
try {
// Stream 长度
const length = await redis.xlen(STREAM_KEY)
console.log(`Stream: ${STREAM_KEY}`)
console.log(`Length: ${length} messages\n`)
if (length === 0) {
console.log(' Queue is empty')
return
}
// Stream 详细信息
const info = await redis.xinfo('STREAM', STREAM_KEY)
const infoObj = {}
for (let i = 0; i < info.length; i += 2) {
infoObj[info[i]] = info[i + 1]
}
console.log('Stream Details:')
console.log(` First Entry ID: ${infoObj['first-entry'] ? infoObj['first-entry'][0] : 'N/A'}`)
console.log(` Last Entry ID: ${infoObj['last-entry'] ? infoObj['last-entry'][0] : 'N/A'}`)
console.log(` Consumer Groups: ${infoObj.groups || 0}\n`)
// 消费者组信息
if (infoObj.groups > 0) {
console.log('Consumer Groups:')
const groups = await redis.xinfo('GROUPS', STREAM_KEY)
for (let i = 0; i < groups.length; i++) {
const group = groups[i]
const groupObj = {}
for (let j = 0; j < group.length; j += 2) {
groupObj[group[j]] = group[j + 1]
}
console.log(`\n Group: ${groupObj.name}`)
console.log(` Consumers: ${groupObj.consumers}`)
console.log(` Pending: ${groupObj.pending}`)
console.log(` Last Delivered ID: ${groupObj['last-delivered-id']}`)
// 消费者详情
if (groupObj.consumers > 0) {
const consumers = await redis.xinfo('CONSUMERS', STREAM_KEY, groupObj.name)
console.log(' Consumer Details:')
for (let k = 0; k < consumers.length; k++) {
const consumer = consumers[k]
const consumerObj = {}
for (let l = 0; l < consumer.length; l += 2) {
consumerObj[consumer[l]] = consumer[l + 1]
}
console.log(` - ${consumerObj.name}`)
console.log(` Pending: ${consumerObj.pending}`)
console.log(` Idle: ${Math.round(consumerObj.idle / 1000)}s`)
}
}
}
}
// 最新 5 条消息
console.log('\n📬 Latest 5 Messages:')
const latest = await redis.xrevrange(STREAM_KEY, '+', '-', 'COUNT', 5)
if (latest.length === 0) {
console.log(' No messages')
} else {
for (const [messageId, fields] of latest) {
const data = {}
for (let i = 0; i < fields.length; i += 2) {
data[fields[i]] = fields[i + 1]
}
try {
const event = JSON.parse(data.data)
console.log(`\n ${messageId}`)
console.log(` Event ID: ${event.eventId}`)
console.log(` Model: ${event.usage.model}`)
console.log(` Cost: $${event.cost.total.toFixed(6)}`)
console.log(` Time: ${event.timestamp}`)
} catch (e) {
console.log(`\n ${messageId} (Parse Error)`)
}
}
}
} catch (error) {
console.error('❌ Failed to get queue info:', error.message)
process.exit(1)
}
}
/**
* 清空队列(危险操作)
*/
async function clearQueue() {
console.log('⚠️ WARNING: This will delete all messages in the queue!')
console.log(` Stream: ${STREAM_KEY}`)
// 简单的确认机制
const readline = require('readline')
const rl = readline.createInterface({
input: process.stdin,
output: process.stdout
})
rl.question('Type "yes" to confirm: ', async (answer) => {
if (answer.toLowerCase() === 'yes') {
try {
await redis.del(STREAM_KEY)
console.log('✅ Queue cleared successfully')
} catch (error) {
console.error('❌ Failed to clear queue:', error.message)
}
} else {
console.log('❌ Operation cancelled')
}
rl.close()
redis.quit()
})
}
// ========================================
// CLI 处理
// ========================================
async function main() {
const command = process.argv[2] || 'info'
console.log('🔧 Billing Events Test Tool\n')
try {
switch (command) {
case 'publish':
await publishTestEvent()
break
case 'consume':
await consumeTestEvents()
break
case 'info':
await showQueueInfo()
break
case 'clear':
await clearQueue()
return // clearQueue 会自己关闭连接
default:
console.error(`❌ Unknown command: ${command}`)
console.log('\nAvailable commands:')
console.log(' publish - Publish a test event')
console.log(' consume - Consume events (test mode)')
console.log(' info - Show queue status')
console.log(' clear - Clear the queue (dangerous)')
process.exit(1)
}
await redis.quit()
} catch (error) {
console.error('💥 Fatal error:', error)
await redis.quit()
process.exit(1)
}
}
main()

379
scripts/test-multi-group.js Normal file
View File

@@ -0,0 +1,379 @@
/**
* 多分组功能测试脚本
* 测试一个账户可以属于多个分组的功能
*/
require('dotenv').config()
const redis = require('../src/models/redis')
const accountGroupService = require('../src/services/accountGroupService')
const claudeAccountService = require('../src/services/claudeAccountService')
// 测试配置
const TEST_PREFIX = 'multi_group_test_'
const CLEANUP_ON_FINISH = true
// 测试数据存储
const testData = {
groups: [],
accounts: []
}
// 颜色输出
const colors = {
green: '\x1b[32m',
red: '\x1b[31m',
yellow: '\x1b[33m',
blue: '\x1b[34m',
reset: '\x1b[0m'
}
function log(message, type = 'info') {
const color =
{
success: colors.green,
error: colors.red,
warning: colors.yellow,
info: colors.blue
}[type] || colors.reset
console.log(`${color}${message}${colors.reset}`)
}
async function sleep(ms) {
return new Promise((resolve) => setTimeout(resolve, ms))
}
// 清理测试数据
async function cleanup() {
log('\n🧹 清理测试数据...', 'info')
// 删除测试账户
for (const account of testData.accounts) {
try {
await claudeAccountService.deleteAccount(account.id)
log(`✅ 删除测试账户: ${account.name}`, 'success')
} catch (error) {
log(`❌ 删除账户失败: ${error.message}`, 'error')
}
}
// 删除测试分组
for (const group of testData.groups) {
try {
// 先移除所有成员
const members = await accountGroupService.getGroupMembers(group.id)
for (const memberId of members) {
await accountGroupService.removeAccountFromGroup(memberId, group.id)
}
await accountGroupService.deleteGroup(group.id)
log(`✅ 删除测试分组: ${group.name}`, 'success')
} catch (error) {
log(`❌ 删除分组失败: ${error.message}`, 'error')
}
}
}
// 测试1: 创建测试数据
async function test1_createTestData() {
log('\n📝 测试1: 创建测试数据', 'info')
try {
// 创建3个测试分组
const group1 = await accountGroupService.createGroup({
name: `${TEST_PREFIX}高优先级组`,
platform: 'claude',
description: '高优先级账户分组'
})
testData.groups.push(group1)
log(`✅ 创建分组1: ${group1.name}`, 'success')
const group2 = await accountGroupService.createGroup({
name: `${TEST_PREFIX}备用组`,
platform: 'claude',
description: '备用账户分组'
})
testData.groups.push(group2)
log(`✅ 创建分组2: ${group2.name}`, 'success')
const group3 = await accountGroupService.createGroup({
name: `${TEST_PREFIX}专用组`,
platform: 'claude',
description: '专用账户分组'
})
testData.groups.push(group3)
log(`✅ 创建分组3: ${group3.name}`, 'success')
// 创建测试账户
const account1 = await claudeAccountService.createAccount({
name: `${TEST_PREFIX}测试账户1`,
email: 'test1@example.com',
refreshToken: 'test_refresh_token_1',
accountType: 'group'
})
testData.accounts.push(account1)
log(`✅ 创建测试账户1: ${account1.name}`, 'success')
const account2 = await claudeAccountService.createAccount({
name: `${TEST_PREFIX}测试账户2`,
email: 'test2@example.com',
refreshToken: 'test_refresh_token_2',
accountType: 'group'
})
testData.accounts.push(account2)
log(`✅ 创建测试账户2: ${account2.name}`, 'success')
log(`✅ 测试数据创建完成: 3个分组, 2个账户`, 'success')
} catch (error) {
log(`❌ 测试1失败: ${error.message}`, 'error')
throw error
}
}
// 测试2: 账户加入多个分组
async function test2_addAccountToMultipleGroups() {
log('\n📝 测试2: 账户加入多个分组', 'info')
try {
const [group1, group2, group3] = testData.groups
const [account1, account2] = testData.accounts
// 账户1加入分组1和分组2
await accountGroupService.addAccountToGroup(account1.id, group1.id, 'claude')
log(`✅ 账户1加入分组1: ${group1.name}`, 'success')
await accountGroupService.addAccountToGroup(account1.id, group2.id, 'claude')
log(`✅ 账户1加入分组2: ${group2.name}`, 'success')
// 账户2加入分组2和分组3
await accountGroupService.addAccountToGroup(account2.id, group2.id, 'claude')
log(`✅ 账户2加入分组2: ${group2.name}`, 'success')
await accountGroupService.addAccountToGroup(account2.id, group3.id, 'claude')
log(`✅ 账户2加入分组3: ${group3.name}`, 'success')
log(`✅ 多分组关系建立完成`, 'success')
} catch (error) {
log(`❌ 测试2失败: ${error.message}`, 'error')
throw error
}
}
// 测试3: 验证多分组关系
async function test3_verifyMultiGroupRelationships() {
log('\n📝 测试3: 验证多分组关系', 'info')
try {
const [group1, group2, group3] = testData.groups
const [account1, account2] = testData.accounts
// 验证账户1的分组关系
const account1Groups = await accountGroupService.getAccountGroup(account1.id)
log(`📊 账户1所属分组数量: ${account1Groups.length}`, 'info')
const account1GroupNames = account1Groups.map((g) => g.name).sort()
const expectedAccount1Groups = [group1.name, group2.name].sort()
if (JSON.stringify(account1GroupNames) === JSON.stringify(expectedAccount1Groups)) {
log(`✅ 账户1分组关系正确: [${account1GroupNames.join(', ')}]`, 'success')
} else {
throw new Error(
`账户1分组关系错误期望: [${expectedAccount1Groups.join(', ')}], 实际: [${account1GroupNames.join(', ')}]`
)
}
// 验证账户2的分组关系
const account2Groups = await accountGroupService.getAccountGroup(account2.id)
log(`📊 账户2所属分组数量: ${account2Groups.length}`, 'info')
const account2GroupNames = account2Groups.map((g) => g.name).sort()
const expectedAccount2Groups = [group2.name, group3.name].sort()
if (JSON.stringify(account2GroupNames) === JSON.stringify(expectedAccount2Groups)) {
log(`✅ 账户2分组关系正确: [${account2GroupNames.join(', ')}]`, 'success')
} else {
throw new Error(
`账户2分组关系错误期望: [${expectedAccount2Groups.join(', ')}], 实际: [${account2GroupNames.join(', ')}]`
)
}
log(`✅ 多分组关系验证通过`, 'success')
} catch (error) {
log(`❌ 测试3失败: ${error.message}`, 'error')
throw error
}
}
// 测试4: 验证分组成员关系
async function test4_verifyGroupMemberships() {
log('\n📝 测试4: 验证分组成员关系', 'info')
try {
const [group1, group2, group3] = testData.groups
const [account1, account2] = testData.accounts
// 验证分组1的成员
const group1Members = await accountGroupService.getGroupMembers(group1.id)
if (group1Members.includes(account1.id) && group1Members.length === 1) {
log(`✅ 分组1成员正确: [${account1.name}]`, 'success')
} else {
throw new Error(`分组1成员错误期望: [${account1.id}], 实际: [${group1Members.join(', ')}]`)
}
// 验证分组2的成员应该包含两个账户
const group2Members = await accountGroupService.getGroupMembers(group2.id)
const expectedGroup2Members = [account1.id, account2.id].sort()
const actualGroup2Members = group2Members.sort()
if (JSON.stringify(actualGroup2Members) === JSON.stringify(expectedGroup2Members)) {
log(`✅ 分组2成员正确: [${account1.name}, ${account2.name}]`, 'success')
} else {
throw new Error(
`分组2成员错误期望: [${expectedGroup2Members.join(', ')}], 实际: [${actualGroup2Members.join(', ')}]`
)
}
// 验证分组3的成员
const group3Members = await accountGroupService.getGroupMembers(group3.id)
if (group3Members.includes(account2.id) && group3Members.length === 1) {
log(`✅ 分组3成员正确: [${account2.name}]`, 'success')
} else {
throw new Error(`分组3成员错误期望: [${account2.id}], 实际: [${group3Members.join(', ')}]`)
}
log(`✅ 分组成员关系验证通过`, 'success')
} catch (error) {
log(`❌ 测试4失败: ${error.message}`, 'error')
throw error
}
}
// 测试5: 从部分分组中移除账户
async function test5_removeFromPartialGroups() {
log('\n📝 测试5: 从部分分组中移除账户', 'info')
try {
const [group1, group2] = testData.groups
const [account1] = testData.accounts
// 将账户1从分组1中移除但仍在分组2中
await accountGroupService.removeAccountFromGroup(account1.id, group1.id)
log(`✅ 从分组1中移除账户1`, 'success')
// 验证账户1现在只属于分组2
const account1Groups = await accountGroupService.getAccountGroup(account1.id)
if (account1Groups.length === 1 && account1Groups[0].id === group2.id) {
log(`✅ 账户1现在只属于分组2: ${account1Groups[0].name}`, 'success')
} else {
const groupNames = account1Groups.map((g) => g.name)
throw new Error(`账户1分组状态错误期望只在分组2中实际: [${groupNames.join(', ')}]`)
}
// 验证分组1现在为空
const group1Members = await accountGroupService.getGroupMembers(group1.id)
if (group1Members.length === 0) {
log(`✅ 分组1现在为空`, 'success')
} else {
throw new Error(`分组1应该为空但还有成员: [${group1Members.join(', ')}]`)
}
// 验证分组2仍有两个成员
const group2Members = await accountGroupService.getGroupMembers(group2.id)
if (group2Members.length === 2) {
log(`✅ 分组2仍有两个成员`, 'success')
} else {
throw new Error(`分组2应该有2个成员实际: ${group2Members.length}`)
}
log(`✅ 部分移除测试通过`, 'success')
} catch (error) {
log(`❌ 测试5失败: ${error.message}`, 'error')
throw error
}
}
// 测试6: 账户完全移除时的分组清理
async function test6_accountDeletionGroupCleanup() {
log('\n📝 测试6: 账户删除时的分组清理', 'info')
try {
const [, group2, group3] = testData.groups // 跳过第一个元素
const [account1, account2] = testData.accounts
// 记录删除前的状态
const beforeGroup2Members = await accountGroupService.getGroupMembers(group2.id)
const beforeGroup3Members = await accountGroupService.getGroupMembers(group3.id)
log(`📊 删除前分组2成员数: ${beforeGroup2Members.length}`, 'info')
log(`📊 删除前分组3成员数: ${beforeGroup3Members.length}`, 'info')
// 删除账户2这应该会触发从所有分组中移除的逻辑
await claudeAccountService.deleteAccount(account2.id)
log(`✅ 删除账户2: ${account2.name}`, 'success')
// 从测试数据中移除避免cleanup时重复删除
testData.accounts = testData.accounts.filter((acc) => acc.id !== account2.id)
// 等待一下确保删除操作完成
await sleep(500)
// 验证分组2现在只有账户1
const afterGroup2Members = await accountGroupService.getGroupMembers(group2.id)
if (afterGroup2Members.length === 1 && afterGroup2Members[0] === account1.id) {
log(`✅ 分组2现在只有账户1`, 'success')
} else {
throw new Error(`分组2成员状态错误期望只有账户1实际: [${afterGroup2Members.join(', ')}]`)
}
// 验证分组3现在为空
const afterGroup3Members = await accountGroupService.getGroupMembers(group3.id)
if (afterGroup3Members.length === 0) {
log(`✅ 分组3现在为空`, 'success')
} else {
throw new Error(`分组3应该为空但还有成员: [${afterGroup3Members.join(', ')}]`)
}
log(`✅ 账户删除的分组清理测试通过`, 'success')
} catch (error) {
log(`❌ 测试6失败: ${error.message}`, 'error')
throw error
}
}
// 主测试函数
async function runTests() {
log('\n🚀 开始多分组功能测试\n', 'info')
try {
// 连接Redis
await redis.connect()
log('✅ Redis连接成功', 'success')
// 执行测试
await test1_createTestData()
await test2_addAccountToMultipleGroups()
await test3_verifyMultiGroupRelationships()
await test4_verifyGroupMemberships()
await test5_removeFromPartialGroups()
await test6_accountDeletionGroupCleanup()
log('\n🎉 所有测试通过!多分组功能工作正常', 'success')
} catch (error) {
log(`\n❌ 测试失败: ${error.message}`, 'error')
console.error(error)
} finally {
// 清理测试数据
if (CLEANUP_ON_FINISH) {
await cleanup()
} else {
log('\n⚠ 测试数据未清理,请手动清理', 'warning')
}
// 关闭Redis连接
await redis.disconnect()
process.exit(0)
}
}
// 运行测试
runTests()

108
scripts/test-official-models.js
View File

@@ -1,108 +0,0 @@
#!/usr/bin/env node
/**
* 官方模型版本识别测试 - 最终版 v2
*/
const { isOpus45OrNewer } = require('../src/utils/modelHelper')
// 官方模型
const officialModels = [
{ name: 'claude-3-opus-20240229', desc: 'Opus 3 (已弃用)', expectPro: false },
{ name: 'claude-opus-4-20250514', desc: 'Opus 4.0', expectPro: false },
{ name: 'claude-opus-4-1-20250805', desc: 'Opus 4.1', expectPro: false },
{ name: 'claude-opus-4-5-20251101', desc: 'Opus 4.5', expectPro: true }
]
// 非 Opus 模型
const nonOpusModels = [
{ name: 'claude-sonnet-4-20250514', desc: 'Sonnet 4' },
{ name: 'claude-sonnet-4-5-20250929', desc: 'Sonnet 4.5' },
{ name: 'claude-haiku-4-5-20251001', desc: 'Haiku 4.5' },
{ name: 'claude-3-5-haiku-20241022', desc: 'Haiku 3.5' },
{ name: 'claude-3-haiku-20240307', desc: 'Haiku 3' },
{ name: 'claude-3-7-sonnet-20250219', desc: 'Sonnet 3.7 (已弃用)' }
]
// 其他格式测试
const otherFormats = [
{ name: 'claude-opus-4.5', expected: true, desc: 'Opus 4.5 点分隔' },
{ name: 'claude-opus-4-5', expected: true, desc: 'Opus 4.5 横线分隔' },
{ name: 'opus-4.5', expected: true, desc: 'Opus 4.5 无前缀' },
{ name: 'opus-4-5', expected: true, desc: 'Opus 4-5 无前缀' },
{ name: 'opus-latest', expected: true, desc: 'Opus latest' },
{ name: 'claude-opus-5', expected: true, desc: 'Opus 5 (未来)' },
{ name: 'claude-opus-5-0', expected: true, desc: 'Opus 5.0 (未来)' },
{ name: 'opus-4.0', expected: false, desc: 'Opus 4.0' },
{ name: 'opus-4.1', expected: false, desc: 'Opus 4.1' },
{ name: 'opus-4.4', expected: false, desc: 'Opus 4.4' },
{ name: 'opus-4', expected: false, desc: 'Opus 4' },
{ name: 'opus-4-0', expected: false, desc: 'Opus 4-0' },
{ name: 'opus-4-1', expected: false, desc: 'Opus 4-1' },
{ name: 'opus-4-4', expected: false, desc: 'Opus 4-4' },
{ name: 'opus', expected: false, desc: '仅 opus' },
{ name: null, expected: false, desc: 'null' },
{ name: '', expected: false, desc: '空字符串' }
]
console.log('='.repeat(90))
console.log('官方模型版本识别测试 - 最终版 v2')
console.log('='.repeat(90))
console.log()
let passed = 0
let failed = 0
// 测试官方 Opus 模型
console.log('📌 官方 Opus 模型:')
for (const m of officialModels) {
const result = isOpus45OrNewer(m.name)
const status = result === m.expectPro ? '✅ PASS' : '❌ FAIL'
if (result === m.expectPro) {
passed++
} else {
failed++
}
const proSupport = result ? 'Pro 可用 ✅' : 'Pro 不可用 ❌'
console.log(` ${status} | ${m.name.padEnd(32)} | ${m.desc.padEnd(18)} | ${proSupport}`)
}
console.log()
console.log('📌 非 Opus 模型 (不受此函数影响):')
for (const m of nonOpusModels) {
const result = isOpus45OrNewer(m.name)
console.log(
` | ${m.name.padEnd(32)} | ${m.desc.padEnd(18)} | ${result ? '⚠️ 异常' : '正确跳过'}`
)
if (result) {
failed++ // 非 Opus 模型不应返回 true
}
}
console.log()
console.log('📌 其他格式测试:')
for (const m of otherFormats) {
const result = isOpus45OrNewer(m.name)
const status = result === m.expected ? '✅ PASS' : '❌ FAIL'
if (result === m.expected) {
passed++
} else {
failed++
}
const display = m.name === null ? 'null' : m.name === '' ? '""' : m.name
console.log(
` ${status} | ${display.padEnd(25)} | ${m.desc.padEnd(18)} | ${result ? 'Pro 可用' : 'Pro 不可用'}`
)
}
console.log()
console.log('='.repeat(90))
console.log('测试结果:', passed, '通过,', failed, '失败')
console.log('='.repeat(90))
if (failed > 0) {
console.log('\n❌ 有测试失败,请检查函数逻辑')
process.exit(1)
} else {
console.log('\n✅ 所有测试通过!函数可以安全使用')
process.exit(0)
}

18
scripts/update-model-pricing.js
View File

@@ -2,14 +2,12 @@
/**
* 手动更新模型价格数据脚本
* 从价格镜像分支下载最新的模型价格和上下文窗口信息
* 从 LiteLLM 仓库下载最新的模型价格和上下文窗口信息
*/
const fs = require('fs')
const path = require('path')
const https = require('https')
const crypto = require('crypto')
const pricingSource = require('../config/pricingSource')
// 颜色输出
const colors = {
@@ -34,8 +32,8 @@ const log = {
const config = {
dataDir: path.join(process.cwd(), 'data'),
pricingFile: path.join(process.cwd(), 'data', 'model_pricing.json'),
hashFile: path.join(process.cwd(), 'data', 'model_pricing.sha256'),
pricingUrl: pricingSource.pricingUrl,
pricingUrl:
'https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json',
fallbackFile: path.join(
process.cwd(),
'resources',
@@ -87,8 +85,8 @@ function restoreBackup() {
// 下载价格数据
function downloadPricingData() {
return new Promise((resolve, reject) => {
log.info('正在从价格镜像分支拉取最新的模型价格数据...')
log.info(`拉取地址: ${config.pricingUrl}`)
log.info('Downloading model pricing data from LiteLLM...')
log.info(`URL: ${config.pricingUrl}`)
const request = https.get(config.pricingUrl, (response) => {
if (response.statusCode !== 200) {
@@ -117,11 +115,7 @@ function downloadPricingData() {
}
// 保存到文件
const formattedJson = JSON.stringify(jsonData, null, 2)
fs.writeFileSync(config.pricingFile, formattedJson)
const hash = crypto.createHash('sha256').update(formattedJson).digest('hex')
fs.writeFileSync(config.hashFile, `${hash}\n`)
fs.writeFileSync(config.pricingFile, JSON.stringify(jsonData, null, 2))
const modelCount = Object.keys(jsonData).length
const fileSize = Math.round(fs.statSync(config.pricingFile).size / 1024)

192
src/app.js
View File

@@ -14,17 +14,13 @@ const cacheMonitor = require('./utils/cacheMonitor')
// Import routes
const apiRoutes = require('./routes/api')
const unifiedRoutes = require('./routes/unified')
const adminRoutes = require('./routes/admin')
const webRoutes = require('./routes/web')
const apiStatsRoutes = require('./routes/apiStats')
const geminiRoutes = require('./routes/geminiRoutes')
const openaiGeminiRoutes = require('./routes/openaiGeminiRoutes')
const standardGeminiRoutes = require('./routes/standardGeminiRoutes')
const openaiClaudeRoutes = require('./routes/openaiClaudeRoutes')
const openaiRoutes = require('./routes/openaiRoutes')
const droidRoutes = require('./routes/droidRoutes')
const userRoutes = require('./routes/userRoutes')
const azureOpenaiRoutes = require('./routes/azureOpenaiRoutes')
const webhookRoutes = require('./routes/webhook')
@@ -37,7 +33,6 @@ const {
globalRateLimit,
requestSizeLimit
} = require('./middleware/auth')
const { browserFallbackMiddleware } = require('./middleware/browserFallback')
class Application {
constructor() {
@@ -56,11 +51,6 @@ class Application {
logger.info('🔄 Initializing pricing service...')
await pricingService.initialize()
// 📋 初始化模型服务
logger.info('🔄 Initializing model service...')
const modelService = require('./services/modelService')
await modelService.initialize()
// 📊 初始化缓存监控
await this.initializeCacheMonitoring()
@@ -85,11 +75,6 @@ class Application {
const claudeAccountService = require('./services/claudeAccountService')
await claudeAccountService.initializeSessionWindows()
// 📊 初始化费用排序索引服务
logger.info('📊 Initializing cost rank service...')
const costRankService = require('./services/costRankService')
await costRankService.initialize()
// 超早期拦截 /admin-next/ 请求 - 在所有中间件之前
this.app.use((req, res, next) => {
if (req.path === '/admin-next/' && req.method === 'GET') {
@@ -123,9 +108,6 @@ class Application {
this.app.use(corsMiddleware)
}
// 🆕 兜底中间件处理Chrome插件兼容性必须在认证之前
this.app.use(browserFallbackMiddleware)
// 📦 压缩 - 排除流式响应SSE
this.app.use(
compression({
@@ -151,17 +133,6 @@ class Application {
// 📝 请求日志使用自定义logger而不是morgan
this.app.use(requestLogger)
// 🐛 HTTP调试拦截器仅在启用调试时生效
if (process.env.DEBUG_HTTP_TRAFFIC === 'true') {
try {
const { debugInterceptor } = require('./middleware/debugInterceptor')
this.app.use(debugInterceptor)
logger.info('🐛 HTTP调试拦截器已启用 - 日志输出到 logs/http-debug-*.log')
} catch (error) {
logger.warn('⚠️ 无法加载HTTP调试拦截器:', error.message)
}
}
// 🔧 基础中间件
this.app.use(
express.json({
@@ -262,22 +233,15 @@ class Application {
// 🛣️ 路由
this.app.use('/api', apiRoutes)
this.app.use('/api', unifiedRoutes) // 统一智能路由(支持 /v1/chat/completions 等)
this.app.use('/claude', apiRoutes) // /claude 路由别名,与 /api 功能相同
this.app.use('/admin', adminRoutes)
this.app.use('/users', userRoutes)
// 使用 web 路由(包含 auth 和页面重定向)
this.app.use('/web', webRoutes)
this.app.use('/apiStats', apiStatsRoutes)
// Gemini 路由:同时支持标准格式和原有格式
this.app.use('/gemini', standardGeminiRoutes) // 标准 Gemini API 格式路由
this.app.use('/gemini', geminiRoutes) // 保留原有路径以保持向后兼容
this.app.use('/gemini', geminiRoutes)
this.app.use('/openai/gemini', openaiGeminiRoutes)
this.app.use('/openai/claude', openaiClaudeRoutes)
this.app.use('/openai', unifiedRoutes) // 复用统一智能路由,支持 /openai/v1/chat/completions
this.app.use('/openai', openaiRoutes) // Codex API 路由(/openai/responses, /openai/v1/responses
// Droid 路由:支持多种 Factory.ai 端点
this.app.use('/droid', droidRoutes) // Droid (Factory.ai) API 转发
this.app.use('/openai', openaiRoutes)
this.app.use('/azure', azureOpenaiRoutes)
this.app.use('/admin/webhook', webhookRoutes)
@@ -560,107 +524,6 @@ class Application {
logger.info(
`🔄 Cleanup tasks scheduled every ${config.system.cleanupInterval / 1000 / 60} minutes`
)
// 🚨 启动限流状态自动清理服务
// 每5分钟检查一次过期的限流状态确保账号能及时恢复调度
const rateLimitCleanupService = require('./services/rateLimitCleanupService')
const cleanupIntervalMinutes = config.system.rateLimitCleanupInterval || 5 // 默认5分钟
rateLimitCleanupService.start(cleanupIntervalMinutes)
logger.info(
`🚨 Rate limit cleanup service started (checking every ${cleanupIntervalMinutes} minutes)`
)
// 🔢 启动并发计数自动清理任务Phase 1 修复:解决并发泄漏问题)
// 每分钟主动清理所有过期的并发项,不依赖请求触发
setInterval(async () => {
try {
const keys = await redis.keys('concurrency:*')
if (keys.length === 0) {
return
}
const now = Date.now()
let totalCleaned = 0
// 使用 Lua 脚本批量清理所有过期项
for (const key of keys) {
// 跳过非 Sorted Set 类型的键(这些键有各自的清理逻辑)
// - concurrency:queue:stats:* 是 Hash 类型
// - concurrency:queue:wait_times:* 是 List 类型
// - concurrency:queue:* (不含stats/wait_times) 是 String 类型
if (
key.startsWith('concurrency:queue:stats:') ||
key.startsWith('concurrency:queue:wait_times:') ||
(key.startsWith('concurrency:queue:') &&
!key.includes(':stats:') &&
!key.includes(':wait_times:'))
) {
continue
}
try {
const cleaned = await redis.client.eval(
`
local key = KEYS[1]
local now = tonumber(ARGV[1])
-- 清理过期项
redis.call('ZREMRANGEBYSCORE', key, '-inf', now)
-- 获取剩余计数
local count = redis.call('ZCARD', key)
-- 如果计数为0删除键
if count <= 0 then
redis.call('DEL', key)
return 1
end
return 0
`,
1,
key,
now
)
if (cleaned === 1) {
totalCleaned++
}
} catch (error) {
logger.error(`❌ Failed to clean concurrency key ${key}:`, error)
}
}
if (totalCleaned > 0) {
logger.info(`🔢 Concurrency cleanup: cleaned ${totalCleaned} expired keys`)
}
} catch (error) {
logger.error('❌ Concurrency cleanup task failed:', error)
}
}, 60000) // 每分钟执行一次
logger.info('🔢 Concurrency cleanup task started (running every 1 minute)')
// 📬 启动用户消息队列服务
const userMessageQueueService = require('./services/userMessageQueueService')
// 先清理服务重启后残留的锁,防止旧锁阻塞新请求
userMessageQueueService.cleanupStaleLocks().then(() => {
// 然后启动定时清理任务
userMessageQueueService.startCleanupTask()
})
// 🚦 清理服务重启后残留的并发排队计数器
// 多实例部署时建议关闭此开关,避免新实例启动时清空其他实例的队列计数
// 可通过 DELETE /admin/concurrency/queue 接口手动清理
const clearQueuesOnStartup = process.env.CLEAR_CONCURRENCY_QUEUES_ON_STARTUP !== 'false'
if (clearQueuesOnStartup) {
redis.clearAllConcurrencyQueues().catch((error) => {
logger.error('❌ Error clearing concurrency queues on startup:', error)
})
} else {
logger.info(
'🚦 Skipping concurrency queue cleanup on startup (CLEAR_CONCURRENCY_QUEUES_ON_STARTUP=false)'
)
}
}
setupGracefulShutdown() {
@@ -679,57 +542,6 @@ class Application {
logger.error('❌ Error cleaning up pricing service:', error)
}
// 清理 model service 的文件监听器
try {
const modelService = require('./services/modelService')
modelService.cleanup()
logger.info('📋 Model service cleaned up')
} catch (error) {
logger.error('❌ Error cleaning up model service:', error)
}
// 停止限流清理服务
try {
const rateLimitCleanupService = require('./services/rateLimitCleanupService')
rateLimitCleanupService.stop()
logger.info('🚨 Rate limit cleanup service stopped')
} catch (error) {
logger.error('❌ Error stopping rate limit cleanup service:', error)
}
// 停止用户消息队列清理服务
try {
const userMessageQueueService = require('./services/userMessageQueueService')
userMessageQueueService.stopCleanupTask()
logger.info('📬 User message queue service stopped')
} catch (error) {
logger.error('❌ Error stopping user message queue service:', error)
}
// 停止费用排序索引服务
try {
const costRankService = require('./services/costRankService')
costRankService.shutdown()
logger.info('📊 Cost rank service stopped')
} catch (error) {
logger.error('❌ Error stopping cost rank service:', error)
}
// 🔢 清理所有并发计数Phase 1 修复:防止重启泄漏)
try {
logger.info('🔢 Cleaning up all concurrency counters...')
const keys = await redis.keys('concurrency:*')
if (keys.length > 0) {
await redis.client.del(...keys)
logger.info(`✅ Cleaned ${keys.length} concurrency keys`)
} else {
logger.info('✅ No concurrency keys to clean')
}
} catch (error) {
logger.error('❌ Error cleaning up concurrency counters:', error)
// 不阻止退出流程
}
try {
await redis.disconnect()
logger.info('👋 Redis disconnected')

2586
src/handlers/geminiHandlers.js
View File

File diff suppressed because it is too large Load Diff

1436
src/middleware/auth.js
View File

File diff suppressed because it is too large Load Diff

78
src/middleware/browserFallback.js
View File

@@ -1,78 +0,0 @@
const logger = require('../utils/logger')
/**
* 浏览器/Chrome插件兜底中间件
* 专门处理第三方插件的兼容性问题
*/
const browserFallbackMiddleware = (req, res, next) => {
const userAgent = req.headers['user-agent'] || ''
const origin = req.headers['origin'] || ''
const extractHeader = (value) => {
let candidate = value
if (Array.isArray(candidate)) {
candidate = candidate.find((item) => typeof item === 'string' && item.trim())
}
if (typeof candidate !== 'string') {
return ''
}
let trimmed = candidate.trim()
if (!trimmed) {
return ''
}
if (/^Bearer\s+/i.test(trimmed)) {
trimmed = trimmed.replace(/^Bearer\s+/i, '').trim()
}
return trimmed
}
const apiKeyHeader =
extractHeader(req.headers['x-api-key']) || extractHeader(req.headers['x-goog-api-key'])
const normalizedKey = extractHeader(req.headers['authorization']) || apiKeyHeader
// 检查是否为Chrome插件或浏览器请求
const isChromeExtension = origin.startsWith('chrome-extension://')
const isBrowserRequest = userAgent.includes('Mozilla/') && userAgent.includes('Chrome/')
const hasApiKey = normalizedKey.startsWith('cr_') // 我们的API Key格式
if ((isChromeExtension || isBrowserRequest) && hasApiKey) {
// 为Chrome插件请求添加特殊标记
req.isBrowserFallback = true
req.originalUserAgent = userAgent
// 🆕 关键修改伪装成claude-cli请求以绕过客户端限制
req.headers['user-agent'] = 'claude-cli/1.0.110 (external, cli, browser-fallback)'
// 确保设置正确的认证头
if (!req.headers['authorization'] && apiKeyHeader) {
req.headers['authorization'] = `Bearer ${apiKeyHeader}`
}
// 添加必要的Anthropic头
if (!req.headers['anthropic-version']) {
req.headers['anthropic-version'] = '2023-06-01'
}
if (!req.headers['anthropic-dangerous-direct-browser-access']) {
req.headers['anthropic-dangerous-direct-browser-access'] = 'true'
}
logger.api(
`🔧 Browser fallback activated for ${isChromeExtension ? 'Chrome extension' : 'browser'} request`
)
logger.api(` Original User-Agent: "${req.originalUserAgent}"`)
logger.api(` Origin: "${origin}"`)
logger.api(` Modified User-Agent: "${req.headers['user-agent']}"`)
}
next()
}
module.exports = {
browserFallbackMiddleware
}

1925
src/models/redis.js
View File

File diff suppressed because it is too large Load Diff

5704
src/routes/admin.js Normal file
View File

File diff suppressed because it is too large Load Diff

153
src/routes/admin/accountGroups.js
View File

@@ -1,153 +0,0 @@
const express = require('express')
const accountGroupService = require('../../services/accountGroupService')
const claudeAccountService = require('../../services/claudeAccountService')
const claudeConsoleAccountService = require('../../services/claudeConsoleAccountService')
const geminiAccountService = require('../../services/geminiAccountService')
const openaiAccountService = require('../../services/openaiAccountService')
const droidAccountService = require('../../services/droidAccountService')
const { authenticateAdmin } = require('../../middleware/auth')
const logger = require('../../utils/logger')
const router = express.Router()
// 👥 账户分组管理
// 创建账户分组
router.post('/', authenticateAdmin, async (req, res) => {
try {
const { name, platform, description } = req.body
const group = await accountGroupService.createGroup({
name,
platform,
description
})
return res.json({ success: true, data: group })
} catch (error) {
logger.error('❌ Failed to create account group:', error)
return res.status(400).json({ error: error.message })
}
})
// 获取所有分组
router.get('/', authenticateAdmin, async (req, res) => {
try {
const { platform } = req.query
const groups = await accountGroupService.getAllGroups(platform)
return res.json({ success: true, data: groups })
} catch (error) {
logger.error('❌ Failed to get account groups:', error)
return res.status(500).json({ error: error.message })
}
})
// 获取分组详情
router.get('/:groupId', authenticateAdmin, async (req, res) => {
try {
const { groupId } = req.params
const group = await accountGroupService.getGroup(groupId)
if (!group) {
return res.status(404).json({ error: '分组不存在' })
}
return res.json({ success: true, data: group })
} catch (error) {
logger.error('❌ Failed to get account group:', error)
return res.status(500).json({ error: error.message })
}
})
// 更新分组
router.put('/:groupId', authenticateAdmin, async (req, res) => {
try {
const { groupId } = req.params
const updates = req.body
const updatedGroup = await accountGroupService.updateGroup(groupId, updates)
return res.json({ success: true, data: updatedGroup })
} catch (error) {
logger.error('❌ Failed to update account group:', error)
return res.status(400).json({ error: error.message })
}
})
// 删除分组
router.delete('/:groupId', authenticateAdmin, async (req, res) => {
try {
const { groupId } = req.params
await accountGroupService.deleteGroup(groupId)
return res.json({ success: true, message: '分组删除成功' })
} catch (error) {
logger.error('❌ Failed to delete account group:', error)
return res.status(400).json({ error: error.message })
}
})
// 获取分组成员
router.get('/:groupId/members', authenticateAdmin, async (req, res) => {
try {
const { groupId } = req.params
const group = await accountGroupService.getGroup(groupId)
if (!group) {
return res.status(404).json({ error: '分组不存在' })
}
const memberIds = await accountGroupService.getGroupMembers(groupId)
// 获取成员详细信息
const members = []
for (const memberId of memberIds) {
// 根据分组平台优先查找对应账户
let account = null
switch (group.platform) {
case 'droid':
account = await droidAccountService.getAccount(memberId)
break
case 'gemini':
account = await geminiAccountService.getAccount(memberId)
break
case 'openai':
account = await openaiAccountService.getAccount(memberId)
break
case 'claude':
default:
account = await claudeAccountService.getAccount(memberId)
if (!account) {
account = await claudeConsoleAccountService.getAccount(memberId)
}
break
}
// 兼容旧数据:若按平台未找到,则继续尝试其他平台
if (!account) {
account = await claudeAccountService.getAccount(memberId)
}
if (!account) {
account = await claudeConsoleAccountService.getAccount(memberId)
}
if (!account) {
account = await geminiAccountService.getAccount(memberId)
}
if (!account) {
account = await openaiAccountService.getAccount(memberId)
}
if (!account && group.platform !== 'droid') {
account = await droidAccountService.getAccount(memberId)
}
if (account) {
members.push(account)
}
}
return res.json({ success: true, data: members })
} catch (error) {
logger.error('❌ Failed to get group members:', error)
return res.status(500).json({ error: error.message })
}
})
module.exports = router

2348
src/routes/admin/apiKeys.js
View File

File diff suppressed because it is too large Load Diff

417
src/routes/admin/azureOpenaiAccounts.js
View File

@@ -1,417 +0,0 @@
const express = require('express')
const azureOpenaiAccountService = require('../../services/azureOpenaiAccountService')
const accountGroupService = require('../../services/accountGroupService')
const apiKeyService = require('../../services/apiKeyService')
const redis = require('../../models/redis')
const { authenticateAdmin } = require('../../middleware/auth')
const logger = require('../../utils/logger')
const webhookNotifier = require('../../utils/webhookNotifier')
const axios = require('axios')
const { formatAccountExpiry, mapExpiryField } = require('./utils')
const router = express.Router()
// 获取所有 Azure OpenAI 账户
router.get('/azure-openai-accounts', authenticateAdmin, async (req, res) => {
try {
const { platform, groupId } = req.query
let accounts = await azureOpenaiAccountService.getAllAccounts()
// 根据查询参数进行筛选
if (platform && platform !== 'all' && platform !== 'azure_openai') {
// 如果指定了其他平台,返回空数组
accounts = []
}
// 如果指定了分组筛选
if (groupId && groupId !== 'all') {
if (groupId === 'ungrouped') {
// 筛选未分组账户
const filteredAccounts = []
for (const account of accounts) {
const groups = await accountGroupService.getAccountGroups(account.id)
if (!groups || groups.length === 0) {
filteredAccounts.push(account)
}
}
accounts = filteredAccounts
} else {
// 筛选特定分组的账户
const groupMembers = await accountGroupService.getGroupMembers(groupId)
accounts = accounts.filter((account) => groupMembers.includes(account.id))
}
}
// 为每个账户添加使用统计信息和分组信息
const accountsWithStats = await Promise.all(
accounts.map(async (account) => {
try {
const usageStats = await redis.getAccountUsageStats(account.id, 'openai')
const groupInfos = await accountGroupService.getAccountGroups(account.id)
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
groupInfos,
usage: {
daily: usageStats.daily,
total: usageStats.total,
averages: usageStats.averages
}
}
} catch (error) {
logger.debug(`Failed to get usage stats for Azure OpenAI account ${account.id}:`, error)
try {
const groupInfos = await accountGroupService.getAccountGroups(account.id)
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
groupInfos,
usage: {
daily: { requests: 0, tokens: 0, allTokens: 0 },
total: { requests: 0, tokens: 0, allTokens: 0 },
averages: { rpm: 0, tpm: 0 }
}
}
} catch (groupError) {
logger.debug(`Failed to get group info for account ${account.id}:`, groupError)
return {
...account,
groupInfos: [],
usage: {
daily: { requests: 0, tokens: 0, allTokens: 0 },
total: { requests: 0, tokens: 0, allTokens: 0 },
averages: { rpm: 0, tpm: 0 }
}
}
}
}
})
)
res.json({
success: true,
data: accountsWithStats
})
} catch (error) {
logger.error('Failed to fetch Azure OpenAI accounts:', error)
res.status(500).json({
success: false,
message: 'Failed to fetch accounts',
error: error.message
})
}
})
// 创建 Azure OpenAI 账户
router.post('/azure-openai-accounts', authenticateAdmin, async (req, res) => {
try {
const {
name,
description,
accountType,
azureEndpoint,
apiVersion,
deploymentName,
apiKey,
supportedModels,
proxy,
groupId,
groupIds,
priority,
isActive,
schedulable
} = req.body
// 验证必填字段
if (!name) {
return res.status(400).json({
success: false,
message: 'Account name is required'
})
}
if (!azureEndpoint) {
return res.status(400).json({
success: false,
message: 'Azure endpoint is required'
})
}
if (!apiKey) {
return res.status(400).json({
success: false,
message: 'API key is required'
})
}
if (!deploymentName) {
return res.status(400).json({
success: false,
message: 'Deployment name is required'
})
}
// 验证 Azure endpoint 格式
if (!azureEndpoint.match(/^https:\/\/[\w-]+\.openai\.azure\.com$/)) {
return res.status(400).json({
success: false,
message:
'Invalid Azure OpenAI endpoint format. Expected: https://your-resource.openai.azure.com'
})
}
// 测试连接
try {
const testUrl = `${azureEndpoint}/openai/deployments/${deploymentName}?api-version=${
apiVersion || '2024-02-01'
}`
await axios.get(testUrl, {
headers: {
'api-key': apiKey
},
timeout: 5000
})
} catch (testError) {
if (testError.response?.status === 404) {
logger.warn('Azure OpenAI deployment not found, but continuing with account creation')
} else if (testError.response?.status === 401) {
return res.status(400).json({
success: false,
message: 'Invalid API key or unauthorized access'
})
}
}
const account = await azureOpenaiAccountService.createAccount({
name,
description,
accountType: accountType || 'shared',
azureEndpoint,
apiVersion: apiVersion || '2024-02-01',
deploymentName,
apiKey,
supportedModels,
proxy,
groupId,
priority: priority || 50,
isActive: isActive !== false,
schedulable: schedulable !== false
})
// 如果是分组类型,将账户添加到分组
if (accountType === 'group') {
if (groupIds && groupIds.length > 0) {
// 使用多分组设置
await accountGroupService.setAccountGroups(account.id, groupIds, 'azure_openai')
} else if (groupId) {
// 兼容单分组模式
await accountGroupService.addAccountToGroup(account.id, groupId, 'azure_openai')
}
}
res.json({
success: true,
data: account,
message: 'Azure OpenAI account created successfully'
})
} catch (error) {
logger.error('Failed to create Azure OpenAI account:', error)
res.status(500).json({
success: false,
message: 'Failed to create account',
error: error.message
})
}
})
// 更新 Azure OpenAI 账户
router.put('/azure-openai-accounts/:id', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const updates = req.body
// ✅ 【新增】映射字段名:前端的 expiresAt -> 后端的 subscriptionExpiresAt
const mappedUpdates = mapExpiryField(updates, 'Azure OpenAI', id)
const account = await azureOpenaiAccountService.updateAccount(id, mappedUpdates)
res.json({
success: true,
data: account,
message: 'Azure OpenAI account updated successfully'
})
} catch (error) {
logger.error('Failed to update Azure OpenAI account:', error)
res.status(500).json({
success: false,
message: 'Failed to update account',
error: error.message
})
}
})
// 删除 Azure OpenAI 账户
router.delete('/azure-openai-accounts/:id', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
// 自动解绑所有绑定的 API Keys
const unboundCount = await apiKeyService.unbindAccountFromAllKeys(id, 'azure_openai')
await azureOpenaiAccountService.deleteAccount(id)
let message = 'Azure OpenAI账号已成功删除'
if (unboundCount > 0) {
message += `,${unboundCount} 个 API Key 已切换为共享池模式`
}
logger.success(`🗑️ Admin deleted Azure OpenAI account: ${id}, unbound ${unboundCount} keys`)
res.json({
success: true,
message,
unboundKeys: unboundCount
})
} catch (error) {
logger.error('Failed to delete Azure OpenAI account:', error)
res.status(500).json({
success: false,
message: 'Failed to delete account',
error: error.message
})
}
})
// 切换 Azure OpenAI 账户状态
router.put('/azure-openai-accounts/:id/toggle', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const account = await azureOpenaiAccountService.getAccount(id)
if (!account) {
return res.status(404).json({
success: false,
message: 'Account not found'
})
}
const newStatus = account.isActive === 'true' ? 'false' : 'true'
await azureOpenaiAccountService.updateAccount(id, { isActive: newStatus })
res.json({
success: true,
message: `Account ${newStatus === 'true' ? 'activated' : 'deactivated'} successfully`,
isActive: newStatus === 'true'
})
} catch (error) {
logger.error('Failed to toggle Azure OpenAI account status:', error)
res.status(500).json({
success: false,
message: 'Failed to toggle account status',
error: error.message
})
}
})
// 切换 Azure OpenAI 账户调度状态
router.put(
'/azure-openai-accounts/:accountId/toggle-schedulable',
authenticateAdmin,
async (req, res) => {
try {
const { accountId } = req.params
const result = await azureOpenaiAccountService.toggleSchedulable(accountId)
// 如果账号被禁用,发送webhook通知
if (!result.schedulable) {
// 获取账号信息
const account = await azureOpenaiAccountService.getAccount(accountId)
if (account) {
await webhookNotifier.sendAccountAnomalyNotification({
accountId: account.id,
accountName: account.name || 'Azure OpenAI Account',
platform: 'azure-openai',
status: 'disabled',
errorCode: 'AZURE_OPENAI_MANUALLY_DISABLED',
reason: '账号已被管理员手动禁用调度',
timestamp: new Date().toISOString()
})
}
}
return res.json({
success: true,
schedulable: result.schedulable,
message: result.schedulable ? '已启用调度' : '已禁用调度'
})
} catch (error) {
logger.error('切换 Azure OpenAI 账户调度状态失败:', error)
return res.status(500).json({
success: false,
message: '切换调度状态失败',
error: error.message
})
}
}
)
// 健康检查单个 Azure OpenAI 账户
router.post('/azure-openai-accounts/:id/health-check', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const healthResult = await azureOpenaiAccountService.healthCheckAccount(id)
res.json({
success: true,
data: healthResult
})
} catch (error) {
logger.error('Failed to perform health check:', error)
res.status(500).json({
success: false,
message: 'Failed to perform health check',
error: error.message
})
}
})
// 批量健康检查所有 Azure OpenAI 账户
router.post('/azure-openai-accounts/health-check-all', authenticateAdmin, async (req, res) => {
try {
const healthResults = await azureOpenaiAccountService.performHealthChecks()
res.json({
success: true,
data: healthResults
})
} catch (error) {
logger.error('Failed to perform batch health check:', error)
res.status(500).json({
success: false,
message: 'Failed to perform batch health check',
error: error.message
})
}
})
// 迁移 API Keys 以支持 Azure OpenAI
router.post('/migrate-api-keys-azure', authenticateAdmin, async (req, res) => {
try {
const migratedCount = await azureOpenaiAccountService.migrateApiKeysForAzureSupport()
res.json({
success: true,
message: `Successfully migrated ${migratedCount} API keys for Azure OpenAI support`
})
} catch (error) {
logger.error('Failed to migrate API keys:', error)
res.status(500).json({
success: false,
message: 'Failed to migrate API keys',
error: error.message
})
}
})
module.exports = router

371
src/routes/admin/bedrockAccounts.js
View File

@@ -1,371 +0,0 @@
/**
* Admin Routes - Bedrock Accounts Management
* AWS Bedrock 账户管理路由
*/
const express = require('express')
const router = express.Router()
const bedrockAccountService = require('../../services/bedrockAccountService')
const apiKeyService = require('../../services/apiKeyService')
const accountGroupService = require('../../services/accountGroupService')
const redis = require('../../models/redis')
const { authenticateAdmin } = require('../../middleware/auth')
const logger = require('../../utils/logger')
const webhookNotifier = require('../../utils/webhookNotifier')
const { formatAccountExpiry, mapExpiryField } = require('./utils')
// ☁️ Bedrock 账户管理
// 获取所有Bedrock账户
router.get('/', authenticateAdmin, async (req, res) => {
try {
const { platform, groupId } = req.query
const result = await bedrockAccountService.getAllAccounts()
if (!result.success) {
return res
.status(500)
.json({ error: 'Failed to get Bedrock accounts', message: result.error })
}
let accounts = result.data
// 根据查询参数进行筛选
if (platform && platform !== 'all' && platform !== 'bedrock') {
// 如果指定了其他平台,返回空数组
accounts = []
}
// 如果指定了分组筛选
if (groupId && groupId !== 'all') {
if (groupId === 'ungrouped') {
// 筛选未分组账户
const filteredAccounts = []
for (const account of accounts) {
const groups = await accountGroupService.getAccountGroups(account.id)
if (!groups || groups.length === 0) {
filteredAccounts.push(account)
}
}
accounts = filteredAccounts
} else {
// 筛选特定分组的账户
const groupMembers = await accountGroupService.getGroupMembers(groupId)
accounts = accounts.filter((account) => groupMembers.includes(account.id))
}
}
// 为每个账户添加使用统计信息
const accountsWithStats = await Promise.all(
accounts.map(async (account) => {
try {
const usageStats = await redis.getAccountUsageStats(account.id, 'openai')
const groupInfos = await accountGroupService.getAccountGroups(account.id)
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
groupInfos,
usage: {
daily: usageStats.daily,
total: usageStats.total,
averages: usageStats.averages
}
}
} catch (statsError) {
logger.warn(
`⚠️ Failed to get usage stats for Bedrock account ${account.id}:`,
statsError.message
)
try {
const groupInfos = await accountGroupService.getAccountGroups(account.id)
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
groupInfos,
usage: {
daily: { tokens: 0, requests: 0, allTokens: 0 },
total: { tokens: 0, requests: 0, allTokens: 0 },
averages: { rpm: 0, tpm: 0 }
}
}
} catch (groupError) {
logger.warn(
`⚠️ Failed to get group info for account ${account.id}:`,
groupError.message
)
return {
...account,
groupInfos: [],
usage: {
daily: { tokens: 0, requests: 0, allTokens: 0 },
total: { tokens: 0, requests: 0, allTokens: 0 },
averages: { rpm: 0, tpm: 0 }
}
}
}
}
})
)
return res.json({ success: true, data: accountsWithStats })
} catch (error) {
logger.error('❌ Failed to get Bedrock accounts:', error)
return res.status(500).json({ error: 'Failed to get Bedrock accounts', message: error.message })
}
})
// 创建新的Bedrock账户
router.post('/', authenticateAdmin, async (req, res) => {
try {
const {
name,
description,
region,
awsCredentials,
defaultModel,
priority,
accountType,
credentialType
} = req.body
if (!name) {
return res.status(400).json({ error: 'Name is required' })
}
// 验证priority的有效性1-100
if (priority !== undefined && (priority < 1 || priority > 100)) {
return res.status(400).json({ error: 'Priority must be between 1 and 100' })
}
// 验证accountType的有效性
if (accountType && !['shared', 'dedicated'].includes(accountType)) {
return res
.status(400)
.json({ error: 'Invalid account type. Must be "shared" or "dedicated"' })
}
// 验证credentialType的有效性
if (credentialType && !['default', 'access_key', 'bearer_token'].includes(credentialType)) {
return res.status(400).json({
error: 'Invalid credential type. Must be "default", "access_key", or "bearer_token"'
})
}
const result = await bedrockAccountService.createAccount({
name,
description: description || '',
region: region || 'us-east-1',
awsCredentials,
defaultModel,
priority: priority || 50,
accountType: accountType || 'shared',
credentialType: credentialType || 'default'
})
if (!result.success) {
return res
.status(500)
.json({ error: 'Failed to create Bedrock account', message: result.error })
}
logger.success(`☁️ Admin created Bedrock account: ${name}`)
const formattedAccount = formatAccountExpiry(result.data)
return res.json({ success: true, data: formattedAccount })
} catch (error) {
logger.error('❌ Failed to create Bedrock account:', error)
return res
.status(500)
.json({ error: 'Failed to create Bedrock account', message: error.message })
}
})
// 更新Bedrock账户
router.put('/:accountId', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const updates = req.body
// ✅ 【新增】映射字段名:前端的 expiresAt -> 后端的 subscriptionExpiresAt
const mappedUpdates = mapExpiryField(updates, 'Bedrock', accountId)
// 验证priority的有效性1-100
if (
mappedUpdates.priority !== undefined &&
(mappedUpdates.priority < 1 || mappedUpdates.priority > 100)
) {
return res.status(400).json({ error: 'Priority must be between 1 and 100' })
}
// 验证accountType的有效性
if (mappedUpdates.accountType && !['shared', 'dedicated'].includes(mappedUpdates.accountType)) {
return res
.status(400)
.json({ error: 'Invalid account type. Must be "shared" or "dedicated"' })
}
// 验证credentialType的有效性
if (
mappedUpdates.credentialType &&
!['default', 'access_key', 'bearer_token'].includes(mappedUpdates.credentialType)
) {
return res.status(400).json({
error: 'Invalid credential type. Must be "default", "access_key", or "bearer_token"'
})
}
const result = await bedrockAccountService.updateAccount(accountId, mappedUpdates)
if (!result.success) {
return res
.status(500)
.json({ error: 'Failed to update Bedrock account', message: result.error })
}
logger.success(`📝 Admin updated Bedrock account: ${accountId}`)
return res.json({ success: true, message: 'Bedrock account updated successfully' })
} catch (error) {
logger.error('❌ Failed to update Bedrock account:', error)
return res
.status(500)
.json({ error: 'Failed to update Bedrock account', message: error.message })
}
})
// 删除Bedrock账户
router.delete('/:accountId', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
// 自动解绑所有绑定的 API Keys
const unboundCount = await apiKeyService.unbindAccountFromAllKeys(accountId, 'bedrock')
const result = await bedrockAccountService.deleteAccount(accountId)
if (!result.success) {
return res
.status(500)
.json({ error: 'Failed to delete Bedrock account', message: result.error })
}
let message = 'Bedrock账号已成功删除'
if (unboundCount > 0) {
message += `${unboundCount} 个 API Key 已切换为共享池模式`
}
logger.success(`🗑️ Admin deleted Bedrock account: ${accountId}, unbound ${unboundCount} keys`)
return res.json({
success: true,
message,
unboundKeys: unboundCount
})
} catch (error) {
logger.error('❌ Failed to delete Bedrock account:', error)
return res
.status(500)
.json({ error: 'Failed to delete Bedrock account', message: error.message })
}
})
// 切换Bedrock账户状态
router.put('/:accountId/toggle', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const accountResult = await bedrockAccountService.getAccount(accountId)
if (!accountResult.success) {
return res.status(404).json({ error: 'Account not found' })
}
const newStatus = !accountResult.data.isActive
const updateResult = await bedrockAccountService.updateAccount(accountId, {
isActive: newStatus
})
if (!updateResult.success) {
return res
.status(500)
.json({ error: 'Failed to toggle account status', message: updateResult.error })
}
logger.success(
`🔄 Admin toggled Bedrock account status: ${accountId} -> ${
newStatus ? 'active' : 'inactive'
}`
)
return res.json({ success: true, isActive: newStatus })
} catch (error) {
logger.error('❌ Failed to toggle Bedrock account status:', error)
return res
.status(500)
.json({ error: 'Failed to toggle account status', message: error.message })
}
})
// 切换Bedrock账户调度状态
router.put('/:accountId/toggle-schedulable', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const accountResult = await bedrockAccountService.getAccount(accountId)
if (!accountResult.success) {
return res.status(404).json({ error: 'Account not found' })
}
const newSchedulable = !accountResult.data.schedulable
const updateResult = await bedrockAccountService.updateAccount(accountId, {
schedulable: newSchedulable
})
if (!updateResult.success) {
return res
.status(500)
.json({ error: 'Failed to toggle schedulable status', message: updateResult.error })
}
// 如果账号被禁用发送webhook通知
if (!newSchedulable) {
await webhookNotifier.sendAccountAnomalyNotification({
accountId: accountResult.data.id,
accountName: accountResult.data.name || 'Bedrock Account',
platform: 'bedrock',
status: 'disabled',
errorCode: 'BEDROCK_MANUALLY_DISABLED',
reason: '账号已被管理员手动禁用调度',
timestamp: new Date().toISOString()
})
}
logger.success(
`🔄 Admin toggled Bedrock account schedulable status: ${accountId} -> ${
newSchedulable ? 'schedulable' : 'not schedulable'
}`
)
return res.json({ success: true, schedulable: newSchedulable })
} catch (error) {
logger.error('❌ Failed to toggle Bedrock account schedulable status:', error)
return res
.status(500)
.json({ error: 'Failed to toggle schedulable status', message: error.message })
}
})
// 测试Bedrock账户连接
router.post('/:accountId/test', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const result = await bedrockAccountService.testAccount(accountId)
if (!result.success) {
return res.status(500).json({ error: 'Account test failed', message: result.error })
}
logger.success(`🧪 Admin tested Bedrock account: ${accountId} - ${result.data.status}`)
return res.json({ success: true, data: result.data })
} catch (error) {
logger.error('❌ Failed to test Bedrock account:', error)
return res.status(500).json({ error: 'Failed to test Bedrock account', message: error.message })
}
})
module.exports = router

416
src/routes/admin/ccrAccounts.js
View File

@@ -1,416 +0,0 @@
const express = require('express')
const ccrAccountService = require('../../services/ccrAccountService')
const accountGroupService = require('../../services/accountGroupService')
const apiKeyService = require('../../services/apiKeyService')
const redis = require('../../models/redis')
const { authenticateAdmin } = require('../../middleware/auth')
const logger = require('../../utils/logger')
const webhookNotifier = require('../../utils/webhookNotifier')
const { formatAccountExpiry, mapExpiryField } = require('./utils')
const router = express.Router()
// 🔧 CCR 账户管理
// 获取所有CCR账户
router.get('/', authenticateAdmin, async (req, res) => {
try {
const { platform, groupId } = req.query
let accounts = await ccrAccountService.getAllAccounts()
// 根据查询参数进行筛选
if (platform && platform !== 'all' && platform !== 'ccr') {
// 如果指定了其他平台,返回空数组
accounts = []
}
// 如果指定了分组筛选
if (groupId && groupId !== 'all') {
if (groupId === 'ungrouped') {
// 筛选未分组账户
const filteredAccounts = []
for (const account of accounts) {
const groups = await accountGroupService.getAccountGroups(account.id)
if (!groups || groups.length === 0) {
filteredAccounts.push(account)
}
}
accounts = filteredAccounts
} else {
// 筛选特定分组的账户
const groupMembers = await accountGroupService.getGroupMembers(groupId)
accounts = accounts.filter((account) => groupMembers.includes(account.id))
}
}
// 为每个账户添加使用统计信息
const accountsWithStats = await Promise.all(
accounts.map(async (account) => {
try {
const usageStats = await redis.getAccountUsageStats(account.id)
const groupInfos = await accountGroupService.getAccountGroups(account.id)
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
// 转换schedulable为布尔值
schedulable: account.schedulable === 'true' || account.schedulable === true,
groupInfos,
usage: {
daily: usageStats.daily,
total: usageStats.total,
averages: usageStats.averages
}
}
} catch (statsError) {
logger.warn(
`⚠️ Failed to get usage stats for CCR account ${account.id}:`,
statsError.message
)
try {
const groupInfos = await accountGroupService.getAccountGroups(account.id)
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
// 转换schedulable为布尔值
schedulable: account.schedulable === 'true' || account.schedulable === true,
groupInfos,
usage: {
daily: { tokens: 0, requests: 0, allTokens: 0 },
total: { tokens: 0, requests: 0, allTokens: 0 },
averages: { rpm: 0, tpm: 0 }
}
}
} catch (groupError) {
logger.warn(
`⚠️ Failed to get group info for CCR account ${account.id}:`,
groupError.message
)
return {
...account,
groupInfos: [],
usage: {
daily: { tokens: 0, requests: 0, allTokens: 0 },
total: { tokens: 0, requests: 0, allTokens: 0 },
averages: { rpm: 0, tpm: 0 }
}
}
}
}
})
)
return res.json({ success: true, data: accountsWithStats })
} catch (error) {
logger.error('❌ Failed to get CCR accounts:', error)
return res.status(500).json({ error: 'Failed to get CCR accounts', message: error.message })
}
})
// 创建新的CCR账户
router.post('/', authenticateAdmin, async (req, res) => {
try {
const {
name,
description,
apiUrl,
apiKey,
priority,
supportedModels,
userAgent,
rateLimitDuration,
proxy,
accountType,
groupId,
dailyQuota,
quotaResetTime
} = req.body
if (!name || !apiUrl || !apiKey) {
return res.status(400).json({ error: 'Name, API URL and API Key are required' })
}
// 验证priority的有效性1-100
if (priority !== undefined && (priority < 1 || priority > 100)) {
return res.status(400).json({ error: 'Priority must be between 1 and 100' })
}
// 验证accountType的有效性
if (accountType && !['shared', 'dedicated', 'group'].includes(accountType)) {
return res
.status(400)
.json({ error: 'Invalid account type. Must be "shared", "dedicated" or "group"' })
}
// 如果是分组类型验证groupId
if (accountType === 'group' && !groupId) {
return res.status(400).json({ error: 'Group ID is required for group type accounts' })
}
const newAccount = await ccrAccountService.createAccount({
name,
description,
apiUrl,
apiKey,
priority: priority || 50,
supportedModels: supportedModels || [],
userAgent,
rateLimitDuration:
rateLimitDuration !== undefined && rateLimitDuration !== null ? rateLimitDuration : 60,
proxy,
accountType: accountType || 'shared',
dailyQuota: dailyQuota || 0,
quotaResetTime: quotaResetTime || '00:00'
})
// 如果是分组类型,将账户添加到分组
if (accountType === 'group' && groupId) {
await accountGroupService.addAccountToGroup(newAccount.id, groupId)
}
logger.success(`🔧 Admin created CCR account: ${name}`)
const formattedAccount = formatAccountExpiry(newAccount)
return res.json({ success: true, data: formattedAccount })
} catch (error) {
logger.error('❌ Failed to create CCR account:', error)
return res.status(500).json({ error: 'Failed to create CCR account', message: error.message })
}
})
// 更新CCR账户
router.put('/:accountId', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const updates = req.body
// ✅ 【新增】映射字段名:前端的 expiresAt -> 后端的 subscriptionExpiresAt
const mappedUpdates = mapExpiryField(updates, 'CCR', accountId)
// 验证priority的有效性1-100
if (
mappedUpdates.priority !== undefined &&
(mappedUpdates.priority < 1 || mappedUpdates.priority > 100)
) {
return res.status(400).json({ error: 'Priority must be between 1 and 100' })
}
// 验证accountType的有效性
if (
mappedUpdates.accountType &&
!['shared', 'dedicated', 'group'].includes(mappedUpdates.accountType)
) {
return res
.status(400)
.json({ error: 'Invalid account type. Must be "shared", "dedicated" or "group"' })
}
// 如果更新为分组类型验证groupId
if (mappedUpdates.accountType === 'group' && !mappedUpdates.groupId) {
return res.status(400).json({ error: 'Group ID is required for group type accounts' })
}
// 获取账户当前信息以处理分组变更
const currentAccount = await ccrAccountService.getAccount(accountId)
if (!currentAccount) {
return res.status(404).json({ error: 'Account not found' })
}
// 处理分组的变更
if (mappedUpdates.accountType !== undefined) {
// 如果之前是分组类型,需要从所有分组中移除
if (currentAccount.accountType === 'group') {
const oldGroups = await accountGroupService.getAccountGroups(accountId)
for (const oldGroup of oldGroups) {
await accountGroupService.removeAccountFromGroup(accountId, oldGroup.id)
}
}
// 如果新类型是分组,处理多分组支持
if (mappedUpdates.accountType === 'group') {
if (Object.prototype.hasOwnProperty.call(mappedUpdates, 'groupIds')) {
// 如果明确提供了 groupIds 参数(包括空数组)
if (mappedUpdates.groupIds && mappedUpdates.groupIds.length > 0) {
// 设置新的多分组
await accountGroupService.setAccountGroups(accountId, mappedUpdates.groupIds, 'claude')
} else {
// groupIds 为空数组,从所有分组中移除
await accountGroupService.removeAccountFromAllGroups(accountId)
}
} else if (mappedUpdates.groupId) {
// 向后兼容:仅当没有 groupIds 但有 groupId 时使用单分组逻辑
await accountGroupService.addAccountToGroup(accountId, mappedUpdates.groupId, 'claude')
}
}
}
await ccrAccountService.updateAccount(accountId, mappedUpdates)
logger.success(`📝 Admin updated CCR account: ${accountId}`)
return res.json({ success: true, message: 'CCR account updated successfully' })
} catch (error) {
logger.error('❌ Failed to update CCR account:', error)
return res.status(500).json({ error: 'Failed to update CCR account', message: error.message })
}
})
// 删除CCR账户
router.delete('/:accountId', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
// 尝试自动解绑CCR账户实际上不会绑定API Key但保持代码一致性
const unboundCount = await apiKeyService.unbindAccountFromAllKeys(accountId, 'ccr')
// 获取账户信息以检查是否在分组中
const account = await ccrAccountService.getAccount(accountId)
if (account && account.accountType === 'group') {
const groups = await accountGroupService.getAccountGroups(accountId)
for (const group of groups) {
await accountGroupService.removeAccountFromGroup(accountId, group.id)
}
}
await ccrAccountService.deleteAccount(accountId)
let message = 'CCR账号已成功删除'
if (unboundCount > 0) {
// 理论上不会发生,但保持消息格式一致
message += `${unboundCount} 个 API Key 已切换为共享池模式`
}
logger.success(`🗑️ Admin deleted CCR account: ${accountId}`)
return res.json({
success: true,
message,
unboundKeys: unboundCount
})
} catch (error) {
logger.error('❌ Failed to delete CCR account:', error)
return res.status(500).json({ error: 'Failed to delete CCR account', message: error.message })
}
})
// 切换CCR账户状态
router.put('/:accountId/toggle', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const account = await ccrAccountService.getAccount(accountId)
if (!account) {
return res.status(404).json({ error: 'Account not found' })
}
const newStatus = !account.isActive
await ccrAccountService.updateAccount(accountId, { isActive: newStatus })
logger.success(
`🔄 Admin toggled CCR account status: ${accountId} -> ${newStatus ? 'active' : 'inactive'}`
)
return res.json({ success: true, isActive: newStatus })
} catch (error) {
logger.error('❌ Failed to toggle CCR account status:', error)
return res
.status(500)
.json({ error: 'Failed to toggle account status', message: error.message })
}
})
// 切换CCR账户调度状态
router.put('/:accountId/toggle-schedulable', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const account = await ccrAccountService.getAccount(accountId)
if (!account) {
return res.status(404).json({ error: 'Account not found' })
}
const newSchedulable = !account.schedulable
await ccrAccountService.updateAccount(accountId, { schedulable: newSchedulable })
// 如果账号被禁用发送webhook通知
if (!newSchedulable) {
await webhookNotifier.sendAccountAnomalyNotification({
accountId: account.id,
accountName: account.name || 'CCR Account',
platform: 'ccr',
status: 'disabled',
errorCode: 'CCR_MANUALLY_DISABLED',
reason: '账号已被管理员手动禁用调度',
timestamp: new Date().toISOString()
})
}
logger.success(
`🔄 Admin toggled CCR account schedulable status: ${accountId} -> ${
newSchedulable ? 'schedulable' : 'not schedulable'
}`
)
return res.json({ success: true, schedulable: newSchedulable })
} catch (error) {
logger.error('❌ Failed to toggle CCR account schedulable status:', error)
return res
.status(500)
.json({ error: 'Failed to toggle schedulable status', message: error.message })
}
})
// 获取CCR账户的使用统计
router.get('/:accountId/usage', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const usageStats = await ccrAccountService.getAccountUsageStats(accountId)
if (!usageStats) {
return res.status(404).json({ error: 'Account not found' })
}
return res.json(usageStats)
} catch (error) {
logger.error('❌ Failed to get CCR account usage stats:', error)
return res.status(500).json({ error: 'Failed to get usage stats', message: error.message })
}
})
// 手动重置CCR账户的每日使用量
router.post('/:accountId/reset-usage', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
await ccrAccountService.resetDailyUsage(accountId)
logger.success(`✅ Admin manually reset daily usage for CCR account: ${accountId}`)
return res.json({ success: true, message: 'Daily usage reset successfully' })
} catch (error) {
logger.error('❌ Failed to reset CCR account daily usage:', error)
return res.status(500).json({ error: 'Failed to reset daily usage', message: error.message })
}
})
// 重置CCR账户状态清除所有异常状态
router.post('/:accountId/reset-status', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const result = await ccrAccountService.resetAccountStatus(accountId)
logger.success(`✅ Admin reset status for CCR account: ${accountId}`)
return res.json({ success: true, data: result })
} catch (error) {
logger.error('❌ Failed to reset CCR account status:', error)
return res.status(500).json({ error: 'Failed to reset status', message: error.message })
}
})
// 手动重置所有CCR账户的每日使用量
router.post('/reset-all-usage', authenticateAdmin, async (req, res) => {
try {
await ccrAccountService.resetAllDailyUsage()
logger.success('✅ Admin manually reset daily usage for all CCR accounts')
return res.json({ success: true, message: 'All daily usage reset successfully' })
} catch (error) {
logger.error('❌ Failed to reset all CCR accounts daily usage:', error)
return res
.status(500)
.json({ error: 'Failed to reset all daily usage', message: error.message })
}
})
module.exports = router

