🔐 fix(oauth): stop authorize flow from bouncing to /console; respect next and redirect unauthenticated users to consent

Problem - Starting OAuth from Discourse hit GET /api/oauth/authorize and 302’d to /login?next=/oauth/consent… - The login page and AuthRedirect always navigated to /console when a session existed, ignoring next, which aborted the OAuth flow and dropped users in the console. Changes - Backend (src/oauth/server.go) - When not logged in, redirect directly to /oauth/consent?<original_query> instead of /login?next=… - Keep no-store headers; preserve the original authorize querystring. - Frontend - web/src/helpers/auth.jsx: AuthRedirect now honors the login page’s next query param and only redirects to safe internal paths (starts with “/”, not “//”); otherwise falls back to /console. - web/src/components/auth/LoginForm.jsx: After successful login and after 2FA success, navigate to next when present and safe; otherwise go to /console. Result - The OAuth authorize flow now reliably reaches the consent screen. - On approval, the server issues an authorization code and 302’s back to the client’s redirect_uri (e.g., Discourse), completing SSO as expected. Security - Sanitize next to avoid open-redirects by allowing only same-origin internal paths. Compatibility - No behavior change for normal username/password sign-ins outside the OAuth flow. - No changes to token/userinfo endpoints. Testing - Manually verified end-to-end with Discourse OAuth2 Basic: - authorize → consent → approve → redirect with code - Lint checks pass for modified files.
🔐 fix(oauth2): initialize JWKS on first key creation; prevent nil panic and set current key
2026-03-31 05:49:57 +00:00 · 2025-09-25 13:02:40 +08:00 · 2025-09-23 05:08:51 +08:00 · 2025-09-23 04:15:59 +08:00 · 2025-09-23 04:01:48 +08:00 · 2025-09-23 03:49:53 +08:00
223 changed files with 8515 additions and 17406 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report_en.md
+++ b/.github/ISSUE_TEMPLATE/bug_report_en.md
@@ -1,26 +0,0 @@
---
-name: Bug Report
-about: Describe the issue you encountered with clear and detailed language
-title: ''
-labels: bug
-assignees: ''
-
---
-
-**Routine Checks**
-
-[//]: # (Remove the space in the box and fill with an x)
-+ [ ] I have confirmed there are no similar issues currently
-+ [ ] I have confirmed I have upgraded to the latest version
-+ [ ] I have thoroughly read the project README, especially the FAQ section
-+ [ ] I understand and am willing to follow up on this issue, assist with testing and provide feedback 
-+ [ ] I understand and acknowledge the above, and understand that project maintainers have limited time and energy, **issues that do not follow the rules may be ignored or closed directly**
-
-**Issue Description**
-
-**Steps to Reproduce**
-
-**Expected Result**
-
-**Related Screenshots**
-If none, please delete this section.
--- a/.github/ISSUE_TEMPLATE/feature_request_en.md
+++ b/.github/ISSUE_TEMPLATE/feature_request_en.md
@@ -1,22 +0,0 @@
---
-name: Feature Request
-about: Describe the new feature you would like to add with clear and detailed language
-title: ''
-labels: enhancement
-assignees: ''
-
---
-
-**Routine Checks**
-
-[//]: # (Remove the space in the box and fill with an x)
-+ [ ] I have confirmed there are no similar issues currently
-+ [ ] I have confirmed I have upgraded to the latest version
-+ [ ] I have thoroughly read the project README and confirmed the current version cannot meet my needs
-+ [ ] I understand and am willing to follow up on this issue, assist with testing and provide feedback
-+ [ ] I understand and acknowledge the above, and understand that project maintainers have limited time and energy, **issues that do not follow the rules may be ignored or closed directly**
-
-**Feature Description**
-
-**Use Case**
-
--- a/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md
+++ b/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md
@@ -13,3 +13,7 @@
 ### PR 描述

 **请在下方详细描述您的 PR，包括目的、实现细节等。**
+
+### **重要提示**
+
+**所有 PR 都必须提交到 `alpha` 分支。请确保您的 PR 目标分支是 `alpha`。**
--- a/.github/workflows/electron-build.yml
+++ b/.github/workflows/electron-build.yml
@@ -1,142 +0,0 @@
-name: Build Electron App
-
-on:
-  push:
-    tags:
-      - '*'  # Triggers on version tags like v1.0.0
-  workflow_dispatch:  # Allows manual triggering
-
-jobs:
-  build:
-    strategy:
-      matrix:
-        # os: [macos-latest, windows-latest]
-        os: [windows-latest]
-
-    runs-on: ${{ matrix.os }}
-    defaults:
-      run:
-        shell: bash
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Setup Bun
-        uses: oven-sh/setup-bun@v2
-        with:
-          bun-version: latest
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-
-      - name: Setup Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: '>=1.18.0'
-
-      - name: Build frontend
-        env:
-          CI: ""
-          NODE_OPTIONS: "--max-old-space-size=4096"
-        run: |
-          cd web
-          bun install
-          DISABLE_ESLINT_PLUGIN='true' VITE_REACT_APP_VERSION=$(git describe --tags) bun run build
-          cd ..
-
-      # - name: Build Go binary (macos/Linux)
-      #   if: runner.os != 'Windows'
-      #   run: |
-      #     go mod download
-      #     go build -ldflags "-s -w -X 'one-api/common.Version=$(git describe --tags)' -extldflags '-static'" -o new-api
-
-      - name: Build Go binary (Windows)
-        if: runner.os == 'Windows'
-        run: |
-          go mod download
-          go build -ldflags "-s -w -X 'one-api/common.Version=$(git describe --tags)'" -o new-api.exe
-
-      - name: Update Electron version
-        run: |
-          cd electron
-          VERSION=$(git describe --tags)
-          VERSION=${VERSION#v}  # Remove 'v' prefix if present
-          # Convert to valid semver: take first 3 components and convert rest to prerelease format
-          # e.g., 0.9.3-patch.1 -> 0.9.3-patch.1
-          if [[ $VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)(.*)$ ]]; then
-            MAJOR=${BASH_REMATCH[1]}
-            MINOR=${BASH_REMATCH[2]}
-            PATCH=${BASH_REMATCH[3]}
-            REST=${BASH_REMATCH[4]}
-          
-            VERSION="$MAJOR.$MINOR.$PATCH"
-          
-            # If there's extra content, append it without adding -dev
-            if [[ -n "$REST" ]]; then
-              VERSION="$VERSION$REST"
-            fi
-          fi
-          npm version $VERSION --no-git-tag-version --allow-same-version
-
-      - name: Install Electron dependencies
-        run: |
-          cd electron
-          npm install
-
-      # - name: Build Electron app (macOS)
-      #   if: runner.os == 'macOS'
-      #   run: |
-      #     cd electron
-      #     npm run build:mac
-      #   env:
-      #     CSC_IDENTITY_AUTO_DISCOVERY: false  # Skip code signing
-
-      - name: Build Electron app (Windows)
-        if: runner.os == 'Windows'
-        run: |
-          cd electron
-          npm run build:win
-
-      # - name: Upload artifacts (macOS)
-      #   if: runner.os == 'macOS'
-      #   uses: actions/upload-artifact@v4
-      #   with:
-      #     name: macos-build
-      #     path: |
-      #       electron/dist/*.dmg
-      #       electron/dist/*.zip
-
-      - name: Upload artifacts (Windows)
-        if: runner.os == 'Windows'
-        uses: actions/upload-artifact@v4
-        with:
-          name: windows-build
-          path: |
-            electron/dist/*.exe
-
-  release:
-    needs: build
-    runs-on: ubuntu-latest
-    if: startsWith(github.ref, 'refs/tags/')
-    permissions:
-      contents: write
-
-    steps:
-      - name: Download all artifacts
-        uses: actions/download-artifact@v4
-
-      - name: Create Release
-        uses: softprops/action-gh-release@v2
-        with:
-          files: |
-            windows-build/*
-          draft: false
-          prerelease: false
-          overwrite_files: true
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/linux-release.yml
+++ b/.github/workflows/linux-release.yml
@@ -38,22 +38,21 @@ jobs:
      - name: Build Backend (amd64)
        run: |
          go mod download
-          VERSION=$(git describe --tags)
-          go build -ldflags "-s -w -X 'one-api/common.Version=$VERSION' -extldflags '-static'" -o new-api-$VERSION
+          go build -ldflags "-s -w -X 'one-api/common.Version=$(git describe --tags)' -extldflags '-static'" -o one-api

      - name: Build Backend (arm64)
        run: |
          sudo apt-get update
          DEBIAN_FRONTEND=noninteractive sudo apt-get install -y gcc-aarch64-linux-gnu
-          VERSION=$(git describe --tags)
-          CC=aarch64-linux-gnu-gcc CGO_ENABLED=1 GOOS=linux GOARCH=arm64 go build -ldflags "-s -w -X 'one-api/common.Version=$VERSION' -extldflags '-static'" -o new-api-arm64-$VERSION
+          CC=aarch64-linux-gnu-gcc CGO_ENABLED=1 GOOS=linux GOARCH=arm64 go build -ldflags "-s -w -X 'one-api/common.Version=$(git describe --tags)' -extldflags '-static'" -o one-api-arm64

      - name: Release
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@v1
        if: startsWith(github.ref, 'refs/tags/')
        with:
          files: |
-            new-api-*
+            one-api
+            one-api-arm64
          draft: true
          generate_release_notes: true
        env:
--- a/.github/workflows/macos-release.yml
+++ b/.github/workflows/macos-release.yml
@@ -39,13 +39,12 @@ jobs:
      - name: Build Backend
        run: |
          go mod download
-          VERSION=$(git describe --tags)
-          go build -ldflags "-X 'one-api/common.Version=$VERSION'" -o new-api-macos-$VERSION
+          go build -ldflags "-X 'one-api/common.Version=$(git describe --tags)'" -o one-api-macos
      - name: Release
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@v1
        if: startsWith(github.ref, 'refs/tags/')
        with:
-          files: new-api-macos-*
+          files: one-api-macos
          draft: true
          generate_release_notes: true
        env:
--- a/.github/workflows/windows-release.yml
+++ b/.github/workflows/windows-release.yml
@@ -41,13 +41,12 @@ jobs:
      - name: Build Backend
        run: |
          go mod download
-          VERSION=$(git describe --tags)
-          go build -ldflags "-s -w -X 'one-api/common.Version=$VERSION'" -o new-api-$VERSION.exe
+          go build -ldflags "-s -w -X 'one-api/common.Version=$(git describe --tags)'" -o one-api.exe
      - name: Release
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@v1
        if: startsWith(github.ref, 'refs/tags/')
        with:
-          files: new-api-*.exe
+          files: one-api.exe
          draft: true
          generate_release_notes: true
        env:
--- a/.gitignore
+++ b/.gitignore
@@ -9,10 +9,6 @@ logs
 web/dist
 .env
 one-api
-new-api
 .DS_Store
 tiktoken_cache
-.eslintcache
-
-electron/node_modules
-electron/dist
+.eslintcache
--- a/README.en.md
+++ b/README.en.md
@@ -1,10 +1,6 @@
 <p align="right">
-   <a href="./README.md">中文</a> | <strong>English</strong> | <a href="./README.fr.md">Français</a> | <a href="./README.ja.md">日本語</a>
+   <a href="./README.md">中文</a> | <strong>English</strong>
 </p>
-
-> [!NOTE]
-> **MT (Machine Translation)**: This document is machine translated. For the most accurate information, please refer to the [Chinese version](./README.md).
-
 <div align="center">

 ![new-api](/web/public/logo.png)
@@ -79,7 +75,7 @@ New API offers a wide range of features, please refer to [Features Introduction]

 1. 🎨 Brand new UI interface
 2. 🌍 Multi-language support
-3. 💰 Online recharge functionality, currently supports EPay and Stripe
+3. 💰 Online recharge functionality (YiPay)
 4. 🔍 Support for querying usage quotas with keys (works with [neko-api-key-tool](https://github.com/Calcium-Ion/neko-api-key-tool))
 5. 🔄 Compatible with the original One API database
 6. 💵 Support for pay-per-use model pricing
@@ -89,23 +85,18 @@ New API offers a wide range of features, please refer to [Features Introduction]
 10. 🤖 Support for more authorization login methods (LinuxDO, Telegram, OIDC)
 11. 🔄 Support for Rerank models (Cohere and Jina), [API Documentation](https://docs.newapi.pro/api/jinaai-rerank)
 12. ⚡ Support for OpenAI Realtime API (including Azure channels), [API Documentation](https://docs.newapi.pro/api/openai-realtime)
-13. ⚡ Support for **OpenAI Responses** format, [API Documentation](https://docs.newapi.pro/api/openai-responses)
-14. ⚡ Support for **Claude Messages** format, [API Documentation](https://docs.newapi.pro/api/anthropic-chat)
-15. ⚡ Support for **Google Gemini** format, [API Documentation](https://docs.newapi.pro/api/google-gemini-chat/)
-16. 🧠 Support for setting reasoning effort through model name suffixes:
+13. ⚡ Support for Claude Messages format, [API Documentation](https://docs.newapi.pro/api/anthropic-chat)
+14. Support for entering chat interface via /chat2link route
+15. 🧠 Support for setting reasoning effort through model name suffixes:
    1. OpenAI o-series models
        - Add `-high` suffix for high reasoning effort (e.g.: `o3-mini-high`)
        - Add `-medium` suffix for medium reasoning effort (e.g.: `o3-mini-medium`)
        - Add `-low` suffix for low reasoning effort (e.g.: `o3-mini-low`)
    2. Claude thinking models
        - Add `-thinking` suffix to enable thinking mode (e.g.: `claude-3-7-sonnet-20250219-thinking`)
-17. 🔄 Thinking-to-content functionality
-18. 🔄 Model rate limiting for users
-19. 🔄 Request format conversion functionality, supporting the following three format conversions:
-    1. OpenAI Chat Completions => Claude Messages
-    2. Claude Messages => OpenAI Chat Completions (can be used for Claude Code to call third-party models)
-    3. OpenAI Chat Completions => Gemini Chat
-20. 💰 Cache billing support, which allows billing at a set ratio when cache is hit:
+16. 🔄 Thinking-to-content functionality
+17. 🔄 Model rate limiting for users
+18. 💰 Cache billing support, which allows billing at a set ratio when cache is hit:
    1. Set the `Prompt Cache Ratio` option in `System Settings-Operation Settings`
    2. Set `Prompt Cache Ratio` in the channel, range 0-1, e.g., setting to 0.5 means billing at 50% when cache is hit
    3. Supported channels:
@@ -124,9 +115,7 @@ This version supports multiple models, please refer to [API Documentation-Relay
 4. Custom channels, supporting full call address input
 5. Rerank models ([Cohere](https://cohere.ai/) and [Jina](https://jina.ai/)), [API Documentation](https://docs.newapi.pro/api/jinaai-rerank)
 6. Claude Messages format, [API Documentation](https://docs.newapi.pro/api/anthropic-chat)
-7. Google Gemini format, [API Documentation](https://docs.newapi.pro/api/google-gemini-chat/)
-8. Dify, currently only supports chatflow
-9. For more interfaces, please refer to [API Documentation](https://docs.newapi.pro/api)
+7. Dify, currently only supports chatflow