906
src/routes/admin/claudeAccounts.js
View File

@@ -1,906 +0,0 @@
/**
* Admin Routes - Claude 官方账户管理
* OAuth 方式授权的 Claude 账户
*/
const express = require('express')
const router = express.Router()
const claudeAccountService = require('../../services/claudeAccountService')
const claudeRelayService = require('../../services/claudeRelayService')
const accountGroupService = require('../../services/accountGroupService')
const apiKeyService = require('../../services/apiKeyService')
const redis = require('../../models/redis')
const { authenticateAdmin } = require('../../middleware/auth')
const logger = require('../../utils/logger')
const oauthHelper = require('../../utils/oauthHelper')
const CostCalculator = require('../../utils/costCalculator')
const webhookNotifier = require('../../utils/webhookNotifier')
const { formatAccountExpiry, mapExpiryField } = require('./utils')
// 生成OAuth授权URL
router.post('/claude-accounts/generate-auth-url', authenticateAdmin, async (req, res) => {
try {
const { proxy } = req.body // 接收代理配置
const oauthParams = await oauthHelper.generateOAuthParams()
// 将codeVerifier和state临时存储到Redis用于后续验证
const sessionId = require('crypto').randomUUID()
await redis.setOAuthSession(sessionId, {
codeVerifier: oauthParams.codeVerifier,
state: oauthParams.state,
codeChallenge: oauthParams.codeChallenge,
proxy: proxy || null, // 存储代理配置
createdAt: new Date().toISOString(),
expiresAt: new Date(Date.now() + 10 * 60 * 1000).toISOString() // 10分钟过期
})
logger.success('🔗 Generated OAuth authorization URL with proxy support')
return res.json({
success: true,
data: {
authUrl: oauthParams.authUrl,
sessionId,
instructions: [
'1. 复制上面的链接到浏览器中打开',
'2. 登录您的 Anthropic 账户',
'3. 同意应用权限',
'4. 复制浏览器地址栏中的完整 URL',
'5. 在添加账户表单中粘贴完整的回调 URL 和授权码'
]
}
})
} catch (error) {
logger.error('❌ Failed to generate OAuth URL:', error)
return res.status(500).json({ error: 'Failed to generate OAuth URL', message: error.message })
}
})
// 验证授权码并获取token
router.post('/claude-accounts/exchange-code', authenticateAdmin, async (req, res) => {
try {
const { sessionId, authorizationCode, callbackUrl } = req.body
if (!sessionId || (!authorizationCode && !callbackUrl)) {
return res
.status(400)
.json({ error: 'Session ID and authorization code (or callback URL) are required' })
}
// 从Redis获取OAuth会话信息
const oauthSession = await redis.getOAuthSession(sessionId)
if (!oauthSession) {
return res.status(400).json({ error: 'Invalid or expired OAuth session' })
}
// 检查会话是否过期
if (new Date() > new Date(oauthSession.expiresAt)) {
await redis.deleteOAuthSession(sessionId)
return res
.status(400)
.json({ error: 'OAuth session has expired, please generate a new authorization URL' })
}
// 统一处理授权码输入可能是直接的code或完整的回调URL
let finalAuthCode
const inputValue = callbackUrl || authorizationCode
try {
finalAuthCode = oauthHelper.parseCallbackUrl(inputValue)
} catch (parseError) {
return res
.status(400)
.json({ error: 'Failed to parse authorization input', message: parseError.message })
}
// 交换访问令牌
const tokenData = await oauthHelper.exchangeCodeForTokens(
finalAuthCode,
oauthSession.codeVerifier,
oauthSession.state,
oauthSession.proxy // 传递代理配置
)
// 清理OAuth会话
await redis.deleteOAuthSession(sessionId)
logger.success('🎉 Successfully exchanged authorization code for tokens')
return res.json({
success: true,
data: {
claudeAiOauth: tokenData
}
})
} catch (error) {
logger.error('❌ Failed to exchange authorization code:', {
error: error.message,
sessionId: req.body.sessionId,
// 不记录完整的授权码,只记录长度和前几个字符
codeLength: req.body.callbackUrl
? req.body.callbackUrl.length
: req.body.authorizationCode
? req.body.authorizationCode.length
: 0,
codePrefix: req.body.callbackUrl
? `${req.body.callbackUrl.substring(0, 10)}...`
: req.body.authorizationCode
? `${req.body.authorizationCode.substring(0, 10)}...`
: 'N/A'
})
return res
.status(500)
.json({ error: 'Failed to exchange authorization code', message: error.message })
}
})
// 生成Claude setup-token授权URL
router.post('/claude-accounts/generate-setup-token-url', authenticateAdmin, async (req, res) => {
try {
const { proxy } = req.body // 接收代理配置
const setupTokenParams = await oauthHelper.generateSetupTokenParams()
// 将codeVerifier和state临时存储到Redis用于后续验证
const sessionId = require('crypto').randomUUID()
await redis.setOAuthSession(sessionId, {
type: 'setup-token', // 标记为setup-token类型
codeVerifier: setupTokenParams.codeVerifier,
state: setupTokenParams.state,
codeChallenge: setupTokenParams.codeChallenge,
proxy: proxy || null, // 存储代理配置
createdAt: new Date().toISOString(),
expiresAt: new Date(Date.now() + 10 * 60 * 1000).toISOString() // 10分钟过期
})
logger.success('🔗 Generated Setup Token authorization URL with proxy support')
return res.json({
success: true,
data: {
authUrl: setupTokenParams.authUrl,
sessionId,
instructions: [
'1. 复制上面的链接到浏览器中打开',
'2. 登录您的 Claude 账户并授权 Claude Code',
'3. 完成授权后,从返回页面复制 Authorization Code',
'4. 在添加账户表单中粘贴 Authorization Code'
]
}
})
} catch (error) {
logger.error('❌ Failed to generate Setup Token URL:', error)
return res
.status(500)
.json({ error: 'Failed to generate Setup Token URL', message: error.message })
}
})
// 验证setup-token授权码并获取token
router.post('/claude-accounts/exchange-setup-token-code', authenticateAdmin, async (req, res) => {
try {
const { sessionId, authorizationCode, callbackUrl } = req.body
if (!sessionId || (!authorizationCode && !callbackUrl)) {
return res
.status(400)
.json({ error: 'Session ID and authorization code (or callback URL) are required' })
}
// 从Redis获取OAuth会话信息
const oauthSession = await redis.getOAuthSession(sessionId)
if (!oauthSession) {
return res.status(400).json({ error: 'Invalid or expired OAuth session' })
}
// 检查是否是setup-token类型
if (oauthSession.type !== 'setup-token') {
return res.status(400).json({ error: 'Invalid session type for setup token exchange' })
}
// 检查会话是否过期
if (new Date() > new Date(oauthSession.expiresAt)) {
await redis.deleteOAuthSession(sessionId)
return res
.status(400)
.json({ error: 'OAuth session has expired, please generate a new authorization URL' })
}
// 统一处理授权码输入可能是直接的code或完整的回调URL
let finalAuthCode
const inputValue = callbackUrl || authorizationCode
try {
finalAuthCode = oauthHelper.parseCallbackUrl(inputValue)
} catch (parseError) {
return res
.status(400)
.json({ error: 'Failed to parse authorization input', message: parseError.message })
}
// 交换Setup Token
const tokenData = await oauthHelper.exchangeSetupTokenCode(
finalAuthCode,
oauthSession.codeVerifier,
oauthSession.state,
oauthSession.proxy // 传递代理配置
)
// 清理OAuth会话
await redis.deleteOAuthSession(sessionId)
logger.success('🎉 Successfully exchanged setup token authorization code for tokens')
return res.json({
success: true,
data: {
claudeAiOauth: tokenData
}
})
} catch (error) {
logger.error('❌ Failed to exchange setup token authorization code:', {
error: error.message,
sessionId: req.body.sessionId,
// 不记录完整的授权码,只记录长度和前几个字符
codeLength: req.body.callbackUrl
? req.body.callbackUrl.length
: req.body.authorizationCode
? req.body.authorizationCode.length
: 0,
codePrefix: req.body.callbackUrl
? `${req.body.callbackUrl.substring(0, 10)}...`
: req.body.authorizationCode
? `${req.body.authorizationCode.substring(0, 10)}...`
: 'N/A'
})
return res
.status(500)
.json({ error: 'Failed to exchange setup token authorization code', message: error.message })
}
})
// =============================================================================
// Cookie自动授权端点 (基于sessionKey自动完成OAuth流程)
// =============================================================================
// 普通OAuth的Cookie自动授权
router.post('/claude-accounts/oauth-with-cookie', authenticateAdmin, async (req, res) => {
try {
const { sessionKey, proxy } = req.body
// 验证sessionKey参数
if (!sessionKey || typeof sessionKey !== 'string' || sessionKey.trim().length === 0) {
return res.status(400).json({
success: false,
error: 'sessionKey不能为空',
message: '请提供有效的sessionKey值'
})
}
const trimmedSessionKey = sessionKey.trim()
logger.info('🍪 Starting Cookie-based OAuth authorization', {
sessionKeyLength: trimmedSessionKey.length,
sessionKeyPrefix: trimmedSessionKey.substring(0, 10) + '...',
hasProxy: !!proxy
})
// 执行Cookie自动授权流程
const result = await oauthHelper.oauthWithCookie(trimmedSessionKey, proxy, false)
logger.success('🎉 Cookie-based OAuth authorization completed successfully')
return res.json({
success: true,
data: {
claudeAiOauth: result.claudeAiOauth,
organizationUuid: result.organizationUuid,
capabilities: result.capabilities
}
})
} catch (error) {
logger.error('❌ Cookie-based OAuth authorization failed:', {
error: error.message,
sessionKeyLength: req.body.sessionKey ? req.body.sessionKey.length : 0
})
return res.status(500).json({
success: false,
error: 'Cookie授权失败',
message: error.message
})
}
})
// Setup Token的Cookie自动授权
router.post('/claude-accounts/setup-token-with-cookie', authenticateAdmin, async (req, res) => {
try {
const { sessionKey, proxy } = req.body
// 验证sessionKey参数
if (!sessionKey || typeof sessionKey !== 'string' || sessionKey.trim().length === 0) {
return res.status(400).json({
success: false,
error: 'sessionKey不能为空',
message: '请提供有效的sessionKey值'
})
}
const trimmedSessionKey = sessionKey.trim()
logger.info('🍪 Starting Cookie-based Setup Token authorization', {
sessionKeyLength: trimmedSessionKey.length,
sessionKeyPrefix: trimmedSessionKey.substring(0, 10) + '...',
hasProxy: !!proxy
})
// 执行Cookie自动授权流程Setup Token模式
const result = await oauthHelper.oauthWithCookie(trimmedSessionKey, proxy, true)
logger.success('🎉 Cookie-based Setup Token authorization completed successfully')
return res.json({
success: true,
data: {
claudeAiOauth: result.claudeAiOauth,
organizationUuid: result.organizationUuid,
capabilities: result.capabilities
}
})
} catch (error) {
logger.error('❌ Cookie-based Setup Token authorization failed:', {
error: error.message,
sessionKeyLength: req.body.sessionKey ? req.body.sessionKey.length : 0
})
return res.status(500).json({
success: false,
error: 'Cookie授权失败',
message: error.message
})
}
})
// 获取所有Claude账户
router.get('/claude-accounts', authenticateAdmin, async (req, res) => {
try {
const { platform, groupId } = req.query
let accounts = await claudeAccountService.getAllAccounts()
// 根据查询参数进行筛选
if (platform && platform !== 'all' && platform !== 'claude') {
// 如果指定了其他平台,返回空数组
accounts = []
}
// 如果指定了分组筛选
if (groupId && groupId !== 'all') {
if (groupId === 'ungrouped') {
// 筛选未分组账户
const filteredAccounts = []
for (const account of accounts) {
const groups = await accountGroupService.getAccountGroups(account.id)
if (!groups || groups.length === 0) {
filteredAccounts.push(account)
}
}
accounts = filteredAccounts
} else {
// 筛选特定分组的账户
const groupMembers = await accountGroupService.getGroupMembers(groupId)
accounts = accounts.filter((account) => groupMembers.includes(account.id))
}
}
// 为每个账户添加使用统计信息
const accountsWithStats = await Promise.all(
accounts.map(async (account) => {
try {
const usageStats = await redis.getAccountUsageStats(account.id, 'openai')
const groupInfos = await accountGroupService.getAccountGroups(account.id)
// 获取会话窗口使用统计(仅对有活跃窗口的账户)
let sessionWindowUsage = null
if (account.sessionWindow && account.sessionWindow.hasActiveWindow) {
const windowUsage = await redis.getAccountSessionWindowUsage(
account.id,
account.sessionWindow.windowStart,
account.sessionWindow.windowEnd
)
// 计算会话窗口的总费用
let totalCost = 0
const modelCosts = {}
for (const [modelName, usage] of Object.entries(windowUsage.modelUsage)) {
const usageData = {
input_tokens: usage.inputTokens,
output_tokens: usage.outputTokens,
cache_creation_input_tokens: usage.cacheCreateTokens,
cache_read_input_tokens: usage.cacheReadTokens
}
logger.debug(`💰 Calculating cost for model ${modelName}:`, JSON.stringify(usageData))
const costResult = CostCalculator.calculateCost(usageData, modelName)
logger.debug(`💰 Cost result for ${modelName}: total=${costResult.costs.total}`)
modelCosts[modelName] = {
...usage,
cost: costResult.costs.total
}
totalCost += costResult.costs.total
}
sessionWindowUsage = {
totalTokens: windowUsage.totalAllTokens,
totalRequests: windowUsage.totalRequests,
totalCost,
modelUsage: modelCosts
}
}
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
// 转换schedulable为布尔值
schedulable: account.schedulable === 'true' || account.schedulable === true,
groupInfos,
usage: {
daily: usageStats.daily,
total: usageStats.total,
averages: usageStats.averages,
sessionWindow: sessionWindowUsage
}
}
} catch (statsError) {
logger.warn(`⚠️ Failed to get usage stats for account ${account.id}:`, statsError.message)
// 如果获取统计失败,返回空统计
try {
const groupInfos = await accountGroupService.getAccountGroups(account.id)
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
groupInfos,
usage: {
daily: { tokens: 0, requests: 0, allTokens: 0 },
total: { tokens: 0, requests: 0, allTokens: 0 },
averages: { rpm: 0, tpm: 0 },
sessionWindow: null
}
}
} catch (groupError) {
logger.warn(
`⚠️ Failed to get group info for account ${account.id}:`,
groupError.message
)
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
groupInfos: [],
usage: {
daily: { tokens: 0, requests: 0, allTokens: 0 },
total: { tokens: 0, requests: 0, allTokens: 0 },
averages: { rpm: 0, tpm: 0 },
sessionWindow: null
}
}
}
}
})
)
return res.json({ success: true, data: accountsWithStats })
} catch (error) {
logger.error('❌ Failed to get Claude accounts:', error)
return res.status(500).json({ error: 'Failed to get Claude accounts', message: error.message })
}
})
// 批量获取 Claude 账户的 OAuth Usage 数据
router.get('/claude-accounts/usage', authenticateAdmin, async (req, res) => {
try {
const accounts = await redis.getAllClaudeAccounts()
const now = Date.now()
const usageCacheTtlMs = 300 * 1000
// 批量并发获取所有活跃 OAuth 账户的 Usage
const usagePromises = accounts.map(async (account) => {
// 检查是否为 OAuth 账户scopes 包含 OAuth 相关权限
const scopes = account.scopes && account.scopes.trim() ? account.scopes.split(' ') : []
const isOAuth = scopes.includes('user:profile') && scopes.includes('user:inference')
// 仅为 OAuth 授权的活跃账户调用 usage API
if (
isOAuth &&
account.isActive === 'true' &&
account.accessToken &&
account.status === 'active'
) {
// 若快照在 300 秒内更新,直接使用缓存避免频繁请求
const cachedUsage = claudeAccountService.buildClaudeUsageSnapshot(account)
const lastUpdatedAt = account.claudeUsageUpdatedAt
? new Date(account.claudeUsageUpdatedAt).getTime()
: 0
const isCacheFresh = cachedUsage && lastUpdatedAt && now - lastUpdatedAt < usageCacheTtlMs
if (isCacheFresh) {
return {
accountId: account.id,
claudeUsage: cachedUsage
}
}
try {
const usageData = await claudeAccountService.fetchOAuthUsage(account.id)
if (usageData) {
await claudeAccountService.updateClaudeUsageSnapshot(account.id, usageData)
}
// 重新读取更新后的数据
const updatedAccount = await redis.getClaudeAccount(account.id)
return {
accountId: account.id,
claudeUsage: claudeAccountService.buildClaudeUsageSnapshot(updatedAccount)
}
} catch (error) {
logger.debug(`Failed to fetch OAuth usage for ${account.id}:`, error.message)
return { accountId: account.id, claudeUsage: null }
}
}
// Setup Token 账户不调用 usage API直接返回 null
return { accountId: account.id, claudeUsage: null }
})
const results = await Promise.allSettled(usagePromises)
// 转换为 { accountId: usage } 映射
const usageMap = {}
results.forEach((result) => {
if (result.status === 'fulfilled' && result.value) {
usageMap[result.value.accountId] = result.value.claudeUsage
}
})
res.json({ success: true, data: usageMap })
} catch (error) {
logger.error('❌ Failed to fetch Claude accounts usage:', error)
res.status(500).json({ error: 'Failed to fetch usage data', message: error.message })
}
})
// 创建新的Claude账户
router.post('/claude-accounts', authenticateAdmin, async (req, res) => {
try {
const {
name,
description,
email,
password,
refreshToken,
claudeAiOauth,
proxy,
accountType,
platform = 'claude',
priority,
groupId,
groupIds,
autoStopOnWarning,
useUnifiedUserAgent,
useUnifiedClientId,
unifiedClientId,
expiresAt,
extInfo
} = req.body
if (!name) {
return res.status(400).json({ error: 'Name is required' })
}
// 验证accountType的有效性
if (accountType && !['shared', 'dedicated', 'group'].includes(accountType)) {
return res
.status(400)
.json({ error: 'Invalid account type. Must be "shared", "dedicated" or "group"' })
}
// 如果是分组类型验证groupId或groupIds
if (accountType === 'group' && !groupId && (!groupIds || groupIds.length === 0)) {
return res
.status(400)
.json({ error: 'Group ID or Group IDs are required for group type accounts' })
}
// 验证priority的有效性
if (
priority !== undefined &&
(typeof priority !== 'number' || priority < 1 || priority > 100)
) {
return res.status(400).json({ error: 'Priority must be a number between 1 and 100' })
}
const newAccount = await claudeAccountService.createAccount({
name,
description,
email,
password,
refreshToken,
claudeAiOauth,
proxy,
accountType: accountType || 'shared', // 默认为共享类型
platform,
priority: priority || 50, // 默认优先级为50
autoStopOnWarning: autoStopOnWarning === true, // 默认为false
useUnifiedUserAgent: useUnifiedUserAgent === true, // 默认为false
useUnifiedClientId: useUnifiedClientId === true, // 默认为false
unifiedClientId: unifiedClientId || '', // 统一的客户端标识
expiresAt: expiresAt || null, // 账户订阅到期时间
extInfo: extInfo || null
})
// 如果是分组类型,将账户添加到分组
if (accountType === 'group') {
if (groupIds && groupIds.length > 0) {
// 使用多分组设置
await accountGroupService.setAccountGroups(newAccount.id, groupIds, newAccount.platform)
} else if (groupId) {
// 兼容单分组模式
await accountGroupService.addAccountToGroup(newAccount.id, groupId, newAccount.platform)
}
}
logger.success(`🏢 Admin created new Claude account: ${name} (${accountType || 'shared'})`)
const formattedAccount = formatAccountExpiry(newAccount)
return res.json({ success: true, data: formattedAccount })
} catch (error) {
logger.error('❌ Failed to create Claude account:', error)
return res
.status(500)
.json({ error: 'Failed to create Claude account', message: error.message })
}
})
// 更新Claude账户
router.put('/claude-accounts/:accountId', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const updates = req.body
// ✅ 【修改】映射字段名:前端的 expiresAt -> 后端的 subscriptionExpiresAt提前到参数验证之前
const mappedUpdates = mapExpiryField(updates, 'Claude', accountId)
// 验证priority的有效性
if (
mappedUpdates.priority !== undefined &&
(typeof mappedUpdates.priority !== 'number' ||
mappedUpdates.priority < 1 ||
mappedUpdates.priority > 100)
) {
return res.status(400).json({ error: 'Priority must be a number between 1 and 100' })
}
// 验证accountType的有效性
if (
mappedUpdates.accountType &&
!['shared', 'dedicated', 'group'].includes(mappedUpdates.accountType)
) {
return res
.status(400)
.json({ error: 'Invalid account type. Must be "shared", "dedicated" or "group"' })
}
// 如果更新为分组类型验证groupId或groupIds
if (
mappedUpdates.accountType === 'group' &&
!mappedUpdates.groupId &&
(!mappedUpdates.groupIds || mappedUpdates.groupIds.length === 0)
) {
return res
.status(400)
.json({ error: 'Group ID or Group IDs are required for group type accounts' })
}
// 获取账户当前信息以处理分组变更
const currentAccount = await claudeAccountService.getAccount(accountId)
if (!currentAccount) {
return res.status(404).json({ error: 'Account not found' })
}
// 处理分组的变更
if (mappedUpdates.accountType !== undefined) {
// 如果之前是分组类型,需要从所有分组中移除
if (currentAccount.accountType === 'group') {
await accountGroupService.removeAccountFromAllGroups(accountId)
}
// 如果新类型是分组,添加到新分组
if (mappedUpdates.accountType === 'group') {
// 处理多分组/单分组的兼容性
if (Object.prototype.hasOwnProperty.call(mappedUpdates, 'groupIds')) {
if (mappedUpdates.groupIds && mappedUpdates.groupIds.length > 0) {
// 使用多分组设置
await accountGroupService.setAccountGroups(accountId, mappedUpdates.groupIds, 'claude')
} else {
// groupIds 为空数组,从所有分组中移除
await accountGroupService.removeAccountFromAllGroups(accountId)
}
} else if (mappedUpdates.groupId) {
// 兼容单分组模式
await accountGroupService.addAccountToGroup(accountId, mappedUpdates.groupId, 'claude')
}
}
}
await claudeAccountService.updateAccount(accountId, mappedUpdates)
logger.success(`📝 Admin updated Claude account: ${accountId}`)
return res.json({ success: true, message: 'Claude account updated successfully' })
} catch (error) {
logger.error('❌ Failed to update Claude account:', error)
return res
.status(500)
.json({ error: 'Failed to update Claude account', message: error.message })
}
})
// 删除Claude账户
router.delete('/claude-accounts/:accountId', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
// 自动解绑所有绑定的 API Keys
const unboundCount = await apiKeyService.unbindAccountFromAllKeys(accountId, 'claude')
// 获取账户信息以检查是否在分组中
const account = await claudeAccountService.getAccount(accountId)
if (account && account.accountType === 'group') {
const groups = await accountGroupService.getAccountGroups(accountId)
for (const group of groups) {
await accountGroupService.removeAccountFromGroup(accountId, group.id)
}
}
await claudeAccountService.deleteAccount(accountId)
let message = 'Claude账号已成功删除'
if (unboundCount > 0) {
message += `${unboundCount} 个 API Key 已切换为共享池模式`
}
logger.success(`🗑️ Admin deleted Claude account: ${accountId}, unbound ${unboundCount} keys`)
return res.json({
success: true,
message,
unboundKeys: unboundCount
})
} catch (error) {
logger.error('❌ Failed to delete Claude account:', error)
return res
.status(500)
.json({ error: 'Failed to delete Claude account', message: error.message })
}
})
// 更新单个Claude账户的Profile信息
router.post('/claude-accounts/:accountId/update-profile', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const profileInfo = await claudeAccountService.fetchAndUpdateAccountProfile(accountId)
logger.success(`✅ Updated profile for Claude account: ${accountId}`)
return res.json({
success: true,
message: 'Account profile updated successfully',
data: profileInfo
})
} catch (error) {
logger.error('❌ Failed to update account profile:', error)
return res
.status(500)
.json({ error: 'Failed to update account profile', message: error.message })
}
})
// 批量更新所有Claude账户的Profile信息
router.post('/claude-accounts/update-all-profiles', authenticateAdmin, async (req, res) => {
try {
const result = await claudeAccountService.updateAllAccountProfiles()
logger.success('✅ Batch profile update completed')
return res.json({
success: true,
message: 'Batch profile update completed',
data: result
})
} catch (error) {
logger.error('❌ Failed to update all account profiles:', error)
return res
.status(500)
.json({ error: 'Failed to update all account profiles', message: error.message })
}
})
// 刷新Claude账户token
router.post('/claude-accounts/:accountId/refresh', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const result = await claudeAccountService.refreshAccountToken(accountId)
logger.success(`🔄 Admin refreshed token for Claude account: ${accountId}`)
return res.json({ success: true, data: result })
} catch (error) {
logger.error('❌ Failed to refresh Claude account token:', error)
return res.status(500).json({ error: 'Failed to refresh token', message: error.message })
}
})
// 重置Claude账户状态清除所有异常状态
router.post('/claude-accounts/:accountId/reset-status', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const result = await claudeAccountService.resetAccountStatus(accountId)
logger.success(`✅ Admin reset status for Claude account: ${accountId}`)
return res.json({ success: true, data: result })
} catch (error) {
logger.error('❌ Failed to reset Claude account status:', error)
return res.status(500).json({ error: 'Failed to reset status', message: error.message })
}
})
// 切换Claude账户调度状态
router.put(
'/claude-accounts/:accountId/toggle-schedulable',
authenticateAdmin,
async (req, res) => {
try {
const { accountId } = req.params
const accounts = await claudeAccountService.getAllAccounts()
const account = accounts.find((acc) => acc.id === accountId)
if (!account) {
return res.status(404).json({ error: 'Account not found' })
}
const newSchedulable = !account.schedulable
await claudeAccountService.updateAccount(accountId, { schedulable: newSchedulable })
// 如果账号被禁用发送webhook通知
if (!newSchedulable) {
await webhookNotifier.sendAccountAnomalyNotification({
accountId: account.id,
accountName: account.name || account.claudeAiOauth?.email || 'Claude Account',
platform: 'claude-oauth',
status: 'disabled',
errorCode: 'CLAUDE_OAUTH_MANUALLY_DISABLED',
reason: '账号已被管理员手动禁用调度',
timestamp: new Date().toISOString()
})
}
logger.success(
`🔄 Admin toggled Claude account schedulable status: ${accountId} -> ${
newSchedulable ? 'schedulable' : 'not schedulable'
}`
)
return res.json({ success: true, schedulable: newSchedulable })
} catch (error) {
logger.error('❌ Failed to toggle Claude account schedulable status:', error)
return res
.status(500)
.json({ error: 'Failed to toggle schedulable status', message: error.message })
}
}
)
// 测试Claude OAuth账户连通性流式响应- 复用 claudeRelayService
router.post('/claude-accounts/:accountId/test', authenticateAdmin, async (req, res) => {
const { accountId } = req.params
try {
// 直接调用服务层的测试方法
await claudeRelayService.testAccountConnection(accountId, res)
} catch (error) {
logger.error(`❌ Failed to test Claude OAuth account:`, error)
// 错误已在服务层处理,这里仅做日志记录
}
})
module.exports = router

496
src/routes/admin/claudeConsoleAccounts.js
View File

@@ -1,496 +0,0 @@
/**
* Admin Routes - Claude Console 账户管理
* API Key 方式的 Claude Console 账户
*/
const express = require('express')
const router = express.Router()
const claudeConsoleAccountService = require('../../services/claudeConsoleAccountService')
const claudeConsoleRelayService = require('../../services/claudeConsoleRelayService')
const accountGroupService = require('../../services/accountGroupService')
const apiKeyService = require('../../services/apiKeyService')
const redis = require('../../models/redis')
const { authenticateAdmin } = require('../../middleware/auth')
const logger = require('../../utils/logger')
const webhookNotifier = require('../../utils/webhookNotifier')
const { formatAccountExpiry, mapExpiryField } = require('./utils')
// 获取所有Claude Console账户
router.get('/claude-console-accounts', authenticateAdmin, async (req, res) => {
try {
const { platform, groupId } = req.query
let accounts = await claudeConsoleAccountService.getAllAccounts()
// 根据查询参数进行筛选
if (platform && platform !== 'all' && platform !== 'claude-console') {
// 如果指定了其他平台,返回空数组
accounts = []
}
// 如果指定了分组筛选
if (groupId && groupId !== 'all') {
if (groupId === 'ungrouped') {
// 筛选未分组账户
const filteredAccounts = []
for (const account of accounts) {
const groups = await accountGroupService.getAccountGroups(account.id)
if (!groups || groups.length === 0) {
filteredAccounts.push(account)
}
}
accounts = filteredAccounts
} else {
// 筛选特定分组的账户
const groupMembers = await accountGroupService.getGroupMembers(groupId)
accounts = accounts.filter((account) => groupMembers.includes(account.id))
}
}
// 为每个账户添加使用统计信息
const accountsWithStats = await Promise.all(
accounts.map(async (account) => {
try {
const usageStats = await redis.getAccountUsageStats(account.id, 'openai')
const groupInfos = await accountGroupService.getAccountGroups(account.id)
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
// 转换schedulable为布尔值
schedulable: account.schedulable === 'true' || account.schedulable === true,
groupInfos,
usage: {
daily: usageStats.daily,
total: usageStats.total,
averages: usageStats.averages
}
}
} catch (statsError) {
logger.warn(
`⚠️ Failed to get usage stats for Claude Console account ${account.id}:`,
statsError.message
)
try {
const groupInfos = await accountGroupService.getAccountGroups(account.id)
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
// 转换schedulable为布尔值
schedulable: account.schedulable === 'true' || account.schedulable === true,
groupInfos,
usage: {
daily: { tokens: 0, requests: 0, allTokens: 0 },
total: { tokens: 0, requests: 0, allTokens: 0 },
averages: { rpm: 0, tpm: 0 }
}
}
} catch (groupError) {
logger.warn(
`⚠️ Failed to get group info for Claude Console account ${account.id}:`,
groupError.message
)
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
groupInfos: [],
usage: {
daily: { tokens: 0, requests: 0, allTokens: 0 },
total: { tokens: 0, requests: 0, allTokens: 0 },
averages: { rpm: 0, tpm: 0 }
}
}
}
}
})
)
return res.json({ success: true, data: accountsWithStats })
} catch (error) {
logger.error('❌ Failed to get Claude Console accounts:', error)
return res
.status(500)
.json({ error: 'Failed to get Claude Console accounts', message: error.message })
}
})
// 创建新的Claude Console账户
router.post('/claude-console-accounts', authenticateAdmin, async (req, res) => {
try {
const {
name,
description,
apiUrl,
apiKey,
priority,
supportedModels,
userAgent,
rateLimitDuration,
proxy,
accountType,
groupId,
dailyQuota,
quotaResetTime,
maxConcurrentTasks,
disableAutoProtection
} = req.body
if (!name || !apiUrl || !apiKey) {
return res.status(400).json({ error: 'Name, API URL and API Key are required' })
}
// 验证priority的有效性1-100
if (priority !== undefined && (priority < 1 || priority > 100)) {
return res.status(400).json({ error: 'Priority must be between 1 and 100' })
}
// 验证maxConcurrentTasks的有效性非负整数
if (maxConcurrentTasks !== undefined && maxConcurrentTasks !== null) {
const concurrent = Number(maxConcurrentTasks)
if (!Number.isInteger(concurrent) || concurrent < 0) {
return res.status(400).json({ error: 'maxConcurrentTasks must be a non-negative integer' })
}
}
// 校验上游错误自动防护开关
const normalizedDisableAutoProtection =
disableAutoProtection === true || disableAutoProtection === 'true'
// 验证accountType的有效性
if (accountType && !['shared', 'dedicated', 'group'].includes(accountType)) {
return res
.status(400)
.json({ error: 'Invalid account type. Must be "shared", "dedicated" or "group"' })
}
// 如果是分组类型验证groupId
if (accountType === 'group' && !groupId) {
return res.status(400).json({ error: 'Group ID is required for group type accounts' })
}
const newAccount = await claudeConsoleAccountService.createAccount({
name,
description,
apiUrl,
apiKey,
priority: priority || 50,
supportedModels: supportedModels || [],
userAgent,
rateLimitDuration:
rateLimitDuration !== undefined && rateLimitDuration !== null ? rateLimitDuration : 60,
proxy,
accountType: accountType || 'shared',
dailyQuota: dailyQuota || 0,
quotaResetTime: quotaResetTime || '00:00',
maxConcurrentTasks:
maxConcurrentTasks !== undefined && maxConcurrentTasks !== null
? Number(maxConcurrentTasks)
: 0,
disableAutoProtection: normalizedDisableAutoProtection
})
// 如果是分组类型将账户添加到分组CCR 归属 Claude 平台分组)
if (accountType === 'group' && groupId) {
await accountGroupService.addAccountToGroup(newAccount.id, groupId, 'claude')
}
logger.success(`🎮 Admin created Claude Console account: ${name}`)
const formattedAccount = formatAccountExpiry(newAccount)
return res.json({ success: true, data: formattedAccount })
} catch (error) {
logger.error('❌ Failed to create Claude Console account:', error)
return res
.status(500)
.json({ error: 'Failed to create Claude Console account', message: error.message })
}
})
// 更新Claude Console账户
router.put('/claude-console-accounts/:accountId', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const updates = req.body
// ✅ 【新增】映射字段名:前端的 expiresAt -> 后端的 subscriptionExpiresAt
const mappedUpdates = mapExpiryField(updates, 'Claude Console', accountId)
// 验证priority的有效性1-100
if (
mappedUpdates.priority !== undefined &&
(mappedUpdates.priority < 1 || mappedUpdates.priority > 100)
) {
return res.status(400).json({ error: 'Priority must be between 1 and 100' })
}
// 验证maxConcurrentTasks的有效性非负整数
if (
mappedUpdates.maxConcurrentTasks !== undefined &&
mappedUpdates.maxConcurrentTasks !== null
) {
const concurrent = Number(mappedUpdates.maxConcurrentTasks)
if (!Number.isInteger(concurrent) || concurrent < 0) {
return res.status(400).json({ error: 'maxConcurrentTasks must be a non-negative integer' })
}
// 转换为数字类型
mappedUpdates.maxConcurrentTasks = concurrent
}
// 验证accountType的有效性
if (
mappedUpdates.accountType &&
!['shared', 'dedicated', 'group'].includes(mappedUpdates.accountType)
) {
return res
.status(400)
.json({ error: 'Invalid account type. Must be "shared", "dedicated" or "group"' })
}
// 如果更新为分组类型验证groupId
if (mappedUpdates.accountType === 'group' && !mappedUpdates.groupId) {
return res.status(400).json({ error: 'Group ID is required for group type accounts' })
}
// 获取账户当前信息以处理分组变更
const currentAccount = await claudeConsoleAccountService.getAccount(accountId)
if (!currentAccount) {
return res.status(404).json({ error: 'Account not found' })
}
// 规范化上游错误自动防护开关
if (mappedUpdates.disableAutoProtection !== undefined) {
mappedUpdates.disableAutoProtection =
mappedUpdates.disableAutoProtection === true ||
mappedUpdates.disableAutoProtection === 'true'
}
// 处理分组的变更
if (mappedUpdates.accountType !== undefined) {
// 如果之前是分组类型,需要从所有分组中移除
if (currentAccount.accountType === 'group') {
const oldGroups = await accountGroupService.getAccountGroups(accountId)
for (const oldGroup of oldGroups) {
await accountGroupService.removeAccountFromGroup(accountId, oldGroup.id)
}
}
// 如果新类型是分组,处理多分组支持
if (mappedUpdates.accountType === 'group') {
if (Object.prototype.hasOwnProperty.call(mappedUpdates, 'groupIds')) {
// 如果明确提供了 groupIds 参数(包括空数组)
if (mappedUpdates.groupIds && mappedUpdates.groupIds.length > 0) {
// 设置新的多分组
await accountGroupService.setAccountGroups(accountId, mappedUpdates.groupIds, 'claude')
} else {
// groupIds 为空数组,从所有分组中移除
await accountGroupService.removeAccountFromAllGroups(accountId)
}
} else if (mappedUpdates.groupId) {
// 向后兼容:仅当没有 groupIds 但有 groupId 时使用单分组逻辑
await accountGroupService.addAccountToGroup(accountId, mappedUpdates.groupId, 'claude')
}
}
}
await claudeConsoleAccountService.updateAccount(accountId, mappedUpdates)
logger.success(`📝 Admin updated Claude Console account: ${accountId}`)
return res.json({ success: true, message: 'Claude Console account updated successfully' })
} catch (error) {
logger.error('❌ Failed to update Claude Console account:', error)
return res
.status(500)
.json({ error: 'Failed to update Claude Console account', message: error.message })
}
})
// 删除Claude Console账户
router.delete('/claude-console-accounts/:accountId', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
// 自动解绑所有绑定的 API Keys
const unboundCount = await apiKeyService.unbindAccountFromAllKeys(accountId, 'claude-console')
// 获取账户信息以检查是否在分组中
const account = await claudeConsoleAccountService.getAccount(accountId)
if (account && account.accountType === 'group') {
const groups = await accountGroupService.getAccountGroups(accountId)
for (const group of groups) {
await accountGroupService.removeAccountFromGroup(accountId, group.id)
}
}
await claudeConsoleAccountService.deleteAccount(accountId)
let message = 'Claude Console账号已成功删除'
if (unboundCount > 0) {
message += `${unboundCount} 个 API Key 已切换为共享池模式`
}
logger.success(
`🗑️ Admin deleted Claude Console account: ${accountId}, unbound ${unboundCount} keys`
)
return res.json({
success: true,
message,
unboundKeys: unboundCount
})
} catch (error) {
logger.error('❌ Failed to delete Claude Console account:', error)
return res
.status(500)
.json({ error: 'Failed to delete Claude Console account', message: error.message })
}
})
// 切换Claude Console账户状态
router.put('/claude-console-accounts/:accountId/toggle', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const account = await claudeConsoleAccountService.getAccount(accountId)
if (!account) {
return res.status(404).json({ error: 'Account not found' })
}
const newStatus = !account.isActive
await claudeConsoleAccountService.updateAccount(accountId, { isActive: newStatus })
logger.success(
`🔄 Admin toggled Claude Console account status: ${accountId} -> ${
newStatus ? 'active' : 'inactive'
}`
)
return res.json({ success: true, isActive: newStatus })
} catch (error) {
logger.error('❌ Failed to toggle Claude Console account status:', error)
return res
.status(500)
.json({ error: 'Failed to toggle account status', message: error.message })
}
})
// 切换Claude Console账户调度状态
router.put(
'/claude-console-accounts/:accountId/toggle-schedulable',
authenticateAdmin,
async (req, res) => {
try {
const { accountId } = req.params
const account = await claudeConsoleAccountService.getAccount(accountId)
if (!account) {
return res.status(404).json({ error: 'Account not found' })
}
const newSchedulable = !account.schedulable
await claudeConsoleAccountService.updateAccount(accountId, { schedulable: newSchedulable })
// 如果账号被禁用发送webhook通知
if (!newSchedulable) {
await webhookNotifier.sendAccountAnomalyNotification({
accountId: account.id,
accountName: account.name || 'Claude Console Account',
platform: 'claude-console',
status: 'disabled',
errorCode: 'CLAUDE_CONSOLE_MANUALLY_DISABLED',
reason: '账号已被管理员手动禁用调度',
timestamp: new Date().toISOString()
})
}
logger.success(
`🔄 Admin toggled Claude Console account schedulable status: ${accountId} -> ${
newSchedulable ? 'schedulable' : 'not schedulable'
}`
)
return res.json({ success: true, schedulable: newSchedulable })
} catch (error) {
logger.error('❌ Failed to toggle Claude Console account schedulable status:', error)
return res
.status(500)
.json({ error: 'Failed to toggle schedulable status', message: error.message })
}
}
)
// 获取Claude Console账户的使用统计
router.get('/claude-console-accounts/:accountId/usage', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const usageStats = await claudeConsoleAccountService.getAccountUsageStats(accountId)
if (!usageStats) {
return res.status(404).json({ error: 'Account not found' })
}
return res.json(usageStats)
} catch (error) {
logger.error('❌ Failed to get Claude Console account usage stats:', error)
return res.status(500).json({ error: 'Failed to get usage stats', message: error.message })
}
})
// 手动重置Claude Console账户的每日使用量
router.post(
'/claude-console-accounts/:accountId/reset-usage',
authenticateAdmin,
async (req, res) => {
try {
const { accountId } = req.params
await claudeConsoleAccountService.resetDailyUsage(accountId)
logger.success(`✅ Admin manually reset daily usage for Claude Console account: ${accountId}`)
return res.json({ success: true, message: 'Daily usage reset successfully' })
} catch (error) {
logger.error('❌ Failed to reset Claude Console account daily usage:', error)
return res.status(500).json({ error: 'Failed to reset daily usage', message: error.message })
}
}
)
// 重置Claude Console账户状态清除所有异常状态
router.post(
'/claude-console-accounts/:accountId/reset-status',
authenticateAdmin,
async (req, res) => {
try {
const { accountId } = req.params
const result = await claudeConsoleAccountService.resetAccountStatus(accountId)
logger.success(`✅ Admin reset status for Claude Console account: ${accountId}`)
return res.json({ success: true, data: result })
} catch (error) {
logger.error('❌ Failed to reset Claude Console account status:', error)
return res.status(500).json({ error: 'Failed to reset status', message: error.message })
}
}
)
// 手动重置所有Claude Console账户的每日使用量
router.post('/claude-console-accounts/reset-all-usage', authenticateAdmin, async (req, res) => {
try {
await claudeConsoleAccountService.resetAllDailyUsage()
logger.success('✅ Admin manually reset daily usage for all Claude Console accounts')
return res.json({ success: true, message: 'All daily usage reset successfully' })
} catch (error) {
logger.error('❌ Failed to reset all Claude Console accounts daily usage:', error)
return res
.status(500)
.json({ error: 'Failed to reset all daily usage', message: error.message })
}
})
// 测试Claude Console账户连通性流式响应- 复用 claudeConsoleRelayService
router.post('/claude-console-accounts/:accountId/test', authenticateAdmin, async (req, res) => {
const { accountId } = req.params
try {
// 直接调用服务层的测试方法
await claudeConsoleRelayService.testAccountConnection(accountId, res)
} catch (error) {
logger.error(`❌ Failed to test Claude Console account:`, error)
// 错误已在服务层处理,这里仅做日志记录
}
})
module.exports = router

239
src/routes/admin/claudeRelayConfig.js
View File

@@ -1,239 +0,0 @@
/**
* Claude 转发配置 API 路由
* 管理全局 Claude Code 限制和会话绑定配置
*/
const express = require('express')
const { authenticateAdmin } = require('../../middleware/auth')
const claudeRelayConfigService = require('../../services/claudeRelayConfigService')
const logger = require('../../utils/logger')
const router = express.Router()
/**
* GET /admin/claude-relay-config
* 获取 Claude 转发配置
*/
router.get('/claude-relay-config', authenticateAdmin, async (req, res) => {
try {
const config = await claudeRelayConfigService.getConfig()
return res.json({
success: true,
config
})
} catch (error) {
logger.error('❌ Failed to get Claude relay config:', error)
return res.status(500).json({
error: 'Failed to get configuration',
message: error.message
})
}
})
/**
* PUT /admin/claude-relay-config
* 更新 Claude 转发配置
*/
router.put('/claude-relay-config', authenticateAdmin, async (req, res) => {
try {
const {
claudeCodeOnlyEnabled,
globalSessionBindingEnabled,
sessionBindingErrorMessage,
sessionBindingTtlDays,
userMessageQueueEnabled,
userMessageQueueDelayMs,
userMessageQueueTimeoutMs,
concurrentRequestQueueEnabled,
concurrentRequestQueueMaxSize,
concurrentRequestQueueMaxSizeMultiplier,
concurrentRequestQueueTimeoutMs
} = req.body
// 验证输入
if (claudeCodeOnlyEnabled !== undefined && typeof claudeCodeOnlyEnabled !== 'boolean') {
return res.status(400).json({ error: 'claudeCodeOnlyEnabled must be a boolean' })
}
if (
globalSessionBindingEnabled !== undefined &&
typeof globalSessionBindingEnabled !== 'boolean'
) {
return res.status(400).json({ error: 'globalSessionBindingEnabled must be a boolean' })
}
if (sessionBindingErrorMessage !== undefined) {
if (typeof sessionBindingErrorMessage !== 'string') {
return res.status(400).json({ error: 'sessionBindingErrorMessage must be a string' })
}
if (sessionBindingErrorMessage.length > 500) {
return res
.status(400)
.json({ error: 'sessionBindingErrorMessage must be less than 500 characters' })
}
}
if (sessionBindingTtlDays !== undefined) {
if (
typeof sessionBindingTtlDays !== 'number' ||
sessionBindingTtlDays < 1 ||
sessionBindingTtlDays > 365
) {
return res
.status(400)
.json({ error: 'sessionBindingTtlDays must be a number between 1 and 365' })
}
}
// 验证用户消息队列配置
if (userMessageQueueEnabled !== undefined && typeof userMessageQueueEnabled !== 'boolean') {
return res.status(400).json({ error: 'userMessageQueueEnabled must be a boolean' })
}
if (userMessageQueueDelayMs !== undefined) {
if (
typeof userMessageQueueDelayMs !== 'number' ||
userMessageQueueDelayMs < 0 ||
userMessageQueueDelayMs > 10000
) {
return res
.status(400)
.json({ error: 'userMessageQueueDelayMs must be a number between 0 and 10000' })
}
}
if (userMessageQueueTimeoutMs !== undefined) {
if (
typeof userMessageQueueTimeoutMs !== 'number' ||
userMessageQueueTimeoutMs < 1000 ||
userMessageQueueTimeoutMs > 300000
) {
return res
.status(400)
.json({ error: 'userMessageQueueTimeoutMs must be a number between 1000 and 300000' })
}
}
// 验证并发请求排队配置
if (
concurrentRequestQueueEnabled !== undefined &&
typeof concurrentRequestQueueEnabled !== 'boolean'
) {
return res.status(400).json({ error: 'concurrentRequestQueueEnabled must be a boolean' })
}
if (concurrentRequestQueueMaxSize !== undefined) {
if (
typeof concurrentRequestQueueMaxSize !== 'number' ||
!Number.isInteger(concurrentRequestQueueMaxSize) ||
concurrentRequestQueueMaxSize < 1 ||
concurrentRequestQueueMaxSize > 100
) {
return res
.status(400)
.json({ error: 'concurrentRequestQueueMaxSize must be an integer between 1 and 100' })
}
}
if (concurrentRequestQueueMaxSizeMultiplier !== undefined) {
// 使用 Number.isFinite() 同时排除 NaN、Infinity、-Infinity 和非数字类型
if (
!Number.isFinite(concurrentRequestQueueMaxSizeMultiplier) ||
concurrentRequestQueueMaxSizeMultiplier < 0 ||
concurrentRequestQueueMaxSizeMultiplier > 10
) {
return res.status(400).json({
error: 'concurrentRequestQueueMaxSizeMultiplier must be a finite number between 0 and 10'
})
}
}
if (concurrentRequestQueueTimeoutMs !== undefined) {
if (
typeof concurrentRequestQueueTimeoutMs !== 'number' ||
!Number.isInteger(concurrentRequestQueueTimeoutMs) ||
concurrentRequestQueueTimeoutMs < 5000 ||
concurrentRequestQueueTimeoutMs > 300000
) {
return res.status(400).json({
error:
'concurrentRequestQueueTimeoutMs must be an integer between 5000 and 300000 (5 seconds to 5 minutes)'
})
}
}
const updateData = {}
if (claudeCodeOnlyEnabled !== undefined) {
updateData.claudeCodeOnlyEnabled = claudeCodeOnlyEnabled
}
if (globalSessionBindingEnabled !== undefined) {
updateData.globalSessionBindingEnabled = globalSessionBindingEnabled
}
if (sessionBindingErrorMessage !== undefined) {
updateData.sessionBindingErrorMessage = sessionBindingErrorMessage
}
if (sessionBindingTtlDays !== undefined) {
updateData.sessionBindingTtlDays = sessionBindingTtlDays
}
if (userMessageQueueEnabled !== undefined) {
updateData.userMessageQueueEnabled = userMessageQueueEnabled
}
if (userMessageQueueDelayMs !== undefined) {
updateData.userMessageQueueDelayMs = userMessageQueueDelayMs
}
if (userMessageQueueTimeoutMs !== undefined) {
updateData.userMessageQueueTimeoutMs = userMessageQueueTimeoutMs
}
if (concurrentRequestQueueEnabled !== undefined) {
updateData.concurrentRequestQueueEnabled = concurrentRequestQueueEnabled
}
if (concurrentRequestQueueMaxSize !== undefined) {
updateData.concurrentRequestQueueMaxSize = concurrentRequestQueueMaxSize
}
if (concurrentRequestQueueMaxSizeMultiplier !== undefined) {
updateData.concurrentRequestQueueMaxSizeMultiplier = concurrentRequestQueueMaxSizeMultiplier
}
if (concurrentRequestQueueTimeoutMs !== undefined) {
updateData.concurrentRequestQueueTimeoutMs = concurrentRequestQueueTimeoutMs
}
const updatedConfig = await claudeRelayConfigService.updateConfig(
updateData,
req.admin?.username || 'unknown'
)
return res.json({
success: true,
message: 'Configuration updated successfully',
config: updatedConfig
})
} catch (error) {
logger.error('❌ Failed to update Claude relay config:', error)
return res.status(500).json({
error: 'Failed to update configuration',
message: error.message
})
}
})
/**
* GET /admin/claude-relay-config/session-bindings
* 获取会话绑定统计
*/
router.get('/claude-relay-config/session-bindings', authenticateAdmin, async (req, res) => {
try {
const stats = await claudeRelayConfigService.getSessionBindingStats()
return res.json({
success: true,
data: stats
})
} catch (error) {
logger.error('❌ Failed to get session binding stats:', error)
return res.status(500).json({
error: 'Failed to get session binding statistics',
message: error.message
})
}
})
module.exports = router

313
src/routes/admin/concurrency.js
View File

@@ -1,313 +0,0 @@
/**
* 并发管理 API 路由
* 提供并发状态查看和手动清理功能
*/
const express = require('express')
const router = express.Router()
const redis = require('../../models/redis')
const logger = require('../../utils/logger')
const { authenticateAdmin } = require('../../middleware/auth')
const { calculateWaitTimeStats } = require('../../utils/statsHelper')
/**
* GET /admin/concurrency
* 获取所有并发状态
*/
router.get('/concurrency', authenticateAdmin, async (req, res) => {
try {
const status = await redis.getAllConcurrencyStatus()
// 为每个 API Key 获取排队计数
const statusWithQueue = await Promise.all(
status.map(async (s) => {
const queueCount = await redis.getConcurrencyQueueCount(s.apiKeyId)
return {
...s,
queueCount
}
})
)
// 计算汇总统计
const summary = {
totalKeys: statusWithQueue.length,
totalActiveRequests: statusWithQueue.reduce((sum, s) => sum + s.activeCount, 0),
totalExpiredRequests: statusWithQueue.reduce((sum, s) => sum + s.expiredCount, 0),
totalQueuedRequests: statusWithQueue.reduce((sum, s) => sum + s.queueCount, 0)
}
res.json({
success: true,
summary,
concurrencyStatus: statusWithQueue
})
} catch (error) {
logger.error('❌ Failed to get concurrency status:', error)
res.status(500).json({
success: false,
error: 'Failed to get concurrency status',
message: error.message
})
}
})
/**
* GET /admin/concurrency-queue/stats
* 获取排队统计信息
*/
router.get('/concurrency-queue/stats', authenticateAdmin, async (req, res) => {
try {
// 获取所有有统计数据的 API Key
const statsKeys = await redis.scanConcurrencyQueueStatsKeys()
const queueKeys = await redis.scanConcurrencyQueueKeys()
// 合并所有相关的 API Key
const allApiKeyIds = [...new Set([...statsKeys, ...queueKeys])]
// 获取各 API Key 的详细统计
const perKeyStats = await Promise.all(
allApiKeyIds.map(async (apiKeyId) => {
const [queueCount, stats, waitTimes] = await Promise.all([
redis.getConcurrencyQueueCount(apiKeyId),
redis.getConcurrencyQueueStats(apiKeyId),
redis.getQueueWaitTimes(apiKeyId)
])
return {
apiKeyId,
currentQueueCount: queueCount,
stats,
waitTimeStats: calculateWaitTimeStats(waitTimes)
}
})
)
// 获取全局等待时间统计
const globalWaitTimes = await redis.getGlobalQueueWaitTimes()
const globalWaitTimeStats = calculateWaitTimeStats(globalWaitTimes)
// 计算全局汇总
const globalStats = {
totalEntered: perKeyStats.reduce((sum, s) => sum + s.stats.entered, 0),
totalSuccess: perKeyStats.reduce((sum, s) => sum + s.stats.success, 0),
totalTimeout: perKeyStats.reduce((sum, s) => sum + s.stats.timeout, 0),
totalCancelled: perKeyStats.reduce((sum, s) => sum + s.stats.cancelled, 0),
totalSocketChanged: perKeyStats.reduce((sum, s) => sum + (s.stats.socket_changed || 0), 0),
totalRejectedOverload: perKeyStats.reduce(
(sum, s) => sum + (s.stats.rejected_overload || 0),
0
),
currentTotalQueued: perKeyStats.reduce((sum, s) => sum + s.currentQueueCount, 0),
// 队列资源利用率指标
peakQueueSize:
perKeyStats.length > 0 ? Math.max(...perKeyStats.map((s) => s.currentQueueCount)) : 0,
avgQueueSize:
perKeyStats.length > 0
? Math.round(
perKeyStats.reduce((sum, s) => sum + s.currentQueueCount, 0) / perKeyStats.length
)
: 0,
activeApiKeys: perKeyStats.filter((s) => s.currentQueueCount > 0).length
}
// 计算成功率
if (globalStats.totalEntered > 0) {
globalStats.successRate = Math.round(
(globalStats.totalSuccess / globalStats.totalEntered) * 100
)
globalStats.timeoutRate = Math.round(
(globalStats.totalTimeout / globalStats.totalEntered) * 100
)
globalStats.cancelledRate = Math.round(
(globalStats.totalCancelled / globalStats.totalEntered) * 100
)
}
// 从全局等待时间统计中提取关键指标
if (globalWaitTimeStats) {
globalStats.avgWaitTimeMs = globalWaitTimeStats.avg
globalStats.p50WaitTimeMs = globalWaitTimeStats.p50
globalStats.p90WaitTimeMs = globalWaitTimeStats.p90
globalStats.p99WaitTimeMs = globalWaitTimeStats.p99
// 多实例采样策略标记(详见 design.md Decision 9
// 全局 P90 仅用于可视化和监控,不用于系统决策
// 健康检查使用 API Key 级别的 P90每 Key 独立采样)
globalWaitTimeStats.globalP90ForVisualizationOnly = true
}
res.json({
success: true,
globalStats,
globalWaitTimeStats,
perKeyStats
})
} catch (error) {
logger.error('❌ Failed to get queue stats:', error)
res.status(500).json({
success: false,
error: 'Failed to get queue stats',
message: error.message
})
}
})
/**
* DELETE /admin/concurrency-queue/:apiKeyId
* 清理特定 API Key 的排队计数
*/
router.delete('/concurrency-queue/:apiKeyId', authenticateAdmin, async (req, res) => {
try {
const { apiKeyId } = req.params
await redis.clearConcurrencyQueue(apiKeyId)
logger.warn(`🧹 Admin ${req.admin?.username || 'unknown'} cleared queue for key ${apiKeyId}`)
res.json({
success: true,
message: `Successfully cleared queue for API key ${apiKeyId}`
})
} catch (error) {
logger.error(`❌ Failed to clear queue for ${req.params.apiKeyId}:`, error)
res.status(500).json({
success: false,
error: 'Failed to clear queue',
message: error.message
})
}
})
/**
* DELETE /admin/concurrency-queue
* 清理所有排队计数
*/
router.delete('/concurrency-queue', authenticateAdmin, async (req, res) => {
try {
const cleared = await redis.clearAllConcurrencyQueues()
logger.warn(`🧹 Admin ${req.admin?.username || 'unknown'} cleared ALL queues`)
res.json({
success: true,
message: 'Successfully cleared all queues',
cleared
})
} catch (error) {
logger.error('❌ Failed to clear all queues:', error)
res.status(500).json({
success: false,
error: 'Failed to clear all queues',
message: error.message
})
}
})
/**
* GET /admin/concurrency/:apiKeyId
* 获取特定 API Key 的并发状态详情
*/
router.get('/concurrency/:apiKeyId', authenticateAdmin, async (req, res) => {
try {
const { apiKeyId } = req.params
const status = await redis.getConcurrencyStatus(apiKeyId)
const queueCount = await redis.getConcurrencyQueueCount(apiKeyId)
res.json({
success: true,
concurrencyStatus: {
...status,
queueCount
}
})
} catch (error) {
logger.error(`❌ Failed to get concurrency status for ${req.params.apiKeyId}:`, error)
res.status(500).json({
success: false,
error: 'Failed to get concurrency status',
message: error.message
})
}
})
/**
* DELETE /admin/concurrency/:apiKeyId
* 强制清理特定 API Key 的并发计数
*/
router.delete('/concurrency/:apiKeyId', authenticateAdmin, async (req, res) => {
try {
const { apiKeyId } = req.params
const result = await redis.forceClearConcurrency(apiKeyId)
logger.warn(
`🧹 Admin ${req.admin?.username || 'unknown'} force cleared concurrency for key ${apiKeyId}`
)
res.json({
success: true,
message: `Successfully cleared concurrency for API key ${apiKeyId}`,
result
})
} catch (error) {
logger.error(`❌ Failed to clear concurrency for ${req.params.apiKeyId}:`, error)
res.status(500).json({
success: false,
error: 'Failed to clear concurrency',
message: error.message
})
}
})
/**
* DELETE /admin/concurrency
* 强制清理所有并发计数
*/
router.delete('/concurrency', authenticateAdmin, async (req, res) => {
try {
const result = await redis.forceClearAllConcurrency()
logger.warn(`🧹 Admin ${req.admin?.username || 'unknown'} force cleared ALL concurrency`)
res.json({
success: true,
message: 'Successfully cleared all concurrency',
result
})
} catch (error) {
logger.error('❌ Failed to clear all concurrency:', error)
res.status(500).json({
success: false,
error: 'Failed to clear all concurrency',
message: error.message
})
}
})
/**
* POST /admin/concurrency/cleanup
* 清理过期的并发条目(不影响活跃请求)
*/
router.post('/concurrency/cleanup', authenticateAdmin, async (req, res) => {
try {
const { apiKeyId } = req.body
const result = await redis.cleanupExpiredConcurrency(apiKeyId || null)
logger.info(`🧹 Admin ${req.admin?.username || 'unknown'} cleaned up expired concurrency`)
res.json({
success: true,
message: apiKeyId
? `Successfully cleaned up expired concurrency for API key ${apiKeyId}`
: 'Successfully cleaned up all expired concurrency',
result
})
} catch (error) {
logger.error('❌ Failed to cleanup expired concurrency:', error)
res.status(500).json({
success: false,
error: 'Failed to cleanup expired concurrency',
message: error.message
})
}
})
module.exports = router

707
src/routes/admin/dashboard.js
View File

@@ -1,707 +0,0 @@
const express = require('express')
const apiKeyService = require('../../services/apiKeyService')
const claudeAccountService = require('../../services/claudeAccountService')
const claudeConsoleAccountService = require('../../services/claudeConsoleAccountService')
const bedrockAccountService = require('../../services/bedrockAccountService')
const ccrAccountService = require('../../services/ccrAccountService')
const geminiAccountService = require('../../services/geminiAccountService')
const droidAccountService = require('../../services/droidAccountService')
const openaiAccountService = require('../../services/openaiAccountService')
const openaiResponsesAccountService = require('../../services/openaiResponsesAccountService')
const redis = require('../../models/redis')
const { authenticateAdmin } = require('../../middleware/auth')
const logger = require('../../utils/logger')
const CostCalculator = require('../../utils/costCalculator')
const pricingService = require('../../services/pricingService')
const config = require('../../../config/config')
const router = express.Router()
// 📊 系统统计
// 获取系统概览
router.get('/dashboard', authenticateAdmin, async (req, res) => {
try {
const [
,
apiKeys,
claudeAccounts,
claudeConsoleAccounts,
geminiAccounts,
bedrockAccountsResult,
openaiAccounts,
ccrAccounts,
openaiResponsesAccounts,
droidAccounts,
todayStats,
systemAverages,
realtimeMetrics
] = await Promise.all([
redis.getSystemStats(),
apiKeyService.getAllApiKeys(),
claudeAccountService.getAllAccounts(),
claudeConsoleAccountService.getAllAccounts(),
geminiAccountService.getAllAccounts(),
bedrockAccountService.getAllAccounts(),
redis.getAllOpenAIAccounts(),
ccrAccountService.getAllAccounts(),
openaiResponsesAccountService.getAllAccounts(true),
droidAccountService.getAllAccounts(),
redis.getTodayStats(),
redis.getSystemAverages(),
redis.getRealtimeSystemMetrics()
])
// 处理Bedrock账户数据
const bedrockAccounts = bedrockAccountsResult.success ? bedrockAccountsResult.data : []
const normalizeBoolean = (value) => value === true || value === 'true'
const isRateLimitedFlag = (status) => {
if (!status) {
return false
}
if (typeof status === 'string') {
return status === 'limited'
}
if (typeof status === 'object') {
return status.isRateLimited === true
}
return false
}
const normalDroidAccounts = droidAccounts.filter(
(acc) =>
normalizeBoolean(acc.isActive) &&
acc.status !== 'blocked' &&
acc.status !== 'unauthorized' &&
normalizeBoolean(acc.schedulable) &&
!isRateLimitedFlag(acc.rateLimitStatus)
).length
const abnormalDroidAccounts = droidAccounts.filter(
(acc) =>
!normalizeBoolean(acc.isActive) || acc.status === 'blocked' || acc.status === 'unauthorized'
).length
const pausedDroidAccounts = droidAccounts.filter(
(acc) =>
!normalizeBoolean(acc.schedulable) &&
normalizeBoolean(acc.isActive) &&
acc.status !== 'blocked' &&
acc.status !== 'unauthorized'
).length
const rateLimitedDroidAccounts = droidAccounts.filter((acc) =>
isRateLimitedFlag(acc.rateLimitStatus)
).length
// 计算使用统计统一使用allTokens
const totalTokensUsed = apiKeys.reduce(
(sum, key) => sum + (key.usage?.total?.allTokens || 0),
0
)
const totalRequestsUsed = apiKeys.reduce(
(sum, key) => sum + (key.usage?.total?.requests || 0),
0
)
const totalInputTokensUsed = apiKeys.reduce(
(sum, key) => sum + (key.usage?.total?.inputTokens || 0),
0
)
const totalOutputTokensUsed = apiKeys.reduce(
(sum, key) => sum + (key.usage?.total?.outputTokens || 0),
0
)
const totalCacheCreateTokensUsed = apiKeys.reduce(
(sum, key) => sum + (key.usage?.total?.cacheCreateTokens || 0),
0
)
const totalCacheReadTokensUsed = apiKeys.reduce(
(sum, key) => sum + (key.usage?.total?.cacheReadTokens || 0),
0
)
const totalAllTokensUsed = apiKeys.reduce(
(sum, key) => sum + (key.usage?.total?.allTokens || 0),
0
)
const activeApiKeys = apiKeys.filter((key) => key.isActive).length
// Claude账户统计 - 根据账户管理页面的判断逻辑
const normalClaudeAccounts = claudeAccounts.filter(
(acc) =>
acc.isActive &&
acc.status !== 'blocked' &&
acc.status !== 'unauthorized' &&
acc.schedulable !== false &&
!(acc.rateLimitStatus && acc.rateLimitStatus.isRateLimited)
).length
const abnormalClaudeAccounts = claudeAccounts.filter(
(acc) => !acc.isActive || acc.status === 'blocked' || acc.status === 'unauthorized'
).length
const pausedClaudeAccounts = claudeAccounts.filter(
(acc) =>
acc.schedulable === false &&
acc.isActive &&
acc.status !== 'blocked' &&
acc.status !== 'unauthorized'
).length
const rateLimitedClaudeAccounts = claudeAccounts.filter(
(acc) => acc.rateLimitStatus && acc.rateLimitStatus.isRateLimited
).length
// Claude Console账户统计
const normalClaudeConsoleAccounts = claudeConsoleAccounts.filter(
(acc) =>
acc.isActive &&
acc.status !== 'blocked' &&
acc.status !== 'unauthorized' &&
acc.schedulable !== false &&
!(acc.rateLimitStatus && acc.rateLimitStatus.isRateLimited)
).length
const abnormalClaudeConsoleAccounts = claudeConsoleAccounts.filter(
(acc) => !acc.isActive || acc.status === 'blocked' || acc.status === 'unauthorized'
).length
const pausedClaudeConsoleAccounts = claudeConsoleAccounts.filter(
(acc) =>
acc.schedulable === false &&
acc.isActive &&
acc.status !== 'blocked' &&
acc.status !== 'unauthorized'
).length
const rateLimitedClaudeConsoleAccounts = claudeConsoleAccounts.filter(
(acc) => acc.rateLimitStatus && acc.rateLimitStatus.isRateLimited
).length
// Gemini账户统计
const normalGeminiAccounts = geminiAccounts.filter(
(acc) =>
acc.isActive &&
acc.status !== 'blocked' &&
acc.status !== 'unauthorized' &&
acc.schedulable !== false &&
!(
acc.rateLimitStatus === 'limited' ||
(acc.rateLimitStatus && acc.rateLimitStatus.isRateLimited)
)
).length
const abnormalGeminiAccounts = geminiAccounts.filter(
(acc) => !acc.isActive || acc.status === 'blocked' || acc.status === 'unauthorized'
).length
const pausedGeminiAccounts = geminiAccounts.filter(
(acc) =>
acc.schedulable === false &&
acc.isActive &&
acc.status !== 'blocked' &&
acc.status !== 'unauthorized'
).length
const rateLimitedGeminiAccounts = geminiAccounts.filter(
(acc) =>
acc.rateLimitStatus === 'limited' ||
(acc.rateLimitStatus && acc.rateLimitStatus.isRateLimited)
).length
// Bedrock账户统计
const normalBedrockAccounts = bedrockAccounts.filter(
(acc) =>
acc.isActive &&
acc.status !== 'blocked' &&
acc.status !== 'unauthorized' &&
acc.schedulable !== false &&
!(acc.rateLimitStatus && acc.rateLimitStatus.isRateLimited)
).length
const abnormalBedrockAccounts = bedrockAccounts.filter(
(acc) => !acc.isActive || acc.status === 'blocked' || acc.status === 'unauthorized'
).length
const pausedBedrockAccounts = bedrockAccounts.filter(
(acc) =>
acc.schedulable === false &&
acc.isActive &&
acc.status !== 'blocked' &&
acc.status !== 'unauthorized'
).length
const rateLimitedBedrockAccounts = bedrockAccounts.filter(
(acc) => acc.rateLimitStatus && acc.rateLimitStatus.isRateLimited
).length
// OpenAI账户统计
// 注意OpenAI账户的isActive和schedulable是字符串类型默认值为'true'
const normalOpenAIAccounts = openaiAccounts.filter(
(acc) =>
(acc.isActive === 'true' ||
acc.isActive === true ||
(!acc.isActive && acc.isActive !== 'false' && acc.isActive !== false)) &&
acc.status !== 'blocked' &&
acc.status !== 'unauthorized' &&
acc.schedulable !== 'false' &&
acc.schedulable !== false && // 包括'true'、true和undefined
!(acc.rateLimitStatus && acc.rateLimitStatus.isRateLimited)
).length
const abnormalOpenAIAccounts = openaiAccounts.filter(
(acc) =>
acc.isActive === 'false' ||
acc.isActive === false ||
acc.status === 'blocked' ||
acc.status === 'unauthorized'
).length
const pausedOpenAIAccounts = openaiAccounts.filter(
(acc) =>
(acc.schedulable === 'false' || acc.schedulable === false) &&
(acc.isActive === 'true' ||
acc.isActive === true ||
(!acc.isActive && acc.isActive !== 'false' && acc.isActive !== false)) &&
acc.status !== 'blocked' &&
acc.status !== 'unauthorized'
).length
const rateLimitedOpenAIAccounts = openaiAccounts.filter(
(acc) => acc.rateLimitStatus && acc.rateLimitStatus.isRateLimited
).length
// CCR账户统计
const normalCcrAccounts = ccrAccounts.filter(
(acc) =>
acc.isActive &&
acc.status !== 'blocked' &&
acc.status !== 'unauthorized' &&
acc.schedulable !== false &&
!(acc.rateLimitStatus && acc.rateLimitStatus.isRateLimited)
).length
const abnormalCcrAccounts = ccrAccounts.filter(
(acc) => !acc.isActive || acc.status === 'blocked' || acc.status === 'unauthorized'
).length
const pausedCcrAccounts = ccrAccounts.filter(
(acc) =>
acc.schedulable === false &&
acc.isActive &&
acc.status !== 'blocked' &&
acc.status !== 'unauthorized'
).length
const rateLimitedCcrAccounts = ccrAccounts.filter(
(acc) => acc.rateLimitStatus && acc.rateLimitStatus.isRateLimited
).length
// OpenAI-Responses账户统计
// 注意OpenAI-Responses账户的isActive和schedulable也是字符串类型
const normalOpenAIResponsesAccounts = openaiResponsesAccounts.filter(
(acc) =>
(acc.isActive === 'true' ||
acc.isActive === true ||
(!acc.isActive && acc.isActive !== 'false' && acc.isActive !== false)) &&
acc.status !== 'blocked' &&
acc.status !== 'unauthorized' &&
acc.schedulable !== 'false' &&
acc.schedulable !== false &&
!(acc.rateLimitStatus && acc.rateLimitStatus.isRateLimited)
).length
const abnormalOpenAIResponsesAccounts = openaiResponsesAccounts.filter(
(acc) =>
acc.isActive === 'false' ||
acc.isActive === false ||
acc.status === 'blocked' ||
acc.status === 'unauthorized'
).length
const pausedOpenAIResponsesAccounts = openaiResponsesAccounts.filter(
(acc) =>
(acc.schedulable === 'false' || acc.schedulable === false) &&
(acc.isActive === 'true' ||
acc.isActive === true ||
(!acc.isActive && acc.isActive !== 'false' && acc.isActive !== false)) &&
acc.status !== 'blocked' &&
acc.status !== 'unauthorized'
).length
const rateLimitedOpenAIResponsesAccounts = openaiResponsesAccounts.filter(
(acc) => acc.rateLimitStatus && acc.rateLimitStatus.isRateLimited
).length
const dashboard = {
overview: {
totalApiKeys: apiKeys.length,
activeApiKeys,
// 总账户统计(所有平台)
totalAccounts:
claudeAccounts.length +
claudeConsoleAccounts.length +
geminiAccounts.length +
bedrockAccounts.length +
openaiAccounts.length +
openaiResponsesAccounts.length +
ccrAccounts.length,
normalAccounts:
normalClaudeAccounts +
normalClaudeConsoleAccounts +
normalGeminiAccounts +
normalBedrockAccounts +
normalOpenAIAccounts +
normalOpenAIResponsesAccounts +
normalCcrAccounts,
abnormalAccounts:
abnormalClaudeAccounts +
abnormalClaudeConsoleAccounts +
abnormalGeminiAccounts +
abnormalBedrockAccounts +
abnormalOpenAIAccounts +
abnormalOpenAIResponsesAccounts +
abnormalCcrAccounts +
abnormalDroidAccounts,
pausedAccounts:
pausedClaudeAccounts +
pausedClaudeConsoleAccounts +
pausedGeminiAccounts +
pausedBedrockAccounts +
pausedOpenAIAccounts +
pausedOpenAIResponsesAccounts +
pausedCcrAccounts +
pausedDroidAccounts,
rateLimitedAccounts:
rateLimitedClaudeAccounts +
rateLimitedClaudeConsoleAccounts +
rateLimitedGeminiAccounts +
rateLimitedBedrockAccounts +
rateLimitedOpenAIAccounts +
rateLimitedOpenAIResponsesAccounts +
rateLimitedCcrAccounts +
rateLimitedDroidAccounts,
// 各平台详细统计
accountsByPlatform: {
claude: {
total: claudeAccounts.length,
normal: normalClaudeAccounts,
abnormal: abnormalClaudeAccounts,
paused: pausedClaudeAccounts,
rateLimited: rateLimitedClaudeAccounts
},
'claude-console': {
total: claudeConsoleAccounts.length,
normal: normalClaudeConsoleAccounts,
abnormal: abnormalClaudeConsoleAccounts,
paused: pausedClaudeConsoleAccounts,
rateLimited: rateLimitedClaudeConsoleAccounts
},
gemini: {
total: geminiAccounts.length,
normal: normalGeminiAccounts,
abnormal: abnormalGeminiAccounts,
paused: pausedGeminiAccounts,
rateLimited: rateLimitedGeminiAccounts
},
bedrock: {
total: bedrockAccounts.length,
normal: normalBedrockAccounts,
abnormal: abnormalBedrockAccounts,
paused: pausedBedrockAccounts,
rateLimited: rateLimitedBedrockAccounts
},
openai: {
total: openaiAccounts.length,
normal: normalOpenAIAccounts,
abnormal: abnormalOpenAIAccounts,
paused: pausedOpenAIAccounts,
rateLimited: rateLimitedOpenAIAccounts
},
ccr: {
total: ccrAccounts.length,
normal: normalCcrAccounts,
abnormal: abnormalCcrAccounts,
paused: pausedCcrAccounts,
rateLimited: rateLimitedCcrAccounts
},
'openai-responses': {
total: openaiResponsesAccounts.length,
normal: normalOpenAIResponsesAccounts,
abnormal: abnormalOpenAIResponsesAccounts,
paused: pausedOpenAIResponsesAccounts,
rateLimited: rateLimitedOpenAIResponsesAccounts
},
droid: {
total: droidAccounts.length,
normal: normalDroidAccounts,
abnormal: abnormalDroidAccounts,
paused: pausedDroidAccounts,
rateLimited: rateLimitedDroidAccounts
}
},
// 保留旧字段以兼容
activeAccounts:
normalClaudeAccounts +
normalClaudeConsoleAccounts +
normalGeminiAccounts +
normalBedrockAccounts +
normalOpenAIAccounts +
normalOpenAIResponsesAccounts +
normalCcrAccounts +
normalDroidAccounts,
totalClaudeAccounts: claudeAccounts.length + claudeConsoleAccounts.length,
activeClaudeAccounts: normalClaudeAccounts + normalClaudeConsoleAccounts,
rateLimitedClaudeAccounts: rateLimitedClaudeAccounts + rateLimitedClaudeConsoleAccounts,
totalGeminiAccounts: geminiAccounts.length,
activeGeminiAccounts: normalGeminiAccounts,
rateLimitedGeminiAccounts,
totalTokensUsed,
totalRequestsUsed,
totalInputTokensUsed,
totalOutputTokensUsed,
totalCacheCreateTokensUsed,
totalCacheReadTokensUsed,
totalAllTokensUsed
},
recentActivity: {
apiKeysCreatedToday: todayStats.apiKeysCreatedToday,
requestsToday: todayStats.requestsToday,
tokensToday: todayStats.tokensToday,
inputTokensToday: todayStats.inputTokensToday,
outputTokensToday: todayStats.outputTokensToday,
cacheCreateTokensToday: todayStats.cacheCreateTokensToday || 0,
cacheReadTokensToday: todayStats.cacheReadTokensToday || 0
},
systemAverages: {
rpm: systemAverages.systemRPM,
tpm: systemAverages.systemTPM
},
realtimeMetrics: {
rpm: realtimeMetrics.realtimeRPM,
tpm: realtimeMetrics.realtimeTPM,
windowMinutes: realtimeMetrics.windowMinutes,
isHistorical: realtimeMetrics.windowMinutes === 0 // 标识是否使用了历史数据
},
systemHealth: {
redisConnected: redis.isConnected,
claudeAccountsHealthy: normalClaudeAccounts + normalClaudeConsoleAccounts > 0,
geminiAccountsHealthy: normalGeminiAccounts > 0,
droidAccountsHealthy: normalDroidAccounts > 0,
uptime: process.uptime()
},
systemTimezone: config.system.timezoneOffset || 8
}
return res.json({ success: true, data: dashboard })
} catch (error) {
logger.error('❌ Failed to get dashboard data:', error)
return res.status(500).json({ error: 'Failed to get dashboard data', message: error.message })
}
})
// 获取使用统计
router.get('/usage-stats', authenticateAdmin, async (req, res) => {
try {
const { period = 'daily' } = req.query // daily, monthly
// 获取基础API Key统计
const apiKeys = await apiKeyService.getAllApiKeys()
const stats = apiKeys.map((key) => ({
keyId: key.id,
keyName: key.name,
usage: key.usage
}))
return res.json({ success: true, data: { period, stats } })
} catch (error) {
logger.error('❌ Failed to get usage stats:', error)
return res.status(500).json({ error: 'Failed to get usage stats', message: error.message })
}
})
// 获取按模型的使用统计和费用
router.get('/model-stats', authenticateAdmin, async (req, res) => {
try {
const { period = 'daily', startDate, endDate } = req.query // daily, monthly, 支持自定义时间范围
const today = redis.getDateStringInTimezone()
const tzDate = redis.getDateInTimezone()
const currentMonth = `${tzDate.getUTCFullYear()}-${String(tzDate.getUTCMonth() + 1).padStart(
2,
'0'
)}`
logger.info(
`📊 Getting global model stats, period: ${period}, startDate: ${startDate}, endDate: ${endDate}, today: ${today}, currentMonth: ${currentMonth}`
)
const client = redis.getClientSafe()
// 获取所有模型的统计数据
let searchPatterns = []
if (startDate && endDate) {
// 自定义日期范围,生成多个日期的搜索模式
const start = new Date(startDate)
const end = new Date(endDate)
// 确保日期范围有效
if (start > end) {
return res.status(400).json({ error: 'Start date must be before or equal to end date' })
}
// 限制最大范围为365天
const daysDiff = Math.ceil((end - start) / (1000 * 60 * 60 * 24)) + 1
if (daysDiff > 365) {
return res.status(400).json({ error: 'Date range cannot exceed 365 days' })
}
// 生成日期范围内所有日期的搜索模式
const currentDate = new Date(start)
while (currentDate <= end) {
const dateStr = redis.getDateStringInTimezone(currentDate)
searchPatterns.push(`usage:model:daily:*:${dateStr}`)
currentDate.setDate(currentDate.getDate() + 1)
}
logger.info(`📊 Generated ${searchPatterns.length} search patterns for date range`)
} else {
// 使用默认的period
const pattern =
period === 'daily'
? `usage:model:daily:*:${today}`
: `usage:model:monthly:*:${currentMonth}`
searchPatterns = [pattern]
}
logger.info('📊 Searching patterns:', searchPatterns)
// 获取所有匹配的keys
const allKeys = []
for (const pattern of searchPatterns) {
const keys = await client.keys(pattern)
allKeys.push(...keys)
}
logger.info(`📊 Found ${allKeys.length} matching keys in total`)
// 模型名标准化函数与redis.js保持一致
const normalizeModelName = (model) => {
if (!model || model === 'unknown') {
return model
}
// 对于Bedrock模型去掉区域前缀进行统一
if (model.includes('.anthropic.') || model.includes('.claude')) {
// 匹配所有AWS区域格式region.anthropic.model-name-v1:0 -> claude-model-name
// 支持所有AWS区域格式us-east-1, eu-west-1, ap-southeast-1, ca-central-1等
let normalized = model.replace(/^[a-z0-9-]+\./, '') // 去掉任何区域前缀(更通用)
normalized = normalized.replace('anthropic.', '') // 去掉anthropic前缀
normalized = normalized.replace(/-v\d+:\d+$/, '') // 去掉版本后缀(如-v1:0, -v2:1等
return normalized
}
// 对于其他模型,去掉常见的版本后缀
return model.replace(/-v\d+:\d+$|:latest$/, '')
}
// 聚合相同模型的数据
const modelStatsMap = new Map()
for (const key of allKeys) {
const match = key.match(/usage:model:daily:(.+):\d{4}-\d{2}-\d{2}$/)
if (!match) {
logger.warn(`📊 Pattern mismatch for key: ${key}`)
continue
}
const rawModel = match[1]
const normalizedModel = normalizeModelName(rawModel)
const data = await client.hgetall(key)
if (data && Object.keys(data).length > 0) {
const stats = modelStatsMap.get(normalizedModel) || {
requests: 0,
inputTokens: 0,
outputTokens: 0,
cacheCreateTokens: 0,
cacheReadTokens: 0,
allTokens: 0
}
stats.requests += parseInt(data.requests) || 0
stats.inputTokens += parseInt(data.inputTokens) || 0
stats.outputTokens += parseInt(data.outputTokens) || 0
stats.cacheCreateTokens += parseInt(data.cacheCreateTokens) || 0
stats.cacheReadTokens += parseInt(data.cacheReadTokens) || 0
stats.allTokens += parseInt(data.allTokens) || 0
modelStatsMap.set(normalizedModel, stats)
}
}
// 转换为数组并计算费用
const modelStats = []
for (const [model, stats] of modelStatsMap) {
const usage = {
input_tokens: stats.inputTokens,
output_tokens: stats.outputTokens,
cache_creation_input_tokens: stats.cacheCreateTokens,
cache_read_input_tokens: stats.cacheReadTokens
}
// 计算费用
const costData = CostCalculator.calculateCost(usage, model)
modelStats.push({
model,
period: startDate && endDate ? 'custom' : period,
requests: stats.requests,
inputTokens: usage.input_tokens,
outputTokens: usage.output_tokens,
cacheCreateTokens: usage.cache_creation_input_tokens,
cacheReadTokens: usage.cache_read_input_tokens,
allTokens: stats.allTokens,
usage: {
requests: stats.requests,
inputTokens: usage.input_tokens,
outputTokens: usage.output_tokens,
cacheCreateTokens: usage.cache_creation_input_tokens,
cacheReadTokens: usage.cache_read_input_tokens,
totalTokens:
usage.input_tokens +
usage.output_tokens +
usage.cache_creation_input_tokens +
usage.cache_read_input_tokens
},
costs: costData.costs,
formatted: costData.formatted,
pricing: costData.pricing
})
}
// 按总费用排序
modelStats.sort((a, b) => b.costs.total - a.costs.total)
logger.info(
`📊 Returning ${modelStats.length} global model stats for period ${period}:`,
modelStats
)
return res.json({ success: true, data: modelStats })
} catch (error) {
logger.error('❌ Failed to get model stats:', error)
return res.status(500).json({ error: 'Failed to get model stats', message: error.message })
}
})
// 🔧 系统管理
// 清理过期数据
router.post('/cleanup', authenticateAdmin, async (req, res) => {
try {
const [expiredKeys, errorAccounts] = await Promise.all([
apiKeyService.cleanupExpiredKeys(),
claudeAccountService.cleanupErrorAccounts()
])
await redis.cleanup()
logger.success(
`🧹 Admin triggered cleanup: ${expiredKeys} expired keys, ${errorAccounts} error accounts`
)
return res.json({
success: true,
message: 'Cleanup completed',
data: {
expiredKeysRemoved: expiredKeys,
errorAccountsReset: errorAccounts
}
})
} catch (error) {
logger.error('❌ Cleanup failed:', error)
return res.status(500).json({ error: 'Cleanup failed', message: error.message })
}
})
module.exports = router

527
src/routes/admin/droidAccounts.js
View File

@@ -1,527 +0,0 @@
const express = require('express')
const crypto = require('crypto')
const droidAccountService = require('../../services/droidAccountService')
const accountGroupService = require('../../services/accountGroupService')
const redis = require('../../models/redis')
const { authenticateAdmin } = require('../../middleware/auth')
const logger = require('../../utils/logger')
const {
startDeviceAuthorization,
pollDeviceAuthorization,
WorkOSDeviceAuthError
} = require('../../utils/workosOAuthHelper')
const webhookNotifier = require('../../utils/webhookNotifier')
const { formatAccountExpiry, mapExpiryField } = require('./utils')
const router = express.Router()
// ==================== Droid 账户管理 API ====================
// 生成 Droid 设备码授权信息
router.post('/droid-accounts/generate-auth-url', authenticateAdmin, async (req, res) => {
try {
const { proxy } = req.body || {}
const deviceAuth = await startDeviceAuthorization(proxy || null)
const sessionId = crypto.randomUUID()
const expiresAt = new Date(Date.now() + deviceAuth.expiresIn * 1000).toISOString()
await redis.setOAuthSession(sessionId, {
deviceCode: deviceAuth.deviceCode,
userCode: deviceAuth.userCode,
verificationUri: deviceAuth.verificationUri,
verificationUriComplete: deviceAuth.verificationUriComplete,
interval: deviceAuth.interval,
proxy: proxy || null,
createdAt: new Date().toISOString(),
expiresAt
})
logger.success('🤖 生成 Droid 设备码授权信息成功', { sessionId })
return res.json({
success: true,
data: {
sessionId,
userCode: deviceAuth.userCode,
verificationUri: deviceAuth.verificationUri,
verificationUriComplete: deviceAuth.verificationUriComplete,
expiresIn: deviceAuth.expiresIn,
interval: deviceAuth.interval,
instructions: [
'1. 使用下方验证码进入授权页面并确认访问权限。',
'2. 在授权页面登录 Factory / Droid 账户并点击允许。',
'3. 回到此处点击"完成授权"完成凭证获取。'
]
}
})
} catch (error) {
const message =
error instanceof WorkOSDeviceAuthError ? error.message : error.message || '未知错误'
logger.error('❌ 生成 Droid 设备码授权失败:', message)
return res.status(500).json({ error: 'Failed to start Droid device authorization', message })
}
})
// 交换 Droid 授权码
router.post('/droid-accounts/exchange-code', authenticateAdmin, async (req, res) => {
const { sessionId, proxy } = req.body || {}
try {
if (!sessionId) {
return res.status(400).json({ error: 'Session ID is required' })
}
const oauthSession = await redis.getOAuthSession(sessionId)
if (!oauthSession) {
return res.status(400).json({ error: 'Invalid or expired OAuth session' })
}
if (oauthSession.expiresAt && new Date() > new Date(oauthSession.expiresAt)) {
await redis.deleteOAuthSession(sessionId)
return res
.status(400)
.json({ error: 'OAuth session has expired, please generate a new authorization URL' })
}
if (!oauthSession.deviceCode) {
await redis.deleteOAuthSession(sessionId)
return res.status(400).json({ error: 'OAuth session missing device code, please retry' })
}
const proxyConfig = proxy || oauthSession.proxy || null
const tokens = await pollDeviceAuthorization(oauthSession.deviceCode, proxyConfig)
await redis.deleteOAuthSession(sessionId)
logger.success('🤖 成功获取 Droid 访问令牌', { sessionId })
return res.json({ success: true, data: { tokens } })
} catch (error) {
if (error instanceof WorkOSDeviceAuthError) {
if (error.code === 'authorization_pending' || error.code === 'slow_down') {
const oauthSession = await redis.getOAuthSession(sessionId)
const expiresAt = oauthSession?.expiresAt ? new Date(oauthSession.expiresAt) : null
const remainingSeconds =
expiresAt instanceof Date && !Number.isNaN(expiresAt.getTime())
? Math.max(0, Math.floor((expiresAt.getTime() - Date.now()) / 1000))
: null
return res.json({
success: false,
pending: true,
error: error.code,
message: error.message,
retryAfter: error.retryAfter || Number(oauthSession?.interval) || 5,
expiresIn: remainingSeconds
})
}
if (error.code === 'expired_token') {
await redis.deleteOAuthSession(sessionId)
return res.status(400).json({
error: 'Device code expired',
message: '授权已过期,请重新生成设备码并再次授权'
})
}
logger.error('❌ Droid 授权失败:', error.message)
return res.status(500).json({
error: 'Failed to exchange Droid authorization code',
message: error.message,
errorCode: error.code
})
}
logger.error('❌ 交换 Droid 授权码失败:', error)
return res.status(500).json({
error: 'Failed to exchange Droid authorization code',
message: error.message
})
}
})
// 获取所有 Droid 账户
router.get('/droid-accounts', authenticateAdmin, async (req, res) => {
try {
const accounts = await droidAccountService.getAllAccounts()
const allApiKeys = await redis.getAllApiKeys()
// 添加使用统计
const accountsWithStats = await Promise.all(
accounts.map(async (account) => {
try {
const usageStats = await redis.getAccountUsageStats(account.id, 'droid')
let groupInfos = []
try {
groupInfos = await accountGroupService.getAccountGroups(account.id)
} catch (groupError) {
logger.debug(`Failed to get group infos for Droid account ${account.id}:`, groupError)
groupInfos = []
}
const groupIds = groupInfos.map((group) => group.id)
const boundApiKeysCount = allApiKeys.reduce((count, key) => {
const binding = key.droidAccountId
if (!binding) {
return count
}
if (binding === account.id) {
return count + 1
}
if (binding.startsWith('group:')) {
const groupId = binding.substring('group:'.length)
if (groupIds.includes(groupId)) {
return count + 1
}
}
return count
}, 0)
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
schedulable: account.schedulable === 'true',
boundApiKeysCount,
groupInfos,
usage: {
daily: usageStats.daily,
total: usageStats.total,
averages: usageStats.averages
}
}
} catch (error) {
logger.warn(`Failed to get stats for Droid account ${account.id}:`, error.message)
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
boundApiKeysCount: 0,
groupInfos: [],
usage: {
daily: { tokens: 0, requests: 0 },
total: { tokens: 0, requests: 0 },
averages: { rpm: 0, tpm: 0 }
}
}
}
})
)
return res.json({ success: true, data: accountsWithStats })
} catch (error) {
logger.error('Failed to get Droid accounts:', error)
return res.status(500).json({ error: 'Failed to get Droid accounts', message: error.message })
}
})
// 创建 Droid 账户
router.post('/droid-accounts', authenticateAdmin, async (req, res) => {
try {
const { accountType: rawAccountType = 'shared', groupId, groupIds } = req.body
const normalizedAccountType = rawAccountType || 'shared'
if (!['shared', 'dedicated', 'group'].includes(normalizedAccountType)) {
return res.status(400).json({ error: '账户类型必须是 shared、dedicated 或 group' })
}
const normalizedGroupIds = Array.isArray(groupIds)
? groupIds.filter((id) => typeof id === 'string' && id.trim())
: []
if (
normalizedAccountType === 'group' &&
normalizedGroupIds.length === 0 &&
(!groupId || typeof groupId !== 'string' || !groupId.trim())
) {
return res.status(400).json({ error: '分组调度账户必须至少选择一个分组' })
}
const accountPayload = {
...req.body,
accountType: normalizedAccountType
}
delete accountPayload.groupId
delete accountPayload.groupIds
const account = await droidAccountService.createAccount(accountPayload)
if (normalizedAccountType === 'group') {
try {
if (normalizedGroupIds.length > 0) {
await accountGroupService.setAccountGroups(account.id, normalizedGroupIds, 'droid')
} else if (typeof groupId === 'string' && groupId.trim()) {
await accountGroupService.addAccountToGroup(account.id, groupId, 'droid')
}
} catch (groupError) {
logger.error(`Failed to attach Droid account ${account.id} to groups:`, groupError)
return res.status(500).json({
error: 'Failed to bind Droid account to groups',
message: groupError.message
})
}
}
logger.success(`Created Droid account: ${account.name} (${account.id})`)
const formattedAccount = formatAccountExpiry(account)
return res.json({ success: true, data: formattedAccount })
} catch (error) {
logger.error('Failed to create Droid account:', error)
return res.status(500).json({ error: 'Failed to create Droid account', message: error.message })
}
})
// 更新 Droid 账户
router.put('/droid-accounts/:id', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const updates = { ...req.body }
// ✅ 【新增】映射字段名:前端的 expiresAt -> 后端的 subscriptionExpiresAt
const mappedUpdates = mapExpiryField(updates, 'Droid', id)
const { accountType: rawAccountType, groupId, groupIds } = mappedUpdates
if (rawAccountType && !['shared', 'dedicated', 'group'].includes(rawAccountType)) {
return res.status(400).json({ error: '账户类型必须是 shared、dedicated 或 group' })
}
if (
rawAccountType === 'group' &&
(!groupId || typeof groupId !== 'string' || !groupId.trim()) &&
(!Array.isArray(groupIds) || groupIds.length === 0)
) {
return res.status(400).json({ error: '分组调度账户必须至少选择一个分组' })
}
const currentAccount = await droidAccountService.getAccount(id)
if (!currentAccount) {
return res.status(404).json({ error: 'Droid account not found' })
}
const normalizedGroupIds = Array.isArray(groupIds)
? groupIds.filter((gid) => typeof gid === 'string' && gid.trim())
: []
const hasGroupIdsField = Object.prototype.hasOwnProperty.call(mappedUpdates, 'groupIds')
const hasGroupIdField = Object.prototype.hasOwnProperty.call(mappedUpdates, 'groupId')
const targetAccountType = rawAccountType || currentAccount.accountType || 'shared'
delete mappedUpdates.groupId
delete mappedUpdates.groupIds
if (rawAccountType) {
mappedUpdates.accountType = targetAccountType
}
const account = await droidAccountService.updateAccount(id, mappedUpdates)
try {
if (currentAccount.accountType === 'group' && targetAccountType !== 'group') {
await accountGroupService.removeAccountFromAllGroups(id)
} else if (targetAccountType === 'group') {
if (hasGroupIdsField) {
if (normalizedGroupIds.length > 0) {
await accountGroupService.setAccountGroups(id, normalizedGroupIds, 'droid')
} else {
await accountGroupService.removeAccountFromAllGroups(id)
}
} else if (hasGroupIdField && typeof groupId === 'string' && groupId.trim()) {
await accountGroupService.setAccountGroups(id, [groupId], 'droid')
}
}
} catch (groupError) {
logger.error(`Failed to update Droid account ${id} groups:`, groupError)
return res.status(500).json({
error: 'Failed to update Droid account groups',
message: groupError.message
})
}
if (targetAccountType === 'group') {
try {
account.groupInfos = await accountGroupService.getAccountGroups(id)
} catch (groupFetchError) {
logger.debug(`Failed to fetch group infos for Droid account ${id}:`, groupFetchError)
}
}
return res.json({ success: true, data: account })
} catch (error) {
logger.error(`Failed to update Droid account ${req.params.id}:`, error)
return res.status(500).json({ error: 'Failed to update Droid account', message: error.message })
}
})
// 切换 Droid 账户调度状态
router.put('/droid-accounts/:id/toggle-schedulable', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const account = await droidAccountService.getAccount(id)
if (!account) {
return res.status(404).json({ error: 'Droid account not found' })
}
const currentSchedulable = account.schedulable === true || account.schedulable === 'true'
const newSchedulable = !currentSchedulable
await droidAccountService.updateAccount(id, { schedulable: newSchedulable ? 'true' : 'false' })
const updatedAccount = await droidAccountService.getAccount(id)
const actualSchedulable = updatedAccount
? updatedAccount.schedulable === true || updatedAccount.schedulable === 'true'
: newSchedulable
if (!actualSchedulable) {
await webhookNotifier.sendAccountAnomalyNotification({
accountId: account.id,
accountName: account.name || 'Droid Account',
platform: 'droid',
status: 'disabled',
errorCode: 'DROID_MANUALLY_DISABLED',
reason: '账号已被管理员手动禁用调度',
timestamp: new Date().toISOString()
})
}
logger.success(
`🔄 Admin toggled Droid account schedulable status: ${id} -> ${
actualSchedulable ? 'schedulable' : 'not schedulable'
}`
)
return res.json({ success: true, schedulable: actualSchedulable })
} catch (error) {
logger.error('❌ Failed to toggle Droid account schedulable status:', error)
return res
.status(500)
.json({ error: 'Failed to toggle schedulable status', message: error.message })
}
})
// 获取单个 Droid 账户详细信息
router.get('/droid-accounts/:id', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
// 获取账户基本信息
const account = await droidAccountService.getAccount(id)
if (!account) {
return res.status(404).json({
error: 'Not Found',
message: 'Droid account not found'
})
}
// 获取使用统计信息
let usageStats
try {
usageStats = await redis.getAccountUsageStats(account.id, 'droid')
} catch (error) {
logger.debug(`Failed to get usage stats for Droid account ${account.id}:`, error)
usageStats = {
daily: { tokens: 0, requests: 0, allTokens: 0 },
total: { tokens: 0, requests: 0, allTokens: 0 },
averages: { rpm: 0, tpm: 0 }
}
}
// 获取分组信息
let groupInfos = []
try {
groupInfos = await accountGroupService.getAccountGroups(account.id)
} catch (error) {
logger.debug(`Failed to get group infos for Droid account ${account.id}:`, error)
groupInfos = []
}
// 获取绑定的 API Key 数量
const allApiKeys = await redis.getAllApiKeys()
const groupIds = groupInfos.map((group) => group.id)
const boundApiKeysCount = allApiKeys.reduce((count, key) => {
const binding = key.droidAccountId
if (!binding) {
return count
}
if (binding === account.id) {
return count + 1
}
if (binding.startsWith('group:')) {
const groupId = binding.substring('group:'.length)
if (groupIds.includes(groupId)) {
return count + 1
}
}
return count
}, 0)
// 获取解密的 API Keys用于管理界面
let decryptedApiKeys = []
try {
decryptedApiKeys = await droidAccountService.getDecryptedApiKeyEntries(id)
} catch (error) {
logger.debug(`Failed to get decrypted API keys for Droid account ${account.id}:`, error)
decryptedApiKeys = []
}
// 返回完整的账户信息,包含实际的 API Keys
const accountDetails = {
...account,
// 映射字段:使用 subscriptionExpiresAt 作为前端显示的 expiresAt
expiresAt: account.subscriptionExpiresAt || null,
schedulable: account.schedulable === 'true',
boundApiKeysCount,
groupInfos,
// 包含实际的 API Keys用于管理界面
apiKeys: decryptedApiKeys.map((entry) => ({
key: entry.key,
id: entry.id,
usageCount: entry.usageCount || 0,
lastUsedAt: entry.lastUsedAt || null,
status: entry.status || 'active', // 使用实际的状态,默认为 active
errorMessage: entry.errorMessage || '', // 包含错误信息
createdAt: entry.createdAt || null
})),
usage: {
daily: usageStats.daily,
total: usageStats.total,
averages: usageStats.averages
}
}
return res.json({
success: true,
data: accountDetails
})
} catch (error) {
logger.error(`Failed to get Droid account ${req.params.id}:`, error)
return res.status(500).json({
error: 'Failed to get Droid account',
message: error.message
})
}
})
// 删除 Droid 账户
router.delete('/droid-accounts/:id', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
await droidAccountService.deleteAccount(id)
return res.json({ success: true, message: 'Droid account deleted successfully' })
} catch (error) {
logger.error(`Failed to delete Droid account ${req.params.id}:`, error)
return res.status(500).json({ error: 'Failed to delete Droid account', message: error.message })
}
})
// 刷新 Droid 账户 token
router.post('/droid-accounts/:id/refresh-token', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const result = await droidAccountService.refreshAccessToken(id)
return res.json({ success: true, data: result })
} catch (error) {
logger.error(`Failed to refresh Droid account token ${req.params.id}:`, error)
return res.status(500).json({ error: 'Failed to refresh token', message: error.message })
}
})
module.exports = router

494
src/routes/admin/geminiAccounts.js
View File

@@ -1,494 +0,0 @@
const express = require('express')
const geminiAccountService = require('../../services/geminiAccountService')
const accountGroupService = require('../../services/accountGroupService')
const apiKeyService = require('../../services/apiKeyService')
const redis = require('../../models/redis')
const { authenticateAdmin } = require('../../middleware/auth')
const logger = require('../../utils/logger')
const webhookNotifier = require('../../utils/webhookNotifier')
const { formatAccountExpiry, mapExpiryField } = require('./utils')
const router = express.Router()
// 🤖 Gemini OAuth 账户管理
// 生成 Gemini OAuth 授权 URL
router.post('/generate-auth-url', authenticateAdmin, async (req, res) => {
try {
const { state, proxy } = req.body // 接收代理配置
// 使用新的 codeassist.google.com 回调地址
const redirectUri = 'https://codeassist.google.com/authcode'
logger.info(`Generating Gemini OAuth URL with redirect_uri: ${redirectUri}`)
const {
authUrl,
state: authState,
codeVerifier,
redirectUri: finalRedirectUri
} = await geminiAccountService.generateAuthUrl(state, redirectUri, proxy)
// 创建 OAuth 会话,包含 codeVerifier 和代理配置
const sessionId = authState
await redis.setOAuthSession(sessionId, {
state: authState,
type: 'gemini',
redirectUri: finalRedirectUri,
codeVerifier, // 保存 PKCE code verifier
proxy: proxy || null, // 保存代理配置
createdAt: new Date().toISOString()
})
logger.info(`Generated Gemini OAuth URL with session: ${sessionId}`)
return res.json({
success: true,
data: {
authUrl,
sessionId
}
})
} catch (error) {
logger.error('❌ Failed to generate Gemini auth URL:', error)
return res.status(500).json({ error: 'Failed to generate auth URL', message: error.message })
}
})
// 轮询 Gemini OAuth 授权状态
router.post('/poll-auth-status', authenticateAdmin, async (req, res) => {
try {
const { sessionId } = req.body
if (!sessionId) {
return res.status(400).json({ error: 'Session ID is required' })
}
const result = await geminiAccountService.pollAuthorizationStatus(sessionId)
if (result.success) {
logger.success(`✅ Gemini OAuth authorization successful for session: ${sessionId}`)
return res.json({ success: true, data: { tokens: result.tokens } })
} else {
return res.json({ success: false, error: result.error })
}
} catch (error) {
logger.error('❌ Failed to poll Gemini auth status:', error)
return res.status(500).json({ error: 'Failed to poll auth status', message: error.message })
}
})
// 交换 Gemini 授权码
router.post('/exchange-code', authenticateAdmin, async (req, res) => {
try {
const { code, sessionId, proxy: requestProxy } = req.body
if (!code) {
return res.status(400).json({ error: 'Authorization code is required' })
}
let redirectUri = 'https://codeassist.google.com/authcode'
let codeVerifier = null
let proxyConfig = null
// 如果提供了 sessionId从 OAuth 会话中获取信息
if (sessionId) {
const sessionData = await redis.getOAuthSession(sessionId)
if (sessionData) {
const {
redirectUri: sessionRedirectUri,
codeVerifier: sessionCodeVerifier,
proxy
} = sessionData
redirectUri = sessionRedirectUri || redirectUri
codeVerifier = sessionCodeVerifier
proxyConfig = proxy // 获取代理配置
logger.info(
`Using session redirect_uri: ${redirectUri}, has codeVerifier: ${!!codeVerifier}, has proxy from session: ${!!proxyConfig}`
)
}
}
// 如果请求体中直接提供了代理配置,优先使用它
if (requestProxy) {
proxyConfig = requestProxy
logger.info(
`Using proxy from request body: ${proxyConfig ? JSON.stringify(proxyConfig) : 'none'}`
)
}
const tokens = await geminiAccountService.exchangeCodeForTokens(
code,
redirectUri,
codeVerifier,
proxyConfig // 传递代理配置
)
// 清理 OAuth 会话
if (sessionId) {
await redis.deleteOAuthSession(sessionId)
}
logger.success('✅ Successfully exchanged Gemini authorization code')
return res.json({ success: true, data: { tokens } })
} catch (error) {
logger.error('❌ Failed to exchange Gemini authorization code:', error)
return res.status(500).json({ error: 'Failed to exchange code', message: error.message })
}
})
// 获取所有 Gemini 账户
router.get('/', authenticateAdmin, async (req, res) => {
try {
const { platform, groupId } = req.query
let accounts = await geminiAccountService.getAllAccounts()
// 根据查询参数进行筛选
if (platform && platform !== 'all' && platform !== 'gemini') {
// 如果指定了其他平台,返回空数组
accounts = []
}
// 如果指定了分组筛选
if (groupId && groupId !== 'all') {
if (groupId === 'ungrouped') {
// 筛选未分组账户
const filteredAccounts = []
for (const account of accounts) {
const groups = await accountGroupService.getAccountGroups(account.id)
if (!groups || groups.length === 0) {
filteredAccounts.push(account)
}
}
accounts = filteredAccounts
} else {
// 筛选特定分组的账户
const groupMembers = await accountGroupService.getGroupMembers(groupId)
accounts = accounts.filter((account) => groupMembers.includes(account.id))
}
}
// 为每个账户添加使用统计信息与Claude账户相同的逻辑
const accountsWithStats = await Promise.all(
accounts.map(async (account) => {
try {
const usageStats = await redis.getAccountUsageStats(account.id, 'openai')
const groupInfos = await accountGroupService.getAccountGroups(account.id)
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
groupInfos,
usage: {
daily: usageStats.daily,
total: usageStats.total,
averages: usageStats.averages
}
}
} catch (statsError) {
logger.warn(
`⚠️ Failed to get usage stats for Gemini account ${account.id}:`,
statsError.message
)
// 如果获取统计失败,返回空统计
try {
const groupInfos = await accountGroupService.getAccountGroups(account.id)
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
groupInfos,
usage: {
daily: { tokens: 0, requests: 0, allTokens: 0 },
total: { tokens: 0, requests: 0, allTokens: 0 },
averages: { rpm: 0, tpm: 0 }
}
}
} catch (groupError) {
logger.warn(
`⚠️ Failed to get group info for account ${account.id}:`,
groupError.message
)
return {
...account,
groupInfos: [],
usage: {
daily: { tokens: 0, requests: 0, allTokens: 0 },
total: { tokens: 0, requests: 0, allTokens: 0 },
averages: { rpm: 0, tpm: 0 }
}
}
}
}
})
)
return res.json({ success: true, data: accountsWithStats })
} catch (error) {
logger.error('❌ Failed to get Gemini accounts:', error)
return res.status(500).json({ error: 'Failed to get accounts', message: error.message })
}
})
// 创建新的 Gemini 账户
router.post('/', authenticateAdmin, async (req, res) => {
try {
const accountData = req.body
// 输入验证
if (!accountData.name) {
return res.status(400).json({ error: 'Account name is required' })
}
// 验证accountType的有效性
if (
accountData.accountType &&
!['shared', 'dedicated', 'group'].includes(accountData.accountType)
) {
return res
.status(400)
.json({ error: 'Invalid account type. Must be "shared", "dedicated" or "group"' })
}
// 如果是分组类型验证groupId或groupIds
if (
accountData.accountType === 'group' &&
!accountData.groupId &&
(!accountData.groupIds || accountData.groupIds.length === 0)
) {
return res.status(400).json({ error: 'Group ID is required for group type accounts' })
}
const newAccount = await geminiAccountService.createAccount(accountData)
// 如果是分组类型,处理分组绑定
if (accountData.accountType === 'group') {
if (accountData.groupIds && accountData.groupIds.length > 0) {
// 多分组模式
await accountGroupService.setAccountGroups(newAccount.id, accountData.groupIds, 'gemini')
logger.info(
`🏢 Added Gemini account ${newAccount.id} to groups: ${accountData.groupIds.join(', ')}`
)
} else if (accountData.groupId) {
// 单分组模式(向后兼容)
await accountGroupService.addAccountToGroup(newAccount.id, accountData.groupId, 'gemini')
}
}
logger.success(`🏢 Admin created new Gemini account: ${accountData.name}`)
const formattedAccount = formatAccountExpiry(newAccount)
return res.json({ success: true, data: formattedAccount })
} catch (error) {
logger.error('❌ Failed to create Gemini account:', error)
return res.status(500).json({ error: 'Failed to create account', message: error.message })
}
})
// 更新 Gemini 账户
router.put('/:accountId', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const updates = req.body
// 验证accountType的有效性
if (updates.accountType && !['shared', 'dedicated', 'group'].includes(updates.accountType)) {
return res
.status(400)
.json({ error: 'Invalid account type. Must be "shared", "dedicated" or "group"' })
}
// 如果更新为分组类型验证groupId或groupIds
if (
updates.accountType === 'group' &&
!updates.groupId &&
(!updates.groupIds || updates.groupIds.length === 0)
) {
return res.status(400).json({ error: 'Group ID is required for group type accounts' })
}
// 获取账户当前信息以处理分组变更
const currentAccount = await geminiAccountService.getAccount(accountId)
if (!currentAccount) {
return res.status(404).json({ error: 'Account not found' })
}
// ✅ 【新增】映射字段名:前端的 expiresAt -> 后端的 subscriptionExpiresAt
const mappedUpdates = mapExpiryField(updates, 'Gemini', accountId)
// 处理分组的变更
if (mappedUpdates.accountType !== undefined) {
// 如果之前是分组类型,需要从所有分组中移除
if (currentAccount.accountType === 'group') {
const oldGroups = await accountGroupService.getAccountGroups(accountId)
for (const oldGroup of oldGroups) {
await accountGroupService.removeAccountFromGroup(accountId, oldGroup.id)
}
}
// 如果新类型是分组,处理多分组支持
if (mappedUpdates.accountType === 'group') {
if (Object.prototype.hasOwnProperty.call(mappedUpdates, 'groupIds')) {
// 如果明确提供了 groupIds 参数(包括空数组)
if (mappedUpdates.groupIds && mappedUpdates.groupIds.length > 0) {
// 设置新的多分组
await accountGroupService.setAccountGroups(accountId, mappedUpdates.groupIds, 'gemini')
} else {
// groupIds 为空数组,从所有分组中移除
await accountGroupService.removeAccountFromAllGroups(accountId)
}
} else if (mappedUpdates.groupId) {
// 向后兼容:仅当没有 groupIds 但有 groupId 时使用单分组逻辑
await accountGroupService.addAccountToGroup(accountId, mappedUpdates.groupId, 'gemini')
}
}
}
const updatedAccount = await geminiAccountService.updateAccount(accountId, mappedUpdates)
logger.success(`📝 Admin updated Gemini account: ${accountId}`)
return res.json({ success: true, data: updatedAccount })
} catch (error) {
logger.error('❌ Failed to update Gemini account:', error)
return res.status(500).json({ error: 'Failed to update account', message: error.message })
}
})
// 删除 Gemini 账户
router.delete('/:accountId', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
// 自动解绑所有绑定的 API Keys
const unboundCount = await apiKeyService.unbindAccountFromAllKeys(accountId, 'gemini')
// 获取账户信息以检查是否在分组中
const account = await geminiAccountService.getAccount(accountId)
if (account && account.accountType === 'group') {
const groups = await accountGroupService.getAccountGroups(accountId)
for (const group of groups) {
await accountGroupService.removeAccountFromGroup(accountId, group.id)
}
}
await geminiAccountService.deleteAccount(accountId)
let message = 'Gemini账号已成功删除'
if (unboundCount > 0) {
message += `${unboundCount} 个 API Key 已切换为共享池模式`
}
logger.success(`🗑️ Admin deleted Gemini account: ${accountId}, unbound ${unboundCount} keys`)
return res.json({
success: true,
message,
unboundKeys: unboundCount
})
} catch (error) {
logger.error('❌ Failed to delete Gemini account:', error)
return res.status(500).json({ error: 'Failed to delete account', message: error.message })
}
})
// 刷新 Gemini 账户 token
router.post('/:accountId/refresh', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const result = await geminiAccountService.refreshAccountToken(accountId)
logger.success(`🔄 Admin refreshed token for Gemini account: ${accountId}`)
return res.json({ success: true, data: result })
} catch (error) {
logger.error('❌ Failed to refresh Gemini account token:', error)
return res.status(500).json({ error: 'Failed to refresh token', message: error.message })
}
})
// 切换 Gemini 账户调度状态
router.put('/:accountId/toggle-schedulable', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const account = await geminiAccountService.getAccount(accountId)
if (!account) {
return res.status(404).json({ error: 'Account not found' })
}
// 现在 account.schedulable 已经是布尔值了,直接取反即可
const newSchedulable = !account.schedulable
await geminiAccountService.updateAccount(accountId, { schedulable: String(newSchedulable) })
// 验证更新是否成功,重新获取账户信息
const updatedAccount = await geminiAccountService.getAccount(accountId)
const actualSchedulable = updatedAccount ? updatedAccount.schedulable : newSchedulable
// 如果账号被禁用发送webhook通知
if (!actualSchedulable) {
await webhookNotifier.sendAccountAnomalyNotification({
accountId: account.id,
accountName: account.accountName || 'Gemini Account',
platform: 'gemini',
status: 'disabled',
errorCode: 'GEMINI_MANUALLY_DISABLED',
reason: '账号已被管理员手动禁用调度',
timestamp: new Date().toISOString()
})
}
logger.success(
`🔄 Admin toggled Gemini account schedulable status: ${accountId} -> ${
actualSchedulable ? 'schedulable' : 'not schedulable'
}`
)
// 返回实际的数据库值,确保前端状态与后端一致
return res.json({ success: true, schedulable: actualSchedulable })
} catch (error) {
logger.error('❌ Failed to toggle Gemini account schedulable status:', error)
return res
.status(500)
.json({ error: 'Failed to toggle schedulable status', message: error.message })
}
})
// 重置 Gemini OAuth 账户限流状态
router.post('/:id/reset-rate-limit', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
await geminiAccountService.updateAccount(id, {
rateLimitedAt: '',
rateLimitStatus: '',
status: 'active',
errorMessage: ''
})
logger.info(`🔄 Admin manually reset rate limit for Gemini account ${id}`)
res.json({
success: true,
message: 'Rate limit reset successfully'
})
} catch (error) {
logger.error('Failed to reset Gemini account rate limit:', error)
res.status(500).json({
success: false,
error: error.message
})
}
})
// 重置 Gemini OAuth 账户状态(清除所有异常状态)
router.post('/:id/reset-status', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const result = await geminiAccountService.resetAccountStatus(id)
logger.success(`✅ Admin reset status for Gemini account: ${id}`)
return res.json({ success: true, data: result })
} catch (error) {
logger.error('❌ Failed to reset Gemini account status:', error)
return res.status(500).json({ error: 'Failed to reset status', message: error.message })
}
})
module.exports = router

400
src/routes/admin/geminiApiAccounts.js
View File

@@ -1,400 +0,0 @@
const express = require('express')
const geminiApiAccountService = require('../../services/geminiApiAccountService')
const apiKeyService = require('../../services/apiKeyService')
const accountGroupService = require('../../services/accountGroupService')
const redis = require('../../models/redis')
const { authenticateAdmin } = require('../../middleware/auth')
const logger = require('../../utils/logger')
const webhookNotifier = require('../../utils/webhookNotifier')
const router = express.Router()
// 获取所有 Gemini-API 账户
router.get('/gemini-api-accounts', authenticateAdmin, async (req, res) => {
try {
const { platform, groupId } = req.query
let accounts = await geminiApiAccountService.getAllAccounts(true)
// 根据查询参数进行筛选
if (platform && platform !== 'gemini-api') {
accounts = []
}
// 根据分组ID筛选
if (groupId) {
const group = await accountGroupService.getGroup(groupId)
if (group && group.platform === 'gemini') {
const groupMembers = await accountGroupService.getGroupMembers(groupId)
accounts = accounts.filter((account) => groupMembers.includes(account.id))
} else {
accounts = []
}
}
// 处理使用统计和绑定的 API Key 数量
const accountsWithStats = await Promise.all(
accounts.map(async (account) => {
// 检查并清除过期的限流状态
await geminiApiAccountService.checkAndClearRateLimit(account.id)
// 获取使用统计信息
let usageStats
try {
usageStats = await redis.getAccountUsageStats(account.id, 'gemini-api')
} catch (error) {
logger.debug(`Failed to get usage stats for Gemini-API account ${account.id}:`, error)
usageStats = {
daily: { requests: 0, tokens: 0, allTokens: 0 },
total: { requests: 0, tokens: 0, allTokens: 0 },
monthly: { requests: 0, tokens: 0, allTokens: 0 }
}
}
// 计算绑定的API Key数量支持 api: 前缀)
const allKeys = await redis.getAllApiKeys()
let boundCount = 0
for (const key of allKeys) {
if (key.geminiAccountId) {
// 检查是否绑定了此 Gemini-API 账户(支持 api: 前缀)
if (key.geminiAccountId === `api:${account.id}`) {
boundCount++
}
}
}
// 获取分组信息
const groupInfos = await accountGroupService.getAccountGroups(account.id)
return {
...account,
groupInfos,
usage: {
daily: usageStats.daily,
total: usageStats.total,
averages: usageStats.averages || usageStats.monthly
},
boundApiKeys: boundCount
}
})
)
res.json({ success: true, data: accountsWithStats })
} catch (error) {
logger.error('Failed to get Gemini-API accounts:', error)
res.status(500).json({ success: false, message: error.message })
}
})
// 创建 Gemini-API 账户
router.post('/gemini-api-accounts', authenticateAdmin, async (req, res) => {
try {
const { accountType, groupId, groupIds } = req.body
// 验证accountType的有效性
if (accountType && !['shared', 'dedicated', 'group'].includes(accountType)) {
return res.status(400).json({
success: false,
error: 'Invalid account type. Must be "shared", "dedicated" or "group"'
})
}
// 如果是分组类型验证groupId或groupIds
if (accountType === 'group' && !groupId && (!groupIds || groupIds.length === 0)) {
return res.status(400).json({
success: false,
error: 'Group ID or Group IDs are required for group type accounts'
})
}
const account = await geminiApiAccountService.createAccount(req.body)
// 如果是分组类型,将账户添加到分组
if (accountType === 'group') {
if (groupIds && groupIds.length > 0) {
// 使用多分组设置
await accountGroupService.setAccountGroups(account.id, groupIds, 'gemini')
} else if (groupId) {
// 兼容单分组模式
await accountGroupService.addAccountToGroup(account.id, groupId, 'gemini')
}
}
logger.success(
`🏢 Admin created new Gemini-API account: ${account.name} (${accountType || 'shared'})`
)
res.json({ success: true, data: account })
} catch (error) {
logger.error('Failed to create Gemini-API account:', error)
res.status(500).json({
success: false,
error: error.message
})
}
})
// 获取单个 Gemini-API 账户
router.get('/gemini-api-accounts/:id', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const account = await geminiApiAccountService.getAccount(id)
if (!account) {
return res.status(404).json({
success: false,
message: 'Account not found'
})
}
// 隐藏敏感信息
account.apiKey = '***'
res.json({ success: true, data: account })
} catch (error) {
logger.error('Failed to get Gemini-API account:', error)
res.status(500).json({
success: false,
error: error.message
})
}
})
// 更新 Gemini-API 账户
router.put('/gemini-api-accounts/:id', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const updates = req.body
// 验证priority的有效性1-100
if (updates.priority !== undefined) {
const priority = parseInt(updates.priority)
if (isNaN(priority) || priority < 1 || priority > 100) {
return res.status(400).json({
success: false,
message: 'Priority must be a number between 1 and 100'
})
}
}
// 验证accountType的有效性
if (updates.accountType && !['shared', 'dedicated', 'group'].includes(updates.accountType)) {
return res.status(400).json({
success: false,
error: 'Invalid account type. Must be "shared", "dedicated" or "group"'
})
}
// 如果更新为分组类型验证groupId或groupIds
if (
updates.accountType === 'group' &&
!updates.groupId &&
(!updates.groupIds || updates.groupIds.length === 0)
) {
return res.status(400).json({
success: false,
error: 'Group ID or Group IDs are required for group type accounts'
})
}
// 获取账户当前信息以处理分组变更
const currentAccount = await geminiApiAccountService.getAccount(id)
if (!currentAccount) {
return res.status(404).json({
success: false,
error: 'Account not found'
})
}
// 处理分组的变更
if (updates.accountType !== undefined) {
// 如果之前是分组类型,需要从所有分组中移除
if (currentAccount.accountType === 'group') {
await accountGroupService.removeAccountFromAllGroups(id)
}
// 如果新类型是分组,添加到新分组
if (updates.accountType === 'group') {
// 处理多分组/单分组的兼容性
if (Object.prototype.hasOwnProperty.call(updates, 'groupIds')) {
if (updates.groupIds && updates.groupIds.length > 0) {
// 使用多分组设置
await accountGroupService.setAccountGroups(id, updates.groupIds, 'gemini')
}
} else if (updates.groupId) {
// 兼容单分组模式
await accountGroupService.addAccountToGroup(id, updates.groupId, 'gemini')
}
}
}
const result = await geminiApiAccountService.updateAccount(id, updates)
if (!result.success) {
return res.status(400).json(result)
}
logger.success(`📝 Admin updated Gemini-API account: ${currentAccount.name}`)
res.json({ success: true, ...result })
} catch (error) {
logger.error('Failed to update Gemini-API account:', error)
res.status(500).json({
success: false,
error: error.message
})
}
})
// 删除 Gemini-API 账户
router.delete('/gemini-api-accounts/:id', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const account = await geminiApiAccountService.getAccount(id)
if (!account) {
return res.status(404).json({
success: false,
message: 'Account not found'
})
}
// 自动解绑所有绑定的 API Keys支持 api: 前缀)
const unboundCount = await apiKeyService.unbindAccountFromAllKeys(id, 'gemini-api')
// 从所有分组中移除此账户
if (account.accountType === 'group') {
await accountGroupService.removeAccountFromAllGroups(id)
logger.info(`Removed Gemini-API account ${id} from all groups`)
}
const result = await geminiApiAccountService.deleteAccount(id)
let message = 'Gemini-API账号已成功删除'
if (unboundCount > 0) {
message += `${unboundCount} 个 API Key 已切换为共享池模式`
}
logger.success(`${message}`)
res.json({
success: true,
...result,
message,
unboundKeys: unboundCount
})
} catch (error) {
logger.error('Failed to delete Gemini-API account:', error)
res.status(500).json({
success: false,
error: error.message
})
}
})
// 切换 Gemini-API 账户调度状态
router.put('/gemini-api-accounts/:id/toggle-schedulable', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const result = await geminiApiAccountService.toggleSchedulable(id)
if (!result.success) {
return res.status(400).json(result)
}
// 仅在停止调度时发送通知
if (!result.schedulable) {
await webhookNotifier.sendAccountEvent('account.status_changed', {
accountId: id,
platform: 'gemini-api',
schedulable: result.schedulable,
changedBy: 'admin',
action: 'stopped_scheduling'
})
}
res.json(result)
} catch (error) {
logger.error('Failed to toggle Gemini-API account schedulable status:', error)
res.status(500).json({
success: false,
error: error.message
})
}
})
// 切换 Gemini-API 账户激活状态
router.put('/gemini-api-accounts/:id/toggle', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const account = await geminiApiAccountService.getAccount(id)
if (!account) {
return res.status(404).json({
success: false,
message: 'Account not found'
})
}
const newActiveStatus = account.isActive === 'true' ? 'false' : 'true'
await geminiApiAccountService.updateAccount(id, {
isActive: newActiveStatus
})
res.json({
success: true,
isActive: newActiveStatus === 'true'
})
} catch (error) {
logger.error('Failed to toggle Gemini-API account status:', error)
res.status(500).json({
success: false,
error: error.message
})
}
})
// 重置 Gemini-API 账户限流状态
router.post('/gemini-api-accounts/:id/reset-rate-limit', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
await geminiApiAccountService.updateAccount(id, {
rateLimitedAt: '',
rateLimitStatus: '',
status: 'active',
errorMessage: ''
})
logger.info(`🔄 Admin manually reset rate limit for Gemini-API account ${id}`)
res.json({
success: true,
message: 'Rate limit reset successfully'
})
} catch (error) {
logger.error('Failed to reset Gemini-API account rate limit:', error)
res.status(500).json({
success: false,
error: error.message
})
}
})
// 重置 Gemini-API 账户状态(清除所有异常状态)
router.post('/gemini-api-accounts/:id/reset-status', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const result = await geminiApiAccountService.resetAccountStatus(id)
logger.success(`✅ Admin reset status for Gemini-API account: ${id}`)
return res.json({ success: true, data: result })
} catch (error) {
logger.error('❌ Failed to reset Gemini-API account status:', error)
return res.status(500).json({ error: 'Failed to reset status', message: error.message })
}
})
module.exports = router

50
src/routes/admin/index.js
View File

@@ -1,50 +0,0 @@
/**
* Admin Routes - 主入口文件
* 导入并挂载所有子路由模块
*/
const express = require('express')
const router = express.Router()
// 导入所有子路由
const apiKeysRoutes = require('./apiKeys')
const accountGroupsRoutes = require('./accountGroups')
const claudeAccountsRoutes = require('./claudeAccounts')
const claudeConsoleAccountsRoutes = require('./claudeConsoleAccounts')
const ccrAccountsRoutes = require('./ccrAccounts')
const bedrockAccountsRoutes = require('./bedrockAccounts')
const geminiAccountsRoutes = require('./geminiAccounts')
const geminiApiAccountsRoutes = require('./geminiApiAccounts')
const openaiAccountsRoutes = require('./openaiAccounts')
const azureOpenaiAccountsRoutes = require('./azureOpenaiAccounts')
const openaiResponsesAccountsRoutes = require('./openaiResponsesAccounts')
const droidAccountsRoutes = require('./droidAccounts')
const dashboardRoutes = require('./dashboard')
const usageStatsRoutes = require('./usageStats')
const systemRoutes = require('./system')
const concurrencyRoutes = require('./concurrency')
const claudeRelayConfigRoutes = require('./claudeRelayConfig')
// 挂载所有子路由
// 使用完整路径的模块(直接挂载到根路径)
router.use('/', apiKeysRoutes)
router.use('/', claudeAccountsRoutes)
router.use('/', claudeConsoleAccountsRoutes)
router.use('/', geminiApiAccountsRoutes)
router.use('/', azureOpenaiAccountsRoutes)
router.use('/', openaiResponsesAccountsRoutes)
router.use('/', droidAccountsRoutes)
router.use('/', dashboardRoutes)
router.use('/', usageStatsRoutes)
router.use('/', systemRoutes)
router.use('/', concurrencyRoutes)
router.use('/', claudeRelayConfigRoutes)
// 使用相对路径的模块(需要指定基础路径前缀)
router.use('/account-groups', accountGroupsRoutes)
router.use('/ccr-accounts', ccrAccountsRoutes)
router.use('/bedrock-accounts', bedrockAccountsRoutes)
router.use('/gemini-accounts', geminiAccountsRoutes)
router.use('/openai-accounts', openaiAccountsRoutes)
module.exports = router