 ## Environment Variable Configuration

@@ -135,12 +124,14 @@ For detailed configuration instructions, please refer to [Installation Guide-Env
 - `GENERATE_DEFAULT_TOKEN`: Whether to generate initial tokens for newly registered users, default is `false`
 - `STREAMING_TIMEOUT`: Streaming response timeout, default is 300 seconds
 - `DIFY_DEBUG`: Whether to output workflow and node information for Dify channels, default is `true`
+- `FORCE_STREAM_OPTION`: Whether to override client stream_options parameter, default is `true`
 - `GET_MEDIA_TOKEN`: Whether to count image tokens, default is `true`
 - `GET_MEDIA_TOKEN_NOT_STREAM`: Whether to count image tokens in non-streaming cases, default is `true`
 - `UPDATE_TASK`: Whether to update asynchronous tasks (Midjourney, Suno), default is `true`
+- `COHERE_SAFETY_SETTING`: Cohere model safety settings, options are `NONE`, `CONTEXTUAL`, `STRICT`, default is `NONE`
 - `GEMINI_VISION_MAX_IMAGE_NUM`: Maximum number of images for Gemini models, default is `16`
 - `MAX_FILE_DOWNLOAD_MB`: Maximum file download size in MB, default is `20`
- `CRYPTO_SECRET`: Encryption key used for encrypting Redis database content
+- `CRYPTO_SECRET`: Encryption key used for encrypting database content
 - `AZURE_DEFAULT_API_VERSION`: Azure channel default API version, default is `2025-04-01-preview`
 - `NOTIFICATION_LIMIT_DURATION_MINUTE`: Notification limit duration, default is `10` minutes
 - `NOTIFY_LIMIT_COUNT`: Maximum number of user notifications within the specified duration, default is `2`
@@ -187,7 +178,7 @@ docker run --name new-api -d --restart always -p 3000:3000 -e SQL_DSN="root:1234
 ```

 ## Channel Retry and Cache
-Channel retry functionality has been implemented, you can set the number of retries in `Settings->Operation Settings->General Settings->Failure Retry Count`, **recommended to enable caching** functionality.
+Channel retry functionality has been implemented, you can set the number of retries in `Settings->Operation Settings->General Settings`. It is **recommended to enable caching**.

 ### Cache Configuration Method
 1. `REDIS_CONN_STRING`: Set Redis as cache
@@ -197,21 +188,21 @@ Channel retry functionality has been implemented, you can set the number of retr

 For detailed API documentation, please refer to [API Documentation](https://docs.newapi.pro/api):

- [Chat API (Chat Completions)](https://docs.newapi.pro/api/openai-chat)
- [Response API (Responses)](https://docs.newapi.pro/api/openai-responses)
- [Image API (Image)](https://docs.newapi.pro/api/openai-image)
- [Rerank API (Rerank)](https://docs.newapi.pro/api/jinaai-rerank)
- [Realtime Chat API (Realtime)](https://docs.newapi.pro/api/openai-realtime)
- [Claude Chat API](https://docs.newapi.pro/api/anthropic-chat)
- [Google Gemini Chat API](https://docs.newapi.pro/api/google-gemini-chat)
+- [Chat API](https://docs.newapi.pro/api/openai-chat)
+- [Image API](https://docs.newapi.pro/api/openai-image)
+- [Rerank API](https://docs.newapi.pro/api/jinaai-rerank)
+- [Realtime API](https://docs.newapi.pro/api/openai-realtime)
+- [Claude Chat API (messages)](https://docs.newapi.pro/api/anthropic-chat)

 ## Related Projects
 - [One API](https://github.com/songquanpeng/one-api): Original project
 - [Midjourney-Proxy](https://github.com/novicezk/midjourney-proxy): Midjourney interface support
+- [chatnio](https://github.com/Deeptrain-Community/chatnio): Next-generation AI one-stop B/C-end solution
 - [neko-api-key-tool](https://github.com/Calcium-Ion/neko-api-key-tool): Query usage quota with key

 Other projects based on New API:
 - [new-api-horizon](https://github.com/Calcium-Ion/new-api-horizon): High-performance optimized version of New API
+- [VoAPI](https://github.com/VoAPI/VoAPI): Frontend beautified version based on New API

 ## Help and Support

--- a/README.fr.md
+++ b/README.fr.md
@@ -1,225 +0,0 @@
-<p align="right">
-   <a href="./README.md">中文</a> | <a href="./README.en.md">English</a> | <strong>Français</strong> | <a href="./README.ja.md">日本語</a>
-</p>
-
-> [!NOTE]
-> **MT (Traduction Automatique)**: Ce document est traduit automatiquement. Pour les informations les plus précises, veuillez vous référer à la [version chinoise](./README.md).
-
-<div align="center">
-
-![new-api](/web/public/logo.png)
-
-# New API
-
-🍥 Passerelle de modèles étendus de nouvelle génération et système de gestion d'actifs d'IA
-
-<a href="https://trendshift.io/repositories/8227" target="_blank"><img src="https://trendshift.io/api/badge/repositories/8227" alt="Calcium-Ion%2Fnew-api | Trendshift" style="width: 250px; height: 55px;" width="250" height="55"/></a>
-
-<p align="center">
-  <a href="https://raw.githubusercontent.com/Calcium-Ion/new-api/main/LICENSE">
-    <img src="https://img.shields.io/github/license/Calcium-Ion/new-api?color=brightgreen" alt="licence">
-  </a>
-  <a href="https://github.com/Calcium-Ion/new-api/releases/latest">
-    <img src="https://img.shields.io/github/v/release/Calcium-Ion/new-api?color=brightgreen&include_prereleases" alt="version">
-  </a>
-  <a href="https://github.com/users/Calcium-Ion/packages/container/package/new-api">
-    <img src="https://img.shields.io/badge/docker-ghcr.io-blue" alt="docker">
-  </a>
-  <a href="https://hub.docker.com/r/CalciumIon/new-api">
-    <img src="https://img.shields.io/badge/docker-dockerHub-blue" alt="docker">
-  </a>
-  <a href="https://goreportcard.com/report/github.com/Calcium-Ion/new-api">
-    <img src="https://goreportcard.com/badge/github.com/Calcium-Ion/new-api" alt="GoReportCard">
-  </a>
-</p>
-</div>
-
-## 📝 Description du projet
-
-> [!NOTE]
-> Il s'agit d'un projet open-source développé sur la base de [One API](https://github.com/songquanpeng/one-api)
-
-> [!IMPORTANT]
-> - Ce projet est uniquement destiné à des fins d'apprentissage personnel, sans garantie de stabilité ni de support technique.
-> - Les utilisateurs doivent se conformer aux [Conditions d'utilisation](https://openai.com/policies/terms-of-use) d'OpenAI et aux **lois et réglementations applicables**, et ne doivent pas l'utiliser à des fins illégales.
-> - Conformément aux [《Mesures provisoires pour la gestion des services d'intelligence artificielle générative》](http://www.cac.gov.cn/2023-07/13/c_1690898327029107.htm), veuillez ne fournir aucun service d'IA générative non enregistré au public en Chine.
-
-<h2>🤝 Partenaires de confiance</h2>
-<p id="premium-sponsors">&nbsp;</p>
-<p align="center"><strong>Sans ordre particulier</strong></p>
-<p align="center">
-  <a href="https://www.cherry-ai.com/" target=_blank><img
-    src="./docs/images/cherry-studio.png" alt="Cherry Studio" height="120"
-  /></a>
-  <a href="https://bda.pku.edu.cn/" target=_blank><img
-    src="./docs/images/pku.png" alt="Université de Pékin" height="120"
-  /></a>
-  <a href="https://www.compshare.cn/?ytag=GPU_yy_gh_newapi" target=_blank><img
-    src="./docs/images/ucloud.png" alt="UCloud" height="120"
-  /></a>
-  <a href="https://www.aliyun.com/" target=_blank><img
-    src="./docs/images/aliyun.png" alt="Alibaba Cloud" height="120"
-  /></a>
-  <a href="https://io.net/" target=_blank><img
-    src="./docs/images/io-net.png" alt="IO.NET" height="120"
-  /></a>
-</p>
-<p>&nbsp;</p>
-
-## 📚 Documentation
-
-Pour une documentation détaillée, veuillez consulter notre Wiki officiel : [https://docs.newapi.pro/](https://docs.newapi.pro/)
-
-Vous pouvez également accéder au DeepWiki généré par l'IA :
-[![Demander à DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/QuantumNous/new-api)
-
-## ✨ Fonctionnalités clés
-
-New API offre un large éventail de fonctionnalités, veuillez vous référer à [Présentation des fonctionnalités](https://docs.newapi.pro/wiki/features-introduction) pour plus de détails :
-
-1. 🎨 Nouvelle interface utilisateur
-2. 🌍 Prise en charge multilingue
-3. 💰 Fonctionnalité de recharge en ligne, prend actuellement en charge EPay et Stripe
-4. 🔍 Prise en charge de la recherche de quotas d'utilisation avec des clés (fonctionne avec [neko-api-key-tool](https://github.com/Calcium-Ion/neko-api-key-tool))
-5. 🔄 Compatible avec la base de données originale de One API
-6. 💵 Prise en charge de la tarification des modèles de paiement à l'utilisation
-7. ⚖️ Prise en charge de la sélection aléatoire pondérée des canaux
-8. 📈 Tableau de bord des données (console)
-9. 🔒 Regroupement de jetons et restrictions de modèles
-10. 🤖 Prise en charge de plus de méthodes de connexion par autorisation (LinuxDO, Telegram, OIDC)
-11. 🔄 Prise en charge des modèles Rerank (Cohere et Jina), [Documentation de l'API](https://docs.newapi.pro/api/jinaai-rerank)
-12. ⚡ Prise en charge de l'API OpenAI Realtime (y compris les canaux Azure), [Documentation de l'API](https://docs.newapi.pro/api/openai-realtime)
-13. ⚡ Prise en charge du format **OpenAI Responses**, [Documentation de l'API](https://docs.newapi.pro/api/openai-responses)
-14. ⚡ Prise en charge du format **Claude Messages**, [Documentation de l'API](https://docs.newapi.pro/api/anthropic-chat)
-15. ⚡ Prise en charge du format **Google Gemini**, [Documentation de l'API](https://docs.newapi.pro/api/google-gemini-chat/)
-16. 🧠 Prise en charge de la définition de l'effort de raisonnement via les suffixes de nom de modèle :
-    1. Modèles de la série o d'OpenAI
-        - Ajouter le suffixe `-high` pour un effort de raisonnement élevé (par exemple : `o3-mini-high`)
-        - Ajouter le suffixe `-medium` pour un effort de raisonnement moyen (par exemple : `o3-mini-medium`)
-        - Ajouter le suffixe `-low` pour un effort de raisonnement faible (par exemple : `o3-mini-low`)
-    2. Modèles de pensée de Claude
-        - Ajouter le suffixe `-thinking` pour activer le mode de pensée (par exemple : `claude-3-7-sonnet-20250219-thinking`)
-17. 🔄 Fonctionnalité de la pensée au contenu
-18. 🔄 Limitation du débit du modèle pour les utilisateurs
-19. 🔄 Fonctionnalité de conversion de format de requête, prenant en charge les trois conversions de format suivantes :
-    1. OpenAI Chat Completions => Claude Messages
-    2. Claude Messages => OpenAI Chat Completions (peut être utilisé pour Claude Code pour appeler des modèles tiers)
-    3. OpenAI Chat Completions => Gemini Chat
-20. 💰 Prise en charge de la facturation du cache, qui permet de facturer à un ratio défini lorsque le cache est atteint :
-    1. Définir l'option `Ratio de cache d'invite` dans `Paramètres système->Paramètres de fonctionnement`
-    2. Définir le `Ratio de cache d'invite` dans le canal, plage de 0 à 1, par exemple, le définir sur 0,5 signifie facturer à 50 % lorsque le cache est atteint
-    3. Canaux pris en charge :
-        - [x] OpenAI
-        - [x] Azure
-        - [x] DeepSeek
-        - [x] Claude
-
-## Prise en charge des modèles
-
-Cette version prend en charge plusieurs modèles, veuillez vous référer à [Documentation de l'API-Interface de relais](https://docs.newapi.pro/api) pour plus de détails :
-
-1. Modèles tiers **gpts** (gpt-4-gizmo-*)
-2. Canal tiers [Midjourney-Proxy(Plus)](https://github.com/novicezk/midjourney-proxy), [Documentation de l'API](https://docs.newapi.pro/api/midjourney-proxy-image)
-3. Canal tiers [Suno API](https://github.com/Suno-API/Suno-API), [Documentation de l'API](https://docs.newapi.pro/api/suno-music)
-4. Canaux personnalisés, prenant en charge la saisie complète de l'adresse d'appel
-5. Modèles Rerank ([Cohere](https://cohere.ai/) et [Jina](https://jina.ai/)), [Documentation de l'API](https://docs.newapi.pro/api/jinaai-rerank)
-6. Format de messages Claude, [Documentation de l'API](https://docs.newapi.pro/api/anthropic-chat)
-7. Format Google Gemini, [Documentation de l'API](https://docs.newapi.pro/api/google-gemini-chat/)
-8. Dify, ne prend actuellement en charge que chatflow
-9. Pour plus d'interfaces, veuillez vous référer à la [Documentation de l'API](https://docs.newapi.pro/api)
-
-## Configuration des variables d'environnement
-
-Pour des instructions de configuration détaillées, veuillez vous référer à [Guide d'installation-Configuration des variables d'environnement](https://docs.newapi.pro/installation/environment-variables) :
-
- `GENERATE_DEFAULT_TOKEN` : S'il faut générer des jetons initiaux pour les utilisateurs nouvellement enregistrés, la valeur par défaut est `false`
- `STREAMING_TIMEOUT` : Délai d'expiration de la réponse en streaming, la valeur par défaut est de 300 secondes
- `DIFY_DEBUG` : S'il faut afficher les informations sur le flux de travail et les nœuds pour les canaux Dify, la valeur par défaut est `true`
- `GET_MEDIA_TOKEN` : S'il faut compter les jetons d'image, la valeur par défaut est `true`
- `GET_MEDIA_TOKEN_NOT_STREAM` : S'il faut compter les jetons d'image dans les cas sans streaming, la valeur par défaut est `true`
- `UPDATE_TASK` : S'il faut mettre à jour les tâches asynchrones (Midjourney, Suno), la valeur par défaut est `true`
- `GEMINI_VISION_MAX_IMAGE_NUM` : Nombre maximum d'images pour les modèles Gemini, la valeur par défaut est `16`
- `MAX_FILE_DOWNLOAD_MB` : Taille maximale de téléchargement de fichier en Mo, la valeur par défaut est `20`
- `CRYPTO_SECRET` : Clé de chiffrement utilisée pour chiffrer le contenu de la base de données Redis
- `AZURE_DEFAULT_API_VERSION` : Version de l'API par défaut du canal Azure, la valeur par défaut est `2025-04-01-preview`
- `NOTIFICATION_LIMIT_DURATION_MINUTE` : Durée de la limite de notification, la valeur par défaut est de `10` minutes
- `NOTIFY_LIMIT_COUNT` : Nombre maximal de notifications utilisateur dans la durée spécifiée, la valeur par défaut est `2`
- `ERROR_LOG_ENABLED=true` : S'il faut enregistrer et afficher les journaux d'erreurs, la valeur par défaut est `false`
-
-## Déploiement
-
-Pour des guides de déploiement détaillés, veuillez vous référer à [Guide d'installation-Méthodes de déploiement](https://docs.newapi.pro/installation) :
-
-> [!TIP]
-> Dernière image Docker : `calciumion/new-api:latest`
-
-### Considérations sur le déploiement multi-machines
- La variable d'environnement `SESSION_SECRET` doit être définie, sinon l'état de connexion sera incohérent sur plusieurs machines
- Si vous partagez Redis, `CRYPTO_SECRET` doit être défini, sinon le contenu de Redis ne pourra pas être consulté sur plusieurs machines
-
-### Exigences de déploiement
- Base de données locale (par défaut) : SQLite (le déploiement Docker doit monter le répertoire `/data`)
- Base de données distante : MySQL version >= 5.7.8, PgSQL version >= 9.6
-
-### Méthodes de déploiement
-
-#### Utilisation de la fonctionnalité Docker du panneau BaoTa
-Installez le panneau BaoTa (version **9.2.0** ou supérieure), recherchez **New-API** dans le magasin d'applications et installez-le.
-[Tutoriel avec des images](./docs/BT.md)
-
-#### Utilisation de Docker Compose (recommandé)
-```shell
-# Télécharger le projet
-git clone https://github.com/Calcium-Ion/new-api.git
-cd new-api
-# Modifier docker-compose.yml si nécessaire
-# Démarrer
-docker-compose up -d
-```
-
-#### Utilisation directe de l'image Docker
-```shell
-# Utilisation de SQLite
-docker run --name new-api -d --restart always -p 3000:3000 -e TZ=Asia/Shanghai -v /home/ubuntu/data/new-api:/data calciumion/new-api:latest
-
-# Utilisation de MySQL
-docker run --name new-api -d --restart always -p 3000:3000 -e SQL_DSN="root:123456@tcp(localhost:3306)/oneapi" -e TZ=Asia/Shanghai -v /home/ubuntu/data/new-api:/data calciumion/new-api:latest
-```
-
-## Nouvelle tentative de canal et cache
-La fonctionnalité de nouvelle tentative de canal a été implémentée, vous pouvez définir le nombre de tentatives dans `Paramètres->Paramètres de fonctionnement->Paramètres généraux->Nombre de tentatives en cas d'échec`, **recommandé d'activer la fonctionnalité de mise en cache**.
-
-### Méthode de configuration du cache
-1. `REDIS_CONN_STRING` : Définir Redis comme cache
-2. `MEMORY_CACHE_ENABLED` : Activer le cache mémoire (pas besoin de le définir manuellement si Redis est défini)
-
-## Documentation de l'API
-
-Pour une documentation détaillée de l'API, veuillez vous référer à [Documentation de l'API](https://docs.newapi.pro/api) :
-
- [API de discussion (Chat Completions)](https://docs.newapi.pro/api/openai-chat)
- [API de réponse (Responses)](https://docs.newapi.pro/api/openai-responses)
- [API d'image (Image)](https://docs.newapi.pro/api/openai-image)
- [API de rerank (Rerank)](https://docs.newapi.pro/api/jinaai-rerank)
- [API de discussion en temps réel (Realtime)](https://docs.newapi.pro/api/openai-realtime)
- [API de discussion Claude](https://docs.newapi.pro/api/anthropic-chat)
- [API de discussion Google Gemini](https://docs.newapi.pro/api/google-gemini-chat)
-
-## Projets connexes
- [One API](https://github.com/songquanpeng/one-api) : Projet original
- [Midjourney-Proxy](https://github.com/novicezk/midjourney-proxy) : Prise en charge de l'interface Midjourney
- [neko-api-key-tool](https://github.com/Calcium-Ion/neko-api-key-tool) : Interroger le quota d'utilisation avec une clé
-
-Autres projets basés sur New API :
- [new-api-horizon](https://github.com/Calcium-Ion/new-api-horizon) : Version optimisée hautes performances de New API
-
-## Aide et support
-
-Si vous avez des questions, veuillez vous référer à [Aide et support](https://docs.newapi.pro/support) :
- [Interaction avec la communauté](https://docs.newapi.pro/support/community-interaction)
- [Commentaires sur les problèmes](https://docs.newapi.pro/support/feedback-issues)
- [FAQ](https://docs.newapi.pro/support/faq)
-
-## 🌟 Historique des étoiles
-
-[![Graphique de l'historique des étoiles](https://api.star-history.com/svg?repos=Calcium-Ion/new-api&type=Date)](https://star-history.com/#Calcium-Ion/new-api&Date)
--- a/README.ja.md
+++ b/README.ja.md
@@ -1,226 +0,0 @@
-<p align="right">
-   <a href="./README.md">中文</a> | <a href="./README.en.md">English</a> | <a href="./README.fr.md">Français</a> | <strong>日本語</strong>
-</p>
-
-> [!NOTE]
-> **MT（機械翻訳）**: この文書は機械翻訳されています。最も正確な情報については、[中国語版](./README.md)を参照してください。
-
-<div align="center">
-
-![new-api](/web/public/logo.png)
-
-# New API
-
-🍥次世代大規模モデルゲートウェイとAI資産管理システム
-
-<a href="https://trendshift.io/repositories/8227" target="_blank"><img src="https://trendshift.io/api/badge/repositories/8227" alt="Calcium-Ion%2Fnew-api | Trendshift" style="width: 250px; height: 55px;" width="250" height="55"/></a>
-
-<p align="center">
-  <a href="https://raw.githubusercontent.com/Calcium-Ion/new-api/main/LICENSE">
-    <img src="https://img.shields.io/github/license/Calcium-Ion/new-api?color=brightgreen" alt="license">
-  </a>
-  <a href="https://github.com/Calcium-Ion/new-api/releases/latest">
-    <img src="https://img.shields.io/github/v/release/Calcium-Ion/new-api?color=brightgreen&include_prereleases" alt="release">
-  </a>
-  <a href="https://github.com/users/Calcium-Ion/packages/container/package/new-api">
-    <img src="https://img.shields.io/badge/docker-ghcr.io-blue" alt="docker">
-  </a>
-  <a href="https://hub.docker.com/r/CalciumIon/new-api">
-    <img src="https://img.shields.io/badge/docker-dockerHub-blue" alt="docker">
-  </a>
-  <a href="https://goreportcard.com/report/github.com/Calcium-Ion/new-api">
-    <img src="https://goreportcard.com/badge/github.com/Calcium-Ion/new-api" alt="GoReportCard">
-  </a>
-</p>
-</div>
-
-## 📝 プロジェクト説明
-
-> [!NOTE]  
-> 本プロジェクトは、[One API](https://github.com/songquanpeng/one-api)をベースに二次開発されたオープンソースプロジェクトです
-
-> [!IMPORTANT]  
-> - 本プロジェクトは個人学習用のみであり、安定性の保証や技術サポートは提供しません。
-> - ユーザーは、OpenAIの[利用規約](https://openai.com/policies/terms-of-use)および**法律法規**を遵守する必要があり、違法な目的で使用してはいけません。
-> - [《生成式人工智能服务管理暂行办法》](http://www.cac.gov.cn/2023-07/13/c_1690898327029107.htm)の要求に従い、中国地域の公衆に未登録の生成式AI サービスを提供しないでください。
-
-<h2>🤝 信頼できるパートナー</h2>
-<p id="premium-sponsors">&nbsp;</p>
-<p align="center"><strong>順不同</strong></p>
-<p align="center">
-  <a href="https://www.cherry-ai.com/" target=_blank><img
-    src="./docs/images/cherry-studio.png" alt="Cherry Studio" height="120"
-  /></a>
-  <a href="https://bda.pku.edu.cn/" target=_blank><img
-    src="./docs/images/pku.png" alt="北京大学" height="120"
-  /></a>
-  <a href="https://www.compshare.cn/?ytag=GPU_yy_gh_newapi" target=_blank><img
-    src="./docs/images/ucloud.png" alt="UCloud 優刻得" height="120"
-  /></a>
-  <a href="https://www.aliyun.com/" target=_blank><img
-    src="./docs/images/aliyun.png" alt="Alibaba Cloud" height="120"
-  /></a>
-  <a href="https://io.net/" target=_blank><img
-    src="./docs/images/io-net.png" alt="IO.NET" height="120"
-  /></a>
-</p>
-<p>&nbsp;</p>
-
-## 📚 ドキュメント
-
-詳細なドキュメントは公式Wikiをご覧ください：[https://docs.newapi.pro/](https://docs.newapi.pro/)
-
-AIが生成したDeepWikiにもアクセスできます：
-[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/QuantumNous/new-api)
-
-## ✨ 主な機能
-
-New APIは豊富な機能を提供しています。詳細な機能については[機能説明](https://docs.newapi.pro/wiki/features-introduction)を参照してください：
-
-1. 🎨 全く新しいUIインターフェース
-2. 🌍 多言語サポート
-3. 💰 オンラインチャージ機能をサポート、現在EPayとStripeをサポート
-4. 🔍 キーによる使用量クォータの照会をサポート（[neko-api-key-tool](https://github.com/Calcium-Ion/neko-api-key-tool)と連携）
-5. 🔄 オリジナルのOne APIデータベースと互換性あり
-6. 💵 モデルの従量課金をサポート
-7. ⚖️ チャネルの重み付けランダムをサポート
-8. 📈 データダッシュボード（コンソール）
-9. 🔒 トークングループ化、モデル制限
-10. 🤖 より多くの認証ログイン方法をサポート（LinuxDO、Telegram、OIDC）
-11. 🔄 Rerankモデルをサポート（CohereとJina）、[API ドキュメント](https://docs.newapi.pro/api/jinaai-rerank)
-12. ⚡ OpenAI Realtime APIをサポート（Azureチャネルを含む）、[APIドキュメント](https://docs.newapi.pro/api/openai-realtime)
-13. ⚡ **OpenAI Responses**形式をサポート、[APIドキュメント](https://docs.newapi.pro/api/openai-responses)
-14. ⚡ **Claude Messages**形式をサポート、[APIドキュメント](https://docs.newapi.pro/api/anthropic-chat)
-15. ⚡ **Google Gemini**形式をサポート、[APIドキュメント](https://docs.newapi.pro/api/google-gemini-chat/)
-16. 🧠 モデル名のサフィックスを通じてreasoning effortを設定することをサポート：
-    1. OpenAI oシリーズモデル
-        - `-high`サフィックスを追加してhigh reasoning effortに設定（例：`o3-mini-high`）
-        - `-medium`サフィックスを追加してmedium reasoning effortに設定（例：`o3-mini-medium`）
-        - `-low`サフィックスを追加してlow reasoning effortに設定（例：`o3-mini-low`）
-    2. Claude思考モデル
-        - `-thinking`サフィックスを追加して思考モードを有効にする（例：`claude-3-7-sonnet-20250219-thinking`）
-17. 🔄 思考からコンテンツへの機能
-18. 🔄 ユーザーに対するモデルレート制限機能
-19. 🔄 リクエストフォーマット変換機能、以下の3つのフォーマット変換をサポート：
-    1. OpenAI Chat Completions => Claude Messages
-    2. Claude Messages => OpenAI Chat Completions（Claude Codeがサードパーティモデルを呼び出す際に使用可能）
-    3. OpenAI Chat Completions => Gemini Chat
-20. 💰 キャッシュ課金サポート、有効にするとキャッシュがヒットした際に設定された比率で課金できます：
-    1. `システム設定-運営設定`で`プロンプトキャッシュ倍率`オプションを設定
-    2. チャネルで`プロンプトキャッシュ倍率`を設定、範囲は0-1、例えば0.5に設定するとキャッシュがヒットした際に50%で課金
-    3. サポートされているチャネル：
-        - [x] OpenAI
-        - [x] Azure
-        - [x] DeepSeek
-        - [x] Claude
-
-## モデルサポート
-
-このバージョンは複数のモデルをサポートしています。詳細は[APIドキュメント-中継インターフェース](https://docs.newapi.pro/api)を参照してください：
-
-1. サードパーティモデル **gpts**（gpt-4-gizmo-*）
-2. サードパーティチャネル[Midjourney-Proxy(Plus)](https://github.com/novicezk/midjourney-proxy)インターフェース、[APIドキュメント](https://docs.newapi.pro/api/midjourney-proxy-image)
-3. サードパーティチャネル[Suno API](https://github.com/Suno-API/Suno-API)インターフェース、[APIドキュメント](https://docs.newapi.pro/api/suno-music)
-4. カスタムチャネル、完全な呼び出しアドレスの入力をサポート
-5. Rerankモデル（[Cohere](https://cohere.ai/)と[Jina](https://jina.ai/)）、[APIドキュメント](https://docs.newapi.pro/api/jinaai-rerank)
-6. Claude Messages形式、[APIドキュメント](https://docs.newapi.pro/api/anthropic-chat)
-7. Google Gemini形式、[APIドキュメント](https://docs.newapi.pro/api/google-gemini-chat/)
-8. Dify、現在はchatflowのみをサポート
-9. その他のインターフェースについては[APIドキュメント](https://docs.newapi.pro/api)を参照してください
-
-## 環境変数設定
-
-詳細な設定説明については[インストールガイド-環境変数設定](https://docs.newapi.pro/installation/environment-variables)を参照してください：
-
- `GENERATE_DEFAULT_TOKEN`：新規登録ユーザーに初期トークンを生成するかどうか、デフォルトは`false`
- `STREAMING_TIMEOUT`：ストリーミング応答のタイムアウト時間、デフォルトは300秒
- `DIFY_DEBUG`：Difyチャネルがワークフローとノード情報を出力するかどうか、デフォルトは`true`
- `GET_MEDIA_TOKEN`：画像トークンを統計するかどうか、デフォルトは`true`
- `GET_MEDIA_TOKEN_NOT_STREAM`：非ストリーミングの場合に画像トークンを統計するかどうか、デフォルトは`true`
- `UPDATE_TASK`：非同期タスク（Midjourney、Suno）を更新するかどうか、デフォルトは`true`
- `GEMINI_VISION_MAX_IMAGE_NUM`：Geminiモデルの最大画像数、デフォルトは`16`
- `MAX_FILE_DOWNLOAD_MB`: 最大ファイルダウンロードサイズ、単位MB、デフォルトは`20`
- `CRYPTO_SECRET`：暗号化キー、Redisデータベースの内容を暗号化するために使用
- `AZURE_DEFAULT_API_VERSION`：Azureチャネルのデフォルトのバージョン、デフォルトは`2025-04-01-preview`
- `NOTIFICATION_LIMIT_DURATION_MINUTE`：メールなどの通知制限の継続時間、デフォルトは`10`分
- `NOTIFY_LIMIT_COUNT`：指定された継続時間内のユーザー通知の最大数、デフォルトは`2`
- `ERROR_LOG_ENABLED=true`: エラーログを記録して表示するかどうか、デフォルトは`false`
-
-## デプロイ
-
-詳細なデプロイガイドについては[インストールガイド-デプロイ方法](https://docs.newapi.pro/installation)を参照してください：
-
-> [!TIP]
-> 最新のDockerイメージ：`calciumion/new-api:latest`  
-
-### マルチマシンデプロイの注意事項
- 環境変数`SESSION_SECRET`を設定する必要があります。そうしないとマルチマシンデプロイ時にログイン状態が不一致になります
- Redisを共有する場合、`CRYPTO_SECRET`を設定する必要があります。そうしないとマルチマシンデプロイ時にRedisの内容を取得できません
-
-### デプロイ要件
- ローカルデータベース（デフォルト）：SQLite（Dockerデプロイの場合は`/data`ディレクトリをマウントする必要があります）
- リモートデータベース：MySQLバージョン >= 5.7.8、PgSQLバージョン >= 9.6
-
-### デプロイ方法
-
-#### 宝塔パネルのDocker機能を使用してデプロイ
-宝塔パネル（**9.2.0バージョン**以上）をインストールし、アプリケーションストアで**New-API**を見つけてインストールします。
-[画像付きチュートリアル](./docs/BT.md)
-
-#### Docker Composeを使用してデプロイ（推奨）
-```shell
-# プロジェクトをダウンロード
-git clone https://github.com/Calcium-Ion/new-api.git
-cd new-api
-# 必要に応じてdocker-compose.ymlを編集
-# 起動
-docker-compose up -d
-```
-
-#### Dockerイメージを直接使用
-```shell
-# SQLiteを使用
-docker run --name new-api -d --restart always -p 3000:3000 -e TZ=Asia/Shanghai -v /home/ubuntu/data/new-api:/data calciumion/new-api:latest
-
-# MySQLを使用
-docker run --name new-api -d --restart always -p 3000:3000 -e SQL_DSN="root:123456@tcp(localhost:3306)/oneapi" -e TZ=Asia/Shanghai -v /home/ubuntu/data/new-api:/data calciumion/new-api:latest
-```
-
-## チャネルリトライとキャッシュ
-チャネルリトライ機能はすでに実装されており、`設定->運営設定->一般設定->失敗リトライ回数`でリトライ回数を設定できます。**キャッシュ機能を有効にすることを推奨します**。
-
-### キャッシュ設定方法
-1. `REDIS_CONN_STRING`：Redisをキャッシュとして設定
-2. `MEMORY_CACHE_ENABLED`：メモリキャッシュを有効にする（Redisを設定した場合は手動設定不要）
-
-## APIドキュメント
-
-詳細なAPIドキュメントについては[APIドキュメント](https://docs.newapi.pro/api)を参照してください：
-
- [チャットインターフェース（Chat Completions）](https://docs.newapi.pro/api/openai-chat)
- [レスポンスインターフェース（Responses）](https://docs.newapi.pro/api/openai-responses)
- [画像インターフェース（Image）](https://docs.newapi.pro/api/openai-image)
- [再ランク付けインターフェース（Rerank）](https://docs.newapi.pro/api/jinaai-rerank)
- [リアルタイム対話インターフェース（Realtime）](https://docs.newapi.pro/api/openai-realtime)
- [Claudeチャットインターフェース](https://docs.newapi.pro/api/anthropic-chat)
- [Google Geminiチャットインターフェース](https://docs.newapi.pro/api/google-gemini-chat)
-
-## 関連プロジェクト
- [One API](https://github.com/songquanpeng/one-api)：オリジナルプロジェクト
- [Midjourney-Proxy](https://github.com/novicezk/midjourney-proxy)：Midjourneyインターフェースサポート
- [neko-api-key-tool](https://github.com/Calcium-Ion/neko-api-key-tool)：キーを使用して使用量クォータを照会
-
-New APIベースのその他のプロジェクト：
- [new-api-horizon](https://github.com/Calcium-Ion/new-api-horizon)：New API高性能最適化版
-
-## ヘルプサポート
-
-問題がある場合は、[ヘルプサポート](https://docs.newapi.pro/support)を参照してください：
- [コミュニティ交流](https://docs.newapi.pro/support/community-interaction)
- [問題のフィードバック](https://docs.newapi.pro/support/feedback-issues)
- [よくある質問](https://docs.newapi.pro/support/faq)
-
-## 🌟 Star History
-
-[![Star History Chart](https://api.star-history.com/svg?repos=Calcium-Ion/new-api&type=Date)](https://star-history.com/#Calcium-Ion/new-api&Date)
-
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 <p align="right">
-   <strong>中文</strong> | <a href="./README.en.md">English</a> | <a href="./README.fr.md">Français</a> | <a href="./README.ja.md">日本語</a>
+   <strong>中文</strong> | <a href="./README.en.md">English</a>
 </p>
 <div align="center">

@@ -75,7 +75,7 @@ New API提供了丰富的功能，详细特性请参考[特性说明](https://do

 1. 🎨 全新的UI界面
 2. 🌍 多语言支持
-3. 💰 支持在线充值功能，当前支持易支付和Stripe
+3. 💰 支持在线充值功能（易支付）
 4. 🔍 支持用key查询使用额度（配合[neko-api-key-tool](https://github.com/Calcium-Ion/neko-api-key-tool)）
 5. 🔄 兼容原版One API的数据库
 6. 💵 支持模型按次数收费
@@ -85,23 +85,22 @@ New API提供了丰富的功能，详细特性请参考[特性说明](https://do
 10. 🤖 支持更多授权登陆方式（LinuxDO,Telegram、OIDC）
 11. 🔄 支持Rerank模型（Cohere和Jina），[接口文档](https://docs.newapi.pro/api/jinaai-rerank)
 12. ⚡ 支持OpenAI Realtime API（包括Azure渠道），[接口文档](https://docs.newapi.pro/api/openai-realtime)
-13. ⚡ 支持 **OpenAI Responses** 格式，[接口文档](https://docs.newapi.pro/api/openai-responses)
-14. ⚡ 支持 **Claude Messages** 格式，[接口文档](https://docs.newapi.pro/api/anthropic-chat)
-15. ⚡ 支持 **Google Gemini** 格式，[接口文档](https://docs.newapi.pro/api/google-gemini-chat/)
-16. 🧠 支持通过模型名称后缀设置 reasoning effort：
+13. ⚡ 支持Claude Messages 格式，[接口文档](https://docs.newapi.pro/api/anthropic-chat)
+14. 支持使用路由/chat2link进入聊天界面
+15. 🧠 支持通过模型名称后缀设置 reasoning effort：
    1. OpenAI o系列模型
        - 添加后缀 `-high` 设置为 high reasoning effort (例如: `o3-mini-high`)
        - 添加后缀 `-medium` 设置为 medium reasoning effort (例如: `o3-mini-medium`)
        - 添加后缀 `-low` 设置为 low reasoning effort (例如: `o3-mini-low`)
    2. Claude 思考模型
        - 添加后缀 `-thinking` 启用思考模式 (例如: `claude-3-7-sonnet-20250219-thinking`)
-17. 🔄 思考转内容功能
-18. 🔄 针对用户的模型限流功能
-19. 🔄 请求格式转换功能，支持以下三种格式转换：
-    1. OpenAI Chat Completions => Claude Messages （OpenAI格式调用Claude模型）
+16. 🔄 思考转内容功能
+17. 🔄 针对用户的模型限流功能
+18. 🔄 请求格式转换功能，支持以下三种格式转换：
+    1. OpenAI Chat Completions => Claude Messages
    2. Clade Messages => OpenAI Chat Completions (可用于Claude Code调用第三方模型)
-    3. OpenAI Chat Completions => Gemini Chat （OpenAI格式调用Gemini模型）
-20. 💰 缓存计费支持，开启后可以在缓存命中时按照设定的比例计费：
+    3. OpenAI Chat Completions => Gemini Chat
+19. 💰 缓存计费支持，开启后可以在缓存命中时按照设定的比例计费：
    1. 在 `系统设置-运营设置` 中设置 `提示缓存倍率` 选项
    2. 在渠道中设置 `提示缓存倍率`，范围 0-1，例如设置为 0.5 表示缓存命中时按照 50% 计费
    3. 支持的渠道：
@@ -120,9 +119,7 @@ New API提供了丰富的功能，详细特性请参考[特性说明](https://do
 4. 自定义渠道，支持填入完整调用地址
 5. Rerank模型（[Cohere](https://cohere.ai/)和[Jina](https://jina.ai/)），[接口文档](https://docs.newapi.pro/api/jinaai-rerank)
 6. Claude Messages 格式，[接口文档](https://docs.newapi.pro/api/anthropic-chat)
-7. Google Gemini格式，[接口文档](https://docs.newapi.pro/api/google-gemini-chat/)
-8. Dify，当前仅支持chatflow
-9. 更多接口请参考[接口文档](https://docs.newapi.pro/api)
+7. Dify，当前仅支持chatflow

 ## 环境变量配置

@@ -131,14 +128,16 @@ New API提供了丰富的功能，详细特性请参考[特性说明](https://do
 - `GENERATE_DEFAULT_TOKEN`：是否为新注册用户生成初始令牌，默认为 `false`
 - `STREAMING_TIMEOUT`：流式回复超时时间，默认300秒
 - `DIFY_DEBUG`：Dify渠道是否输出工作流和节点信息，默认 `true`
+- `FORCE_STREAM_OPTION`：是否覆盖客户端stream_options参数，默认 `true`
 - `GET_MEDIA_TOKEN`：是否统计图片token，默认 `true`
 - `GET_MEDIA_TOKEN_NOT_STREAM`：非流情况下是否统计图片token，默认 `true`
 - `UPDATE_TASK`：是否更新异步任务（Midjourney、Suno），默认 `true`
+- `COHERE_SAFETY_SETTING`：Cohere模型安全设置，可选值为 `NONE`, `CONTEXTUAL`, `STRICT`，默认 `NONE`
 - `GEMINI_VISION_MAX_IMAGE_NUM`：Gemini模型最大图片数量，默认 `16`
 - `MAX_FILE_DOWNLOAD_MB`: 最大文件下载大小，单位MB，默认 `20`
- `CRYPTO_SECRET`：加密密钥，用于加密Redis数据库内容
+- `CRYPTO_SECRET`：加密密钥，用于加密数据库内容
 - `AZURE_DEFAULT_API_VERSION`：Azure渠道默认API版本，默认 `2025-04-01-preview`
- `NOTIFICATION_LIMIT_DURATION_MINUTE`：邮件等通知限制持续时间，默认 `10`分钟
+- `NOTIFICATION_LIMIT_DURATION_MINUTE`：通知限制持续时间，默认 `10`分钟
 - `NOTIFY_LIMIT_COUNT`：用户通知在指定持续时间内的最大数量，默认 `2`
 - `ERROR_LOG_ENABLED=true`: 是否记录并显示错误日志，默认`false`

@@ -183,7 +182,7 @@ docker run --name new-api -d --restart always -p 3000:3000 -e SQL_DSN="root:1234
 ```

 ## 渠道重试与缓存
-渠道重试功能已经实现，可以在`设置->运营设置->通用设置->失败重试次数`设置重试次数，**建议开启缓存**功能。
+渠道重试功能已经实现，可以在`设置->运营设置->通用设置`设置重试次数，**建议开启缓存**功能。

 ### 缓存设置方法
 1. `REDIS_CONN_STRING`：设置Redis作为缓存
@@ -193,17 +192,16 @@ docker run --name new-api -d --restart always -p 3000:3000 -e SQL_DSN="root:1234

 详细接口文档请参考[接口文档](https://docs.newapi.pro/api)：

- [聊天接口（Chat Completions）](https://docs.newapi.pro/api/openai-chat)
- [响应接口 （Responses）](https://docs.newapi.pro/api/openai-responses)
+- [聊天接口（Chat）](https://docs.newapi.pro/api/openai-chat)
 - [图像接口（Image）](https://docs.newapi.pro/api/openai-image)
 - [重排序接口（Rerank）](https://docs.newapi.pro/api/jinaai-rerank)
 - [实时对话接口（Realtime）](https://docs.newapi.pro/api/openai-realtime)
- [Claude聊天接口](https://docs.newapi.pro/api/anthropic-chat)
- [Google Gemini聊天接口](https://docs.newapi.pro/api/google-gemini-chat)
+- [Claude聊天接口（messages）](https://docs.newapi.pro/api/anthropic-chat)

 ## 相关项目
 - [One API](https://github.com/songquanpeng/one-api)：原版项目
 - [Midjourney-Proxy](https://github.com/novicezk/midjourney-proxy)：Midjourney接口支持
+- [chatnio](https://github.com/Deeptrain-Community/chatnio)：下一代AI一站式B/C端解决方案
 - [neko-api-key-tool](https://github.com/Calcium-Ion/neko-api-key-tool)：用key查询使用额度

 其他基于New API的项目：
--- a/common/api_type.go
+++ b/common/api_type.go
@@ -67,8 +67,6 @@ func ChannelType2APIType(channelType int) (int, bool) {
 		apiType = constant.APITypeJimeng
 	case constant.ChannelTypeMoonshot:
 		apiType = constant.APITypeMoonshot
-	case constant.ChannelTypeSubmodel:
-		apiType = constant.APITypeSubmodel
 	}
 	if apiType == -1 {
 		return constant.APITypeOpenAI, false
--- a/common/constants.go
+++ b/common/constants.go
@@ -19,7 +19,6 @@ var TopUpLink = ""
 // var ChatLink = ""
 // var ChatLink2 = ""
 var QuotaPerUnit = 500 * 1000.0 // $0.002 / 1K tokens
-// 保留旧变量以兼容历史逻辑，实际展示由 general_setting.quota_display_type 控制
 var DisplayInCurrencyEnabled = true
 var DisplayTokenStatEnabled = true
 var DrawingEnabled = true
--- a/common/database.go
+++ b/common/database.go
@@ -12,4 +12,4 @@ var LogSqlType = DatabaseTypeSQLite // Default to SQLite for logging SQL queries
 var UsingMySQL = false
 var UsingClickHouse = false

-var SQLitePath = "one-api.db?_busy_timeout=30000"
+var SQLitePath = "one-api.db?_busy_timeout=30000"
--- a/common/endpoint_defaults.go
+++ b/common/endpoint_defaults.go
@@ -23,7 +23,6 @@ var defaultEndpointInfoMap = map[constant.EndpointType]EndpointInfo{
 	constant.EndpointTypeGemini:          {Path: "/v1beta/models/{model}:generateContent", Method: "POST"},
 	constant.EndpointTypeJinaRerank:      {Path: "/rerank", Method: "POST"},
 	constant.EndpointTypeImageGeneration: {Path: "/v1/images/generations", Method: "POST"},
-	constant.EndpointTypeEmbeddings:      {Path: "/v1/embeddings", Method: "POST"},
 }