805
src/routes/admin/openaiAccounts.js
View File

@@ -1,805 +0,0 @@
/**
* Admin Routes - OpenAI 账户管理
* 处理 OpenAI 账户的 CRUD 操作和 OAuth 授权流程
*/
const express = require('express')
const crypto = require('crypto')
const axios = require('axios')
const openaiAccountService = require('../../services/openaiAccountService')
const accountGroupService = require('../../services/accountGroupService')
const apiKeyService = require('../../services/apiKeyService')
const redis = require('../../models/redis')
const { authenticateAdmin } = require('../../middleware/auth')
const logger = require('../../utils/logger')
const ProxyHelper = require('../../utils/proxyHelper')
const webhookNotifier = require('../../utils/webhookNotifier')
const { formatAccountExpiry, mapExpiryField } = require('./utils')
const router = express.Router()
// OpenAI OAuth 配置
const OPENAI_CONFIG = {
BASE_URL: 'https://auth.openai.com',
CLIENT_ID: 'app_EMoamEEZ73f0CkXaXp7hrann',
REDIRECT_URI: 'http://localhost:1455/auth/callback',
SCOPE: 'openid profile email offline_access'
}
/**
* 生成 PKCE 参数
* @returns {Object} 包含 codeVerifier 和 codeChallenge 的对象
*/
function generateOpenAIPKCE() {
const codeVerifier = crypto.randomBytes(64).toString('hex')
const codeChallenge = crypto.createHash('sha256').update(codeVerifier).digest('base64url')
return {
codeVerifier,
codeChallenge
}
}
// 生成 OpenAI OAuth 授权 URL
router.post('/generate-auth-url', authenticateAdmin, async (req, res) => {
try {
const { proxy } = req.body
// 生成 PKCE 参数
const pkce = generateOpenAIPKCE()
// 生成随机 state
const state = crypto.randomBytes(32).toString('hex')
// 创建会话 ID
const sessionId = crypto.randomUUID()
// 将 PKCE 参数和代理配置存储到 Redis
await redis.setOAuthSession(sessionId, {
codeVerifier: pkce.codeVerifier,
codeChallenge: pkce.codeChallenge,
state,
proxy: proxy || null,
platform: 'openai',
createdAt: new Date().toISOString(),
expiresAt: new Date(Date.now() + 10 * 60 * 1000).toISOString()
})
// 构建授权 URL 参数
const params = new URLSearchParams({
response_type: 'code',
client_id: OPENAI_CONFIG.CLIENT_ID,
redirect_uri: OPENAI_CONFIG.REDIRECT_URI,
scope: OPENAI_CONFIG.SCOPE,
code_challenge: pkce.codeChallenge,
code_challenge_method: 'S256',
state,
id_token_add_organizations: 'true',
codex_cli_simplified_flow: 'true'
})
const authUrl = `${OPENAI_CONFIG.BASE_URL}/oauth/authorize?${params.toString()}`
logger.success('🔗 Generated OpenAI OAuth authorization URL')
return res.json({
success: true,
data: {
authUrl,
sessionId,
instructions: [
'1. 复制上面的链接到浏览器中打开',
'2. 登录您的 OpenAI 账户',
'3. 同意应用权限',
'4. 复制浏览器地址栏中的完整 URL包含 code 参数)',
'5. 在添加账户表单中粘贴完整的回调 URL'
]
}
})
} catch (error) {
logger.error('生成 OpenAI OAuth URL 失败:', error)
return res.status(500).json({
success: false,
message: '生成授权链接失败',
error: error.message
})
}
})
// 交换 OpenAI 授权码
router.post('/exchange-code', authenticateAdmin, async (req, res) => {
try {
const { code, sessionId } = req.body
if (!code || !sessionId) {
return res.status(400).json({
success: false,
message: '缺少必要参数'
})
}
// 从 Redis 获取会话数据
const sessionData = await redis.getOAuthSession(sessionId)
if (!sessionData) {
return res.status(400).json({
success: false,
message: '会话已过期或无效'
})
}
// 准备 token 交换请求
const tokenData = {
grant_type: 'authorization_code',
code: code.trim(),
redirect_uri: OPENAI_CONFIG.REDIRECT_URI,
client_id: OPENAI_CONFIG.CLIENT_ID,
code_verifier: sessionData.codeVerifier
}
logger.info('Exchanging OpenAI authorization code:', {
sessionId,
codeLength: code.length,
hasCodeVerifier: !!sessionData.codeVerifier
})
// 配置代理(如果有)
const axiosConfig = {
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
}
}
// 配置代理(如果有)
const proxyAgent = ProxyHelper.createProxyAgent(sessionData.proxy)
if (proxyAgent) {
axiosConfig.httpAgent = proxyAgent
axiosConfig.httpsAgent = proxyAgent
axiosConfig.proxy = false
}
// 交换 authorization code 获取 tokens
const tokenResponse = await axios.post(
`${OPENAI_CONFIG.BASE_URL}/oauth/token`,
new URLSearchParams(tokenData).toString(),
axiosConfig
)
const { id_token, access_token, refresh_token, expires_in } = tokenResponse.data
// 解析 ID token 获取用户信息
const idTokenParts = id_token.split('.')
if (idTokenParts.length !== 3) {
throw new Error('Invalid ID token format')
}
// 解码 JWT payload
const payload = JSON.parse(Buffer.from(idTokenParts[1], 'base64url').toString())
// 获取 OpenAI 特定的声明
const authClaims = payload['https://api.openai.com/auth'] || {}
const accountId = authClaims.chatgpt_account_id || ''
const chatgptUserId = authClaims.chatgpt_user_id || authClaims.user_id || ''
const planType = authClaims.chatgpt_plan_type || ''
// 获取组织信息
const organizations = authClaims.organizations || []
const defaultOrg = organizations.find((org) => org.is_default) || organizations[0] || {}
const organizationId = defaultOrg.id || ''
const organizationRole = defaultOrg.role || ''
const organizationTitle = defaultOrg.title || ''
// 清理 Redis 会话
await redis.deleteOAuthSession(sessionId)
logger.success('✅ OpenAI OAuth token exchange successful')
return res.json({
success: true,
data: {
tokens: {
idToken: id_token,
accessToken: access_token,
refreshToken: refresh_token,
expires_in
},
accountInfo: {
accountId,
chatgptUserId,
organizationId,
organizationRole,
organizationTitle,
planType,
email: payload.email || '',
name: payload.name || '',
emailVerified: payload.email_verified || false,
organizations
}
}
})
} catch (error) {
logger.error('OpenAI OAuth token exchange failed:', error)
return res.status(500).json({
success: false,
message: '交换授权码失败',
error: error.message
})
}
})
// 获取所有 OpenAI 账户
router.get('/', authenticateAdmin, async (req, res) => {
try {
const { platform, groupId } = req.query
let accounts = await openaiAccountService.getAllAccounts()
// 缓存账户所属分组,避免重复查询
const accountGroupCache = new Map()
const fetchAccountGroups = async (accountId) => {
if (!accountGroupCache.has(accountId)) {
const groups = await accountGroupService.getAccountGroups(accountId)
accountGroupCache.set(accountId, groups || [])
}
return accountGroupCache.get(accountId)
}
// 根据查询参数进行筛选
if (platform && platform !== 'all' && platform !== 'openai') {
// 如果指定了其他平台,返回空数组
accounts = []
}
// 如果指定了分组筛选
if (groupId && groupId !== 'all') {
if (groupId === 'ungrouped') {
// 筛选未分组账户
const filteredAccounts = []
for (const account of accounts) {
const groups = await fetchAccountGroups(account.id)
if (!groups || groups.length === 0) {
filteredAccounts.push(account)
}
}
accounts = filteredAccounts
} else {
// 筛选特定分组的账户
const groupMembers = await accountGroupService.getGroupMembers(groupId)
accounts = accounts.filter((account) => groupMembers.includes(account.id))
}
}
// 为每个账户添加使用统计信息
const accountsWithStats = await Promise.all(
accounts.map(async (account) => {
try {
const usageStats = await redis.getAccountUsageStats(account.id, 'openai')
const groupInfos = await fetchAccountGroups(account.id)
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
groupInfos,
usage: {
daily: usageStats.daily,
total: usageStats.total,
monthly: usageStats.monthly
}
}
} catch (error) {
logger.debug(`Failed to get usage stats for OpenAI account ${account.id}:`, error)
const groupInfos = await fetchAccountGroups(account.id)
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
groupInfos,
usage: {
daily: { requests: 0, tokens: 0, allTokens: 0 },
total: { requests: 0, tokens: 0, allTokens: 0 },
monthly: { requests: 0, tokens: 0, allTokens: 0 }
}
}
}
})
)
logger.info(`获取 OpenAI 账户列表: ${accountsWithStats.length} 个账户`)
return res.json({
success: true,
data: accountsWithStats
})
} catch (error) {
logger.error('获取 OpenAI 账户列表失败:', error)
return res.status(500).json({
success: false,
message: '获取账户列表失败',
error: error.message
})
}
})
// 创建 OpenAI 账户
router.post('/', authenticateAdmin, async (req, res) => {
try {
const {
name,
description,
openaiOauth,
accountInfo,
proxy,
accountType,
groupId,
rateLimitDuration,
priority,
needsImmediateRefresh, // 是否需要立即刷新
requireRefreshSuccess // 是否必须刷新成功才能创建
} = req.body
if (!name) {
return res.status(400).json({
success: false,
message: '账户名称不能为空'
})
}
// 准备账户数据
const accountData = {
name,
description: description || '',
accountType: accountType || 'shared',
priority: priority || 50,
rateLimitDuration:
rateLimitDuration !== undefined && rateLimitDuration !== null ? rateLimitDuration : 60,
openaiOauth: openaiOauth || {},
accountInfo: accountInfo || {},
proxy: proxy || null,
isActive: true,
schedulable: true
}
// 如果需要立即刷新且必须成功OpenAI 手动模式)
if (needsImmediateRefresh && requireRefreshSuccess) {
// 先创建临时账户以测试刷新
const tempAccount = await openaiAccountService.createAccount(accountData)
try {
logger.info(`🔄 测试刷新 OpenAI 账户以获取完整 token 信息`)
// 尝试刷新 token会自动使用账户配置的代理
await openaiAccountService.refreshAccountToken(tempAccount.id)
// 刷新成功,获取更新后的账户信息
const refreshedAccount = await openaiAccountService.getAccount(tempAccount.id)
// 检查是否获取到了 ID Token
if (!refreshedAccount.idToken || refreshedAccount.idToken === '') {
// 没有获取到 ID Token删除账户
await openaiAccountService.deleteAccount(tempAccount.id)
throw new Error('无法获取 ID Token请检查 Refresh Token 是否有效')
}
// 如果是分组类型,添加到分组
if (accountType === 'group' && groupId) {
await accountGroupService.addAccountToGroup(tempAccount.id, groupId, 'openai')
}
// 清除敏感信息后返回
delete refreshedAccount.idToken
delete refreshedAccount.accessToken
delete refreshedAccount.refreshToken
logger.success(`✅ 创建并验证 OpenAI 账户成功: ${name} (ID: ${tempAccount.id})`)
return res.json({
success: true,
data: refreshedAccount,
message: '账户创建成功,并已获取完整 token 信息'
})
} catch (refreshError) {
// 刷新失败,删除临时创建的账户
logger.warn(`❌ 刷新失败,删除临时账户: ${refreshError.message}`)
await openaiAccountService.deleteAccount(tempAccount.id)
// 构建详细的错误信息
const errorResponse = {
success: false,
message: '账户创建失败',
error: refreshError.message
}
// 添加更详细的错误信息
if (refreshError.status) {
errorResponse.errorCode = refreshError.status
}
if (refreshError.details) {
errorResponse.errorDetails = refreshError.details
}
if (refreshError.code) {
errorResponse.networkError = refreshError.code
}
// 提供更友好的错误提示
if (refreshError.message.includes('Refresh Token 无效')) {
errorResponse.suggestion = '请检查 Refresh Token 是否正确,或重新通过 OAuth 授权获取'
} else if (refreshError.message.includes('代理')) {
errorResponse.suggestion = '请检查代理配置是否正确,包括地址、端口和认证信息'
} else if (refreshError.message.includes('过于频繁')) {
errorResponse.suggestion = '请稍后再试,或更换代理 IP'
} else if (refreshError.message.includes('连接')) {
errorResponse.suggestion = '请检查网络连接和代理设置'
}
return res.status(400).json(errorResponse)
}
}
// 不需要强制刷新的情况OAuth 模式或其他平台)
const createdAccount = await openaiAccountService.createAccount(accountData)
// 如果是分组类型,添加到分组
if (accountType === 'group' && groupId) {
await accountGroupService.addAccountToGroup(createdAccount.id, groupId, 'openai')
}
// 如果需要刷新但不强制成功OAuth 模式可能已有完整信息)
if (needsImmediateRefresh && !requireRefreshSuccess) {
try {
logger.info(`🔄 尝试刷新 OpenAI 账户 ${createdAccount.id}`)
await openaiAccountService.refreshAccountToken(createdAccount.id)
logger.info(`✅ 刷新成功`)
} catch (refreshError) {
logger.warn(`⚠️ 刷新失败,但账户已创建: ${refreshError.message}`)
}
}
logger.success(`✅ 创建 OpenAI 账户成功: ${name} (ID: ${createdAccount.id})`)
return res.json({
success: true,
data: createdAccount
})
} catch (error) {
logger.error('创建 OpenAI 账户失败:', error)
return res.status(500).json({
success: false,
message: '创建账户失败',
error: error.message
})
}
})
// 更新 OpenAI 账户
router.put('/:id', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const updates = req.body
// ✅ 【新增】映射字段名:前端的 expiresAt -> 后端的 subscriptionExpiresAt
const mappedUpdates = mapExpiryField(updates, 'OpenAI', id)
const { needsImmediateRefresh, requireRefreshSuccess } = mappedUpdates
// 验证accountType的有效性
if (
mappedUpdates.accountType &&
!['shared', 'dedicated', 'group'].includes(mappedUpdates.accountType)
) {
return res
.status(400)
.json({ error: 'Invalid account type. Must be "shared", "dedicated" or "group"' })
}
// 如果更新为分组类型验证groupId
if (mappedUpdates.accountType === 'group' && !mappedUpdates.groupId) {
return res.status(400).json({ error: 'Group ID is required for group type accounts' })
}
// 获取账户当前信息以处理分组变更
const currentAccount = await openaiAccountService.getAccount(id)
if (!currentAccount) {
return res.status(404).json({ error: 'Account not found' })
}
// 如果更新了 Refresh Token需要验证其有效性
if (mappedUpdates.openaiOauth?.refreshToken && needsImmediateRefresh && requireRefreshSuccess) {
// 先更新 token 信息
const tempUpdateData = {}
if (mappedUpdates.openaiOauth.refreshToken) {
tempUpdateData.refreshToken = mappedUpdates.openaiOauth.refreshToken
}
if (mappedUpdates.openaiOauth.accessToken) {
tempUpdateData.accessToken = mappedUpdates.openaiOauth.accessToken
}
// 更新代理配置(如果有)
if (mappedUpdates.proxy !== undefined) {
tempUpdateData.proxy = mappedUpdates.proxy
}
// 临时更新账户以测试新的 token
await openaiAccountService.updateAccount(id, tempUpdateData)
try {
logger.info(`🔄 验证更新的 OpenAI token (账户: ${id})`)
// 尝试刷新 token会使用账户配置的代理
await openaiAccountService.refreshAccountToken(id)
// 获取刷新后的账户信息
const refreshedAccount = await openaiAccountService.getAccount(id)
// 检查是否获取到了 ID Token
if (!refreshedAccount.idToken || refreshedAccount.idToken === '') {
// 恢复原始 token
await openaiAccountService.updateAccount(id, {
refreshToken: currentAccount.refreshToken,
accessToken: currentAccount.accessToken,
idToken: currentAccount.idToken
})
return res.status(400).json({
success: false,
message: '无法获取 ID Token请检查 Refresh Token 是否有效',
error: 'Invalid refresh token'
})
}
logger.success(`✅ Token 验证成功,继续更新账户信息`)
} catch (refreshError) {
// 刷新失败,恢复原始 token
logger.warn(`❌ Token 验证失败,恢复原始配置: ${refreshError.message}`)
await openaiAccountService.updateAccount(id, {
refreshToken: currentAccount.refreshToken,
accessToken: currentAccount.accessToken,
idToken: currentAccount.idToken,
proxy: currentAccount.proxy
})
// 构建详细的错误信息
const errorResponse = {
success: false,
message: '更新失败',
error: refreshError.message
}
// 添加更详细的错误信息
if (refreshError.status) {
errorResponse.errorCode = refreshError.status
}
if (refreshError.details) {
errorResponse.errorDetails = refreshError.details
}
if (refreshError.code) {
errorResponse.networkError = refreshError.code
}
// 提供更友好的错误提示
if (refreshError.message.includes('Refresh Token 无效')) {
errorResponse.suggestion = '请检查 Refresh Token 是否正确,或重新通过 OAuth 授权获取'
} else if (refreshError.message.includes('代理')) {
errorResponse.suggestion = '请检查代理配置是否正确,包括地址、端口和认证信息'
} else if (refreshError.message.includes('过于频繁')) {
errorResponse.suggestion = '请稍后再试,或更换代理 IP'
} else if (refreshError.message.includes('连接')) {
errorResponse.suggestion = '请检查网络连接和代理设置'
}
return res.status(400).json(errorResponse)
}
}
// 处理分组的变更
if (mappedUpdates.accountType !== undefined) {
// 如果之前是分组类型,需要从原分组中移除
if (currentAccount.accountType === 'group') {
const oldGroup = await accountGroupService.getAccountGroup(id)
if (oldGroup) {
await accountGroupService.removeAccountFromGroup(id, oldGroup.id)
}
}
// 如果新类型是分组,添加到新分组
if (mappedUpdates.accountType === 'group' && mappedUpdates.groupId) {
await accountGroupService.addAccountToGroup(id, mappedUpdates.groupId, 'openai')
}
}
// 准备更新数据
const updateData = { ...mappedUpdates }
// 处理敏感数据加密
if (mappedUpdates.openaiOauth) {
updateData.openaiOauth = mappedUpdates.openaiOauth
// 编辑时不允许直接输入 ID Token只能通过刷新获取
if (mappedUpdates.openaiOauth.accessToken) {
updateData.accessToken = mappedUpdates.openaiOauth.accessToken
}
if (mappedUpdates.openaiOauth.refreshToken) {
updateData.refreshToken = mappedUpdates.openaiOauth.refreshToken
}
if (mappedUpdates.openaiOauth.expires_in) {
updateData.expiresAt = new Date(
Date.now() + mappedUpdates.openaiOauth.expires_in * 1000
).toISOString()
}
}
// 更新账户信息
if (mappedUpdates.accountInfo) {
updateData.accountId = mappedUpdates.accountInfo.accountId || currentAccount.accountId
updateData.chatgptUserId =
mappedUpdates.accountInfo.chatgptUserId || currentAccount.chatgptUserId
updateData.organizationId =
mappedUpdates.accountInfo.organizationId || currentAccount.organizationId
updateData.organizationRole =
mappedUpdates.accountInfo.organizationRole || currentAccount.organizationRole
updateData.organizationTitle =
mappedUpdates.accountInfo.organizationTitle || currentAccount.organizationTitle
updateData.planType = mappedUpdates.accountInfo.planType || currentAccount.planType
updateData.email = mappedUpdates.accountInfo.email || currentAccount.email
updateData.emailVerified =
mappedUpdates.accountInfo.emailVerified !== undefined
? mappedUpdates.accountInfo.emailVerified
: currentAccount.emailVerified
}
const updatedAccount = await openaiAccountService.updateAccount(id, updateData)
// 如果需要刷新但不强制成功(非关键更新)
if (needsImmediateRefresh && !requireRefreshSuccess) {
try {
logger.info(`🔄 尝试刷新 OpenAI 账户 ${id}`)
await openaiAccountService.refreshAccountToken(id)
logger.info(`✅ 刷新成功`)
} catch (refreshError) {
logger.warn(`⚠️ 刷新失败,但账户信息已更新: ${refreshError.message}`)
}
}
logger.success(`📝 Admin updated OpenAI account: ${id}`)
return res.json({ success: true, data: updatedAccount })
} catch (error) {
logger.error('❌ Failed to update OpenAI account:', error)
return res.status(500).json({ error: 'Failed to update account', message: error.message })
}
})
// 删除 OpenAI 账户
router.delete('/:id', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const account = await openaiAccountService.getAccount(id)
if (!account) {
return res.status(404).json({
success: false,
message: '账户不存在'
})
}
// 自动解绑所有绑定的 API Keys
const unboundCount = await apiKeyService.unbindAccountFromAllKeys(id, 'openai')
// 如果账户在分组中,从分组中移除
if (account.accountType === 'group') {
const group = await accountGroupService.getAccountGroup(id)
if (group) {
await accountGroupService.removeAccountFromGroup(id, group.id)
}
}
await openaiAccountService.deleteAccount(id)
let message = 'OpenAI账号已成功删除'
if (unboundCount > 0) {
message += `${unboundCount} 个 API Key 已切换为共享池模式`
}
logger.success(
`✅ 删除 OpenAI 账户成功: ${account.name} (ID: ${id}), unbound ${unboundCount} keys`
)
return res.json({
success: true,
message,
unboundKeys: unboundCount
})
} catch (error) {
logger.error('删除 OpenAI 账户失败:', error)
return res.status(500).json({
success: false,
message: '删除账户失败',
error: error.message
})
}
})
// 切换 OpenAI 账户状态
router.put('/:id/toggle', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const account = await redis.getOpenAiAccount(id)
if (!account) {
return res.status(404).json({
success: false,
message: '账户不存在'
})
}
// 切换启用状态
account.enabled = !account.enabled
account.updatedAt = new Date().toISOString()
// TODO: 更新方法
// await redis.updateOpenAiAccount(id, account)
logger.success(
`${account.enabled ? '启用' : '禁用'} OpenAI 账户: ${account.name} (ID: ${id})`
)
return res.json({
success: true,
data: account
})
} catch (error) {
logger.error('切换 OpenAI 账户状态失败:', error)
return res.status(500).json({
success: false,
message: '切换账户状态失败',
error: error.message
})
}
})
// 重置 OpenAI 账户状态(清除所有异常状态)
router.post('/:accountId/reset-status', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const result = await openaiAccountService.resetAccountStatus(accountId)
logger.success(`✅ Admin reset status for OpenAI account: ${accountId}`)
return res.json({ success: true, data: result })
} catch (error) {
logger.error('❌ Failed to reset OpenAI account status:', error)
return res.status(500).json({ error: 'Failed to reset status', message: error.message })
}
})
// 切换 OpenAI 账户调度状态
router.put('/:accountId/toggle-schedulable', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
const result = await openaiAccountService.toggleSchedulable(accountId)
// 如果账号被禁用发送webhook通知
if (!result.schedulable) {
// 获取账号信息
const account = await redis.getOpenAiAccount(accountId)
if (account) {
await webhookNotifier.sendAccountAnomalyNotification({
accountId: account.id,
accountName: account.name || 'OpenAI Account',
platform: 'openai',
status: 'disabled',
errorCode: 'OPENAI_MANUALLY_DISABLED',
reason: '账号已被管理员手动禁用调度',
timestamp: new Date().toISOString()
})
}
}
return res.json({
success: result.success,
schedulable: result.schedulable,
message: result.schedulable ? '已启用调度' : '已禁用调度'
})
} catch (error) {
logger.error('切换 OpenAI 账户调度状态失败:', error)
return res.status(500).json({
success: false,
message: '切换调度状态失败',
error: error.message
})
}
})
module.exports = router

450
src/routes/admin/openaiResponsesAccounts.js
View File

@@ -1,450 +0,0 @@
/**
* Admin Routes - OpenAI-Responses 账户管理
* 处理 OpenAI-Responses 账户的增删改查和状态管理
*/
const express = require('express')
const openaiResponsesAccountService = require('../../services/openaiResponsesAccountService')
const apiKeyService = require('../../services/apiKeyService')
const accountGroupService = require('../../services/accountGroupService')
const redis = require('../../models/redis')
const { authenticateAdmin } = require('../../middleware/auth')
const logger = require('../../utils/logger')
const webhookNotifier = require('../../utils/webhookNotifier')
const { formatAccountExpiry, mapExpiryField } = require('./utils')
const router = express.Router()
// ==================== OpenAI-Responses 账户管理 API ====================
// 获取所有 OpenAI-Responses 账户
router.get('/openai-responses-accounts', authenticateAdmin, async (req, res) => {
try {
const { platform, groupId } = req.query
let accounts = await openaiResponsesAccountService.getAllAccounts(true)
// 根据查询参数进行筛选
if (platform && platform !== 'openai-responses') {
accounts = []
}
// 根据分组ID筛选
if (groupId) {
const group = await accountGroupService.getGroup(groupId)
if (group && group.platform === 'openai') {
const groupMembers = await accountGroupService.getGroupMembers(groupId)
accounts = accounts.filter((account) => groupMembers.includes(account.id))
} else {
accounts = []
}
}
// 处理额度信息、使用统计和绑定的 API Key 数量
const accountsWithStats = await Promise.all(
accounts.map(async (account) => {
try {
// 检查是否需要重置额度
const today = redis.getDateStringInTimezone()
if (account.lastResetDate !== today) {
// 今天还没重置过,需要重置
await openaiResponsesAccountService.updateAccount(account.id, {
dailyUsage: '0',
lastResetDate: today,
quotaStoppedAt: ''
})
account.dailyUsage = '0'
account.lastResetDate = today
account.quotaStoppedAt = ''
}
// 检查并清除过期的限流状态
await openaiResponsesAccountService.checkAndClearRateLimit(account.id)
// 获取使用统计信息
let usageStats
try {
usageStats = await redis.getAccountUsageStats(account.id, 'openai-responses')
} catch (error) {
logger.debug(
`Failed to get usage stats for OpenAI-Responses account ${account.id}:`,
error
)
usageStats = {
daily: { requests: 0, tokens: 0, allTokens: 0 },
total: { requests: 0, tokens: 0, allTokens: 0 },
monthly: { requests: 0, tokens: 0, allTokens: 0 }
}
}
// 计算绑定的API Key数量支持 responses: 前缀)
const allKeys = await redis.getAllApiKeys()
let boundCount = 0
for (const key of allKeys) {
// 检查是否绑定了该账户(包括 responses: 前缀)
if (
key.openaiAccountId === account.id ||
key.openaiAccountId === `responses:${account.id}`
) {
boundCount++
}
}
// 调试日志:检查绑定计数
if (boundCount > 0) {
logger.info(`OpenAI-Responses account ${account.id} has ${boundCount} bound API keys`)
}
// 获取分组信息
const groupInfos = await accountGroupService.getAccountGroups(account.id)
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
groupInfos,
boundApiKeysCount: boundCount,
usage: {
daily: usageStats.daily,
total: usageStats.total,
monthly: usageStats.monthly
}
}
} catch (error) {
logger.error(`Failed to process OpenAI-Responses account ${account.id}:`, error)
const formattedAccount = formatAccountExpiry(account)
return {
...formattedAccount,
groupInfos: [],
boundApiKeysCount: 0,
usage: {
daily: { requests: 0, tokens: 0, allTokens: 0 },
total: { requests: 0, tokens: 0, allTokens: 0 },
monthly: { requests: 0, tokens: 0, allTokens: 0 }
}
}
}
})
)
res.json({ success: true, data: accountsWithStats })
} catch (error) {
logger.error('Failed to get OpenAI-Responses accounts:', error)
res.status(500).json({ success: false, message: error.message })
}
})
// 创建 OpenAI-Responses 账户
router.post('/openai-responses-accounts', authenticateAdmin, async (req, res) => {
try {
const accountData = req.body
// 验证分组类型
if (
accountData.accountType === 'group' &&
!accountData.groupId &&
(!accountData.groupIds || accountData.groupIds.length === 0)
) {
return res.status(400).json({
success: false,
error: 'Group ID is required for group type accounts'
})
}
const account = await openaiResponsesAccountService.createAccount(accountData)
// 如果是分组类型,处理分组绑定
if (accountData.accountType === 'group') {
if (accountData.groupIds && accountData.groupIds.length > 0) {
// 多分组模式
await accountGroupService.setAccountGroups(account.id, accountData.groupIds, 'openai')
logger.info(
`🏢 Added OpenAI-Responses account ${account.id} to groups: ${accountData.groupIds.join(', ')}`
)
} else if (accountData.groupId) {
// 单分组模式(向后兼容)
await accountGroupService.addAccountToGroup(account.id, accountData.groupId, 'openai')
logger.info(
`🏢 Added OpenAI-Responses account ${account.id} to group: ${accountData.groupId}`
)
}
}
const formattedAccount = formatAccountExpiry(account)
res.json({ success: true, data: formattedAccount })
} catch (error) {
logger.error('Failed to create OpenAI-Responses account:', error)
res.status(500).json({
success: false,
error: error.message
})
}
})
// 更新 OpenAI-Responses 账户
router.put('/openai-responses-accounts/:id', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const updates = req.body
// 获取当前账户信息
const currentAccount = await openaiResponsesAccountService.getAccount(id)
if (!currentAccount) {
return res.status(404).json({
success: false,
error: 'Account not found'
})
}
// ✅ 【新增】映射字段名:前端的 expiresAt -> 后端的 subscriptionExpiresAt
const mappedUpdates = mapExpiryField(updates, 'OpenAI-Responses', id)
// 验证priority的有效性1-100
if (mappedUpdates.priority !== undefined) {
const priority = parseInt(mappedUpdates.priority)
if (isNaN(priority) || priority < 1 || priority > 100) {
return res.status(400).json({
success: false,
message: 'Priority must be a number between 1 and 100'
})
}
mappedUpdates.priority = priority.toString()
}
// 处理分组变更
if (mappedUpdates.accountType !== undefined) {
// 如果之前是分组类型,需要从所有分组中移除
if (currentAccount.accountType === 'group') {
const oldGroups = await accountGroupService.getAccountGroups(id)
for (const oldGroup of oldGroups) {
await accountGroupService.removeAccountFromGroup(id, oldGroup.id)
}
logger.info(`📤 Removed OpenAI-Responses account ${id} from all groups`)
}
// 如果新类型是分组,处理多分组支持
if (mappedUpdates.accountType === 'group') {
if (Object.prototype.hasOwnProperty.call(mappedUpdates, 'groupIds')) {
if (mappedUpdates.groupIds && mappedUpdates.groupIds.length > 0) {
// 设置新的多分组
await accountGroupService.setAccountGroups(id, mappedUpdates.groupIds, 'openai')
logger.info(
`📥 Added OpenAI-Responses account ${id} to groups: ${mappedUpdates.groupIds.join(', ')}`
)
} else {
// groupIds 为空数组,从所有分组中移除
await accountGroupService.removeAccountFromAllGroups(id)
logger.info(
`📤 Removed OpenAI-Responses account ${id} from all groups (empty groupIds)`
)
}
} else if (mappedUpdates.groupId) {
// 向后兼容:仅当没有 groupIds 但有 groupId 时使用单分组逻辑
await accountGroupService.addAccountToGroup(id, mappedUpdates.groupId, 'openai')
logger.info(`📥 Added OpenAI-Responses account ${id} to group: ${mappedUpdates.groupId}`)
}
}
}
const result = await openaiResponsesAccountService.updateAccount(id, mappedUpdates)
if (!result.success) {
return res.status(400).json(result)
}
logger.success(`📝 Admin updated OpenAI-Responses account: ${id}`)
res.json({ success: true, ...result })
} catch (error) {
logger.error('Failed to update OpenAI-Responses account:', error)
res.status(500).json({
success: false,
error: error.message
})
}
})
// 删除 OpenAI-Responses 账户
router.delete('/openai-responses-accounts/:id', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const account = await openaiResponsesAccountService.getAccount(id)
if (!account) {
return res.status(404).json({
success: false,
message: 'Account not found'
})
}
// 自动解绑所有绑定的 API Keys
const unboundCount = await apiKeyService.unbindAccountFromAllKeys(id, 'openai-responses')
// 从所有分组中移除此账户
if (account.accountType === 'group') {
await accountGroupService.removeAccountFromAllGroups(id)
logger.info(`Removed OpenAI-Responses account ${id} from all groups`)
}
const result = await openaiResponsesAccountService.deleteAccount(id)
let message = 'OpenAI-Responses账号已成功删除'
if (unboundCount > 0) {
message += `${unboundCount} 个 API Key 已切换为共享池模式`
}
logger.success(`🗑️ Admin deleted OpenAI-Responses account: ${id}, unbound ${unboundCount} keys`)
res.json({
success: true,
...result,
message,
unboundKeys: unboundCount
})
} catch (error) {
logger.error('Failed to delete OpenAI-Responses account:', error)
res.status(500).json({
success: false,
error: error.message
})
}
})
// 切换 OpenAI-Responses 账户调度状态
router.put(
'/openai-responses-accounts/:id/toggle-schedulable',
authenticateAdmin,
async (req, res) => {
try {
const { id } = req.params
const result = await openaiResponsesAccountService.toggleSchedulable(id)
if (!result.success) {
return res.status(400).json(result)
}
// 仅在停止调度时发送通知
if (!result.schedulable) {
await webhookNotifier.sendAccountEvent('account.status_changed', {
accountId: id,
platform: 'openai-responses',
schedulable: result.schedulable,
changedBy: 'admin',
action: 'stopped_scheduling'
})
}
res.json(result)
} catch (error) {
logger.error('Failed to toggle OpenAI-Responses account schedulable status:', error)
res.status(500).json({
success: false,
error: error.message
})
}
}
)
// 切换 OpenAI-Responses 账户激活状态
router.put('/openai-responses-accounts/:id/toggle', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const account = await openaiResponsesAccountService.getAccount(id)
if (!account) {
return res.status(404).json({
success: false,
message: 'Account not found'
})
}
const newActiveStatus = account.isActive === 'true' ? 'false' : 'true'
await openaiResponsesAccountService.updateAccount(id, {
isActive: newActiveStatus
})
res.json({
success: true,
isActive: newActiveStatus === 'true'
})
} catch (error) {
logger.error('Failed to toggle OpenAI-Responses account status:', error)
res.status(500).json({
success: false,
error: error.message
})
}
})
// 重置 OpenAI-Responses 账户限流状态
router.post(
'/openai-responses-accounts/:id/reset-rate-limit',
authenticateAdmin,
async (req, res) => {
try {
const { id } = req.params
await openaiResponsesAccountService.updateAccount(id, {
rateLimitedAt: '',
rateLimitStatus: '',
status: 'active',
errorMessage: ''
})
logger.info(`🔄 Admin manually reset rate limit for OpenAI-Responses account ${id}`)
res.json({
success: true,
message: 'Rate limit reset successfully'
})
} catch (error) {
logger.error('Failed to reset OpenAI-Responses account rate limit:', error)
res.status(500).json({
success: false,
error: error.message
})
}
}
)
// 重置 OpenAI-Responses 账户状态(清除所有异常状态)
router.post('/openai-responses-accounts/:id/reset-status', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
const result = await openaiResponsesAccountService.resetAccountStatus(id)
logger.success(`✅ Admin reset status for OpenAI-Responses account: ${id}`)
return res.json({ success: true, data: result })
} catch (error) {
logger.error('❌ Failed to reset OpenAI-Responses account status:', error)
return res.status(500).json({ error: 'Failed to reset status', message: error.message })
}
})
// 手动重置 OpenAI-Responses 账户的每日使用量
router.post('/openai-responses-accounts/:id/reset-usage', authenticateAdmin, async (req, res) => {
try {
const { id } = req.params
await openaiResponsesAccountService.updateAccount(id, {
dailyUsage: '0',
lastResetDate: redis.getDateStringInTimezone(),
quotaStoppedAt: ''
})
logger.success(`✅ Admin manually reset daily usage for OpenAI-Responses account ${id}`)
res.json({
success: true,
message: 'Daily usage reset successfully'
})
} catch (error) {
logger.error('Failed to reset OpenAI-Responses account usage:', error)
res.status(500).json({
success: false,
error: error.message
})
}
})
module.exports = router

401
src/routes/admin/system.js
View File

@@ -1,401 +0,0 @@
const express = require('express')
const fs = require('fs')
const path = require('path')
const axios = require('axios')
const claudeCodeHeadersService = require('../../services/claudeCodeHeadersService')
const claudeAccountService = require('../../services/claudeAccountService')
const redis = require('../../models/redis')
const { authenticateAdmin } = require('../../middleware/auth')
const logger = require('../../utils/logger')
const config = require('../../../config/config')
const router = express.Router()
// ==================== Claude Code Headers 管理 ====================
// 获取所有 Claude Code headers
router.get('/claude-code-headers', authenticateAdmin, async (req, res) => {
try {
const allHeaders = await claudeCodeHeadersService.getAllAccountHeaders()
// 获取所有 Claude 账号信息
const accounts = await claudeAccountService.getAllAccounts()
const accountMap = {}
accounts.forEach((account) => {
accountMap[account.id] = account.name
})
// 格式化输出
const formattedData = Object.entries(allHeaders).map(([accountId, data]) => ({
accountId,
accountName: accountMap[accountId] || 'Unknown',
version: data.version,
userAgent: data.headers['user-agent'],
updatedAt: data.updatedAt,
headers: data.headers
}))
return res.json({
success: true,
data: formattedData
})
} catch (error) {
logger.error('❌ Failed to get Claude Code headers:', error)
return res
.status(500)
.json({ error: 'Failed to get Claude Code headers', message: error.message })
}
})
// 🗑️ 清除指定账号的 Claude Code headers
router.delete('/claude-code-headers/:accountId', authenticateAdmin, async (req, res) => {
try {
const { accountId } = req.params
await claudeCodeHeadersService.clearAccountHeaders(accountId)
return res.json({
success: true,
message: `Claude Code headers cleared for account ${accountId}`
})
} catch (error) {
logger.error('❌ Failed to clear Claude Code headers:', error)
return res
.status(500)
.json({ error: 'Failed to clear Claude Code headers', message: error.message })
}
})
// ==================== 系统更新检查 ====================
// 版本比较函数
function compareVersions(current, latest) {
const parseVersion = (v) => {
const parts = v.split('.').map(Number)
return {
major: parts[0] || 0,
minor: parts[1] || 0,
patch: parts[2] || 0
}
}
const currentV = parseVersion(current)
const latestV = parseVersion(latest)
if (currentV.major !== latestV.major) {
return currentV.major - latestV.major
}
if (currentV.minor !== latestV.minor) {
return currentV.minor - latestV.minor
}
return currentV.patch - latestV.patch
}
router.get('/check-updates', authenticateAdmin, async (req, res) => {
// 读取当前版本
const versionPath = path.join(__dirname, '../../../VERSION')
let currentVersion = '1.0.0'
try {
currentVersion = fs.readFileSync(versionPath, 'utf8').trim()
} catch (err) {
logger.warn('⚠️ Could not read VERSION file:', err.message)
}
try {
// 从缓存获取
const cacheKey = 'version_check_cache'
const cached = await redis.getClient().get(cacheKey)
if (cached && !req.query.force) {
const cachedData = JSON.parse(cached)
const cacheAge = Date.now() - cachedData.timestamp
// 缓存有效期1小时
if (cacheAge < 3600000) {
// 实时计算 hasUpdate不使用缓存的值
const hasUpdate = compareVersions(currentVersion, cachedData.latest) < 0
return res.json({
success: true,
data: {
current: currentVersion,
latest: cachedData.latest,
hasUpdate, // 实时计算,不用缓存
releaseInfo: cachedData.releaseInfo,
cached: true
}
})
}
}
// 请求 GitHub API
const githubRepo = 'wei-shaw/claude-relay-service'
const response = await axios.get(`https://api.github.com/repos/${githubRepo}/releases/latest`, {
headers: {
Accept: 'application/vnd.github.v3+json',
'User-Agent': 'Claude-Relay-Service'
},
timeout: 10000
})
const release = response.data
const latestVersion = release.tag_name.replace(/^v/, '')
// 比较版本
const hasUpdate = compareVersions(currentVersion, latestVersion) < 0
const releaseInfo = {
name: release.name,
body: release.body,
publishedAt: release.published_at,
htmlUrl: release.html_url
}
// 缓存结果(不缓存 hasUpdate因为它应该实时计算
await redis.getClient().set(
cacheKey,
JSON.stringify({
latest: latestVersion,
releaseInfo,
timestamp: Date.now()
}),
'EX',
3600
) // 1小时过期
return res.json({
success: true,
data: {
current: currentVersion,
latest: latestVersion,
hasUpdate,
releaseInfo,
cached: false
}
})
} catch (error) {
// 改进错误日志记录
const errorDetails = {
message: error.message || 'Unknown error',
code: error.code,
response: error.response
? {
status: error.response.status,
statusText: error.response.statusText,
data: error.response.data
}
: null,
request: error.request ? 'Request was made but no response received' : null
}
logger.error('❌ Failed to check for updates:', errorDetails.message)
// 处理 404 错误 - 仓库或版本不存在
if (error.response && error.response.status === 404) {
return res.json({
success: true,
data: {
current: currentVersion,
latest: currentVersion,
hasUpdate: false,
releaseInfo: {
name: 'No releases found',
body: 'The GitHub repository has no releases yet.',
publishedAt: new Date().toISOString(),
htmlUrl: '#'
},
warning: 'GitHub repository has no releases'
}
})
}
// 如果是网络错误,尝试返回缓存的数据
if (error.code === 'ECONNREFUSED' || error.code === 'ETIMEDOUT' || error.code === 'ENOTFOUND') {
const cacheKey = 'version_check_cache'
const cached = await redis.getClient().get(cacheKey)
if (cached) {
const cachedData = JSON.parse(cached)
// 实时计算 hasUpdate
const hasUpdate = compareVersions(currentVersion, cachedData.latest) < 0
return res.json({
success: true,
data: {
current: currentVersion,
latest: cachedData.latest,
hasUpdate, // 实时计算
releaseInfo: cachedData.releaseInfo,
cached: true,
warning: 'Using cached data due to network error'
}
})
}
}
// 其他错误返回当前版本信息
return res.json({
success: true,
data: {
current: currentVersion,
latest: currentVersion,
hasUpdate: false,
releaseInfo: {
name: 'Update check failed',
body: `Unable to check for updates: ${error.message || 'Unknown error'}`,
publishedAt: new Date().toISOString(),
htmlUrl: '#'
},
error: true,
warning: error.message || 'Failed to check for updates'
}
})
}
})
// ==================== OEM 设置管理 ====================
// 获取OEM设置公开接口用于显示
// 注意:这个端点没有 authenticateAdmin 中间件,因为前端登录页也需要访问
router.get('/oem-settings', async (req, res) => {
try {
const client = redis.getClient()
const oemSettings = await client.get('oem:settings')
// 默认设置
const defaultSettings = {
siteName: 'Claude Relay Service',
siteIcon: '',
siteIconData: '', // Base64编码的图标数据
showAdminButton: true, // 是否显示管理后台按钮
updatedAt: new Date().toISOString()
}
let settings = defaultSettings
if (oemSettings) {
try {
settings = { ...defaultSettings, ...JSON.parse(oemSettings) }
} catch (err) {
logger.warn('⚠️ Failed to parse OEM settings, using defaults:', err.message)
}
}
// 添加 LDAP 启用状态到响应中
return res.json({
success: true,
data: {
...settings,
ldapEnabled: config.ldap && config.ldap.enabled === true
}
})
} catch (error) {
logger.error('❌ Failed to get OEM settings:', error)
return res.status(500).json({ error: 'Failed to get OEM settings', message: error.message })
}
})
// 更新OEM设置
router.put('/oem-settings', authenticateAdmin, async (req, res) => {
try {
const { siteName, siteIcon, siteIconData, showAdminButton } = req.body
// 验证输入
if (!siteName || typeof siteName !== 'string' || siteName.trim().length === 0) {
return res.status(400).json({ error: 'Site name is required' })
}
if (siteName.length > 100) {
return res.status(400).json({ error: 'Site name must be less than 100 characters' })
}
// 验证图标数据大小如果是base64
if (siteIconData && siteIconData.length > 500000) {
// 约375KB
return res.status(400).json({ error: 'Icon file must be less than 350KB' })
}
// 验证图标URL如果提供
if (siteIcon && !siteIconData) {
// 简单验证URL格式
try {
new URL(siteIcon)
} catch (err) {
return res.status(400).json({ error: 'Invalid icon URL format' })
}
}
const settings = {
siteName: siteName.trim(),
siteIcon: (siteIcon || '').trim(),
siteIconData: (siteIconData || '').trim(), // Base64数据
showAdminButton: showAdminButton !== false, // 默认为true
updatedAt: new Date().toISOString()
}
const client = redis.getClient()
await client.set('oem:settings', JSON.stringify(settings))
logger.info(`✅ OEM settings updated: ${siteName}`)
return res.json({
success: true,
message: 'OEM settings updated successfully',
data: settings
})
} catch (error) {
logger.error('❌ Failed to update OEM settings:', error)
return res.status(500).json({ error: 'Failed to update OEM settings', message: error.message })
}
})
// ==================== Claude Code 版本管理 ====================
router.get('/claude-code-version', authenticateAdmin, async (req, res) => {
try {
const CACHE_KEY = 'claude_code_user_agent:daily'
// 获取缓存的统一User-Agent
const unifiedUserAgent = await redis.client.get(CACHE_KEY)
const ttl = unifiedUserAgent ? await redis.client.ttl(CACHE_KEY) : 0
res.json({
success: true,
userAgent: unifiedUserAgent,
isActive: !!unifiedUserAgent,
ttlSeconds: ttl,
lastUpdated: unifiedUserAgent ? new Date().toISOString() : null
})
} catch (error) {
logger.error('❌ Get unified Claude Code User-Agent error:', error)
res.status(500).json({
success: false,
message: 'Failed to get User-Agent information',
error: error.message
})
}
})
// 🗑️ 清除统一Claude Code User-Agent缓存
router.post('/claude-code-version/clear', authenticateAdmin, async (req, res) => {
try {
const CACHE_KEY = 'claude_code_user_agent:daily'
// 删除缓存的统一User-Agent
await redis.client.del(CACHE_KEY)
logger.info(`🗑️ Admin manually cleared unified Claude Code User-Agent cache`)
res.json({
success: true,
message: 'Unified User-Agent cache cleared successfully'
})
} catch (error) {
logger.error('❌ Clear unified User-Agent cache error:', error)
res.status(500).json({
success: false,
message: 'Failed to clear cache',
error: error.message
})
}
})
module.exports = router

2506
src/routes/admin/usageStats.js
View File

File diff suppressed because it is too large Load Diff

78
src/routes/admin/utils.js
View File

@@ -1,78 +0,0 @@
/**
* Admin Routes - 共享工具函数
* 供各个子路由模块导入使用
*/
const logger = require('../../utils/logger')
/**
* 处理可为空的时间字段
* @param {*} value - 输入值
* @returns {string|null} 规范化后的值
*/
function normalizeNullableDate(value) {
if (value === undefined || value === null) {
return null
}
if (typeof value === 'string') {
const trimmed = value.trim()
return trimmed === '' ? null : trimmed
}
return value
}
/**
* 映射前端的 expiresAt 字段到后端的 subscriptionExpiresAt 字段
* @param {Object} updates - 更新对象
* @param {string} accountType - 账户类型 (如 'Claude', 'OpenAI' 等)
* @param {string} accountId - 账户 ID
* @returns {Object} 映射后的更新对象
*/
function mapExpiryField(updates, accountType, accountId) {
const mappedUpdates = { ...updates }
if ('expiresAt' in mappedUpdates) {
mappedUpdates.subscriptionExpiresAt = mappedUpdates.expiresAt
delete mappedUpdates.expiresAt
logger.info(
`Mapping expiresAt to subscriptionExpiresAt for ${accountType} account ${accountId}`
)
}
return mappedUpdates
}
/**
* 格式化账户数据,确保前端获取正确的过期时间字段
* 将 subscriptionExpiresAt订阅过期时间映射到 expiresAt 供前端使用
* 保留原始的 tokenExpiresAtOAuth token过期时间供内部使用
* @param {Object} account - 账户对象
* @returns {Object} 格式化后的账户对象
*/
function formatAccountExpiry(account) {
if (!account || typeof account !== 'object') {
return account
}
const rawSubscription = Object.prototype.hasOwnProperty.call(account, 'subscriptionExpiresAt')
? account.subscriptionExpiresAt
: null
const rawToken = Object.prototype.hasOwnProperty.call(account, 'tokenExpiresAt')
? account.tokenExpiresAt
: account.expiresAt
const subscriptionExpiresAt = normalizeNullableDate(rawSubscription)
const tokenExpiresAt = normalizeNullableDate(rawToken)
return {
...account,
subscriptionExpiresAt,
tokenExpiresAt,
expiresAt: subscriptionExpiresAt
}
}
module.exports = {
normalizeNullableDate,
mapExpiryField,
formatAccountExpiry
}

1013
src/routes/api.js
View File

File diff suppressed because it is too large Load Diff

476
src/routes/apiStats.js
View File

@@ -3,9 +3,6 @@ const redis = require('../models/redis')
const logger = require('../utils/logger')
const apiKeyService = require('../services/apiKeyService')
const CostCalculator = require('../utils/costCalculator')
const claudeAccountService = require('../services/claudeAccountService')
const openaiAccountService = require('../services/openaiAccountService')
const { createClaudeTestPayload } = require('../utils/testPayloadHelper')
const router = express.Router()
@@ -34,8 +31,8 @@ router.post('/api/get-key-id', async (req, res) => {
})
}
// 验证API Key(使用不触发激活的验证方法)
const validation = await apiKeyService.validateApiKeyForStats(apiKey)
// 验证API Key
const validation = await apiKeyService.validateApiKey(apiKey)
if (!validation.valid) {
const clientIP = req.ip || req.connection?.remoteAddress || 'unknown'
@@ -96,21 +93,17 @@ router.post('/api/user-stats', async (req, res) => {
// 检查是否激活
if (keyData.isActive !== 'true') {
const keyName = keyData.name || 'Unknown'
return res.status(403).json({
error: 'API key is disabled',
message: `API Key "${keyName}" 已被禁用`,
keyName
message: 'This API key has been disabled'
})
}
// 检查是否过期
if (keyData.expiresAt && new Date() > new Date(keyData.expiresAt)) {
const keyName = keyData.name || 'Unknown'
return res.status(403).json({
error: 'API key has expired',
message: `API Key "${keyName}" 已过期`,
keyName
message: 'This API key has expired'
})
}
@@ -121,7 +114,6 @@ router.post('/api/user-stats', async (req, res) => {
// 获取当日费用统计
const dailyCost = await redis.getDailyCost(keyId)
const costStats = await redis.getCostStats(keyId)
// 处理数据格式,与 validateApiKey 返回的格式保持一致
// 解析限制模型数据
@@ -148,19 +140,12 @@ router.post('/api/user-stats', async (req, res) => {
rateLimitWindow: parseInt(keyData.rateLimitWindow) || 0,
rateLimitRequests: parseInt(keyData.rateLimitRequests) || 0,
dailyCostLimit: parseFloat(keyData.dailyCostLimit) || 0,
totalCostLimit: parseFloat(keyData.totalCostLimit) || 0,
dailyCost: dailyCost || 0,
totalCost: costStats.total || 0,
enableModelRestriction: keyData.enableModelRestriction === 'true',
restrictedModels,
enableClientRestriction: keyData.enableClientRestriction === 'true',
allowedClients,
permissions: keyData.permissions || 'all',
// 添加激活相关字段
expirationMode: keyData.expirationMode || 'fixed',
isActivated: keyData.isActivated === 'true',
activationDays: parseInt(keyData.activationDays || 0),
activatedAt: keyData.activatedAt || null,
usage // 使用完整的 usage 数据,而不是只有 total
}
} else if (apiKey) {
@@ -173,8 +158,8 @@ router.post('/api/user-stats', async (req, res) => {
})
}
// 验证API Key使用不触发激活的验证方法
const validation = await apiKeyService.validateApiKeyForStats(apiKey)
// 验证API Key重用现有的验证逻辑
const validation = await apiKeyService.validateApiKey(apiKey)
if (!validation.valid) {
const clientIP = req.ip || req.connection?.remoteAddress || 'unknown'
@@ -293,24 +278,21 @@ router.post('/api/user-stats', async (req, res) => {
// 获取当前使用量
let currentWindowRequests = 0
let currentWindowTokens = 0
let currentWindowCost = 0 // 新增:当前窗口费用
let currentDailyCost = 0
let windowStartTime = null
let windowEndTime = null
let windowRemainingSeconds = null
try {
// 获取当前时间窗口的请求次数Token使用量和费用
// 获取当前时间窗口的请求次数Token使用量
if (fullKeyData.rateLimitWindow > 0) {
const client = redis.getClientSafe()
const requestCountKey = `rate_limit:requests:${keyId}`
const tokenCountKey = `rate_limit:tokens:${keyId}`
const costCountKey = `rate_limit:cost:${keyId}` // 新增费用计数key
const windowStartKey = `rate_limit:window_start:${keyId}`
currentWindowRequests = parseInt((await client.get(requestCountKey)) || '0')
currentWindowTokens = parseInt((await client.get(tokenCountKey)) || '0')
currentWindowCost = parseFloat((await client.get(costCountKey)) || '0') // 新增:获取当前窗口费用
// 获取窗口开始时间和计算剩余时间
const windowStart = await client.get(windowStartKey)
@@ -331,7 +313,6 @@ router.post('/api/user-stats', async (req, res) => {
// 重置计数为0因为窗口已过期
currentWindowRequests = 0
currentWindowTokens = 0
currentWindowCost = 0 // 新增:重置窗口费用
}
}
}
@@ -342,63 +323,14 @@ router.post('/api/user-stats', async (req, res) => {
logger.warn(`Failed to get current usage for key ${keyId}:`, error)
}
const boundAccountDetails = {}
const accountDetailTasks = []
if (fullKeyData.claudeAccountId) {
accountDetailTasks.push(
(async () => {
try {
const overview = await claudeAccountService.getAccountOverview(
fullKeyData.claudeAccountId
)
if (overview && overview.accountType === 'dedicated') {
boundAccountDetails.claude = overview
}
} catch (error) {
logger.warn(`⚠️ Failed to load Claude account overview for key ${keyId}:`, error)
}
})()
)
}
if (fullKeyData.openaiAccountId) {
accountDetailTasks.push(
(async () => {
try {
const overview = await openaiAccountService.getAccountOverview(
fullKeyData.openaiAccountId
)
if (overview && overview.accountType === 'dedicated') {
boundAccountDetails.openai = overview
}
} catch (error) {
logger.warn(`⚠️ Failed to load OpenAI account overview for key ${keyId}:`, error)
}
})()
)
}
if (accountDetailTasks.length > 0) {
await Promise.allSettled(accountDetailTasks)
}
// 构建响应数据只返回该API Key自己的信息确保不泄露其他信息
const responseData = {
id: keyId,
name: fullKeyData.name,
description: fullKeyData.description || keyData.description || '',
description: keyData.description || '',
isActive: true, // 如果能通过validateApiKey验证说明一定是激活的
createdAt: fullKeyData.createdAt || keyData.createdAt,
expiresAt: fullKeyData.expiresAt || keyData.expiresAt,
// 添加激活相关字段
expirationMode: fullKeyData.expirationMode || 'fixed',
isActivated: fullKeyData.isActivated === true || fullKeyData.isActivated === 'true',
activationDays: parseInt(fullKeyData.activationDays || 0),
activatedAt: fullKeyData.activatedAt || null,
createdAt: keyData.createdAt,
expiresAt: keyData.expiresAt,
permissions: fullKeyData.permissions,
// 使用统计(使用验证结果中的完整数据)
@@ -424,17 +356,11 @@ router.post('/api/user-stats', async (req, res) => {
concurrencyLimit: fullKeyData.concurrencyLimit || 0,
rateLimitWindow: fullKeyData.rateLimitWindow || 0,
rateLimitRequests: fullKeyData.rateLimitRequests || 0,
rateLimitCost: parseFloat(fullKeyData.rateLimitCost) || 0, // 新增:费用限制
dailyCostLimit: fullKeyData.dailyCostLimit || 0,
totalCostLimit: fullKeyData.totalCostLimit || 0,
weeklyOpusCostLimit: parseFloat(fullKeyData.weeklyOpusCostLimit) || 0, // Opus 周费用限制
// 当前使用量
currentWindowRequests,
currentWindowTokens,
currentWindowCost, // 新增:当前窗口费用
currentDailyCost,
currentTotalCost: totalCost,
weeklyOpusCost: (await redis.getWeeklyOpusCost(keyId)) || 0, // 当前 Opus 周费用
// 时间窗口信息
windowStartTime,
windowEndTime,
@@ -450,12 +376,7 @@ router.post('/api/user-stats', async (req, res) => {
geminiAccountId:
fullKeyData.geminiAccountId && fullKeyData.geminiAccountId !== ''
? fullKeyData.geminiAccountId
: null,
openaiAccountId:
fullKeyData.openaiAccountId && fullKeyData.openaiAccountId !== ''
? fullKeyData.openaiAccountId
: null,
details: Object.keys(boundAccountDetails).length > 0 ? boundAccountDetails : null
: null
},
// 模型和客户端限制信息
@@ -480,377 +401,6 @@ router.post('/api/user-stats', async (req, res) => {
}
})
// 📊 批量查询统计数据接口
router.post('/api/batch-stats', async (req, res) => {
try {
const { apiIds } = req.body
// 验证输入
if (!apiIds || !Array.isArray(apiIds) || apiIds.length === 0) {
return res.status(400).json({
error: 'Invalid input',
message: 'API IDs array is required'
})
}
// 限制最多查询 30 个
if (apiIds.length > 30) {
return res.status(400).json({
error: 'Too many keys',
message: 'Maximum 30 API keys can be queried at once'
})
}
// 验证所有 ID 格式
const uuidRegex = /^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/i
const invalidIds = apiIds.filter((id) => !uuidRegex.test(id))
if (invalidIds.length > 0) {
return res.status(400).json({
error: 'Invalid API ID format',
message: `Invalid API IDs: ${invalidIds.join(', ')}`
})
}
const individualStats = []
const aggregated = {
totalKeys: apiIds.length,
activeKeys: 0,
usage: {
requests: 0,
inputTokens: 0,
outputTokens: 0,
cacheCreateTokens: 0,
cacheReadTokens: 0,
allTokens: 0,
cost: 0,
formattedCost: '$0.000000'
},
dailyUsage: {
requests: 0,
inputTokens: 0,
outputTokens: 0,
cacheCreateTokens: 0,
cacheReadTokens: 0,
allTokens: 0,
cost: 0,
formattedCost: '$0.000000'
},
monthlyUsage: {
requests: 0,
inputTokens: 0,
outputTokens: 0,
cacheCreateTokens: 0,
cacheReadTokens: 0,
allTokens: 0,
cost: 0,
formattedCost: '$0.000000'
}
}
// 并行查询所有 API Key 数据复用单key查询逻辑
const results = await Promise.allSettled(
apiIds.map(async (apiId) => {
const keyData = await redis.getApiKey(apiId)
if (!keyData || Object.keys(keyData).length === 0) {
return { error: 'Not found', apiId }
}
// 检查是否激活
if (keyData.isActive !== 'true') {
return { error: 'Disabled', apiId }
}
// 检查是否过期
if (keyData.expiresAt && new Date() > new Date(keyData.expiresAt)) {
return { error: 'Expired', apiId }
}
// 复用单key查询的逻辑获取使用统计
const usage = await redis.getUsageStats(apiId)
// 获取费用统计与单key查询一致
const costStats = await redis.getCostStats(apiId)
return {
apiId,
name: keyData.name,
description: keyData.description || '',
isActive: true,
createdAt: keyData.createdAt,
usage: usage.total || {},
dailyStats: {
...usage.daily,
cost: costStats.daily
},
monthlyStats: {
...usage.monthly,
cost: costStats.monthly
},
totalCost: costStats.total
}
})
)
// 处理结果并聚合
results.forEach((result) => {
if (result.status === 'fulfilled' && result.value && !result.value.error) {
const stats = result.value
aggregated.activeKeys++
// 聚合总使用量
if (stats.usage) {
aggregated.usage.requests += stats.usage.requests || 0
aggregated.usage.inputTokens += stats.usage.inputTokens || 0
aggregated.usage.outputTokens += stats.usage.outputTokens || 0
aggregated.usage.cacheCreateTokens += stats.usage.cacheCreateTokens || 0
aggregated.usage.cacheReadTokens += stats.usage.cacheReadTokens || 0
aggregated.usage.allTokens += stats.usage.allTokens || 0
}
// 聚合总费用
aggregated.usage.cost += stats.totalCost || 0
// 聚合今日使用量
aggregated.dailyUsage.requests += stats.dailyStats.requests || 0
aggregated.dailyUsage.inputTokens += stats.dailyStats.inputTokens || 0
aggregated.dailyUsage.outputTokens += stats.dailyStats.outputTokens || 0
aggregated.dailyUsage.cacheCreateTokens += stats.dailyStats.cacheCreateTokens || 0
aggregated.dailyUsage.cacheReadTokens += stats.dailyStats.cacheReadTokens || 0
aggregated.dailyUsage.allTokens += stats.dailyStats.allTokens || 0
aggregated.dailyUsage.cost += stats.dailyStats.cost || 0
// 聚合本月使用量
aggregated.monthlyUsage.requests += stats.monthlyStats.requests || 0
aggregated.monthlyUsage.inputTokens += stats.monthlyStats.inputTokens || 0
aggregated.monthlyUsage.outputTokens += stats.monthlyStats.outputTokens || 0
aggregated.monthlyUsage.cacheCreateTokens += stats.monthlyStats.cacheCreateTokens || 0
aggregated.monthlyUsage.cacheReadTokens += stats.monthlyStats.cacheReadTokens || 0
aggregated.monthlyUsage.allTokens += stats.monthlyStats.allTokens || 0
aggregated.monthlyUsage.cost += stats.monthlyStats.cost || 0
// 添加到个体统计
individualStats.push({
apiId: stats.apiId,
name: stats.name,
isActive: true,
usage: stats.usage,
dailyUsage: {
...stats.dailyStats,
formattedCost: CostCalculator.formatCost(stats.dailyStats.cost || 0)
},
monthlyUsage: {
...stats.monthlyStats,
formattedCost: CostCalculator.formatCost(stats.monthlyStats.cost || 0)
}
})
}
})
// 格式化费用显示
aggregated.usage.formattedCost = CostCalculator.formatCost(aggregated.usage.cost)
aggregated.dailyUsage.formattedCost = CostCalculator.formatCost(aggregated.dailyUsage.cost)
aggregated.monthlyUsage.formattedCost = CostCalculator.formatCost(aggregated.monthlyUsage.cost)
logger.api(`📊 Batch stats query for ${apiIds.length} keys from ${req.ip || 'unknown'}`)
return res.json({
success: true,
data: {
aggregated,
individual: individualStats
}
})
} catch (error) {
logger.error('❌ Failed to process batch stats query:', error)
return res.status(500).json({
error: 'Internal server error',
message: 'Failed to retrieve batch statistics'
})
}
})
// 📊 批量模型统计查询接口
router.post('/api/batch-model-stats', async (req, res) => {
try {
const { apiIds, period = 'daily' } = req.body
// 验证输入
if (!apiIds || !Array.isArray(apiIds) || apiIds.length === 0) {
return res.status(400).json({
error: 'Invalid input',
message: 'API IDs array is required'
})
}
// 限制最多查询 30 个
if (apiIds.length > 30) {
return res.status(400).json({
error: 'Too many keys',
message: 'Maximum 30 API keys can be queried at once'
})
}
const client = redis.getClientSafe()
const tzDate = redis.getDateInTimezone()
const today = redis.getDateStringInTimezone()
const currentMonth = `${tzDate.getFullYear()}-${String(tzDate.getMonth() + 1).padStart(2, '0')}`
const modelUsageMap = new Map()
// 并行查询所有 API Key 的模型统计
await Promise.all(
apiIds.map(async (apiId) => {
const pattern =
period === 'daily'
? `usage:${apiId}:model:daily:*:${today}`
: `usage:${apiId}:model:monthly:*:${currentMonth}`
const keys = await client.keys(pattern)
for (const key of keys) {
const match = key.match(
period === 'daily'
? /usage:.+:model:daily:(.+):\d{4}-\d{2}-\d{2}$/
: /usage:.+:model:monthly:(.+):\d{4}-\d{2}$/
)
if (!match) {
continue
}
const model = match[1]
const data = await client.hgetall(key)
if (data && Object.keys(data).length > 0) {
if (!modelUsageMap.has(model)) {
modelUsageMap.set(model, {
requests: 0,
inputTokens: 0,
outputTokens: 0,
cacheCreateTokens: 0,
cacheReadTokens: 0,
allTokens: 0
})
}
const modelUsage = modelUsageMap.get(model)
modelUsage.requests += parseInt(data.requests) || 0
modelUsage.inputTokens += parseInt(data.inputTokens) || 0
modelUsage.outputTokens += parseInt(data.outputTokens) || 0
modelUsage.cacheCreateTokens += parseInt(data.cacheCreateTokens) || 0
modelUsage.cacheReadTokens += parseInt(data.cacheReadTokens) || 0
modelUsage.allTokens += parseInt(data.allTokens) || 0
}
}
})
)
// 转换为数组并计算费用
const modelStats = []
for (const [model, usage] of modelUsageMap) {
const usageData = {
input_tokens: usage.inputTokens,
output_tokens: usage.outputTokens,
cache_creation_input_tokens: usage.cacheCreateTokens,
cache_read_input_tokens: usage.cacheReadTokens
}
const costData = CostCalculator.calculateCost(usageData, model)
modelStats.push({
model,
requests: usage.requests,
inputTokens: usage.inputTokens,
outputTokens: usage.outputTokens,
cacheCreateTokens: usage.cacheCreateTokens,
cacheReadTokens: usage.cacheReadTokens,
allTokens: usage.allTokens,
costs: costData.costs,
formatted: costData.formatted,
pricing: costData.pricing
})
}
// 按总 token 数降序排列
modelStats.sort((a, b) => b.allTokens - a.allTokens)
logger.api(`📊 Batch model stats query for ${apiIds.length} keys, period: ${period}`)
return res.json({
success: true,
data: modelStats,
period
})
} catch (error) {
logger.error('❌ Failed to process batch model stats query:', error)
return res.status(500).json({
error: 'Internal server error',
message: 'Failed to retrieve batch model statistics'
})
}
})
// 🧪 API Key 端点测试接口 - 测试API Key是否能正常访问服务
router.post('/api-key/test', async (req, res) => {
const config = require('../../config/config')
const { sendStreamTestRequest } = require('../utils/testPayloadHelper')
try {
const { apiKey, model = 'claude-sonnet-4-5-20250929' } = req.body
if (!apiKey) {
return res.status(400).json({
error: 'API Key is required',
message: 'Please provide your API Key'
})
}
if (typeof apiKey !== 'string' || apiKey.length < 10 || apiKey.length > 512) {
return res.status(400).json({
error: 'Invalid API key format',
message: 'API key format is invalid'
})
}
const validation = await apiKeyService.validateApiKeyForStats(apiKey)
if (!validation.valid) {
return res.status(401).json({
error: 'Invalid API key',
message: validation.error
})
}
logger.api(`🧪 API Key test started for: ${validation.keyData.name} (${validation.keyData.id})`)
const port = config.server.port || 3000
const apiUrl = `http://127.0.0.1:${port}/api/v1/messages?beta=true`
await sendStreamTestRequest({
apiUrl,
authorization: apiKey,
responseStream: res,
payload: createClaudeTestPayload(model, { stream: true }),
timeout: 60000,
extraHeaders: { 'x-api-key': apiKey }
})
} catch (error) {
logger.error('❌ API Key test failed:', error)
if (!res.headersSent) {
return res.status(500).json({
error: 'Test failed',
message: error.message || 'Internal server error'
})
}
res.write(
`data: ${JSON.stringify({ type: 'error', error: error.message || 'Test failed' })}\n\n`
)
res.end()
}
})
// 📊 用户模型统计查询接口 - 安全的自查询接口
router.post('/api/user-model-stats', async (req, res) => {
try {
@@ -884,11 +434,9 @@ router.post('/api/user-model-stats', async (req, res) => {
// 检查是否激活
if (keyData.isActive !== 'true') {
const keyName = keyData.name || 'Unknown'
return res.status(403).json({
error: 'API key is disabled',
message: `API Key "${keyName}" 已被禁用`,
keyName
message: 'This API key has been disabled'
})
}

98
src/routes/azureOpenaiRoutes.js
View File

@@ -14,11 +14,8 @@ const ALLOWED_MODELS = {
'gpt-4-turbo',
'gpt-4o',
'gpt-4o-mini',
'gpt-5',
'gpt-5-mini',
'gpt-35-turbo',
'gpt-35-turbo-16k',
'codex-mini'
'gpt-35-turbo-16k'
],
EMBEDDING_MODELS: ['text-embedding-ada-002', 'text-embedding-3-small', 'text-embedding-3-large']
}
@@ -237,99 +234,6 @@ router.post('/chat/completions', authenticateApiKey, async (req, res) => {
}
})
// 处理响应请求 (gpt-5, gpt-5-mini, codex-mini models)
router.post('/responses', authenticateApiKey, async (req, res) => {
const requestId = `azure_resp_${Date.now()}_${crypto.randomBytes(8).toString('hex')}`
const sessionId = req.sessionId || req.headers['x-session-id'] || null
logger.info(`🚀 Azure OpenAI Responses Request ${requestId}`, {
apiKeyId: req.apiKey?.id,
sessionId,
model: req.body.model,
stream: req.body.stream || false,
messages: req.body.messages?.length || 0
})
try {
// 获取绑定的 Azure OpenAI 账户
let account = null
if (req.apiKey?.azureOpenaiAccountId) {
account = await azureOpenaiAccountService.getAccount(req.apiKey.azureOpenaiAccountId)
if (!account) {
logger.warn(`Bound Azure OpenAI account not found: ${req.apiKey.azureOpenaiAccountId}`)
}
}
// 如果没有绑定账户或账户不可用,选择一个可用账户
if (!account || account.isActive !== 'true') {
account = await azureOpenaiAccountService.selectAvailableAccount(sessionId)
}
// 发送请求到 Azure OpenAI
const response = await azureOpenaiRelayService.handleAzureOpenAIRequest({
account,
requestBody: req.body,
headers: req.headers,
isStream: req.body.stream || false,
endpoint: 'responses'
})
// 处理流式响应
if (req.body.stream) {
await azureOpenaiRelayService.handleStreamResponse(response, res, {
onEnd: async ({ usageData, actualModel }) => {
if (usageData) {
const modelToRecord = actualModel || req.body.model || 'unknown'
await usageReporter.reportOnce(
requestId,
usageData,
req.apiKey.id,
modelToRecord,
account.id
)
}
},
onError: (error) => {
logger.error(`Stream error for request ${requestId}:`, error)
}
})
} else {
// 处理非流式响应
const { usageData, actualModel } = azureOpenaiRelayService.handleNonStreamResponse(
response,
res
)
if (usageData) {
const modelToRecord = actualModel || req.body.model || 'unknown'
await usageReporter.reportOnce(
requestId,
usageData,
req.apiKey.id,
modelToRecord,
account.id
)
}
}
} catch (error) {
logger.error(`Azure OpenAI responses request failed ${requestId}:`, error)
if (!res.headersSent) {
const statusCode = error.response?.status || 500
const errorMessage =
error.response?.data?.error?.message || error.message || 'Internal server error'
res.status(statusCode).json({
error: {
message: errorMessage,
type: 'azure_openai_error',
code: error.code || 'unknown'
}
})
}
}
})
// 处理嵌入请求
router.post('/embeddings', authenticateApiKey, async (req, res) => {
const requestId = `azure_embed_${Date.now()}_${crypto.randomBytes(8).toString('hex')}`

196
src/routes/droidRoutes.js
View File

@@ -1,196 +0,0 @@
const crypto = require('crypto')
const express = require('express')
const { authenticateApiKey } = require('../middleware/auth')
const droidRelayService = require('../services/droidRelayService')
const sessionHelper = require('../utils/sessionHelper')
const logger = require('../utils/logger')
const router = express.Router()
function hasDroidPermission(apiKeyData) {
const permissions = apiKeyData?.permissions || 'all'
return permissions === 'all' || permissions === 'droid'
}
/**
* Droid API 转发路由
*
* 支持的 Factory.ai 端点:
* - /droid/claude - Anthropic (Claude) Messages API
* - /droid/openai - OpenAI Responses API
* - /droid/comm - OpenAI Chat Completions API
*/
// Claude (Anthropic) 端点 - /v1/messages
router.post('/claude/v1/messages', authenticateApiKey, async (req, res) => {
try {
const sessionHash = sessionHelper.generateSessionHash(req.body)
if (!hasDroidPermission(req.apiKey)) {
logger.security(
`🚫 API Key ${req.apiKey?.id || 'unknown'} 缺少 Droid 权限,拒绝访问 ${req.originalUrl}`
)
return res.status(403).json({
error: 'permission_denied',
message: '此 API Key 未启用 Droid 权限'
})
}
const result = await droidRelayService.relayRequest(
req.body,
req.apiKey,
req,
res,
req.headers,
{ endpointType: 'anthropic', sessionHash }
)
// 如果是流式响应,已经在 relayService 中处理了
if (result.streaming) {
return
}
// 非流式响应
res.status(result.statusCode).set(result.headers).send(result.body)
} catch (error) {
logger.error('Droid Claude relay error:', error)
res.status(500).json({
error: 'internal_server_error',
message: error.message
})
}
})
// Comm 端点 - /v1/chat/completionsOpenAI Chat Completions 格式)
router.post('/comm/v1/chat/completions', authenticateApiKey, async (req, res) => {
try {
const sessionId =
req.headers['session_id'] ||
req.headers['x-session-id'] ||
req.body?.session_id ||
req.body?.conversation_id ||
null
const sessionHash = sessionId
? crypto.createHash('sha256').update(String(sessionId)).digest('hex')
: null
if (!hasDroidPermission(req.apiKey)) {
logger.security(
`🚫 API Key ${req.apiKey?.id || 'unknown'} 缺少 Droid 权限,拒绝访问 ${req.originalUrl}`
)
return res.status(403).json({
error: 'permission_denied',
message: '此 API Key 未启用 Droid 权限'
})
}
const result = await droidRelayService.relayRequest(
req.body,
req.apiKey,
req,
res,
req.headers,
{ endpointType: 'comm', sessionHash }
)
if (result.streaming) {
return
}
res.status(result.statusCode).set(result.headers).send(result.body)
} catch (error) {
logger.error('Droid Comm relay error:', error)
res.status(500).json({
error: 'internal_server_error',
message: error.message
})
}
})
// OpenAI 端点 - /v1/responses
router.post(['/openai/v1/responses', '/openai/responses'], authenticateApiKey, async (req, res) => {
try {
const sessionId =
req.headers['session_id'] ||
req.headers['x-session-id'] ||
req.body?.session_id ||
req.body?.conversation_id ||
null
const sessionHash = sessionId
? crypto.createHash('sha256').update(String(sessionId)).digest('hex')
: null
if (!hasDroidPermission(req.apiKey)) {
logger.security(
`🚫 API Key ${req.apiKey?.id || 'unknown'} 缺少 Droid 权限,拒绝访问 ${req.originalUrl}`
)
return res.status(403).json({
error: 'permission_denied',
message: '此 API Key 未启用 Droid 权限'
})
}
const result = await droidRelayService.relayRequest(
req.body,
req.apiKey,
req,
res,
req.headers,
{ endpointType: 'openai', sessionHash }
)
if (result.streaming) {
return
}
res.status(result.statusCode).set(result.headers).send(result.body)
} catch (error) {
logger.error('Droid OpenAI relay error:', error)
res.status(500).json({
error: 'internal_server_error',
message: error.message
})
}
})
// 模型列表端点(兼容性)
router.get('/*/v1/models', authenticateApiKey, async (req, res) => {
try {
// 返回可用的模型列表
const models = [
{
id: 'claude-opus-4-1-20250805',
object: 'model',
created: Date.now(),
owned_by: 'anthropic'
},
{
id: 'claude-sonnet-4-5-20250929',
object: 'model',
created: Date.now(),
owned_by: 'anthropic'
},
{
id: 'gpt-5-2025-08-07',
object: 'model',
created: Date.now(),
owned_by: 'openai'
}
]
res.json({
object: 'list',
data: models
})
} catch (error) {
logger.error('Droid models list error:', error)
res.status(500).json({
error: 'internal_server_error',
message: error.message
})
}
})
module.exports = router

913
src/routes/geminiRoutes.js
View File

@@ -1,108 +1,843 @@
/**
* Gemini API 路由模块(精简版)
*
* 该模块只包含 geminiRoutes 独有的路由:
* - /messages - OpenAI 兼容格式消息处理
* - /models - 模型列表
* - /usage - 使用统计
* - /key-info - API Key 信息
* - /v1internal:listExperiments - 实验列表
* - /v1beta/models/:modelName:listExperiments - 带模型参数的实验列表
*
* 其他标准 Gemini API 路由由 standardGeminiRoutes.js 处理。
* 所有处理函数都从 geminiHandlers.js 导入,以避免代码重复。
*/
const express = require('express')
const router = express.Router()
const logger = require('../utils/logger')
const { authenticateApiKey } = require('../middleware/auth')
const geminiAccountService = require('../services/geminiAccountService')
const { sendGeminiRequest, getAvailableModels } = require('../services/geminiRelayService')
const crypto = require('crypto')
const sessionHelper = require('../utils/sessionHelper')
const unifiedGeminiScheduler = require('../services/unifiedGeminiScheduler')
const apiKeyService = require('../services/apiKeyService')
// const { OAuth2Client } = require('google-auth-library'); // OAuth2Client is not used in this file
// 从 handlers/geminiHandlers.js 导入所有处理函数
// 生成会话哈希
function generateSessionHash(req) {
const sessionData = [
req.headers['user-agent'],
req.ip,
req.headers['x-api-key']?.substring(0, 10)
]
.filter(Boolean)
.join(':')
return crypto.createHash('sha256').update(sessionData).digest('hex')
}
// 检查 API Key 权限
function checkPermissions(apiKeyData, requiredPermission = 'gemini') {
const permissions = apiKeyData.permissions || 'all'
return permissions === 'all' || permissions === requiredPermission
}
// Gemini 消息处理端点
router.post('/messages', authenticateApiKey, async (req, res) => {
const startTime = Date.now()
let abortController = null
try {
const apiKeyData = req.apiKey
// 检查权限
if (!checkPermissions(apiKeyData, 'gemini')) {
return res.status(403).json({
error: {
message: 'This API key does not have permission to access Gemini',
type: 'permission_denied'
}
})
}
// 提取请求参数
const {
handleMessages,
handleModels,
handleUsage,
handleKeyInfo,
handleSimpleEndpoint,
// 以下函数需要导出供其他模块使用(如 unified.js
handleGenerateContent,
handleStreamGenerateContent,
handleLoadCodeAssist,
handleOnboardUser,
handleCountTokens,
handleStandardGenerateContent,
handleStandardStreamGenerateContent,
ensureGeminiPermissionMiddleware
} = require('../handlers/geminiHandlers')
messages,
model = 'gemini-2.0-flash-exp',
temperature = 0.7,
max_tokens = 4096,
stream = false
} = req.body
// ============================================================================
// OpenAI 兼容格式路由
// ============================================================================
// 验证必需参数
if (!messages || !Array.isArray(messages) || messages.length === 0) {
return res.status(400).json({
error: {
message: 'Messages array is required',
type: 'invalid_request_error'
}
})
}
/**
* POST /messages
* OpenAI 兼容格式的消息处理端点
*/
router.post('/messages', authenticateApiKey, handleMessages)
// 生成会话哈希用于粘性会话
const sessionHash = generateSessionHash(req)
// ============================================================================
// 模型和信息路由
// ============================================================================
// 使用统一调度选择可用的 Gemini 账户(传递请求的模型)
let accountId
try {
const schedulerResult = await unifiedGeminiScheduler.selectAccountForApiKey(
apiKeyData,
sessionHash,
model // 传递请求的模型进行过滤
)
const { accountId: selectedAccountId } = schedulerResult
accountId = selectedAccountId
} catch (error) {
logger.error('Failed to select Gemini account:', error)
return res.status(503).json({
error: {
message: error.message || 'No available Gemini accounts',
type: 'service_unavailable'
}
})
}
/**
* GET /models
* 获取可用模型列表
*/
router.get('/models', authenticateApiKey, handleModels)
// 获取账户详情
const account = await geminiAccountService.getAccount(accountId)
if (!account) {
return res.status(503).json({
error: {
message: 'Selected account not found',
type: 'service_unavailable'
}
})
}
/**
* GET /usage
* 获取使用情况统计
*/
router.get('/usage', authenticateApiKey, handleUsage)
logger.info(`Using Gemini account: ${account.id} for API key: ${apiKeyData.id}`)
/**
* GET /key-info
* 获取 API Key 信息
*/
router.get('/key-info', authenticateApiKey, handleKeyInfo)
// 标记账户被使用
await geminiAccountService.markAccountUsed(account.id)
// ============================================================================
// v1internal 独有路由listExperiments
// ============================================================================
// 创建中止控制器
abortController = new AbortController()
/**
* POST /v1internal:listExperiments
* 列出实验(只有 geminiRoutes 定义此路由)
*/
router.post(
'/v1internal\\:listExperiments',
authenticateApiKey,
handleSimpleEndpoint('listExperiments')
// 处理客户端断开连接
req.on('close', () => {
if (abortController && !abortController.signal.aborted) {
logger.info('Client disconnected, aborting Gemini request')
abortController.abort()
}
})
// 发送请求到 Gemini
const geminiResponse = await sendGeminiRequest({
messages,
model,
temperature,
maxTokens: max_tokens,
stream,
accessToken: account.accessToken,
proxy: account.proxy,
apiKeyId: apiKeyData.id,
signal: abortController.signal,
projectId: account.projectId,
accountId: account.id
})
if (stream) {
// 设置流式响应头
res.setHeader('Content-Type', 'text/event-stream')
res.setHeader('Cache-Control', 'no-cache')
res.setHeader('Connection', 'keep-alive')
res.setHeader('X-Accel-Buffering', 'no')
// 流式传输响应
for await (const chunk of geminiResponse) {
if (abortController.signal.aborted) {
break
}
res.write(chunk)
}
res.end()
} else {
// 非流式响应
res.json(geminiResponse)
}
const duration = Date.now() - startTime
logger.info(`Gemini request completed in ${duration}ms`)
} catch (error) {
logger.error('Gemini request error:', error)
// 处理速率限制
if (error.status === 429) {
if (req.apiKey && req.account) {
await geminiAccountService.setAccountRateLimited(req.account.id, true)
}
}
// 返回错误响应
const status = error.status || 500
const errorResponse = {
error: error.error || {
message: error.message || 'Internal server error',
type: 'api_error'
}
}
res.status(status).json(errorResponse)
} finally {
// 清理资源
if (abortController) {
abortController = null
}
}
return undefined
})
// 获取可用模型列表
router.get('/models', authenticateApiKey, async (req, res) => {
try {
const apiKeyData = req.apiKey
// 检查权限
if (!checkPermissions(apiKeyData, 'gemini')) {
return res.status(403).json({
error: {
message: 'This API key does not have permission to access Gemini',
type: 'permission_denied'
}
})
}
// 选择账户获取模型列表
let account = null
try {
const accountSelection = await unifiedGeminiScheduler.selectAccountForApiKey(
apiKeyData,
null,
null
)
account = await geminiAccountService.getAccount(accountSelection.accountId)
} catch (error) {
logger.warn('Failed to select Gemini account for models endpoint:', error)
}
if (!account) {
// 返回默认模型列表
return res.json({
object: 'list',
data: [
{
id: 'gemini-2.0-flash-exp',
object: 'model',
created: Date.now() / 1000,
owned_by: 'google'
}
]
})
}
// 获取模型列表
const models = await getAvailableModels(account.accessToken, account.proxy)
res.json({
object: 'list',
data: models
})
} catch (error) {
logger.error('Failed to get Gemini models:', error)
res.status(500).json({
error: {
message: 'Failed to retrieve models',
type: 'api_error'
}
})
}
return undefined
})
// 使用情况统计(与 Claude 共用)
router.get('/usage', authenticateApiKey, async (req, res) => {
try {
const { usage } = req.apiKey
res.json({
object: 'usage',
total_tokens: usage.total.tokens,
total_requests: usage.total.requests,
daily_tokens: usage.daily.tokens,
daily_requests: usage.daily.requests,
monthly_tokens: usage.monthly.tokens,
monthly_requests: usage.monthly.requests
})
} catch (error) {
logger.error('Failed to get usage stats:', error)
res.status(500).json({
error: {
message: 'Failed to retrieve usage statistics',
type: 'api_error'
}
})
}
})
// API Key 信息(与 Claude 共用)
router.get('/key-info', authenticateApiKey, async (req, res) => {
try {
const keyData = req.apiKey
res.json({
id: keyData.id,
name: keyData.name,
permissions: keyData.permissions || 'all',
token_limit: keyData.tokenLimit,
tokens_used: keyData.usage.total.tokens,
tokens_remaining:
keyData.tokenLimit > 0
? Math.max(0, keyData.tokenLimit - keyData.usage.total.tokens)
: null,
rate_limit: {
window: keyData.rateLimitWindow,
requests: keyData.rateLimitRequests
},
concurrency_limit: keyData.concurrencyLimit,
model_restrictions: {
enabled: keyData.enableModelRestriction,
models: keyData.restrictedModels
}
})
} catch (error) {
logger.error('Failed to get key info:', error)
res.status(500).json({
error: {
message: 'Failed to retrieve API key information',
type: 'api_error'
}
})
}
})
// 共用的 loadCodeAssist 处理函数
async function handleLoadCodeAssist(req, res) {
try {
const sessionHash = sessionHelper.generateSessionHash(req.body)
// 使用统一调度选择账号(传递请求的模型)
const requestedModel = req.body.model
const { accountId } = await unifiedGeminiScheduler.selectAccountForApiKey(
req.apiKey,
sessionHash,
requestedModel
)
const account = await geminiAccountService.getAccount(accountId)
const { accessToken, refreshToken, projectId } = account
const { metadata, cloudaicompanionProject } = req.body
const version = req.path.includes('v1beta') ? 'v1beta' : 'v1internal'
logger.info(`LoadCodeAssist request (${version})`, {
metadata: metadata || {},
requestedProject: cloudaicompanionProject || null,
accountProject: projectId || null,
apiKeyId: req.apiKey?.id || 'unknown'
})
const client = await geminiAccountService.getOauthClient(accessToken, refreshToken)
// 根据账户配置决定项目ID
// 1. 如果账户有项目ID -> 使用账户的项目ID强制覆盖
// 2. 如果账户没有项目ID -> 传递 null移除项目ID
let effectiveProjectId = null
if (projectId) {
// 账户配置了项目ID强制使用它
effectiveProjectId = projectId
logger.info('Using account project ID for loadCodeAssist:', effectiveProjectId)
} else {
// 账户没有配置项目ID确保不传递项目ID
effectiveProjectId = null
logger.info('No project ID in account for loadCodeAssist, removing project parameter')
}
const response = await geminiAccountService.loadCodeAssist(client, effectiveProjectId)
res.json(response)
} catch (error) {
const version = req.path.includes('v1beta') ? 'v1beta' : 'v1internal'
logger.error(`Error in loadCodeAssist endpoint (${version})`, { error: error.message })
res.status(500).json({
error: 'Internal server error',
message: error.message
})
}
}
// 共用的 onboardUser 处理函数
async function handleOnboardUser(req, res) {
try {
// 提取请求参数
const { tierId, cloudaicompanionProject, metadata } = req.body
const sessionHash = sessionHelper.generateSessionHash(req.body)
// 使用统一调度选择账号(传递请求的模型)
const requestedModel = req.body.model
const { accountId } = await unifiedGeminiScheduler.selectAccountForApiKey(
req.apiKey,
sessionHash,
requestedModel
)
const account = await geminiAccountService.getAccount(accountId)
const { accessToken, refreshToken, projectId } = account
const version = req.path.includes('v1beta') ? 'v1beta' : 'v1internal'
logger.info(`OnboardUser request (${version})`, {
tierId: tierId || 'not provided',
requestedProject: cloudaicompanionProject || null,
accountProject: projectId || null,
metadata: metadata || {},
apiKeyId: req.apiKey?.id || 'unknown'
})
const client = await geminiAccountService.getOauthClient(accessToken, refreshToken)
// 根据账户配置决定项目ID
// 1. 如果账户有项目ID -> 使用账户的项目ID强制覆盖
// 2. 如果账户没有项目ID -> 传递 null移除项目ID
let effectiveProjectId = null
if (projectId) {
// 账户配置了项目ID强制使用它
effectiveProjectId = projectId
logger.info('Using account project ID:', effectiveProjectId)
} else {
// 账户没有配置项目ID确保不传递项目ID即使客户端传了也要移除
effectiveProjectId = null
logger.info('No project ID in account, removing project parameter')
}
// 如果提供了 tierId直接调用 onboardUser
if (tierId) {
const response = await geminiAccountService.onboardUser(
client,
tierId,
effectiveProjectId, // 使用处理后的项目ID
metadata
)
/**
* POST /v1beta/models/:modelName:listExperiments
* 带模型参数的实验列表(只有 geminiRoutes 定义此路由)
*/
router.post(
'/v1beta/models/:modelName\\:listExperiments',
authenticateApiKey,
handleSimpleEndpoint('listExperiments')
res.json(response)
} else {
// 否则执行完整的 setupUser 流程
const response = await geminiAccountService.setupUser(
client,
effectiveProjectId, // 使用处理后的项目ID
metadata
)
// ============================================================================
// 导出
// ============================================================================
res.json(response)
}
} catch (error) {
const version = req.path.includes('v1beta') ? 'v1beta' : 'v1internal'
logger.error(`Error in onboardUser endpoint (${version})`, { error: error.message })
res.status(500).json({
error: 'Internal server error',
message: error.message
})
}
}
// 共用的 countTokens 处理函数
async function handleCountTokens(req, res) {
try {
// 处理请求体结构,支持直接 contents 或 request.contents
const requestData = req.body.request || req.body
const { contents, model = 'gemini-2.0-flash-exp' } = requestData
const sessionHash = sessionHelper.generateSessionHash(req.body)
// 验证必需参数
if (!contents || !Array.isArray(contents)) {
return res.status(400).json({
error: {
message: 'Contents array is required',
type: 'invalid_request_error'
}
})
}
// 使用统一调度选择账号
const { accountId } = await unifiedGeminiScheduler.selectAccountForApiKey(
req.apiKey,
sessionHash,
model
)
const { accessToken, refreshToken } = await geminiAccountService.getAccount(accountId)
const version = req.path.includes('v1beta') ? 'v1beta' : 'v1internal'
logger.info(`CountTokens request (${version})`, {
model,
contentsLength: contents.length,
apiKeyId: req.apiKey?.id || 'unknown'
})
const client = await geminiAccountService.getOauthClient(accessToken, refreshToken)
const response = await geminiAccountService.countTokens(client, contents, model)
res.json(response)
} catch (error) {
const version = req.path.includes('v1beta') ? 'v1beta' : 'v1internal'
logger.error(`Error in countTokens endpoint (${version})`, { error: error.message })
res.status(500).json({
error: {
message: error.message || 'Internal server error',
type: 'api_error'
}
})
}
return undefined
}
// 共用的 generateContent 处理函数
async function handleGenerateContent(req, res) {
try {
const { model, project, user_prompt_id, request: requestData } = req.body
const sessionHash = sessionHelper.generateSessionHash(req.body)
// 处理不同格式的请求
let actualRequestData = requestData
if (!requestData) {
if (req.body.messages) {
// 这是 OpenAI 格式的请求,构建 Gemini 格式的 request 对象
actualRequestData = {
contents: req.body.messages.map((msg) => ({
role: msg.role === 'assistant' ? 'model' : msg.role,
parts: [{ text: msg.content }]
})),
generationConfig: {
temperature: req.body.temperature !== undefined ? req.body.temperature : 0.7,
maxOutputTokens: req.body.max_tokens !== undefined ? req.body.max_tokens : 4096,
topP: req.body.top_p !== undefined ? req.body.top_p : 0.95,
topK: req.body.top_k !== undefined ? req.body.top_k : 40
}
}
} else if (req.body.contents) {
// 直接的 Gemini 格式请求(没有 request 包装)
actualRequestData = req.body
}
}
// 验证必需参数
if (!actualRequestData || !actualRequestData.contents) {
return res.status(400).json({
error: {
message: 'Request contents are required',
type: 'invalid_request_error'
}
})
}
// 使用统一调度选择账号
const { accountId } = await unifiedGeminiScheduler.selectAccountForApiKey(
req.apiKey,
sessionHash,
model
)
const account = await geminiAccountService.getAccount(accountId)
const { accessToken, refreshToken } = account
const version = req.path.includes('v1beta') ? 'v1beta' : 'v1internal'
logger.info(`GenerateContent request (${version})`, {
model,
userPromptId: user_prompt_id,
projectId: project || account.projectId,
apiKeyId: req.apiKey?.id || 'unknown'
})
const client = await geminiAccountService.getOauthClient(accessToken, refreshToken)
// 解析账户的代理配置
let proxyConfig = null
if (account.proxy) {
try {
proxyConfig = typeof account.proxy === 'string' ? JSON.parse(account.proxy) : account.proxy
} catch (e) {
logger.warn('Failed to parse proxy configuration:', e)
}
}
const response = await geminiAccountService.generateContent(
client,
{ model, request: actualRequestData },
user_prompt_id,
account.projectId, // 始终使用账户配置的项目ID忽略请求中的project
req.apiKey?.id, // 使用 API Key ID 作为 session ID
proxyConfig // 传递代理配置
)
// 记录使用统计
if (response?.response?.usageMetadata) {
try {
const usage = response.response.usageMetadata
await apiKeyService.recordUsage(
req.apiKey.id,
usage.promptTokenCount || 0,
usage.candidatesTokenCount || 0,
0, // cacheCreateTokens
0, // cacheReadTokens
model,
account.id
)
logger.info(
`📊 Recorded Gemini usage - Input: ${usage.promptTokenCount}, Output: ${usage.candidatesTokenCount}, Total: ${usage.totalTokenCount}`
)
} catch (error) {
logger.error('Failed to record Gemini usage:', error)
}
}
res.json(response)
} catch (error) {
const version = req.path.includes('v1beta') ? 'v1beta' : 'v1internal'
// 打印详细的错误信息
logger.error(`Error in generateContent endpoint (${version})`, {
message: error.message,
status: error.response?.status,
statusText: error.response?.statusText,
responseData: error.response?.data,
requestUrl: error.config?.url,
requestMethod: error.config?.method,
stack: error.stack
})
res.status(500).json({
error: {
message: error.message || 'Internal server error',
type: 'api_error'
}
})
}
return undefined
}
// 共用的 streamGenerateContent 处理函数
async function handleStreamGenerateContent(req, res) {
let abortController = null
try {
const { model, project, user_prompt_id, request: requestData } = req.body
const sessionHash = sessionHelper.generateSessionHash(req.body)
// 处理不同格式的请求
let actualRequestData = requestData
if (!requestData) {
if (req.body.messages) {
// 这是 OpenAI 格式的请求,构建 Gemini 格式的 request 对象
actualRequestData = {
contents: req.body.messages.map((msg) => ({
role: msg.role === 'assistant' ? 'model' : msg.role,
parts: [{ text: msg.content }]
})),
generationConfig: {
temperature: req.body.temperature !== undefined ? req.body.temperature : 0.7,
maxOutputTokens: req.body.max_tokens !== undefined ? req.body.max_tokens : 4096,
topP: req.body.top_p !== undefined ? req.body.top_p : 0.95,
topK: req.body.top_k !== undefined ? req.body.top_k : 40
}
}
} else if (req.body.contents) {
// 直接的 Gemini 格式请求(没有 request 包装)
actualRequestData = req.body
}
}
// 验证必需参数
if (!actualRequestData || !actualRequestData.contents) {
return res.status(400).json({
error: {
message: 'Request contents are required',
type: 'invalid_request_error'
}
})
}
// 使用统一调度选择账号
const { accountId } = await unifiedGeminiScheduler.selectAccountForApiKey(
req.apiKey,
sessionHash,
model
)
const account = await geminiAccountService.getAccount(accountId)
const { accessToken, refreshToken } = account
const version = req.path.includes('v1beta') ? 'v1beta' : 'v1internal'
logger.info(`StreamGenerateContent request (${version})`, {
model,
userPromptId: user_prompt_id,
projectId: project || account.projectId,
apiKeyId: req.apiKey?.id || 'unknown'
})
// 创建中止控制器
abortController = new AbortController()
// 处理客户端断开连接
req.on('close', () => {
if (abortController && !abortController.signal.aborted) {
logger.info('Client disconnected, aborting stream request')
abortController.abort()
}
})
const client = await geminiAccountService.getOauthClient(accessToken, refreshToken)
// 解析账户的代理配置
let proxyConfig = null
if (account.proxy) {
try {
proxyConfig = typeof account.proxy === 'string' ? JSON.parse(account.proxy) : account.proxy
} catch (e) {
logger.warn('Failed to parse proxy configuration:', e)
}
}
const streamResponse = await geminiAccountService.generateContentStream(
client,
{ model, request: actualRequestData },
user_prompt_id,
account.projectId, // 始终使用账户配置的项目ID忽略请求中的project
req.apiKey?.id, // 使用 API Key ID 作为 session ID
abortController.signal, // 传递中止信号
proxyConfig // 传递代理配置
)
// 设置 SSE 响应头
res.setHeader('Content-Type', 'text/event-stream')
res.setHeader('Cache-Control', 'no-cache')
res.setHeader('Connection', 'keep-alive')
res.setHeader('X-Accel-Buffering', 'no')
// 处理流式响应并捕获usage数据
let buffer = ''
let totalUsage = {
promptTokenCount: 0,
candidatesTokenCount: 0,
totalTokenCount: 0
}
const usageReported = false
streamResponse.on('data', (chunk) => {
try {
const chunkStr = chunk.toString()
// 直接转发数据到客户端
if (!res.destroyed) {
res.write(chunkStr)
}
// 同时解析数据以捕获usage信息
buffer += chunkStr
const lines = buffer.split('\n')
buffer = lines.pop() || ''
for (const line of lines) {
if (line.startsWith('data: ') && line.length > 6) {
try {
const jsonStr = line.slice(6)
if (jsonStr && jsonStr !== '[DONE]') {
const data = JSON.parse(jsonStr)
// 从响应中提取usage数据
if (data.response?.usageMetadata) {
totalUsage = data.response.usageMetadata
logger.debug('📊 Captured Gemini usage data:', totalUsage)
}
}
} catch (e) {
// 忽略解析错误
}
}
}
} catch (error) {
logger.error('Error processing stream chunk:', error)
}
})
streamResponse.on('end', async () => {
logger.info('Stream completed successfully')
// 记录使用统计
if (!usageReported && totalUsage.totalTokenCount > 0) {
try {
await apiKeyService.recordUsage(
req.apiKey.id,
totalUsage.promptTokenCount || 0,
totalUsage.candidatesTokenCount || 0,
0, // cacheCreateTokens
0, // cacheReadTokens
model,
account.id
)
logger.info(
`📊 Recorded Gemini stream usage - Input: ${totalUsage.promptTokenCount}, Output: ${totalUsage.candidatesTokenCount}, Total: ${totalUsage.totalTokenCount}`
)
} catch (error) {
logger.error('Failed to record Gemini usage:', error)
}
}
res.end()
})
streamResponse.on('error', (error) => {
logger.error('Stream error:', error)
if (!res.headersSent) {
res.status(500).json({
error: {
message: error.message || 'Stream error',
type: 'api_error'
}
})
} else {
res.end()
}
})
} catch (error) {
const version = req.path.includes('v1beta') ? 'v1beta' : 'v1internal'
// 打印详细的错误信息
logger.error(`Error in streamGenerateContent endpoint (${version})`, {
message: error.message,
status: error.response?.status,
statusText: error.response?.statusText,
responseData: error.response?.data,
requestUrl: error.config?.url,
requestMethod: error.config?.method,
stack: error.stack
})
if (!res.headersSent) {
res.status(500).json({
error: {
message: error.message || 'Internal server error',
type: 'api_error'
}
})
}
} finally {
// 清理资源
if (abortController) {
abortController = null
}
}
return undefined
}
// 注册所有路由端点
// v1internal 版本的端点
router.post('/v1internal\\:loadCodeAssist', authenticateApiKey, handleLoadCodeAssist)
router.post('/v1internal\\:onboardUser', authenticateApiKey, handleOnboardUser)
router.post('/v1internal\\:countTokens', authenticateApiKey, handleCountTokens)
router.post('/v1internal\\:generateContent', authenticateApiKey, handleGenerateContent)
router.post('/v1internal\\:streamGenerateContent', authenticateApiKey, handleStreamGenerateContent)
// v1beta 版本的端点 - 支持动态模型名称
router.post('/v1beta/models/:modelName\\:loadCodeAssist', authenticateApiKey, handleLoadCodeAssist)
router.post('/v1beta/models/:modelName\\:onboardUser', authenticateApiKey, handleOnboardUser)
router.post('/v1beta/models/:modelName\\:countTokens', authenticateApiKey, handleCountTokens)
router.post(
'/v1beta/models/:modelName\\:generateContent',
authenticateApiKey,
handleGenerateContent
)
router.post(
'/v1beta/models/:modelName\\:streamGenerateContent',
authenticateApiKey,
handleStreamGenerateContent
)
module.exports = router
// 导出处理函数供其他模块使用(如 unified.js、standardGeminiRoutes.js
module.exports.handleLoadCodeAssist = handleLoadCodeAssist
module.exports.handleOnboardUser = handleOnboardUser
module.exports.handleCountTokens = handleCountTokens
module.exports.handleGenerateContent = handleGenerateContent
module.exports.handleStreamGenerateContent = handleStreamGenerateContent
module.exports.handleStandardGenerateContent = handleStandardGenerateContent
module.exports.handleStandardStreamGenerateContent = handleStandardStreamGenerateContent
module.exports.ensureGeminiPermissionMiddleware = ensureGeminiPermissionMiddleware

103
src/routes/openaiClaudeRoutes.js
View File

@@ -5,6 +5,8 @@
const express = require('express')
const router = express.Router()
const fs = require('fs')
const path = require('path')
const logger = require('../utils/logger')
const { authenticateApiKey } = require('../middleware/auth')
const claudeRelayService = require('../services/claudeRelayService')
@@ -13,9 +15,17 @@ const apiKeyService = require('../services/apiKeyService')
const unifiedClaudeScheduler = require('../services/unifiedClaudeScheduler')
const claudeCodeHeadersService = require('../services/claudeCodeHeadersService')
const sessionHelper = require('../utils/sessionHelper')
const { updateRateLimitCounters } = require('../utils/rateLimitHelper')
const pricingService = require('../services/pricingService')
const { getEffectiveModel } = require('../utils/modelHelper')
// 加载模型定价数据
let modelPricingData = {}
try {
const pricingPath = path.join(__dirname, '../../data/model_pricing.json')
const pricingContent = fs.readFileSync(pricingPath, 'utf8')
modelPricingData = JSON.parse(pricingContent)
logger.info('✅ Model pricing data loaded successfully')
} catch (error) {
logger.error('❌ Failed to load model pricing data:', error)
}
// 🔧 辅助函数:检查 API Key 权限
function checkPermissions(apiKeyData, requiredPermission = 'claude') {
@@ -23,27 +33,6 @@ function checkPermissions(apiKeyData, requiredPermission = 'claude') {
return permissions === 'all' || permissions === requiredPermission
}
function queueRateLimitUpdate(rateLimitInfo, usageSummary, model, context = '') {
if (!rateLimitInfo) {
return
}
const label = context ? ` (${context})` : ''
updateRateLimitCounters(rateLimitInfo, usageSummary, model)
.then(({ totalTokens, totalCost }) => {
if (totalTokens > 0) {
logger.api(`📊 Updated rate limit token count${label}: +${totalTokens} tokens`)
}
if (typeof totalCost === 'number' && totalCost > 0) {
logger.api(`💰 Updated rate limit cost count${label}: +$${totalCost.toFixed(6)}`)
}
})
.catch((error) => {
logger.error(`❌ Failed to update rate limit counters${label}:`, error)
})
}
// 📋 OpenAI 兼容的模型列表端点
router.get('/v1/models', authenticateApiKey, async (req, res) => {
try {
@@ -76,9 +65,9 @@ router.get('/v1/models', authenticateApiKey, async (req, res) => {
}
]
// 如果启用了模型限制,视为黑名单:过滤掉受限模型
// 如果启用了模型限制,过滤模型列表
if (apiKeyData.enableModelRestriction && apiKeyData.restrictedModels?.length > 0) {
models = models.filter((model) => !apiKeyData.restrictedModels.includes(model.id))
models = models.filter((model) => apiKeyData.restrictedModels.includes(model.id))
}
res.json({
@@ -115,9 +104,9 @@ router.get('/v1/models/:model', authenticateApiKey, async (req, res) => {
})
}
// 模型限制(黑名单):命中则直接拒绝
// 检查模型限制
if (apiKeyData.enableModelRestriction && apiKeyData.restrictedModels?.length > 0) {
if (apiKeyData.restrictedModels.includes(modelId)) {
if (!apiKeyData.restrictedModels.includes(modelId)) {
return res.status(404).json({
error: {
message: `Model '${modelId}' not found`,
@@ -129,7 +118,7 @@ router.get('/v1/models/:model', authenticateApiKey, async (req, res) => {
}
// 从 model_pricing.json 获取模型信息
const modelData = pricingService.getModelPricing(modelId)
const modelData = modelPricingData[modelId]
// 构建标准 OpenAI 格式的模型响应
let modelInfo
@@ -200,10 +189,9 @@ async function handleChatCompletion(req, res, apiKeyData) {
// 转换 OpenAI 请求为 Claude 格式
const claudeRequest = openaiToClaude.convertRequest(req.body)
// 模型限制(黑名单):命中受限模型则拒绝
// 检查模型限制
if (apiKeyData.enableModelRestriction && apiKeyData.restrictedModels?.length > 0) {
const effectiveModel = getEffectiveModel(claudeRequest.model || '')
if (apiKeyData.restrictedModels.includes(effectiveModel)) {
if (!apiKeyData.restrictedModels.includes(claudeRequest.model)) {
return res.status(403).json({
error: {
message: `Model ${req.body.model} is not allowed for this API key`,
@@ -218,23 +206,11 @@ async function handleChatCompletion(req, res, apiKeyData) {
const sessionHash = sessionHelper.generateSessionHash(claudeRequest)
// 选择可用的Claude账户
let accountSelection
try {
accountSelection = await unifiedClaudeScheduler.selectAccountForApiKey(
const accountSelection = await unifiedClaudeScheduler.selectAccountForApiKey(
apiKeyData,
sessionHash,
claudeRequest.model
)
} catch (error) {
if (error.code === 'CLAUDE_DEDICATED_RATE_LIMITED') {
const limitMessage = claudeRelayService._buildStandardRateLimitMessage(error.rateLimitEndAt)
return res.status(403).json({
error: 'upstream_rate_limited',
message: limitMessage
})
}
throw error
}
const { accountId } = accountSelection
// 获取该账号存储的 Claude Code headers
@@ -275,12 +251,6 @@ async function handleChatCompletion(req, res, apiKeyData) {
// 记录使用统计
if (usage && usage.input_tokens !== undefined && usage.output_tokens !== undefined) {
const model = usage.model || claudeRequest.model
const cacheCreateTokens =
(usage.cache_creation && typeof usage.cache_creation === 'object'
? (usage.cache_creation.ephemeral_5m_input_tokens || 0) +
(usage.cache_creation.ephemeral_1h_input_tokens || 0)
: usage.cache_creation_input_tokens || 0) || 0
const cacheReadTokens = usage.cache_read_input_tokens || 0
// 使用新的 recordUsageWithDetails 方法来支持详细的缓存数据
apiKeyService
@@ -293,18 +263,6 @@ async function handleChatCompletion(req, res, apiKeyData) {
.catch((error) => {
logger.error('❌ Failed to record usage:', error)
})
queueRateLimitUpdate(
req.rateLimitInfo,
{
inputTokens: usage.input_tokens || 0,
outputTokens: usage.output_tokens || 0,
cacheCreateTokens,
cacheReadTokens
},
model,
'openai-claude-stream'
)
}
},
// 流转换器
@@ -364,12 +322,6 @@ async function handleChatCompletion(req, res, apiKeyData) {
// 记录使用统计
if (claudeData.usage) {
const { usage } = claudeData
const cacheCreateTokens =
(usage.cache_creation && typeof usage.cache_creation === 'object'
? (usage.cache_creation.ephemeral_5m_input_tokens || 0) +
(usage.cache_creation.ephemeral_1h_input_tokens || 0)
: usage.cache_creation_input_tokens || 0) || 0
const cacheReadTokens = usage.cache_read_input_tokens || 0
// 使用新的 recordUsageWithDetails 方法来支持详细的缓存数据
apiKeyService
.recordUsageWithDetails(
@@ -381,18 +333,6 @@ async function handleChatCompletion(req, res, apiKeyData) {
.catch((error) => {
logger.error('❌ Failed to record usage:', error)
})
queueRateLimitUpdate(
req.rateLimitInfo,
{
inputTokens: usage.input_tokens || 0,
outputTokens: usage.output_tokens || 0,
cacheCreateTokens,
cacheReadTokens
},
claudeRequest.model,
'openai-claude-non-stream'
)
}
// 返回 OpenAI 格式响应
@@ -480,4 +420,3 @@ router.post('/v1/completions', authenticateApiKey, async (req, res) => {
})
module.exports = router
module.exports.handleChatCompletion = handleChatCompletion

50
src/routes/openaiGeminiRoutes.js
View File

@@ -9,10 +9,11 @@ const crypto = require('crypto')
// 生成会话哈希
function generateSessionHash(req) {
const authSource =
req.headers['authorization'] || req.headers['x-api-key'] || req.headers['x-goog-api-key']
const sessionData = [req.headers['user-agent'], req.ip, authSource?.substring(0, 20)]
const sessionData = [
req.headers['user-agent'],
req.ip,
req.headers['authorization']?.substring(0, 20)
]
.filter(Boolean)
.join(':')
@@ -310,16 +311,6 @@ router.post('/v1/chat/completions', authenticateApiKey, async (req, res) => {
// 标记账户被使用
await geminiAccountService.markAccountUsed(account.id)
// 解析账户的代理配置
let proxyConfig = null
if (account.proxy) {
try {
proxyConfig = typeof account.proxy === 'string' ? JSON.parse(account.proxy) : account.proxy
} catch (e) {
logger.warn('Failed to parse proxy configuration:', e)
}
}
// 创建中止控制器
abortController = new AbortController()
@@ -334,8 +325,7 @@ router.post('/v1/chat/completions', authenticateApiKey, async (req, res) => {
// 获取OAuth客户端
const client = await geminiAccountService.getOauthClient(
account.accessToken,
account.refreshToken,
proxyConfig
account.refreshToken
)
if (actualStream) {
// 流式响应
@@ -351,8 +341,7 @@ router.post('/v1/chat/completions', authenticateApiKey, async (req, res) => {
null, // user_prompt_id
account.projectId, // 使用有权限的项目ID
apiKeyData.id, // 使用 API Key ID 作为 session ID
abortController.signal, // 传递中止信号
proxyConfig // 传递代理配置
abortController.signal // 传递中止信号
)
// 设置流式响应头
@@ -386,7 +375,7 @@ router.post('/v1/chat/completions', authenticateApiKey, async (req, res) => {
candidatesTokenCount: 0,
totalTokenCount: 0
}
let usageReported = false // 修复:改为 let 以便后续修改
const usageReported = false
streamResponse.on('data', (chunk) => {
try {
@@ -512,9 +501,6 @@ router.post('/v1/chat/completions', authenticateApiKey, async (req, res) => {
logger.info(
`📊 Recorded Gemini stream usage - Input: ${totalUsage.promptTokenCount}, Output: ${totalUsage.candidatesTokenCount}, Total: ${totalUsage.totalTokenCount}`
)
// 修复:标记 usage 已上报,避免重复上报
usageReported = true
} catch (error) {
logger.error('Failed to record Gemini usage:', error)
}
@@ -537,23 +523,8 @@ router.post('/v1/chat/completions', authenticateApiKey, async (req, res) => {
})
} else {
// 如果已经开始发送流数据,发送错误事件
// 修复:使用 JSON.stringify 避免字符串插值导致的格式错误
if (!res.destroyed) {
try {
res.write(
`data: ${JSON.stringify({
error: {
message: error.message || 'Stream error',
type: 'stream_error',
code: error.code
}
})}\n\n`
)
res.write(`data: {"error": {"message": "${error.message || 'Stream error'}"}}\n\n`)
res.write('data: [DONE]\n\n')
} catch (writeError) {
logger.error('Error sending error event:', writeError)
}
}
res.end()
}
})
@@ -570,8 +541,7 @@ router.post('/v1/chat/completions', authenticateApiKey, async (req, res) => {
{ model, request: geminiRequestBody },
null, // user_prompt_id
account.projectId, // 使用有权限的项目ID
apiKeyData.id, // 使用 API Key ID 作为 session ID
proxyConfig // 传递代理配置
apiKeyData.id // 使用 API Key ID 作为 session ID
)
// 转换为 OpenAI 格式并返回

557
src/routes/openaiRoutes.js
View File

File diff suppressed because one or more lines are too long

264
src/routes/standardGeminiRoutes.js
View File

@@ -1,264 +0,0 @@
/**
* 标准 Gemini API 路由模块
*
* 该模块处理标准 Gemini API 格式的请求:
* - v1beta/models/:modelName:generateContent
* - v1beta/models/:modelName:streamGenerateContent
* - v1beta/models/:modelName:countTokens
* - v1beta/models/:modelName:loadCodeAssist
* - v1beta/models/:modelName:onboardUser
* - v1/models/:modelName:* (同上)
* - v1internal:* (内部格式)
* - v1beta/models, v1/models (模型列表)
* - v1beta/models/:modelName, v1/models/:modelName (模型详情)
*
* 所有处理函数都从 geminiHandlers.js 导入,以避免代码重复。
*/
const express = require('express')
const router = express.Router()
const { authenticateApiKey } = require('../middleware/auth')
const logger = require('../utils/logger')
// 从 handlers/geminiHandlers.js 导入所有处理函数
const {
ensureGeminiPermissionMiddleware,
handleLoadCodeAssist,
handleOnboardUser,
handleCountTokens,
handleGenerateContent,
handleStreamGenerateContent,
handleStandardGenerateContent,
handleStandardStreamGenerateContent,
handleModels,
handleModelDetails
} = require('../handlers/geminiHandlers')
// ============================================================================
// v1beta 版本的标准路由 - 支持动态模型名称
// ============================================================================
/**
* POST /v1beta/models/:modelName:loadCodeAssist
*/
router.post(
'/v1beta/models/:modelName\\:loadCodeAssist',
authenticateApiKey,
ensureGeminiPermissionMiddleware,
(req, res, next) => {
logger.info(`Standard Gemini API request: ${req.method} ${req.originalUrl}`)
handleLoadCodeAssist(req, res, next)
}
)
/**
* POST /v1beta/models/:modelName:onboardUser
*/
router.post(
'/v1beta/models/:modelName\\:onboardUser',
authenticateApiKey,
ensureGeminiPermissionMiddleware,
(req, res, next) => {
logger.info(`Standard Gemini API request: ${req.method} ${req.originalUrl}`)
handleOnboardUser(req, res, next)
}
)
/**
* POST /v1beta/models/:modelName:countTokens
*/
router.post(
'/v1beta/models/:modelName\\:countTokens',
authenticateApiKey,
ensureGeminiPermissionMiddleware,
(req, res, next) => {
logger.info(`Standard Gemini API request: ${req.method} ${req.originalUrl}`)
handleCountTokens(req, res, next)
}
)
/**
* POST /v1beta/models/:modelName:generateContent
* 使用专门的标准 API 处理函数(支持 OAuth 和 API 账户)
*/
router.post(
'/v1beta/models/:modelName\\:generateContent',
authenticateApiKey,
ensureGeminiPermissionMiddleware,
handleStandardGenerateContent
)
/**
* POST /v1beta/models/:modelName:streamGenerateContent
* 使用专门的标准 API 流式处理函数(支持 OAuth 和 API 账户)
*/
router.post(
'/v1beta/models/:modelName\\:streamGenerateContent',
authenticateApiKey,
ensureGeminiPermissionMiddleware,
handleStandardStreamGenerateContent
)
// ============================================================================
// v1 版本的标准路由(为了完整性,虽然 Gemini 主要使用 v1beta
// ============================================================================
/**
* POST /v1/models/:modelName:generateContent
*/
router.post(
'/v1/models/:modelName\\:generateContent',
authenticateApiKey,
ensureGeminiPermissionMiddleware,
handleStandardGenerateContent
)
/**
* POST /v1/models/:modelName:streamGenerateContent
*/
router.post(
'/v1/models/:modelName\\:streamGenerateContent',
authenticateApiKey,
ensureGeminiPermissionMiddleware,
handleStandardStreamGenerateContent
)
/**
* POST /v1/models/:modelName:countTokens
*/
router.post(
'/v1/models/:modelName\\:countTokens',
authenticateApiKey,
ensureGeminiPermissionMiddleware,
(req, res, next) => {
logger.info(`Standard Gemini API request (v1): ${req.method} ${req.originalUrl}`)
handleCountTokens(req, res, next)
}
)
// ============================================================================
// v1internal 版本的标准路由(这些使用内部格式的处理函数)
// ============================================================================
/**
* POST /v1internal:loadCodeAssist
*/
router.post(
'/v1internal\\:loadCodeAssist',
authenticateApiKey,
ensureGeminiPermissionMiddleware,
(req, res, next) => {
logger.info(`Standard Gemini API request (v1internal): ${req.method} ${req.originalUrl}`)
handleLoadCodeAssist(req, res, next)
}
)
/**
* POST /v1internal:onboardUser
*/
router.post(
'/v1internal\\:onboardUser',
authenticateApiKey,
ensureGeminiPermissionMiddleware,
(req, res, next) => {
logger.info(`Standard Gemini API request (v1internal): ${req.method} ${req.originalUrl}`)
handleOnboardUser(req, res, next)
}
)
/**
* POST /v1internal:countTokens
*/
router.post(
'/v1internal\\:countTokens',
authenticateApiKey,
ensureGeminiPermissionMiddleware,
(req, res, next) => {
logger.info(`Standard Gemini API request (v1internal): ${req.method} ${req.originalUrl}`)
handleCountTokens(req, res, next)
}
)
/**
* POST /v1internal:generateContent
* v1internal 格式使用内部格式的处理函数
*/
router.post(
'/v1internal\\:generateContent',
authenticateApiKey,
ensureGeminiPermissionMiddleware,
(req, res, next) => {
logger.info(`Standard Gemini API request (v1internal): ${req.method} ${req.originalUrl}`)
handleGenerateContent(req, res, next)
}
)
/**
* POST /v1internal:streamGenerateContent
* v1internal 格式使用内部格式的处理函数
*/
router.post(
'/v1internal\\:streamGenerateContent',
authenticateApiKey,
ensureGeminiPermissionMiddleware,
(req, res, next) => {
logger.info(`Standard Gemini API request (v1internal): ${req.method} ${req.originalUrl}`)
handleStreamGenerateContent(req, res, next)
}
)
// ============================================================================
// 模型列表端点
// ============================================================================
/**
* GET /v1beta/models
* 获取模型列表v1beta 版本)
*/
router.get('/v1beta/models', authenticateApiKey, ensureGeminiPermissionMiddleware, (req, res) => {
logger.info('Standard Gemini API models request (v1beta)')
handleModels(req, res)
})
/**
* GET /v1/models
* 获取模型列表v1 版本)
*/
router.get('/v1/models', authenticateApiKey, ensureGeminiPermissionMiddleware, (req, res) => {
logger.info('Standard Gemini API models request (v1)')
handleModels(req, res)
})
// ============================================================================
// 模型详情端点
// ============================================================================
/**
* GET /v1beta/models/:modelName
* 获取模型详情v1beta 版本)
*/
router.get(
'/v1beta/models/:modelName',
authenticateApiKey,
ensureGeminiPermissionMiddleware,
handleModelDetails
)
/**
* GET /v1/models/:modelName
* 获取模型详情v1 版本)
*/
router.get(
'/v1/models/:modelName',
authenticateApiKey,
ensureGeminiPermissionMiddleware,
handleModelDetails
)
// ============================================================================
// 初始化日志
// ============================================================================
logger.info('Standard Gemini API routes initialized')
module.exports = router

202
src/routes/unified.js
View File

@@ -1,202 +0,0 @@
const express = require('express')
const { authenticateApiKey } = require('../middleware/auth')
const logger = require('../utils/logger')
const { handleChatCompletion } = require('./openaiClaudeRoutes')
// 从 handlers/geminiHandlers.js 导入处理函数
const {
handleGenerateContent: geminiHandleGenerateContent,
handleStreamGenerateContent: geminiHandleStreamGenerateContent
} = require('../handlers/geminiHandlers')
const openaiRoutes = require('./openaiRoutes')
const router = express.Router()
// 🔍 根据模型名称检测后端类型
function detectBackendFromModel(modelName) {
if (!modelName) {
return 'claude' // 默认 Claude
}
const model = modelName.toLowerCase()
// Claude 模型
if (model.startsWith('claude-')) {
return 'claude'
}
// Gemini 模型
if (model.startsWith('gemini-')) {
return 'gemini'
}
// OpenAI 模型
if (model.startsWith('gpt-')) {
return 'openai'
}
// 默认使用 Claude
return 'claude'
}
// 🚀 智能后端路由处理器
async function routeToBackend(req, res, requestedModel) {
const backend = detectBackendFromModel(requestedModel)
logger.info(`🔀 Routing request - Model: ${requestedModel}, Backend: ${backend}`)
// 检查权限
const permissions = req.apiKey.permissions || 'all'
if (backend === 'claude') {
// Claude 后端:通过 OpenAI 兼容层
if (permissions !== 'all' && permissions !== 'claude') {
return res.status(403).json({
error: {
message: 'This API key does not have permission to access Claude',
type: 'permission_denied',
code: 'permission_denied'
}
})
}
await handleChatCompletion(req, res, req.apiKey)
} else if (backend === 'openai') {
// OpenAI 后端
if (permissions !== 'all' && permissions !== 'openai') {
return res.status(403).json({
error: {
message: 'This API key does not have permission to access OpenAI',
type: 'permission_denied',
code: 'permission_denied'
}
})
}
return await openaiRoutes.handleResponses(req, res)
} else if (backend === 'gemini') {
// Gemini 后端
if (permissions !== 'all' && permissions !== 'gemini') {
return res.status(403).json({
error: {
message: 'This API key does not have permission to access Gemini',
type: 'permission_denied',
code: 'permission_denied'
}
})
}
// 转换为 Gemini 格式
const geminiRequest = {
model: requestedModel,
messages: req.body.messages,
temperature: req.body.temperature || 0.7,
max_tokens: req.body.max_tokens || 4096,
stream: req.body.stream || false
}
req.body = geminiRequest
if (geminiRequest.stream) {
return await geminiHandleStreamGenerateContent(req, res)
} else {
return await geminiHandleGenerateContent(req, res)
}
} else {
return res.status(500).json({
error: {
message: `Unsupported backend: ${backend}`,
type: 'server_error',
code: 'unsupported_backend'
}
})
}
}
// 🔄 OpenAI 兼容的 chat/completions 端点(智能后端路由)
router.post('/v1/chat/completions', authenticateApiKey, async (req, res) => {
try {
// 验证必需参数
if (!req.body.messages || !Array.isArray(req.body.messages) || req.body.messages.length === 0) {
return res.status(400).json({
error: {
message: 'Messages array is required and cannot be empty',
type: 'invalid_request_error',
code: 'invalid_request'
}
})
}
const requestedModel = req.body.model || 'claude-3-5-sonnet-20241022'
req.body.model = requestedModel // 确保模型已设置
// 使用统一的后端路由处理器
await routeToBackend(req, res, requestedModel)
} catch (error) {
logger.error('❌ OpenAI chat/completions error:', error)
if (!res.headersSent) {
res.status(500).json({
error: {
message: 'Internal server error',
type: 'server_error',
code: 'internal_error'
}
})
}
}
})
// 🔄 OpenAI 兼容的 completions 端点(传统格式,智能后端路由)
router.post('/v1/completions', authenticateApiKey, async (req, res) => {
try {
// 验证必需参数
if (!req.body.prompt) {
return res.status(400).json({
error: {
message: 'Prompt is required',
type: 'invalid_request_error',
code: 'invalid_request'
}
})
}
// 将传统 completions 格式转换为 chat 格式
const originalBody = req.body
const requestedModel = originalBody.model || 'claude-3-5-sonnet-20241022'
req.body = {
model: requestedModel,
messages: [
{
role: 'user',
content: originalBody.prompt
}
],
max_tokens: originalBody.max_tokens,
temperature: originalBody.temperature,
top_p: originalBody.top_p,
stream: originalBody.stream,
stop: originalBody.stop,
n: originalBody.n || 1,
presence_penalty: originalBody.presence_penalty,
frequency_penalty: originalBody.frequency_penalty,
logit_bias: originalBody.logit_bias,
user: originalBody.user
}
// 使用统一的后端路由处理器
await routeToBackend(req, res, requestedModel)
} catch (error) {
logger.error('❌ OpenAI completions error:', error)
if (!res.headersSent) {
res.status(500).json({
error: {
message: 'Failed to process completion request',
type: 'server_error',
code: 'internal_error'
}
})
}
}
})
module.exports = router
module.exports.detectBackendFromModel = detectBackendFromModel
module.exports.routeToBackend = routeToBackend

764
src/routes/userRoutes.js
View File

@@ -1,764 +0,0 @@
const express = require('express')
const router = express.Router()
const ldapService = require('../services/ldapService')
const userService = require('../services/userService')
const apiKeyService = require('../services/apiKeyService')
const logger = require('../utils/logger')
const config = require('../../config/config')
const inputValidator = require('../utils/inputValidator')
const { RateLimiterRedis } = require('rate-limiter-flexible')
const redis = require('../models/redis')
const { authenticateUser, authenticateUserOrAdmin, requireAdmin } = require('../middleware/auth')
// 🚦 配置登录速率限制
// 只基于IP地址限制避免攻击者恶意锁定特定账户
// 延迟初始化速率限制器,确保 Redis 已连接
let ipRateLimiter = null
let strictIpRateLimiter = null
// 初始化速率限制器函数
function initRateLimiters() {
if (!ipRateLimiter) {
try {
const redisClient = redis.getClientSafe()
// IP地址速率限制 - 正常限制
ipRateLimiter = new RateLimiterRedis({
storeClient: redisClient,
keyPrefix: 'login_ip_limiter',
points: 30, // 每个IP允许30次尝试
duration: 900, // 15分钟窗口期
blockDuration: 900 // 超限后封禁15分钟
})
// IP地址速率限制 - 严格限制(用于检测暴力破解)
strictIpRateLimiter = new RateLimiterRedis({
storeClient: redisClient,
keyPrefix: 'login_ip_strict',
points: 100, // 每个IP允许100次尝试
duration: 3600, // 1小时窗口期
blockDuration: 3600 // 超限后封禁1小时
})
} catch (error) {
logger.error('❌ 初始化速率限制器失败:', error)
// 速率限制器初始化失败时继续运行,但记录错误
}
}
return { ipRateLimiter, strictIpRateLimiter }
}
// 🔐 用户登录端点
router.post('/login', async (req, res) => {
try {
const { username, password } = req.body
const clientIp = req.ip || req.connection.remoteAddress || 'unknown'
// 初始化速率限制器(如果尚未初始化)
const limiters = initRateLimiters()
// 检查IP速率限制 - 基础限制
if (limiters.ipRateLimiter) {
try {
await limiters.ipRateLimiter.consume(clientIp)
} catch (rateLimiterRes) {
const retryAfter = Math.round(rateLimiterRes.msBeforeNext / 1000) || 900
logger.security(`🚫 Login rate limit exceeded for IP: ${clientIp}`)
res.set('Retry-After', String(retryAfter))
return res.status(429).json({
error: 'Too many requests',
message: `Too many login attempts from this IP. Please try again later.`
})
}
}
// 检查IP速率限制 - 严格限制(防止暴力破解)
if (limiters.strictIpRateLimiter) {
try {
await limiters.strictIpRateLimiter.consume(clientIp)
} catch (rateLimiterRes) {
const retryAfter = Math.round(rateLimiterRes.msBeforeNext / 1000) || 3600
logger.security(`🚫 Strict rate limit exceeded for IP: ${clientIp} - possible brute force`)
res.set('Retry-After', String(retryAfter))
return res.status(429).json({
error: 'Too many requests',
message: 'Too many login attempts detected. Access temporarily blocked.'
})
}
}
if (!username || !password) {
return res.status(400).json({
error: 'Missing credentials',
message: 'Username and password are required'
})
}
// 验证输入格式
let validatedUsername
try {
validatedUsername = inputValidator.validateUsername(username)
inputValidator.validatePassword(password)
} catch (validationError) {
return res.status(400).json({
error: 'Invalid input',
message: validationError.message
})
}
// 检查用户管理是否启用
if (!config.userManagement.enabled) {
return res.status(503).json({
error: 'Service unavailable',
message: 'User management is not enabled'
})
}
// 检查LDAP是否启用
if (!config.ldap || !config.ldap.enabled) {
return res.status(503).json({
error: 'Service unavailable',
message: 'LDAP authentication is not enabled'
})
}
// 尝试LDAP认证
const authResult = await ldapService.authenticateUserCredentials(validatedUsername, password)
if (!authResult.success) {
// 登录失败
logger.info(`🚫 Failed login attempt for user: ${validatedUsername} from IP: ${clientIp}`)
return res.status(401).json({
error: 'Authentication failed',
message: authResult.message
})
}
// 登录成功
logger.info(`✅ User login successful: ${validatedUsername} from IP: ${clientIp}`)
res.json({
success: true,
message: 'Login successful',
user: {
id: authResult.user.id,
username: authResult.user.username,
email: authResult.user.email,
displayName: authResult.user.displayName,
firstName: authResult.user.firstName,
lastName: authResult.user.lastName,
role: authResult.user.role
},
sessionToken: authResult.sessionToken
})
} catch (error) {
logger.error('❌ User login error:', error)
res.status(500).json({
error: 'Login error',
message: 'Internal server error during login'
})
}
})
// 🚪 用户登出端点
router.post('/logout', authenticateUser, async (req, res) => {
try {
await userService.invalidateUserSession(req.user.sessionToken)
logger.info(`👋 User logout: ${req.user.username}`)
res.json({
success: true,
message: 'Logout successful'
})
} catch (error) {
logger.error('❌ User logout error:', error)
res.status(500).json({
error: 'Logout error',
message: 'Internal server error during logout'
})
}
})
// 👤 获取当前用户信息
router.get('/profile', authenticateUser, async (req, res) => {
try {
const user = await userService.getUserById(req.user.id)
if (!user) {
return res.status(404).json({
error: 'User not found',
message: 'User profile not found'
})
}
res.json({
success: true,
user: {
id: user.id,
username: user.username,
email: user.email,
displayName: user.displayName,
firstName: user.firstName,
lastName: user.lastName,
role: user.role,
isActive: user.isActive,
createdAt: user.createdAt,
lastLoginAt: user.lastLoginAt,
apiKeyCount: user.apiKeyCount,
totalUsage: user.totalUsage
},
config: {
maxApiKeysPerUser: config.userManagement.maxApiKeysPerUser,
allowUserDeleteApiKeys: config.userManagement.allowUserDeleteApiKeys
}
})
} catch (error) {
logger.error('❌ Get user profile error:', error)
res.status(500).json({
error: 'Profile error',
message: 'Failed to retrieve user profile'
})
}
})
// 🔑 获取用户的API Keys
router.get('/api-keys', authenticateUser, async (req, res) => {
try {
const { includeDeleted = 'false' } = req.query
const apiKeys = await apiKeyService.getUserApiKeys(req.user.id, includeDeleted === 'true')
// 移除敏感信息并格式化usage数据
const safeApiKeys = apiKeys.map((key) => {
// Flatten usage structure for frontend compatibility
let flatUsage = {
requests: 0,
inputTokens: 0,
outputTokens: 0,
totalCost: 0
}
if (key.usage && key.usage.total) {
flatUsage = {
requests: key.usage.total.requests || 0,
inputTokens: key.usage.total.inputTokens || 0,
outputTokens: key.usage.total.outputTokens || 0,
totalCost: key.totalCost || 0
}
}
return {
id: key.id,
name: key.name,
description: key.description,
tokenLimit: key.tokenLimit,
isActive: key.isActive,
createdAt: key.createdAt,
lastUsedAt: key.lastUsedAt,
expiresAt: key.expiresAt,
usage: flatUsage,
dailyCost: key.dailyCost,
dailyCostLimit: key.dailyCostLimit,
totalCost: key.totalCost,
totalCostLimit: key.totalCostLimit,
// 不返回实际的key值只返回前缀和后几位
keyPreview: key.key
? `${key.key.substring(0, 8)}...${key.key.substring(key.key.length - 4)}`
: null,
// Include deletion fields for deleted keys
isDeleted: key.isDeleted,
deletedAt: key.deletedAt,
deletedBy: key.deletedBy,
deletedByType: key.deletedByType
}
})
res.json({
success: true,
apiKeys: safeApiKeys,
total: safeApiKeys.length
})
} catch (error) {
logger.error('❌ Get user API keys error:', error)
res.status(500).json({
error: 'API Keys error',
message: 'Failed to retrieve API keys'
})
}
})
// 🔑 创建新的API Key
router.post('/api-keys', authenticateUser, async (req, res) => {
try {
const { name, description, tokenLimit, expiresAt, dailyCostLimit, totalCostLimit } = req.body
if (!name || !name.trim()) {
return res.status(400).json({
error: 'Missing name',
message: 'API key name is required'
})
}
if (
totalCostLimit !== undefined &&
totalCostLimit !== null &&
totalCostLimit !== '' &&
(Number.isNaN(Number(totalCostLimit)) || Number(totalCostLimit) < 0)
) {
return res.status(400).json({
error: 'Invalid total cost limit',
message: 'Total cost limit must be a non-negative number'
})
}
// 检查用户API Key数量限制
const userApiKeys = await apiKeyService.getUserApiKeys(req.user.id)
if (userApiKeys.length >= config.userManagement.maxApiKeysPerUser) {
return res.status(400).json({
error: 'API key limit exceeded',
message: `You can only have up to ${config.userManagement.maxApiKeysPerUser} API keys`
})
}
// 创建API Key数据
const apiKeyData = {
name: name.trim(),
description: description?.trim() || '',
userId: req.user.id,
userUsername: req.user.username,
tokenLimit: tokenLimit || null,
expiresAt: expiresAt || null,
dailyCostLimit: dailyCostLimit || null,
totalCostLimit: totalCostLimit || null,
createdBy: 'user',
// 设置服务权限为全部服务,确保前端显示“服务权限”为“全部服务”且具备完整访问权限
permissions: 'all'
}
const newApiKey = await apiKeyService.createApiKey(apiKeyData)
// 更新用户API Key数量
await userService.updateUserApiKeyCount(req.user.id, userApiKeys.length + 1)
logger.info(`🔑 User ${req.user.username} created API key: ${name}`)
res.status(201).json({
success: true,
message: 'API key created successfully',
apiKey: {
id: newApiKey.id,
name: newApiKey.name,
description: newApiKey.description,
key: newApiKey.apiKey, // 只在创建时返回完整key
tokenLimit: newApiKey.tokenLimit,
expiresAt: newApiKey.expiresAt,
dailyCostLimit: newApiKey.dailyCostLimit,
totalCostLimit: newApiKey.totalCostLimit,
createdAt: newApiKey.createdAt
}
})
} catch (error) {
logger.error('❌ Create user API key error:', error)
res.status(500).json({
error: 'API Key creation error',
message: 'Failed to create API key'
})
}
})
// 🗑️ 删除API Key
router.delete('/api-keys/:keyId', authenticateUser, async (req, res) => {
try {
const { keyId } = req.params
// 检查是否允许用户删除自己的API Keys
if (!config.userManagement.allowUserDeleteApiKeys) {
return res.status(403).json({
error: 'Operation not allowed',
message:
'Users are not allowed to delete their own API keys. Please contact an administrator.'
})
}
// 检查API Key是否属于当前用户
const existingKey = await apiKeyService.getApiKeyById(keyId)
if (!existingKey || existingKey.userId !== req.user.id) {
return res.status(404).json({
error: 'API key not found',
message: 'API key not found or you do not have permission to access it'
})
}
await apiKeyService.deleteApiKey(keyId, req.user.username, 'user')
// 更新用户API Key数量
const userApiKeys = await apiKeyService.getUserApiKeys(req.user.id)
await userService.updateUserApiKeyCount(req.user.id, userApiKeys.length)
logger.info(`🗑️ User ${req.user.username} deleted API key: ${existingKey.name}`)
res.json({
success: true,
message: 'API key deleted successfully'
})
} catch (error) {
logger.error('❌ Delete user API key error:', error)
res.status(500).json({
error: 'API Key deletion error',
message: 'Failed to delete API key'
})
}
})
// 📊 获取用户使用统计
router.get('/usage-stats', authenticateUser, async (req, res) => {
try {
const { period = 'week', model } = req.query
// 获取用户的API Keys (including deleted ones for complete usage stats)
const userApiKeys = await apiKeyService.getUserApiKeys(req.user.id, true)
const apiKeyIds = userApiKeys.map((key) => key.id)
if (apiKeyIds.length === 0) {
return res.json({
success: true,
stats: {
totalRequests: 0,
totalInputTokens: 0,
totalOutputTokens: 0,
totalCost: 0,
dailyStats: [],
modelStats: []
}
})
}
// 获取使用统计
const stats = await apiKeyService.getAggregatedUsageStats(apiKeyIds, { period, model })
res.json({
success: true,
stats
})
} catch (error) {
logger.error('❌ Get user usage stats error:', error)
res.status(500).json({
error: 'Usage stats error',
message: 'Failed to retrieve usage statistics'
})
}
})
// === 管理员用户管理端点 ===
// 📋 获取用户列表(管理员)
router.get('/', authenticateUserOrAdmin, requireAdmin, async (req, res) => {
try {
const { page = 1, limit = 20, role, isActive, search } = req.query
const options = {
page: parseInt(page),
limit: parseInt(limit),
role,
isActive: isActive === 'true' ? true : isActive === 'false' ? false : undefined
}
const result = await userService.getAllUsers(options)
// 如果有搜索条件,进行过滤
let filteredUsers = result.users
if (search) {
const searchLower = search.toLowerCase()
filteredUsers = result.users.filter(
(user) =>
user.username.toLowerCase().includes(searchLower) ||
user.displayName.toLowerCase().includes(searchLower) ||
user.email.toLowerCase().includes(searchLower)
)
}
res.json({
success: true,
users: filteredUsers,
pagination: {
total: result.total,
page: result.page,
limit: result.limit,
totalPages: result.totalPages
}
})
} catch (error) {
logger.error('❌ Get users list error:', error)
res.status(500).json({
error: 'Users list error',
message: 'Failed to retrieve users list'
})
}
})
// 👤 获取特定用户信息(管理员)
router.get('/:userId', authenticateUserOrAdmin, requireAdmin, async (req, res) => {
try {
const { userId } = req.params
const user = await userService.getUserById(userId)
if (!user) {
return res.status(404).json({
error: 'User not found',
message: 'User not found'
})
}
// 获取用户的API Keys包括已删除的以保留统计数据
const apiKeys = await apiKeyService.getUserApiKeys(userId, true)
res.json({
success: true,
user: {
...user,
apiKeys: apiKeys.map((key) => {
// Flatten usage structure for frontend compatibility
let flatUsage = {
requests: 0,
inputTokens: 0,
outputTokens: 0,
totalCost: 0
}
if (key.usage && key.usage.total) {
flatUsage = {
requests: key.usage.total.requests || 0,
inputTokens: key.usage.total.inputTokens || 0,
outputTokens: key.usage.total.outputTokens || 0,
totalCost: key.totalCost || 0
}
}
return {
id: key.id,
name: key.name,
description: key.description,
isActive: key.isActive,
createdAt: key.createdAt,
lastUsedAt: key.lastUsedAt,
usage: flatUsage,
keyPreview: key.key
? `${key.key.substring(0, 8)}...${key.key.substring(key.key.length - 4)}`
: null
}
})
}
})
} catch (error) {
logger.error('❌ Get user details error:', error)
res.status(500).json({
error: 'User details error',
message: 'Failed to retrieve user details'
})
}
})
// 🔄 更新用户状态(管理员)
router.patch('/:userId/status', authenticateUserOrAdmin, requireAdmin, async (req, res) => {
try {
const { userId } = req.params
const { isActive } = req.body
if (typeof isActive !== 'boolean') {
return res.status(400).json({
error: 'Invalid status',
message: 'isActive must be a boolean value'
})
}
const updatedUser = await userService.updateUserStatus(userId, isActive)
const adminUser = req.admin?.username || req.user?.username
logger.info(
`🔄 Admin ${adminUser} ${isActive ? 'enabled' : 'disabled'} user: ${updatedUser.username}`
)
res.json({
success: true,
message: `User ${isActive ? 'enabled' : 'disabled'} successfully`,
user: {
id: updatedUser.id,
username: updatedUser.username,
isActive: updatedUser.isActive,
updatedAt: updatedUser.updatedAt
}
})
} catch (error) {
logger.error('❌ Update user status error:', error)
res.status(500).json({
error: 'Update status error',
message: error.message || 'Failed to update user status'
})
}
})
// 🔄 更新用户角色(管理员)
router.patch('/:userId/role', authenticateUserOrAdmin, requireAdmin, async (req, res) => {
try {
const { userId } = req.params
const { role } = req.body
const validRoles = ['user', 'admin']
if (!role || !validRoles.includes(role)) {
return res.status(400).json({
error: 'Invalid role',
message: `Role must be one of: ${validRoles.join(', ')}`
})
}
const updatedUser = await userService.updateUserRole(userId, role)
const adminUser = req.admin?.username || req.user?.username
logger.info(`🔄 Admin ${adminUser} changed user ${updatedUser.username} role to: ${role}`)
res.json({
success: true,
message: `User role updated to ${role} successfully`,
user: {
id: updatedUser.id,
username: updatedUser.username,
role: updatedUser.role,
updatedAt: updatedUser.updatedAt
}
})
} catch (error) {
logger.error('❌ Update user role error:', error)
res.status(500).json({
error: 'Update role error',
message: error.message || 'Failed to update user role'
})
}
})
// 🔑 禁用用户的所有API Keys管理员
router.post('/:userId/disable-keys', authenticateUserOrAdmin, requireAdmin, async (req, res) => {
try {
const { userId } = req.params
const user = await userService.getUserById(userId)
if (!user) {
return res.status(404).json({
error: 'User not found',
message: 'User not found'
})
}
const result = await apiKeyService.disableUserApiKeys(userId)
const adminUser = req.admin?.username || req.user?.username
logger.info(`🔑 Admin ${adminUser} disabled all API keys for user: ${user.username}`)
res.json({
success: true,
message: `Disabled ${result.count} API keys for user ${user.username}`,
disabledCount: result.count
})
} catch (error) {
logger.error('❌ Disable user API keys error:', error)
res.status(500).json({
error: 'Disable keys error',
message: 'Failed to disable user API keys'
})
}
})
// 📊 获取用户使用统计(管理员)
router.get('/:userId/usage-stats', authenticateUserOrAdmin, requireAdmin, async (req, res) => {
try {
const { userId } = req.params
const { period = 'week', model } = req.query
const user = await userService.getUserById(userId)
if (!user) {
return res.status(404).json({
error: 'User not found',
message: 'User not found'
})
}
// 获取用户的API Keys包括已删除的以保留统计数据
const userApiKeys = await apiKeyService.getUserApiKeys(userId, true)
const apiKeyIds = userApiKeys.map((key) => key.id)
if (apiKeyIds.length === 0) {
return res.json({
success: true,
user: {
id: user.id,
username: user.username,
displayName: user.displayName
},
stats: {
totalRequests: 0,
totalInputTokens: 0,
totalOutputTokens: 0,
totalCost: 0,
dailyStats: [],
modelStats: []
}
})
}
// 获取使用统计
const stats = await apiKeyService.getAggregatedUsageStats(apiKeyIds, { period, model })
res.json({
success: true,
user: {
id: user.id,
username: user.username,
displayName: user.displayName
},
stats
})
} catch (error) {
logger.error('❌ Get user usage stats (admin) error:', error)
res.status(500).json({
error: 'Usage stats error',
message: 'Failed to retrieve user usage statistics'
})
}
})
// 📊 获取用户管理统计(管理员)
router.get('/stats/overview', authenticateUserOrAdmin, requireAdmin, async (req, res) => {
try {
const stats = await userService.getUserStats()
res.json({
success: true,
stats
})
} catch (error) {
logger.error('❌ Get user stats overview error:', error)
res.status(500).json({
error: 'Stats error',
message: 'Failed to retrieve user statistics'
})
}
})
// 🔧 测试LDAP连接管理员
router.get('/admin/ldap-test', authenticateUserOrAdmin, requireAdmin, async (req, res) => {
try {
const testResult = await ldapService.testConnection()
res.json({
success: true,
ldapTest: testResult,
config: ldapService.getConfigInfo()
})
} catch (error) {
logger.error('❌ LDAP test error:', error)
res.status(500).json({
error: 'LDAP test error',
message: 'Failed to test LDAP connection'
})
}
})
module.exports = router