 // GetDefaultEndpointInfo 返回指定端点类型的默认信息以及是否存在
--- a/common/ip.go
+++ b/common/ip.go
@@ -1,22 +0,0 @@
-package common
-
-import "net"
-
-func IsPrivateIP(ip net.IP) bool {
-	if ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() {
-		return true
-	}
-
-	private := []net.IPNet{
-		{IP: net.IPv4(10, 0, 0, 0), Mask: net.CIDRMask(8, 32)},
-		{IP: net.IPv4(172, 16, 0, 0), Mask: net.CIDRMask(12, 32)},
-		{IP: net.IPv4(192, 168, 0, 0), Mask: net.CIDRMask(16, 32)},
-	}
-
-	for _, privateNet := range private {
-		if privateNet.Contains(ip) {
-			return true
-		}
-	}
-	return false
-}
--- a/common/ssrf_protection.go
+++ b/common/ssrf_protection.go
@@ -1,327 +0,0 @@
-package common
-
-import (
-	"fmt"
-	"net"
-	"net/url"
-	"strconv"
-	"strings"
-)
-
-// SSRFProtection SSRF防护配置
-type SSRFProtection struct {
-	AllowPrivateIp         bool
-	DomainFilterMode       bool     // true: 白名单, false: 黑名单
-	DomainList             []string // domain format, e.g. example.com, *.example.com
-	IpFilterMode           bool     // true: 白名单, false: 黑名单
-	IpList                 []string // CIDR or single IP
-	AllowedPorts           []int    // 允许的端口范围
-	ApplyIPFilterForDomain bool     // 对域名启用IP过滤
-}
-
-// DefaultSSRFProtection 默认SSRF防护配置
-var DefaultSSRFProtection = &SSRFProtection{
-	AllowPrivateIp:   false,
-	DomainFilterMode: true,
-	DomainList:       []string{},
-	IpFilterMode:     true,
-	IpList:           []string{},
-	AllowedPorts:     []int{},
-}
-
-// isPrivateIP 检查IP是否为私有地址
-func isPrivateIP(ip net.IP) bool {
-	if ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() {
-		return true
-	}
-
-	// 检查私有网段
-	private := []net.IPNet{
-		{IP: net.IPv4(10, 0, 0, 0), Mask: net.CIDRMask(8, 32)},     // 10.0.0.0/8
-		{IP: net.IPv4(172, 16, 0, 0), Mask: net.CIDRMask(12, 32)},  // 172.16.0.0/12
-		{IP: net.IPv4(192, 168, 0, 0), Mask: net.CIDRMask(16, 32)}, // 192.168.0.0/16
-		{IP: net.IPv4(127, 0, 0, 0), Mask: net.CIDRMask(8, 32)},    // 127.0.0.0/8
-		{IP: net.IPv4(169, 254, 0, 0), Mask: net.CIDRMask(16, 32)}, // 169.254.0.0/16 (链路本地)
-		{IP: net.IPv4(224, 0, 0, 0), Mask: net.CIDRMask(4, 32)},    // 224.0.0.0/4 (组播)
-		{IP: net.IPv4(240, 0, 0, 0), Mask: net.CIDRMask(4, 32)},    // 240.0.0.0/4 (保留)
-	}
-
-	for _, privateNet := range private {
-		if privateNet.Contains(ip) {
-			return true
-		}
-	}
-
-	// 检查IPv6私有地址
-	if ip.To4() == nil {
-		// IPv6 loopback
-		if ip.Equal(net.IPv6loopback) {
-			return true
-		}
-		// IPv6 link-local
-		if strings.HasPrefix(ip.String(), "fe80:") {
-			return true
-		}
-		// IPv6 unique local
-		if strings.HasPrefix(ip.String(), "fc") || strings.HasPrefix(ip.String(), "fd") {
-			return true
-		}
-	}
-
-	return false
-}
-
-// parsePortRanges 解析端口范围配置
-// 支持格式: "80", "443", "8000-9000"
-func parsePortRanges(portConfigs []string) ([]int, error) {
-	var ports []int
-
-	for _, config := range portConfigs {
-		config = strings.TrimSpace(config)
-		if config == "" {
-			continue
-		}
-
-		if strings.Contains(config, "-") {
-			// 处理端口范围 "8000-9000"
-			parts := strings.Split(config, "-")
-			if len(parts) != 2 {
-				return nil, fmt.Errorf("invalid port range format: %s", config)
-			}
-
-			startPort, err := strconv.Atoi(strings.TrimSpace(parts[0]))
-			if err != nil {
-				return nil, fmt.Errorf("invalid start port in range %s: %v", config, err)
-			}
-
-			endPort, err := strconv.Atoi(strings.TrimSpace(parts[1]))
-			if err != nil {
-				return nil, fmt.Errorf("invalid end port in range %s: %v", config, err)
-			}
-
-			if startPort > endPort {
-				return nil, fmt.Errorf("invalid port range %s: start port cannot be greater than end port", config)
-			}
-
-			if startPort < 1 || startPort > 65535 || endPort < 1 || endPort > 65535 {
-				return nil, fmt.Errorf("port range %s contains invalid port numbers (must be 1-65535)", config)
-			}
-
-			// 添加范围内的所有端口
-			for port := startPort; port <= endPort; port++ {
-				ports = append(ports, port)
-			}
-		} else {
-			// 处理单个端口 "80"
-			port, err := strconv.Atoi(config)
-			if err != nil {
-				return nil, fmt.Errorf("invalid port number: %s", config)
-			}
-
-			if port < 1 || port > 65535 {
-				return nil, fmt.Errorf("invalid port number %d (must be 1-65535)", port)
-			}
-
-			ports = append(ports, port)
-		}
-	}
-
-	return ports, nil
-}
-
-// isAllowedPort 检查端口是否被允许
-func (p *SSRFProtection) isAllowedPort(port int) bool {
-	if len(p.AllowedPorts) == 0 {
-		return true // 如果没有配置端口限制，则允许所有端口
-	}
-
-	for _, allowedPort := range p.AllowedPorts {
-		if port == allowedPort {
-			return true
-		}
-	}
-	return false
-}
-
-// isDomainWhitelisted 检查域名是否在白名单中
-func isDomainListed(domain string, list []string) bool {
-	if len(list) == 0 {
-		return false
-	}
-
-	domain = strings.ToLower(domain)
-	for _, item := range list {
-		item = strings.ToLower(strings.TrimSpace(item))
-		if item == "" {
-			continue
-		}
-		// 精确匹配
-		if domain == item {
-			return true
-		}
-		// 通配符匹配 (*.example.com)
-		if strings.HasPrefix(item, "*.") {
-			suffix := strings.TrimPrefix(item, "*.")
-			if strings.HasSuffix(domain, "."+suffix) || domain == suffix {
-				return true
-			}
-		}
-	}
-	return false
-}
-
-func (p *SSRFProtection) isDomainAllowed(domain string) bool {
-	listed := isDomainListed(domain, p.DomainList)
-	if p.DomainFilterMode { // 白名单
-		return listed
-	}
-	// 黑名单
-	return !listed
-}
-
-// isIPWhitelisted 检查IP是否在白名单中
-
-func isIPListed(ip net.IP, list []string) bool {
-	if len(list) == 0 {
-		return false
-	}
-
-	for _, whitelistCIDR := range list {
-		_, network, err := net.ParseCIDR(whitelistCIDR)
-		if err != nil {
-			// 尝试作为单个IP处理
-			if whitelistIP := net.ParseIP(whitelistCIDR); whitelistIP != nil {
-				if ip.Equal(whitelistIP) {
-					return true
-				}
-			}
-			continue
-		}
-
-		if network.Contains(ip) {
-			return true
-		}
-	}
-	return false
-}
-
-// IsIPAccessAllowed 检查IP是否允许访问
-func (p *SSRFProtection) IsIPAccessAllowed(ip net.IP) bool {
-	// 私有IP限制
-	if isPrivateIP(ip) && !p.AllowPrivateIp {
-		return false
-	}
-
-	listed := isIPListed(ip, p.IpList)
-	if p.IpFilterMode { // 白名单
-		return listed
-	}
-	// 黑名单
-	return !listed
-}
-
-// ValidateURL 验证URL是否安全
-func (p *SSRFProtection) ValidateURL(urlStr string) error {
-	// 解析URL
-	u, err := url.Parse(urlStr)
-	if err != nil {
-		return fmt.Errorf("invalid URL format: %v", err)
-	}
-
-	// 只允许HTTP/HTTPS协议
-	if u.Scheme != "http" && u.Scheme != "https" {
-		return fmt.Errorf("unsupported protocol: %s (only http/https allowed)", u.Scheme)
-	}
-
-	// 解析主机和端口
-	host, portStr, err := net.SplitHostPort(u.Host)
-	if err != nil {
-		// 没有端口，使用默认端口
-		host = u.Hostname()
-		if u.Scheme == "https" {
-			portStr = "443"
-		} else {
-			portStr = "80"
-		}
-	}
-
-	// 验证端口
-	port, err := strconv.Atoi(portStr)
-	if err != nil {
-		return fmt.Errorf("invalid port: %s", portStr)
-	}
-
-	if !p.isAllowedPort(port) {
-		return fmt.Errorf("port %d is not allowed", port)
-	}
-
-	// 如果 host 是 IP，则跳过域名检查
-	if ip := net.ParseIP(host); ip != nil {
-		if !p.IsIPAccessAllowed(ip) {
-			if isPrivateIP(ip) {
-				return fmt.Errorf("private IP address not allowed: %s", ip.String())
-			}
-			if p.IpFilterMode {
-				return fmt.Errorf("ip not in whitelist: %s", ip.String())
-			}
-			return fmt.Errorf("ip in blacklist: %s", ip.String())
-		}
-		return nil
-	}
-
-	// 先进行域名过滤
-	if !p.isDomainAllowed(host) {
-		if p.DomainFilterMode {
-			return fmt.Errorf("domain not in whitelist: %s", host)
-		}
-		return fmt.Errorf("domain in blacklist: %s", host)
-	}
-
-	// 若未启用对域名应用IP过滤，则到此通过
-	if !p.ApplyIPFilterForDomain {
-		return nil
-	}
-
-	// 解析域名对应IP并检查
-	ips, err := net.LookupIP(host)
-	if err != nil {
-		return fmt.Errorf("DNS resolution failed for %s: %v", host, err)
-	}
-	for _, ip := range ips {
-		if !p.IsIPAccessAllowed(ip) {
-			if isPrivateIP(ip) && !p.AllowPrivateIp {
-				return fmt.Errorf("private IP address not allowed: %s resolves to %s", host, ip.String())
-			}
-			if p.IpFilterMode {
-				return fmt.Errorf("ip not in whitelist: %s resolves to %s", host, ip.String())
-			}
-			return fmt.Errorf("ip in blacklist: %s resolves to %s", host, ip.String())
-		}
-	}
-	return nil
-}
-
-// ValidateURLWithFetchSetting 使用FetchSetting配置验证URL
-func ValidateURLWithFetchSetting(urlStr string, enableSSRFProtection, allowPrivateIp bool, domainFilterMode bool, ipFilterMode bool, domainList, ipList, allowedPorts []string, applyIPFilterForDomain bool) error {
-	// 如果SSRF防护被禁用，直接返回成功
-	if !enableSSRFProtection {
-		return nil
-	}
-
-	// 解析端口范围配置
-	allowedPortInts, err := parsePortRanges(allowedPorts)
-	if err != nil {
-		return fmt.Errorf("request reject - invalid port configuration: %v", err)
-	}
-
-	protection := &SSRFProtection{
-		AllowPrivateIp:         allowPrivateIp,
-		DomainFilterMode:       domainFilterMode,
-		DomainList:             domainList,
-		IpFilterMode:           ipFilterMode,
-		IpList:                 ipList,
-		AllowedPorts:           allowedPortInts,
-		ApplyIPFilterForDomain: applyIPFilterForDomain,
-	}
-	return protection.ValidateURL(urlStr)
-}
--- a/common/sys_log.go
+++ b/common/sys_log.go
@@ -2,10 +2,9 @@ package common

 import (
 	"fmt"
+	"github.com/gin-gonic/gin"
 	"os"
 	"time"
-
-	"github.com/gin-gonic/gin"
 )

 func SysLog(s string) {
@@ -23,33 +22,3 @@ func FatalLog(v ...any) {
 	_, _ = fmt.Fprintf(gin.DefaultErrorWriter, "[FATAL] %v | %v \n", t.Format("2006/01/02 - 15:04:05"), v)
 	os.Exit(1)
 }
-
-func LogStartupSuccess(startTime time.Time, port string) {
-
-	duration := time.Since(startTime)
-	durationMs := duration.Milliseconds()
-
-	// Get network IPs
-	networkIps := GetNetworkIps()
-
-	// Print blank line for spacing
-	fmt.Fprintf(gin.DefaultWriter, "\n")
-
-	// Print the main success message
-	fmt.Fprintf(gin.DefaultWriter, "  \033[32m%s %s\033[0m  ready in %d ms\n", SystemName, Version, durationMs)
-	fmt.Fprintf(gin.DefaultWriter, "\n")
-
-	// Skip fancy startup message in container environments
-	if !IsRunningInContainer() {
-		// Print local URL
-		fmt.Fprintf(gin.DefaultWriter, "  ➜  \033[1mLocal:\033[0m   http://localhost:%s/\n", port)
-	}
-
-	// Print network URLs
-	for _, ip := range networkIps {
-		fmt.Fprintf(gin.DefaultWriter, "  ➜  \033[1mNetwork:\033[0m http://%s:%s/\n", ip, port)
-	}
-
-	// Print blank line for spacing
-	fmt.Fprintf(gin.DefaultWriter, "\n")
-}
--- a/common/utils.go
+++ b/common/utils.go
@@ -68,78 +68,6 @@ func GetIp() (ip string) {
 	return
 }

-func GetNetworkIps() []string {
-	var networkIps []string
-	ips, err := net.InterfaceAddrs()
-	if err != nil {
-		log.Println(err)
-		return networkIps
-	}
-
-	for _, a := range ips {
-		if ipNet, ok := a.(*net.IPNet); ok && !ipNet.IP.IsLoopback() {
-			if ipNet.IP.To4() != nil {
-				ip := ipNet.IP.String()
-				// Include common private network ranges
-				if strings.HasPrefix(ip, "10.") ||
-					strings.HasPrefix(ip, "172.") ||
-					strings.HasPrefix(ip, "192.168.") {
-					networkIps = append(networkIps, ip)
-				}
-			}
-		}
-	}
-	return networkIps
-}
-
-// IsRunningInContainer detects if the application is running inside a container
-func IsRunningInContainer() bool {
-	// Method 1: Check for .dockerenv file (Docker containers)
-	if _, err := os.Stat("/.dockerenv"); err == nil {
-		return true
-	}
-
-	// Method 2: Check cgroup for container indicators
-	if data, err := os.ReadFile("/proc/1/cgroup"); err == nil {
-		content := string(data)
-		if strings.Contains(content, "docker") ||
-			strings.Contains(content, "containerd") ||
-			strings.Contains(content, "kubepods") ||
-			strings.Contains(content, "/lxc/") {
-			return true
-		}
-	}
-
-	// Method 3: Check environment variables commonly set by container runtimes
-	containerEnvVars := []string{
-		"KUBERNETES_SERVICE_HOST",
-		"DOCKER_CONTAINER",
-		"container",
-	}
-
-	for _, envVar := range containerEnvVars {
-		if os.Getenv(envVar) != "" {
-			return true
-		}
-	}
-
-	// Method 4: Check if init process is not the traditional init
-	if data, err := os.ReadFile("/proc/1/comm"); err == nil {
-		comm := strings.TrimSpace(string(data))
-		// In containers, process 1 is often not "init" or "systemd"
-		if comm != "init" && comm != "systemd" {
-			// Additional check: if it's a common container entrypoint
-			if strings.Contains(comm, "docker") ||
-				strings.Contains(comm, "containerd") ||
-				strings.Contains(comm, "runc") {
-				return true
-			}
-		}
-	}
-
-	return false
-}
-
 var sizeKB = 1024
 var sizeMB = sizeKB * 1024
 var sizeGB = sizeMB * 1024
--- a/constant/api_type.go
+++ b/constant/api_type.go
@@ -31,7 +31,6 @@ const (
 	APITypeXai
 	APITypeCoze
 	APITypeJimeng
-	APITypeMoonshot
-	APITypeSubmodel
-	APITypeDummy // this one is only for count, do not add any channel after this
+	APITypeMoonshot // this one is only for count, do not add any channel after this
+	APITypeDummy    // this one is only for count, do not add any channel after this
 )
--- a/constant/channel.go
+++ b/constant/channel.go
@@ -50,8 +50,6 @@ const (
 	ChannelTypeKling          = 50
 	ChannelTypeJimeng         = 51
 	ChannelTypeVidu           = 52
-	ChannelTypeSubmodel       = 53
-	ChannelTypeDoubaoVideo    = 54
 	ChannelTypeDummy          // this one is only for count, do not add any channel after this

 )
@@ -110,67 +108,4 @@ var ChannelBaseURLs = []string{
 	"https://api.klingai.com",                   //50
 	"https://visual.volcengineapi.com",          //51
 	"https://api.vidu.cn",                       //52
-	"https://llm.submodel.ai",                   //53
-	"https://ark.cn-beijing.volces.com",         //54
-}
-
-var ChannelTypeNames = map[int]string{
-	ChannelTypeUnknown:        "Unknown",
-	ChannelTypeOpenAI:         "OpenAI",
-	ChannelTypeMidjourney:     "Midjourney",
-	ChannelTypeAzure:          "Azure",
-	ChannelTypeOllama:         "Ollama",
-	ChannelTypeMidjourneyPlus: "MidjourneyPlus",
-	ChannelTypeOpenAIMax:      "OpenAIMax",
-	ChannelTypeOhMyGPT:        "OhMyGPT",
-	ChannelTypeCustom:         "Custom",
-	ChannelTypeAILS:           "AILS",
-	ChannelTypeAIProxy:        "AIProxy",
-	ChannelTypePaLM:           "PaLM",
-	ChannelTypeAPI2GPT:        "API2GPT",
-	ChannelTypeAIGC2D:         "AIGC2D",
-	ChannelTypeAnthropic:      "Anthropic",
-	ChannelTypeBaidu:          "Baidu",
-	ChannelTypeZhipu:          "Zhipu",
-	ChannelTypeAli:            "Ali",
-	ChannelTypeXunfei:         "Xunfei",
-	ChannelType360:            "360",
-	ChannelTypeOpenRouter:     "OpenRouter",
-	ChannelTypeAIProxyLibrary: "AIProxyLibrary",
-	ChannelTypeFastGPT:        "FastGPT",
-	ChannelTypeTencent:        "Tencent",
-	ChannelTypeGemini:         "Gemini",
-	ChannelTypeMoonshot:       "Moonshot",
-	ChannelTypeZhipu_v4:       "ZhipuV4",
-	ChannelTypePerplexity:     "Perplexity",
-	ChannelTypeLingYiWanWu:    "LingYiWanWu",
-	ChannelTypeAws:            "AWS",
-	ChannelTypeCohere:         "Cohere",
-	ChannelTypeMiniMax:        "MiniMax",
-	ChannelTypeSunoAPI:        "SunoAPI",
-	ChannelTypeDify:           "Dify",
-	ChannelTypeJina:           "Jina",
-	ChannelCloudflare:         "Cloudflare",
-	ChannelTypeSiliconFlow:    "SiliconFlow",
-	ChannelTypeVertexAi:       "VertexAI",
-	ChannelTypeMistral:        "Mistral",
-	ChannelTypeDeepSeek:       "DeepSeek",
-	ChannelTypeMokaAI:         "MokaAI",
-	ChannelTypeVolcEngine:     "VolcEngine",
-	ChannelTypeBaiduV2:        "BaiduV2",
-	ChannelTypeXinference:     "Xinference",
-	ChannelTypeXai:            "xAI",
-	ChannelTypeCoze:           "Coze",
-	ChannelTypeKling:          "Kling",
-	ChannelTypeJimeng:         "Jimeng",
-	ChannelTypeVidu:           "Vidu",
-	ChannelTypeSubmodel:       "Submodel",
-	ChannelTypeDoubaoVideo:    "DoubaoVideo",
-}
-
-func GetChannelTypeName(channelType int) string {
-	if name, ok := ChannelTypeNames[channelType]; ok {
-		return name
-	}
-	return "Unknown"
 }
--- a/constant/endpoint_type.go
+++ b/constant/endpoint_type.go
@@ -9,7 +9,6 @@ const (
 	EndpointTypeGemini          EndpointType = "gemini"
 	EndpointTypeJinaRerank      EndpointType = "jina-rerank"
 	EndpointTypeImageGeneration EndpointType = "image-generation"
-	EndpointTypeEmbeddings      EndpointType = "embeddings"
 	//EndpointTypeMidjourney     EndpointType = "midjourney-proxy"
 	//EndpointTypeSuno           EndpointType = "suno-proxy"
 	//EndpointTypeKling          EndpointType = "kling"
--- a/constant/task.go
+++ b/constant/task.go
@@ -11,10 +11,8 @@ const (
 	SunoActionMusic  = "MUSIC"
 	SunoActionLyrics = "LYRICS"

-	TaskActionGenerate          = "generate"
-	TaskActionTextGenerate      = "textGenerate"
-	TaskActionFirstTailGenerate = "firstTailGenerate"
-	TaskActionReferenceGenerate = "referenceGenerate"
+	TaskActionGenerate     = "generate"
+	TaskActionTextGenerate = "textGenerate"
 )

 var SunoModel2Action = map[string]string{
--- a/controller/billing.go
+++ b/controller/billing.go
@@ -5,7 +5,6 @@ import (
 	"one-api/common"
 	"one-api/dto"
 	"one-api/model"
-	"one-api/setting/operation_setting"
 )

 func GetSubscription(c *gin.Context) {
@@ -40,18 +39,8 @@ func GetSubscription(c *gin.Context) {
 	}
 	quota := remainQuota + usedQuota
 	amount := float64(quota)
-	// OpenAI 兼容接口中的 *_USD 字段含义保持“额度单位”对应值：
-	// 我们将其解释为以“站点展示类型”为准：
-	// - USD: 直接除以 QuotaPerUnit
-	// - CNY: 先转 USD 再乘汇率
-	// - TOKENS: 直接使用 tokens 数量
-	switch operation_setting.GetQuotaDisplayType() {
-	case operation_setting.QuotaDisplayTypeCNY:
-		amount = amount / common.QuotaPerUnit * operation_setting.USDExchangeRate
-	case operation_setting.QuotaDisplayTypeTokens:
-		// amount 保持 tokens 数值
-	default:
-		amount = amount / common.QuotaPerUnit
+	if common.DisplayInCurrencyEnabled {
+		amount /= common.QuotaPerUnit
 	}
 	if token != nil && token.UnlimitedQuota {
 		amount = 100000000
@@ -91,13 +80,8 @@ func GetUsage(c *gin.Context) {
 		return
 	}
 	amount := float64(quota)
-	switch operation_setting.GetQuotaDisplayType() {
-	case operation_setting.QuotaDisplayTypeCNY:
-		amount = amount / common.QuotaPerUnit * operation_setting.USDExchangeRate
-	case operation_setting.QuotaDisplayTypeTokens:
-		// tokens 保持原值
-	default:
-		amount = amount / common.QuotaPerUnit
+	if common.DisplayInCurrencyEnabled {
+		amount /= common.QuotaPerUnit
 	}
 	usage := OpenAIUsageResponse{
 		Object:     "list",
--- a/controller/channel-test.go
+++ b/controller/channel-test.go
@@ -28,7 +28,6 @@ import (
 	"time"

 	"github.com/bytedance/gopkg/util/gopool"
-	"github.com/samber/lo"

 	"github.com/gin-gonic/gin"
 )
@@ -39,21 +38,42 @@ type testResult struct {
 	newAPIError *types.NewAPIError
 }

-func testChannel(channel *model.Channel, testModel string, endpointType string) testResult {
+func testChannel(channel *model.Channel, testModel string) testResult {
 	tik := time.Now()
-	var unsupportedTestChannelTypes = []int{
-		constant.ChannelTypeMidjourney,
-		constant.ChannelTypeMidjourneyPlus,
-		constant.ChannelTypeSunoAPI,
-		constant.ChannelTypeKling,
-		constant.ChannelTypeJimeng,
-		constant.ChannelTypeDoubaoVideo,
-		constant.ChannelTypeVidu,
-	}
-	if lo.Contains(unsupportedTestChannelTypes, channel.Type) {
-		channelTypeName := constant.GetChannelTypeName(channel.Type)
+	if channel.Type == constant.ChannelTypeMidjourney {
 		return testResult{
-			localErr: fmt.Errorf("%s channel test is not supported", channelTypeName),
+			localErr:    errors.New("midjourney channel test is not supported"),
+			newAPIError: nil,
+		}
+	}
+	if channel.Type == constant.ChannelTypeMidjourneyPlus {
+		return testResult{
+			localErr:    errors.New("midjourney plus channel test is not supported"),
+			newAPIError: nil,
+		}
+	}
+	if channel.Type == constant.ChannelTypeSunoAPI {
+		return testResult{
+			localErr:    errors.New("suno channel test is not supported"),
+			newAPIError: nil,
+		}
+	}
+	if channel.Type == constant.ChannelTypeKling {
+		return testResult{
+			localErr:    errors.New("kling channel test is not supported"),
+			newAPIError: nil,
+		}
+	}
+	if channel.Type == constant.ChannelTypeJimeng {
+		return testResult{
+			localErr:    errors.New("jimeng channel test is not supported"),
+			newAPIError: nil,
+		}
+	}
+	if channel.Type == constant.ChannelTypeVidu {
+		return testResult{
+			localErr:    errors.New("vidu channel test is not supported"),
+			newAPIError: nil,
 		}
 	}
 	w := httptest.NewRecorder()
@@ -61,26 +81,13 @@ func testChannel(channel *model.Channel, testModel string, endpointType string)

 	requestPath := "/v1/chat/completions"

-	// 如果指定了端点类型，使用指定的端点类型
-	if endpointType != "" {
-		if endpointInfo, ok := common.GetDefaultEndpointInfo(constant.EndpointType(endpointType)); ok {
-			requestPath = endpointInfo.Path
-		}
-	} else {
-		// 如果没有指定端点类型，使用原有的自动检测逻辑
-		// 先判断是否为 Embedding 模型
-		if strings.Contains(strings.ToLower(testModel), "embedding") ||
-			strings.HasPrefix(testModel, "m3e") || // m3e 系列模型
-			strings.Contains(testModel, "bge-") || // bge 系列模型
-			strings.Contains(testModel, "embed") ||
-			channel.Type == constant.ChannelTypeMokaAI { // 其他 embedding 模型
-			requestPath = "/v1/embeddings" // 修改请求路径
-		}
-
-		// VolcEngine 图像生成模型
-		if channel.Type == constant.ChannelTypeVolcEngine && strings.Contains(testModel, "seedream") {
-			requestPath = "/v1/images/generations"
-		}
+	// 先判断是否为 Embedding 模型
+	if strings.Contains(strings.ToLower(testModel), "embedding") ||
+		strings.HasPrefix(testModel, "m3e") || // m3e 系列模型
+		strings.Contains(testModel, "bge-") || // bge 系列模型
+		strings.Contains(testModel, "embed") ||
+		channel.Type == constant.ChannelTypeMokaAI { // 其他 embedding 模型
+		requestPath = "/v1/embeddings" // 修改请求路径
 	}

 	c.Request = &http.Request{
@@ -126,54 +133,14 @@ func testChannel(channel *model.Channel, testModel string, endpointType string)
 			newAPIError: newAPIError,
 		}
 	}
+	request := buildTestRequest(testModel)

-	// Determine relay format based on endpoint type or request path
-	var relayFormat types.RelayFormat
-	if endpointType != "" {
-		// 根据指定的端点类型设置 relayFormat
-		switch constant.EndpointType(endpointType) {
-		case constant.EndpointTypeOpenAI:
-			relayFormat = types.RelayFormatOpenAI
-		case constant.EndpointTypeOpenAIResponse:
-			relayFormat = types.RelayFormatOpenAIResponses
-		case constant.EndpointTypeAnthropic:
-			relayFormat = types.RelayFormatClaude
-		case constant.EndpointTypeGemini:
-			relayFormat = types.RelayFormatGemini
-		case constant.EndpointTypeJinaRerank:
-			relayFormat = types.RelayFormatRerank
-		case constant.EndpointTypeImageGeneration:
-			relayFormat = types.RelayFormatOpenAIImage
-		case constant.EndpointTypeEmbeddings:
-			relayFormat = types.RelayFormatEmbedding
-		default:
-			relayFormat = types.RelayFormatOpenAI
-		}
-	} else {
-		// 根据请求路径自动检测
-		relayFormat = types.RelayFormatOpenAI
-		if c.Request.URL.Path == "/v1/embeddings" {
-			relayFormat = types.RelayFormatEmbedding
-		}
-		if c.Request.URL.Path == "/v1/images/generations" {
-			relayFormat = types.RelayFormatOpenAIImage
-		}
-		if c.Request.URL.Path == "/v1/messages" {
-			relayFormat = types.RelayFormatClaude
-		}
-		if strings.Contains(c.Request.URL.Path, "/v1beta/models") {
-			relayFormat = types.RelayFormatGemini
-		}
-		if c.Request.URL.Path == "/v1/rerank" || c.Request.URL.Path == "/rerank" {
-			relayFormat = types.RelayFormatRerank
-		}
-		if c.Request.URL.Path == "/v1/responses" {
-			relayFormat = types.RelayFormatOpenAIResponses
-		}
+	// Determine relay format based on request path
+	relayFormat := types.RelayFormatOpenAI
+	if c.Request.URL.Path == "/v1/embeddings" {
+		relayFormat = types.RelayFormatEmbedding
 	}

-	request := buildTestRequest(testModel, endpointType)
-
 	info, err := relaycommon.GenRelayInfo(c, relayFormat, request, nil)

 	if err != nil {
@@ -196,8 +163,7 @@ func testChannel(channel *model.Channel, testModel string, endpointType string)
 	}

 	testModel = info.UpstreamModelName
-	// 更新请求中的模型名称
-	request.SetModelName(testModel)
+	request.Model = testModel

 	apiType, _ := common.ChannelType2APIType(channel.Type)
 	adaptor := relay.GetAdaptor(apiType)
@@ -227,62 +193,17 @@ func testChannel(channel *model.Channel, testModel string, endpointType string)

 	var convertedRequest any
 	// 根据 RelayMode 选择正确的转换函数
-	switch info.RelayMode {
-	case relayconstant.RelayModeEmbeddings:
-		// Embedding 请求 - request 已经是正确的类型
-		if embeddingReq, ok := request.(*dto.EmbeddingRequest); ok {
-			convertedRequest, err = adaptor.ConvertEmbeddingRequest(c, info, *embeddingReq)
-		} else {
-			return testResult{
-				context:     c,
-				localErr:    errors.New("invalid embedding request type"),
-				newAPIError: types.NewError(errors.New("invalid embedding request type"), types.ErrorCodeConvertRequestFailed),
-			}
-		}
-	case relayconstant.RelayModeImagesGenerations:
-		// 图像生成请求 - request 已经是正确的类型
-		if imageReq, ok := request.(*dto.ImageRequest); ok {
-			convertedRequest, err = adaptor.ConvertImageRequest(c, info, *imageReq)
-		} else {
-			return testResult{
-				context:     c,
-				localErr:    errors.New("invalid image request type"),
-				newAPIError: types.NewError(errors.New("invalid image request type"), types.ErrorCodeConvertRequestFailed),
-			}
-		}
-	case relayconstant.RelayModeRerank:
-		// Rerank 请求 - request 已经是正确的类型
-		if rerankReq, ok := request.(*dto.RerankRequest); ok {
-			convertedRequest, err = adaptor.ConvertRerankRequest(c, info.RelayMode, *rerankReq)
-		} else {
-			return testResult{
-				context:     c,
-				localErr:    errors.New("invalid rerank request type"),
-				newAPIError: types.NewError(errors.New("invalid rerank request type"), types.ErrorCodeConvertRequestFailed),
-			}
-		}
-	case relayconstant.RelayModeResponses:
-		// Response 请求 - request 已经是正确的类型
-		if responseReq, ok := request.(*dto.OpenAIResponsesRequest); ok {
-			convertedRequest, err = adaptor.ConvertOpenAIResponsesRequest(c, info, *responseReq)
-		} else {
-			return testResult{
-				context:     c,
-				localErr:    errors.New("invalid response request type"),
-				newAPIError: types.NewError(errors.New("invalid response request type"), types.ErrorCodeConvertRequestFailed),
-			}
-		}
-	default:
-		// Chat/Completion 等其他请求类型
-		if generalReq, ok := request.(*dto.GeneralOpenAIRequest); ok {
-			convertedRequest, err = adaptor.ConvertOpenAIRequest(c, info, generalReq)
-		} else {
-			return testResult{
-				context:     c,
-				localErr:    errors.New("invalid general request type"),
-				newAPIError: types.NewError(errors.New("invalid general request type"), types.ErrorCodeConvertRequestFailed),
-			}
+	if info.RelayMode == relayconstant.RelayModeEmbeddings {
+		// 创建一个 EmbeddingRequest
+		embeddingRequest := dto.EmbeddingRequest{
+			Input: request.Input,
+			Model: request.Model,
 		}
+		// 调用专门用于 Embedding 的转换函数
+		convertedRequest, err = adaptor.ConvertEmbeddingRequest(c, info, embeddingRequest)
+	} else {
+		// 对其他所有请求类型（如 Chat），保持原有逻辑
+		convertedRequest, err = adaptor.ConvertOpenAIRequest(c, info, request)
 	}

 	if err != nil {
@@ -385,82 +306,22 @@ func testChannel(channel *model.Channel, testModel string, endpointType string)
 	}
 }

-func buildTestRequest(model string, endpointType string) dto.Request {
-	// 根据端点类型构建不同的测试请求
-	if endpointType != "" {
-		switch constant.EndpointType(endpointType) {
-		case constant.EndpointTypeEmbeddings:
-			// 返回 EmbeddingRequest
-			return &dto.EmbeddingRequest{
-				Model: model,
-				Input: []any{"hello world"},
-			}
-		case constant.EndpointTypeImageGeneration:
-			// 返回 ImageRequest
-			return &dto.ImageRequest{
-				Model:  model,
-				Prompt: "a cute cat",
-				N:      1,
-				Size:   "1024x1024",
-			}
-		case constant.EndpointTypeJinaRerank:
-			// 返回 RerankRequest
-			return &dto.RerankRequest{
-				Model:     model,
-				Query:     "What is Deep Learning?",
-				Documents: []any{"Deep Learning is a subset of machine learning.", "Machine learning is a field of artificial intelligence."},
-				TopN:      2,
-			}
-		case constant.EndpointTypeOpenAIResponse:
-			// 返回 OpenAIResponsesRequest
-			return &dto.OpenAIResponsesRequest{
-				Model: model,
-				Input: json.RawMessage("\"hi\""),
-			}
-		case constant.EndpointTypeAnthropic, constant.EndpointTypeGemini, constant.EndpointTypeOpenAI:
-			// 返回 GeneralOpenAIRequest
-			maxTokens := uint(10)
-			if constant.EndpointType(endpointType) == constant.EndpointTypeGemini {
-				maxTokens = 3000
-			}
-			return &dto.GeneralOpenAIRequest{
-				Model:  model,
-				Stream: false,
-				Messages: []dto.Message{
-					{
-						Role:    "user",
-						Content: "hi",
-					},
-				},
-				MaxTokens: maxTokens,
-			}
-		}
-	}
-
-	// 自动检测逻辑（保持原有行为）
-	// 先判断是否为 Embedding 模型
-	if strings.Contains(strings.ToLower(model), "embedding") ||
-		strings.HasPrefix(model, "m3e") ||
-		strings.Contains(model, "bge-") {
-		// 返回 EmbeddingRequest
-		return &dto.EmbeddingRequest{
-			Model: model,
-			Input: []any{"hello world"},
-		}
-	}
-
-	// Chat/Completion 请求 - 返回 GeneralOpenAIRequest
+func buildTestRequest(model string) *dto.GeneralOpenAIRequest {
 	testRequest := &dto.GeneralOpenAIRequest{
-		Model:  model,
+		Model:  "", // this will be set later
 		Stream: false,
-		Messages: []dto.Message{
-			{
-				Role:    "user",
-				Content: "hi",
-			},
-		},
 	}

+	// 先判断是否为 Embedding 模型
+	if strings.Contains(strings.ToLower(model), "embedding") || // 其他 embedding 模型
+		strings.HasPrefix(model, "m3e") || // m3e 系列模型
+		strings.Contains(model, "bge-") {
+		testRequest.Model = model
+		// Embedding 请求
+		testRequest.Input = []any{"hello world"} // 修改为any，因为dto/openai_request.go 的ParseInput方法无法处理[]string类型
+		return testRequest
+	}
+	// 并非Embedding 模型
 	if strings.HasPrefix(model, "o") {
 		testRequest.MaxCompletionTokens = 10
 	} else if strings.Contains(model, "thinking") {
@@ -473,6 +334,12 @@ func buildTestRequest(model string, endpointType string) dto.Request {
 		testRequest.MaxTokens = 10
 	}

+	testMessage := dto.Message{
+		Role:    "user",
+		Content: "hi",
+	}
+	testRequest.Model = model
+	testRequest.Messages = append(testRequest.Messages, testMessage)
 	return testRequest
 }

@@ -496,9 +363,8 @@ func TestChannel(c *gin.Context) {
 	//	}
 	//}()
 	testModel := c.Query("model")
-	endpointType := c.Query("endpoint_type")
 	tik := time.Now()
-	result := testChannel(channel, testModel, endpointType)
+	result := testChannel(channel, testModel)
 	if result.localErr != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
@@ -524,6 +390,7 @@ func TestChannel(c *gin.Context) {
 		"message": "",
 		"time":    consumedTime,
 	})
+	return
 }

 var testAllChannelsLock sync.Mutex
@@ -557,7 +424,7 @@ func testAllChannels(notify bool) error {
 		for _, channel := range channels {
 			isChannelEnabled := channel.Status == common.ChannelStatusEnabled
 			tik := time.Now()
-			result := testChannel(channel, "", "")
+			result := testChannel(channel, "")
 			tok := time.Now()
 			milliseconds := tok.Sub(tik).Milliseconds()

@@ -571,7 +438,7 @@ func testAllChannels(notify bool) error {
 			// 当错误检查通过，才检查响应时间
 			if common.AutomaticDisableChannelEnabled && !shouldBanChannel {
 				if milliseconds > disableThreshold {
-					err := fmt.Errorf("响应时间 %.2fs 超过阈值 %.2fs", float64(milliseconds)/1000.0, float64(disableThreshold)/1000.0)
+					err := errors.New(fmt.Sprintf("响应时间 %.2fs 超过阈值 %.2fs", float64(milliseconds)/1000.0, float64(disableThreshold)/1000.0))
 					newAPIError = types.NewOpenAIError(err, types.ErrorCodeChannelResponseTimeExceeded, http.StatusRequestTimeout)
 					shouldBanChannel = true
 				}
@@ -608,6 +475,7 @@ func TestAllChannels(c *gin.Context) {
 		"success": true,
 		"message": "",
 	})
+	return
 }

 var autoTestChannelsOnce sync.Once
--- a/controller/channel.go
+++ b/controller/channel.go
@@ -8,7 +8,6 @@ import (
 	"one-api/constant"
 	"one-api/dto"
 	"one-api/model"
-	"one-api/service"
 	"strconv"
 	"strings"

@@ -189,8 +188,6 @@ func FetchUpstreamModels(c *gin.Context) {
 		url = fmt.Sprintf("%s/v1beta/openai/models", baseURL) // Remove key in url since we need to use AuthHeader
 	case constant.ChannelTypeAli:
 		url = fmt.Sprintf("%s/compatible-mode/v1/models", baseURL)
-	case constant.ChannelTypeZhipu_v4:
-		url = fmt.Sprintf("%s/api/paas/v4/models", baseURL)
 	default:
 		url = fmt.Sprintf("%s/v1/models", baseURL)
 	}
@@ -384,9 +381,18 @@ func GetChannel(c *gin.Context) {
 	return
 }

-// GetChannelKey 获取渠道密钥（需要通过安全验证中间件）
-// 此函数依赖 SecureVerificationRequired 中间件，确保用户已通过安全验证
+// GetChannelKey 验证2FA后获取渠道密钥
 func GetChannelKey(c *gin.Context) {
+	type GetChannelKeyRequest struct {
+		Code string `json:"code" binding:"required"`
+	}
+
+	var req GetChannelKeyRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		common.ApiError(c, fmt.Errorf("参数错误: %v", err))
+		return
+	}
+
 	userId := c.GetInt("id")
 	channelId, err := strconv.Atoi(c.Param("id"))
 	if err != nil {
@@ -394,6 +400,24 @@ func GetChannelKey(c *gin.Context) {
 		return
 	}

+	// 获取2FA记录并验证
+	twoFA, err := model.GetTwoFAByUserId(userId)
+	if err != nil {
+		common.ApiError(c, fmt.Errorf("获取2FA信息失败: %v", err))
+		return
+	}
+
+	if twoFA == nil || !twoFA.IsEnabled {
+		common.ApiError(c, fmt.Errorf("用户未启用2FA，无法查看密钥"))
+		return
+	}
+
+	// 统一的2FA验证逻辑
+	if !validateTwoFactorAuth(twoFA, req.Code) {
+		common.ApiError(c, fmt.Errorf("验证码或备用码错误，请重试"))
+		return
+	}
+
 	// 获取渠道信息（包含密钥）
 	channel, err := model.GetChannelById(channelId, true)
 	if err != nil {
@@ -409,10 +433,10 @@ func GetChannelKey(c *gin.Context) {
 	// 记录操作日志
 	model.RecordLog(userId, model.LogTypeSystem, fmt.Sprintf("查看渠道密钥信息 (渠道ID: %d)", channelId))

-	// 返回渠道密钥
+	// 统一的成功响应格式
 	c.JSON(http.StatusOK, gin.H{
 		"success": true,
-		"message": "获取成功",
+		"message": "验证成功",
 		"data": map[string]interface{}{
 			"key": channel.Key,
 		},
@@ -477,10 +501,9 @@ func validateChannel(channel *model.Channel, isAdd bool) error {
 }

 type AddChannelRequest struct {
-	Mode                      string                `json:"mode"`
-	MultiKeyMode              constant.MultiKeyMode `json:"multi_key_mode"`
-	BatchAddSetKeyPrefix2Name bool                  `json:"batch_add_set_key_prefix_2_name"`
-	Channel                   *model.Channel        `json:"channel"`
+	Mode         string                `json:"mode"`
+	MultiKeyMode constant.MultiKeyMode `json:"multi_key_mode"`
+	Channel      *model.Channel        `json:"channel"`
 }

 func getVertexArrayKeys(keys string) ([]string, error) {
@@ -593,13 +616,6 @@ func AddChannel(c *gin.Context) {
 		}
 		localChannel := addChannelRequest.Channel
 		localChannel.Key = key
-		if addChannelRequest.BatchAddSetKeyPrefix2Name && len(keys) > 1 {
-			keyPrefix := localChannel.Key
-			if len(localChannel.Key) > 8 {
-				keyPrefix = localChannel.Key[:8]
-			}
-			localChannel.Name = fmt.Sprintf("%s %s", localChannel.Name, keyPrefix)
-		}
 		channels = append(channels, *localChannel)
 	}
 	err = model.BatchInsertChannels(channels)
@@ -607,7 +623,6 @@ func AddChannel(c *gin.Context) {
 		common.ApiError(c, err)
 		return
 	}
-	service.ResetProxyClientCache()
 	c.JSON(http.StatusOK, gin.H{
 		"success": true,
 		"message": "",
@@ -869,7 +884,6 @@ func UpdateChannel(c *gin.Context) {
 		return
 	}
 	model.InitChannelCache()
-	service.ResetProxyClientCache()
 	channel.Key = ""
 	clearChannelInfo(&channel.Channel)
 	c.JSON(http.StatusOK, gin.H{
@@ -1079,8 +1093,8 @@ func CopyChannel(c *gin.Context) {
 // MultiKeyManageRequest represents the request for multi-key management operations
 type MultiKeyManageRequest struct {
 	ChannelId int    `json:"channel_id"`
-	Action    string `json:"action"`              // "disable_key", "enable_key", "delete_key", "delete_disabled_keys", "get_key_status"
-	KeyIndex  *int   `json:"key_index,omitempty"` // for disable_key, enable_key, and delete_key actions
+	Action    string `json:"action"`              // "disable_key", "enable_key", "delete_disabled_keys", "get_key_status"
+	KeyIndex  *int   `json:"key_index,omitempty"` // for disable_key and enable_key actions
 	Page      int    `json:"page,omitempty"`      // for get_key_status pagination
 	PageSize  int    `json:"page_size,omitempty"` // for get_key_status pagination
 	Status    *int   `json:"status,omitempty"`    // for get_key_status filtering: 1=enabled, 2=manual_disabled, 3=auto_disabled, nil=all
@@ -1408,86 +1422,6 @@ func ManageMultiKeys(c *gin.Context) {
 		})
 		return

-	case "delete_key":
-		if request.KeyIndex == nil {
-			c.JSON(http.StatusOK, gin.H{
-				"success": false,
-				"message": "未指定要删除的密钥索引",
-			})
-			return
-		}
-
-		keyIndex := *request.KeyIndex
-		if keyIndex < 0 || keyIndex >= channel.ChannelInfo.MultiKeySize {
-			c.JSON(http.StatusOK, gin.H{
-				"success": false,
-				"message": "密钥索引超出范围",
-			})
-			return
-		}
-
-		keys := channel.GetKeys()
-		var remainingKeys []string
-		var newStatusList = make(map[int]int)
-		var newDisabledTime = make(map[int]int64)
-		var newDisabledReason = make(map[int]string)
-
-		newIndex := 0
-		for i, key := range keys {
-			// 跳过要删除的密钥
-			if i == keyIndex {
-				continue
-			}
-
-			remainingKeys = append(remainingKeys, key)
-
-			// 保留其他密钥的状态信息，重新索引
-			if channel.ChannelInfo.MultiKeyStatusList != nil {
-				if status, exists := channel.ChannelInfo.MultiKeyStatusList[i]; exists && status != 1 {
-					newStatusList[newIndex] = status
-				}
-			}
-			if channel.ChannelInfo.MultiKeyDisabledTime != nil {
-				if t, exists := channel.ChannelInfo.MultiKeyDisabledTime[i]; exists {
-					newDisabledTime[newIndex] = t
-				}
-			}
-			if channel.ChannelInfo.MultiKeyDisabledReason != nil {
-				if r, exists := channel.ChannelInfo.MultiKeyDisabledReason[i]; exists {
-					newDisabledReason[newIndex] = r
-				}
-			}
-			newIndex++
-		}
-
-		if len(remainingKeys) == 0 {
-			c.JSON(http.StatusOK, gin.H{
-				"success": false,
-				"message": "不能删除最后一个密钥",
-			})
-			return
-		}
-
-		// Update channel with remaining keys
-		channel.Key = strings.Join(remainingKeys, "\n")
-		channel.ChannelInfo.MultiKeySize = len(remainingKeys)
-		channel.ChannelInfo.MultiKeyStatusList = newStatusList
-		channel.ChannelInfo.MultiKeyDisabledTime = newDisabledTime
-		channel.ChannelInfo.MultiKeyDisabledReason = newDisabledReason
-
-		err = channel.Update()
-		if err != nil {
-			common.ApiError(c, err)
-			return
-		}
-
-		model.InitChannelCache()
-		c.JSON(http.StatusOK, gin.H{
-			"success": true,
-			"message": "密钥已删除",
-		})
-		return
-
 	case "delete_disabled_keys":
 		keys := channel.GetKeys()
 		var remainingKeys []string
--- a/controller/misc.go
+++ b/controller/misc.go
@@ -42,8 +42,6 @@ func GetStatus(c *gin.Context) {
 	common.OptionMapRWMutex.RLock()
 	defer common.OptionMapRWMutex.RUnlock()

-	passkeySetting := system_setting.GetPasskeySettings()
-
 	data := gin.H{
 		"version":                     common.Version,
 		"start_time":                  common.StartTime,
@@ -66,22 +64,18 @@ func GetStatus(c *gin.Context) {
 		"top_up_link":                 common.TopUpLink,
 		"docs_link":                   operation_setting.GetGeneralSetting().DocsLink,
 		"quota_per_unit":              common.QuotaPerUnit,
-		// 兼容旧前端：保留 display_in_currency，同时提供新的 quota_display_type
-		"display_in_currency":           operation_setting.IsCurrencyDisplay(),
-		"quota_display_type":            operation_setting.GetQuotaDisplayType(),
-		"custom_currency_symbol":        operation_setting.GetGeneralSetting().CustomCurrencySymbol,
-		"custom_currency_exchange_rate": operation_setting.GetGeneralSetting().CustomCurrencyExchangeRate,
-		"enable_batch_update":           common.BatchUpdateEnabled,
-		"enable_drawing":                common.DrawingEnabled,
-		"enable_task":                   common.TaskEnabled,
-		"enable_data_export":            common.DataExportEnabled,
-		"data_export_default_time":      common.DataExportDefaultTime,
-		"default_collapse_sidebar":      common.DefaultCollapseSidebar,
-		"mj_notify_enabled":             setting.MjNotifyEnabled,
-		"chats":                         setting.Chats,
-		"demo_site_enabled":             operation_setting.DemoSiteEnabled,
-		"self_use_mode_enabled":         operation_setting.SelfUseModeEnabled,
-		"default_use_auto_group":        setting.DefaultUseAutoGroup,
+		"display_in_currency":         common.DisplayInCurrencyEnabled,
+		"enable_batch_update":         common.BatchUpdateEnabled,
+		"enable_drawing":              common.DrawingEnabled,
+		"enable_task":                 common.TaskEnabled,
+		"enable_data_export":          common.DataExportEnabled,
+		"data_export_default_time":    common.DataExportDefaultTime,
+		"default_collapse_sidebar":    common.DefaultCollapseSidebar,
+		"mj_notify_enabled":           setting.MjNotifyEnabled,
+		"chats":                       setting.Chats,
+		"demo_site_enabled":           operation_setting.DemoSiteEnabled,
+		"self_use_mode_enabled":       operation_setting.SelfUseModeEnabled,
+		"default_use_auto_group":      setting.DefaultUseAutoGroup,

 		"usd_exchange_rate": operation_setting.USDExchangeRate,
 		"price":             operation_setting.Price,
@@ -100,13 +94,6 @@ func GetStatus(c *gin.Context) {
 		"oidc_enabled":                system_setting.GetOIDCSettings().Enabled,
 		"oidc_client_id":              system_setting.GetOIDCSettings().ClientId,
 		"oidc_authorization_endpoint": system_setting.GetOIDCSettings().AuthorizationEndpoint,
-		"passkey_login":               passkeySetting.Enabled,
-		"passkey_display_name":        passkeySetting.RPDisplayName,
-		"passkey_rp_id":               passkeySetting.RPID,
-		"passkey_origins":             passkeySetting.Origins,
-		"passkey_allow_insecure":      passkeySetting.AllowInsecureOrigin,
-		"passkey_user_verification":   passkeySetting.UserVerification,
-		"passkey_attachment":          passkeySetting.AttachmentPreference,
 		"setup":                       constant.Setup,
 	}