179
src/routes/webhook.js
View File

@@ -4,7 +4,6 @@ const logger = require('../utils/logger')
const webhookService = require('../services/webhookService')
const webhookConfigService = require('../services/webhookConfigService')
const { authenticateAdmin } = require('../middleware/auth')
const { getISOStringWithTimezone } = require('../utils/dateHelper')
// 获取webhook配置
router.get('/config', authenticateAdmin, async (req, res) => {
@@ -115,133 +114,8 @@ router.post('/platforms/:id/toggle', authenticateAdmin, async (req, res) => {
// 测试Webhook连通性
router.post('/test', authenticateAdmin, async (req, res) => {
try {
const {
url,
type = 'custom',
secret,
enableSign,
deviceKey,
serverUrl,
level,
sound,
group,
// SMTP 相关字段
host,
port,
secure,
user,
pass,
from,
to,
ignoreTLS,
botToken,
chatId,
apiBaseUrl,
proxyUrl
} = req.body
const { url, type = 'custom', secret, enableSign } = req.body
// Bark平台特殊处理
if (type === 'bark') {
if (!deviceKey) {
return res.status(400).json({
error: 'Missing device key',
message: '请提供Bark设备密钥'
})
}
// 验证服务器URL如果提供
if (serverUrl) {
try {
new URL(serverUrl)
} catch (urlError) {
return res.status(400).json({
error: 'Invalid server URL format',
message: '请提供有效的Bark服务器URL'
})
}
}
logger.info(`🧪 测试webhook: ${type} - Device Key: ${deviceKey.substring(0, 8)}...`)
} else if (type === 'smtp') {
// SMTP平台验证
if (!host) {
return res.status(400).json({
error: 'Missing SMTP host',
message: '请提供SMTP服务器地址'
})
}
if (!user) {
return res.status(400).json({
error: 'Missing SMTP user',
message: '请提供SMTP用户名'
})
}
if (!pass) {
return res.status(400).json({
error: 'Missing SMTP password',
message: '请提供SMTP密码'
})
}
if (!to) {
return res.status(400).json({
error: 'Missing recipient email',
message: '请提供收件人邮箱'
})
}
logger.info(`🧪 测试webhook: ${type} - ${host}:${port || 587} -> ${to}`)
} else if (type === 'telegram') {
if (!botToken) {
return res.status(400).json({
error: 'Missing Telegram bot token',
message: '请提供 Telegram 机器人 Token'
})
}
if (!chatId) {
return res.status(400).json({
error: 'Missing Telegram chat id',
message: '请提供 Telegram Chat ID'
})
}
if (apiBaseUrl) {
try {
const parsed = new URL(apiBaseUrl)
if (!['http:', 'https:'].includes(parsed.protocol)) {
return res.status(400).json({
error: 'Invalid Telegram API base url protocol',
message: 'Telegram API 基础地址仅支持 http 或 https'
})
}
} catch (urlError) {
return res.status(400).json({
error: 'Invalid Telegram API base url',
message: '请提供有效的 Telegram API 基础地址'
})
}
}
if (proxyUrl) {
try {
const parsed = new URL(proxyUrl)
const supportedProtocols = ['http:', 'https:', 'socks4:', 'socks4a:', 'socks5:']
if (!supportedProtocols.includes(parsed.protocol)) {
return res.status(400).json({
error: 'Unsupported proxy protocol',
message: 'Telegram 代理仅支持 http/https/socks 协议'
})
}
} catch (urlError) {
return res.status(400).json({
error: 'Invalid proxy url',
message: '请提供有效的代理地址'
})
}
}
logger.info(`🧪 测试webhook: ${type} - Chat ID: ${chatId}`)
} else {
// 其他平台验证URL
if (!url) {
return res.status(400).json({
error: 'Missing webhook URL',
@@ -260,7 +134,6 @@ router.post('/test', authenticateAdmin, async (req, res) => {
}
logger.info(`🧪 测试webhook: ${type} - ${url}`)
}
// 创建临时平台配置
const platform = {
@@ -272,61 +145,21 @@ router.post('/test', authenticateAdmin, async (req, res) => {
timeout: 10000
}
// 添加Bark特有字段
if (type === 'bark') {
platform.deviceKey = deviceKey
platform.serverUrl = serverUrl
platform.level = level
platform.sound = sound
platform.group = group
} else if (type === 'smtp') {
// 添加SMTP特有字段
platform.host = host
platform.port = port || 587
platform.secure = secure || false
platform.user = user
platform.pass = pass
platform.from = from
platform.to = to
platform.ignoreTLS = ignoreTLS || false
} else if (type === 'telegram') {
platform.botToken = botToken
platform.chatId = chatId
platform.apiBaseUrl = apiBaseUrl
platform.proxyUrl = proxyUrl
}
const result = await webhookService.testWebhook(platform)
const identifier = (() => {
if (type === 'bark') {
return `Device: ${deviceKey.substring(0, 8)}...`
}
if (type === 'smtp') {
const recipients = Array.isArray(to) ? to.join(', ') : to
return `${host}:${port || 587} -> ${recipients}`
}
if (type === 'telegram') {
return `Chat ID: ${chatId}`
}
return url
})()
if (result.success) {
logger.info(`✅ Webhook测试成功: ${identifier}`)
logger.info(`✅ Webhook测试成功: ${url}`)
res.json({
success: true,
message: 'Webhook测试成功',
url: type === 'bark' ? undefined : url,
deviceKey: type === 'bark' ? `${deviceKey.substring(0, 8)}...` : undefined
url
})
} else {
logger.warn(`❌ Webhook测试失败: ${identifier} - ${result.error}`)
logger.warn(`❌ Webhook测试失败: ${url} - ${result.error}`)
res.status(400).json({
success: false,
message: 'Webhook测试失败',
url: type === 'bark' ? undefined : url,
deviceKey: type === 'bark' ? `${deviceKey.substring(0, 8)}...` : undefined,
url,
error: result.error
})
}
@@ -385,7 +218,7 @@ router.post('/test-notification', authenticateAdmin, async (req, res) => {
errorCode,
reason,
message,
timestamp: getISOStringWithTimezone(new Date())
timestamp: new Date().toISOString()
}
const result = await webhookService.sendNotification(type, testData)

78
src/services/accountGroupService.js
View File

@@ -13,7 +13,7 @@ class AccountGroupService {
* 创建账户分组
* @param {Object} groupData - 分组数据
* @param {string} groupData.name - 分组名称
* @param {string} groupData.platform - 平台类型 (claude/gemini/openai)
* @param {string} groupData.platform - 平台类型 (claude/gemini)
* @param {string} groupData.description - 分组描述
* @returns {Object} 创建的分组
*/
@@ -27,8 +27,8 @@ class AccountGroupService {
}
// 验证平台类型
if (!['claude', 'gemini', 'openai', 'droid'].includes(platform)) {
throw new Error('平台类型必须是 claude、geminiopenai 或 droid')
if (!['claude', 'gemini', 'openai'].includes(platform)) {
throw new Error('平台类型必须是 claude、geminiopenai')
}
const client = redis.getClientSafe()
@@ -311,8 +311,7 @@ class AccountGroupService {
keyData &&
(keyData.claudeAccountId === groupKey ||
keyData.geminiAccountId === groupKey ||
keyData.openaiAccountId === groupKey ||
keyData.droidAccountId === groupKey)
keyData.openaiAccountId === groupKey)
) {
boundApiKeys.push({
id: keyId,
@@ -328,36 +327,12 @@ class AccountGroupService {
}
}
/**
* 根据账户ID获取其所属的分组兼容性方法返回单个分组
* @param {string} accountId - 账户ID
* @returns {Object|null} 分组信息
*/
async getAccountGroup(accountId) {
try {
const client = redis.getClientSafe()
const allGroupIds = await client.smembers(this.GROUPS_KEY)
for (const groupId of allGroupIds) {
const isMember = await client.sismember(`${this.GROUP_MEMBERS_PREFIX}${groupId}`, accountId)
if (isMember) {
return await this.getGroup(groupId)
}
}
return null
} catch (error) {
logger.error('❌ 获取账户所属分组失败:', error)
throw error
}
}
/**
* 根据账户ID获取其所属的所有分组
* @param {string} accountId - 账户ID
* @returns {Array} 分组信息数组
*/
async getAccountGroups(accountId) {
async getAccountGroup(accountId) {
try {
const client = redis.getClientSafe()
const allGroupIds = await client.smembers(this.GROUPS_KEY)
@@ -382,49 +357,6 @@ class AccountGroupService {
throw error
}
}
/**
* 批量设置账户的分组
* @param {string} accountId - 账户ID
* @param {Array} groupIds - 分组ID数组
* @param {string} accountPlatform - 账户平台
*/
async setAccountGroups(accountId, groupIds, accountPlatform) {
try {
// 首先移除账户的所有现有分组
await this.removeAccountFromAllGroups(accountId)
// 然后添加到新的分组中
for (const groupId of groupIds) {
await this.addAccountToGroup(accountId, groupId, accountPlatform)
}
logger.success(`✅ 批量设置账户分组成功: ${accountId} -> [${groupIds.join(', ')}]`)
} catch (error) {
logger.error('❌ 批量设置账户分组失败:', error)
throw error
}
}
/**
* 从所有分组中移除账户
* @param {string} accountId - 账户ID
*/
async removeAccountFromAllGroups(accountId) {
try {
const client = redis.getClientSafe()
const allGroupIds = await client.smembers(this.GROUPS_KEY)
for (const groupId of allGroupIds) {
await client.srem(`${this.GROUP_MEMBERS_PREFIX}${groupId}`, accountId)
}
logger.success(`✅ 从所有分组移除账户成功: ${accountId}`)
} catch (error) {
logger.error('❌ 从所有分组移除账户失败:', error)
throw error
}
}
}
module.exports = new AccountGroupService()

286
src/services/accountNameCacheService.js
View File

@@ -1,286 +0,0 @@
/**
* 账户名称缓存服务
* 用于加速绑定账号搜索,避免每次搜索都查询所有账户
*/
const logger = require('../utils/logger')
class AccountNameCacheService {
constructor() {
// 账户名称缓存accountId -> { name, platform }
this.accountCache = new Map()
// 账户组名称缓存groupId -> { name, platform }
this.groupCache = new Map()
// 缓存过期时间
this.lastRefresh = 0
this.refreshInterval = 5 * 60 * 1000 // 5分钟
this.isRefreshing = false
}
/**
* 刷新缓存(如果过期)
*/
async refreshIfNeeded() {
if (Date.now() - this.lastRefresh < this.refreshInterval) {
return
}
if (this.isRefreshing) {
// 等待正在进行的刷新完成
let waitCount = 0
while (this.isRefreshing && waitCount < 50) {
await new Promise((resolve) => setTimeout(resolve, 100))
waitCount++
}
return
}
await this.refresh()
}
/**
* 强制刷新缓存
*/
async refresh() {
if (this.isRefreshing) {
return
}
this.isRefreshing = true
try {
const newAccountCache = new Map()
const newGroupCache = new Map()
// 延迟加载服务,避免循环依赖
const claudeAccountService = require('./claudeAccountService')
const claudeConsoleAccountService = require('./claudeConsoleAccountService')
const geminiAccountService = require('./geminiAccountService')
const openaiAccountService = require('./openaiAccountService')
const azureOpenaiAccountService = require('./azureOpenaiAccountService')
const bedrockAccountService = require('./bedrockAccountService')
const droidAccountService = require('./droidAccountService')
const ccrAccountService = require('./ccrAccountService')
const accountGroupService = require('./accountGroupService')
// 可选服务(可能不存在)
let geminiApiAccountService = null
let openaiResponsesAccountService = null
try {
geminiApiAccountService = require('./geminiApiAccountService')
} catch (e) {
// 服务不存在,忽略
}
try {
openaiResponsesAccountService = require('./openaiResponsesAccountService')
} catch (e) {
// 服务不存在,忽略
}
// 并行加载所有账户类型
const results = await Promise.allSettled([
claudeAccountService.getAllAccounts(),
claudeConsoleAccountService.getAllAccounts(),
geminiAccountService.getAllAccounts(),
geminiApiAccountService?.getAllAccounts() || Promise.resolve([]),
openaiAccountService.getAllAccounts(),
openaiResponsesAccountService?.getAllAccounts() || Promise.resolve([]),
azureOpenaiAccountService.getAllAccounts(),
bedrockAccountService.getAllAccounts(),
droidAccountService.getAllAccounts(),
ccrAccountService.getAllAccounts(),
accountGroupService.getAllGroups()
])
// 提取结果
const claudeAccounts = results[0].status === 'fulfilled' ? results[0].value : []
const claudeConsoleAccounts = results[1].status === 'fulfilled' ? results[1].value : []
const geminiAccounts = results[2].status === 'fulfilled' ? results[2].value : []
const geminiApiAccounts = results[3].status === 'fulfilled' ? results[3].value : []
const openaiAccounts = results[4].status === 'fulfilled' ? results[4].value : []
const openaiResponsesAccounts = results[5].status === 'fulfilled' ? results[5].value : []
const azureOpenaiAccounts = results[6].status === 'fulfilled' ? results[6].value : []
const bedrockResult = results[7].status === 'fulfilled' ? results[7].value : { accounts: [] }
const droidAccounts = results[8].status === 'fulfilled' ? results[8].value : []
const ccrAccounts = results[9].status === 'fulfilled' ? results[9].value : []
const groups = results[10].status === 'fulfilled' ? results[10].value : []
// Bedrock 返回格式特殊处理
const bedrockAccounts = Array.isArray(bedrockResult)
? bedrockResult
: bedrockResult.accounts || []
// 填充账户缓存的辅助函数
const addAccounts = (accounts, platform, prefix = '') => {
if (!Array.isArray(accounts)) {
return
}
for (const acc of accounts) {
if (acc && acc.id && acc.name) {
const key = prefix ? `${prefix}${acc.id}` : acc.id
newAccountCache.set(key, { name: acc.name, platform })
// 同时存储不带前缀的版本,方便查找
if (prefix) {
newAccountCache.set(acc.id, { name: acc.name, platform })
}
}
}
}
addAccounts(claudeAccounts, 'claude')
addAccounts(claudeConsoleAccounts, 'claude-console')
addAccounts(geminiAccounts, 'gemini')
addAccounts(geminiApiAccounts, 'gemini-api', 'api:')
addAccounts(openaiAccounts, 'openai')
addAccounts(openaiResponsesAccounts, 'openai-responses', 'responses:')
addAccounts(azureOpenaiAccounts, 'azure-openai')
addAccounts(bedrockAccounts, 'bedrock')
addAccounts(droidAccounts, 'droid')
addAccounts(ccrAccounts, 'ccr')
// 填充账户组缓存
if (Array.isArray(groups)) {
for (const group of groups) {
if (group && group.id && group.name) {
newGroupCache.set(group.id, { name: group.name, platform: group.platform })
}
}
}
this.accountCache = newAccountCache
this.groupCache = newGroupCache
this.lastRefresh = Date.now()
logger.debug(
`账户名称缓存已刷新: ${newAccountCache.size} 个账户, ${newGroupCache.size} 个分组`
)
} catch (error) {
logger.error('刷新账户名称缓存失败:', error)
} finally {
this.isRefreshing = false
}
}
/**
* 获取账户显示名称
* @param {string} accountId - 账户ID可能带前缀
* @param {string} _fieldName - 字段名(如 claudeAccountId保留用于将来扩展
* @returns {string} 显示名称
*/
getAccountDisplayName(accountId, _fieldName) {
if (!accountId) {
return null
}
// 处理账户组
if (accountId.startsWith('group:')) {
const groupId = accountId.substring(6)
const group = this.groupCache.get(groupId)
if (group) {
return `分组-${group.name}`
}
return `分组-${groupId.substring(0, 8)}`
}
// 直接查找(包括带前缀的 api:xxx, responses:xxx
const cached = this.accountCache.get(accountId)
if (cached) {
return cached.name
}
// 尝试去掉前缀查找
let realId = accountId
if (accountId.startsWith('api:')) {
realId = accountId.substring(4)
} else if (accountId.startsWith('responses:')) {
realId = accountId.substring(10)
}
if (realId !== accountId) {
const cached2 = this.accountCache.get(realId)
if (cached2) {
return cached2.name
}
}
// 未找到,返回 ID 前缀
return `${accountId.substring(0, 8)}...`
}
/**
* 获取 API Key 的所有绑定账户显示名称
* @param {Object} apiKey - API Key 对象
* @returns {Array<{field: string, platform: string, name: string, accountId: string}>}
*/
getBindingDisplayNames(apiKey) {
const bindings = []
const bindingFields = [
{ field: 'claudeAccountId', platform: 'Claude' },
{ field: 'claudeConsoleAccountId', platform: 'Claude Console' },
{ field: 'geminiAccountId', platform: 'Gemini' },
{ field: 'openaiAccountId', platform: 'OpenAI' },
{ field: 'azureOpenaiAccountId', platform: 'Azure OpenAI' },
{ field: 'bedrockAccountId', platform: 'Bedrock' },
{ field: 'droidAccountId', platform: 'Droid' },
{ field: 'ccrAccountId', platform: 'CCR' }
]
for (const { field, platform } of bindingFields) {
const accountId = apiKey[field]
if (accountId) {
const name = this.getAccountDisplayName(accountId, field)
bindings.push({ field, platform, name, accountId })
}
}
return bindings
}
/**
* 搜索绑定账号
* @param {Array} apiKeys - API Key 列表
* @param {string} keyword - 搜索关键词
* @returns {Array} 匹配的 API Key 列表
*/
searchByBindingAccount(apiKeys, keyword) {
const lowerKeyword = keyword.toLowerCase().trim()
if (!lowerKeyword) {
return apiKeys
}
return apiKeys.filter((key) => {
const bindings = this.getBindingDisplayNames(key)
// 无绑定时,匹配"共享池"
if (bindings.length === 0) {
return '共享池'.includes(lowerKeyword) || 'shared'.includes(lowerKeyword)
}
// 匹配任一绑定账户
return bindings.some((binding) => {
// 匹配账户名称
if (binding.name && binding.name.toLowerCase().includes(lowerKeyword)) {
return true
}
// 匹配平台名称
if (binding.platform.toLowerCase().includes(lowerKeyword)) {
return true
}
// 匹配账户 ID
if (binding.accountId.toLowerCase().includes(lowerKeyword)) {
return true
}
return false
})
})
}
/**
* 清除缓存(用于测试或强制刷新)
*/
clearCache() {
this.accountCache.clear()
this.groupCache.clear()
this.lastRefresh = 0
}
}
// 单例导出
module.exports = new AccountNameCacheService()

1241
src/services/apiKeyService.js
View File

File diff suppressed because it is too large Load Diff

50
src/services/azureOpenaiAccountService.js
View File

@@ -129,11 +129,6 @@ async function createAccount(accountData) {
supportedModels: JSON.stringify(
accountData.supportedModels || ['gpt-4', 'gpt-4-turbo', 'gpt-35-turbo', 'gpt-35-turbo-16k']
),
// ✅ 新增:账户订阅到期时间(业务字段,手动管理)
// 注意Azure OpenAI 使用 API Key 认证,没有 OAuth token因此没有 expiresAt
subscriptionExpiresAt: accountData.subscriptionExpiresAt || null,
// 状态字段
isActive: accountData.isActive !== false ? 'true' : 'false',
status: 'active',
@@ -223,12 +218,6 @@ async function updateAccount(accountId, updates) {
: JSON.stringify(updates.supportedModels)
}
// ✅ 直接保存 subscriptionExpiresAt如果提供
// Azure OpenAI 使用 API Key没有 token 刷新逻辑,不会覆盖此字段
if (updates.subscriptionExpiresAt !== undefined) {
// 直接保存,不做任何调整
}
// 更新账户类型时处理共享账户集合
const client = redisClient.getClientSafe()
if (updates.accountType && updates.accountType !== existingAccount.accountType) {
@@ -260,10 +249,6 @@ async function updateAccount(accountId, updates) {
// 删除账户
async function deleteAccount(accountId) {
// 首先从所有分组中移除此账户
const accountGroupService = require('./accountGroupService')
await accountGroupService.removeAccountFromAllGroups(accountId)
const client = redisClient.getClientSafe()
const accountKey = `${AZURE_OPENAI_ACCOUNT_KEY_PREFIX}${accountId}`
@@ -311,15 +296,7 @@ async function getAllAccounts() {
}
}
accounts.push({
...accountData,
isActive: accountData.isActive === 'true',
schedulable: accountData.schedulable !== 'false',
// ✅ 前端显示订阅过期时间(业务字段)
expiresAt: accountData.subscriptionExpiresAt || null,
platform: 'azure-openai'
})
accounts.push(accountData)
}
}
@@ -346,19 +323,6 @@ async function getSharedAccounts() {
return accounts
}
/**
* 检查账户订阅是否过期
* @param {Object} account - 账户对象
* @returns {boolean} - true: 已过期, false: 未过期
*/
function isSubscriptionExpired(account) {
if (!account.subscriptionExpiresAt) {
return false // 未设置视为永不过期
}
const expiryDate = new Date(account.subscriptionExpiresAt)
return expiryDate <= new Date()
}
// 选择可用账户
async function selectAvailableAccount(sessionId = null) {
// 如果有会话ID尝试获取之前分配的账户
@@ -380,17 +344,9 @@ async function selectAvailableAccount(sessionId = null) {
const sharedAccounts = await getSharedAccounts()
// 过滤出可用的账户
const availableAccounts = sharedAccounts.filter((acc) => {
// ✅ 检查账户订阅是否过期
if (isSubscriptionExpired(acc)) {
logger.debug(
`⏰ Skipping expired Azure OpenAI account: ${acc.name}, expired at ${acc.subscriptionExpiresAt}`
const availableAccounts = sharedAccounts.filter(
(acc) => acc.isActive === 'true' && acc.schedulable === 'true'
)
return false
}
return acc.isActive === 'true' && acc.schedulable === 'true'
})
if (availableAccounts.length === 0) {
throw new Error('No available Azure OpenAI accounts')

274
src/services/azureOpenaiRelayService.js
View File

@@ -1,7 +1,6 @@
const axios = require('axios')
const ProxyHelper = require('../utils/proxyHelper')
const logger = require('../utils/logger')
const config = require('../../config/config')
// 转换模型名称(去掉 azure/ 前缀)
function normalizeModelName(model) {
@@ -30,7 +29,7 @@ async function handleAzureOpenAIRequest({
deploymentName = account.deploymentName || 'default'
// Azure Responses API requires preview versions; fall back appropriately
const apiVersion =
account.apiVersion || (endpoint === 'responses' ? '2025-04-01-preview' : '2024-02-01')
account.apiVersion || (endpoint === 'responses' ? '2024-10-01-preview' : '2024-02-01')
if (endpoint === 'chat/completions') {
requestUrl = `${baseUrl}/openai/deployments/${deploymentName}/chat/completions?api-version=${apiVersion}`
} else if (endpoint === 'responses') {
@@ -54,9 +53,7 @@ async function handleAzureOpenAIRequest({
const processedBody = { ...requestBody }
// 标准化模型名称
if (endpoint === 'responses') {
processedBody.model = deploymentName
} else if (processedBody.model) {
if (processedBody.model) {
processedBody.model = normalizeModelName(processedBody.model)
} else {
processedBody.model = 'gpt-4'
@@ -71,7 +68,7 @@ async function handleAzureOpenAIRequest({
url: requestUrl,
headers: requestHeaders,
data: processedBody,
timeout: config.requestTimeout || 600000,
timeout: 600000, // 10 minutes for Azure OpenAI
validateStatus: () => true,
// 添加连接保活选项
keepAlive: true,
@@ -82,9 +79,7 @@ async function handleAzureOpenAIRequest({
// 如果有代理,添加代理配置
if (proxyAgent) {
axiosConfig.httpAgent = proxyAgent
axiosConfig.httpsAgent = proxyAgent
axiosConfig.proxy = false
// 为代理添加额外的keep-alive设置
if (proxyAgent.options) {
proxyAgent.options.keepAlive = true
@@ -278,11 +273,6 @@ function handleStreamResponse(upstreamResponse, clientResponse, options = {}) {
let eventCount = 0
const maxEvents = 10000 // 最大事件数量限制
// 专门用于保存最后几个chunks以提取usage数据
let finalChunksBuffer = ''
const FINAL_CHUNKS_SIZE = 32 * 1024 // 32KB保留最终chunks
const allParsedEvents = [] // 存储所有解析的事件用于最终usage提取
// 设置响应头
clientResponse.setHeader('Content-Type', 'text/event-stream')
clientResponse.setHeader('Cache-Control', 'no-cache')
@@ -307,8 +297,8 @@ function handleStreamResponse(upstreamResponse, clientResponse, options = {}) {
clientResponse.flushHeaders()
}
// 强化的SSE事件解析,保存所有事件用于最终处理
const parseSSEForUsage = (data, isFromFinalBuffer = false) => {
// 解析 SSE 事件以捕获 usage 数据
const parseSSEForUsage = (data) => {
const lines = data.split('\n')
for (const line of lines) {
@@ -320,35 +310,11 @@ function handleStreamResponse(upstreamResponse, clientResponse, options = {}) {
}
const eventData = JSON.parse(jsonStr)
// 保存所有成功解析的事件
allParsedEvents.push(eventData)
// 获取模型信息
if (eventData.model) {
actualModel = eventData.model
}
// 使用强化的usage提取函数
const { usageData: extractedUsage, actualModel: extractedModel } =
extractUsageDataRobust(
eventData,
`stream-event-${isFromFinalBuffer ? 'final' : 'normal'}`
)
if (extractedUsage && !usageData) {
usageData = extractedUsage
if (extractedModel) {
actualModel = extractedModel
}
logger.debug(`🎯 Stream usage captured via robust extraction`, {
isFromFinalBuffer,
usageData,
actualModel
})
}
// 原有的简单提取作为备用
if (!usageData) {
// 获取使用统计Responses API: response.completed -> response.usage
if (eventData.type === 'response.completed' && eventData.response) {
if (eventData.response.model) {
@@ -356,18 +322,22 @@ function handleStreamResponse(upstreamResponse, clientResponse, options = {}) {
}
if (eventData.response.usage) {
usageData = eventData.response.usage
logger.debug('🎯 Stream usage (backup method - response.usage):', usageData)
logger.debug('Captured Azure OpenAI nested usage (response.usage):', usageData)
}
}
// 兼容 Chat Completions 风格(顶层 usage
if (!usageData && eventData.usage) {
usageData = eventData.usage
logger.debug('🎯 Stream usage (backup method - top-level):', usageData)
logger.debug('Captured Azure OpenAI usage (top-level):', usageData)
}
// 检查是否是完成事件
if (eventData.choices && eventData.choices[0] && eventData.choices[0].finish_reason) {
// 这是最后一个 chunk
}
} catch (e) {
logger.debug('SSE parsing error (expected for incomplete chunks):', e.message)
// 忽略解析错误
}
}
}
@@ -417,19 +387,10 @@ function handleStreamResponse(upstreamResponse, clientResponse, options = {}) {
// 同时解析数据以捕获 usage 信息,带缓冲区大小限制
buffer += chunkStr
// 保留最后的chunks用于最终usage提取不被truncate影响
finalChunksBuffer += chunkStr
if (finalChunksBuffer.length > FINAL_CHUNKS_SIZE) {
finalChunksBuffer = finalChunksBuffer.slice(-FINAL_CHUNKS_SIZE)
}
// 防止主缓冲区过大 - 但保持最后部分用于usage解析
// 防止缓冲区过大
if (buffer.length > MAX_BUFFER_SIZE) {
logger.warn(
`Stream ${streamId} buffer exceeded limit, truncating main buffer but preserving final chunks`
)
// 保留最后1/4而不是1/2为usage数据留更多空间
buffer = buffer.slice(-MAX_BUFFER_SIZE / 4)
logger.warn(`Stream ${streamId} buffer exceeded limit, truncating`)
buffer = buffer.slice(-MAX_BUFFER_SIZE / 2) // 保留后一半
}
// 处理完整的 SSE 事件
@@ -465,91 +426,9 @@ function handleStreamResponse(upstreamResponse, clientResponse, options = {}) {
hasEnded = true
try {
logger.debug(`🔚 Stream ended, performing comprehensive usage extraction for ${streamId}`, {
mainBufferSize: buffer.length,
finalChunksBufferSize: finalChunksBuffer.length,
parsedEventsCount: allParsedEvents.length,
hasUsageData: !!usageData
})
// 多层次的最终usage提取策略
if (!usageData) {
logger.debug('🔍 No usage found during stream, trying final extraction methods...')
// 方法1: 解析剩余的主buffer
// 处理剩余的 buffer
if (buffer.trim() && buffer.length <= MAX_EVENT_SIZE) {
parseSSEForUsage(buffer, false)
}
// 方法2: 解析保留的final chunks buffer
if (!usageData && finalChunksBuffer.trim()) {
logger.debug('🔍 Trying final chunks buffer for usage extraction...')
parseSSEForUsage(finalChunksBuffer, true)
}
// 方法3: 从所有解析的事件中重新搜索usage
if (!usageData && allParsedEvents.length > 0) {
logger.debug('🔍 Searching through all parsed events for usage...')
// 倒序查找因为usage通常在最后
for (let i = allParsedEvents.length - 1; i >= 0; i--) {
const { usageData: foundUsage, actualModel: foundModel } = extractUsageDataRobust(
allParsedEvents[i],
`final-event-scan-${i}`
)
if (foundUsage) {
usageData = foundUsage
if (foundModel) {
actualModel = foundModel
}
logger.debug(`🎯 Usage found in event ${i} during final scan!`)
break
}
}
}
// 方法4: 尝试合并所有事件并搜索
if (!usageData && allParsedEvents.length > 0) {
logger.debug('🔍 Trying combined events analysis...')
const combinedData = {
events: allParsedEvents,
lastEvent: allParsedEvents[allParsedEvents.length - 1],
eventCount: allParsedEvents.length
}
const { usageData: combinedUsage } = extractUsageDataRobust(
combinedData,
'combined-events'
)
if (combinedUsage) {
usageData = combinedUsage
logger.debug('🎯 Usage found via combined events analysis!')
}
}
}
// 最终usage状态报告
if (usageData) {
logger.debug('✅ Final stream usage extraction SUCCESS', {
streamId,
usageData,
actualModel,
totalEvents: allParsedEvents.length,
finalBufferSize: finalChunksBuffer.length
})
} else {
logger.warn('❌ Final stream usage extraction FAILED', {
streamId,
totalEvents: allParsedEvents.length,
finalBufferSize: finalChunksBuffer.length,
mainBufferSize: buffer.length,
lastFewEvents: allParsedEvents.slice(-3).map((e) => ({
type: e.type,
hasUsage: !!e.usage,
hasResponse: !!e.response,
keys: Object.keys(e)
}))
})
parseSSEForUsage(buffer)
}
if (onEnd) {
@@ -605,120 +484,6 @@ function handleStreamResponse(upstreamResponse, clientResponse, options = {}) {
})
}
// 强化的用量数据提取函数
function extractUsageDataRobust(responseData, context = 'unknown') {
logger.debug(`🔍 Attempting usage extraction for ${context}`, {
responseDataKeys: Object.keys(responseData || {}),
responseDataType: typeof responseData,
hasUsage: !!responseData?.usage,
hasResponse: !!responseData?.response
})
let usageData = null
let actualModel = null
try {
// 策略 1: 顶层 usage (标准 Chat Completions)
if (responseData?.usage) {
usageData = responseData.usage
actualModel = responseData.model
logger.debug('✅ Usage extracted via Strategy 1 (top-level)', { usageData, actualModel })
}
// 策略 2: response.usage (Responses API)
else if (responseData?.response?.usage) {
usageData = responseData.response.usage
actualModel = responseData.response.model || responseData.model
logger.debug('✅ Usage extracted via Strategy 2 (response.usage)', { usageData, actualModel })
}
// 策略 3: 嵌套搜索 - 深度查找 usage 字段
else {
const findUsageRecursive = (obj, path = '') => {
if (!obj || typeof obj !== 'object') {
return null
}
for (const [key, value] of Object.entries(obj)) {
const currentPath = path ? `${path}.${key}` : key
if (key === 'usage' && value && typeof value === 'object') {
logger.debug(`✅ Usage found at path: ${currentPath}`, value)
return { usage: value, path: currentPath }
}
if (typeof value === 'object' && value !== null) {
const nested = findUsageRecursive(value, currentPath)
if (nested) {
return nested
}
}
}
return null
}
const found = findUsageRecursive(responseData)
if (found) {
usageData = found.usage
// Try to find model in the same parent object
const pathParts = found.path.split('.')
pathParts.pop() // remove 'usage'
let modelParent = responseData
for (const part of pathParts) {
modelParent = modelParent?.[part]
}
actualModel = modelParent?.model || responseData?.model
logger.debug('✅ Usage extracted via Strategy 3 (recursive)', {
usageData,
actualModel,
foundPath: found.path
})
}
}
// 策略 4: 特殊响应格式处理
if (!usageData) {
// 检查是否有 choices 数组usage 可能在最后一个 choice 中
if (responseData?.choices?.length > 0) {
const lastChoice = responseData.choices[responseData.choices.length - 1]
if (lastChoice?.usage) {
usageData = lastChoice.usage
actualModel = responseData.model || lastChoice.model
logger.debug('✅ Usage extracted via Strategy 4 (choices)', { usageData, actualModel })
}
}
}
// 最终验证和记录
if (usageData) {
logger.debug('🎯 Final usage extraction result', {
context,
usageData,
actualModel,
inputTokens: usageData.prompt_tokens || usageData.input_tokens || 0,
outputTokens: usageData.completion_tokens || usageData.output_tokens || 0,
totalTokens: usageData.total_tokens || 0
})
} else {
logger.warn('❌ Failed to extract usage data', {
context,
responseDataStructure: `${JSON.stringify(responseData, null, 2).substring(0, 1000)}...`,
availableKeys: Object.keys(responseData || {}),
responseSize: JSON.stringify(responseData || {}).length
})
}
} catch (extractionError) {
logger.error('🚨 Error during usage extraction', {
context,
error: extractionError.message,
stack: extractionError.stack,
responseDataType: typeof responseData
})
}
return { usageData, actualModel }
}
// 处理非流式响应
function handleNonStreamResponse(upstreamResponse, clientResponse) {
try {
@@ -745,8 +510,9 @@ function handleNonStreamResponse(upstreamResponse, clientResponse) {
const responseData = upstreamResponse.data
clientResponse.json(responseData)
// 使用强化的用量提取
const { usageData, actualModel } = extractUsageDataRobust(responseData, 'non-stream')
// 提取 usage 数据
const usageData = responseData.usage
const actualModel = responseData.model
return { usageData, actualModel, responseData }
} catch (error) {

41
src/services/bedrockAccountService.js
View File

@@ -56,11 +56,6 @@ class BedrockAccountService {
priority,
schedulable,
credentialType,
// ✅ 新增:账户订阅到期时间(业务字段,手动管理)
// 注意Bedrock 使用 AWS 凭证,没有 OAuth token因此没有 expiresAt
subscriptionExpiresAt: options.subscriptionExpiresAt || null,
createdAt: new Date().toISOString(),
updatedAt: new Date().toISOString(),
type: 'bedrock' // 标识这是Bedrock账户
@@ -147,14 +142,9 @@ class BedrockAccountService {
priority: account.priority,
schedulable: account.schedulable,
credentialType: account.credentialType,
// ✅ 前端显示订阅过期时间(业务字段)
expiresAt: account.subscriptionExpiresAt || null,
createdAt: account.createdAt,
updatedAt: account.updatedAt,
type: 'bedrock',
platform: 'bedrock',
hasCredentials: !!account.awsCredentials
})
}
@@ -235,12 +225,6 @@ class BedrockAccountService {
logger.info(`🔐 重新加密Bedrock账户凭证 - ID: ${accountId}`)
}
// ✅ 直接保存 subscriptionExpiresAt如果提供
// Bedrock 没有 token 刷新逻辑,不会覆盖此字段
if (updates.subscriptionExpiresAt !== undefined) {
account.subscriptionExpiresAt = updates.subscriptionExpiresAt
}
account.updatedAt = new Date().toISOString()
await client.set(`bedrock_account:${accountId}`, JSON.stringify(account))
@@ -298,17 +282,9 @@ class BedrockAccountService {
return { success: false, error: 'Failed to get accounts' }
}
const availableAccounts = accountsResult.data.filter((account) => {
// ✅ 检查账户订阅是否过期
if (this.isSubscriptionExpired(account)) {
logger.debug(
`⏰ Skipping expired Bedrock account: ${account.name}, expired at ${account.subscriptionExpiresAt || account.expiresAt}`
const availableAccounts = accountsResult.data.filter(
(account) => account.isActive && account.schedulable
)
return false
}
return account.isActive && account.schedulable
})
if (availableAccounts.length === 0) {
return { success: false, error: 'No available Bedrock accounts' }
@@ -376,19 +352,6 @@ class BedrockAccountService {
}
}
/**
* 检查账户订阅是否过期
* @param {Object} account - 账户对象
* @returns {boolean} - true: 已过期, false: 未过期
*/
isSubscriptionExpired(account) {
if (!account.subscriptionExpiresAt) {
return false // 未设置视为永不过期
}
const expiryDate = new Date(account.subscriptionExpiresAt)
return expiryDate <= new Date()
}
// 🔑 生成加密密钥(缓存优化)
_generateEncryptionKey() {
if (!this._encryptionKeyCache) {

202
src/services/bedrockRelayService.js
View File

@@ -6,7 +6,6 @@ const {
const { fromEnv } = require('@aws-sdk/credential-providers')
const logger = require('../utils/logger')
const config = require('../../config/config')
const userMessageQueueService = require('./userMessageQueueService')
class BedrockRelayService {
constructor() {
@@ -70,68 +69,7 @@ class BedrockRelayService {
// 处理非流式请求
async handleNonStreamRequest(requestBody, bedrockAccount = null) {
const accountId = bedrockAccount?.id
let queueLockAcquired = false
let queueRequestId = null
try {
// 📬 用户消息队列处理
if (userMessageQueueService.isUserMessageRequest(requestBody)) {
// 校验 accountId 非空,避免空值污染队列锁键
if (!accountId || accountId === '') {
logger.error('❌ accountId missing for queue lock in Bedrock handleNonStreamRequest')
throw new Error('accountId missing for queue lock')
}
const queueResult = await userMessageQueueService.acquireQueueLock(accountId)
if (!queueResult.acquired && !queueResult.skipped) {
// 区分 Redis 后端错误和队列超时
const isBackendError = queueResult.error === 'queue_backend_error'
const errorCode = isBackendError ? 'QUEUE_BACKEND_ERROR' : 'QUEUE_TIMEOUT'
const errorType = isBackendError ? 'queue_backend_error' : 'queue_timeout'
const errorMessage = isBackendError
? 'Queue service temporarily unavailable, please retry later'
: 'User message queue wait timeout, please retry later'
const statusCode = isBackendError ? 500 : 503
// 结构化性能日志,用于后续统计
logger.performance('user_message_queue_error', {
errorType,
errorCode,
accountId,
statusCode,
backendError: isBackendError ? queueResult.errorMessage : undefined
})
logger.warn(
`📬 User message queue ${errorType} for Bedrock account ${accountId}`,
isBackendError ? { backendError: queueResult.errorMessage } : {}
)
return {
statusCode,
headers: {
'Content-Type': 'application/json',
'x-user-message-queue-error': errorType
},
body: JSON.stringify({
type: 'error',
error: {
type: errorType,
code: errorCode,
message: errorMessage
}
}),
success: false
}
}
if (queueResult.acquired && !queueResult.skipped) {
queueLockAcquired = true
queueRequestId = queueResult.requestId
logger.debug(
`📬 User message queue lock acquired for Bedrock account ${accountId}, requestId: ${queueRequestId}`
)
}
}
const modelId = this._selectModel(requestBody, bedrockAccount)
const region = this._selectRegion(modelId, bedrockAccount)
const client = this._getBedrockClient(region, bedrockAccount)
@@ -152,23 +90,6 @@ class BedrockRelayService {
const response = await client.send(command)
const duration = Date.now() - startTime
// 📬 请求已发送成功,立即释放队列锁(无需等待响应处理完成)
// 因为限流基于请求发送时刻计算RPM不是请求完成时刻
if (queueLockAcquired && queueRequestId && accountId) {
try {
await userMessageQueueService.releaseQueueLock(accountId, queueRequestId)
queueLockAcquired = false // 标记已释放,防止 finally 重复释放
logger.debug(
`📬 User message queue lock released early for Bedrock account ${accountId}, requestId: ${queueRequestId}`
)
} catch (releaseError) {
logger.error(
`❌ Failed to release user message queue lock early for Bedrock account ${accountId}:`,
releaseError.message
)
}
}
// 解析响应
const responseBody = JSON.parse(new TextDecoder().decode(response.body))
const claudeResponse = this._convertFromBedrockFormat(responseBody)
@@ -185,94 +106,12 @@ class BedrockRelayService {
} catch (error) {
logger.error('❌ Bedrock非流式请求失败:', error)
throw this._handleBedrockError(error)
} finally {
// 📬 释放用户消息队列锁(兜底,正常情况下已在请求发送后提前释放)
if (queueLockAcquired && queueRequestId && accountId) {
try {
await userMessageQueueService.releaseQueueLock(accountId, queueRequestId)
logger.debug(
`📬 User message queue lock released in finally for Bedrock account ${accountId}, requestId: ${queueRequestId}`
)
} catch (releaseError) {
logger.error(
`❌ Failed to release user message queue lock for Bedrock account ${accountId}:`,
releaseError.message
)
}
}
}
}
// 处理流式请求
async handleStreamRequest(requestBody, bedrockAccount = null, res) {
const accountId = bedrockAccount?.id
let queueLockAcquired = false
let queueRequestId = null
try {
// 📬 用户消息队列处理
if (userMessageQueueService.isUserMessageRequest(requestBody)) {
// 校验 accountId 非空,避免空值污染队列锁键
if (!accountId || accountId === '') {
logger.error('❌ accountId missing for queue lock in Bedrock handleStreamRequest')
throw new Error('accountId missing for queue lock')
}
const queueResult = await userMessageQueueService.acquireQueueLock(accountId)
if (!queueResult.acquired && !queueResult.skipped) {
// 区分 Redis 后端错误和队列超时
const isBackendError = queueResult.error === 'queue_backend_error'
const errorCode = isBackendError ? 'QUEUE_BACKEND_ERROR' : 'QUEUE_TIMEOUT'
const errorType = isBackendError ? 'queue_backend_error' : 'queue_timeout'
const errorMessage = isBackendError
? 'Queue service temporarily unavailable, please retry later'
: 'User message queue wait timeout, please retry later'
const statusCode = isBackendError ? 500 : 503
// 结构化性能日志,用于后续统计
logger.performance('user_message_queue_error', {
errorType,
errorCode,
accountId,
statusCode,
stream: true,
backendError: isBackendError ? queueResult.errorMessage : undefined
})
logger.warn(
`📬 User message queue ${errorType} for Bedrock account ${accountId} (stream)`,
isBackendError ? { backendError: queueResult.errorMessage } : {}
)
if (!res.headersSent) {
const existingConnection = res.getHeader ? res.getHeader('Connection') : null
res.writeHead(statusCode, {
'Content-Type': 'text/event-stream',
'Cache-Control': 'no-cache',
Connection: existingConnection || 'keep-alive',
'x-user-message-queue-error': errorType
})
}
const errorEvent = `event: error\ndata: ${JSON.stringify({
type: 'error',
error: {
type: errorType,
code: errorCode,
message: errorMessage
}
})}\n\n`
res.write(errorEvent)
res.write('data: [DONE]\n\n')
res.end()
return { success: false, error: errorType }
}
if (queueResult.acquired && !queueResult.skipped) {
queueLockAcquired = true
queueRequestId = queueResult.requestId
logger.debug(
`📬 User message queue lock acquired for Bedrock account ${accountId} (stream), requestId: ${queueRequestId}`
)
}
}
const modelId = this._selectModel(requestBody, bedrockAccount)
const region = this._selectRegion(modelId, bedrockAccount)
const client = this._getBedrockClient(region, bedrockAccount)
@@ -292,35 +131,11 @@ class BedrockRelayService {
const startTime = Date.now()
const response = await client.send(command)
// 📬 请求已发送成功,立即释放队列锁(无需等待响应处理完成)
// 因为限流基于请求发送时刻计算RPM不是请求完成时刻
if (queueLockAcquired && queueRequestId && accountId) {
try {
await userMessageQueueService.releaseQueueLock(accountId, queueRequestId)
queueLockAcquired = false // 标记已释放,防止 finally 重复释放
logger.debug(
`📬 User message queue lock released early for Bedrock stream account ${accountId}, requestId: ${queueRequestId}`
)
} catch (releaseError) {
logger.error(
`❌ Failed to release user message queue lock early for Bedrock stream account ${accountId}:`,
releaseError.message
)
}
}
// 设置SSE响应头
// ⚠️ 关键修复:尊重 auth.js 提前设置的 Connection: close
const existingConnection = res.getHeader ? res.getHeader('Connection') : null
if (existingConnection) {
logger.debug(
`🔌 [Bedrock Stream] Preserving existing Connection header: ${existingConnection}`
)
}
res.writeHead(200, {
'Content-Type': 'text/event-stream',
'Cache-Control': 'no-cache',
Connection: existingConnection || 'keep-alive',
Connection: 'keep-alive',
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'Content-Type, Authorization'
})
@@ -376,21 +191,6 @@ class BedrockRelayService {
res.end()
throw this._handleBedrockError(error)
} finally {
// 📬 释放用户消息队列锁(兜底,正常情况下已在请求发送后提前释放)
if (queueLockAcquired && queueRequestId && accountId) {
try {
await userMessageQueueService.releaseQueueLock(accountId, queueRequestId)
logger.debug(
`📬 User message queue lock released in finally for Bedrock stream account ${accountId}, requestId: ${queueRequestId}`
)
} catch (releaseError) {
logger.error(
`❌ Failed to release user message queue lock for Bedrock stream account ${accountId}:`,
releaseError.message
)
}
}
}
}

224
src/services/billingEventPublisher.js
View File

@@ -1,224 +0,0 @@
const redis = require('../models/redis')
const logger = require('../utils/logger')
/**
* 计费事件发布器 - 使用 Redis Stream 解耦计费系统
*
* 设计原则:
* 1. 异步非阻塞: 发布失败不影响主流程
* 2. 结构化数据: 使用标准化的事件格式
* 3. 可追溯性: 每个事件包含完整上下文
*/
class BillingEventPublisher {
constructor() {
this.streamKey = 'billing:events'
this.maxLength = 100000 // 保留最近 10 万条事件
this.enabled = process.env.BILLING_EVENTS_ENABLED !== 'false' // 默认开启
}
/**
* 发布计费事件
* @param {Object} eventData - 事件数据
* @returns {Promise<string|null>} - 事件ID 或 null
*/
async publishBillingEvent(eventData) {
if (!this.enabled) {
logger.debug('📭 Billing events disabled, skipping publish')
return null
}
try {
const client = redis.getClientSafe()
// 构建标准化事件
const event = {
// 事件元数据
eventId: `${Date.now()}-${Math.random().toString(36).substr(2, 9)}`,
eventType: 'usage.recorded',
timestamp: new Date().toISOString(),
version: '1.0',
// 核心计费数据
apiKey: {
id: eventData.keyId,
name: eventData.keyName || null,
userId: eventData.userId || null
},
// 使用量详情
usage: {
model: eventData.model,
inputTokens: eventData.inputTokens || 0,
outputTokens: eventData.outputTokens || 0,
cacheCreateTokens: eventData.cacheCreateTokens || 0,
cacheReadTokens: eventData.cacheReadTokens || 0,
ephemeral5mTokens: eventData.ephemeral5mTokens || 0,
ephemeral1hTokens: eventData.ephemeral1hTokens || 0,
totalTokens: eventData.totalTokens || 0
},
// 费用详情
cost: {
total: eventData.cost || 0,
currency: 'USD',
breakdown: {
input: eventData.costBreakdown?.input || 0,
output: eventData.costBreakdown?.output || 0,
cacheCreate: eventData.costBreakdown?.cacheCreate || 0,
cacheRead: eventData.costBreakdown?.cacheRead || 0,
ephemeral5m: eventData.costBreakdown?.ephemeral5m || 0,
ephemeral1h: eventData.costBreakdown?.ephemeral1h || 0
}
},
// 账户信息
account: {
id: eventData.accountId || null,
type: eventData.accountType || null
},
// 请求上下文
context: {
isLongContext: eventData.isLongContext || false,
requestTimestamp: eventData.requestTimestamp || new Date().toISOString()
}
}
// 使用 XADD 发布事件到 Stream
// MAXLEN ~ 10000: 近似截断,保持性能
const messageId = await client.xadd(
this.streamKey,
'MAXLEN',
'~',
this.maxLength,
'*', // 自动生成消息ID
'data',
JSON.stringify(event)
)
logger.debug(
`📤 Published billing event: ${messageId} | Key: ${eventData.keyId} | Cost: $${event.cost.total.toFixed(6)}`
)
return messageId
} catch (error) {
// ⚠️ 发布失败不影响主流程,只记录错误
logger.error('❌ Failed to publish billing event:', error)
return null
}
}
/**
* 批量发布计费事件(优化性能)
* @param {Array<Object>} events - 事件数组
* @returns {Promise<number>} - 成功发布的事件数
*/
async publishBatchBillingEvents(events) {
if (!this.enabled || !events || events.length === 0) {
return 0
}
try {
const client = redis.getClientSafe()
const pipeline = client.pipeline()
events.forEach((eventData) => {
const event = {
eventId: `${Date.now()}-${Math.random().toString(36).substr(2, 9)}`,
eventType: 'usage.recorded',
timestamp: new Date().toISOString(),
version: '1.0',
apiKey: {
id: eventData.keyId,
name: eventData.keyName || null
},
usage: {
model: eventData.model,
inputTokens: eventData.inputTokens || 0,
outputTokens: eventData.outputTokens || 0,
totalTokens: eventData.totalTokens || 0
},
cost: {
total: eventData.cost || 0,
currency: 'USD'
}
}
pipeline.xadd(
this.streamKey,
'MAXLEN',
'~',
this.maxLength,
'*',
'data',
JSON.stringify(event)
)
})
const results = await pipeline.exec()
const successCount = results.filter((r) => r[0] === null).length
logger.info(`📤 Batch published ${successCount}/${events.length} billing events`)
return successCount
} catch (error) {
logger.error('❌ Failed to batch publish billing events:', error)
return 0
}
}
/**
* 获取 Stream 信息(用于监控)
* @returns {Promise<Object>}
*/
async getStreamInfo() {
try {
const client = redis.getClientSafe()
const info = await client.xinfo('STREAM', this.streamKey)
// 解析 Redis XINFO 返回的数组格式
const result = {}
for (let i = 0; i < info.length; i += 2) {
result[info[i]] = info[i + 1]
}
return {
length: result.length || 0,
firstEntry: result['first-entry'] || null,
lastEntry: result['last-entry'] || null,
groups: result.groups || 0
}
} catch (error) {
if (error.message.includes('no such key')) {
return { length: 0, groups: 0 }
}
logger.error('❌ Failed to get stream info:', error)
return null
}
}
/**
* 创建消费者组(供外部计费系统使用)
* @param {string} groupName - 消费者组名称
* @returns {Promise<boolean>}
*/
async createConsumerGroup(groupName = 'billing-system') {
try {
const client = redis.getClientSafe()
// MKSTREAM: 如果 stream 不存在则创建
await client.xgroup('CREATE', this.streamKey, groupName, '0', 'MKSTREAM')
logger.success(`✅ Created consumer group: ${groupName}`)
return true
} catch (error) {
if (error.message.includes('BUSYGROUP')) {
logger.debug(`Consumer group ${groupName} already exists`)
return true
}
logger.error(`❌ Failed to create consumer group ${groupName}:`, error)
return false
}
}
}
module.exports = new BillingEventPublisher()

957
src/services/ccrAccountService.js
View File

@@ -1,957 +0,0 @@
const { v4: uuidv4 } = require('uuid')
const crypto = require('crypto')
const ProxyHelper = require('../utils/proxyHelper')
const redis = require('../models/redis')
const logger = require('../utils/logger')
const config = require('../../config/config')
const LRUCache = require('../utils/lruCache')
class CcrAccountService {
constructor() {
// 加密相关常量
this.ENCRYPTION_ALGORITHM = 'aes-256-cbc'
this.ENCRYPTION_SALT = 'ccr-account-salt'
// Redis键前缀
this.ACCOUNT_KEY_PREFIX = 'ccr_account:'
this.SHARED_ACCOUNTS_KEY = 'shared_ccr_accounts'
// 🚀 性能优化:缓存派生的加密密钥,避免每次重复计算
// scryptSync 是 CPU 密集型操作,缓存可以减少 95%+ 的 CPU 密集型操作
this._encryptionKeyCache = null
// 🔄 解密结果缓存,提高解密性能
this._decryptCache = new LRUCache(500)
// 🧹 定期清理缓存每10分钟
setInterval(
() => {
this._decryptCache.cleanup()
logger.info('🧹 CCR account decrypt cache cleanup completed', this._decryptCache.getStats())
},
10 * 60 * 1000
)
}
// 🏢 创建CCR账户
async createAccount(options = {}) {
const {
name = 'CCR Account',
description = '',
apiUrl = '',
apiKey = '',
priority = 50, // 默认优先级501-100
supportedModels = [], // 支持的模型列表或映射表,空数组/对象表示支持所有
userAgent = 'claude-relay-service/1.0.0',
rateLimitDuration = 60, // 限流时间(分钟)
proxy = null,
isActive = true,
accountType = 'shared', // 'dedicated' or 'shared'
schedulable = true, // 是否可被调度
dailyQuota = 0, // 每日额度限制美元0表示不限制
quotaResetTime = '00:00' // 额度重置时间HH:mm格式
} = options
// 验证必填字段
if (!apiUrl || !apiKey) {
throw new Error('API URL and API Key are required for CCR account')
}
const accountId = uuidv4()
// 处理 supportedModels确保向后兼容
const processedModels = this._processModelMapping(supportedModels)
const accountData = {
id: accountId,
platform: 'ccr',
name,
description,
apiUrl,
apiKey: this._encryptSensitiveData(apiKey),
priority: priority.toString(),
supportedModels: JSON.stringify(processedModels),
userAgent,
rateLimitDuration: rateLimitDuration.toString(),
proxy: proxy ? JSON.stringify(proxy) : '',
isActive: isActive.toString(),
accountType,
// ✅ 新增:账户订阅到期时间(业务字段,手动管理)
// 注意CCR 使用 API Key 认证,没有 OAuth token因此没有 expiresAt
subscriptionExpiresAt: options.subscriptionExpiresAt || null,
createdAt: new Date().toISOString(),
lastUsedAt: '',
status: 'active',
errorMessage: '',
// 限流相关
rateLimitedAt: '',
rateLimitStatus: '',
// 调度控制
schedulable: schedulable.toString(),
// 额度管理相关
dailyQuota: dailyQuota.toString(), // 每日额度限制(美元)
dailyUsage: '0', // 当日使用金额(美元)
// 使用与统计一致的时区日期,避免边界问题
lastResetDate: redis.getDateStringInTimezone(), // 最后重置日期(按配置时区)
quotaResetTime, // 额度重置时间
quotaStoppedAt: '' // 因额度停用的时间
}
const client = redis.getClientSafe()
logger.debug(
`[DEBUG] Saving CCR account data to Redis with key: ${this.ACCOUNT_KEY_PREFIX}${accountId}`
)
logger.debug(`[DEBUG] CCR Account data to save: ${JSON.stringify(accountData, null, 2)}`)
await client.hset(`${this.ACCOUNT_KEY_PREFIX}${accountId}`, accountData)
// 如果是共享账户,添加到共享账户集合
if (accountType === 'shared') {
await client.sadd(this.SHARED_ACCOUNTS_KEY, accountId)
}
logger.success(`🏢 Created CCR account: ${name} (${accountId})`)
return {
id: accountId,
name,
description,
apiUrl,
priority,
supportedModels,
userAgent,
rateLimitDuration,
isActive,
proxy,
accountType,
status: 'active',
createdAt: accountData.createdAt,
dailyQuota,
dailyUsage: 0,
lastResetDate: accountData.lastResetDate,
quotaResetTime,
quotaStoppedAt: null
}
}
// 📋 获取所有CCR账户
async getAllAccounts() {
try {
const client = redis.getClientSafe()
const keys = await client.keys(`${this.ACCOUNT_KEY_PREFIX}*`)
const accounts = []
for (const key of keys) {
const accountData = await client.hgetall(key)
if (accountData && Object.keys(accountData).length > 0) {
// 获取限流状态信息
const rateLimitInfo = this._getRateLimitInfo(accountData)
accounts.push({
id: accountData.id,
platform: accountData.platform,
name: accountData.name,
description: accountData.description,
apiUrl: accountData.apiUrl,
priority: parseInt(accountData.priority) || 50,
supportedModels: JSON.parse(accountData.supportedModels || '[]'),
userAgent: accountData.userAgent,
rateLimitDuration: Number.isNaN(parseInt(accountData.rateLimitDuration))
? 60
: parseInt(accountData.rateLimitDuration),
isActive: accountData.isActive === 'true',
proxy: accountData.proxy ? JSON.parse(accountData.proxy) : null,
accountType: accountData.accountType || 'shared',
createdAt: accountData.createdAt,
lastUsedAt: accountData.lastUsedAt,
status: accountData.status || 'active',
errorMessage: accountData.errorMessage,
rateLimitInfo,
schedulable: accountData.schedulable !== 'false', // 默认为true只有明确设置为false才不可调度
// ✅ 前端显示订阅过期时间(业务字段)
expiresAt: accountData.subscriptionExpiresAt || null,
// 额度管理相关
dailyQuota: parseFloat(accountData.dailyQuota || '0'),
dailyUsage: parseFloat(accountData.dailyUsage || '0'),
lastResetDate: accountData.lastResetDate || '',
quotaResetTime: accountData.quotaResetTime || '00:00',
quotaStoppedAt: accountData.quotaStoppedAt || null
})
}
}
return accounts
} catch (error) {
logger.error('❌ Failed to get CCR accounts:', error)
throw error
}
}
// 🔍 获取单个账户(内部使用,包含敏感信息)
async getAccount(accountId) {
const client = redis.getClientSafe()
logger.debug(`[DEBUG] Getting CCR account data for ID: ${accountId}`)
const accountData = await client.hgetall(`${this.ACCOUNT_KEY_PREFIX}${accountId}`)
if (!accountData || Object.keys(accountData).length === 0) {
logger.debug(`[DEBUG] No CCR account data found for ID: ${accountId}`)
return null
}
logger.debug(`[DEBUG] Raw CCR account data keys: ${Object.keys(accountData).join(', ')}`)
logger.debug(`[DEBUG] Raw supportedModels value: ${accountData.supportedModels}`)
// 解密敏感字段只解密apiKeyapiUrl不加密
const decryptedKey = this._decryptSensitiveData(accountData.apiKey)
logger.debug(
`[DEBUG] URL exists: ${!!accountData.apiUrl}, Decrypted key exists: ${!!decryptedKey}`
)
accountData.apiKey = decryptedKey
// 解析JSON字段
const parsedModels = JSON.parse(accountData.supportedModels || '[]')
logger.debug(`[DEBUG] Parsed supportedModels: ${JSON.stringify(parsedModels)}`)
accountData.supportedModels = parsedModels
accountData.priority = parseInt(accountData.priority) || 50
{
const _parsedDuration = parseInt(accountData.rateLimitDuration)
accountData.rateLimitDuration = Number.isNaN(_parsedDuration) ? 60 : _parsedDuration
}
accountData.isActive = accountData.isActive === 'true'
accountData.schedulable = accountData.schedulable !== 'false' // 默认为true
if (accountData.proxy) {
accountData.proxy = JSON.parse(accountData.proxy)
}
logger.debug(
`[DEBUG] Final CCR account data - name: ${accountData.name}, hasApiUrl: ${!!accountData.apiUrl}, hasApiKey: ${!!accountData.apiKey}, supportedModels: ${JSON.stringify(accountData.supportedModels)}`
)
return accountData
}
// 📝 更新账户
async updateAccount(accountId, updates) {
try {
const existingAccount = await this.getAccount(accountId)
if (!existingAccount) {
throw new Error('CCR Account not found')
}
const client = redis.getClientSafe()
const updatedData = {}
// 处理各个字段的更新
logger.debug(
`[DEBUG] CCR update request received with fields: ${Object.keys(updates).join(', ')}`
)
logger.debug(`[DEBUG] CCR Updates content: ${JSON.stringify(updates, null, 2)}`)
if (updates.name !== undefined) {
updatedData.name = updates.name
}
if (updates.description !== undefined) {
updatedData.description = updates.description
}
if (updates.apiUrl !== undefined) {
updatedData.apiUrl = updates.apiUrl
}
if (updates.apiKey !== undefined) {
updatedData.apiKey = this._encryptSensitiveData(updates.apiKey)
}
if (updates.priority !== undefined) {
updatedData.priority = updates.priority.toString()
}
if (updates.supportedModels !== undefined) {
logger.debug(`[DEBUG] Updating supportedModels: ${JSON.stringify(updates.supportedModels)}`)
// 处理 supportedModels确保向后兼容
const processedModels = this._processModelMapping(updates.supportedModels)
updatedData.supportedModels = JSON.stringify(processedModels)
}
if (updates.userAgent !== undefined) {
updatedData.userAgent = updates.userAgent
}
if (updates.rateLimitDuration !== undefined) {
updatedData.rateLimitDuration = updates.rateLimitDuration.toString()
}
if (updates.proxy !== undefined) {
updatedData.proxy = updates.proxy ? JSON.stringify(updates.proxy) : ''
}
if (updates.isActive !== undefined) {
updatedData.isActive = updates.isActive.toString()
}
if (updates.schedulable !== undefined) {
updatedData.schedulable = updates.schedulable.toString()
}
if (updates.dailyQuota !== undefined) {
updatedData.dailyQuota = updates.dailyQuota.toString()
}
if (updates.quotaResetTime !== undefined) {
updatedData.quotaResetTime = updates.quotaResetTime
}
// ✅ 直接保存 subscriptionExpiresAt如果提供
// CCR 使用 API Key没有 token 刷新逻辑,不会覆盖此字段
if (updates.subscriptionExpiresAt !== undefined) {
updatedData.subscriptionExpiresAt = updates.subscriptionExpiresAt
}
await client.hset(`${this.ACCOUNT_KEY_PREFIX}${accountId}`, updatedData)
// 处理共享账户集合变更
if (updates.accountType !== undefined) {
updatedData.accountType = updates.accountType
if (updates.accountType === 'shared') {
await client.sadd(this.SHARED_ACCOUNTS_KEY, accountId)
} else {
await client.srem(this.SHARED_ACCOUNTS_KEY, accountId)
}
}
logger.success(`📝 Updated CCR account: ${accountId}`)
return await this.getAccount(accountId)
} catch (error) {
logger.error(`❌ Failed to update CCR account ${accountId}:`, error)
throw error
}
}
// 🗑️ 删除账户
async deleteAccount(accountId) {
try {
const client = redis.getClientSafe()
// 从共享账户集合中移除
await client.srem(this.SHARED_ACCOUNTS_KEY, accountId)
// 删除账户数据
const result = await client.del(`${this.ACCOUNT_KEY_PREFIX}${accountId}`)
if (result === 0) {
throw new Error('CCR Account not found or already deleted')
}
logger.success(`🗑️ Deleted CCR account: ${accountId}`)
return { success: true }
} catch (error) {
logger.error(`❌ Failed to delete CCR account ${accountId}:`, error)
throw error
}
}
// 🚫 标记账户为限流状态
async markAccountRateLimited(accountId) {
try {
const client = redis.getClientSafe()
const account = await this.getAccount(accountId)
if (!account) {
throw new Error('CCR Account not found')
}
// 如果限流时间设置为 0表示不启用限流机制直接返回
if (account.rateLimitDuration === 0) {
logger.info(
` CCR account ${account.name} (${accountId}) has rate limiting disabled, skipping rate limit`
)
return { success: true, skipped: true }
}
const now = new Date().toISOString()
await client.hmset(`${this.ACCOUNT_KEY_PREFIX}${accountId}`, {
status: 'rate_limited',
rateLimitedAt: now,
rateLimitStatus: 'active',
errorMessage: 'Rate limited by upstream service'
})
logger.warn(`⏱️ Marked CCR account as rate limited: ${account.name} (${accountId})`)
return { success: true, rateLimitedAt: now }
} catch (error) {
logger.error(`❌ Failed to mark CCR account as rate limited: ${accountId}`, error)
throw error
}
}
// ✅ 移除账户限流状态
async removeAccountRateLimit(accountId) {
try {
const client = redis.getClientSafe()
const accountKey = `${this.ACCOUNT_KEY_PREFIX}${accountId}`
// 获取账户当前状态和额度信息
const [, quotaStoppedAt] = await client.hmget(accountKey, 'status', 'quotaStoppedAt')
// 删除限流相关字段
await client.hdel(accountKey, 'rateLimitedAt', 'rateLimitStatus')
// 根据不同情况决定是否恢复账户
let newStatus = 'active'
let errorMessage = ''
// 如果因额度问题停用,不要自动激活
if (quotaStoppedAt) {
newStatus = 'quota_exceeded'
errorMessage = 'Account stopped due to quota exceeded'
logger.info(
` CCR account ${accountId} rate limit removed but remains stopped due to quota exceeded`
)
} else {
logger.success(`✅ Removed rate limit for CCR account: ${accountId}`)
}
await client.hmset(accountKey, {
status: newStatus,
errorMessage
})
return { success: true, newStatus }
} catch (error) {
logger.error(`❌ Failed to remove rate limit for CCR account: ${accountId}`, error)
throw error
}
}
// 🔍 检查账户是否被限流
async isAccountRateLimited(accountId) {
try {
const client = redis.getClientSafe()
const accountKey = `${this.ACCOUNT_KEY_PREFIX}${accountId}`
const [rateLimitedAt, rateLimitDuration] = await client.hmget(
accountKey,
'rateLimitedAt',
'rateLimitDuration'
)
if (rateLimitedAt) {
const limitTime = new Date(rateLimitedAt)
const duration = parseInt(rateLimitDuration) || 60
const now = new Date()
const expireTime = new Date(limitTime.getTime() + duration * 60 * 1000)
if (now < expireTime) {
return true
} else {
// 限流时间已过,自动移除限流状态
await this.removeAccountRateLimit(accountId)
return false
}
}
return false
} catch (error) {
logger.error(`❌ Failed to check rate limit status for CCR account: ${accountId}`, error)
return false
}
}
// 🔥 标记账户为过载状态
async markAccountOverloaded(accountId) {
try {
const client = redis.getClientSafe()
const account = await this.getAccount(accountId)
if (!account) {
throw new Error('CCR Account not found')
}
const now = new Date().toISOString()
await client.hmset(`${this.ACCOUNT_KEY_PREFIX}${accountId}`, {
status: 'overloaded',
overloadedAt: now,
errorMessage: 'Account overloaded'
})
logger.warn(`🔥 Marked CCR account as overloaded: ${account.name} (${accountId})`)
return { success: true, overloadedAt: now }
} catch (error) {
logger.error(`❌ Failed to mark CCR account as overloaded: ${accountId}`, error)
throw error
}
}
// ✅ 移除账户过载状态
async removeAccountOverload(accountId) {
try {
const client = redis.getClientSafe()
const accountKey = `${this.ACCOUNT_KEY_PREFIX}${accountId}`
// 删除过载相关字段
await client.hdel(accountKey, 'overloadedAt')
await client.hmset(accountKey, {
status: 'active',
errorMessage: ''
})
logger.success(`✅ Removed overload status for CCR account: ${accountId}`)
return { success: true }
} catch (error) {
logger.error(`❌ Failed to remove overload status for CCR account: ${accountId}`, error)
throw error
}
}
// 🔍 检查账户是否过载
async isAccountOverloaded(accountId) {
try {
const client = redis.getClientSafe()
const accountKey = `${this.ACCOUNT_KEY_PREFIX}${accountId}`
const status = await client.hget(accountKey, 'status')
return status === 'overloaded'
} catch (error) {
logger.error(`❌ Failed to check overload status for CCR account: ${accountId}`, error)
return false
}
}
// 🚫 标记账户为未授权状态
async markAccountUnauthorized(accountId) {
try {
const client = redis.getClientSafe()
const account = await this.getAccount(accountId)
if (!account) {
throw new Error('CCR Account not found')
}
await client.hmset(`${this.ACCOUNT_KEY_PREFIX}${accountId}`, {
status: 'unauthorized',
errorMessage: 'API key invalid or unauthorized'
})
logger.warn(`🚫 Marked CCR account as unauthorized: ${account.name} (${accountId})`)
return { success: true }
} catch (error) {
logger.error(`❌ Failed to mark CCR account as unauthorized: ${accountId}`, error)
throw error
}
}
// 🔄 处理模型映射
_processModelMapping(supportedModels) {
// 如果是空值,返回空对象(支持所有模型)
if (!supportedModels || (Array.isArray(supportedModels) && supportedModels.length === 0)) {
return {}
}
// 如果已经是对象格式(新的映射表格式),直接返回
if (typeof supportedModels === 'object' && !Array.isArray(supportedModels)) {
return supportedModels
}
// 如果是数组格式(旧格式),转换为映射表
if (Array.isArray(supportedModels)) {
const mapping = {}
supportedModels.forEach((model) => {
if (model && typeof model === 'string') {
mapping[model] = model // 默认映射:原模型名 -> 原模型名
}
})
return mapping
}
return {}
}
// 🔍 检查模型是否被支持
isModelSupported(modelMapping, requestedModel) {
// 如果映射表为空,支持所有模型
if (!modelMapping || Object.keys(modelMapping).length === 0) {
return true
}
// 检查请求的模型是否在映射表的键中(精确匹配)
if (Object.prototype.hasOwnProperty.call(modelMapping, requestedModel)) {
return true
}
// 尝试大小写不敏感匹配
const requestedModelLower = requestedModel.toLowerCase()
for (const key of Object.keys(modelMapping)) {
if (key.toLowerCase() === requestedModelLower) {
return true
}
}
return false
}
// 🔄 获取映射后的模型名称
getMappedModel(modelMapping, requestedModel) {
// 如果映射表为空,返回原模型
if (!modelMapping || Object.keys(modelMapping).length === 0) {
return requestedModel
}
// 精确匹配
if (modelMapping[requestedModel]) {
return modelMapping[requestedModel]
}
// 大小写不敏感匹配
const requestedModelLower = requestedModel.toLowerCase()
for (const [key, value] of Object.entries(modelMapping)) {
if (key.toLowerCase() === requestedModelLower) {
return value
}
}
// 如果不存在映射则返回原模型名
return requestedModel
}
// 🔐 加密敏感数据
_encryptSensitiveData(data) {
if (!data) {
return ''
}
try {
const key = this._generateEncryptionKey()
const iv = crypto.randomBytes(16)
const cipher = crypto.createCipheriv(this.ENCRYPTION_ALGORITHM, key, iv)
let encrypted = cipher.update(data, 'utf8', 'hex')
encrypted += cipher.final('hex')
return `${iv.toString('hex')}:${encrypted}`
} catch (error) {
logger.error('❌ CCR encryption error:', error)
return data
}
}
// 🔓 解密敏感数据
_decryptSensitiveData(encryptedData) {
if (!encryptedData) {
return ''
}
// 🎯 检查缓存
const cacheKey = crypto.createHash('sha256').update(encryptedData).digest('hex')
const cached = this._decryptCache.get(cacheKey)
if (cached !== undefined) {
return cached
}
try {
const parts = encryptedData.split(':')
if (parts.length === 2) {
const key = this._generateEncryptionKey()
const iv = Buffer.from(parts[0], 'hex')
const encrypted = parts[1]
const decipher = crypto.createDecipheriv(this.ENCRYPTION_ALGORITHM, key, iv)
let decrypted = decipher.update(encrypted, 'hex', 'utf8')
decrypted += decipher.final('utf8')
// 💾 存入缓存5分钟过期
this._decryptCache.set(cacheKey, decrypted, 5 * 60 * 1000)
return decrypted
} else {
logger.error('❌ Invalid CCR encrypted data format')
return encryptedData
}
} catch (error) {
logger.error('❌ CCR decryption error:', error)
return encryptedData
}
}
// 🔑 生成加密密钥
_generateEncryptionKey() {
// 性能优化:缓存密钥派生结果,避免重复的 CPU 密集计算
if (!this._encryptionKeyCache) {
this._encryptionKeyCache = crypto.scryptSync(
config.security.encryptionKey,
this.ENCRYPTION_SALT,
32
)
}
return this._encryptionKeyCache
}
// 🔍 获取限流状态信息
_getRateLimitInfo(accountData) {
const { rateLimitedAt } = accountData
const rateLimitDuration = parseInt(accountData.rateLimitDuration) || 60
if (rateLimitedAt) {
const limitTime = new Date(rateLimitedAt)
const now = new Date()
const expireTime = new Date(limitTime.getTime() + rateLimitDuration * 60 * 1000)
const remainingMs = expireTime.getTime() - now.getTime()
return {
isRateLimited: remainingMs > 0,
rateLimitedAt,
rateLimitExpireAt: expireTime.toISOString(),
remainingTimeMs: Math.max(0, remainingMs),
remainingTimeMinutes: Math.max(0, Math.ceil(remainingMs / (60 * 1000)))
}
}
return {
isRateLimited: false,
rateLimitedAt: null,
rateLimitExpireAt: null,
remainingTimeMs: 0,
remainingTimeMinutes: 0
}
}
// 🔧 创建代理客户端
_createProxyAgent(proxy) {
return ProxyHelper.createProxyAgent(proxy)
}
// 💰 检查配额使用情况(可选实现)
async checkQuotaUsage(accountId) {
try {
const account = await this.getAccount(accountId)
if (!account) {
return false
}
const dailyQuota = parseFloat(account.dailyQuota || '0')
// 如果未设置额度限制,则不限制
if (dailyQuota <= 0) {
return false
}
// 检查是否需要重置每日使用量
const today = redis.getDateStringInTimezone()
if (account.lastResetDate !== today) {
await this.resetDailyUsage(accountId)
return false // 刚重置,不会超额
}
// 获取当日使用统计
const usageStats = await this.getAccountUsageStats(accountId)
if (!usageStats) {
return false
}
const dailyUsage = usageStats.dailyUsage || 0
const isExceeded = dailyUsage >= dailyQuota
if (isExceeded) {
// 标记账户因额度停用
const client = redis.getClientSafe()
await client.hmset(`${this.ACCOUNT_KEY_PREFIX}${accountId}`, {
status: 'quota_exceeded',
errorMessage: `Daily quota exceeded: $${dailyUsage.toFixed(2)} / $${dailyQuota.toFixed(2)}`,
quotaStoppedAt: new Date().toISOString()
})
logger.warn(
`💰 CCR account ${account.name} (${accountId}) quota exceeded: $${dailyUsage.toFixed(2)} / $${dailyQuota.toFixed(2)}`
)
// 发送 Webhook 通知
try {
const webhookNotifier = require('../utils/webhookNotifier')
await webhookNotifier.sendAccountAnomalyNotification({
accountId,
accountName: account.name || accountId,
platform: 'ccr',
status: 'quota_exceeded',
errorCode: 'QUOTA_EXCEEDED',
reason: `Daily quota exceeded: $${dailyUsage.toFixed(2)} / $${dailyQuota.toFixed(2)}`,
timestamp: new Date().toISOString()
})
} catch (webhookError) {
logger.warn('Failed to send webhook notification for CCR quota exceeded:', webhookError)
}
}
return isExceeded
} catch (error) {
logger.error(`❌ Failed to check quota usage for CCR account ${accountId}:`, error)
return false
}
}
// 🔄 重置每日使用量(可选实现)
async resetDailyUsage(accountId) {
try {
const client = redis.getClientSafe()
await client.hmset(`${this.ACCOUNT_KEY_PREFIX}${accountId}`, {
dailyUsage: '0',
lastResetDate: redis.getDateStringInTimezone(),
quotaStoppedAt: ''
})
return { success: true }
} catch (error) {
logger.error(`❌ Failed to reset daily usage for CCR account: ${accountId}`, error)
throw error
}
}
// 🚫 检查账户是否超额
async isAccountQuotaExceeded(accountId) {
try {
const account = await this.getAccount(accountId)
if (!account) {
return false
}
const dailyQuota = parseFloat(account.dailyQuota || '0')
// 如果未设置额度限制,则不限制
if (dailyQuota <= 0) {
return false
}
// 获取当日使用统计
const usageStats = await this.getAccountUsageStats(accountId)
if (!usageStats) {
return false
}
const dailyUsage = usageStats.dailyUsage || 0
const isExceeded = dailyUsage >= dailyQuota
if (isExceeded && !account.quotaStoppedAt) {
// 标记账户因额度停用
const client = redis.getClientSafe()
await client.hmset(`${this.ACCOUNT_KEY_PREFIX}${accountId}`, {
status: 'quota_exceeded',
errorMessage: `Daily quota exceeded: $${dailyUsage.toFixed(2)} / $${dailyQuota.toFixed(2)}`,
quotaStoppedAt: new Date().toISOString()
})
logger.warn(`💰 CCR account ${account.name} (${accountId}) quota exceeded`)
}
return isExceeded
} catch (error) {
logger.error(`❌ Failed to check quota for CCR account ${accountId}:`, error)
return false
}
}
// 🔄 重置所有CCR账户的每日使用量
async resetAllDailyUsage() {
try {
const accounts = await this.getAllAccounts()
const today = redis.getDateStringInTimezone()
let resetCount = 0
for (const account of accounts) {
if (account.lastResetDate !== today) {
await this.resetDailyUsage(account.id)
resetCount += 1
}
}
logger.success(`✅ Reset daily usage for ${resetCount} CCR accounts`)
return { success: true, resetCount }
} catch (error) {
logger.error('❌ Failed to reset all CCR daily usage:', error)
throw error
}
}
// 📊 获取CCR账户使用统计含每日费用
async getAccountUsageStats(accountId) {
try {
// 使用统一的 Redis 统计
const usageStats = await redis.getAccountUsageStats(accountId)
// 叠加账户自身的额度配置
const accountData = await this.getAccount(accountId)
if (!accountData) {
return null
}
const dailyQuota = parseFloat(accountData.dailyQuota || '0')
const currentDailyCost = usageStats?.daily?.cost || 0
return {
dailyQuota,
dailyUsage: currentDailyCost,
remainingQuota: dailyQuota > 0 ? Math.max(0, dailyQuota - currentDailyCost) : null,
usagePercentage: dailyQuota > 0 ? (currentDailyCost / dailyQuota) * 100 : 0,
lastResetDate: accountData.lastResetDate,
quotaResetTime: accountData.quotaResetTime,
quotaStoppedAt: accountData.quotaStoppedAt,
isQuotaExceeded: dailyQuota > 0 && currentDailyCost >= dailyQuota,
fullUsageStats: usageStats
}
} catch (error) {
logger.error('❌ Failed to get CCR account usage stats:', error)
return null
}
}
// 🔄 重置CCR账户所有异常状态
async resetAccountStatus(accountId) {
try {
const accountData = await this.getAccount(accountId)
if (!accountData) {
throw new Error('Account not found')
}
const client = redis.getClientSafe()
const accountKey = `${this.ACCOUNT_KEY_PREFIX}${accountId}`
const updates = {
status: 'active',
errorMessage: '',
schedulable: 'true',
isActive: 'true'
}
const fieldsToDelete = [
'rateLimitedAt',
'rateLimitStatus',
'unauthorizedAt',
'unauthorizedCount',
'overloadedAt',
'overloadStatus',
'blockedAt',
'quotaStoppedAt'
]
await client.hset(accountKey, updates)
await client.hdel(accountKey, ...fieldsToDelete)
logger.success(`✅ Reset all error status for CCR account ${accountId}`)
// 异步发送 Webhook 通知(忽略错误)
try {
const webhookNotifier = require('../utils/webhookNotifier')
await webhookNotifier.sendAccountAnomalyNotification({
accountId,
accountName: accountData.name || accountId,
platform: 'ccr',
status: 'recovered',
errorCode: 'STATUS_RESET',
reason: 'Account status manually reset',
timestamp: new Date().toISOString()
})
} catch (webhookError) {
logger.warn('Failed to send webhook notification for CCR status reset:', webhookError)
}
return { success: true, accountId }
} catch (error) {
logger.error(`❌ Failed to reset CCR account status: ${accountId}`, error)
throw error
}
}
/**
* ⏰ 检查账户订阅是否过期
* @param {Object} account - 账户对象
* @returns {boolean} - true: 已过期, false: 未过期
*/
isSubscriptionExpired(account) {
if (!account.subscriptionExpiresAt) {
return false // 未设置视为永不过期
}
const expiryDate = new Date(account.subscriptionExpiresAt)
return expiryDate <= new Date()
}
}
module.exports = new CcrAccountService()