--- a/controller/oauth.go
+++ b/controller/oauth.go
@@ -0,0 +1,375 @@
+package controller
+
+import (
+	"encoding/json"
+	"net/http"
+	"one-api/model"
+	"one-api/setting/system_setting"
+	"one-api/src/oauth"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	jwt "github.com/golang-jwt/jwt/v5"
+	"one-api/middleware"
+	"strconv"
+	"strings"
+)
+
+// GetJWKS 获取JWKS公钥集
+func GetJWKS(c *gin.Context) {
+	settings := system_setting.GetOAuth2Settings()
+	if !settings.Enabled {
+		c.JSON(http.StatusNotFound, gin.H{
+			"error": "OAuth2 server is disabled",
+		})
+		return
+	}
+
+	// lazy init if needed
+	_ = oauth.EnsureInitialized()
+
+	jwks := oauth.GetJWKS()
+	if jwks == nil {
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error": "JWKS not available",
+		})
+		return
+	}
+
+	// 设置CORS headers
+	c.Header("Access-Control-Allow-Origin", "*")
+	c.Header("Access-Control-Allow-Methods", "GET")
+	c.Header("Access-Control-Allow-Headers", "Content-Type")
+	c.Header("Cache-Control", "public, max-age=3600") // 缓存1小时
+
+	// 返回JWKS
+	c.Header("Content-Type", "application/json")
+
+	// 将JWKS转换为JSON字符串
+	jsonData, err := json.Marshal(jwks)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"error": "Failed to marshal JWKS",
+		})
+		return
+	}
+
+	c.String(http.StatusOK, string(jsonData))
+}
+
+// OAuthTokenEndpoint OAuth2 令牌端点
+func OAuthTokenEndpoint(c *gin.Context) {
+	settings := system_setting.GetOAuth2Settings()
+	if !settings.Enabled {
+		c.JSON(http.StatusNotFound, gin.H{
+			"error":             "unsupported_grant_type",
+			"error_description": "OAuth2 server is disabled",
+		})
+		return
+	}
+
+	// 只允许POST请求
+	if c.Request.Method != "POST" {
+		c.JSON(http.StatusMethodNotAllowed, gin.H{
+			"error":             "invalid_request",
+			"error_description": "Only POST method is allowed",
+		})
+		return
+	}
+
+	// 只允许application/x-www-form-urlencoded内容类型
+	contentType := c.GetHeader("Content-Type")
+	if contentType == "" || !strings.Contains(strings.ToLower(contentType), "application/x-www-form-urlencoded") {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error":             "invalid_request",
+			"error_description": "Content-Type must be application/x-www-form-urlencoded",
+		})
+		return
+	}
+
+	// lazy init
+	if err := oauth.EnsureInitialized(); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "server_error", "error_description": err.Error()})
+		return
+	}
+	oauth.HandleTokenRequest(c)
+}
+
+// OAuthAuthorizeEndpoint OAuth2 授权端点
+func OAuthAuthorizeEndpoint(c *gin.Context) {
+	settings := system_setting.GetOAuth2Settings()
+	if !settings.Enabled {
+		c.JSON(http.StatusNotFound, gin.H{
+			"error":             "server_error",
+			"error_description": "OAuth2 server is disabled",
+		})
+		return
+	}
+
+	if err := oauth.EnsureInitialized(); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "server_error", "error_description": err.Error()})
+		return
+	}
+	oauth.HandleAuthorizeRequest(c)
+}
+
+// OAuthServerInfo 获取OAuth2服务器信息
+func OAuthServerInfo(c *gin.Context) {
+	settings := system_setting.GetOAuth2Settings()
+	if !settings.Enabled {
+		c.JSON(http.StatusNotFound, gin.H{
+			"error": "OAuth2 server is disabled",
+		})
+		return
+	}
+
+	// 返回OAuth2服务器的基本信息（类似OpenID Connect Discovery）
+	issuer := settings.Issuer
+	if issuer == "" {
+		scheme := "https"
+		if c.Request.TLS == nil {
+			if hdr := c.Request.Header.Get("X-Forwarded-Proto"); hdr != "" {
+				scheme = hdr
+			} else {
+				scheme = "http"
+			}
+		}
+		issuer = scheme + "://" + c.Request.Host
+	}
+
+	base := issuer + "/api"
+	c.JSON(http.StatusOK, gin.H{
+		"issuer":                                issuer,
+		"authorization_endpoint":                base + "/oauth/authorize",
+		"token_endpoint":                        base + "/oauth/token",
+		"jwks_uri":                              base + "/.well-known/jwks.json",
+		"grant_types_supported":                 settings.AllowedGrantTypes,
+		"response_types_supported":              []string{"code", "token"},
+		"token_endpoint_auth_methods_supported": []string{"client_secret_basic", "client_secret_post"},
+		"code_challenge_methods_supported":      []string{"S256"},
+		"scopes_supported":                      []string{"openid", "profile", "email", "api:read", "api:write", "admin"},
+		"default_private_key_path":              settings.DefaultPrivateKeyPath,
+	})
+}
+
+// OAuthOIDCConfiguration OIDC discovery document
+func OAuthOIDCConfiguration(c *gin.Context) {
+	settings := system_setting.GetOAuth2Settings()
+	if !settings.Enabled {
+		c.JSON(http.StatusNotFound, gin.H{"error": "OAuth2 server is disabled"})
+		return
+	}
+	issuer := settings.Issuer
+	if issuer == "" {
+		scheme := "https"
+		if c.Request.TLS == nil {
+			if hdr := c.Request.Header.Get("X-Forwarded-Proto"); hdr != "" {
+				scheme = hdr
+			} else {
+				scheme = "http"
+			}
+		}
+		issuer = scheme + "://" + c.Request.Host
+	}
+	base := issuer + "/api"
+	c.JSON(http.StatusOK, gin.H{
+		"issuer":                                issuer,
+		"authorization_endpoint":                base + "/oauth/authorize",
+		"token_endpoint":                        base + "/oauth/token",
+		"userinfo_endpoint":                     base + "/oauth/userinfo",
+		"jwks_uri":                              base + "/.well-known/jwks.json",
+		"response_types_supported":              []string{"code", "token"},
+		"grant_types_supported":                 settings.AllowedGrantTypes,
+		"subject_types_supported":               []string{"public"},
+		"id_token_signing_alg_values_supported": []string{"RS256"},
+		"scopes_supported":                      []string{"openid", "profile", "email", "api:read", "api:write", "admin"},
+		"token_endpoint_auth_methods_supported": []string{"client_secret_basic", "client_secret_post"},
+		"code_challenge_methods_supported":      []string{"S256"},
+		"default_private_key_path":              settings.DefaultPrivateKeyPath,
+	})
+}
+
+// OAuthIntrospect 令牌内省端点（RFC 7662）
+func OAuthIntrospect(c *gin.Context) {
+	settings := system_setting.GetOAuth2Settings()
+	if !settings.Enabled {
+		c.JSON(http.StatusNotFound, gin.H{
+			"error": "OAuth2 server is disabled",
+		})
+		return
+	}
+
+	// 只允许POST请求
+	if c.Request.Method != "POST" {
+		c.JSON(http.StatusMethodNotAllowed, gin.H{
+			"error":             "invalid_request",
+			"error_description": "Only POST method is allowed",
+		})
+		return
+	}
+
+	token := c.PostForm("token")
+	if token == "" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"active": false,
+		})
+		return
+	}
+
+	tokenString := token
+
+	// 验证并解析JWT
+	parsed, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
+		if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
+			return nil, jwt.ErrTokenSignatureInvalid
+		}
+		pub := oauth.GetPublicKeyByKid(func() string {
+			if v, ok := token.Header["kid"].(string); ok {
+				return v
+			}
+			return ""
+		}())
+		if pub == nil {
+			return nil, jwt.ErrTokenUnverifiable
+		}
+		return pub, nil
+	})
+	if err != nil || !parsed.Valid {
+		c.JSON(http.StatusOK, gin.H{"active": false})
+		return
+	}
+
+	claims, ok := parsed.Claims.(jwt.MapClaims)
+	if !ok {
+		c.JSON(http.StatusOK, gin.H{"active": false})
+		return
+	}
+
+	// 检查撤销
+	if jti, ok := claims["jti"].(string); ok && jti != "" {
+		if revoked, _ := model.IsTokenRevoked(jti); revoked {
+			c.JSON(http.StatusOK, gin.H{"active": false})
+			return
+		}
+	}
+
+	// 有效
+	resp := gin.H{"active": true}
+	for k, v := range claims {
+		resp[k] = v
+	}
+	resp["token_type"] = "Bearer"
+	c.JSON(http.StatusOK, resp)
+}
+
+// OAuthRevoke 令牌撤销端点（RFC 7009）
+func OAuthRevoke(c *gin.Context) {
+	settings := system_setting.GetOAuth2Settings()
+	if !settings.Enabled {
+		c.JSON(http.StatusNotFound, gin.H{
+			"error": "OAuth2 server is disabled",
+		})
+		return
+	}
+
+	// 只允许POST请求
+	if c.Request.Method != "POST" {
+		c.JSON(http.StatusMethodNotAllowed, gin.H{
+			"error":             "invalid_request",
+			"error_description": "Only POST method is allowed",
+		})
+		return
+	}
+
+	token := c.PostForm("token")
+	if token == "" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error":             "invalid_request",
+			"error_description": "Missing token parameter",
+		})
+		return
+	}
+
+	token = c.PostForm("token")
+	if token == "" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error":             "invalid_request",
+			"error_description": "Missing token parameter",
+		})
+		return
+	}
+
+	// 尝试解析JWT，若成功则记录jti到撤销表
+	parsed, err := jwt.Parse(token, func(t *jwt.Token) (interface{}, error) {
+		if _, ok := t.Method.(*jwt.SigningMethodRSA); !ok {
+			return nil, jwt.ErrTokenSignatureInvalid
+		}
+		pub := oauth.GetRSAPublicKey()
+		if pub == nil {
+			return nil, jwt.ErrTokenUnverifiable
+		}
+		return pub, nil
+	})
+	if err == nil && parsed != nil && parsed.Valid {
+		if claims, ok := parsed.Claims.(jwt.MapClaims); ok {
+			var jti string
+			var exp int64
+			if v, ok := claims["jti"].(string); ok {
+				jti = v
+			}
+			if v, ok := claims["exp"].(float64); ok {
+				exp = int64(v)
+			} else if v, ok := claims["exp"].(int64); ok {
+				exp = v
+			}
+			if jti != "" {
+				// 如果没有exp，默认撤销至当前+TTL 10分钟
+				if exp == 0 {
+					exp = time.Now().Add(10 * time.Minute).Unix()
+				}
+				_ = model.RevokeToken(jti, exp)
+			}
+		}
+	}
+
+	c.JSON(http.StatusOK, gin.H{"success": true})
+}
+
+// OAuthUserInfo returns OIDC userinfo based on access token
+func OAuthUserInfo(c *gin.Context) {
+	settings := system_setting.GetOAuth2Settings()
+	if !settings.Enabled {
+		c.JSON(http.StatusNotFound, gin.H{"error": "OAuth2 server is disabled"})
+		return
+	}
+	// 需要 OAuthJWTAuth 中间件注入 claims
+	claims, ok := middleware.GetOAuthClaims(c)
+	if !ok {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid_token"})
+		return
+	}
+	// scope 校验：必须包含 openid
+	scope, _ := claims["scope"].(string)
+	if !strings.Contains(" "+scope+" ", " openid ") {
+		c.JSON(http.StatusForbidden, gin.H{"error": "insufficient_scope"})
+		return
+	}
+	sub, _ := claims["sub"].(string)
+	resp := gin.H{"sub": sub}
+	// 若包含 profile/email scope，补充返回
+	if strings.Contains(" "+scope+" ", " profile ") || strings.Contains(" "+scope+" ", " email ") {
+		if uid, err := strconv.Atoi(sub); err == nil {
+			if user, err2 := model.GetUserById(uid, false); err2 == nil && user != nil {
+				if strings.Contains(" "+scope+" ", " profile ") {
+					resp["name"] = user.DisplayName
+					resp["preferred_username"] = user.Username
+				}
+				if strings.Contains(" "+scope+" ", " email ") {
+					resp["email"] = user.Email
+					resp["email_verified"] = true
+				}
+			}
+		}
+	}
+	c.JSON(http.StatusOK, resp)
+}
--- a/controller/oauth_client.go
+++ b/controller/oauth_client.go
@@ -0,0 +1,374 @@
+package controller
+
+import (
+	"net/http"
+	"one-api/common"
+	"one-api/model"
+	"strconv"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+	"github.com/thanhpk/randstr"
+)
+
+// CreateOAuthClientRequest 创建OAuth客户端请求
+type CreateOAuthClientRequest struct {
+	Name         string   `json:"name" binding:"required"`
+	ClientType   string   `json:"client_type" binding:"required,oneof=confidential public"`
+	GrantTypes   []string `json:"grant_types" binding:"required"`
+	RedirectURIs []string `json:"redirect_uris"`
+	Scopes       []string `json:"scopes" binding:"required"`
+	Description  string   `json:"description"`
+	RequirePKCE  bool     `json:"require_pkce"`
+}
+
+// UpdateOAuthClientRequest 更新OAuth客户端请求
+type UpdateOAuthClientRequest struct {
+	ID           string   `json:"id" binding:"required"`
+	Name         string   `json:"name" binding:"required"`
+	ClientType   string   `json:"client_type" binding:"required,oneof=confidential public"`
+	GrantTypes   []string `json:"grant_types" binding:"required"`
+	RedirectURIs []string `json:"redirect_uris"`
+	Scopes       []string `json:"scopes" binding:"required"`
+	Description  string   `json:"description"`
+	RequirePKCE  bool     `json:"require_pkce"`
+	Status       int      `json:"status" binding:"required,oneof=1 2"`
+}
+
+// GetAllOAuthClients 获取所有OAuth客户端
+func GetAllOAuthClients(c *gin.Context) {
+	page, _ := strconv.Atoi(c.Query("page"))
+	if page < 1 {
+		page = 1
+	}
+	perPage, _ := strconv.Atoi(c.Query("per_page"))
+	if perPage < 1 || perPage > 100 {
+		perPage = 20
+	}
+
+	startIdx := (page - 1) * perPage
+	clients, err := model.GetAllOAuthClients(startIdx, perPage)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+
+	// 清理敏感信息
+	for _, client := range clients {
+		client.Secret = maskSecret(client.Secret)
+	}
+
+	total, _ := model.CountOAuthClients()
+
+	c.JSON(http.StatusOK, gin.H{
+		"success":  true,
+		"data":     clients,
+		"total":    total,
+		"page":     page,
+		"per_page": perPage,
+	})
+}
+
+// SearchOAuthClients 搜索OAuth客户端
+func SearchOAuthClients(c *gin.Context) {
+	keyword := c.Query("keyword")
+	if keyword == "" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"success": false,
+			"message": "关键词不能为空",
+		})
+		return
+	}
+
+	clients, err := model.SearchOAuthClients(keyword)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+
+	// 清理敏感信息
+	for _, client := range clients {
+		client.Secret = maskSecret(client.Secret)
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"data":    clients,
+	})
+}
+
+// GetOAuthClient 获取单个OAuth客户端
+func GetOAuthClient(c *gin.Context) {
+	id := c.Param("id")
+	if id == "" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"success": false,
+			"message": "ID不能为空",
+		})
+		return
+	}
+
+	client, err := model.GetOAuthClientByID(id)
+	if err != nil {
+		c.JSON(http.StatusNotFound, gin.H{
+			"success": false,
+			"message": "客户端不存在",
+		})
+		return
+	}
+
+	// 清理敏感信息
+	client.Secret = maskSecret(client.Secret)
+
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"data":    client,
+	})
+}
+
+// CreateOAuthClient 创建OAuth客户端
+func CreateOAuthClient(c *gin.Context) {
+	var req CreateOAuthClientRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"success": false,
+			"message": "请求参数错误: " + err.Error(),
+		})
+		return
+	}
+
+	// 验证授权类型
+	validGrantTypes := []string{"client_credentials", "authorization_code", "refresh_token"}
+	for _, grantType := range req.GrantTypes {
+		if !contains(validGrantTypes, grantType) {
+			c.JSON(http.StatusBadRequest, gin.H{
+				"success": false,
+				"message": "无效的授权类型: " + grantType,
+			})
+			return
+		}
+	}
+
+	// 如果包含authorization_code，则必须提供redirect_uris
+	if contains(req.GrantTypes, "authorization_code") && len(req.RedirectURIs) == 0 {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"success": false,
+			"message": "授权码模式需要提供重定向URI",
+		})
+		return
+	}
+
+	// 生成客户端ID和密钥
+	clientID := generateClientID()
+	clientSecret := ""
+	if req.ClientType == "confidential" {
+		clientSecret = generateClientSecret()
+	}
+
+	// 获取创建者ID
+	createdBy := c.GetInt("id")
+
+	// 创建客户端
+	client := &model.OAuthClient{
+		ID:          clientID,
+		Secret:      clientSecret,
+		Name:        req.Name,
+		ClientType:  req.ClientType,
+		RequirePKCE: req.RequirePKCE,
+		Status:      common.UserStatusEnabled,
+		CreatedBy:   createdBy,
+		Description: req.Description,
+	}
+
+	client.SetGrantTypes(req.GrantTypes)
+	client.SetRedirectURIs(req.RedirectURIs)
+	client.SetScopes(req.Scopes)
+
+	err := model.CreateOAuthClient(client)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"success": false,
+			"message": "创建客户端失败: " + err.Error(),
+		})
+		return
+	}
+
+	// 返回结果（包含完整的客户端密钥，仅此一次）
+	c.JSON(http.StatusCreated, gin.H{
+		"success":       true,
+		"message":       "客户端创建成功",
+		"client_id":     client.ID,
+		"client_secret": client.Secret, // 仅在创建时返回完整密钥
+		"data":          client,
+	})
+}
+
+// UpdateOAuthClient 更新OAuth客户端
+func UpdateOAuthClient(c *gin.Context) {
+	var req UpdateOAuthClientRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"success": false,
+			"message": "请求参数错误: " + err.Error(),
+		})
+		return
+	}
+
+	// 获取现有客户端
+	client, err := model.GetOAuthClientByID(req.ID)
+	if err != nil {
+		c.JSON(http.StatusNotFound, gin.H{
+			"success": false,
+			"message": "客户端不存在",
+		})
+		return
+	}
+
+	// 验证授权类型
+	validGrantTypes := []string{"client_credentials", "authorization_code", "refresh_token"}
+	for _, grantType := range req.GrantTypes {
+		if !contains(validGrantTypes, grantType) {
+			c.JSON(http.StatusBadRequest, gin.H{
+				"success": false,
+				"message": "无效的授权类型: " + grantType,
+			})
+			return
+		}
+	}
+
+	// 更新客户端信息
+	client.Name = req.Name
+	client.ClientType = req.ClientType
+	client.RequirePKCE = req.RequirePKCE
+	client.Status = req.Status
+	client.Description = req.Description
+	client.SetGrantTypes(req.GrantTypes)
+	client.SetRedirectURIs(req.RedirectURIs)
+	client.SetScopes(req.Scopes)
+
+	err = model.UpdateOAuthClient(client)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"success": false,
+			"message": "更新客户端失败: " + err.Error(),
+		})
+		return
+	}
+
+	// 清理敏感信息
+	client.Secret = maskSecret(client.Secret)
+
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "客户端更新成功",
+		"data":    client,
+	})
+}
+
+// DeleteOAuthClient 删除OAuth客户端
+func DeleteOAuthClient(c *gin.Context) {
+	id := c.Param("id")
+	if id == "" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"success": false,
+			"message": "ID不能为空",
+		})
+		return
+	}
+
+	err := model.DeleteOAuthClient(id)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"success": false,
+			"message": "删除客户端失败: " + err.Error(),
+		})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "客户端删除成功",
+	})
+}
+
+// RegenerateOAuthClientSecret 重新生成客户端密钥
+func RegenerateOAuthClientSecret(c *gin.Context) {
+	id := c.Param("id")
+	if id == "" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"success": false,
+			"message": "ID不能为空",
+		})
+		return
+	}
+
+	client, err := model.GetOAuthClientByID(id)
+	if err != nil {
+		c.JSON(http.StatusNotFound, gin.H{
+			"success": false,
+			"message": "客户端不存在",
+		})
+		return
+	}
+
+	// 只有机密客户端才能重新生成密钥
+	if client.ClientType != "confidential" {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"success": false,
+			"message": "只有机密客户端才能重新生成密钥",
+		})
+		return
+	}
+
+	// 生成新密钥
+	client.Secret = generateClientSecret()
+
+	err = model.UpdateOAuthClient(client)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{
+			"success": false,
+			"message": "重新生成密钥失败: " + err.Error(),
+		})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"success":       true,
+		"message":       "客户端密钥重新生成成功",
+		"client_secret": client.Secret, // 返回新生成的密钥
+	})
+}
+
+// generateClientID 生成客户端ID
+func generateClientID() string {
+	return "client_" + randstr.String(16)
+}
+
+// generateClientSecret 生成客户端密钥
+func generateClientSecret() string {
+	return randstr.String(32)
+}
+
+// maskSecret 掩码密钥显示
+func maskSecret(secret string) string {
+	if len(secret) <= 6 {
+		return strings.Repeat("*", len(secret))
+	}
+	return secret[:3] + strings.Repeat("*", len(secret)-6) + secret[len(secret)-3:]
+}
+
+// contains 检查字符串切片是否包含指定值
+func contains(slice []string, item string) bool {
+	for _, s := range slice {
+		if s == item {
+			return true
+		}
+	}
+	return false
+}
--- a/controller/oauth_keys.go
+++ b/controller/oauth_keys.go
@@ -0,0 +1,89 @@
+package controller
+
+import (
+	"github.com/gin-gonic/gin"
+	"net/http"
+	"one-api/logger"
+	"one-api/src/oauth"
+)
+
+type rotateKeyRequest struct {
+	Kid string `json:"kid"`
+}
+
+type genKeyFileRequest struct {
+	Path      string `json:"path"`
+	Kid       string `json:"kid"`
+	Overwrite bool   `json:"overwrite"`
+}
+
+type importPemRequest struct {
+	Pem string `json:"pem"`
+	Kid string `json:"kid"`
+}
+
+// RotateOAuthSigningKey rotates the OAuth2 JWT signing key (Root only)
+func RotateOAuthSigningKey(c *gin.Context) {
+	var req rotateKeyRequest
+	_ = c.BindJSON(&req)
+	kid, err := oauth.RotateSigningKey(req.Kid)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"success": false, "message": err.Error()})
+		return
+	}
+	logger.LogInfo(c, "oauth signing key rotated: "+kid)
+	c.JSON(http.StatusOK, gin.H{"success": true, "kid": kid})
+}
+
+// ListOAuthSigningKeys returns current and historical JWKS signing keys
+func ListOAuthSigningKeys(c *gin.Context) {
+	keys := oauth.ListSigningKeys()
+	c.JSON(http.StatusOK, gin.H{"success": true, "data": keys})
+}
+
+// DeleteOAuthSigningKey deletes a non-current key by kid
+func DeleteOAuthSigningKey(c *gin.Context) {
+	kid := c.Param("kid")
+	if kid == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"success": false, "message": "kid required"})
+		return
+	}
+	if err := oauth.DeleteSigningKey(kid); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"success": false, "message": err.Error()})
+		return
+	}
+	logger.LogInfo(c, "oauth signing key deleted: "+kid)
+	c.JSON(http.StatusOK, gin.H{"success": true})
+}
+
+// GenerateOAuthSigningKeyFile generates a private key file and rotates current kid
+func GenerateOAuthSigningKeyFile(c *gin.Context) {
+	var req genKeyFileRequest
+	if err := c.ShouldBindJSON(&req); err != nil || req.Path == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"success": false, "message": "path required"})
+		return
+	}
+	kid, err := oauth.GenerateAndPersistKey(req.Path, req.Kid, req.Overwrite)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"success": false, "message": err.Error()})
+		return
+	}
+	logger.LogInfo(c, "oauth signing key generated to file: "+req.Path+" kid="+kid)
+	c.JSON(http.StatusOK, gin.H{"success": true, "kid": kid, "path": req.Path})
+}
+
+// ImportOAuthSigningKey imports PEM text and rotates current kid
+func ImportOAuthSigningKey(c *gin.Context) {
+	var req importPemRequest
+	if err := c.ShouldBindJSON(&req); err != nil || req.Pem == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"success": false, "message": "pem required"})
+		return
+	}
+	kid, err := oauth.ImportPEMKey(req.Pem, req.Kid)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"success": false, "message": err.Error()})
+		return
+	}
+	logger.LogInfo(c, "oauth signing key imported from PEM, kid="+kid)
+	c.JSON(http.StatusOK, gin.H{"success": true, "kid": kid})
+}
--- a/controller/option.go
+++ b/controller/option.go
@@ -128,33 +128,6 @@ func UpdateOption(c *gin.Context) {
 			})
 			return
 		}
-	case "ImageRatio":
-		err = ratio_setting.UpdateImageRatioByJSONString(option.Value.(string))
-		if err != nil {
-			c.JSON(http.StatusOK, gin.H{
-				"success": false,
-				"message": "图片倍率设置失败: " + err.Error(),
-			})
-			return
-		}
-	case "AudioRatio":
-		err = ratio_setting.UpdateAudioRatioByJSONString(option.Value.(string))
-		if err != nil {
-			c.JSON(http.StatusOK, gin.H{
-				"success": false,
-				"message": "音频倍率设置失败: " + err.Error(),
-			})
-			return
-		}
-	case "AudioCompletionRatio":
-		err = ratio_setting.UpdateAudioCompletionRatioByJSONString(option.Value.(string))
-		if err != nil {
-			c.JSON(http.StatusOK, gin.H{
-				"success": false,
-				"message": "音频补全倍率设置失败: " + err.Error(),
-			})
-			return
-		}
 	case "ModelRequestRateLimitGroup":
 		err = setting.CheckModelRequestRateLimitGroup(option.Value.(string))
 		if err != nil {
--- a/controller/passkey.go
+++ b/controller/passkey.go
@@ -1,497 +0,0 @@
-package controller
-
-import (
-	"errors"
-	"fmt"
-	"net/http"
-	"strconv"
-	"time"
-
-	"one-api/common"
-	"one-api/model"
-	passkeysvc "one-api/service/passkey"
-	"one-api/setting/system_setting"
-
-	"github.com/gin-contrib/sessions"
-	"github.com/gin-gonic/gin"
-	"github.com/go-webauthn/webauthn/protocol"
-	webauthnlib "github.com/go-webauthn/webauthn/webauthn"
-)
-
-func PasskeyRegisterBegin(c *gin.Context) {
-	if !system_setting.GetPasskeySettings().Enabled {
-		c.JSON(http.StatusOK, gin.H{
-			"success": false,
-			"message": "管理员未启用 Passkey 登录",
-		})
-		return
-	}
-
-	user, err := getSessionUser(c)
-	if err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{
-			"success": false,
-			"message": err.Error(),
-		})
-		return
-	}
-
-	credential, err := model.GetPasskeyByUserID(user.Id)
-	if err != nil && !errors.Is(err, model.ErrPasskeyNotFound) {
-		common.ApiError(c, err)
-		return
-	}
-	if errors.Is(err, model.ErrPasskeyNotFound) {
-		credential = nil
-	}
-
-	wa, err := passkeysvc.BuildWebAuthn(c.Request)
-	if err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	waUser := passkeysvc.NewWebAuthnUser(user, credential)
-	var options []webauthnlib.RegistrationOption
-	if credential != nil {
-		descriptor := credential.ToWebAuthnCredential().Descriptor()
-		options = append(options, webauthnlib.WithExclusions([]protocol.CredentialDescriptor{descriptor}))
-	}
-
-	creation, sessionData, err := wa.BeginRegistration(waUser, options...)
-	if err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	if err := passkeysvc.SaveSessionData(c, passkeysvc.RegistrationSessionKey, sessionData); err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	c.JSON(http.StatusOK, gin.H{
-		"success": true,
-		"message": "",
-		"data": gin.H{
-			"options": creation,
-		},
-	})
-}
-
-func PasskeyRegisterFinish(c *gin.Context) {
-	if !system_setting.GetPasskeySettings().Enabled {
-		c.JSON(http.StatusOK, gin.H{
-			"success": false,
-			"message": "管理员未启用 Passkey 登录",
-		})
-		return
-	}
-
-	user, err := getSessionUser(c)
-	if err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{
-			"success": false,
-			"message": err.Error(),
-		})
-		return
-	}
-
-	wa, err := passkeysvc.BuildWebAuthn(c.Request)
-	if err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	credentialRecord, err := model.GetPasskeyByUserID(user.Id)
-	if err != nil && !errors.Is(err, model.ErrPasskeyNotFound) {
-		common.ApiError(c, err)
-		return
-	}
-	if errors.Is(err, model.ErrPasskeyNotFound) {
-		credentialRecord = nil
-	}
-
-	sessionData, err := passkeysvc.PopSessionData(c, passkeysvc.RegistrationSessionKey)
-	if err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	waUser := passkeysvc.NewWebAuthnUser(user, credentialRecord)
-	credential, err := wa.FinishRegistration(waUser, *sessionData, c.Request)
-	if err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	passkeyCredential := model.NewPasskeyCredentialFromWebAuthn(user.Id, credential)
-	if passkeyCredential == nil {
-		common.ApiErrorMsg(c, "无法创建 Passkey 凭证")
-		return
-	}
-
-	if err := model.UpsertPasskeyCredential(passkeyCredential); err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	c.JSON(http.StatusOK, gin.H{
-		"success": true,
-		"message": "Passkey 注册成功",
-	})
-}
-
-func PasskeyDelete(c *gin.Context) {
-	user, err := getSessionUser(c)
-	if err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{
-			"success": false,
-			"message": err.Error(),
-		})
-		return
-	}
-
-	if err := model.DeletePasskeyByUserID(user.Id); err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	c.JSON(http.StatusOK, gin.H{
-		"success": true,
-		"message": "Passkey 已解绑",
-	})
-}
-
-func PasskeyStatus(c *gin.Context) {
-	user, err := getSessionUser(c)
-	if err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{
-			"success": false,
-			"message": err.Error(),
-		})
-		return
-	}
-
-	credential, err := model.GetPasskeyByUserID(user.Id)
-	if errors.Is(err, model.ErrPasskeyNotFound) {
-		c.JSON(http.StatusOK, gin.H{
-			"success": true,
-			"message": "",
-			"data": gin.H{
-				"enabled": false,
-			},
-		})
-		return
-	}
-	if err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	data := gin.H{
-		"enabled":      true,
-		"last_used_at": credential.LastUsedAt,
-	}
-
-	c.JSON(http.StatusOK, gin.H{
-		"success": true,
-		"message": "",
-		"data":    data,
-	})
-}
-
-func PasskeyLoginBegin(c *gin.Context) {
-	if !system_setting.GetPasskeySettings().Enabled {
-		c.JSON(http.StatusOK, gin.H{
-			"success": false,
-			"message": "管理员未启用 Passkey 登录",
-		})
-		return
-	}
-
-	wa, err := passkeysvc.BuildWebAuthn(c.Request)
-	if err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	assertion, sessionData, err := wa.BeginDiscoverableLogin()
-	if err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	if err := passkeysvc.SaveSessionData(c, passkeysvc.LoginSessionKey, sessionData); err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	c.JSON(http.StatusOK, gin.H{
-		"success": true,
-		"message": "",
-		"data": gin.H{
-			"options": assertion,
-		},
-	})
-}
-
-func PasskeyLoginFinish(c *gin.Context) {
-	if !system_setting.GetPasskeySettings().Enabled {
-		c.JSON(http.StatusOK, gin.H{
-			"success": false,
-			"message": "管理员未启用 Passkey 登录",
-		})
-		return
-	}
-
-	wa, err := passkeysvc.BuildWebAuthn(c.Request)
-	if err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	sessionData, err := passkeysvc.PopSessionData(c, passkeysvc.LoginSessionKey)
-	if err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	handler := func(rawID, userHandle []byte) (webauthnlib.User, error) {
-		// 首先通过凭证ID查找用户
-		credential, err := model.GetPasskeyByCredentialID(rawID)
-		if err != nil {
-			return nil, fmt.Errorf("未找到 Passkey 凭证: %w", err)
-		}
-
-		// 通过凭证获取用户
-		user := &model.User{Id: credential.UserID}
-		if err := user.FillUserById(); err != nil {
-			return nil, fmt.Errorf("用户信息获取失败: %w", err)
-		}
-
-		if user.Status != common.UserStatusEnabled {
-			return nil, errors.New("该用户已被禁用")
-		}
-
-		if len(userHandle) > 0 {
-			userID, parseErr := strconv.Atoi(string(userHandle))
-			if parseErr != nil {
-				// 记录异常但继续验证，因为某些客户端可能使用非数字格式
-				common.SysLog(fmt.Sprintf("PasskeyLogin: userHandle parse error for credential, length: %d", len(userHandle)))
-			} else if userID != user.Id {
-				return nil, errors.New("用户句柄与凭证不匹配")
-			}
-		}
-
-		return passkeysvc.NewWebAuthnUser(user, credential), nil
-	}
-
-	waUser, credential, err := wa.FinishPasskeyLogin(handler, *sessionData, c.Request)
-	if err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	userWrapper, ok := waUser.(*passkeysvc.WebAuthnUser)
-	if !ok {
-		common.ApiErrorMsg(c, "Passkey 登录状态异常")
-		return
-	}
-
-	modelUser := userWrapper.ModelUser()
-	if modelUser == nil {
-		common.ApiErrorMsg(c, "Passkey 登录状态异常")
-		return
-	}
-
-	if modelUser.Status != common.UserStatusEnabled {
-		common.ApiErrorMsg(c, "该用户已被禁用")
-		return
-	}
-
-	// 更新凭证信息
-	updatedCredential := model.NewPasskeyCredentialFromWebAuthn(modelUser.Id, credential)
-	if updatedCredential == nil {
-		common.ApiErrorMsg(c, "Passkey 凭证更新失败")
-		return
-	}
-	now := time.Now()
-	updatedCredential.LastUsedAt = &now
-	if err := model.UpsertPasskeyCredential(updatedCredential); err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	setupLogin(modelUser, c)
-	return
-}
-
-func AdminResetPasskey(c *gin.Context) {
-	id, err := strconv.Atoi(c.Param("id"))
-	if err != nil {
-		common.ApiErrorMsg(c, "无效的用户 ID")
-		return
-	}
-
-	user := &model.User{Id: id}
-	if err := user.FillUserById(); err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	if _, err := model.GetPasskeyByUserID(user.Id); err != nil {
-		if errors.Is(err, model.ErrPasskeyNotFound) {
-			c.JSON(http.StatusOK, gin.H{
-				"success": false,
-				"message": "该用户尚未绑定 Passkey",
-			})
-			return
-		}
-		common.ApiError(c, err)
-		return
-	}
-
-	if err := model.DeletePasskeyByUserID(user.Id); err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	c.JSON(http.StatusOK, gin.H{
-		"success": true,
-		"message": "Passkey 已重置",
-	})
-}
-
-func PasskeyVerifyBegin(c *gin.Context) {
-	if !system_setting.GetPasskeySettings().Enabled {
-		c.JSON(http.StatusOK, gin.H{
-			"success": false,
-			"message": "管理员未启用 Passkey 登录",
-		})
-		return
-	}
-
-	user, err := getSessionUser(c)
-	if err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{
-			"success": false,
-			"message": err.Error(),
-		})
-		return
-	}
-
-	credential, err := model.GetPasskeyByUserID(user.Id)
-	if err != nil {
-		c.JSON(http.StatusOK, gin.H{
-			"success": false,
-			"message": "该用户尚未绑定 Passkey",
-		})
-		return
-	}
-
-	wa, err := passkeysvc.BuildWebAuthn(c.Request)
-	if err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	waUser := passkeysvc.NewWebAuthnUser(user, credential)
-	assertion, sessionData, err := wa.BeginLogin(waUser)
-	if err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	if err := passkeysvc.SaveSessionData(c, passkeysvc.VerifySessionKey, sessionData); err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	c.JSON(http.StatusOK, gin.H{
-		"success": true,
-		"message": "",
-		"data": gin.H{
-			"options": assertion,
-		},
-	})
-}
-
-func PasskeyVerifyFinish(c *gin.Context) {
-	if !system_setting.GetPasskeySettings().Enabled {
-		c.JSON(http.StatusOK, gin.H{
-			"success": false,
-			"message": "管理员未启用 Passkey 登录",
-		})
-		return
-	}
-
-	user, err := getSessionUser(c)
-	if err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{
-			"success": false,
-			"message": err.Error(),
-		})
-		return
-	}
-
-	wa, err := passkeysvc.BuildWebAuthn(c.Request)
-	if err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	credential, err := model.GetPasskeyByUserID(user.Id)
-	if err != nil {
-		c.JSON(http.StatusOK, gin.H{
-			"success": false,
-			"message": "该用户尚未绑定 Passkey",
-		})
-		return
-	}
-
-	sessionData, err := passkeysvc.PopSessionData(c, passkeysvc.VerifySessionKey)
-	if err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	waUser := passkeysvc.NewWebAuthnUser(user, credential)
-	_, err = wa.FinishLogin(waUser, *sessionData, c.Request)
-	if err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	// 更新凭证的最后使用时间
-	now := time.Now()
-	credential.LastUsedAt = &now
-	if err := model.UpsertPasskeyCredential(credential); err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	c.JSON(http.StatusOK, gin.H{
-		"success": true,
-		"message": "Passkey 验证成功",
-	})
-}
-
-func getSessionUser(c *gin.Context) (*model.User, error) {
-	session := sessions.Default(c)
-	idRaw := session.Get("id")
-	if idRaw == nil {
-		return nil, errors.New("未登录")
-	}
-	id, ok := idRaw.(int)
-	if !ok {
-		return nil, errors.New("无效的会话信息")
-	}
-	user := &model.User{Id: id}
-	if err := user.FillUserById(); err != nil {
-		return nil, err
-	}
-	if user.Status != common.UserStatusEnabled {
-		return nil, errors.New("该用户已被禁用")
-	}
-	return user, nil
-}
--- a/controller/secure_verification.go
+++ b/controller/secure_verification.go
@@ -1,313 +0,0 @@
-package controller
-
-import (
-	"fmt"
-	"net/http"
-	"one-api/common"
-	"one-api/model"
-	passkeysvc "one-api/service/passkey"
-	"one-api/setting/system_setting"
-	"time"
-
-	"github.com/gin-contrib/sessions"
-	"github.com/gin-gonic/gin"
-)
-
-const (
-	// SecureVerificationSessionKey 安全验证的 session key
-	SecureVerificationSessionKey = "secure_verified_at"
-	// SecureVerificationTimeout 验证有效期（秒）
-	SecureVerificationTimeout = 300 // 5分钟
-)
-
-type UniversalVerifyRequest struct {
-	Method string `json:"method"` // "2fa" 或 "passkey"
-	Code   string `json:"code,omitempty"`
-}
-
-type VerificationStatusResponse struct {
-	Verified  bool  `json:"verified"`
-	ExpiresAt int64 `json:"expires_at,omitempty"`
-}
-
-// UniversalVerify 通用验证接口
-// 支持 2FA 和 Passkey 验证，验证成功后在 session 中记录时间戳
-func UniversalVerify(c *gin.Context) {
-	userId := c.GetInt("id")
-	if userId == 0 {
-		c.JSON(http.StatusUnauthorized, gin.H{
-			"success": false,
-			"message": "未登录",
-		})
-		return
-	}
-
-	var req UniversalVerifyRequest
-	if err := c.ShouldBindJSON(&req); err != nil {
-		common.ApiError(c, fmt.Errorf("参数错误: %v", err))
-		return
-	}
-
-	// 获取用户信息
-	user := &model.User{Id: userId}
-	if err := user.FillUserById(); err != nil {
-		common.ApiError(c, fmt.Errorf("获取用户信息失败: %v", err))
-		return
-	}
-
-	if user.Status != common.UserStatusEnabled {
-		common.ApiError(c, fmt.Errorf("该用户已被禁用"))
-		return
-	}
-
-	// 检查用户的验证方式
-	twoFA, _ := model.GetTwoFAByUserId(userId)
-	has2FA := twoFA != nil && twoFA.IsEnabled
-
-	passkey, passkeyErr := model.GetPasskeyByUserID(userId)
-	hasPasskey := passkeyErr == nil && passkey != nil
-
-	if !has2FA && !hasPasskey {
-		common.ApiError(c, fmt.Errorf("用户未启用2FA或Passkey"))
-		return
-	}
-
-	// 根据验证方式进行验证
-	var verified bool
-	var verifyMethod string
-
-	switch req.Method {
-	case "2fa":
-		if !has2FA {
-			common.ApiError(c, fmt.Errorf("用户未启用2FA"))
-			return
-		}
-		if req.Code == "" {
-			common.ApiError(c, fmt.Errorf("验证码不能为空"))
-			return
-		}
-		verified = validateTwoFactorAuth(twoFA, req.Code)
-		verifyMethod = "2FA"
-
-	case "passkey":
-		if !hasPasskey {
-			common.ApiError(c, fmt.Errorf("用户未启用Passkey"))
-			return
-		}
-		// Passkey 验证需要先调用 PasskeyVerifyBegin 和 PasskeyVerifyFinish
-		// 这里只是验证 Passkey 验证流程是否已经完成
-		// 实际上，前端应该先调用这两个接口，然后再调用本接口
-		verified = true // Passkey 验证逻辑已在 PasskeyVerifyFinish 中完成
-		verifyMethod = "Passkey"
-
-	default:
-		common.ApiError(c, fmt.Errorf("不支持的验证方式: %s", req.Method))
-		return
-	}
-
-	if !verified {
-		common.ApiError(c, fmt.Errorf("验证失败，请检查验证码"))
-		return
-	}
-
-	// 验证成功，在 session 中记录时间戳
-	session := sessions.Default(c)
-	now := time.Now().Unix()
-	session.Set(SecureVerificationSessionKey, now)
-	if err := session.Save(); err != nil {
-		common.ApiError(c, fmt.Errorf("保存验证状态失败: %v", err))
-		return
-	}
-
-	// 记录日志
-	model.RecordLog(userId, model.LogTypeSystem, fmt.Sprintf("通用安全验证成功 (验证方式: %s)", verifyMethod))
-
-	c.JSON(http.StatusOK, gin.H{
-		"success": true,
-		"message": "验证成功",
-		"data": gin.H{
-			"verified":   true,
-			"expires_at": now + SecureVerificationTimeout,
-		},
-	})
-}
-
-// GetVerificationStatus 获取验证状态
-func GetVerificationStatus(c *gin.Context) {
-	userId := c.GetInt("id")
-	if userId == 0 {
-		c.JSON(http.StatusUnauthorized, gin.H{
-			"success": false,
-			"message": "未登录",
-		})
-		return
-	}
-
-	session := sessions.Default(c)
-	verifiedAtRaw := session.Get(SecureVerificationSessionKey)
-
-	if verifiedAtRaw == nil {
-		c.JSON(http.StatusOK, gin.H{
-			"success": true,
-			"message": "",
-			"data": VerificationStatusResponse{
-				Verified: false,
-			},
-		})
-		return
-	}
-
-	verifiedAt, ok := verifiedAtRaw.(int64)
-	if !ok {
-		c.JSON(http.StatusOK, gin.H{
-			"success": true,
-			"message": "",
-			"data": VerificationStatusResponse{
-				Verified: false,
-			},
-		})
-		return
-	}
-
-	elapsed := time.Now().Unix() - verifiedAt
-	if elapsed >= SecureVerificationTimeout {
-		// 验证已过期
-		session.Delete(SecureVerificationSessionKey)
-		_ = session.Save()
-		c.JSON(http.StatusOK, gin.H{
-			"success": true,
-			"message": "",
-			"data": VerificationStatusResponse{
-				Verified: false,
-			},
-		})
-		return
-	}
-
-	c.JSON(http.StatusOK, gin.H{
-		"success": true,
-		"message": "",
-		"data": VerificationStatusResponse{
-			Verified:  true,
-			ExpiresAt: verifiedAt + SecureVerificationTimeout,
-		},
-	})
-}
-
-// CheckSecureVerification 检查是否已通过安全验证
-// 返回 true 表示验证有效，false 表示需要重新验证
-func CheckSecureVerification(c *gin.Context) bool {
-	session := sessions.Default(c)
-	verifiedAtRaw := session.Get(SecureVerificationSessionKey)
-
-	if verifiedAtRaw == nil {
-		return false
-	}
-
-	verifiedAt, ok := verifiedAtRaw.(int64)
-	if !ok {
-		return false
-	}
-
-	elapsed := time.Now().Unix() - verifiedAt
-	if elapsed >= SecureVerificationTimeout {
-		// 验证已过期，清除 session
-		session.Delete(SecureVerificationSessionKey)
-		_ = session.Save()
-		return false
-	}
-
-	return true
-}
-
-// PasskeyVerifyAndSetSession Passkey 验证完成后设置 session
-// 这是一个辅助函数，供 PasskeyVerifyFinish 调用
-func PasskeyVerifyAndSetSession(c *gin.Context) {
-	session := sessions.Default(c)
-	now := time.Now().Unix()
-	session.Set(SecureVerificationSessionKey, now)
-	_ = session.Save()
-}
-
-// PasskeyVerifyForSecure 用于安全验证的 Passkey 验证流程
-// 整合了 begin 和 finish 流程
-func PasskeyVerifyForSecure(c *gin.Context) {
-	if !system_setting.GetPasskeySettings().Enabled {
-		c.JSON(http.StatusOK, gin.H{
-			"success": false,
-			"message": "管理员未启用 Passkey 登录",
-		})
-		return
-	}
-
-	userId := c.GetInt("id")
-	if userId == 0 {
-		c.JSON(http.StatusUnauthorized, gin.H{
-			"success": false,
-			"message": "未登录",
-		})
-		return
-	}
-
-	user := &model.User{Id: userId}
-	if err := user.FillUserById(); err != nil {
-		common.ApiError(c, fmt.Errorf("获取用户信息失败: %v", err))
-		return
-	}
-
-	if user.Status != common.UserStatusEnabled {
-		common.ApiError(c, fmt.Errorf("该用户已被禁用"))
-		return
-	}
-
-	credential, err := model.GetPasskeyByUserID(userId)
-	if err != nil {
-		c.JSON(http.StatusOK, gin.H{
-			"success": false,
-			"message": "该用户尚未绑定 Passkey",
-		})
-		return
-	}
-
-	wa, err := passkeysvc.BuildWebAuthn(c.Request)
-	if err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	waUser := passkeysvc.NewWebAuthnUser(user, credential)
-	sessionData, err := passkeysvc.PopSessionData(c, passkeysvc.VerifySessionKey)
-	if err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	_, err = wa.FinishLogin(waUser, *sessionData, c.Request)
-	if err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	// 更新凭证的最后使用时间
-	now := time.Now()
-	credential.LastUsedAt = &now
-	if err := model.UpsertPasskeyCredential(credential); err != nil {
-		common.ApiError(c, err)
-		return
-	}
-
-	// 验证成功，设置 session
-	PasskeyVerifyAndSetSession(c)
-
-	// 记录日志
-	model.RecordLog(userId, model.LogTypeSystem, "Passkey 安全验证成功")
-
-	c.JSON(http.StatusOK, gin.H{
-		"success": true,
-		"message": "Passkey 验证成功",
-		"data": gin.H{
-			"verified":   true,
-			"expires_at": time.Now().Unix() + SecureVerificationTimeout,
-		},
-	})
-}
--- a/controller/setup.go
+++ b/controller/setup.go
@@ -53,7 +53,7 @@ func GetSetup(c *gin.Context) {
 func PostSetup(c *gin.Context) {
 	// Check if setup is already completed
 	if constant.Setup {
-		c.JSON(200, gin.H{
+		c.JSON(400, gin.H{
 			"success": false,
 			"message": "系统已经初始化完成",
 		})
@@ -66,7 +66,7 @@ func PostSetup(c *gin.Context) {
 	var req SetupRequest
 	err := c.ShouldBindJSON(&req)
 	if err != nil {
-		c.JSON(200, gin.H{
+		c.JSON(400, gin.H{
 			"success": false,
 			"message": "请求参数有误",
 		})
@@ -77,7 +77,7 @@ func PostSetup(c *gin.Context) {
 	if !rootExists {
 		// Validate username length: max 12 characters to align with model.User validation
 		if len(req.Username) > 12 {
-			c.JSON(200, gin.H{
+			c.JSON(400, gin.H{
 				"success": false,
 				"message": "用户名长度不能超过12个字符",
 			})
@@ -85,7 +85,7 @@ func PostSetup(c *gin.Context) {
 		}
 		// Validate password
 		if req.Password != req.ConfirmPassword {
-			c.JSON(200, gin.H{
+			c.JSON(400, gin.H{
 				"success": false,
 				"message": "两次输入的密码不一致",
 			})
@@ -93,7 +93,7 @@ func PostSetup(c *gin.Context) {
 		}

 		if len(req.Password) < 8 {
-			c.JSON(200, gin.H{
+			c.JSON(400, gin.H{
 				"success": false,
 				"message": "密码长度至少为8个字符",
 			})
@@ -103,7 +103,7 @@ func PostSetup(c *gin.Context) {
 		// Create root user
 		hashedPassword, err := common.Password2Hash(req.Password)
 		if err != nil {
-			c.JSON(200, gin.H{
+			c.JSON(500, gin.H{
 				"success": false,
 				"message": "系统错误: " + err.Error(),
 			})
@@ -120,7 +120,7 @@ func PostSetup(c *gin.Context) {
 		}
 		err = model.DB.Create(&rootUser).Error
 		if err != nil {
-			c.JSON(200, gin.H{
+			c.JSON(500, gin.H{
 				"success": false,
 				"message": "创建管理员账号失败: " + err.Error(),
 			})
@@ -135,7 +135,7 @@ func PostSetup(c *gin.Context) {
 	// Save operation modes to database for persistence
 	err = model.UpdateOption("SelfUseModeEnabled", boolToString(req.SelfUseModeEnabled))
 	if err != nil {
-		c.JSON(200, gin.H{
+		c.JSON(500, gin.H{
 			"success": false,
 			"message": "保存自用模式设置失败: " + err.Error(),
 		})
@@ -144,7 +144,7 @@ func PostSetup(c *gin.Context) {

 	err = model.UpdateOption("DemoSiteEnabled", boolToString(req.DemoSiteEnabled))
 	if err != nil {
-		c.JSON(200, gin.H{
+		c.JSON(500, gin.H{
 			"success": false,
 			"message": "保存演示站点模式设置失败: " + err.Error(),
 		})
@@ -160,7 +160,7 @@ func PostSetup(c *gin.Context) {
 	}
 	err = model.DB.Create(&setup).Error
 	if err != nil {
-		c.JSON(200, gin.H{
+		c.JSON(500, gin.H{
 			"success": false,
 			"message": "系统初始化失败: " + err.Error(),
 		})
@@ -178,4 +178,4 @@ func boolToString(b bool) string {
 		return "true"
 	}
 	return "false"
-}
+}
--- a/controller/task_video.go
+++ b/controller/task_video.go
@@ -13,7 +13,6 @@ import (
 	"one-api/relay"
 	"one-api/relay/channel"
 	relaycommon "one-api/relay/common"
-	"one-api/setting/ratio_setting"
 	"time"
 )

@@ -121,91 +120,6 @@ func updateVideoSingleTask(ctx context.Context, adaptor channel.TaskAdaptor, cha
 		if !(len(taskResult.Url) > 5 && taskResult.Url[:5] == "data:") {
 			task.FailReason = taskResult.Url
 		}
-
-		// 如果返回了 total_tokens 并且配置了模型倍率(非固定价格),则重新计费
-		if taskResult.TotalTokens > 0 {
-			// 获取模型名称
-			var taskData map[string]interface{}
-			if err := json.Unmarshal(task.Data, &taskData); err == nil {
-				if modelName, ok := taskData["model"].(string); ok && modelName != "" {
-					// 获取模型价格和倍率
-					modelRatio, hasRatioSetting, _ := ratio_setting.GetModelRatio(modelName)
-
-					// 只有配置了倍率(非固定价格)时才按 token 重新计费
-					if hasRatioSetting && modelRatio > 0 {
-						// 获取用户和组的倍率信息
-						user, err := model.GetUserById(task.UserId, false)
-						if err == nil {
-							groupRatio := ratio_setting.GetGroupRatio(user.Group)
-							userGroupRatio, hasUserGroupRatio := ratio_setting.GetGroupGroupRatio(user.Group, user.Group)
-
-							var finalGroupRatio float64
-							if hasUserGroupRatio {
-								finalGroupRatio = userGroupRatio
-							} else {
-								finalGroupRatio = groupRatio
-							}
-
-							// 计算实际应扣费额度: totalTokens * modelRatio * groupRatio
-							actualQuota := int(float64(taskResult.TotalTokens) * modelRatio * finalGroupRatio)
-
-							// 计算差额
-							preConsumedQuota := task.Quota
-							quotaDelta := actualQuota - preConsumedQuota
-
-							if quotaDelta > 0 {
-								// 需要补扣费
-								logger.LogInfo(ctx, fmt.Sprintf("视频任务 %s 预扣费后补扣费：%s（实际消耗：%s，预扣费：%s，tokens：%d）",
-									task.TaskID,
-									logger.LogQuota(quotaDelta),
-									logger.LogQuota(actualQuota),
-									logger.LogQuota(preConsumedQuota),
-									taskResult.TotalTokens,
-								))
-								if err := model.DecreaseUserQuota(task.UserId, quotaDelta); err != nil {
-									logger.LogError(ctx, fmt.Sprintf("补扣费失败: %s", err.Error()))
-								} else {
-									model.UpdateUserUsedQuotaAndRequestCount(task.UserId, quotaDelta)
-									model.UpdateChannelUsedQuota(task.ChannelId, quotaDelta)
-									task.Quota = actualQuota // 更新任务记录的实际扣费额度
-
-									// 记录消费日志
-									logContent := fmt.Sprintf("视频任务成功补扣费，模型倍率 %.2f，分组倍率 %.2f，tokens %d，预扣费 %s，实际扣费 %s，补扣费 %s",
-										modelRatio, finalGroupRatio, taskResult.TotalTokens,
-										logger.LogQuota(preConsumedQuota), logger.LogQuota(actualQuota), logger.LogQuota(quotaDelta))
-									model.RecordLog(task.UserId, model.LogTypeSystem, logContent)
-								}
-							} else if quotaDelta < 0 {
-								// 需要退还多扣的费用
-								refundQuota := -quotaDelta
-								logger.LogInfo(ctx, fmt.Sprintf("视频任务 %s 预扣费后返还：%s（实际消耗：%s，预扣费：%s，tokens：%d）",
-									task.TaskID,
-									logger.LogQuota(refundQuota),
-									logger.LogQuota(actualQuota),
-									logger.LogQuota(preConsumedQuota),
-									taskResult.TotalTokens,
-								))
-								if err := model.IncreaseUserQuota(task.UserId, refundQuota, false); err != nil {
-									logger.LogError(ctx, fmt.Sprintf("退还预扣费失败: %s", err.Error()))
-								} else {
-									task.Quota = actualQuota // 更新任务记录的实际扣费额度
-
-									// 记录退款日志
-									logContent := fmt.Sprintf("视频任务成功退还多扣费用，模型倍率 %.2f，分组倍率 %.2f，tokens %d，预扣费 %s，实际扣费 %s，退还 %s",
-										modelRatio, finalGroupRatio, taskResult.TotalTokens,
-										logger.LogQuota(preConsumedQuota), logger.LogQuota(actualQuota), logger.LogQuota(refundQuota))
-									model.RecordLog(task.UserId, model.LogTypeSystem, logContent)
-								}
-							} else {
-								// quotaDelta == 0, 预扣费刚好准确
-								logger.LogInfo(ctx, fmt.Sprintf("视频任务 %s 预扣费准确（%s，tokens：%d）",
-									task.TaskID, logger.LogQuota(actualQuota), taskResult.TotalTokens))
-							}
-						}
-					}
-				}
-			}
-		}
 	case model.TaskStatusFailure:
 		task.Status = model.TaskStatusFailure
 		task.Progress = "100%"
--- a/controller/telegram.go
+++ b/controller/telegram.go
@@ -65,7 +65,7 @@ func TelegramBind(c *gin.Context) {
 		return
 	}

-	c.Redirect(302, "/console/personal")
+	c.Redirect(302, "/setting")
 }

 func TelegramLogin(c *gin.Context) {
--- a/controller/topup.go
+++ b/controller/topup.go
@@ -86,9 +86,8 @@ func GetEpayClient() *epay.Client {

 func getPayMoney(amount int64, group string) float64 {
 	dAmount := decimal.NewFromInt(amount)
-	// 充值金额以“展示类型”为准：
-	// - USD/CNY: 前端传 amount 为金额单位；TOKENS: 前端传 tokens，需要换成 USD 金额
-	if operation_setting.GetQuotaDisplayType() == operation_setting.QuotaDisplayTypeTokens {
+
+	if !common.DisplayInCurrencyEnabled {
 		dQuotaPerUnit := decimal.NewFromFloat(common.QuotaPerUnit)
 		dAmount = dAmount.Div(dQuotaPerUnit)
 	}
@@ -116,7 +115,7 @@ func getPayMoney(amount int64, group string) float64 {

 func getMinTopup() int64 {
 	minTopup := operation_setting.MinTopUp
-	if operation_setting.GetQuotaDisplayType() == operation_setting.QuotaDisplayTypeTokens {
+	if !common.DisplayInCurrencyEnabled {
 		dMinTopup := decimal.NewFromInt(int64(minTopup))
 		dQuotaPerUnit := decimal.NewFromFloat(common.QuotaPerUnit)
 		minTopup = int(dMinTopup.Mul(dQuotaPerUnit).IntPart())
@@ -177,7 +176,7 @@ func RequestEpay(c *gin.Context) {
 		return
 	}
 	amount := req.Amount
-	if operation_setting.GetQuotaDisplayType() == operation_setting.QuotaDisplayTypeTokens {
+	if !common.DisplayInCurrencyEnabled {
 		dAmount := decimal.NewFromInt(int64(amount))
 		dQuotaPerUnit := decimal.NewFromFloat(common.QuotaPerUnit)
 		amount = dAmount.Div(dQuotaPerUnit).IntPart()
--- a/controller/topup_stripe.go
+++ b/controller/topup_stripe.go
@@ -225,8 +225,7 @@ func genStripeLink(referenceId string, customerId string, email string, amount i
 				Quantity: stripe.Int64(amount),
 			},
 		},
-		Mode:                stripe.String(string(stripe.CheckoutSessionModePayment)),
-		AllowPromotionCodes: stripe.Bool(setting.StripePromotionCodesEnabled),
+		Mode: stripe.String(string(stripe.CheckoutSessionModePayment)),
 	}

 	if "" == customerId {
@@ -258,7 +257,7 @@ func GetChargedAmount(count float64, user model.User) float64 {

 func getStripePayMoney(amount float64, group string) float64 {
 	originalAmount := amount
-	if operation_setting.GetQuotaDisplayType() == operation_setting.QuotaDisplayTypeTokens {
+	if !common.DisplayInCurrencyEnabled {
 		amount = amount / common.QuotaPerUnit
 	}
 	// Using float64 for monetary calculations is acceptable here due to the small amounts involved
@@ -279,7 +278,7 @@ func getStripePayMoney(amount float64, group string) float64 {

 func getStripeMinTopup() int64 {
 	minTopup := setting.StripeMinTopUp
-	if operation_setting.GetQuotaDisplayType() == operation_setting.QuotaDisplayTypeTokens {
+	if !common.DisplayInCurrencyEnabled {
 		minTopup = minTopup * int(common.QuotaPerUnit)
 	}
 	return int64(minTopup)
--- a/controller/user.go
+++ b/controller/user.go
@@ -450,10 +450,6 @@ func GetSelf(c *gin.Context) {
 		"role":              user.Role,
 		"status":            user.Status,
 		"email":             user.Email,
-		"github_id":         user.GitHubId,
-		"oidc_id":           user.OidcId,
-		"wechat_id":         user.WeChatId,
-		"telegram_id":       user.TelegramId,
 		"group":             user.Group,
 		"quota":             user.Quota,
 		"used_quota":        user.UsedQuota,
@@ -1102,9 +1098,6 @@ type UpdateUserSettingRequest struct {
 	WebhookSecret              string  `json:"webhook_secret,omitempty"`
 	NotificationEmail          string  `json:"notification_email,omitempty"`
 	BarkUrl                    string  `json:"bark_url,omitempty"`
-	GotifyUrl                  string  `json:"gotify_url,omitempty"`
-	GotifyToken                string  `json:"gotify_token,omitempty"`
-	GotifyPriority             int     `json:"gotify_priority,omitempty"`
 	AcceptUnsetModelRatioModel bool    `json:"accept_unset_model_ratio_model"`
 	RecordIpLog                bool    `json:"record_ip_log"`
 }
@@ -1120,7 +1113,7 @@ func UpdateUserSetting(c *gin.Context) {
 	}

 	// 验证预警类型
-	if req.QuotaWarningType != dto.NotifyTypeEmail && req.QuotaWarningType != dto.NotifyTypeWebhook && req.QuotaWarningType != dto.NotifyTypeBark && req.QuotaWarningType != dto.NotifyTypeGotify {
+	if req.QuotaWarningType != dto.NotifyTypeEmail && req.QuotaWarningType != dto.NotifyTypeWebhook && req.QuotaWarningType != dto.NotifyTypeBark {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
 			"message": "无效的预警类型",
@@ -1195,40 +1188,6 @@ func UpdateUserSetting(c *gin.Context) {
 		}
 	}

-	// 如果是Gotify类型，验证Gotify URL和Token
-	if req.QuotaWarningType == dto.NotifyTypeGotify {
-		if req.GotifyUrl == "" {
-			c.JSON(http.StatusOK, gin.H{
-				"success": false,
-				"message": "Gotify服务器地址不能为空",
-			})
-			return
-		}
-		if req.GotifyToken == "" {
-			c.JSON(http.StatusOK, gin.H{
-				"success": false,
-				"message": "Gotify令牌不能为空",
-			})
-			return
-		}
-		// 验证URL格式
-		if _, err := url.ParseRequestURI(req.GotifyUrl); err != nil {
-			c.JSON(http.StatusOK, gin.H{
-				"success": false,
-				"message": "无效的Gotify服务器地址",
-			})
-			return
-		}
-		// 检查是否是HTTP或HTTPS
-		if !strings.HasPrefix(req.GotifyUrl, "https://") && !strings.HasPrefix(req.GotifyUrl, "http://") {
-			c.JSON(http.StatusOK, gin.H{
-				"success": false,
-				"message": "Gotify服务器地址必须以http://或https://开头",
-			})
-			return
-		}
-	}
-
 	userId := c.GetInt("id")
 	user, err := model.GetUserById(userId, true)
 	if err != nil {
@@ -1262,18 +1221,6 @@ func UpdateUserSetting(c *gin.Context) {
 		settings.BarkUrl = req.BarkUrl
 	}

-	// 如果是Gotify类型，添加Gotify配置到设置中
-	if req.QuotaWarningType == dto.NotifyTypeGotify {
-		settings.GotifyUrl = req.GotifyUrl
-		settings.GotifyToken = req.GotifyToken
-		// Gotify优先级范围0-10，超出范围则使用默认值5
-		if req.GotifyPriority < 0 || req.GotifyPriority > 10 {
-			settings.GotifyPriority = 5
-		} else {
-			settings.GotifyPriority = req.GotifyPriority
-		}
-	}
-
 	// 更新用户设置
 	user.SetSetting(settings)
 	if err := user.Update(false); err != nil {
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,18 +1,4 @@
-# New-API Docker Compose Configuration
-# 
-# Quick Start:
-#   1. docker-compose up -d
-#   2. Access at http://localhost:3000
-#
-# Using MySQL instead of PostgreSQL:
-#   1. Comment out the postgres service and SQL_DSN line 15
-#   2. Uncomment the mysql service and SQL_DSN line 16
-#   3. Uncomment mysql in depends_on (line 28)
-#   4. Uncomment mysql_data in volumes section (line 64)
-#
-# ⚠️  IMPORTANT: Change all default passwords before deploying to production!
-
-version: '3.4' # For compatibility with older Docker versions
+version: '3.4'

 services:
  new-api:
@@ -26,22 +12,21 @@ services:
      - ./data:/data
      - ./logs:/app/logs
    environment:
-      - SQL_DSN=postgresql://root:123456@postgres:5432/new-api # ⚠️ IMPORTANT: Change the password in production!
-#      - SQL_DSN=root:123456@tcp(mysql:3306)/new-api  # Point to the mysql service, uncomment if using MySQL
+      - SQL_DSN=root:123456@tcp(mysql:3306)/new-api  # Point to the mysql service
      - REDIS_CONN_STRING=redis://redis
      - TZ=Asia/Shanghai
      - ERROR_LOG_ENABLED=true # 是否启用错误日志记录
-      - BATCH_UPDATE_ENABLED=true  # 是否启用批量更新 batch update enabled
-#      - STREAMING_TIMEOUT=300  # 流模式无响应超时时间，单位秒，默认120秒，如果出现空补全可以尝试改为更大值 Streaming timeout in seconds, default is 120s. Increase if experiencing empty completions
-#      - SESSION_SECRET=random_string  # 多机部署时设置，必须修改这个随机字符串！！ multi-node deployment, set this to a random string!!!!!!!
-#      - SYNC_FREQUENCY=60  # Uncomment if regular database syncing is needed
+    #      - STREAMING_TIMEOUT=300  # 流模式无响应超时时间，单位秒，默认120秒，如果出现空补全可以尝试改为更大值
+    #      - SESSION_SECRET=random_string  # 多机部署时设置，必须修改这个随机字符串！！！！！！！
+    #      - NODE_TYPE=slave  # Uncomment for slave node in multi-node deployment
+    #      - SYNC_FREQUENCY=60  # Uncomment if regular database syncing is needed
+    #      - FRONTEND_BASE_URL=https://openai.justsong.cn  # Uncomment for multi-node deployment with front-end URL

    depends_on:
      - redis
-      - postgres
-#      - mysql  # Uncomment if using MySQL
+      - mysql
    healthcheck:
-      test: ["CMD-SHELL", "wget -q -O - http://localhost:3000/api/status | grep -o '\"success\":\\s*true' || exit 1"]
+      test: ["CMD-SHELL", "wget -q -O - http://localhost:3000/api/status | grep -o '\"success\":\\s*true' | awk -F: '{print $$2}'"]
      interval: 30s
      timeout: 10s
      retries: 3
@@ -51,31 +36,17 @@ services:
    container_name: redis
    restart: always

-  postgres:
-    image: postgres:15
-    container_name: postgres
+  mysql:
+    image: mysql:8.2
+    container_name: mysql
    restart: always
    environment:
-      POSTGRES_USER: root
-      POSTGRES_PASSWORD: 123456  # ⚠️ IMPORTANT: Change this password in production!
-      POSTGRES_DB: new-api
+      MYSQL_ROOT_PASSWORD: 123456  # Ensure this matches the password in SQL_DSN
+      MYSQL_DATABASE: new-api
    volumes:
-      - pg_data:/var/lib/postgresql/data
-#    ports:
-#      - "5432:5432"  # Uncomment if you need to access PostgreSQL from outside Docker
-
-#  mysql:
-#    image: mysql:8.2
-#    container_name: mysql
-#    restart: always
-#    environment:
-#      MYSQL_ROOT_PASSWORD: 123456  # ⚠️ IMPORTANT: Change this password in production!
-#      MYSQL_DATABASE: new-api
-#    volumes:
-#      - mysql_data:/var/lib/mysql
-#    ports:
-#      - "3306:3306"  # Uncomment if you need to access MySQL from outside Docker
+      - mysql_data:/var/lib/mysql
+    # ports:
+    #   - "3306:3306"  # If you want to access MySQL from outside Docker, uncomment

 volumes:
-  pg_data:
-#  mysql_data:
+  mysql_data:
--- a/docs/translation-glossary.md
+++ b/docs/translation-glossary.md
@@ -1,72 +0,0 @@
-# 翻译术语表 (Translation Glossary)
-
-本文档为翻译贡献者提供项目中关键术语的标准翻译参考，以确保翻译的一致性和准确性。
-
-This document provides standard translation references for key terminology in the project to ensure consistency and accuracy for translation contributors.
-
-## 核心概念 (Core Concepts)
-
-| 中文 | English | 说明 | Description |
-|------|---------|------|-------------|
-| 倍率 | Ratio | 用于计算价格的乘数因子 | Multiplier factor used for price calculation |
-| 令牌 | Token | API访问凭证，也指模型处理的文本单元 | API access credentials or text units processed by models |
-| 渠道 | Channel | API服务提供商的接入通道 | Access channel for API service providers |
-| 分组 | Group | 用户或令牌的分类，影响价格倍率 | Classification of users or tokens, affecting price ratios |
-| 额度 | Quota | 用户可用的服务额度 | Available service quota for users |
-
-## 模型相关 (Model Related)
-
-| 中文 | English | 说明 | Description |
-|------|---------|------|-------------|
-| 提示 | Prompt | 模型输入内容 | Model input content |
-| 补全 | Completion | 模型输出内容 | Model output content |
-| 输入 | Input/Prompt | 发送给模型的内容 | Content sent to the model |
-| 输出 | Output/Completion | 模型返回的内容 | Content returned by the model |
-| 模型倍率 | Model Ratio | 不同模型的计费倍率 | Billing ratio for different models |
-| 补全倍率 | Completion Ratio | 输出内容的额外计费倍率 | Additional billing ratio for output content |
-| 固定价格 | Price per call | 按次计费的价格 | Fixed price per call |
-| 按量计费 | Pay-as-you-go | 根据使用量计费 | Billing based on usage |
-| 按次计费 | Pay-per-view | 每次调用固定价格 | Fixed price per invocation |
-
-## 用户管理 (User Management)
-
-| 中文 | English | 说明 | Description |
-|------|---------|------|-------------|
-| 超级管理员 | Root User | 最高权限管理员 | Administrator with highest privileges |
-| 管理员 | Admin User | 系统管理员 | System administrator |
-| 普通用户 | Normal User | 普通权限用户 | Regular user with standard privileges |
-
-## 充值与兑换 (Recharge & Redemption)
-
-| 中文 | English | 说明 | Description |
-|------|---------|------|-------------|
-| 充值 | Top Up | 为账户增加额度 | Add quota to account |
-| 兑换码 | Redemption Code | 可兑换额度的代码 | Code that can be redeemed for quota |
-
-## 渠道管理 (Channel Management)
-
-| 中文 | English | 说明 | Description |
-|------|---------|------|-------------|
-| 渠道 | Channel | API服务提供通道 | API service provider channel |
-| 密钥 | Key | API访问密钥 | API access key |
-| 优先级 | Priority | 渠道选择优先级 | Channel selection priority |
-| 权重 | Weight | 负载均衡权重 | Load balancing weight |
-| 代理 | Proxy | 代理服务器地址 | Proxy server address |
-| 模型重定向 | Model Mapping | 请求体中模型名称替换 | Model name replacement in request body |
-
-## 翻译注意事项 (Translation Guidelines)
-
- **提示 (Prompt)** = 模型输入内容 / Model input content
- **补全 (Completion)** = 模型输出内容 / Model output content
- **倍率 (Ratio)** = 价格计算的乘数因子 / Multiplier factor for price calculation
- **额度 (Quota)** = 可用的用户服务额度，有时也翻译为 Credit / Available service quota for users, sometimes also translated as Credit
- **Token** = 根据上下文可能指 / Depending on context, may refer to:
-  - API访问令牌 (API Token)
-  - 模型处理的文本单元 (Text Token)
-  - 系统访问令牌 (Access Token)
-
---
-
-**贡献说明**: 如发现术语翻译不一致或有更好的翻译建议，欢迎提交 Issue 或 Pull Request。
-
-**Contribution Note**: If you find any inconsistencies in terminology translations or have better translation suggestions, please feel free to submit an Issue or Pull Request.
--- a/dto/channel_settings.go
+++ b/dto/channel_settings.go
@@ -19,15 +19,4 @@ const (
 type ChannelOtherSettings struct {
 	AzureResponsesVersion string        `json:"azure_responses_version,omitempty"`
 	VertexKeyType         VertexKeyType `json:"vertex_key_type,omitempty"` // "json" or "api_key"
-	OpenRouterEnterprise  *bool         `json:"openrouter_enterprise,omitempty"`
-	AllowServiceTier      bool          `json:"allow_service_tier,omitempty"`      // 是否允许 service_tier 透传（默认过滤以避免额外计费）
-	DisableStore          bool          `json:"disable_store,omitempty"`           // 是否禁用 store 透传（默认允许透传，禁用后可能导致 Codex 无法使用）
-	AllowSafetyIdentifier bool          `json:"allow_safety_identifier,omitempty"` // 是否允许 safety_identifier 透传（默认过滤以保护用户隐私）
-}
-
-func (s *ChannelOtherSettings) IsOpenRouterEnterprise() bool {
-	if s == nil || s.OpenRouterEnterprise == nil {
-		return false
-	}
-	return *s.OpenRouterEnterprise
 }
--- a/dto/claude.go
+++ b/dto/claude.go
@@ -195,15 +195,11 @@ type ClaudeRequest struct {
 	Temperature       *float64        `json:"temperature,omitempty"`
 	TopP              float64         `json:"top_p,omitempty"`
 	TopK              int             `json:"top_k,omitempty"`
-	Stream            bool            `json:"stream,omitempty"`
-	Tools             any             `json:"tools,omitempty"`
-	ContextManagement json.RawMessage `json:"context_management,omitempty"`
-	ToolChoice        any             `json:"tool_choice,omitempty"`
-	Thinking          *Thinking       `json:"thinking,omitempty"`
-	McpServers        json.RawMessage `json:"mcp_servers,omitempty"`
-	Metadata          json.RawMessage `json:"metadata,omitempty"`
-	// 服务层级字段，用于指定 API 服务等级。允许透传可能导致实际计费高于预期，默认应过滤
-	ServiceTier string `json:"service_tier,omitempty"`
+	//ClaudeMetadata    `json:"metadata,omitempty"`
+	Stream     bool      `json:"stream,omitempty"`
+	Tools      any       `json:"tools,omitempty"`
+	ToolChoice any       `json:"tool_choice,omitempty"`
+	Thinking   *Thinking `json:"thinking,omitempty"`
 }