897
src/services/ccrRelayService.js
View File

@@ -1,897 +0,0 @@
const axios = require('axios')
const ccrAccountService = require('./ccrAccountService')
const logger = require('../utils/logger')
const config = require('../../config/config')
const { parseVendorPrefixedModel } = require('../utils/modelHelper')
const userMessageQueueService = require('./userMessageQueueService')
const { isStreamWritable } = require('../utils/streamHelper')
class CcrRelayService {
constructor() {
this.defaultUserAgent = 'claude-relay-service/1.0.0'
}
// 🚀 转发请求到CCR API
async relayRequest(
requestBody,
apiKeyData,
clientRequest,
clientResponse,
clientHeaders,
accountId,
options = {}
) {
let abortController = null
let account = null
let queueLockAcquired = false
let queueRequestId = null
try {
// 📬 用户消息队列处理
if (userMessageQueueService.isUserMessageRequest(requestBody)) {
// 校验 accountId 非空,避免空值污染队列锁键
if (!accountId || accountId === '') {
logger.error('❌ accountId missing for queue lock in CCR relayRequest')
throw new Error('accountId missing for queue lock')
}
const queueResult = await userMessageQueueService.acquireQueueLock(accountId)
if (!queueResult.acquired && !queueResult.skipped) {
// 区分 Redis 后端错误和队列超时
const isBackendError = queueResult.error === 'queue_backend_error'
const errorCode = isBackendError ? 'QUEUE_BACKEND_ERROR' : 'QUEUE_TIMEOUT'
const errorType = isBackendError ? 'queue_backend_error' : 'queue_timeout'
const errorMessage = isBackendError
? 'Queue service temporarily unavailable, please retry later'
: 'User message queue wait timeout, please retry later'
const statusCode = isBackendError ? 500 : 503
// 结构化性能日志,用于后续统计
logger.performance('user_message_queue_error', {
errorType,
errorCode,
accountId,
statusCode,
backendError: isBackendError ? queueResult.errorMessage : undefined
})
logger.warn(
`📬 User message queue ${errorType} for CCR account ${accountId}`,
isBackendError ? { backendError: queueResult.errorMessage } : {}
)
return {
statusCode,
headers: {
'Content-Type': 'application/json',
'x-user-message-queue-error': errorType
},
body: JSON.stringify({
type: 'error',
error: {
type: errorType,
code: errorCode,
message: errorMessage
}
}),
accountId
}
}
if (queueResult.acquired && !queueResult.skipped) {
queueLockAcquired = true
queueRequestId = queueResult.requestId
logger.debug(
`📬 User message queue lock acquired for CCR account ${accountId}, requestId: ${queueRequestId}`
)
}
}
// 获取账户信息
account = await ccrAccountService.getAccount(accountId)
if (!account) {
throw new Error('CCR account not found')
}
logger.info(
`📤 Processing CCR API request for key: ${apiKeyData.name || apiKeyData.id}, account: ${account.name} (${accountId})`
)
logger.debug(`🌐 Account API URL: ${account.apiUrl}`)
logger.debug(`🔍 Account supportedModels: ${JSON.stringify(account.supportedModels)}`)
logger.debug(`🔑 Account has apiKey: ${!!account.apiKey}`)
logger.debug(`📝 Request model: ${requestBody.model}`)
// 处理模型前缀解析和映射
const { baseModel } = parseVendorPrefixedModel(requestBody.model)
logger.debug(`🔄 Parsed base model: ${baseModel} from original: ${requestBody.model}`)
let mappedModel = baseModel
if (
account.supportedModels &&
typeof account.supportedModels === 'object' &&
!Array.isArray(account.supportedModels)
) {
const newModel = ccrAccountService.getMappedModel(account.supportedModels, baseModel)
if (newModel !== baseModel) {
logger.info(`🔄 Mapping model from ${baseModel} to ${newModel}`)
mappedModel = newModel
}
}
// 创建修改后的请求体,使用去前缀后的模型名
const modifiedRequestBody = {
...requestBody,
model: mappedModel
}
// 创建代理agent
const proxyAgent = ccrAccountService._createProxyAgent(account.proxy)
// 创建AbortController用于取消请求
abortController = new AbortController()
// 设置客户端断开监听器
const handleClientDisconnect = () => {
logger.info('🔌 Client disconnected, aborting CCR request')
if (abortController && !abortController.signal.aborted) {
abortController.abort()
}
}
// 监听客户端断开事件
if (clientRequest) {
clientRequest.once('close', handleClientDisconnect)
}
if (clientResponse) {
clientResponse.once('close', handleClientDisconnect)
}
// 构建完整的API URL
const cleanUrl = account.apiUrl.replace(/\/$/, '') // 移除末尾斜杠
let apiEndpoint
if (options.customPath) {
// 如果指定了自定义路径(如 count_tokens使用它
const baseUrl = cleanUrl.replace(/\/v1\/messages$/, '') // 移除已有的 /v1/messages
apiEndpoint = `${baseUrl}${options.customPath}`
} else {
// 默认使用 messages 端点
apiEndpoint = cleanUrl.endsWith('/v1/messages') ? cleanUrl : `${cleanUrl}/v1/messages`
}
logger.debug(`🎯 Final API endpoint: ${apiEndpoint}`)
logger.debug(`[DEBUG] Options passed to relayRequest: ${JSON.stringify(options)}`)
logger.debug(`[DEBUG] Client headers received: ${JSON.stringify(clientHeaders)}`)
// 过滤客户端请求头
const filteredHeaders = this._filterClientHeaders(clientHeaders)
logger.debug(`[DEBUG] Filtered client headers: ${JSON.stringify(filteredHeaders)}`)
// 决定使用的 User-Agent优先使用账户自定义的否则透传客户端的最后才使用默认值
const userAgent =
account.userAgent ||
clientHeaders?.['user-agent'] ||
clientHeaders?.['User-Agent'] ||
this.defaultUserAgent
// 准备请求配置
const requestConfig = {
method: 'POST',
url: apiEndpoint,
data: modifiedRequestBody,
headers: {
'Content-Type': 'application/json',
'anthropic-version': '2023-06-01',
'User-Agent': userAgent,
...filteredHeaders
},
timeout: config.requestTimeout || 600000,
signal: abortController.signal,
validateStatus: () => true // 接受所有状态码
}
if (proxyAgent) {
requestConfig.httpAgent = proxyAgent
requestConfig.httpsAgent = proxyAgent
requestConfig.proxy = false
}
// 根据 API Key 格式选择认证方式
if (account.apiKey && account.apiKey.startsWith('sk-ant-')) {
// Anthropic 官方 API Key 使用 x-api-key
requestConfig.headers['x-api-key'] = account.apiKey
logger.debug('[DEBUG] Using x-api-key authentication for sk-ant-* API key')
} else {
// 其他 API Key (包括CCR API Key) 使用 Authorization Bearer
requestConfig.headers['Authorization'] = `Bearer ${account.apiKey}`
logger.debug('[DEBUG] Using Authorization Bearer authentication')
}
logger.debug(
`[DEBUG] Initial headers before beta: ${JSON.stringify(requestConfig.headers, null, 2)}`
)
// 添加beta header如果需要
if (options.betaHeader) {
logger.debug(`[DEBUG] Adding beta header: ${options.betaHeader}`)
requestConfig.headers['anthropic-beta'] = options.betaHeader
} else {
logger.debug('[DEBUG] No beta header to add')
}
// 发送请求
logger.debug(
'📤 Sending request to CCR API with headers:',
JSON.stringify(requestConfig.headers, null, 2)
)
const response = await axios(requestConfig)
// 📬 请求已发送成功,立即释放队列锁(无需等待响应处理完成)
// 因为 Claude API 限流基于请求发送时刻计算RPM不是请求完成时刻
if (queueLockAcquired && queueRequestId && accountId) {
try {
await userMessageQueueService.releaseQueueLock(accountId, queueRequestId)
queueLockAcquired = false // 标记已释放,防止 finally 重复释放
logger.debug(
`📬 User message queue lock released early for CCR account ${accountId}, requestId: ${queueRequestId}`
)
} catch (releaseError) {
logger.error(
`❌ Failed to release user message queue lock early for CCR account ${accountId}:`,
releaseError.message
)
}
}
// 移除监听器(请求成功完成)
if (clientRequest) {
clientRequest.removeListener('close', handleClientDisconnect)
}
if (clientResponse) {
clientResponse.removeListener('close', handleClientDisconnect)
}
logger.debug(`🔗 CCR API response: ${response.status}`)
logger.debug(`[DEBUG] Response headers: ${JSON.stringify(response.headers)}`)
logger.debug(`[DEBUG] Response data type: ${typeof response.data}`)
logger.debug(
`[DEBUG] Response data length: ${response.data ? (typeof response.data === 'string' ? response.data.length : JSON.stringify(response.data).length) : 0}`
)
logger.debug(
`[DEBUG] Response data preview: ${typeof response.data === 'string' ? response.data.substring(0, 200) : JSON.stringify(response.data).substring(0, 200)}`
)
// 检查错误状态并相应处理
if (response.status === 401) {
logger.warn(`🚫 Unauthorized error detected for CCR account ${accountId}`)
await ccrAccountService.markAccountUnauthorized(accountId)
} else if (response.status === 429) {
logger.warn(`🚫 Rate limit detected for CCR account ${accountId}`)
// 收到429先检查是否因为超过了手动配置的每日额度
await ccrAccountService.checkQuotaUsage(accountId).catch((err) => {
logger.error('❌ Failed to check quota after 429 error:', err)
})
await ccrAccountService.markAccountRateLimited(accountId)
} else if (response.status === 529) {
logger.warn(`🚫 Overload error detected for CCR account ${accountId}`)
await ccrAccountService.markAccountOverloaded(accountId)
} else if (response.status === 200 || response.status === 201) {
// 如果请求成功,检查并移除错误状态
const isRateLimited = await ccrAccountService.isAccountRateLimited(accountId)
if (isRateLimited) {
await ccrAccountService.removeAccountRateLimit(accountId)
}
const isOverloaded = await ccrAccountService.isAccountOverloaded(accountId)
if (isOverloaded) {
await ccrAccountService.removeAccountOverload(accountId)
}
}
// 更新最后使用时间
await this._updateLastUsedTime(accountId)
const responseBody =
typeof response.data === 'string' ? response.data : JSON.stringify(response.data)
logger.debug(`[DEBUG] Final response body to return: ${responseBody}`)
return {
statusCode: response.status,
headers: response.headers,
body: responseBody,
accountId
}
} catch (error) {
// 处理特定错误
if (error.name === 'AbortError' || error.code === 'ECONNABORTED') {
logger.info('Request aborted due to client disconnect')
throw new Error('Client disconnected')
}
logger.error(
`❌ CCR relay request failed (Account: ${account?.name || accountId}):`,
error.message
)
throw error
} finally {
// 📬 释放用户消息队列锁(兜底,正常情况下已在请求发送后提前释放)
if (queueLockAcquired && queueRequestId && accountId) {
try {
await userMessageQueueService.releaseQueueLock(accountId, queueRequestId)
logger.debug(
`📬 User message queue lock released in finally for CCR account ${accountId}, requestId: ${queueRequestId}`
)
} catch (releaseError) {
logger.error(
`❌ Failed to release user message queue lock for CCR account ${accountId}:`,
releaseError.message
)
}
}
}
}
// 🌊 处理流式响应
async relayStreamRequestWithUsageCapture(
requestBody,
apiKeyData,
responseStream,
clientHeaders,
usageCallback,
accountId,
streamTransformer = null,
options = {}
) {
let account = null
let queueLockAcquired = false
let queueRequestId = null
try {
// 📬 用户消息队列处理
if (userMessageQueueService.isUserMessageRequest(requestBody)) {
// 校验 accountId 非空,避免空值污染队列锁键
if (!accountId || accountId === '') {
logger.error(
'❌ accountId missing for queue lock in CCR relayStreamRequestWithUsageCapture'
)
throw new Error('accountId missing for queue lock')
}
const queueResult = await userMessageQueueService.acquireQueueLock(accountId)
if (!queueResult.acquired && !queueResult.skipped) {
// 区分 Redis 后端错误和队列超时
const isBackendError = queueResult.error === 'queue_backend_error'
const errorCode = isBackendError ? 'QUEUE_BACKEND_ERROR' : 'QUEUE_TIMEOUT'
const errorType = isBackendError ? 'queue_backend_error' : 'queue_timeout'
const errorMessage = isBackendError
? 'Queue service temporarily unavailable, please retry later'
: 'User message queue wait timeout, please retry later'
const statusCode = isBackendError ? 500 : 503
// 结构化性能日志用于后续<E5908E><E7BBAD>
logger.performance('user_message_queue_error', {
errorType,
errorCode,
accountId,
statusCode,
stream: true,
backendError: isBackendError ? queueResult.errorMessage : undefined
})
logger.warn(
`📬 User message queue ${errorType} for CCR account ${accountId} (stream)`,
isBackendError ? { backendError: queueResult.errorMessage } : {}
)
if (!responseStream.headersSent) {
const existingConnection = responseStream.getHeader
? responseStream.getHeader('Connection')
: null
responseStream.writeHead(statusCode, {
'Content-Type': 'text/event-stream',
'Cache-Control': 'no-cache',
Connection: existingConnection || 'keep-alive',
'x-user-message-queue-error': errorType
})
}
const errorEvent = `event: error\ndata: ${JSON.stringify({
type: 'error',
error: {
type: errorType,
code: errorCode,
message: errorMessage
}
})}\n\n`
responseStream.write(errorEvent)
responseStream.write('data: [DONE]\n\n')
responseStream.end()
return
}
if (queueResult.acquired && !queueResult.skipped) {
queueLockAcquired = true
queueRequestId = queueResult.requestId
logger.debug(
`📬 User message queue lock acquired for CCR account ${accountId} (stream), requestId: ${queueRequestId}`
)
}
}
// 获取账户信息
account = await ccrAccountService.getAccount(accountId)
if (!account) {
throw new Error('CCR account not found')
}
logger.info(
`📡 Processing streaming CCR API request for key: ${apiKeyData.name || apiKeyData.id}, account: ${account.name} (${accountId})`
)
logger.debug(`🌐 Account API URL: ${account.apiUrl}`)
// 处理模型前缀解析和映射
const { baseModel } = parseVendorPrefixedModel(requestBody.model)
logger.debug(`🔄 Parsed base model: ${baseModel} from original: ${requestBody.model}`)
let mappedModel = baseModel
if (
account.supportedModels &&
typeof account.supportedModels === 'object' &&
!Array.isArray(account.supportedModels)
) {
const newModel = ccrAccountService.getMappedModel(account.supportedModels, baseModel)
if (newModel !== baseModel) {
logger.info(`🔄 [Stream] Mapping model from ${baseModel} to ${newModel}`)
mappedModel = newModel
}
}
// 创建修改后的请求体,使用去前缀后的模型名
const modifiedRequestBody = {
...requestBody,
model: mappedModel
}
// 创建代理agent
const proxyAgent = ccrAccountService._createProxyAgent(account.proxy)
// 发送流式请求
await this._makeCcrStreamRequest(
modifiedRequestBody,
account,
proxyAgent,
clientHeaders,
responseStream,
accountId,
usageCallback,
streamTransformer,
options,
// 📬 回调:在收到响应头时释放队列锁
async () => {
if (queueLockAcquired && queueRequestId && accountId) {
try {
await userMessageQueueService.releaseQueueLock(accountId, queueRequestId)
queueLockAcquired = false // 标记已释放,防止 finally 重复释放
logger.debug(
`📬 User message queue lock released early for CCR stream account ${accountId}, requestId: ${queueRequestId}`
)
} catch (releaseError) {
logger.error(
`❌ Failed to release user message queue lock early for CCR stream account ${accountId}:`,
releaseError.message
)
}
}
}
)
// 更新最后使用时间
await this._updateLastUsedTime(accountId)
} catch (error) {
// 客户端主动断开连接是正常情况,使用 INFO 级别
if (error.message === 'Client disconnected') {
logger.info(
`🔌 CCR stream relay ended: Client disconnected (Account: ${account?.name || accountId})`
)
} else {
logger.error(`❌ CCR stream relay failed (Account: ${account?.name || accountId}):`, error)
}
throw error
} finally {
// 📬 释放用户消息队列锁(兜底,正常情况下已在收到响应头后提前释放)
if (queueLockAcquired && queueRequestId && accountId) {
try {
await userMessageQueueService.releaseQueueLock(accountId, queueRequestId)
logger.debug(
`📬 User message queue lock released in finally for CCR stream account ${accountId}, requestId: ${queueRequestId}`
)
} catch (releaseError) {
logger.error(
`❌ Failed to release user message queue lock for CCR stream account ${accountId}:`,
releaseError.message
)
}
}
}
}
// 🌊 发送流式请求到CCR API
async _makeCcrStreamRequest(
body,
account,
proxyAgent,
clientHeaders,
responseStream,
accountId,
usageCallback,
streamTransformer = null,
requestOptions = {},
onResponseHeaderReceived = null
) {
return new Promise((resolve, reject) => {
let aborted = false
// 构建完整的API URL
const cleanUrl = account.apiUrl.replace(/\/$/, '') // 移除末尾斜杠
const apiEndpoint = cleanUrl.endsWith('/v1/messages') ? cleanUrl : `${cleanUrl}/v1/messages`
logger.debug(`🎯 Final API endpoint for stream: ${apiEndpoint}`)
// 过滤客户端请求头
const filteredHeaders = this._filterClientHeaders(clientHeaders)
logger.debug(`[DEBUG] Filtered client headers: ${JSON.stringify(filteredHeaders)}`)
// 决定使用的 User-Agent优先使用账户自定义的否则透传客户端的最后才使用默认值
const userAgent =
account.userAgent ||
clientHeaders?.['user-agent'] ||
clientHeaders?.['User-Agent'] ||
this.defaultUserAgent
// 准备请求配置
const requestConfig = {
method: 'POST',
url: apiEndpoint,
data: body,
headers: {
'Content-Type': 'application/json',
'anthropic-version': '2023-06-01',
'User-Agent': userAgent,
...filteredHeaders
},
timeout: config.requestTimeout || 600000,
responseType: 'stream',
validateStatus: () => true // 接受所有状态码
}
if (proxyAgent) {
requestConfig.httpAgent = proxyAgent
requestConfig.httpsAgent = proxyAgent
requestConfig.proxy = false
}
// 根据 API Key 格式选择认证方式
if (account.apiKey && account.apiKey.startsWith('sk-ant-')) {
// Anthropic 官方 API Key 使用 x-api-key
requestConfig.headers['x-api-key'] = account.apiKey
logger.debug('[DEBUG] Using x-api-key authentication for sk-ant-* API key')
} else {
// 其他 API Key (包括CCR API Key) 使用 Authorization Bearer
requestConfig.headers['Authorization'] = `Bearer ${account.apiKey}`
logger.debug('[DEBUG] Using Authorization Bearer authentication')
}
// 添加beta header如果需要
if (requestOptions.betaHeader) {
requestConfig.headers['anthropic-beta'] = requestOptions.betaHeader
}
// 发送请求
const request = axios(requestConfig)
// 注意:使用 .then(async ...) 模式处理响应
// - 内部的 releaseQueueLock 有独立的 try-catch不会导致未捕获异常
// - queueLockAcquired = false 的赋值会在 finally 执行前完成JS 单线程保证)
request
.then(async (response) => {
logger.debug(`🌊 CCR stream response status: ${response.status}`)
// 错误响应处理
if (response.status !== 200) {
logger.error(
`❌ CCR API returned error status: ${response.status} | Account: ${account?.name || accountId}`
)
if (response.status === 401) {
ccrAccountService.markAccountUnauthorized(accountId)
} else if (response.status === 429) {
ccrAccountService.markAccountRateLimited(accountId)
// 检查是否因为超过每日额度
ccrAccountService.checkQuotaUsage(accountId).catch((err) => {
logger.error('❌ Failed to check quota after 429 error:', err)
})
} else if (response.status === 529) {
ccrAccountService.markAccountOverloaded(accountId)
}
// 设置错误响应的状态码和响应头
if (!responseStream.headersSent) {
const existingConnection = responseStream.getHeader
? responseStream.getHeader('Connection')
: null
const errorHeaders = {
'Content-Type': response.headers['content-type'] || 'application/json',
'Cache-Control': 'no-cache',
Connection: existingConnection || 'keep-alive'
}
// 避免 Transfer-Encoding 冲突,让 Express 自动处理
delete errorHeaders['Transfer-Encoding']
delete errorHeaders['Content-Length']
responseStream.writeHead(response.status, errorHeaders)
}
// 直接透传错误数据,不进行包装
response.data.on('data', (chunk) => {
if (isStreamWritable(responseStream)) {
responseStream.write(chunk)
}
})
response.data.on('end', () => {
if (isStreamWritable(responseStream)) {
responseStream.end()
}
resolve() // 不抛出异常,正常完成流处理
})
return
}
// 📬 收到成功响应头HTTP 200调用回调释放队列锁
// 此时请求已被 Claude API 接受并计入 RPM 配额,无需等待响应完成
if (onResponseHeaderReceived && typeof onResponseHeaderReceived === 'function') {
try {
await onResponseHeaderReceived()
} catch (callbackError) {
logger.error(
`❌ Failed to execute onResponseHeaderReceived callback for CCR stream account ${accountId}:`,
callbackError.message
)
}
}
// 成功响应,检查并移除错误状态
ccrAccountService.isAccountRateLimited(accountId).then((isRateLimited) => {
if (isRateLimited) {
ccrAccountService.removeAccountRateLimit(accountId)
}
})
ccrAccountService.isAccountOverloaded(accountId).then((isOverloaded) => {
if (isOverloaded) {
ccrAccountService.removeAccountOverload(accountId)
}
})
// 设置响应头
// ⚠️ 关键修复:尊重 auth.js 提前设置的 Connection: close
if (!responseStream.headersSent) {
const existingConnection = responseStream.getHeader
? responseStream.getHeader('Connection')
: null
if (existingConnection) {
logger.debug(
`🔌 [CCR Stream] Preserving existing Connection header: ${existingConnection}`
)
}
const headers = {
'Content-Type': 'text/event-stream',
'Cache-Control': 'no-cache',
Connection: existingConnection || 'keep-alive',
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'Cache-Control'
}
responseStream.writeHead(200, headers)
}
// 处理流数据和使用统计收集
let rawBuffer = ''
const collectedUsage = {}
response.data.on('data', (chunk) => {
if (aborted || responseStream.destroyed) {
return
}
try {
const chunkStr = chunk.toString('utf8')
rawBuffer += chunkStr
// 按行分割处理 SSE 数据
const lines = rawBuffer.split('\n')
rawBuffer = lines.pop() // 保留最后一个可能不完整的行
for (const line of lines) {
if (line.trim()) {
// 解析 SSE 数据并收集使用统计
const usageData = this._parseSSELineForUsage(line)
if (usageData) {
Object.assign(collectedUsage, usageData)
}
// 应用流转换器(如果提供)
let outputLine = line
if (streamTransformer && typeof streamTransformer === 'function') {
outputLine = streamTransformer(line)
}
// 写入到响应流
if (outputLine && isStreamWritable(responseStream)) {
responseStream.write(`${outputLine}\n`)
} else if (outputLine) {
// 客户端连接已断开,记录警告
logger.warn(
`⚠️ [CCR] Client disconnected during stream, skipping data for account: ${accountId}`
)
}
} else {
// 空行也需要传递
if (isStreamWritable(responseStream)) {
responseStream.write('\n')
}
}
}
} catch (err) {
logger.error('❌ Error processing SSE chunk:', err)
}
})
response.data.on('end', () => {
// 如果收集到使用统计数据,调用回调
if (usageCallback && Object.keys(collectedUsage).length > 0) {
try {
logger.debug(`📊 Collected usage data: ${JSON.stringify(collectedUsage)}`)
// 在 usage 回调中包含模型信息
usageCallback({ ...collectedUsage, accountId, model: body.model })
} catch (err) {
logger.error('❌ Error in usage callback:', err)
}
}
if (isStreamWritable(responseStream)) {
// 等待数据完全 flush 到客户端后再 resolve
responseStream.end(() => {
logger.debug(
`🌊 CCR stream response completed and flushed | bytesWritten: ${responseStream.bytesWritten || 'unknown'}`
)
resolve()
})
} else {
// 连接已断开,记录警告
logger.warn(
`⚠️ [CCR] Client disconnected before stream end, data may not have been received | account: ${accountId}`
)
resolve()
}
})
response.data.on('error', (err) => {
logger.error('❌ Stream data error:', err)
if (isStreamWritable(responseStream)) {
responseStream.end()
}
reject(err)
})
// 客户端断开处理
responseStream.on('close', () => {
logger.info('🔌 Client disconnected from CCR stream')
aborted = true
if (response.data && typeof response.data.destroy === 'function') {
response.data.destroy()
}
})
responseStream.on('error', (err) => {
logger.error('❌ Response stream error:', err)
aborted = true
})
})
.catch((error) => {
if (!responseStream.headersSent) {
responseStream.writeHead(500, { 'Content-Type': 'application/json' })
}
const errorResponse = {
error: {
type: 'internal_error',
message: 'CCR API request failed'
}
}
if (isStreamWritable(responseStream)) {
responseStream.write(`data: ${JSON.stringify(errorResponse)}\n\n`)
responseStream.end()
}
reject(error)
})
})
}
// 📊 解析SSE行以提取使用统计信息
_parseSSELineForUsage(line) {
try {
if (line.startsWith('data: ')) {
const data = line.substring(6).trim()
if (data === '[DONE]') {
return null
}
const jsonData = JSON.parse(data)
// 检查是否包含使用统计信息
if (jsonData.usage) {
return {
input_tokens: jsonData.usage.input_tokens || 0,
output_tokens: jsonData.usage.output_tokens || 0,
cache_creation_input_tokens: jsonData.usage.cache_creation_input_tokens || 0,
cache_read_input_tokens: jsonData.usage.cache_read_input_tokens || 0,
// 支持 ephemeral cache 字段
cache_creation_input_tokens_ephemeral_5m:
jsonData.usage.cache_creation_input_tokens_ephemeral_5m || 0,
cache_creation_input_tokens_ephemeral_1h:
jsonData.usage.cache_creation_input_tokens_ephemeral_1h || 0
}
}
// 检查 message_delta 事件中的使用统计
if (jsonData.type === 'message_delta' && jsonData.delta && jsonData.delta.usage) {
return {
input_tokens: jsonData.delta.usage.input_tokens || 0,
output_tokens: jsonData.delta.usage.output_tokens || 0,
cache_creation_input_tokens: jsonData.delta.usage.cache_creation_input_tokens || 0,
cache_read_input_tokens: jsonData.delta.usage.cache_read_input_tokens || 0,
cache_creation_input_tokens_ephemeral_5m:
jsonData.delta.usage.cache_creation_input_tokens_ephemeral_5m || 0,
cache_creation_input_tokens_ephemeral_1h:
jsonData.delta.usage.cache_creation_input_tokens_ephemeral_1h || 0
}
}
}
} catch (err) {
// 忽略解析错误,不是所有行都包含 JSON
}
return null
}
// 🔍 过滤客户端请求头
_filterClientHeaders(clientHeaders) {
if (!clientHeaders) {
return {}
}
const filteredHeaders = {}
const allowedHeaders = [
'accept-language',
'anthropic-beta',
'anthropic-dangerous-direct-browser-access'
]
// 只保留允许的头部信息
for (const [key, value] of Object.entries(clientHeaders)) {
const lowerKey = key.toLowerCase()
if (allowedHeaders.includes(lowerKey)) {
filteredHeaders[key] = value
}
}
return filteredHeaders
}
// ⏰ 更新账户最后使用时间
async _updateLastUsedTime(accountId) {
try {
const redis = require('../models/redis')
const client = redis.getClientSafe()
await client.hset(`ccr_account:${accountId}`, 'lastUsedAt', new Date().toISOString())
} catch (error) {
logger.error(`❌ Failed to update last used time for CCR account ${accountId}:`, error)
}
}
}
module.exports = new CcrRelayService()

1457
src/services/claudeAccountService.js
View File

File diff suppressed because it is too large Load Diff

4
src/services/claudeCodeHeadersService.js
View File

@@ -50,7 +50,7 @@ class ClaudeCodeHeadersService {
if (!userAgent) {
return null
}
const match = userAgent.match(/claude-cli\/([\d.]+(?:[a-zA-Z0-9-]*)?)/i)
const match = userAgent.match(/claude-cli\/(\d+\.\d+\.\d+)/)
return match ? match[1] : null
}
@@ -113,7 +113,7 @@ class ClaudeCodeHeadersService {
// 检查是否有 user-agent
const userAgent = extractedHeaders['user-agent']
if (!userAgent || !/^claude-cli\/[\d.]+\s+\(/i.test(userAgent)) {
if (!userAgent || !userAgent.includes('claude-cli')) {
// 不是 Claude Code 的请求,不存储
return
}

938
src/services/claudeConsoleAccountService.js
View File

File diff suppressed because it is too large Load Diff

983
src/services/claudeConsoleRelayService.js
View File

File diff suppressed because it is too large Load Diff

453
src/services/claudeRelayConfigService.js
View File

@@ -1,453 +0,0 @@
/**
* Claude 转发配置服务
* 管理全局 Claude Code 限制和会话绑定配置
*/
const redis = require('../models/redis')
const logger = require('../utils/logger')
const CONFIG_KEY = 'claude_relay_config'
const SESSION_BINDING_PREFIX = 'original_session_binding:'
// 默认配置
const DEFAULT_CONFIG = {
claudeCodeOnlyEnabled: false,
globalSessionBindingEnabled: false,
sessionBindingErrorMessage: '你的本地session已污染请清理后使用。',
sessionBindingTtlDays: 30, // 会话绑定 TTL默认30天
// 用户消息队列配置
userMessageQueueEnabled: false, // 是否启用用户消息队列(默认关闭)
userMessageQueueDelayMs: 200, // 请求间隔(毫秒)
userMessageQueueTimeoutMs: 5000, // 队列等待超时(毫秒),优化后锁持有时间短无需长等待
userMessageQueueLockTtlMs: 5000, // 锁TTL毫秒请求发送后立即释放无需长TTL
// 并发请求排队配置
concurrentRequestQueueEnabled: false, // 是否启用并发请求排队(默认关闭)
concurrentRequestQueueMaxSize: 3, // 固定最小排队数默认3
concurrentRequestQueueMaxSizeMultiplier: 0, // 并发数的倍数默认0仅使用固定值
concurrentRequestQueueTimeoutMs: 10000, // 排队超时毫秒默认10秒
concurrentRequestQueueMaxRedisFailCount: 5, // 连续 Redis 失败阈值默认5次
// 排队健康检查配置
concurrentRequestQueueHealthCheckEnabled: true, // 是否启用排队健康检查(默认开启)
concurrentRequestQueueHealthThreshold: 0.8, // 健康检查阈值P90 >= 超时 × 阈值时拒绝新请求)
updatedAt: null,
updatedBy: null
}
// 内存缓存(避免频繁 Redis 查询)
let configCache = null
let configCacheTime = 0
const CONFIG_CACHE_TTL = 60000 // 1分钟缓存
class ClaudeRelayConfigService {
/**
* 从 metadata.user_id 中提取原始 sessionId
* 格式: user_{64位十六进制}_account__session_{uuid}
* @param {Object} requestBody - 请求体
* @returns {string|null} 原始 sessionId 或 null
*/
extractOriginalSessionId(requestBody) {
if (!requestBody?.metadata?.user_id) {
return null
}
const userId = requestBody.metadata.user_id
const match = userId.match(/session_([a-f0-9-]{36})$/i)
return match ? match[1] : null
}
/**
* 获取配置(带缓存)
* @returns {Promise<Object>} 配置对象
*/
async getConfig() {
try {
// 检查缓存
if (configCache && Date.now() - configCacheTime < CONFIG_CACHE_TTL) {
return configCache
}
const client = redis.getClient()
if (!client) {
logger.warn('⚠️ Redis not connected, using default config')
return { ...DEFAULT_CONFIG }
}
const data = await client.get(CONFIG_KEY)
if (data) {
configCache = { ...DEFAULT_CONFIG, ...JSON.parse(data) }
} else {
configCache = { ...DEFAULT_CONFIG }
}
configCacheTime = Date.now()
return configCache
} catch (error) {
logger.error('❌ Failed to get Claude relay config:', error)
return { ...DEFAULT_CONFIG }
}
}
/**
* 更新配置
* @param {Object} newConfig - 新配置
* @param {string} updatedBy - 更新者
* @returns {Promise<Object>} 更新后的配置
*/
async updateConfig(newConfig, updatedBy) {
try {
const client = redis.getClientSafe()
const currentConfig = await this.getConfig()
const updatedConfig = {
...currentConfig,
...newConfig,
updatedAt: new Date().toISOString(),
updatedBy
}
await client.set(CONFIG_KEY, JSON.stringify(updatedConfig))
// 更新缓存
configCache = updatedConfig
configCacheTime = Date.now()
logger.info(`✅ Claude relay config updated by ${updatedBy}:`, {
claudeCodeOnlyEnabled: updatedConfig.claudeCodeOnlyEnabled,
globalSessionBindingEnabled: updatedConfig.globalSessionBindingEnabled,
concurrentRequestQueueEnabled: updatedConfig.concurrentRequestQueueEnabled
})
return updatedConfig
} catch (error) {
logger.error('❌ Failed to update Claude relay config:', error)
throw error
}
}
/**
* 检查是否启用全局 Claude Code 限制
* @returns {Promise<boolean>}
*/
async isClaudeCodeOnlyEnabled() {
const cfg = await this.getConfig()
return cfg.claudeCodeOnlyEnabled === true
}
/**
* 检查是否启用全局会话绑定
* @returns {Promise<boolean>}
*/
async isGlobalSessionBindingEnabled() {
const cfg = await this.getConfig()
return cfg.globalSessionBindingEnabled === true
}
/**
* 获取会话绑定错误信息
* @returns {Promise<string>}
*/
async getSessionBindingErrorMessage() {
const cfg = await this.getConfig()
return cfg.sessionBindingErrorMessage || DEFAULT_CONFIG.sessionBindingErrorMessage
}
/**
* 获取原始会话绑定
* @param {string} originalSessionId - 原始会话ID
* @returns {Promise<Object|null>} 绑定信息或 null
*/
async getOriginalSessionBinding(originalSessionId) {
if (!originalSessionId) {
return null
}
try {
const client = redis.getClient()
if (!client) {
return null
}
const key = `${SESSION_BINDING_PREFIX}${originalSessionId}`
const data = await client.get(key)
if (data) {
return JSON.parse(data)
}
return null
} catch (error) {
logger.error(`❌ Failed to get session binding for ${originalSessionId}:`, error)
return null
}
}
/**
* 设置原始会话绑定
* @param {string} originalSessionId - 原始会话ID
* @param {string} accountId - 账户ID
* @param {string} accountType - 账户类型
* @returns {Promise<Object>} 绑定信息
*/
async setOriginalSessionBinding(originalSessionId, accountId, accountType) {
if (!originalSessionId || !accountId || !accountType) {
throw new Error('Invalid parameters for session binding')
}
try {
const client = redis.getClientSafe()
const key = `${SESSION_BINDING_PREFIX}${originalSessionId}`
const binding = {
accountId,
accountType,
createdAt: new Date().toISOString(),
lastUsedAt: new Date().toISOString()
}
// 使用配置的 TTL默认30天
const cfg = await this.getConfig()
const ttlDays = cfg.sessionBindingTtlDays || DEFAULT_CONFIG.sessionBindingTtlDays
const ttlSeconds = Math.floor(ttlDays * 24 * 3600)
await client.set(key, JSON.stringify(binding), 'EX', ttlSeconds)
logger.info(
`🔗 Session binding created: ${originalSessionId} -> ${accountId} (${accountType})`
)
return binding
} catch (error) {
logger.error(`❌ Failed to set session binding for ${originalSessionId}:`, error)
throw error
}
}
/**
* 更新会话绑定的最后使用时间(续期)
* @param {string} originalSessionId - 原始会话ID
*/
async touchOriginalSessionBinding(originalSessionId) {
if (!originalSessionId) {
return
}
try {
const binding = await this.getOriginalSessionBinding(originalSessionId)
if (!binding) {
return
}
binding.lastUsedAt = new Date().toISOString()
const client = redis.getClientSafe()
const key = `${SESSION_BINDING_PREFIX}${originalSessionId}`
// 使用配置的 TTL默认30天
const cfg = await this.getConfig()
const ttlDays = cfg.sessionBindingTtlDays || DEFAULT_CONFIG.sessionBindingTtlDays
const ttlSeconds = Math.floor(ttlDays * 24 * 3600)
await client.set(key, JSON.stringify(binding), 'EX', ttlSeconds)
} catch (error) {
logger.warn(`⚠️ Failed to touch session binding for ${originalSessionId}:`, error)
}
}
/**
* 检查原始会话是否已绑定
* @param {string} originalSessionId - 原始会话ID
* @returns {Promise<boolean>}
*/
async isOriginalSessionBound(originalSessionId) {
const binding = await this.getOriginalSessionBinding(originalSessionId)
return binding !== null
}
/**
* 验证绑定的账户是否可用
* @param {Object} binding - 绑定信息
* @returns {Promise<boolean>}
*/
async validateBoundAccount(binding) {
if (!binding || !binding.accountId || !binding.accountType) {
return false
}
try {
const { accountType } = binding
const { accountId } = binding
let accountService
switch (accountType) {
case 'claude-official':
accountService = require('./claudeAccountService')
break
case 'claude-console':
accountService = require('./claudeConsoleAccountService')
break
case 'bedrock':
accountService = require('./bedrockAccountService')
break
case 'ccr':
accountService = require('./ccrAccountService')
break
default:
logger.warn(`Unknown account type for validation: ${accountType}`)
return false
}
const account = await accountService.getAccount(accountId)
// getAccount() 直接返回账户数据对象或 null不是 { success, data } 格式
if (!account) {
logger.warn(`Session binding account not found: ${accountId} (${accountType})`)
return false
}
const accountData = account
// 检查账户是否激活
if (accountData.isActive === false || accountData.isActive === 'false') {
logger.warn(
`Session binding account not active: ${accountId} (${accountType}), isActive: ${accountData.isActive}`
)
return false
}
// 检查账户状态(如果存在)
if (accountData.status && accountData.status === 'error') {
logger.warn(
`Session binding account has error status: ${accountId} (${accountType}), status: ${accountData.status}`
)
return false
}
return true
} catch (error) {
logger.error(`❌ Failed to validate bound account ${binding.accountId}:`, error)
return false
}
}
/**
* 验证新会话请求
* @param {Object} _requestBody - 请求体(预留参数,当前未使用)
* @param {string} originalSessionId - 原始会话ID
* @returns {Promise<Object>} { valid: boolean, error?: string, binding?: object, isNewSession?: boolean }
*/
async validateNewSession(_requestBody, originalSessionId) {
const cfg = await this.getConfig()
if (!cfg.globalSessionBindingEnabled) {
return { valid: true }
}
// 如果没有 sessionId跳过验证可能是非 Claude Code 客户端)
if (!originalSessionId) {
return { valid: true }
}
const existingBinding = await this.getOriginalSessionBinding(originalSessionId)
// 如果会话已存在绑定
if (existingBinding) {
// ⚠️ 只有 claude-official 类型账户受全局会话绑定限制
// 其他类型bedrock, ccr, claude-console等忽略绑定走正常调度
if (existingBinding.accountType !== 'claude-official') {
logger.info(
`🔗 Session binding ignored for non-official account type: ${existingBinding.accountType}`
)
return { valid: true }
}
const accountValid = await this.validateBoundAccount(existingBinding)
if (!accountValid) {
return {
valid: false,
error: cfg.sessionBindingErrorMessage,
code: 'SESSION_BINDING_INVALID'
}
}
// 续期
await this.touchOriginalSessionBinding(originalSessionId)
// 已有绑定,允许继续(这是正常的会话延续)
return { valid: true, binding: existingBinding }
}
// 没有绑定,是新会话
// 注意messages.length 检查在此处无法执行,因为我们不知道最终会调度到哪种账户类型
// 绑定会在调度后创建,仅针对 claude-official 账户
return { valid: true, isNewSession: true }
}
/**
* 删除原始会话绑定
* @param {string} originalSessionId - 原始会话ID
*/
async deleteOriginalSessionBinding(originalSessionId) {
if (!originalSessionId) {
return
}
try {
const client = redis.getClient()
if (!client) {
return
}
const key = `${SESSION_BINDING_PREFIX}${originalSessionId}`
await client.del(key)
logger.info(`🗑️ Session binding deleted: ${originalSessionId}`)
} catch (error) {
logger.error(`❌ Failed to delete session binding for ${originalSessionId}:`, error)
}
}
/**
* 获取会话绑定统计
* @returns {Promise<Object>}
*/
async getSessionBindingStats() {
try {
const client = redis.getClient()
if (!client) {
return { totalBindings: 0 }
}
let cursor = '0'
let count = 0
do {
const [newCursor, keys] = await client.scan(
cursor,
'MATCH',
`${SESSION_BINDING_PREFIX}*`,
'COUNT',
100
)
cursor = newCursor
count += keys.length
} while (cursor !== '0')
return {
totalBindings: count
}
} catch (error) {
logger.error('❌ Failed to get session binding stats:', error)
return { totalBindings: 0 }
}
}
/**
* 清除配置缓存(用于测试或强制刷新)
*/
clearCache() {
configCache = null
configCacheTime = 0
}
}
module.exports = new ClaudeRelayConfigService()

1849
src/services/claudeRelayService.js
View File

File diff suppressed because it is too large Load Diff

26
src/services/costInitService.js
View File

@@ -133,34 +133,10 @@ class CostInitService {
totalCost += cost
}
// 写入总费用 - 修复:只在总费用不存在时初始化,避免覆盖现有累计值
// 写入总费用
if (totalCost > 0) {
const totalKey = `usage:cost:total:${apiKeyId}`
// 先检查总费用是否已存在
const existingTotal = await client.get(totalKey)
if (!existingTotal || parseFloat(existingTotal) === 0) {
// 仅在总费用不存在或为0时才初始化
promises.push(client.set(totalKey, totalCost.toString()))
logger.info(`💰 Initialized total cost for API Key ${apiKeyId}: $${totalCost.toFixed(6)}`)
} else {
// 如果总费用已存在,保持不变,避免覆盖累计值
// 注意这个逻辑防止因每日费用键过期30天导致的错误覆盖
// 如果需要强制重新计算,请先手动删除 usage:cost:total:{keyId} 键
const existing = parseFloat(existingTotal)
const calculated = totalCost
if (calculated > existing * 1.1) {
// 如果计算值比现有值大 10% 以上,记录警告(可能是数据不一致)
logger.warn(
`💰 Total cost mismatch for API Key ${apiKeyId}: existing=$${existing.toFixed(6)}, calculated=$${calculated.toFixed(6)} (from last 30 days). Keeping existing value to prevent data loss.`
)
} else {
logger.debug(
`💰 Skipping total cost initialization for API Key ${apiKeyId} - existing: $${existing.toFixed(6)}, calculated: $${calculated.toFixed(6)}`
)
}
}
}
await Promise.all(promises)

591
src/services/costRankService.js
View File

@@ -1,591 +0,0 @@
/**
* 费用排序索引服务
*
* 为 API Keys 提供按费用排序的功能,使用 Redis Sorted Set 预计算排序索引
* 支持 today/7days/30days/all 四种固定时间范围的预计算索引
* 支持 custom 时间范围的实时计算
*
* 设计原则:
* - 只计算未删除的 API Key
* - 使用原子操作避免竞态条件
* - 提供增量更新接口供 API Key 创建/删除时调用
*/
const redis = require('../models/redis')
const logger = require('../utils/logger')
// ============================================================================
// 常量配置
// ============================================================================
/** 时间范围更新间隔配置(省资源模式) */
const UPDATE_INTERVALS = {
today: 10 * 60 * 1000, // 10分钟
'7days': 30 * 60 * 1000, // 30分钟
'30days': 60 * 60 * 1000, // 1小时
all: 2 * 60 * 60 * 1000 // 2小时
}
/** 支持的时间范围列表 */
const VALID_TIME_RANGES = ['today', '7days', '30days', 'all']
/** 分布式锁超时时间(秒) */
const LOCK_TTL = 300
/** 批处理大小 */
const BATCH_SIZE = 100
// ============================================================================
// Redis Key 生成器(集中管理 key 格式)
// ============================================================================
const RedisKeys = {
/** 费用排序索引 Sorted Set */
rankKey: (timeRange) => `cost_rank:${timeRange}`,
/** 临时索引 key用于原子替换 */
tempRankKey: (timeRange) => `cost_rank:${timeRange}:temp:${Date.now()}`,
/** 索引元数据 Hash */
metaKey: (timeRange) => `cost_rank_meta:${timeRange}`,
/** 更新锁 */
lockKey: (timeRange) => `cost_rank_lock:${timeRange}`,
/** 每日费用 */
dailyCost: (keyId, date) => `usage:cost:daily:${keyId}:${date}`,
/** 总费用 */
totalCost: (keyId) => `usage:cost:total:${keyId}`
}
// ============================================================================
// CostRankService 类
// ============================================================================
class CostRankService {
constructor() {
this.timers = {}
this.isInitialized = false
}
// --------------------------------------------------------------------------
// 生命周期管理
// --------------------------------------------------------------------------
/**
* 初始化服务:启动定时任务
* 幂等设计:多次调用只会初始化一次
*/
async initialize() {
// 先清理可能存在的旧定时器(支持热重载)
this._clearAllTimers()
if (this.isInitialized) {
logger.warn('CostRankService already initialized, re-initializing...')
}
logger.info('🔄 Initializing CostRankService...')
try {
// 启动时立即更新所有索引(异步,不阻塞启动)
this.updateAllRanks().catch((err) => {
logger.error('Failed to initialize cost ranks:', err)
})
// 设置定时更新
for (const [timeRange, interval] of Object.entries(UPDATE_INTERVALS)) {
this.timers[timeRange] = setInterval(() => {
this.updateRank(timeRange).catch((err) => {
logger.error(`Failed to update cost rank for ${timeRange}:`, err)
})
}, interval)
}
this.isInitialized = true
logger.success('✅ CostRankService initialized')
} catch (error) {
logger.error('❌ Failed to initialize CostRankService:', error)
throw error
}
}
/**
* 关闭服务:清理定时器
*/
shutdown() {
this._clearAllTimers()
this.isInitialized = false
logger.info('CostRankService shutdown')
}
/**
* 清理所有定时器
* @private
*/
_clearAllTimers() {
for (const timer of Object.values(this.timers)) {
clearInterval(timer)
}
this.timers = {}
}
// --------------------------------------------------------------------------
// 索引更新(全量)
// --------------------------------------------------------------------------
/**
* 更新所有时间范围的索引
*/
async updateAllRanks() {
for (const timeRange of VALID_TIME_RANGES) {
try {
await this.updateRank(timeRange)
} catch (error) {
logger.error(`Failed to update rank for ${timeRange}:`, error)
}
}
}
/**
* 更新指定时间范围的排序索引
* @param {string} timeRange - 时间范围
*/
async updateRank(timeRange) {
const client = redis.getClient()
if (!client) {
logger.warn('Redis client not available, skipping cost rank update')
return
}
const lockKey = RedisKeys.lockKey(timeRange)
const rankKey = RedisKeys.rankKey(timeRange)
const metaKey = RedisKeys.metaKey(timeRange)
// 获取分布式锁
const acquired = await client.set(lockKey, '1', 'NX', 'EX', LOCK_TTL)
if (!acquired) {
logger.debug(`Skipping ${timeRange} rank update - another update in progress`)
return
}
const startTime = Date.now()
try {
// 标记为更新中
await client.hset(metaKey, 'status', 'updating')
// 1. 获取所有未删除的 API Key IDs
const keyIds = await this._getActiveApiKeyIds()
if (keyIds.length === 0) {
// 无数据时清空索引
await client.del(rankKey)
await this._updateMeta(client, metaKey, startTime, 0)
return
}
// 2. 计算日期范围
const dateRange = this._getDateRange(timeRange)
// 3. 分批计算费用
const costs = await this._calculateCostsInBatches(keyIds, dateRange)
// 4. 原子更新索引(使用临时 key + RENAME 避免竞态条件)
await this._atomicUpdateIndex(client, rankKey, costs)
// 5. 更新元数据
await this._updateMeta(client, metaKey, startTime, keyIds.length)
logger.info(
`📊 Updated cost rank for ${timeRange}: ${keyIds.length} keys in ${Date.now() - startTime}ms`
)
} catch (error) {
await client.hset(metaKey, 'status', 'failed')
logger.error(`Failed to update cost rank for ${timeRange}:`, error)
throw error
} finally {
await client.del(lockKey)
}
}
/**
* 原子更新索引(避免竞态条件)
* @private
*/
async _atomicUpdateIndex(client, rankKey, costs) {
if (costs.size === 0) {
await client.del(rankKey)
return
}
// 使用临时 key 构建新索引
const tempKey = `${rankKey}:temp:${Date.now()}`
try {
// 构建 ZADD 参数
const members = []
costs.forEach((cost, keyId) => {
members.push(cost, keyId)
})
// 写入临时 key
await client.zadd(tempKey, ...members)
// 原子替换RENAME 是原子操作)
await client.rename(tempKey, rankKey)
} catch (error) {
// 清理临时 key
await client.del(tempKey).catch(() => {})
throw error
}
}
/**
* 更新元数据
* @private
*/
async _updateMeta(client, metaKey, startTime, keyCount) {
await client.hmset(metaKey, {
lastUpdate: new Date().toISOString(),
keyCount: keyCount.toString(),
status: 'ready',
updateDuration: (Date.now() - startTime).toString()
})
}
// --------------------------------------------------------------------------
// 索引增量更新(供外部调用)
// --------------------------------------------------------------------------
/**
* 添加 API Key 到所有索引(创建 API Key 时调用)
* @param {string} keyId - API Key ID
*/
async addKeyToIndexes(keyId) {
const client = redis.getClient()
if (!client) {
return
}
try {
const pipeline = client.pipeline()
// 将新 Key 添加到所有索引,初始分数为 0
for (const timeRange of VALID_TIME_RANGES) {
pipeline.zadd(RedisKeys.rankKey(timeRange), 0, keyId)
}
await pipeline.exec()
logger.debug(`Added key ${keyId} to cost rank indexes`)
} catch (error) {
logger.error(`Failed to add key ${keyId} to cost rank indexes:`, error)
}
}
/**
* 从所有索引中移除 API Key删除 API Key 时调用)
* @param {string} keyId - API Key ID
*/
async removeKeyFromIndexes(keyId) {
const client = redis.getClient()
if (!client) {
return
}
try {
const pipeline = client.pipeline()
// 从所有索引中移除
for (const timeRange of VALID_TIME_RANGES) {
pipeline.zrem(RedisKeys.rankKey(timeRange), keyId)
}
await pipeline.exec()
logger.debug(`Removed key ${keyId} from cost rank indexes`)
} catch (error) {
logger.error(`Failed to remove key ${keyId} from cost rank indexes:`, error)
}
}
// --------------------------------------------------------------------------
// 查询接口
// --------------------------------------------------------------------------
/**
* 获取排序后的 keyId 列表
* @param {string} timeRange - 时间范围
* @param {string} sortOrder - 排序方向 'asc' | 'desc'
* @param {number} offset - 偏移量
* @param {number} limit - 限制数量,-1 表示全部
* @returns {Promise<string[]>} keyId 列表
*/
async getSortedKeyIds(timeRange, sortOrder = 'desc', offset = 0, limit = -1) {
const client = redis.getClient()
if (!client) {
throw new Error('Redis client not available')
}
const rankKey = RedisKeys.rankKey(timeRange)
const end = limit === -1 ? -1 : offset + limit - 1
if (sortOrder === 'desc') {
return await client.zrevrange(rankKey, offset, end)
} else {
return await client.zrange(rankKey, offset, end)
}
}
/**
* 获取 Key 的费用分数
* @param {string} timeRange - 时间范围
* @param {string} keyId - API Key ID
* @returns {Promise<number>} 费用
*/
async getKeyCost(timeRange, keyId) {
const client = redis.getClient()
if (!client) {
return 0
}
const score = await client.zscore(RedisKeys.rankKey(timeRange), keyId)
return score ? parseFloat(score) : 0
}
/**
* 批量获取多个 Key 的费用分数
* @param {string} timeRange - 时间范围
* @param {string[]} keyIds - API Key ID 列表
* @returns {Promise<Map<string, number>>} keyId -> cost
*/
async getBatchKeyCosts(timeRange, keyIds) {
const client = redis.getClient()
if (!client || keyIds.length === 0) {
return new Map()
}
const rankKey = RedisKeys.rankKey(timeRange)
const costs = new Map()
const pipeline = client.pipeline()
keyIds.forEach((keyId) => {
pipeline.zscore(rankKey, keyId)
})
const results = await pipeline.exec()
keyIds.forEach((keyId, index) => {
const [err, score] = results[index]
costs.set(keyId, err || !score ? 0 : parseFloat(score))
})
return costs
}
/**
* 获取所有排序索引的状态
* @returns {Promise<Object>} 各时间范围的状态
*/
async getRankStatus() {
const client = redis.getClient()
if (!client) {
return {}
}
const status = {}
for (const timeRange of VALID_TIME_RANGES) {
const meta = await client.hgetall(RedisKeys.metaKey(timeRange))
status[timeRange] = {
lastUpdate: meta.lastUpdate || null,
keyCount: parseInt(meta.keyCount || 0),
status: meta.status || 'unknown',
updateDuration: parseInt(meta.updateDuration || 0)
}
}
return status
}
/**
* 强制刷新指定时间范围的索引
* @param {string} timeRange - 时间范围,不传则刷新全部
*/
async forceRefresh(timeRange = null) {
if (timeRange) {
await this.updateRank(timeRange)
} else {
await this.updateAllRanks()
}
}
// --------------------------------------------------------------------------
// Custom 时间范围实时计算
// --------------------------------------------------------------------------
/**
* 计算 custom 时间范围的费用(实时计算,排除已删除的 Key
* @param {string} startDate - 开始日期 YYYY-MM-DD
* @param {string} endDate - 结束日期 YYYY-MM-DD
* @returns {Promise<Map<string, number>>} keyId -> cost
*/
async calculateCustomRangeCosts(startDate, endDate) {
const client = redis.getClient()
if (!client) {
throw new Error('Redis client not available')
}
logger.info(`📊 Calculating custom range costs: ${startDate} to ${endDate}`)
const startTime = Date.now()
// 1. 获取所有未删除的 API Key IDs
const keyIds = await this._getActiveApiKeyIds()
if (keyIds.length === 0) {
return new Map()
}
// 2. 分批计算费用
const costs = await this._calculateCostsInBatches(keyIds, { startDate, endDate })
const duration = Date.now() - startTime
logger.info(`📊 Custom range costs calculated: ${keyIds.length} keys in ${duration}ms`)
return costs
}
// --------------------------------------------------------------------------
// 私有辅助方法
// --------------------------------------------------------------------------
/**
* 获取所有未删除的 API Key IDs
* @private
* @returns {Promise<string[]>}
*/
async _getActiveApiKeyIds() {
// 使用现有的 scanApiKeyIds 获取所有 ID
const allKeyIds = await redis.scanApiKeyIds()
if (allKeyIds.length === 0) {
return []
}
// 批量获取 API Key 数据,过滤已删除的
const allKeys = await redis.batchGetApiKeys(allKeyIds)
return allKeys.filter((k) => !k.isDeleted).map((k) => k.id)
}
/**
* 分批计算费用
* @private
*/
async _calculateCostsInBatches(keyIds, dateRange) {
const costs = new Map()
for (let i = 0; i < keyIds.length; i += BATCH_SIZE) {
const batch = keyIds.slice(i, i + BATCH_SIZE)
const batchCosts = await this._calculateBatchCosts(batch, dateRange)
batchCosts.forEach((cost, keyId) => costs.set(keyId, cost))
}
return costs
}
/**
* 批量计算费用
* @private
*/
async _calculateBatchCosts(keyIds, dateRange) {
const client = redis.getClient()
const costs = new Map()
if (dateRange.useTotal) {
// 'all' 时间范围:直接读取 total cost
const pipeline = client.pipeline()
keyIds.forEach((keyId) => {
pipeline.get(RedisKeys.totalCost(keyId))
})
const results = await pipeline.exec()
keyIds.forEach((keyId, index) => {
const [err, value] = results[index]
costs.set(keyId, err ? 0 : parseFloat(value || 0))
})
} else {
// 特定日期范围:汇总每日费用
const dates = this._getDatesBetween(dateRange.startDate, dateRange.endDate)
const pipeline = client.pipeline()
keyIds.forEach((keyId) => {
dates.forEach((date) => {
pipeline.get(RedisKeys.dailyCost(keyId, date))
})
})
const results = await pipeline.exec()
let resultIndex = 0
keyIds.forEach((keyId) => {
let totalCost = 0
dates.forEach(() => {
const [err, value] = results[resultIndex++]
if (!err && value) {
totalCost += parseFloat(value)
}
})
costs.set(keyId, totalCost)
})
}
return costs
}
/**
* 获取日期范围配置
* @private
*/
_getDateRange(timeRange) {
const now = new Date()
const today = redis.getDateStringInTimezone(now)
switch (timeRange) {
case 'today':
return { startDate: today, endDate: today }
case '7days': {
const d7 = new Date(now)
d7.setDate(d7.getDate() - 6)
return { startDate: redis.getDateStringInTimezone(d7), endDate: today }
}
case '30days': {
const d30 = new Date(now)
d30.setDate(d30.getDate() - 29)
return { startDate: redis.getDateStringInTimezone(d30), endDate: today }
}
case 'all':
return { useTotal: true }
default:
throw new Error(`Invalid time range: ${timeRange}`)
}
}
/**
* 获取两个日期之间的所有日期
* @private
*/
_getDatesBetween(startDate, endDate) {
const dates = []
const current = new Date(startDate)
const end = new Date(endDate)
while (current <= end) {
dates.push(
`${current.getFullYear()}-${String(current.getMonth() + 1).padStart(2, '0')}-${String(current.getDate()).padStart(2, '0')}`
)
current.setDate(current.getDate() + 1)
}
return dates
}
}
module.exports = new CostRankService()