 func (c *ClaudeRequest) GetTokenCountMeta() *types.TokenCountMeta {
--- a/dto/gemini.go
+++ b/dto/gemini.go
@@ -2,12 +2,11 @@ package dto

 import (
 	"encoding/json"
+	"github.com/gin-gonic/gin"
 	"one-api/common"
 	"one-api/logger"
 	"one-api/types"
 	"strings"
-
-	"github.com/gin-gonic/gin"
 )

 type GeminiChatRequest struct {
@@ -15,30 +14,7 @@ type GeminiChatRequest struct {
 	SafetySettings     []GeminiChatSafetySettings `json:"safetySettings,omitempty"`
 	GenerationConfig   GeminiChatGenerationConfig `json:"generationConfig,omitempty"`
 	Tools              json.RawMessage            `json:"tools,omitempty"`
-	ToolConfig         *ToolConfig                `json:"toolConfig,omitempty"`
 	SystemInstructions *GeminiChatContent         `json:"systemInstruction,omitempty"`
-	CachedContent      string                     `json:"cachedContent,omitempty"`
-}
-
-type ToolConfig struct {
-	FunctionCallingConfig *FunctionCallingConfig `json:"functionCallingConfig,omitempty"`
-	RetrievalConfig       *RetrievalConfig       `json:"retrievalConfig,omitempty"`
-}
-
-type FunctionCallingConfig struct {
-	Mode                 FunctionCallingConfigMode `json:"mode,omitempty"`
-	AllowedFunctionNames []string                  `json:"allowedFunctionNames,omitempty"`
-}
-type FunctionCallingConfigMode string
-
-type RetrievalConfig struct {
-	LatLng       *LatLng `json:"latLng,omitempty"`
-	LanguageCode string  `json:"languageCode,omitempty"`
-}
-
-type LatLng struct {
-	Latitude  *float64 `json:"latitude,omitempty"`
-	Longitude *float64 `json:"longitude,omitempty"`
 }

 func (r *GeminiChatRequest) GetTokenCountMeta() *types.TokenCountMeta {
@@ -252,7 +228,6 @@ type GeminiChatTool struct {
 	GoogleSearchRetrieval any `json:"googleSearchRetrieval,omitempty"`
 	CodeExecution         any `json:"codeExecution,omitempty"`
 	FunctionDeclarations  any `json:"functionDeclarations,omitempty"`
-	URLContext            any `json:"urlContext,omitempty"`
 }

 type GeminiChatGenerationConfig struct {
@@ -264,21 +239,12 @@ type GeminiChatGenerationConfig struct {
 	StopSequences      []string              `json:"stopSequences,omitempty"`
 	ResponseMimeType   string                `json:"responseMimeType,omitempty"`
 	ResponseSchema     any                   `json:"responseSchema,omitempty"`
-	ResponseJsonSchema json.RawMessage       `json:"responseJsonSchema,omitempty"`
-	PresencePenalty    *float32              `json:"presencePenalty,omitempty"`
-	FrequencyPenalty   *float32              `json:"frequencyPenalty,omitempty"`
-	ResponseLogprobs   bool                  `json:"responseLogprobs,omitempty"`
-	Logprobs           *int32                `json:"logprobs,omitempty"`
-	MediaResolution    MediaResolution       `json:"mediaResolution,omitempty"`
 	Seed               int64                 `json:"seed,omitempty"`
 	ResponseModalities []string              `json:"responseModalities,omitempty"`
 	ThinkingConfig     *GeminiThinkingConfig `json:"thinkingConfig,omitempty"`
 	SpeechConfig       json.RawMessage       `json:"speechConfig,omitempty"` // RawMessage to allow flexible speech config
-	ImageConfig        json.RawMessage       `json:"imageConfig,omitempty"`  // RawMessage to allow flexible image config
 }

-type MediaResolution string
-
 type GeminiChatCandidate struct {
 	Content       GeminiChatContent        `json:"content"`
 	FinishReason  *string                  `json:"finishReason"`
@@ -293,13 +259,12 @@ type GeminiChatSafetyRating struct {

 type GeminiChatPromptFeedback struct {
 	SafetyRatings []GeminiChatSafetyRating `json:"safetyRatings"`
-	BlockReason   *string                  `json:"blockReason,omitempty"`
 }

 type GeminiChatResponse struct {
-	Candidates     []GeminiChatCandidate     `json:"candidates"`
-	PromptFeedback *GeminiChatPromptFeedback `json:"promptFeedback,omitempty"`
-	UsageMetadata  GeminiUsageMetadata       `json:"usageMetadata"`
+	Candidates     []GeminiChatCandidate    `json:"candidates"`
+	PromptFeedback GeminiChatPromptFeedback `json:"promptFeedback"`
+	UsageMetadata  GeminiUsageMetadata      `json:"usageMetadata"`
 }

 type GeminiUsageMetadata struct {
--- a/dto/openai_image.go
+++ b/dto/openai_image.go
@@ -74,15 +74,14 @@ func (r ImageRequest) MarshalJSON() ([]byte, error) {
 		return nil, err
 	}

-	// 不能合并ExtraFields！！！！！！！！
 	// 合并 ExtraFields
-	//for k, v := range r.Extra {
-	//	if _, exists := baseMap[k]; !exists {
-	//		baseMap[k] = v
-	//	}
-	//}
+	for k, v := range r.Extra {
+		if _, exists := baseMap[k]; !exists {
+			baseMap[k] = v
+		}
+	}

-	return common.Marshal(baseMap)
+	return json.Marshal(baseMap)
 }

 func GetJSONFieldNames(t reflect.Type) map[string]struct{} {
--- a/dto/openai_request.go
+++ b/dto/openai_request.go
@@ -57,18 +57,6 @@ type GeneralOpenAIRequest struct {
 	Dimensions          int               `json:"dimensions,omitempty"`
 	Modalities          json.RawMessage   `json:"modalities,omitempty"`
 	Audio               json.RawMessage   `json:"audio,omitempty"`
-	// 安全标识符，用于帮助 OpenAI 检测可能违反使用政策的应用程序用户
-	// 注意：此字段会向 OpenAI 发送用户标识信息，默认过滤以保护用户隐私
-	SafetyIdentifier string `json:"safety_identifier,omitempty"`
-	// Whether or not to store the output of this chat completion request for use in our model distillation or evals products.
-	// 是否存储此次请求数据供 OpenAI 用于评估和优化产品
-	// 注意：默认过滤此字段以保护用户隐私，但过滤后可能导致 Codex 无法正常使用
-	Store json.RawMessage `json:"store,omitempty"`
-	// Used by OpenAI to cache responses for similar requests to optimize your cache hit rates. Replaces the user field
-	PromptCacheKey string          `json:"prompt_cache_key,omitempty"`
-	LogitBias      json.RawMessage `json:"logit_bias,omitempty"`
-	Metadata       json.RawMessage `json:"metadata,omitempty"`
-	Prediction     json.RawMessage `json:"prediction,omitempty"`
 	// gemini
 	ExtraBody json.RawMessage `json:"extra_body,omitempty"`
 	//xai
@@ -784,23 +772,21 @@ type OpenAIResponsesRequest struct {
 	Instructions       json.RawMessage `json:"instructions,omitempty"`
 	MaxOutputTokens    uint            `json:"max_output_tokens,omitempty"`
 	Metadata           json.RawMessage `json:"metadata,omitempty"`
-	ParallelToolCalls  json.RawMessage `json:"parallel_tool_calls,omitempty"`
+	ParallelToolCalls  bool            `json:"parallel_tool_calls,omitempty"`
 	PreviousResponseID string          `json:"previous_response_id,omitempty"`
 	Reasoning          *Reasoning      `json:"reasoning,omitempty"`
-	// 服务层级字段，用于指定 API 服务等级。允许透传可能导致实际计费高于预期，默认应过滤
-	ServiceTier    string          `json:"service_tier,omitempty"`
-	Store          json.RawMessage `json:"store,omitempty"`
-	PromptCacheKey json.RawMessage `json:"prompt_cache_key,omitempty"`
-	Stream         bool            `json:"stream,omitempty"`
-	Temperature    float64         `json:"temperature,omitempty"`
-	Text           json.RawMessage `json:"text,omitempty"`
-	ToolChoice     json.RawMessage `json:"tool_choice,omitempty"`
-	Tools          json.RawMessage `json:"tools,omitempty"` // 需要处理的参数很少，MCP 参数太多不确定，所以用 map
-	TopP           float64         `json:"top_p,omitempty"`
-	Truncation     string          `json:"truncation,omitempty"`
-	User           string          `json:"user,omitempty"`
-	MaxToolCalls   uint            `json:"max_tool_calls,omitempty"`
-	Prompt         json.RawMessage `json:"prompt,omitempty"`
+	ServiceTier        string          `json:"service_tier,omitempty"`
+	Store              bool            `json:"store,omitempty"`
+	Stream             bool            `json:"stream,omitempty"`
+	Temperature        float64         `json:"temperature,omitempty"`
+	Text               json.RawMessage `json:"text,omitempty"`
+	ToolChoice         json.RawMessage `json:"tool_choice,omitempty"`
+	Tools              json.RawMessage `json:"tools,omitempty"` // 需要处理的参数很少，MCP 参数太多不确定，所以用 map
+	TopP               float64         `json:"top_p,omitempty"`
+	Truncation         string          `json:"truncation,omitempty"`
+	User               string          `json:"user,omitempty"`
+	MaxToolCalls       uint            `json:"max_tool_calls,omitempty"`
+	Prompt             json.RawMessage `json:"prompt,omitempty"`
 }

 func (r *OpenAIResponsesRequest) GetTokenCountMeta() *types.TokenCountMeta {
--- a/dto/openai_response.go
+++ b/dto/openai_response.go
@@ -6,10 +6,6 @@ import (
 	"one-api/types"
 )

-const (
-	ResponsesOutputTypeImageGenerationCall = "image_generation_call"
-)
-
 type SimpleResponse struct {
 	Usage `json:"usage"`
 	Error any `json:"error"`
@@ -277,42 +273,6 @@ func (o *OpenAIResponsesResponse) GetOpenAIError() *types.OpenAIError {
 	return GetOpenAIError(o.Error)
 }

-func (o *OpenAIResponsesResponse) HasImageGenerationCall() bool {
-	if len(o.Output) == 0 {
-		return false
-	}
-	for _, output := range o.Output {
-		if output.Type == ResponsesOutputTypeImageGenerationCall {
-			return true
-		}
-	}
-	return false
-}
-
-func (o *OpenAIResponsesResponse) GetQuality() string {
-	if len(o.Output) == 0 {
-		return ""
-	}
-	for _, output := range o.Output {
-		if output.Type == ResponsesOutputTypeImageGenerationCall {
-			return output.Quality
-		}
-	}
-	return ""
-}
-
-func (o *OpenAIResponsesResponse) GetSize() string {
-	if len(o.Output) == 0 {
-		return ""
-	}
-	for _, output := range o.Output {
-		if output.Type == ResponsesOutputTypeImageGenerationCall {
-			return output.Size
-		}
-	}
-	return ""
-}
-
 type IncompleteDetails struct {
 	Reasoning string `json:"reasoning"`
 }
@@ -323,8 +283,6 @@ type ResponsesOutput struct {
 	Status  string                   `json:"status"`
 	Role    string                   `json:"role"`
 	Content []ResponsesOutputContent `json:"content"`
-	Quality string                   `json:"quality"`
-	Size    string                   `json:"size"`
 }