1581
src/services/droidAccountService.js
View File

File diff suppressed because it is too large Load Diff

1500
src/services/droidRelayService.js
View File

File diff suppressed because it is too large Load Diff

227
src/services/droidScheduler.js
View File

@@ -1,227 +0,0 @@
const droidAccountService = require('./droidAccountService')
const accountGroupService = require('./accountGroupService')
const redis = require('../models/redis')
const logger = require('../utils/logger')
class DroidScheduler {
constructor() {
this.STICKY_PREFIX = 'droid'
}
_normalizeEndpointType(endpointType) {
if (!endpointType) {
return 'anthropic'
}
const normalized = String(endpointType).toLowerCase()
if (normalized === 'openai') {
return 'openai'
}
if (normalized === 'comm') {
return 'comm'
}
if (normalized === 'anthropic') {
return 'anthropic'
}
return 'anthropic'
}
_isTruthy(value) {
if (value === undefined || value === null) {
return false
}
if (typeof value === 'boolean') {
return value
}
if (typeof value === 'string') {
return value.toLowerCase() === 'true'
}
return Boolean(value)
}
_isAccountActive(account) {
if (!account) {
return false
}
const isActive = this._isTruthy(account.isActive)
if (!isActive) {
return false
}
const status = (account.status || 'active').toLowerCase()
const unhealthyStatuses = new Set(['error', 'unauthorized', 'blocked'])
return !unhealthyStatuses.has(status)
}
_isAccountSchedulable(account) {
return this._isTruthy(account?.schedulable ?? true)
}
_matchesEndpoint(account, endpointType) {
const normalizedEndpoint = this._normalizeEndpointType(endpointType)
const accountEndpoint = this._normalizeEndpointType(account?.endpointType)
if (normalizedEndpoint === accountEndpoint) {
return true
}
// comm 端点可以使用任何类型的账户
if (normalizedEndpoint === 'comm') {
return true
}
const sharedEndpoints = new Set(['anthropic', 'openai'])
return sharedEndpoints.has(normalizedEndpoint) && sharedEndpoints.has(accountEndpoint)
}
_sortCandidates(candidates) {
return [...candidates].sort((a, b) => {
const priorityA = parseInt(a.priority, 10) || 50
const priorityB = parseInt(b.priority, 10) || 50
if (priorityA !== priorityB) {
return priorityA - priorityB
}
const lastUsedA = a.lastUsedAt ? new Date(a.lastUsedAt).getTime() : 0
const lastUsedB = b.lastUsedAt ? new Date(b.lastUsedAt).getTime() : 0
if (lastUsedA !== lastUsedB) {
return lastUsedA - lastUsedB
}
const createdA = a.createdAt ? new Date(a.createdAt).getTime() : 0
const createdB = b.createdAt ? new Date(b.createdAt).getTime() : 0
return createdA - createdB
})
}
_composeStickySessionKey(endpointType, sessionHash, apiKeyId) {
if (!sessionHash) {
return null
}
const normalizedEndpoint = this._normalizeEndpointType(endpointType)
const apiKeyPart = apiKeyId || 'default'
return `${this.STICKY_PREFIX}:${normalizedEndpoint}:${apiKeyPart}:${sessionHash}`
}
async _loadGroupAccounts(groupId) {
const memberIds = await accountGroupService.getGroupMembers(groupId)
if (!memberIds || memberIds.length === 0) {
return []
}
const accounts = await Promise.all(
memberIds.map(async (memberId) => {
try {
return await droidAccountService.getAccount(memberId)
} catch (error) {
logger.warn(`⚠️ 获取 Droid 分组成员账号失败: ${memberId}`, error)
return null
}
})
)
return accounts.filter(
(account) => account && this._isAccountActive(account) && this._isAccountSchedulable(account)
)
}
async _ensureLastUsedUpdated(accountId) {
try {
await droidAccountService.touchLastUsedAt(accountId)
} catch (error) {
logger.warn(`⚠️ 更新 Droid 账号最后使用时间失败: ${accountId}`, error)
}
}
async _cleanupStickyMapping(stickyKey) {
if (!stickyKey) {
return
}
try {
await redis.deleteSessionAccountMapping(stickyKey)
} catch (error) {
logger.warn(`⚠️ 清理 Droid 粘性会话映射失败: ${stickyKey}`, error)
}
}
async selectAccount(apiKeyData, endpointType, sessionHash) {
const normalizedEndpoint = this._normalizeEndpointType(endpointType)
const stickyKey = this._composeStickySessionKey(normalizedEndpoint, sessionHash, apiKeyData?.id)
let candidates = []
let isDedicatedBinding = false
if (apiKeyData?.droidAccountId) {
const binding = apiKeyData.droidAccountId
if (binding.startsWith('group:')) {
const groupId = binding.substring('group:'.length)
logger.info(
`🤖 API Key ${apiKeyData.name || apiKeyData.id} 绑定 Droid 分组 ${groupId},按分组调度`
)
candidates = await this._loadGroupAccounts(groupId, normalizedEndpoint)
} else {
const account = await droidAccountService.getAccount(binding)
if (account) {
candidates = [account]
isDedicatedBinding = true
}
}
}
if (!candidates || candidates.length === 0) {
candidates = await droidAccountService.getSchedulableAccounts(normalizedEndpoint)
}
const filtered = candidates.filter(
(account) =>
account &&
this._isAccountActive(account) &&
this._isAccountSchedulable(account) &&
this._matchesEndpoint(account, normalizedEndpoint)
)
if (filtered.length === 0) {
throw new Error(
`No available accounts for endpoint ${normalizedEndpoint}${apiKeyData?.droidAccountId ? ' (respecting binding)' : ''}`
)
}
if (stickyKey && !isDedicatedBinding) {
const mappedAccountId = await redis.getSessionAccountMapping(stickyKey)
if (mappedAccountId) {
const mappedAccount = filtered.find((account) => account.id === mappedAccountId)
if (mappedAccount) {
await redis.extendSessionAccountMappingTTL(stickyKey)
logger.info(
`🤖 命中 Droid 粘性会话: ${sessionHash} -> ${mappedAccount.name || mappedAccount.id}`
)
await this._ensureLastUsedUpdated(mappedAccount.id)
return mappedAccount
}
await this._cleanupStickyMapping(stickyKey)
}
}
const sorted = this._sortCandidates(filtered)
const selected = sorted[0]
if (!selected) {
throw new Error(`No schedulable account available after sorting (${normalizedEndpoint})`)
}
if (stickyKey && !isDedicatedBinding) {
await redis.setSessionAccountMapping(stickyKey, selected.id)
}
await this._ensureLastUsedUpdated(selected.id)
logger.info(
`🤖 选择 Droid 账号 ${selected.name || selected.id}endpoint: ${normalizedEndpoint}, priority: ${selected.priority || 50}`
)
return selected
}
}
module.exports = new DroidScheduler()

442
src/services/geminiAccountService.js
View File

@@ -1,7 +1,6 @@
const redisClient = require('../models/redis')
const { v4: uuidv4 } = require('uuid')
const crypto = require('crypto')
const https = require('https')
const config = require('../../config/config')
const logger = require('../utils/logger')
const { OAuth2Client } = require('google-auth-library')
@@ -22,18 +21,6 @@ const OAUTH_CLIENT_ID = '681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.goog
const OAUTH_CLIENT_SECRET = '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'
const OAUTH_SCOPES = ['https://www.googleapis.com/auth/cloud-platform']
// 🌐 TCP Keep-Alive Agent 配置
// 解决长时间流式请求中 NAT/防火墙空闲超时导致的连接中断问题
const keepAliveAgent = new https.Agent({
keepAlive: true,
keepAliveMsecs: 30000, // 每30秒发送一次 keep-alive 探测
timeout: 120000, // 120秒连接超时
maxSockets: 100, // 最大并发连接数
maxFreeSockets: 10 // 保持的空闲连接数
})
logger.info('🌐 Gemini HTTPS Agent initialized with TCP Keep-Alive support')
// 加密相关常量
const ALGORITHM = 'aes-256-cbc'
const ENCRYPTION_SALT = 'gemini-account-salt'
@@ -151,19 +138,11 @@ function createOAuth2Client(redirectUri = null, proxyConfig = null) {
return new OAuth2Client(clientOptions)
}
// 生成授权 URL (支持 PKCE 和代理)
async function generateAuthUrl(state = null, redirectUri = null, proxyConfig = null) {
// 生成授权 URL (支持 PKCE)
async function generateAuthUrl(state = null, redirectUri = null) {
// 使用新的 redirect URI
const finalRedirectUri = redirectUri || 'https://codeassist.google.com/authcode'
const oAuth2Client = createOAuth2Client(finalRedirectUri, proxyConfig)
if (proxyConfig) {
logger.info(
`🌐 Using proxy for Gemini auth URL generation: ${ProxyHelper.getProxyDescription(proxyConfig)}`
)
} else {
logger.debug('🌐 No proxy configured for Gemini auth URL generation')
}
const oAuth2Client = createOAuth2Client(finalRedirectUri)
// 生成 PKCE code verifier
const codeVerifier = await oAuth2Client.generateCodeVerifierAsync()
@@ -397,22 +376,16 @@ async function createAccount(accountData) {
geminiOauth: geminiOauth ? encrypt(geminiOauth) : '',
accessToken: accessToken ? encrypt(accessToken) : '',
refreshToken: refreshToken ? encrypt(refreshToken) : '',
expiresAt, // OAuth Token 过期时间(技术字段,自动刷新)
expiresAt,
// 只有OAuth方式才有scopes手动添加的没有
scopes: accountData.geminiOauth ? accountData.scopes || OAUTH_SCOPES.join(' ') : '',
// ✅ 新增:账户订阅到期时间(业务字段,手动管理)
subscriptionExpiresAt: accountData.subscriptionExpiresAt || null,
// 代理设置
proxy: accountData.proxy ? JSON.stringify(accountData.proxy) : '',
// 项目 IDGoogle Cloud/Workspace 账号需要)
projectId: accountData.projectId || '',
// 临时项目 ID从 loadCodeAssist 接口自动获取)
tempProjectId: accountData.tempProjectId || '',
// 支持的模型列表(可选)
supportedModels: accountData.supportedModels || [], // 空数组表示支持所有模型
@@ -537,23 +510,15 @@ async function updateAccount(accountId, updates) {
}
}
// ✅ 关键:如果新增了 refresh token更新 token 过期时间
// 不要覆盖 subscriptionExpiresAt
// 如果新增了 refresh token更新过期时间为10分钟
if (needUpdateExpiry) {
const newExpiry = new Date(Date.now() + 10 * 60 * 1000).toISOString()
updates.expiresAt = newExpiry // 只更新 OAuth Token 过期时间
// ⚠️ 重要:不要修改 subscriptionExpiresAt
updates.expiresAt = newExpiry
logger.info(
`🔄 New refresh token added for Gemini account ${accountId}, setting token expiry to 10 minutes`
`🔄 New refresh token added for Gemini account ${accountId}, setting expiry to 10 minutes`
)
}
// ✅ 如果通过路由映射更新了 subscriptionExpiresAt直接保存
// subscriptionExpiresAt 是业务字段,与 token 刷新独立
if (updates.subscriptionExpiresAt !== undefined) {
// 直接保存,不做任何调整
}
// 如果通过 geminiOauth 更新,也要检查是否新增了 refresh token
if (updates.geminiOauth && !oldRefreshToken) {
const oauthData =
@@ -667,25 +632,12 @@ async function getAllAccounts() {
// 转换 schedulable 字符串为布尔值(与 getAccount 保持一致)
accountData.schedulable = accountData.schedulable !== 'false' // 默认为true只有明确设置为'false'才为false
const tokenExpiresAt = accountData.expiresAt || null
const subscriptionExpiresAt =
accountData.subscriptionExpiresAt && accountData.subscriptionExpiresAt !== ''
? accountData.subscriptionExpiresAt
: null
// 不解密敏感字段,只返回基本信息
accounts.push({
...accountData,
geminiOauth: accountData.geminiOauth ? '[ENCRYPTED]' : '',
accessToken: accountData.accessToken ? '[ENCRYPTED]' : '',
refreshToken: accountData.refreshToken ? '[ENCRYPTED]' : '',
// ✅ 前端显示订阅过期时间(业务字段)
// 注意:前端看到的 expiresAt 实际上是 subscriptionExpiresAt
tokenExpiresAt,
subscriptionExpiresAt,
expiresAt: subscriptionExpiresAt,
// 添加 scopes 字段用于判断认证方式
// 处理空字符串和默认值的情况
scopes:
@@ -764,17 +716,8 @@ async function selectAvailableAccount(apiKeyId, sessionHash = null) {
for (const accountId of sharedAccountIds) {
const account = await getAccount(accountId)
if (
account &&
account.isActive === 'true' &&
!isRateLimited(account) &&
!isSubscriptionExpired(account)
) {
if (account && account.isActive === 'true' && !isRateLimited(account)) {
availableAccounts.push(account)
} else if (account && isSubscriptionExpired(account)) {
logger.debug(
`⏰ Skipping expired Gemini account: ${account.name}, expired at ${account.subscriptionExpiresAt}`
)
}
}
@@ -829,19 +772,6 @@ function isTokenExpired(account) {
return now >= expiryTime - buffer
}
/**
* 检查账户订阅是否过期
* @param {Object} account - 账户对象
* @returns {boolean} - true: 已过期, false: 未过期
*/
function isSubscriptionExpired(account) {
if (!account.subscriptionExpiresAt) {
return false // 未设置视为永不过期
}
const expiryDate = new Date(account.subscriptionExpiresAt)
return expiryDate <= new Date()
}
// 检查账户是否被限流
function isRateLimited(account) {
if (account.rateLimitStatus === 'limited' && account.rateLimitedAt) {
@@ -1035,10 +965,12 @@ async function getAccountRateLimitInfo(accountId) {
}
}
// 获取配置的OAuth客户端 - 参考GeminiCliSimulator的getOauthClient方法(支持代理)
async function getOauthClient(accessToken, refreshToken, proxyConfig = null) {
const client = createOAuth2Client(null, proxyConfig)
// 获取配置的OAuth客户端 - 参考GeminiCliSimulator的getOauthClient方法
async function getOauthClient(accessToken, refreshToken) {
const client = new OAuth2Client({
clientId: OAUTH_CLIENT_ID,
clientSecret: OAUTH_CLIENT_SECRET
})
const creds = {
access_token: accessToken,
refresh_token: refreshToken,
@@ -1048,20 +980,11 @@ async function getOauthClient(accessToken, refreshToken, proxyConfig = null) {
expiry_date: 1754269905646
}
if (proxyConfig) {
logger.info(
`🌐 Using proxy for Gemini OAuth client: ${ProxyHelper.getProxyDescription(proxyConfig)}`
)
} else {
logger.debug('🌐 No proxy configured for Gemini OAuth client')
}
// 设置凭据
client.setCredentials(creds)
// 验证凭据本地有效性
const { token } = await client.getAccessToken()
if (!token) {
return false
}
@@ -1073,126 +996,28 @@ async function getOauthClient(accessToken, refreshToken, proxyConfig = null) {
return client
}
// 通用的 Code Assist API 转发函数(用于简单的请求/响应端点)
// 适用于loadCodeAssist, onboardUser, countTokens, listExperiments 等不需要特殊处理的端点
async function forwardToCodeAssist(client, apiMethod, requestBody, proxyConfig = null) {
// 调用 Google Code Assist API 的 loadCodeAssist 方法
async function loadCodeAssist(client, projectId = null) {
const axios = require('axios')
const CODE_ASSIST_ENDPOINT = 'https://cloudcode-pa.googleapis.com'
const CODE_ASSIST_API_VERSION = 'v1internal'
const { token } = await client.getAccessToken()
const proxyAgent = ProxyHelper.createProxyAgent(proxyConfig)
logger.info(`📡 ${apiMethod} API调用开始`)
const axiosConfig = {
url: `${CODE_ASSIST_ENDPOINT}/${CODE_ASSIST_API_VERSION}:${apiMethod}`,
method: 'POST',
headers: {
Authorization: `Bearer ${token}`,
'Content-Type': 'application/json'
},
data: requestBody,
timeout: 30000
}
// 添加代理配置
if (proxyAgent) {
// 只设置 httpsAgent因为目标 URL 是 HTTPS (cloudcode-pa.googleapis.com)
axiosConfig.httpsAgent = proxyAgent
axiosConfig.proxy = false
logger.info(`🌐 Using proxy for ${apiMethod}: ${ProxyHelper.getProxyDescription(proxyConfig)}`)
} else {
logger.debug(`🌐 No proxy configured for ${apiMethod}`)
}
const response = await axios(axiosConfig)
logger.info(`${apiMethod} API调用成功`)
return response.data
}
// 调用 Google Code Assist API 的 loadCodeAssist 方法(支持代理)
async function loadCodeAssist(client, projectId = null, proxyConfig = null) {
const axios = require('axios')
const CODE_ASSIST_ENDPOINT = 'https://cloudcode-pa.googleapis.com'
const CODE_ASSIST_API_VERSION = 'v1internal'
const { token } = await client.getAccessToken()
const proxyAgent = ProxyHelper.createProxyAgent(proxyConfig)
// 🔍 只有个人账户(无 projectId才需要调用 tokeninfo/userinfo
// 这些调用有助于 Google 获取临时 projectId
if (!projectId) {
const tokenInfoConfig = {
url: 'https://oauth2.googleapis.com/tokeninfo',
method: 'POST',
headers: {
Authorization: `Bearer ${token}`,
'Content-Type': 'application/x-www-form-urlencoded'
},
data: new URLSearchParams({ access_token: token }).toString(),
timeout: 15000
}
if (proxyAgent) {
tokenInfoConfig.httpAgent = proxyAgent
tokenInfoConfig.httpsAgent = proxyAgent
tokenInfoConfig.proxy = false
}
try {
await axios(tokenInfoConfig)
logger.info('📋 tokeninfo 接口验证成功')
} catch (error) {
logger.warn('⚠️ tokeninfo 接口调用失败:', error.message)
}
const userInfoConfig = {
url: 'https://www.googleapis.com/oauth2/v2/userinfo',
method: 'GET',
headers: {
Authorization: `Bearer ${token}`,
Accept: '*/*'
},
timeout: 15000
}
if (proxyAgent) {
userInfoConfig.httpAgent = proxyAgent
userInfoConfig.httpsAgent = proxyAgent
userInfoConfig.proxy = false
}
try {
await axios(userInfoConfig)
logger.info('📋 userinfo 接口获取成功')
} catch (error) {
logger.warn('⚠️ userinfo 接口调用失败:', error.message)
}
}
// 创建ClientMetadata
const clientMetadata = {
ideType: 'IDE_UNSPECIFIED',
platform: 'PLATFORM_UNSPECIFIED',
pluginType: 'GEMINI'
}
// 只有当projectId存在时才添加duetProject
if (projectId) {
clientMetadata.duetProject = projectId
pluginType: 'GEMINI',
duetProject: projectId
}
const request = {
cloudaicompanionProject: projectId,
metadata: clientMetadata
}
// 只有当projectId存在时才添加cloudaicompanionProject
if (projectId) {
request.cloudaicompanionProject = projectId
}
const axiosConfig = {
const response = await axios({
url: `${CODE_ASSIST_ENDPOINT}/${CODE_ASSIST_API_VERSION}:loadCodeAssist`,
method: 'POST',
headers: {
@@ -1201,21 +1026,7 @@ async function loadCodeAssist(client, projectId = null, proxyConfig = null) {
},
data: request,
timeout: 30000
}
// 添加代理配置
if (proxyAgent) {
// 只设置 httpsAgent因为目标 URL 是 HTTPS (cloudcode-pa.googleapis.com)
axiosConfig.httpsAgent = proxyAgent
axiosConfig.proxy = false
logger.info(
`🌐 Using proxy for Gemini loadCodeAssist: ${ProxyHelper.getProxyDescription(proxyConfig)}`
)
} else {
logger.debug('🌐 No proxy configured for Gemini loadCodeAssist')
}
const response = await axios(axiosConfig)
})
logger.info('📋 loadCodeAssist API调用成功')
return response.data
@@ -1248,8 +1059,8 @@ function getOnboardTier(loadRes) {
}
}
// 调用 Google Code Assist API 的 onboardUser 方法(包含轮询逻辑,支持代理
async function onboardUser(client, tierId, projectId, clientMetadata, proxyConfig = null) {
// 调用 Google Code Assist API 的 onboardUser 方法(包含轮询逻辑)
async function onboardUser(client, tierId, projectId, clientMetadata) {
const axios = require('axios')
const CODE_ASSIST_ENDPOINT = 'https://cloudcode-pa.googleapis.com'
const CODE_ASSIST_API_VERSION = 'v1internal'
@@ -1258,39 +1069,10 @@ async function onboardUser(client, tierId, projectId, clientMetadata, proxyConfi
const onboardReq = {
tierId,
cloudaicompanionProject: projectId,
metadata: clientMetadata
}
// 只有当projectId存在时才添加cloudaicompanionProject
if (projectId) {
onboardReq.cloudaicompanionProject = projectId
}
// 创建基础axios配置
const baseAxiosConfig = {
url: `${CODE_ASSIST_ENDPOINT}/${CODE_ASSIST_API_VERSION}:onboardUser`,
method: 'POST',
headers: {
Authorization: `Bearer ${token}`,
'Content-Type': 'application/json'
},
data: onboardReq,
timeout: 30000
}
// 添加代理配置
const proxyAgent = ProxyHelper.createProxyAgent(proxyConfig)
if (proxyAgent) {
baseAxiosConfig.httpAgent = proxyAgent
baseAxiosConfig.httpsAgent = proxyAgent
baseAxiosConfig.proxy = false
logger.info(
`🌐 Using proxy for Gemini onboardUser: ${ProxyHelper.getProxyDescription(proxyConfig)}`
)
} else {
logger.debug('🌐 No proxy configured for Gemini onboardUser')
}
logger.info('📋 开始onboardUser API调用', {
tierId,
projectId,
@@ -1299,7 +1081,16 @@ async function onboardUser(client, tierId, projectId, clientMetadata, proxyConfi
})
// 轮询onboardUser直到长运行操作完成
let lroRes = await axios(baseAxiosConfig)
let lroRes = await axios({
url: `${CODE_ASSIST_ENDPOINT}/${CODE_ASSIST_API_VERSION}:onboardUser`,
method: 'POST',
headers: {
Authorization: `Bearer ${token}`,
'Content-Type': 'application/json'
},
data: onboardReq,
timeout: 30000
})
let attempts = 0
const maxAttempts = 12 // 最多等待1分钟5秒 * 12次
@@ -1308,7 +1099,17 @@ async function onboardUser(client, tierId, projectId, clientMetadata, proxyConfi
logger.info(`⏳ 等待onboardUser完成... (${attempts + 1}/${maxAttempts})`)
await new Promise((resolve) => setTimeout(resolve, 5000))
lroRes = await axios(baseAxiosConfig)
lroRes = await axios({
url: `${CODE_ASSIST_ENDPOINT}/${CODE_ASSIST_API_VERSION}:onboardUser`,
method: 'POST',
headers: {
Authorization: `Bearer ${token}`,
'Content-Type': 'application/json'
},
data: onboardReq,
timeout: 30000
})
attempts++
}
@@ -1320,13 +1121,8 @@ async function onboardUser(client, tierId, projectId, clientMetadata, proxyConfi
return lroRes.data
}
// 完整的用户设置流程 - 参考setup.ts的逻辑(支持代理)
async function setupUser(
client,
initialProjectId = null,
clientMetadata = null,
proxyConfig = null
) {
// 完整的用户设置流程 - 参考setup.ts的逻辑
async function setupUser(client, initialProjectId = null, clientMetadata = null) {
logger.info('🚀 setupUser 开始', { initialProjectId, hasClientMetadata: !!clientMetadata })
let projectId = initialProjectId || process.env.GOOGLE_CLOUD_PROJECT || null
@@ -1345,7 +1141,7 @@ async function setupUser(
// 调用loadCodeAssist
logger.info('📞 调用 loadCodeAssist...')
const loadRes = await loadCodeAssist(client, projectId, proxyConfig)
const loadRes = await loadCodeAssist(client, projectId)
logger.info('✅ loadCodeAssist 完成', {
hasCloudaicompanionProject: !!loadRes.cloudaicompanionProject
})
@@ -1368,7 +1164,7 @@ async function setupUser(
// 调用onboardUser
logger.info('📞 调用 onboardUser...', { tierId: tier.id, projectId })
const lroRes = await onboardUser(client, tier.id, projectId, clientMetadata, proxyConfig)
const lroRes = await onboardUser(client, tier.id, projectId, clientMetadata)
logger.info('✅ onboardUser 完成', { hasDone: !!lroRes.done, hasResponse: !!lroRes.response })
const result = {
@@ -1382,8 +1178,8 @@ async function setupUser(
return result
}
// 调用 Code Assist API 计算 token 数量(支持代理)
async function countTokens(client, contents, model = 'gemini-2.0-flash-exp', proxyConfig = null) {
// 调用 Code Assist API 计算 token 数量
async function countTokens(client, contents, model = 'gemini-2.0-flash-exp') {
const axios = require('axios')
const CODE_ASSIST_ENDPOINT = 'https://cloudcode-pa.googleapis.com'
const CODE_ASSIST_API_VERSION = 'v1internal'
@@ -1400,7 +1196,7 @@ async function countTokens(client, contents, model = 'gemini-2.0-flash-exp', pro
logger.info('📊 countTokens API调用开始', { model, contentsLength: contents.length })
const axiosConfig = {
const response = await axios({
url: `${CODE_ASSIST_ENDPOINT}/${CODE_ASSIST_API_VERSION}:countTokens`,
method: 'POST',
headers: {
@@ -1409,22 +1205,7 @@ async function countTokens(client, contents, model = 'gemini-2.0-flash-exp', pro
},
data: request,
timeout: 30000
}
// 添加代理配置
const proxyAgent = ProxyHelper.createProxyAgent(proxyConfig)
if (proxyAgent) {
// 只设置 httpsAgent因为目标 URL 是 HTTPS (cloudcode-pa.googleapis.com)
axiosConfig.httpsAgent = proxyAgent
axiosConfig.proxy = false
logger.info(
`🌐 Using proxy for Gemini countTokens: ${ProxyHelper.getProxyDescription(proxyConfig)}`
)
} else {
logger.debug('🌐 No proxy configured for Gemini countTokens')
}
const response = await axios(axiosConfig)
})
logger.info('✅ countTokens API调用成功', { totalTokens: response.data.totalTokens })
return response.data
@@ -1448,22 +1229,14 @@ async function generateContent(
// 按照 gemini-cli 的转换格式构造请求
const request = {
model: requestData.model,
project: projectId,
user_prompt_id: userPromptId,
request: {
...requestData.request,
session_id: sessionId
}
}
// 只有当 userPromptId 存在时才添加
if (userPromptId) {
request.user_prompt_id = userPromptId
}
// 只有当projectId存在时才添加project字段
if (projectId) {
request.project = projectId
}
logger.info('🤖 generateContent API调用开始', {
model: requestData.model,
userPromptId,
@@ -1471,12 +1244,6 @@ async function generateContent(
sessionId
})
// 添加详细的请求日志
logger.info('📦 generateContent 请求详情', {
url: `${CODE_ASSIST_ENDPOINT}/${CODE_ASSIST_API_VERSION}:generateContent`,
requestBody: JSON.stringify(request, null, 2)
})
const axiosConfig = {
url: `${CODE_ASSIST_ENDPOINT}/${CODE_ASSIST_API_VERSION}:generateContent`,
method: 'POST',
@@ -1485,22 +1252,18 @@ async function generateContent(
'Content-Type': 'application/json'
},
data: request,
timeout: 600000 // 生成内容可能需要更长时间
timeout: 60000 // 生成内容可能需要更长时间
}
// 添加代理配置
const proxyAgent = ProxyHelper.createProxyAgent(proxyConfig)
if (proxyAgent) {
// 只设置 httpsAgent因为目标 URL 是 HTTPS (cloudcode-pa.googleapis.com)
axiosConfig.httpsAgent = proxyAgent
axiosConfig.proxy = false
logger.info(
`🌐 Using proxy for Gemini generateContent: ${ProxyHelper.getProxyDescription(proxyConfig)}`
)
} else {
// 没有代理时,使用 keepAlive agent 防止长时间请求被中断
axiosConfig.httpsAgent = keepAliveAgent
logger.debug('🌐 Using keepAlive agent for Gemini generateContent')
logger.debug('🌐 No proxy configured for Gemini generateContent')
}
const response = await axios(axiosConfig)
@@ -1528,22 +1291,14 @@ async function generateContentStream(
// 按照 gemini-cli 的转换格式构造请求
const request = {
model: requestData.model,
project: projectId,
user_prompt_id: userPromptId,
request: {
...requestData.request,
session_id: sessionId
}
}
// 只有当 userPromptId 存在时才添加
if (userPromptId) {
request.user_prompt_id = userPromptId
}
// 只有当projectId存在时才添加project字段
if (projectId) {
request.project = projectId
}
logger.info('🌊 streamGenerateContent API调用开始', {
model: requestData.model,
userPromptId,
@@ -1563,23 +1318,18 @@ async function generateContentStream(
},
data: request,
responseType: 'stream',
timeout: 0 // 流式请求不设置超时限制,由 keepAlive 和 AbortSignal 控制
timeout: 60000
}
// 添加代理配置
const proxyAgent = ProxyHelper.createProxyAgent(proxyConfig)
if (proxyAgent) {
// 只设置 httpsAgent因为目标 URL 是 HTTPS (cloudcode-pa.googleapis.com)
// 同时设置 httpAgent 和 httpsAgent 可能导致 axios/follow-redirects 选择错误的协议
axiosConfig.httpsAgent = proxyAgent
axiosConfig.proxy = false
logger.info(
`🌐 Using proxy for Gemini streamGenerateContent: ${ProxyHelper.getProxyDescription(proxyConfig)}`
)
} else {
// 没有代理时,使用 keepAlive agent 防止长时间流式请求被中断
axiosConfig.httpsAgent = keepAliveAgent
logger.debug('🌐 Using keepAlive agent for Gemini streamGenerateContent')
logger.debug('🌐 No proxy configured for Gemini streamGenerateContent')
}
// 如果提供了中止信号,添加到配置中
@@ -1593,73 +1343,6 @@ async function generateContentStream(
return response.data // 返回流对象
}
// 更新账户的临时项目 ID
async function updateTempProjectId(accountId, tempProjectId) {
if (!tempProjectId) {
return
}
try {
const account = await getAccount(accountId)
if (!account) {
logger.warn(`Account ${accountId} not found when updating tempProjectId`)
return
}
// 只有在没有固定项目 ID 的情况下才更新临时项目 ID
if (!account.projectId && tempProjectId !== account.tempProjectId) {
await updateAccount(accountId, { tempProjectId })
logger.info(`Updated tempProjectId for account ${accountId}: ${tempProjectId}`)
}
} catch (error) {
logger.error(`Failed to update tempProjectId for account ${accountId}:`, error)
}
}
// 重置账户状态(清除所有异常状态)
async function resetAccountStatus(accountId) {
const account = await getAccount(accountId)
if (!account) {
throw new Error('Account not found')
}
const updates = {
// 根据是否有有效的 refreshToken 来设置 status
status: account.refreshToken ? 'active' : 'created',
// 恢复可调度状态
schedulable: 'true',
// 清除错误相关字段
errorMessage: '',
rateLimitedAt: '',
rateLimitStatus: ''
}
await updateAccount(accountId, updates)
logger.info(`✅ Reset all error status for Gemini account ${accountId}`)
// 发送 Webhook 通知
try {
const webhookNotifier = require('../utils/webhookNotifier')
await webhookNotifier.sendAccountAnomalyNotification({
accountId,
accountName: account.name || accountId,
platform: 'gemini',
status: 'recovered',
errorCode: 'STATUS_RESET',
reason: 'Account status manually reset',
timestamp: new Date().toISOString()
})
logger.info(`📢 Webhook notification sent for Gemini account ${account.name} status reset`)
} catch (webhookError) {
logger.error('Failed to send status reset webhook notification:', webhookError)
}
return {
success: true,
message: 'Account status reset successfully'
}
}
module.exports = {
generateAuthUrl,
pollAuthorizationStatus,
@@ -1677,7 +1360,6 @@ module.exports = {
getAccountRateLimitInfo,
isTokenExpired,
getOauthClient,
forwardToCodeAssist, // 通用转发函数
loadCodeAssist,
getOnboardTier,
onboardUser,
@@ -1689,8 +1371,6 @@ module.exports = {
countTokens,
generateContent,
generateContentStream,
updateTempProjectId,
resetAccountStatus,
OAUTH_CLIENT_ID,
OAUTH_SCOPES
}

586
src/services/geminiApiAccountService.js
View File

@@ -1,586 +0,0 @@
const { v4: uuidv4 } = require('uuid')
const crypto = require('crypto')
const redis = require('../models/redis')
const logger = require('../utils/logger')
const config = require('../../config/config')
const LRUCache = require('../utils/lruCache')
class GeminiApiAccountService {
constructor() {
// 加密相关常量
this.ENCRYPTION_ALGORITHM = 'aes-256-cbc'
this.ENCRYPTION_SALT = 'gemini-api-salt'
// Redis 键前缀
this.ACCOUNT_KEY_PREFIX = 'gemini_api_account:'
this.SHARED_ACCOUNTS_KEY = 'shared_gemini_api_accounts'
// 🚀 性能优化:缓存派生的加密密钥,避免每次重复计算
this._encryptionKeyCache = null
// 🔄 解密结果缓存,提高解密性能
this._decryptCache = new LRUCache(500)
// 🧹 定期清理缓存每10分钟
setInterval(
() => {
this._decryptCache.cleanup()
logger.info('🧹 Gemini-API decrypt cache cleanup completed', this._decryptCache.getStats())
},
10 * 60 * 1000
)
}
// 创建账户
async createAccount(options = {}) {
const {
name = 'Gemini API Account',
description = '',
apiKey = '', // 必填Google AI Studio API Key
baseUrl = 'https://generativelanguage.googleapis.com', // 默认 Gemini API 基础 URL
proxy = null,
priority = 50, // 调度优先级 (1-100)
isActive = true,
accountType = 'shared', // 'dedicated' or 'shared'
schedulable = true, // 是否可被调度
supportedModels = [], // 支持的模型列表
rateLimitDuration = 60 // 限流时间(分钟)
} = options
// 验证必填字段
if (!apiKey) {
throw new Error('API Key is required for Gemini-API account')
}
// 规范化 baseUrl确保不以 / 结尾)
const normalizedBaseUrl = baseUrl.endsWith('/') ? baseUrl.slice(0, -1) : baseUrl
const accountId = uuidv4()
const accountData = {
id: accountId,
platform: 'gemini-api',
name,
description,
baseUrl: normalizedBaseUrl,
apiKey: this._encryptSensitiveData(apiKey),
priority: priority.toString(),
proxy: proxy ? JSON.stringify(proxy) : '',
isActive: isActive.toString(),
accountType,
schedulable: schedulable.toString(),
supportedModels: JSON.stringify(supportedModels),
createdAt: new Date().toISOString(),
lastUsedAt: '',
status: 'active',
errorMessage: '',
// 限流相关
rateLimitedAt: '',
rateLimitStatus: '',
rateLimitDuration: rateLimitDuration.toString()
}
// 保存到 Redis
await this._saveAccount(accountId, accountData)
logger.success(`🚀 Created Gemini-API account: ${name} (${accountId})`)
return {
...accountData,
apiKey: '***' // 返回时隐藏敏感信息
}
}
// 获取账户
async getAccount(accountId) {
const client = redis.getClientSafe()
const key = `${this.ACCOUNT_KEY_PREFIX}${accountId}`
const accountData = await client.hgetall(key)
if (!accountData || !accountData.id) {
return null
}
// 解密敏感数据
accountData.apiKey = this._decryptSensitiveData(accountData.apiKey)
// 解析 JSON 字段
if (accountData.proxy) {
try {
accountData.proxy = JSON.parse(accountData.proxy)
} catch (e) {
accountData.proxy = null
}
}
if (accountData.supportedModels) {
try {
accountData.supportedModels = JSON.parse(accountData.supportedModels)
} catch (e) {
accountData.supportedModels = []
}
}
return accountData
}
// 更新账户
async updateAccount(accountId, updates) {
const account = await this.getAccount(accountId)
if (!account) {
throw new Error('Account not found')
}
// 处理敏感字段加密
if (updates.apiKey) {
updates.apiKey = this._encryptSensitiveData(updates.apiKey)
}
// 处理 JSON 字段
if (updates.proxy !== undefined) {
updates.proxy = updates.proxy ? JSON.stringify(updates.proxy) : ''
}
if (updates.supportedModels !== undefined) {
updates.supportedModels = JSON.stringify(updates.supportedModels)
}
// 规范化 baseUrl
if (updates.baseUrl) {
updates.baseUrl = updates.baseUrl.endsWith('/')
? updates.baseUrl.slice(0, -1)
: updates.baseUrl
}
// 更新 Redis
const client = redis.getClientSafe()
const key = `${this.ACCOUNT_KEY_PREFIX}${accountId}`
await client.hset(key, updates)
logger.info(`📝 Updated Gemini-API account: ${account.name}`)
return { success: true }
}
// 删除账户
async deleteAccount(accountId) {
const client = redis.getClientSafe()
const key = `${this.ACCOUNT_KEY_PREFIX}${accountId}`
// 从共享账户列表中移除
await client.srem(this.SHARED_ACCOUNTS_KEY, accountId)
// 删除账户数据
await client.del(key)
logger.info(`🗑️ Deleted Gemini-API account: ${accountId}`)
return { success: true }
}
// 获取所有账户
async getAllAccounts(includeInactive = false) {
const client = redis.getClientSafe()
const accountIds = await client.smembers(this.SHARED_ACCOUNTS_KEY)
const accounts = []
for (const accountId of accountIds) {
const account = await this.getAccount(accountId)
if (account) {
// 过滤非活跃账户
if (includeInactive || account.isActive === 'true') {
// 隐藏敏感信息
account.apiKey = '***'
// 获取限流状态信息
const rateLimitInfo = this._getRateLimitInfo(account)
// 格式化 rateLimitStatus 为对象
account.rateLimitStatus = rateLimitInfo.isRateLimited
? {
isRateLimited: true,
rateLimitedAt: account.rateLimitedAt || null,
minutesRemaining: rateLimitInfo.remainingMinutes || 0
}
: {
isRateLimited: false,
rateLimitedAt: null,
minutesRemaining: 0
}
// 转换 schedulable 字段为布尔值
account.schedulable = account.schedulable !== 'false'
// 转换 isActive 字段为布尔值
account.isActive = account.isActive === 'true'
account.platform = account.platform || 'gemini-api'
accounts.push(account)
}
}
}
// 直接从 Redis 获取所有账户(包括非共享账户)
const keys = await client.keys(`${this.ACCOUNT_KEY_PREFIX}*`)
for (const key of keys) {
const accountId = key.replace(this.ACCOUNT_KEY_PREFIX, '')
if (!accountIds.includes(accountId)) {
const accountData = await client.hgetall(key)
if (accountData && accountData.id) {
// 过滤非活跃账户
if (includeInactive || accountData.isActive === 'true') {
// 隐藏敏感信息
accountData.apiKey = '***'
// 解析 JSON 字段
if (accountData.proxy) {
try {
accountData.proxy = JSON.parse(accountData.proxy)
} catch (e) {
accountData.proxy = null
}
}
if (accountData.supportedModels) {
try {
accountData.supportedModels = JSON.parse(accountData.supportedModels)
} catch (e) {
accountData.supportedModels = []
}
}
// 获取限流状态信息
const rateLimitInfo = this._getRateLimitInfo(accountData)
// 格式化 rateLimitStatus 为对象
accountData.rateLimitStatus = rateLimitInfo.isRateLimited
? {
isRateLimited: true,
rateLimitedAt: accountData.rateLimitedAt || null,
minutesRemaining: rateLimitInfo.remainingMinutes || 0
}
: {
isRateLimited: false,
rateLimitedAt: null,
minutesRemaining: 0
}
// 转换 schedulable 字段为布尔值
accountData.schedulable = accountData.schedulable !== 'false'
// 转换 isActive 字段为布尔值
accountData.isActive = accountData.isActive === 'true'
accountData.platform = accountData.platform || 'gemini-api'
accounts.push(accountData)
}
}
}
}
return accounts
}
// 标记账户已使用
async markAccountUsed(accountId) {
await this.updateAccount(accountId, {
lastUsedAt: new Date().toISOString()
})
}
// 标记账户限流
async setAccountRateLimited(accountId, isLimited, duration = null) {
const account = await this.getAccount(accountId)
if (!account) {
return
}
if (isLimited) {
const rateLimitDuration = duration || parseInt(account.rateLimitDuration) || 60
const now = new Date()
const resetAt = new Date(now.getTime() + rateLimitDuration * 60000)
await this.updateAccount(accountId, {
rateLimitedAt: now.toISOString(),
rateLimitStatus: 'limited',
rateLimitResetAt: resetAt.toISOString(),
rateLimitDuration: rateLimitDuration.toString(),
status: 'rateLimited',
schedulable: 'false', // 防止被调度
errorMessage: `Rate limited until ${resetAt.toISOString()}`
})
logger.warn(
`⏳ Gemini-API account ${account.name} marked as rate limited for ${rateLimitDuration} minutes (until ${resetAt.toISOString()})`
)
} else {
// 清除限流状态
await this.updateAccount(accountId, {
rateLimitedAt: '',
rateLimitStatus: '',
rateLimitResetAt: '',
status: 'active',
schedulable: 'true',
errorMessage: ''
})
logger.info(`✅ Rate limit cleared for Gemini-API account ${account.name}`)
}
}
// 🚫 标记账户为未授权状态401错误
async markAccountUnauthorized(accountId, reason = 'Gemini API账号认证失败401错误') {
const account = await this.getAccount(accountId)
if (!account) {
return
}
const now = new Date().toISOString()
const currentCount = parseInt(account.unauthorizedCount || '0', 10)
const unauthorizedCount = Number.isFinite(currentCount) ? currentCount + 1 : 1
await this.updateAccount(accountId, {
status: 'unauthorized',
schedulable: 'false',
errorMessage: reason,
unauthorizedAt: now,
unauthorizedCount: unauthorizedCount.toString()
})
logger.warn(
`🚫 Gemini-API account ${account.name || accountId} marked as unauthorized due to 401 error`
)
try {
const webhookNotifier = require('../utils/webhookNotifier')
await webhookNotifier.sendAccountAnomalyNotification({
accountId,
accountName: account.name || accountId,
platform: 'gemini-api',
status: 'unauthorized',
errorCode: 'GEMINI_API_UNAUTHORIZED',
reason,
timestamp: now
})
logger.info(
`📢 Webhook notification sent for Gemini-API account ${account.name || accountId} unauthorized state`
)
} catch (webhookError) {
logger.error('Failed to send unauthorized webhook notification:', webhookError)
}
}
// 检查并清除过期的限流状态
async checkAndClearRateLimit(accountId) {
const account = await this.getAccount(accountId)
if (!account || account.rateLimitStatus !== 'limited') {
return false
}
const now = new Date()
let shouldClear = false
// 优先使用 rateLimitResetAt 字段
if (account.rateLimitResetAt) {
const resetAt = new Date(account.rateLimitResetAt)
shouldClear = now >= resetAt
} else {
// 如果没有 rateLimitResetAt使用旧的逻辑
const rateLimitedAt = new Date(account.rateLimitedAt)
const rateLimitDuration = parseInt(account.rateLimitDuration) || 60
shouldClear = now - rateLimitedAt > rateLimitDuration * 60000
}
if (shouldClear) {
// 限流已过期,清除状态
await this.setAccountRateLimited(accountId, false)
return true
}
return false
}
// 切换调度状态
async toggleSchedulable(accountId) {
const account = await this.getAccount(accountId)
if (!account) {
throw new Error('Account not found')
}
const newSchedulableStatus = account.schedulable === 'true' ? 'false' : 'true'
await this.updateAccount(accountId, {
schedulable: newSchedulableStatus
})
logger.info(
`🔄 Toggled schedulable status for Gemini-API account ${account.name}: ${newSchedulableStatus}`
)
return {
success: true,
schedulable: newSchedulableStatus === 'true'
}
}
// 重置账户状态(清除所有异常状态)
async resetAccountStatus(accountId) {
const account = await this.getAccount(accountId)
if (!account) {
throw new Error('Account not found')
}
const updates = {
// 根据是否有有效的 apiKey 来设置 status
status: account.apiKey ? 'active' : 'created',
// 恢复可调度状态
schedulable: 'true',
// 清除错误相关字段
errorMessage: '',
rateLimitedAt: '',
rateLimitStatus: '',
rateLimitResetAt: '',
rateLimitDuration: ''
}
await this.updateAccount(accountId, updates)
logger.info(`✅ Reset all error status for Gemini-API account ${accountId}`)
// 发送 Webhook 通知
try {
const webhookNotifier = require('../utils/webhookNotifier')
await webhookNotifier.sendAccountAnomalyNotification({
accountId,
accountName: account.name || accountId,
platform: 'gemini-api',
status: 'recovered',
errorCode: 'STATUS_RESET',
reason: 'Account status manually reset',
timestamp: new Date().toISOString()
})
logger.info(
`📢 Webhook notification sent for Gemini-API account ${account.name} status reset`
)
} catch (webhookError) {
logger.error('Failed to send status reset webhook notification:', webhookError)
}
return { success: true, message: 'Account status reset successfully' }
}
// API Key 不会过期
isTokenExpired(_account) {
return false
}
// 获取限流信息
_getRateLimitInfo(accountData) {
if (accountData.rateLimitStatus !== 'limited') {
return { isRateLimited: false }
}
const now = new Date()
let willBeAvailableAt
let remainingMinutes
// 优先使用 rateLimitResetAt 字段
if (accountData.rateLimitResetAt) {
willBeAvailableAt = new Date(accountData.rateLimitResetAt)
remainingMinutes = Math.max(0, Math.ceil((willBeAvailableAt - now) / 60000))
} else {
// 如果没有 rateLimitResetAt使用旧的逻辑
const rateLimitedAt = new Date(accountData.rateLimitedAt)
const rateLimitDuration = parseInt(accountData.rateLimitDuration) || 60
const elapsedMinutes = Math.floor((now - rateLimitedAt) / 60000)
remainingMinutes = Math.max(0, rateLimitDuration - elapsedMinutes)
willBeAvailableAt = new Date(rateLimitedAt.getTime() + rateLimitDuration * 60000)
}
return {
isRateLimited: remainingMinutes > 0,
remainingMinutes,
willBeAvailableAt
}
}
// 加密敏感数据
_encryptSensitiveData(text) {
if (!text) {
return ''
}
const key = this._getEncryptionKey()
const iv = crypto.randomBytes(16)
const cipher = crypto.createCipheriv(this.ENCRYPTION_ALGORITHM, key, iv)
let encrypted = cipher.update(text)
encrypted = Buffer.concat([encrypted, cipher.final()])
return `${iv.toString('hex')}:${encrypted.toString('hex')}`
}
// 解密敏感数据
_decryptSensitiveData(text) {
if (!text || text === '') {
return ''
}
// 检查缓存
const cacheKey = crypto.createHash('sha256').update(text).digest('hex')
const cached = this._decryptCache.get(cacheKey)
if (cached !== undefined) {
return cached
}
try {
const key = this._getEncryptionKey()
const [ivHex, encryptedHex] = text.split(':')
const iv = Buffer.from(ivHex, 'hex')
const encryptedText = Buffer.from(encryptedHex, 'hex')
const decipher = crypto.createDecipheriv(this.ENCRYPTION_ALGORITHM, key, iv)
let decrypted = decipher.update(encryptedText)
decrypted = Buffer.concat([decrypted, decipher.final()])
const result = decrypted.toString()
// 存入缓存5分钟过期
this._decryptCache.set(cacheKey, result, 5 * 60 * 1000)
return result
} catch (error) {
logger.error('Decryption error:', error)
return ''
}
}
// 获取加密密钥
_getEncryptionKey() {
if (!this._encryptionKeyCache) {
this._encryptionKeyCache = crypto.scryptSync(
config.security.encryptionKey,
this.ENCRYPTION_SALT,
32
)
}
return this._encryptionKeyCache
}
// 保存账户到 Redis
async _saveAccount(accountId, accountData) {
const client = redis.getClientSafe()
const key = `${this.ACCOUNT_KEY_PREFIX}${accountId}`
// 保存账户数据
await client.hset(key, accountData)
// 添加到共享账户列表
if (accountData.accountType === 'shared') {
await client.sadd(this.SHARED_ACCOUNTS_KEY, accountId)
}
}
}
module.exports = new GeminiApiAccountService()

12
src/services/geminiRelayService.js
View File

@@ -273,15 +273,13 @@ async function sendGeminiRequest({
'Content-Type': 'application/json'
},
data: requestBody,
timeout: config.requestTimeout || 600000
timeout: config.requestTimeout || 120000
}
// 添加代理配置
const proxyAgent = createProxyAgent(proxy)
if (proxyAgent) {
// 只设置 httpsAgent因为目标 URL 是 HTTPS (cloudcode.googleapis.com)
axiosConfig.httpsAgent = proxyAgent
axiosConfig.proxy = false
logger.info(`🌐 Using proxy for Gemini API request: ${ProxyHelper.getProxyDescription(proxy)}`)
} else {
logger.debug('🌐 No proxy configured for Gemini API request')
@@ -384,14 +382,12 @@ async function getAvailableModels(accessToken, proxy, projectId, location = 'us-
headers: {
Authorization: `Bearer ${accessToken}`
},
timeout: config.requestTimeout || 600000
timeout: 30000
}
const proxyAgent = createProxyAgent(proxy)
if (proxyAgent) {
// 只设置 httpsAgent因为目标 URL 是 HTTPS (cloudcode.googleapis.com)
axiosConfig.httpsAgent = proxyAgent
axiosConfig.proxy = false
logger.info(
`🌐 Using proxy for Gemini models request: ${ProxyHelper.getProxyDescription(proxy)}`
)
@@ -486,15 +482,13 @@ async function countTokens({
'X-Goog-User-Project': projectId || undefined
},
data: requestBody,
timeout: config.requestTimeout || 600000
timeout: 30000
}
// 添加代理配置
const proxyAgent = createProxyAgent(proxy)
if (proxyAgent) {
// 只设置 httpsAgent因为目标 URL 是 HTTPS (cloudcode.googleapis.com)
axiosConfig.httpsAgent = proxyAgent
axiosConfig.proxy = false
logger.info(
`🌐 Using proxy for Gemini countTokens request: ${ProxyHelper.getProxyDescription(proxy)}`
)

753
src/services/ldapService.js
View File

@@ -1,753 +0,0 @@
const ldap = require('ldapjs')
const logger = require('../utils/logger')
const config = require('../../config/config')
const userService = require('./userService')
class LdapService {
constructor() {
this.config = config.ldap || {}
this.client = null
// 验证配置 - 只有在 LDAP 配置存在且启用时才验证
if (this.config && this.config.enabled) {
this.validateConfiguration()
}
}
// 🔍 验证LDAP配置
validateConfiguration() {
const errors = []
if (!this.config.server) {
errors.push('LDAP server configuration is missing')
} else {
if (!this.config.server.url || typeof this.config.server.url !== 'string') {
errors.push('LDAP server URL is not configured or invalid')
}
if (!this.config.server.bindDN || typeof this.config.server.bindDN !== 'string') {
errors.push('LDAP bind DN is not configured or invalid')
}
if (
!this.config.server.bindCredentials ||
typeof this.config.server.bindCredentials !== 'string'
) {
errors.push('LDAP bind credentials are not configured or invalid')
}
if (!this.config.server.searchBase || typeof this.config.server.searchBase !== 'string') {
errors.push('LDAP search base is not configured or invalid')
}
if (!this.config.server.searchFilter || typeof this.config.server.searchFilter !== 'string') {
errors.push('LDAP search filter is not configured or invalid')
}
}
if (errors.length > 0) {
logger.error('❌ LDAP configuration validation failed:', errors)
// Don't throw error during initialization, just log warnings
logger.warn('⚠️ LDAP authentication may not work properly due to configuration errors')
} else {
logger.info('✅ LDAP configuration validation passed')
}
}
// 🔍 提取LDAP条目的DN
extractDN(ldapEntry) {
if (!ldapEntry) {
return null
}
// Try different ways to get the DN
let dn = null
// Method 1: Direct dn property
if (ldapEntry.dn) {
;({ dn } = ldapEntry)
}
// Method 2: objectName property (common in some LDAP implementations)
else if (ldapEntry.objectName) {
dn = ldapEntry.objectName
}
// Method 3: distinguishedName property
else if (ldapEntry.distinguishedName) {
dn = ldapEntry.distinguishedName
}
// Method 4: Check if the entry itself is a DN string
else if (typeof ldapEntry === 'string' && ldapEntry.includes('=')) {
dn = ldapEntry
}
// Convert DN to string if it's an object
if (dn && typeof dn === 'object') {
if (dn.toString && typeof dn.toString === 'function') {
dn = dn.toString()
} else if (dn.dn && typeof dn.dn === 'string') {
;({ dn } = dn)
}
}
// Validate the DN format
if (typeof dn === 'string' && dn.trim() !== '' && dn.includes('=')) {
return dn.trim()
}
return null
}
// 🌐 从DN中提取域名用于Windows AD UPN格式认证
extractDomainFromDN(dnString) {
try {
if (!dnString || typeof dnString !== 'string') {
return null
}
// 提取所有DC组件DC=test,DC=demo,DC=com
const dcMatches = dnString.match(/DC=([^,]+)/gi)
if (!dcMatches || dcMatches.length === 0) {
return null
}
// 提取DC值并连接成域名
const domainParts = dcMatches.map((match) => {
const value = match.replace(/DC=/i, '').trim()
return value
})
if (domainParts.length > 0) {
const domain = domainParts.join('.')
logger.debug(`🌐 从DN提取域名: ${domain}`)
return domain
}
return null
} catch (error) {
logger.debug('⚠️ 域名提取失败:', error.message)
return null
}
}
// 🔗 创建LDAP客户端连接
createClient() {
try {
const clientOptions = {
url: this.config.server.url,
timeout: this.config.server.timeout,
connectTimeout: this.config.server.connectTimeout,
reconnect: true
}
// 如果使用 LDAPS (SSL/TLS),添加 TLS 选项
if (this.config.server.url.toLowerCase().startsWith('ldaps://')) {
const tlsOptions = {}
// 证书验证设置
if (this.config.server.tls) {
if (typeof this.config.server.tls.rejectUnauthorized === 'boolean') {
tlsOptions.rejectUnauthorized = this.config.server.tls.rejectUnauthorized
}
// CA 证书
if (this.config.server.tls.ca) {
tlsOptions.ca = this.config.server.tls.ca
}
// 客户端证书和私钥 (双向认证)
if (this.config.server.tls.cert) {
tlsOptions.cert = this.config.server.tls.cert
}
if (this.config.server.tls.key) {
tlsOptions.key = this.config.server.tls.key
}
// 服务器名称 (SNI)
if (this.config.server.tls.servername) {
tlsOptions.servername = this.config.server.tls.servername
}
}
clientOptions.tlsOptions = tlsOptions
logger.debug('🔒 Creating LDAPS client with TLS options:', {
url: this.config.server.url,
rejectUnauthorized: tlsOptions.rejectUnauthorized,
hasCA: !!tlsOptions.ca,
hasCert: !!tlsOptions.cert,
hasKey: !!tlsOptions.key,
servername: tlsOptions.servername
})
}
const client = ldap.createClient(clientOptions)
// 设置错误处理
client.on('error', (err) => {
if (err.code === 'CERT_HAS_EXPIRED' || err.code === 'UNABLE_TO_VERIFY_LEAF_SIGNATURE') {
logger.error('🔒 LDAP TLS certificate error:', {
code: err.code,
message: err.message,
hint: 'Consider setting LDAP_TLS_REJECT_UNAUTHORIZED=false for self-signed certificates'
})
} else {
logger.error('🔌 LDAP client error:', err)
}
})
client.on('connect', () => {
if (this.config.server.url.toLowerCase().startsWith('ldaps://')) {
logger.info('🔒 LDAPS client connected successfully')
} else {
logger.info('🔗 LDAP client connected successfully')
}
})
client.on('connectTimeout', () => {
logger.warn('⏱️ LDAP connection timeout')
})
return client
} catch (error) {
logger.error('❌ Failed to create LDAP client:', error)
throw error
}
}
// 🔒 绑定LDAP连接管理员认证
async bindClient(client) {
return new Promise((resolve, reject) => {
// 验证绑定凭据
const { bindDN } = this.config.server
const { bindCredentials } = this.config.server
if (!bindDN || typeof bindDN !== 'string') {
const error = new Error('LDAP bind DN is not configured or invalid')
logger.error('❌ LDAP configuration error:', error.message)
reject(error)
return
}
if (!bindCredentials || typeof bindCredentials !== 'string') {
const error = new Error('LDAP bind credentials are not configured or invalid')
logger.error('❌ LDAP configuration error:', error.message)
reject(error)
return
}
client.bind(bindDN, bindCredentials, (err) => {
if (err) {
logger.error('❌ LDAP bind failed:', err)
reject(err)
} else {
logger.debug('🔑 LDAP bind successful')
resolve()
}
})
})
}
// 🔍 搜索用户
async searchUser(client, username) {
return new Promise((resolve, reject) => {
// 防止LDAP注入转义特殊字符
// 根据RFC 4515需要转义的特殊字符* ( ) \ NUL
const escapedUsername = username
.replace(/\\/g, '\\5c') // 反斜杠必须先转义
.replace(/\*/g, '\\2a') // 星号
.replace(/\(/g, '\\28') // 左括号
.replace(/\)/g, '\\29') // 右括号
.replace(/\0/g, '\\00') // NUL字符
.replace(/\//g, '\\2f') // 斜杠
const searchFilter = this.config.server.searchFilter.replace('{{username}}', escapedUsername)
const searchOptions = {
scope: 'sub',
filter: searchFilter,
attributes: this.config.server.searchAttributes
}
logger.debug(`🔍 Searching for user: ${username} with filter: ${searchFilter}`)
const entries = []
client.search(this.config.server.searchBase, searchOptions, (err, res) => {
if (err) {
logger.error('❌ LDAP search error:', err)
reject(err)
return
}
res.on('searchEntry', (entry) => {
logger.debug('🔍 LDAP search entry received:', {
dn: entry.dn,
objectName: entry.objectName,
type: typeof entry.dn,
entryType: typeof entry,
hasAttributes: !!entry.attributes,
attributeCount: entry.attributes ? entry.attributes.length : 0
})
entries.push(entry)
})
res.on('searchReference', (referral) => {
logger.debug('🔗 LDAP search referral:', referral.uris)
})
res.on('error', (error) => {
logger.error('❌ LDAP search result error:', error)
reject(error)
})
res.on('end', (result) => {
logger.debug(
`✅ LDAP search completed. Status: ${result.status}, Found ${entries.length} entries`
)
if (entries.length === 0) {
resolve(null)
} else {
// Log the structure of the first entry for debugging
if (entries[0]) {
logger.debug('🔍 Full LDAP entry structure:', {
entryType: typeof entries[0],
entryConstructor: entries[0].constructor?.name,
entryKeys: Object.keys(entries[0]),
entryStringified: JSON.stringify(entries[0], null, 2).substring(0, 500)
})
}
if (entries.length === 1) {
resolve(entries[0])
} else {
logger.warn(`⚠️ Multiple LDAP entries found for username: ${username}`)
resolve(entries[0]) // 使用第一个结果
}
}
})
})
})
}
// 🔐 验证用户密码
async authenticateUser(userDN, password) {
return new Promise((resolve, reject) => {
// 验证输入参数
if (!userDN || typeof userDN !== 'string') {
const error = new Error('User DN is not provided or invalid')
logger.error('❌ LDAP authentication error:', error.message)
reject(error)
return
}
if (!password || typeof password !== 'string') {
logger.debug(`🚫 Invalid or empty password for DN: ${userDN}`)
resolve(false)
return
}
const authClient = this.createClient()
authClient.bind(userDN, password, (err) => {
authClient.unbind() // 立即关闭认证客户端
if (err) {
if (err.name === 'InvalidCredentialsError') {
logger.debug(`🚫 Invalid credentials for DN: ${userDN}`)
resolve(false)
} else {
logger.error('❌ LDAP authentication error:', err)
reject(err)
}
} else {
logger.debug(`✅ Authentication successful for DN: ${userDN}`)
resolve(true)
}
})
})
}
// 🔐 Windows AD兼容认证 - 在DN认证失败时尝试多种格式
async tryWindowsADAuthentication(username, password) {
if (!username || !password) {
return false
}
// 从searchBase提取域名
const domain = this.extractDomainFromDN(this.config.server.searchBase)
const adFormats = []
if (domain) {
// UPN格式Windows AD标准
adFormats.push(`${username}@${domain}`)
// 如果域名有多个部分,也尝试简化版本
const domainParts = domain.split('.')
if (domainParts.length > 1) {
adFormats.push(`${username}@${domainParts.slice(-2).join('.')}`) // 只取后两部分
}
// 域\用户名格式
const firstDomainPart = domainParts[0]
if (firstDomainPart) {
adFormats.push(`${firstDomainPart}\\${username}`)
adFormats.push(`${firstDomainPart.toUpperCase()}\\${username}`)
}
}
// 纯用户名(最后尝试)
adFormats.push(username)
logger.info(`🔄 尝试 ${adFormats.length} 种Windows AD认证格式...`)
for (const format of adFormats) {
try {
logger.info(`🔍 尝试格式: ${format}`)
const result = await this.tryDirectBind(format, password)
if (result) {
logger.info(`✅ Windows AD认证成功: ${format}`)
return true
}
logger.debug(`❌ 认证失败: ${format}`)
} catch (error) {
logger.debug(`认证异常 ${format}:`, error.message)
}
}
logger.info(`🚫 所有Windows AD格式认证都失败了`)
return false
}
// 🔐 直接尝试绑定认证的辅助方法
async tryDirectBind(identifier, password) {
return new Promise((resolve, reject) => {
const authClient = this.createClient()
authClient.bind(identifier, password, (err) => {
authClient.unbind()
if (err) {
if (err.name === 'InvalidCredentialsError') {
resolve(false)
} else {
reject(err)
}
} else {
resolve(true)
}
})
})
}
// 📝 提取用户信息
extractUserInfo(ldapEntry, username) {
try {
const attributes = ldapEntry.attributes || []
const userInfo = { username }
// 创建属性映射
const attrMap = {}
attributes.forEach((attr) => {
const name = attr.type || attr.name
const values = Array.isArray(attr.values) ? attr.values : [attr.values]
attrMap[name] = values.length === 1 ? values[0] : values
})
// 根据配置映射用户属性
const mapping = this.config.userMapping
userInfo.displayName = attrMap[mapping.displayName] || username
userInfo.email = attrMap[mapping.email] || ''
userInfo.firstName = attrMap[mapping.firstName] || ''
userInfo.lastName = attrMap[mapping.lastName] || ''
// 如果没有displayName尝试组合firstName和lastName
if (!userInfo.displayName || userInfo.displayName === username) {
if (userInfo.firstName || userInfo.lastName) {
userInfo.displayName = `${userInfo.firstName || ''} ${userInfo.lastName || ''}`.trim()
}
}
logger.debug('📋 Extracted user info:', {
username: userInfo.username,
displayName: userInfo.displayName,
email: userInfo.email
})
return userInfo
} catch (error) {
logger.error('❌ Error extracting user info:', error)
return { username }
}
}
// 🔍 验证和清理用户名
validateAndSanitizeUsername(username) {
if (!username || typeof username !== 'string' || username.trim() === '') {
throw new Error('Username is required and must be a non-empty string')
}
const trimmedUsername = username.trim()
// 用户名只能包含字母、数字、下划线和连字符
const usernameRegex = /^[a-zA-Z0-9_-]+$/
if (!usernameRegex.test(trimmedUsername)) {
throw new Error('Username can only contain letters, numbers, underscores, and hyphens')
}
// 长度限制 (防止过长的输入)
if (trimmedUsername.length > 64) {
throw new Error('Username cannot exceed 64 characters')
}
// 不能以连字符开头或结尾
if (trimmedUsername.startsWith('-') || trimmedUsername.endsWith('-')) {
throw new Error('Username cannot start or end with a hyphen')
}
return trimmedUsername
}
// 🔐 主要的登录验证方法
async authenticateUserCredentials(username, password) {
if (!this.config.enabled) {
throw new Error('LDAP authentication is not enabled')
}
// 验证和清理用户名 (防止LDAP注入)
const sanitizedUsername = this.validateAndSanitizeUsername(username)
if (!password || typeof password !== 'string' || password.trim() === '') {
throw new Error('Password is required and must be a non-empty string')
}
// 验证LDAP服务器配置
if (!this.config.server || !this.config.server.url) {
throw new Error('LDAP server URL is not configured')
}
if (!this.config.server.bindDN || typeof this.config.server.bindDN !== 'string') {
throw new Error('LDAP bind DN is not configured')
}
if (
!this.config.server.bindCredentials ||
typeof this.config.server.bindCredentials !== 'string'
) {
throw new Error('LDAP bind credentials are not configured')
}
if (!this.config.server.searchBase || typeof this.config.server.searchBase !== 'string') {
throw new Error('LDAP search base is not configured')
}
const client = this.createClient()
try {
// 1. 使用管理员凭据绑定
await this.bindClient(client)
// 2. 搜索用户 (使用已验证的用户名)
const ldapEntry = await this.searchUser(client, sanitizedUsername)
if (!ldapEntry) {
logger.info(`🚫 User not found in LDAP: ${sanitizedUsername}`)
return { success: false, message: 'Invalid username or password' }
}
// 3. 获取用户DN
logger.debug('🔍 LDAP entry details for DN extraction:', {
hasEntry: !!ldapEntry,
entryType: typeof ldapEntry,
entryKeys: Object.keys(ldapEntry || {}),
dn: ldapEntry.dn,
objectName: ldapEntry.objectName,
dnType: typeof ldapEntry.dn,
objectNameType: typeof ldapEntry.objectName
})
// Use the helper method to extract DN
const userDN = this.extractDN(ldapEntry)
logger.debug(`👤 Extracted user DN: ${userDN} (type: ${typeof userDN})`)
// 验证用户DN
if (!userDN) {
logger.error(`❌ Invalid or missing DN for user: ${sanitizedUsername}`, {
ldapEntryDn: ldapEntry.dn,
ldapEntryObjectName: ldapEntry.objectName,
ldapEntryType: typeof ldapEntry,
extractedDN: userDN
})
return { success: false, message: 'Authentication service error' }
}
// 4. 验证用户密码 - 支持传统LDAP和Windows AD
let isPasswordValid = false
// 首先尝试传统的DN认证保持原有LDAP逻辑
try {
isPasswordValid = await this.authenticateUser(userDN, password)
if (isPasswordValid) {
logger.info(`✅ DN authentication successful for user: ${sanitizedUsername}`)
}
} catch (error) {
logger.debug(
`DN authentication failed for user: ${sanitizedUsername}, error: ${error.message}`
)
}
// 如果DN认证失败尝试Windows AD多格式认证
if (!isPasswordValid) {
logger.debug(`🔄 Trying Windows AD authentication formats for user: ${sanitizedUsername}`)
isPasswordValid = await this.tryWindowsADAuthentication(sanitizedUsername, password)
if (isPasswordValid) {
logger.info(`✅ Windows AD authentication successful for user: ${sanitizedUsername}`)
}
}
if (!isPasswordValid) {
logger.info(`🚫 All authentication methods failed for user: ${sanitizedUsername}`)
return { success: false, message: 'Invalid username or password' }
}
// 5. 提取用户信息
const userInfo = this.extractUserInfo(ldapEntry, sanitizedUsername)
// 6. 创建或更新本地用户
const user = await userService.createOrUpdateUser(userInfo)
// 7. 检查用户是否被禁用
if (!user.isActive) {
logger.security(
`🔒 Disabled user LDAP login attempt: ${sanitizedUsername} from LDAP authentication`
)
return {
success: false,
message: 'Your account has been disabled. Please contact administrator.'
}
}
// 8. 记录登录
await userService.recordUserLogin(user.id)
// 9. 创建用户会话
const sessionToken = await userService.createUserSession(user.id)
logger.info(`✅ LDAP authentication successful for user: ${sanitizedUsername}`)
return {
success: true,
user,
sessionToken,
message: 'Authentication successful'
}
} catch (error) {
// 记录详细错误供调试,但不向用户暴露
logger.error('❌ LDAP authentication error:', {
username: sanitizedUsername,
error: error.message,
stack: process.env.NODE_ENV === 'development' ? error.stack : undefined
})
// 返回通用错误消息,避免信息泄露
// 不要尝试解析具体的错误信息因为不同LDAP服务器返回的格式不同
return {
success: false,
message: 'Authentication service unavailable'
}
} finally {
// 确保客户端连接被关闭
if (client) {
client.unbind((err) => {
if (err) {
logger.debug('Error unbinding LDAP client:', err)
}
})
}
}
}
// 🔍 测试LDAP连接
async testConnection() {
if (!this.config.enabled) {
return { success: false, message: 'LDAP is not enabled' }
}
const client = this.createClient()
try {
await this.bindClient(client)
return {
success: true,
message: 'LDAP connection successful',
server: this.config.server.url,
searchBase: this.config.server.searchBase
}
} catch (error) {
logger.error('❌ LDAP connection test failed:', {
error: error.message,
server: this.config.server.url,
stack: process.env.NODE_ENV === 'development' ? error.stack : undefined
})
// 提供通用错误消息,避免泄露系统细节
let userMessage = 'LDAP connection failed'
// 对于某些已知错误类型,提供有用但不泄露细节的信息
if (error.code === 'ECONNREFUSED') {
userMessage = 'Unable to connect to LDAP server'
} else if (error.code === 'ETIMEDOUT') {
userMessage = 'LDAP server connection timeout'
} else if (error.name === 'InvalidCredentialsError') {
userMessage = 'LDAP bind credentials are invalid'
}
return {
success: false,
message: userMessage,
server: this.config.server.url.replace(/:[^:]*@/, ':***@') // 隐藏密码部分
}
} finally {
if (client) {
client.unbind((err) => {
if (err) {
logger.debug('Error unbinding test LDAP client:', err)
}
})
}
}
}
// 📊 获取LDAP配置信息不包含敏感信息
getConfigInfo() {
const configInfo = {
enabled: this.config.enabled,
server: {
url: this.config.server.url,
searchBase: this.config.server.searchBase,
searchFilter: this.config.server.searchFilter,
timeout: this.config.server.timeout,
connectTimeout: this.config.server.connectTimeout
},
userMapping: this.config.userMapping
}
// 添加 TLS 配置信息(不包含敏感数据)
if (this.config.server.url.toLowerCase().startsWith('ldaps://') && this.config.server.tls) {
configInfo.server.tls = {
rejectUnauthorized: this.config.server.tls.rejectUnauthorized,
hasCA: !!this.config.server.tls.ca,
hasCert: !!this.config.server.tls.cert,
hasKey: !!this.config.server.tls.key,
servername: this.config.server.tls.servername
}
}
return configInfo
}
}
module.exports = new LdapService()

Some files were not shown because too many files have changed in this diff Show More