 type ResponsesOutputContent struct {
--- a/dto/user_settings.go
+++ b/dto/user_settings.go
@@ -7,9 +7,6 @@ type UserSetting struct {
 	WebhookSecret         string  `json:"webhook_secret,omitempty"`                 // WebhookSecret webhook密钥
 	NotificationEmail     string  `json:"notification_email,omitempty"`             // NotificationEmail 通知邮箱地址
 	BarkUrl               string  `json:"bark_url,omitempty"`                       // BarkUrl Bark推送URL
-	GotifyUrl             string  `json:"gotify_url,omitempty"`                     // GotifyUrl Gotify服务器地址
-	GotifyToken           string  `json:"gotify_token,omitempty"`                   // GotifyToken Gotify应用令牌
-	GotifyPriority        int     `json:"gotify_priority"`                          // GotifyPriority Gotify消息优先级
 	AcceptUnsetRatioModel bool    `json:"accept_unset_model_ratio_model,omitempty"` // AcceptUnsetRatioModel 是否接受未设置价格的模型
 	RecordIpLog           bool    `json:"record_ip_log,omitempty"`                  // 是否记录请求和错误日志IP
 	SidebarModules        string  `json:"sidebar_modules,omitempty"`                // SidebarModules 左侧边栏模块配置
@@ -19,5 +16,4 @@ var (
 	NotifyTypeEmail   = "email"   // Email 邮件
 	NotifyTypeWebhook = "webhook" // Webhook
 	NotifyTypeBark    = "bark"    // Bark 推送
-	NotifyTypeGotify  = "gotify"  // Gotify 推送
 )
--- a/electron/README.md
+++ b/electron/README.md
@@ -1,73 +0,0 @@
-# New API Electron Desktop App
-
-This directory contains the Electron wrapper for New API, providing a native desktop application with system tray support for Windows, macOS, and Linux.
-
-## Prerequisites
-
-### 1. Go Binary (Required)
-The Electron app requires the compiled Go binary to function. You have two options:
-
-**Option A: Use existing binary (without Go installed)**
-```bash
-# If you have a pre-built binary (e.g., new-api-macos)
-cp ../new-api-macos ../new-api
-```
-
-**Option B: Build from source (requires Go)**
-TODO
-
-### 3. Electron Dependencies
-```bash
-cd electron
-npm install
-```
-
-## Development
-
-Run the app in development mode:
-```bash
-npm start
-```
-
-This will:
- Start the Go backend on port 3000
- Open an Electron window with DevTools enabled
- Create a system tray icon (menu bar on macOS)
- Store database in `../data/new-api.db`
-
-## Building for Production
-
-### Quick Build
-```bash
-# Ensure Go binary exists in parent directory
-ls ../new-api  # Should exist
-
-# Build for current platform
-npm run build
-
-# Platform-specific builds
-npm run build:mac    # Creates .dmg and .zip
-npm run build:win    # Creates .exe installer
-npm run build:linux  # Creates .AppImage and .deb
-```
-
-### Build Output
- Built applications are in `electron/dist/`
- macOS: `.dmg` (installer) and `.zip` (portable)
- Windows: `.exe` (installer) and portable exe
- Linux: `.AppImage` and `.deb`
-
-## Configuration
-
-### Port
-Default port is 3000. To change, edit `main.js`:
-```javascript
-const PORT = 3000; // Change to desired port
-```
-
-### Database Location
- **Development**: `../data/new-api.db` (project directory)
- **Production**:
-  - macOS: `~/Library/Application Support/New API/data/`
-  - Windows: `%APPDATA%/New API/data/`
-  - Linux: `~/.config/New API/data/`
--- a/electron/build.sh
+++ b/electron/build.sh
@@ -1,41 +0,0 @@
-#!/bin/bash
-
-set -e
-
-echo "Building New API Electron App..."
-
-echo "Step 1: Building frontend..."
-cd ../web
-DISABLE_ESLINT_PLUGIN='true' bun run build
-cd ../electron
-
-echo "Step 2: Building Go backend..."
-cd ..
-
-if [[ "$OSTYPE" == "darwin"* ]]; then
-    echo "Building for macOS..."
-    CGO_ENABLED=1 go build -ldflags="-s -w" -o new-api
-    cd electron
-    npm install
-    npm run build:mac
-elif [[ "$OSTYPE" == "linux-gnu"* ]]; then
-    echo "Building for Linux..."
-    CGO_ENABLED=1 go build -ldflags="-s -w" -o new-api
-    cd electron
-    npm install
-    npm run build:linux
-elif [[ "$OSTYPE" == "msys" || "$OSTYPE" == "cygwin" || "$OSTYPE" == "win32" ]]; then
-    echo "Building for Windows..."
-    CGO_ENABLED=1 go build -ldflags="-s -w" -o new-api.exe
-    cd electron
-    npm install
-    npm run build:win
-else
-    echo "Unknown OS, building for current platform..."
-    CGO_ENABLED=1 go build -ldflags="-s -w" -o new-api
-    cd electron
-    npm install
-    npm run build
-fi
-
-echo "Build complete! Check electron/dist/ for output."
--- a/electron/create-tray-icon.js
+++ b/electron/create-tray-icon.js
@@ -1,60 +0,0 @@
-// Create a simple tray icon for macOS
-// Run: node create-tray-icon.js
-
-const fs = require('fs');
-const { createCanvas } = require('canvas');
-
-function createTrayIcon() {
-  // For macOS, we'll use a Template image (black and white)
-  // Size should be 22x22 for Retina displays (@2x would be 44x44)
-  const canvas = createCanvas(22, 22);
-  const ctx = canvas.getContext('2d');
-
-  // Clear canvas
-  ctx.clearRect(0, 0, 22, 22);
-
-  // Draw a simple "API" icon
-  ctx.fillStyle = '#000000';
-  ctx.font = 'bold 10px system-ui';
-  ctx.textAlign = 'center';
-  ctx.textBaseline = 'middle';
-  ctx.fillText('API', 11, 11);
-
-  // Save as PNG
-  const buffer = canvas.toBuffer('image/png');
-  fs.writeFileSync('tray-icon.png', buffer);
-
-  // For Template images on macOS (will adapt to menu bar theme)
-  fs.writeFileSync('tray-iconTemplate.png', buffer);
-  fs.writeFileSync('tray-iconTemplate@2x.png', buffer);
-
-  console.log('Tray icon created successfully!');
-}
-
-// Check if canvas is installed
-try {
-  createTrayIcon();
-} catch (err) {
-  console.log('Canvas module not installed.');
-  console.log('For now, creating a placeholder. Install canvas with: npm install canvas');
-
-  // Create a minimal 1x1 transparent PNG as placeholder
-  const minimalPNG = Buffer.from([
-    0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A,
-    0x00, 0x00, 0x00, 0x0D, 0x49, 0x48, 0x44, 0x52,
-    0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
-    0x01, 0x03, 0x00, 0x00, 0x00, 0x25, 0xDB, 0x56,
-    0xCA, 0x00, 0x00, 0x00, 0x03, 0x50, 0x4C, 0x54,
-    0x45, 0x00, 0x00, 0x00, 0xA7, 0x7A, 0x3D, 0xDA,
-    0x00, 0x00, 0x00, 0x01, 0x74, 0x52, 0x4E, 0x53,
-    0x00, 0x40, 0xE6, 0xD8, 0x66, 0x00, 0x00, 0x00,
-    0x0A, 0x49, 0x44, 0x41, 0x54, 0x08, 0x1D, 0x62,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
-    0x00, 0x01, 0x0A, 0x2D, 0xCB, 0x59, 0x00, 0x00,
-    0x00, 0x00, 0x49, 0x45, 0x4E, 0x44, 0xAE, 0x42,
-    0x60, 0x82
-  ]);
-
-  fs.writeFileSync('tray-icon.png', minimalPNG);
-  console.log('Created placeholder tray icon.');
-}
--- a/electron/entitlements.mac.plist
+++ b/electron/entitlements.mac.plist
@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
-    <true/>
-    <key>com.apple.security.cs.allow-jit</key>
-    <true/>
-    <key>com.apple.security.cs.disable-library-validation</key>
-    <true/>
-    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
-    <true/>
-    <key>com.apple.security.network.client</key>
-    <true/>
-    <key>com.apple.security.network.server</key>
-    <true/>
-</dict>
-</plist>
--- a/electron/icon.png
+++ b/electron/icon.png
--- a/electron/main.js
+++ b/electron/main.js
@@ -1,590 +0,0 @@
-const { app, BrowserWindow, dialog, Tray, Menu, shell } = require('electron');
-const { spawn } = require('child_process');
-const path = require('path');
-const http = require('http');
-const fs = require('fs');
-
-let mainWindow;
-let serverProcess;
-let tray = null;
-let serverErrorLogs = [];
-const PORT = 3000;
-const DEV_FRONTEND_PORT = 5173; // Vite dev server port
-
-// 保存日志到文件并打开
-function saveAndOpenErrorLog() {
-  try {
-    const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
-    const logFileName = `new-api-crash-${timestamp}.log`;
-    const logDir = app.getPath('logs');
-    const logFilePath = path.join(logDir, logFileName);
-    
-    // 确保日志目录存在
-    if (!fs.existsSync(logDir)) {
-      fs.mkdirSync(logDir, { recursive: true });
-    }
-    
-    // 写入日志
-    const logContent = `New API 崩溃日志
-生成时间: ${new Date().toLocaleString('zh-CN')}
-平台: ${process.platform}
-架构: ${process.arch}
-应用版本: ${app.getVersion()}
-
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-完整错误日志:
-
-${serverErrorLogs.join('\n')}
-
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-日志文件位置: ${logFilePath}
-`;
-    
-    fs.writeFileSync(logFilePath, logContent, 'utf8');
-    
-    // 打开日志文件
-    shell.openPath(logFilePath).then((error) => {
-      if (error) {
-        console.error('Failed to open log file:', error);
-        // 如果打开文件失败，至少显示文件位置
-        shell.showItemInFolder(logFilePath);
-      }
-    });
-    
-    return logFilePath;
-  } catch (err) {
-    console.error('Failed to save error log:', err);
-    return null;
-  }
-}
-
-// 分析错误日志，识别常见错误并提供解决方案
-function analyzeError(errorLogs) {
-  const allLogs = errorLogs.join('\n');
-  
-  // 检测端口占用错误
-  if (allLogs.includes('failed to start HTTP server') || 
-      allLogs.includes('bind: address already in use') ||
-      allLogs.includes('listen tcp') && allLogs.includes('bind: address already in use')) {
-    return {
-      type: '端口被占用',
-      title: '端口 ' + PORT + ' 被占用',
-      message: '无法启动服务器，端口已被其他程序占用',
-      solution: `可能的解决方案：\n\n1. 关闭占用端口 ${PORT} 的其他程序\n2. 检查是否已经运行了另一个 New API 实例\n3. 使用以下命令查找占用端口的进程：\n   Mac/Linux: lsof -i :${PORT}\n   Windows: netstat -ano | findstr :${PORT}\n4. 重启电脑以释放端口`
-    };
-  }
-  
-  // 检测数据库错误
-  if (allLogs.includes('database is locked') || 
-      allLogs.includes('unable to open database')) {
-    return {
-      type: '数据文件被占用',
-      title: '无法访问数据文件',
-      message: '应用的数据文件正被其他程序占用',
-      solution: '可能的解决方案：\n\n1. 检查是否已经打开了另一个 New API 窗口\n   - 查看任务栏/Dock 中是否有其他 New API 图标\n   - 查看系统托盘（Windows）或菜单栏（Mac）中是否有 New API 图标\n\n2. 如果刚刚关闭过应用，请等待 10 秒后再试\n\n3. 重启电脑以释放被占用的文件\n\n4. 如果问题持续，可以尝试：\n   - 退出所有 New API 实例\n   - 删除数据目录中的临时文件（.db-shm 和 .db-wal）\n   - 重新启动应用'
-    };
-  }
-  
-  // 检测权限错误
-  if (allLogs.includes('permission denied') || 
-      allLogs.includes('access denied')) {
-    return {
-      type: '权限错误',
-      title: '权限不足',
-      message: '程序没有足够的权限执行操作',
-      solution: '可能的解决方案：\n\n1. 以管理员/root权限运行程序\n2. 检查数据目录的读写权限\n3. 检查可执行文件的权限\n4. 在 Mac 上，检查安全性与隐私设置'
-    };
-  }
-  
-  // 检测网络错误
-  if (allLogs.includes('network is unreachable') || 
-      allLogs.includes('no such host') ||
-      allLogs.includes('connection refused')) {
-    return {
-      type: '网络错误',
-      title: '网络连接失败',
-      message: '无法建立网络连接',
-      solution: '可能的解决方案：\n\n1. 检查网络连接是否正常\n2. 检查防火墙设置\n3. 检查代理配置\n4. 确认目标服务器地址正确'
-    };
-  }
-  
-  // 检测配置文件错误
-  if (allLogs.includes('invalid configuration') || 
-      allLogs.includes('failed to parse config') ||
-      allLogs.includes('yaml') || allLogs.includes('json') && allLogs.includes('parse')) {
-    return {
-      type: '配置错误',
-      title: '配置文件错误',
-      message: '配置文件格式不正确或包含无效配置',
-      solution: '可能的解决方案：\n\n1. 检查配置文件格式是否正确\n2. 恢复默认配置\n3. 删除配置文件让程序重新生成\n4. 查看文档了解正确的配置格式'
-    };
-  }
-  
-  // 检测内存不足
-  if (allLogs.includes('out of memory') || 
-      allLogs.includes('cannot allocate memory')) {
-    return {
-      type: '内存不足',
-      title: '系统内存不足',
-      message: '程序运行时内存不足',
-      solution: '可能的解决方案：\n\n1. 关闭其他占用内存的程序\n2. 增加系统可用内存\n3. 重启电脑释放内存\n4. 检查是否存在内存泄漏'
-    };
-  }
-  
-  // 检测文件不存在错误
-  if (allLogs.includes('no such file or directory') || 
-      allLogs.includes('cannot find the file')) {
-    return {
-      type: '文件缺失',
-      title: '找不到必需的文件',
-      message: '缺少程序运行所需的文件',
-      solution: '可能的解决方案：\n\n1. 重新安装应用程序\n2. 检查安装目录是否完整\n3. 确保所有依赖文件都存在\n4. 检查文件路径是否正确'
-    };
-  }
-  
-  return null;
-}
-
-function getBinaryPath() {
-  const isDev = process.env.NODE_ENV === 'development';
-  const platform = process.platform;
-
-  if (isDev) {
-    const binaryName = platform === 'win32' ? 'new-api.exe' : 'new-api';
-    return path.join(__dirname, '..', binaryName);
-  }
-
-  let binaryName;
-  switch (platform) {
-    case 'win32':
-      binaryName = 'new-api.exe';
-      break;
-    case 'darwin':
-      binaryName = 'new-api';
-      break;
-    case 'linux':
-      binaryName = 'new-api';
-      break;
-    default:
-      binaryName = 'new-api';
-  }
-
-  return path.join(process.resourcesPath, 'bin', binaryName);
-}
-
-// Check if a server is available with retry logic
-function checkServerAvailability(port, maxRetries = 30, retryDelay = 1000) {
-  return new Promise((resolve, reject) => {
-    let currentAttempt = 0;
-    
-    const tryConnect = () => {
-      currentAttempt++;
-      
-      if (currentAttempt % 5 === 1 && currentAttempt > 1) {
-        console.log(`Attempting to connect to port ${port}... (attempt ${currentAttempt}/${maxRetries})`);
-      }
-      
-      const req = http.get({
-        hostname: '127.0.0.1', // Use IPv4 explicitly instead of 'localhost' to avoid IPv6 issues
-        port: port,
-        timeout: 10000
-      }, (res) => {
-        // Server responded, connection successful
-        req.destroy();
-        console.log(`✓ Successfully connected to port ${port} (status: ${res.statusCode})`);
-        resolve();
-      });
-
-      req.on('error', (err) => {
-        if (currentAttempt >= maxRetries) {
-          reject(new Error(`Failed to connect to port ${port} after ${maxRetries} attempts: ${err.message}`));
-        } else {
-          setTimeout(tryConnect, retryDelay);
-        }
-      });
-
-      req.on('timeout', () => {
-        req.destroy();
-        if (currentAttempt >= maxRetries) {
-          reject(new Error(`Connection timeout on port ${port} after ${maxRetries} attempts`));
-        } else {
-          setTimeout(tryConnect, retryDelay);
-        }
-      });
-    };
-    
-    tryConnect();
-  });
-}
-
-function startServer() {
-  return new Promise((resolve, reject) => {
-    const isDev = process.env.NODE_ENV === 'development';
-
-    const userDataPath = app.getPath('userData');
-    const dataDir = path.join(userDataPath, 'data');
-    
-    // 设置环境变量供 preload.js 使用
-    process.env.ELECTRON_DATA_DIR = dataDir;
-    
-    if (isDev) {
-      // 开发模式：假设开发者手动启动了 Go 后端和前端开发服务器
-      // 只需要等待前端开发服务器就绪
-      console.log('Development mode: skipping server startup');
-      console.log('Please make sure you have started:');
-      console.log('  1. Go backend: go run main.go (port 3000)');
-      console.log('  2. Frontend dev server: cd web && bun dev (port 5173)');
-      console.log('');
-      console.log('Checking if servers are running...');
-      
-      // First check if both servers are accessible
-      checkServerAvailability(DEV_FRONTEND_PORT)
-        .then(() => {
-          console.log('✓ Frontend dev server is accessible on port 5173');
-          resolve();
-        })
-        .catch((err) => {
-          console.error(`✗ Cannot connect to frontend dev server on port ${DEV_FRONTEND_PORT}`);
-          console.error('Please make sure the frontend dev server is running:');
-          console.error('  cd web && bun dev');
-          reject(err);
-        });
-      return;
-    }
-
-    // 生产模式：启动二进制服务器
-    const env = { ...process.env, PORT: PORT.toString() };
-
-    if (!fs.existsSync(dataDir)) {
-      fs.mkdirSync(dataDir, { recursive: true });
-    }
-
-    env.SQLITE_PATH = path.join(dataDir, 'new-api.db');
-    
-    console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
-    console.log('📁 您的数据存储位置：');
-    console.log('   ' + dataDir);
-    console.log('   💡 备份提示：复制此目录即可备份所有数据');
-    console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
-
-    const binaryPath = getBinaryPath();
-    const workingDir = process.resourcesPath;
-    
-    console.log('Starting server from:', binaryPath);
-
-    serverProcess = spawn(binaryPath, [], {
-      env,
-      cwd: workingDir
-    });
-
-    serverProcess.stdout.on('data', (data) => {
-      console.log(`Server: ${data}`);
-    });
-
-    serverProcess.stderr.on('data', (data) => {
-      const errorMsg = data.toString();
-      console.error(`Server Error: ${errorMsg}`);
-      serverErrorLogs.push(errorMsg);
-      // 只保留最近的100条错误日志
-      if (serverErrorLogs.length > 100) {
-        serverErrorLogs.shift();
-      }
-    });
-
-    serverProcess.on('error', (err) => {
-      console.error('Failed to start server:', err);
-      reject(err);
-    });
-
-    serverProcess.on('close', (code) => {
-      console.log(`Server process exited with code ${code}`);
-      
-      // 如果退出代码不是0，说明服务器异常退出
-      if (code !== 0 && code !== null) {
-        const errorDetails = serverErrorLogs.length > 0 
-          ? serverErrorLogs.slice(-20).join('\n') 
-          : '没有捕获到错误日志';
-        
-        // 分析错误类型
-        const knownError = analyzeError(serverErrorLogs);
-        
-        let dialogOptions;
-        if (knownError) {
-          // 识别到已知错误，显示友好的错误信息和解决方案
-          dialogOptions = {
-            type: 'error',
-            title: knownError.title,
-            message: knownError.message,
-            detail: `${knownError.solution}\n\n━━━━━━━━━━━━━━━━━━━━━━\n\n退出代码: ${code}\n\n错误类型: ${knownError.type}\n\n最近的错误日志:\n${errorDetails}`,
-            buttons: ['退出应用', '查看完整日志'],
-            defaultId: 0,
-            cancelId: 0
-          };
-        } else {
-          // 未识别的错误，显示通用错误信息
-          dialogOptions = {
-            type: 'error',
-            title: '服务器崩溃',
-            message: '服务器进程异常退出',
-            detail: `退出代码: ${code}\n\n最近的错误信息:\n${errorDetails}`,
-            buttons: ['退出应用', '查看完整日志'],
-            defaultId: 0,
-            cancelId: 0
-          };
-        }
-        
-        dialog.showMessageBox(dialogOptions).then((result) => {
-          if (result.response === 1) {
-            // 用户选择查看详情，保存并打开日志文件
-            const logPath = saveAndOpenErrorLog();
-            
-            // 显示确认对话框
-            const confirmMessage = logPath 
-              ? `日志已保存到:\n${logPath}\n\n日志文件已在默认文本编辑器中打开。\n\n点击"退出"关闭应用程序。`
-              : '日志保存失败，但已在控制台输出。\n\n点击"退出"关闭应用程序。';
-            
-            dialog.showMessageBox({
-              type: 'info',
-              title: '日志已保存',
-              message: confirmMessage,
-              buttons: ['退出'],
-              defaultId: 0
-            }).then(() => {
-              app.isQuitting = true;
-              app.quit();
-            });
-            
-            // 同时在控制台输出
-            console.log('=== 完整错误日志 ===');
-            console.log(serverErrorLogs.join('\n'));
-          } else {
-            // 用户选择直接退出
-            app.isQuitting = true;
-            app.quit();
-          }
-        });
-      } else {
-        // 正常退出（code为0或null），直接关闭窗口
-        if (mainWindow && !mainWindow.isDestroyed()) {
-          mainWindow.close();
-        }
-      }
-    });
-
-    checkServerAvailability(PORT)
-      .then(() => {
-        console.log('✓ Backend server is accessible on port 3000');
-        resolve();
-      })
-      .catch((err) => {
-        console.error('✗ Failed to connect to backend server');
-        reject(err);
-      });
-  });
-}
-
-function createWindow() {
-  const isDev = process.env.NODE_ENV === 'development';
-  const loadPort = isDev ? DEV_FRONTEND_PORT : PORT;
-  
-  mainWindow = new BrowserWindow({
-    width: 1080,
-    height: 720,
-    webPreferences: {
-      preload: path.join(__dirname, 'preload.js'),
-      nodeIntegration: false,
-      contextIsolation: true
-    },
-    title: 'New API',
-    icon: path.join(__dirname, 'icon.png')
-  });
-
-  mainWindow.loadURL(`http://127.0.0.1:${loadPort}`);
-  
-  console.log(`Loading from: http://127.0.0.1:${loadPort}`);
-
-  if (isDev) {
-    mainWindow.webContents.openDevTools();
-  }
-
-  // Close to tray instead of quitting
-  mainWindow.on('close', (event) => {
-    if (!app.isQuitting) {
-      event.preventDefault();
-      mainWindow.hide();
-      if (process.platform === 'darwin') {
-        app.dock.hide();
-      }
-    }
-  });
-
-  mainWindow.on('closed', () => {
-    mainWindow = null;
-  });
-}
-
-function createTray() {
-  // Use template icon for macOS (black with transparency, auto-adapts to theme)
-  // Use colored icon for Windows
-  const trayIconPath = process.platform === 'darwin'
-    ? path.join(__dirname, 'tray-iconTemplate.png')
-    : path.join(__dirname, 'tray-icon-windows.png');
-
-  tray = new Tray(trayIconPath);
-
-  const contextMenu = Menu.buildFromTemplate([
-    {
-      label: 'Show New API',
-      click: () => {
-        if (mainWindow === null) {
-          createWindow();
-        } else {
-          mainWindow.show();
-          if (process.platform === 'darwin') {
-            app.dock.show();
-          }
-        }
-      }
-    },
-    { type: 'separator' },
-    {
-      label: 'Quit',
-      click: () => {
-        app.isQuitting = true;
-        app.quit();
-      }
-    }
-  ]);
-
-  tray.setToolTip('New API');
-  tray.setContextMenu(contextMenu);
-
-  // On macOS, clicking the tray icon shows the window
-  tray.on('click', () => {
-    if (mainWindow === null) {
-      createWindow();
-    } else {
-      mainWindow.isVisible() ? mainWindow.hide() : mainWindow.show();
-      if (mainWindow.isVisible() && process.platform === 'darwin') {
-        app.dock.show();
-      }
-    }
-  });
-}
-
-app.whenReady().then(async () => {
-  try {
-    await startServer();
-    createTray();
-    createWindow();
-  } catch (err) {
-    console.error('Failed to start application:', err);
-    
-    // 分析启动失败的错误
-    const knownError = analyzeError(serverErrorLogs);
-    
-    if (knownError) {
-      dialog.showMessageBox({
-        type: 'error',
-        title: knownError.title,
-        message: `启动失败: ${knownError.message}`,
-        detail: `${knownError.solution}\n\n━━━━━━━━━━━━━━━━━━━━━━\n\n错误信息: ${err.message}\n\n错误类型: ${knownError.type}`,
-        buttons: ['退出', '查看完整日志'],
-        defaultId: 0,
-        cancelId: 0
-      }).then((result) => {
-        if (result.response === 1) {
-          // 用户选择查看日志
-          const logPath = saveAndOpenErrorLog();
-          
-          const confirmMessage = logPath 
-            ? `日志已保存到:\n${logPath}\n\n日志文件已在默认文本编辑器中打开。\n\n点击"退出"关闭应用程序。`
-            : '日志保存失败，但已在控制台输出。\n\n点击"退出"关闭应用程序。';
-          
-          dialog.showMessageBox({
-            type: 'info',
-            title: '日志已保存',
-            message: confirmMessage,
-            buttons: ['退出'],
-            defaultId: 0
-          }).then(() => {
-            app.quit();
-          });
-          
-          console.log('=== 完整错误日志 ===');
-          console.log(serverErrorLogs.join('\n'));
-        } else {
-          app.quit();
-        }
-      });
-    } else {
-      dialog.showMessageBox({
-        type: 'error',
-        title: '启动失败',
-        message: '无法启动服务器',
-        detail: `错误信息: ${err.message}\n\n请检查日志获取更多信息。`,
-        buttons: ['退出', '查看完整日志'],
-        defaultId: 0,
-        cancelId: 0
-      }).then((result) => {
-        if (result.response === 1) {
-          // 用户选择查看日志
-          const logPath = saveAndOpenErrorLog();
-          
-          const confirmMessage = logPath 
-            ? `日志已保存到:\n${logPath}\n\n日志文件已在默认文本编辑器中打开。\n\n点击"退出"关闭应用程序。`
-            : '日志保存失败，但已在控制台输出。\n\n点击"退出"关闭应用程序。';
-          
-          dialog.showMessageBox({
-            type: 'info',
-            title: '日志已保存',
-            message: confirmMessage,
-            buttons: ['退出'],
-            defaultId: 0
-          }).then(() => {
-            app.quit();
-          });
-          
-          console.log('=== 完整错误日志 ===');
-          console.log(serverErrorLogs.join('\n'));
-        } else {
-          app.quit();
-        }
-      });
-    }
-  }
-});
-
-app.on('window-all-closed', () => {
-  // Don't quit when window is closed, keep running in tray
-  // Only quit when explicitly choosing Quit from tray menu
-});
-
-app.on('activate', () => {
-  if (BrowserWindow.getAllWindows().length === 0) {
-    createWindow();
-  }
-});
-
-app.on('before-quit', (event) => {
-  if (serverProcess) {
-    event.preventDefault();
-
-    console.log('Shutting down server...');
-    serverProcess.kill('SIGTERM');
-
-    setTimeout(() => {
-      if (serverProcess) {
-        serverProcess.kill('SIGKILL');
-      }
-      app.exit();
-    }, 5000);
-
-    serverProcess.on('close', () => {
-      serverProcess = null;
-      app.exit();
-    });
-  }
-});
--- a/electron/package-lock.json
+++ b/electron/package-lock.json
--- a/electron/package.json
+++ b/electron/package.json
@@ -1,101 +0,0 @@
-{
-  "name": "new-api-electron",
-  "version": "1.0.0",
-  "description": "New API - AI Model Gateway Desktop Application",
-  "main": "main.js",
-  "scripts": {
-    "start-app": "electron .",
-    "dev-app": "cross-env NODE_ENV=development electron .",
-    "build": "electron-builder",
-    "build:mac": "electron-builder --mac",
-    "build:win": "electron-builder --win",
-    "build:linux": "electron-builder --linux"
-  },
-  "keywords": [
-    "ai",
-    "api",
-    "gateway",
-    "openai",
-    "claude"
-  ],
-  "author": "QuantumNous",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/QuantumNous/new-api"
-  },
-  "devDependencies": {
-    "cross-env": "^7.0.3",
-    "electron": "28.3.3",
-    "electron-builder": "^24.9.1"
-  },
-  "build": {
-    "appId": "com.newapi.desktop",
-    "productName": "New-API-App",
-    "publish": null,
-    "directories": {
-      "output": "dist"
-    },
-    "files": [
-      "main.js",
-      "preload.js",
-      "icon.png",
-      "tray-iconTemplate.png",
-      "tray-iconTemplate@2x.png",
-      "tray-icon-windows.png"
-    ],
-    "mac": {
-      "category": "public.app-category.developer-tools",
-      "icon": "icon.png",
-      "identity": null,
-      "hardenedRuntime": false,
-      "gatekeeperAssess": false,
-      "entitlements": "entitlements.mac.plist",
-      "entitlementsInherit": "entitlements.mac.plist",
-      "target": [
-        "dmg",
-        "zip"
-      ],
-      "extraResources": [
-        {
-          "from": "../new-api",
-          "to": "bin/new-api"
-        },
-        {
-          "from": "../web/dist",
-          "to": "web/dist"
-        }
-      ]
-    },
-    "win": {
-      "icon": "icon.png",
-      "target": [
-        "nsis",
-        "portable"
-      ],
-      "extraResources": [
-        {
-          "from": "../new-api.exe",
-          "to": "bin/new-api.exe"
-        }
-      ]
-    },
-    "linux": {
-      "icon": "icon.png",
-      "target": [
-        "AppImage",
-        "deb"
-      ],
-      "category": "Development",
-      "extraResources": [
-        {
-          "from": "../new-api",
-          "to": "bin/new-api"
-        }
-      ]
-    },
-    "nsis": {
-      "oneClick": false,
-      "allowToChangeInstallationDirectory": true
-    }
-  }
-}
--- a/electron/preload.js
+++ b/electron/preload.js
@@ -1,18 +0,0 @@
-const { contextBridge } = require('electron');
-
-// 获取数据目录路径（用于显示给用户）
-// 优先使用主进程设置的真实路径，如果没有则回退到手动拼接
-function getDataDirPath() {
-  // 如果主进程已设置真实路径，直接使用
-  if (process.env.ELECTRON_DATA_DIR) {
-    return process.env.ELECTRON_DATA_DIR;
-  }
-}
-
-contextBridge.exposeInMainWorld('electron', {
-  isElectron: true,
-  version: process.versions.electron,
-  platform: process.platform,
-  versions: process.versions,
-  dataDir: getDataDirPath()
-});
--- a/electron/tray-icon-windows.png
+++ b/electron/tray-icon-windows.png
--- a/electron/tray-iconTemplate.png
+++ b/electron/tray-iconTemplate.png
--- a/electron/tray-iconTemplate@2x.png
+++ b/electron/tray-iconTemplate@2x.png
--- a/examples/oauth/oauth-demo.html
+++ b/examples/oauth/oauth-demo.html
@@ -0,0 +1,326 @@
+<!doctype html>
+<html lang="zh-CN">
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <title>OAuth2/OIDC 授权码 + PKCE 前端演示</title>
+  <style>
+    :root { --bg:#0b0c10; --panel:#111317; --muted:#aab2bf; --accent:#3b82f6; --ok:#16a34a; --warn:#f59e0b; --err:#ef4444; --border:#1f2430; }
+    body { margin:0; font-family: ui-sans-serif, system-ui, -apple-system, Segoe UI, Roboto, Helvetica, Arial; background: var(--bg); color:#e5e7eb; }
+    .wrap { max-width: 980px; margin: 32px auto; padding: 0 16px; }
+    h1 { font-size: 22px; margin:0 0 16px; }
+    .card { background: var(--panel); border:1px solid var(--border); border-radius: 10px; padding: 16px; margin: 12px 0; }
+    .row { display:flex; gap:12px; flex-wrap:wrap; }
+    .col { flex: 1 1 280px; display:flex; flex-direction:column; }
+    label { font-size: 12px; color: var(--muted); margin-bottom: 6px; }
+    input, textarea, select { background:#0f1115; color:#e5e7eb; border:1px solid var(--border); padding:10px 12px; border-radius:8px; outline:none; }
+    textarea { min-height: 100px; resize: vertical; }
+    .btns { display:flex; gap:8px; flex-wrap:wrap; margin-top: 8px; }
+    button { background:#1a1f2b; color:#e5e7eb; border:1px solid var(--border); padding:8px 12px; border-radius:8px; cursor:pointer; }
+    button.primary { background: var(--accent); border-color: var(--accent); color:white; }
+    button.ok { background: var(--ok); border-color: var(--ok); color:white; }
+    button.warn { background: var(--warn); border-color: var(--warn); color:black; }
+    button.ghost { background: transparent; }
+    .muted { color: var(--muted); font-size: 12px; }
+    .mono { font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace; }
+    .grid2 { display:grid; grid-template-columns: 1fr 1fr; gap: 12px; }
+    @media (max-width: 880px){ .grid2 { grid-template-columns: 1fr; } }
+    .pill { padding: 3px 8px; border-radius:999px; font-size: 12px; border:1px solid var(--border); background:#0f1115; }
+    .ok { color: #10b981; }
+    .err { color: #ef4444; }
+    .sep { height:1px; background: var(--border); margin: 12px 0; }
+  </style>
+</head>
+<body>
+  <div class="wrap">
+    <h1>OAuth2/OIDC 授权码 + PKCE 前端演示</h1>
+
+    <div class="card">
+      <div class="row">
+        <div class="col">
+          <label>Issuer（可选，用于自动发现 /.well-known/openid-configuration）</label>
+          <input id="issuer" placeholder="https://your-domain" />
+          <div class="btns"><button class="" id="btnDiscover">自动发现端点</button></div>
+          <div class="muted">提示：若未配置 Issuer，可直接填写下方端点。</div>
+        </div>
+      </div>
+      <div class="row">
+        <div class="col"><label>Authorization Endpoint</label><input id="authorization_endpoint" placeholder="https://domain/api/oauth/authorize" /></div>
+        <div class="col"><label>Token Endpoint</label><input id="token_endpoint" placeholder="https://domain/api/oauth/token" /></div>
+      </div>
+      <div class="row">
+        <div class="col"><label>UserInfo Endpoint（可选）</label><input id="userinfo_endpoint" placeholder="https://domain/api/oauth/userinfo" /></div>
+        <div class="col"><label>Client ID</label><input id="client_id" placeholder="your-public-client-id" /></div>
+      </div>
+      <div class="row">
+        <div class="col"><label>Redirect URI（当前页地址或你的回调）</label><input id="redirect_uri" /></div>
+        <div class="col"><label>Scope</label><input id="scope" value="openid profile email" /></div>
+      </div>
+      <div class="row">
+        <div class="col"><label>State</label><input id="state" /></div>
+        <div class="col"><label>Nonce</label><input id="nonce" /></div>
+      </div>
+      <div class="row">
+        <div class="col"><label>Code Verifier（自动生成，不会上送）</label><input id="code_verifier" class="mono" readonly /></div>
+        <div class="col"><label>Code Challenge（S256）</label><input id="code_challenge" class="mono" readonly /></div>
+      </div>
+      <div class="btns">
+        <button id="btnGenPkce">生成 PKCE</button>
+        <button id="btnRandomState">随机 State</button>
+        <button id="btnRandomNonce">随机 Nonce</button>
+        <button id="btnMakeAuthURL">生成授权链接</button>
+        <button id="btnAuthorize" class="primary">跳转授权</button>
+      </div>
+      <div class="row" style="margin-top:8px;">
+        <div class="col">
+          <label>授权链接（只生成不跳转）</label>
+          <textarea id="authorize_url" class="mono" placeholder="(空)"></textarea>
+          <div class="btns"><button id="btnCopyAuthURL">复制链接</button></div>
+        </div>
+      </div>
+      <div class="sep"></div>
+      <div class="muted">说明：
+        <ul>
+          <li>本页为纯前端演示，适用于公开客户端（不需要 client_secret）。</li>
+          <li>如跨域调用 Token/UserInfo，需要服务端正确设置 CORS；建议将此 demo 部署到同源域名下。</li>
+        </ul>
+      </div>
+
+      <div class="sep"></div>
+      <div class="row">
+        <div class="col">
+          <label>粘贴 OIDC Discovery JSON（/.well-known/openid-configuration）</label>
+          <textarea id="conf_json" class="mono" placeholder='{"issuer":"https://...","authorization_endpoint":"...","token_endpoint":"...","userinfo_endpoint":"..."}'></textarea>
+          <div class="btns">
+            <button id="btnParseConf">解析并填充端点</button>
+            <button id="btnGenConf">用当前端点生成 JSON</button>
+          </div>
+          <div class="muted">可将服务端返回的 OIDC Discovery JSON 粘贴到此处，点击“解析并填充端点”。</div>
+        </div>
+      </div>
+    </div>
+
+    <div class="card">
+      <div class="row">
+        <div class="col">
+          <label>授权结果</label>
+          <div id="authResult" class="muted">等待授权...</div>
+        </div>
+      </div>
+      <div class="grid2" style="margin-top:12px;">
+        <div>
+          <label>Access Token</label>
+          <textarea id="access_token" class="mono" placeholder="(空)"></textarea>
+          <div class="btns">
+            <button id="btnCopyAT">复制</button>
+            <button id="btnCallUserInfo" class="ok">调用 UserInfo</button>
+          </div>
+          <div id="userinfoOut" class="muted" style="margin-top:6px;"></div>
+        </div>
+        <div>
+          <label>ID Token（JWT）</label>
+          <textarea id="id_token" class="mono" placeholder="(空)"></textarea>
+          <div class="btns">
+            <button id="btnDecodeJWT">解码显示 Claims</button>
+          </div>
+          <pre id="jwtClaims" class="mono" style="white-space:pre-wrap; word-break:break-all; margin-top:6px;"></pre>
+        </div>
+      </div>
+      <div class="grid2" style="margin-top:12px;">
+        <div>
+          <label>Refresh Token</label>
+          <textarea id="refresh_token" class="mono" placeholder="(空)"></textarea>
+          <div class="btns">
+            <button id="btnRefreshToken">使用 Refresh Token 刷新</button>
+          </div>
+        </div>
+        <div>
+          <label>原始 Token 响应</label>
+          <textarea id="token_raw" class="mono" placeholder="(空)"></textarea>
+        </div>
+      </div>
+    </div>
+  </div>
+
+  <script>
+    const $ = (id) => document.getElementById(id);
+    const toB64Url = (buf) => btoa(String.fromCharCode(...new Uint8Array(buf))).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+    async function sha256B64Url(str){
+      const data = new TextEncoder().encode(str);
+      const digest = await crypto.subtle.digest('SHA-256', data);
+      return toB64Url(digest);
+    }
+    function randStr(len=64){
+      const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~';
+      const arr = new Uint8Array(len); crypto.getRandomValues(arr);
+      return Array.from(arr, v => chars[v % chars.length]).join('');
+    }
+    function setAuthInfo(msg, ok=true){
+      const el = $('authResult');
+      el.textContent = msg;
+      el.className = ok ? 'ok' : 'err';
+    }
+    function qs(name){ const u=new URL(location.href); return u.searchParams.get(name); }
+
+    function persist(name, val){ sessionStorage.setItem('demo_'+name, val); }
+    function load(name){ return sessionStorage.getItem('demo_'+name) || ''; }
+
+    // init defaults
+    (function init(){
+      $('redirect_uri').value = window.location.origin + window.location.pathname;
+      // try load from discovery if issuer saved previously
+      const iss = load('issuer'); if(iss) $('issuer').value = iss;
+      const cid = load('client_id'); if(cid) $('client_id').value = cid;
+      const scp = load('scope'); if(scp) $('scope').value = scp;
+    })();
+
+    $('btnDiscover').onclick = async () => {
+      const iss = $('issuer').value.trim(); if(!iss){ alert('请填写 Issuer'); return; }
+      try{
+        persist('issuer', iss);
+        const res = await fetch(iss.replace(/\/$/,'') + '/api/.well-known/openid-configuration');
+        const d = await res.json();
+        $('authorization_endpoint').value = d.authorization_endpoint || '';
+        $('token_endpoint').value = d.token_endpoint || '';
+        $('userinfo_endpoint').value = d.userinfo_endpoint || '';
+        if (d.issuer) { $('issuer').value = d.issuer; persist('issuer', d.issuer); }
+        $('conf_json').value = JSON.stringify(d, null, 2);
+        setAuthInfo('已从发现文档加载端点', true);
+      }catch(e){ setAuthInfo('自动发现失败：'+e, false); }
+    };
+
+    $('btnGenPkce').onclick = async () => {
+      const v = randStr(64); const c = await sha256B64Url(v);
+      $('code_verifier').value = v; $('code_challenge').value = c;
+      persist('code_verifier', v); persist('code_challenge', c);
+      setAuthInfo('已生成 PKCE 参数', true);
+    };
+    $('btnRandomState').onclick = () => { $('state').value = randStr(16); persist('state', $('state').value); };
+    $('btnRandomNonce').onclick = () => { $('nonce').value = randStr(16); persist('nonce', $('nonce').value); };
+
+    function buildAuthorizeURLFromFields() {
+      const auth = $('authorization_endpoint').value.trim();
+      const token = $('token_endpoint').value.trim(); // just validate
+      const cid = $('client_id').value.trim();
+      const red = $('redirect_uri').value.trim();
+      const scp = $('scope').value.trim() || 'openid profile email';
+      const st = $('state').value.trim() || randStr(16);
+      const no = $('nonce').value.trim() || randStr(16);
+      const cc = $('code_challenge').value.trim();
+      const cv = $('code_verifier').value.trim();
+      if(!auth || !token || !cid || !red){ throw new Error('请先完善端点/ClientID/RedirectURI'); }
+      if(!cc || !cv){ throw new Error('请先生成 PKCE'); }
+      persist('authorization_endpoint', auth); persist('token_endpoint', token);
+      persist('client_id', cid); persist('redirect_uri', red); persist('scope', scp);
+      persist('state', st); persist('nonce', no); persist('code_verifier', cv);
+      const u = new URL(auth);
+      u.searchParams.set('response_type', 'code');
+      u.searchParams.set('client_id', cid);
+      u.searchParams.set('redirect_uri', red);
+      u.searchParams.set('scope', scp);
+      u.searchParams.set('state', st);
+      u.searchParams.set('nonce', no);
+      u.searchParams.set('code_challenge', cc);
+      u.searchParams.set('code_challenge_method', 'S256');
+      return u.toString();
+    }
+    $('btnMakeAuthURL').onclick = () => {
+      try {
+        const url = buildAuthorizeURLFromFields();
+        $('authorize_url').value = url;
+        setAuthInfo('已生成授权链接', true);
+      } catch(e){ setAuthInfo(e.message, false); }
+    };
+    $('btnAuthorize').onclick = () => {
+      try { const url = buildAuthorizeURLFromFields(); location.href = url; }
+      catch(e){ setAuthInfo(e.message, false); }
+    };
+    $('btnCopyAuthURL').onclick = async () => { try{ await navigator.clipboard.writeText($('authorize_url').value); }catch{} };
+
+    // Parse OIDC discovery JSON pasted by user
+    $('btnParseConf').onclick = () => {
+      const txt = $('conf_json').value.trim(); if(!txt){ alert('请先粘贴 JSON'); return; }
+      try{
+        const d = JSON.parse(txt);
+        if (d.issuer) { $('issuer').value = d.issuer; persist('issuer', d.issuer); }
+        if (d.authorization_endpoint) $('authorization_endpoint').value = d.authorization_endpoint;
+        if (d.token_endpoint) $('token_endpoint').value = d.token_endpoint;
+        if (d.userinfo_endpoint) $('userinfo_endpoint').value = d.userinfo_endpoint;
+        setAuthInfo('已解析配置并填充端点', true);
+      }catch(e){ setAuthInfo('解析失败：'+e, false); }
+    };
+    // Generate a minimal discovery JSON from current fields
+    $('btnGenConf').onclick = () => {
+      const d = {
+        issuer: $('issuer').value.trim() || undefined,
+        authorization_endpoint: $('authorization_endpoint').value.trim() || undefined,
+        token_endpoint: $('token_endpoint').value.trim() || undefined,
+        userinfo_endpoint: $('userinfo_endpoint').value.trim() || undefined,
+      };
+      $('conf_json').value = JSON.stringify(d, null, 2);
+    };
+
+    async function postForm(url, data){
+      const body = Object.entries(data).map(([k,v])=> `${encodeURIComponent(k)}=${encodeURIComponent(v)}`).join('&');
+      const res = await fetch(url, { method:'POST', headers:{ 'Content-Type':'application/x-www-form-urlencoded' }, body });
+      if(!res.ok){ const t = await res.text(); throw new Error(`HTTP ${res.status} ${t}`); }
+      return res.json();
+    }
+
+    async function handleCallback(){
+      const code = qs('code'); const err = qs('error');
+      const state = qs('state');
+      if(err){ setAuthInfo('授权失败：'+err, false); return; }
+      if(!code){ setAuthInfo('等待授权...', true); return; }
+      // state check
+      if(state && load('state') && state !== load('state')){ setAuthInfo('state 不匹配，已拒绝', false); return; }
+      try{
+        const tokenEp = load('token_endpoint');
+        const data = await postForm(tokenEp, {
+          grant_type:'authorization_code',
+          code,
+          client_id: load('client_id'),
+          redirect_uri: load('redirect_uri'),
+          code_verifier: load('code_verifier')
+        });
+        $('access_token').value = data.access_token || '';
+        $('id_token').value = data.id_token || '';
+        $('refresh_token').value = data.refresh_token || '';
+        $('token_raw').value = JSON.stringify(data, null, 2);
+        setAuthInfo('授权成功，已获取令牌', true);
+      }catch(e){ setAuthInfo('交换令牌失败：'+e.message, false); }
+    }
+    handleCallback();
+
+    $('btnCopyAT').onclick = async () => { try{ await navigator.clipboard.writeText($('access_token').value); }catch{} };
+    $('btnDecodeJWT').onclick = () => {
+      const t = $('id_token').value.trim(); if(!t){ $('jwtClaims').textContent='(空)'; return; }
+      const parts = t.split('.'); if(parts.length<2){ $('jwtClaims').textContent='格式错误'; return; }
+      try{ const json = JSON.parse(atob(parts[1].replace(/-/g,'+').replace(/_/g,'/'))); $('jwtClaims').textContent = JSON.stringify(json, null, 2);}catch(e){ $('jwtClaims').textContent='解码失败：'+e; }
+    };
+    $('btnCallUserInfo').onclick = async () => {
+      const at = $('access_token').value.trim(); const ep = $('userinfo_endpoint').value.trim(); if(!at||!ep){ alert('请填写UserInfo端点并获取AccessToken'); return; }
+      try{
+        const res = await fetch(ep, { headers:{ Authorization: 'Bearer '+at } });
+        const data = await res.json(); $('userinfoOut').textContent = JSON.stringify(data, null, 2);
+      }catch(e){ $('userinfoOut').textContent = '调用失败：'+e; }
+    };
+    $('btnRefreshToken').onclick = async () => {
+      const rt = $('refresh_token').value.trim(); if(!rt){ alert('没有刷新令牌'); return; }
+      try{
+        const tokenEp = load('token_endpoint');
+        const data = await postForm(tokenEp, {
+          grant_type:'refresh_token',
+          refresh_token: rt,
+          client_id: load('client_id')
+        });
+        $('access_token').value = data.access_token || '';
+        $('id_token').value = data.id_token || '';
+        $('refresh_token').value = data.refresh_token || '';
+        $('token_raw').value = JSON.stringify(data, null, 2);
+        setAuthInfo('刷新成功', true);
+      }catch(e){ setAuthInfo('刷新失败：'+e.message, false); }
+    };
+  </script>
+</body>
+</html>
--- a/examples/oauth/oauth2_test_client.go
+++ b/examples/oauth/oauth2_test_client.go
@@ -0,0 +1,181 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"net/url"
+	"path"
+	"strings"
+	"time"
+
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/clientcredentials"
+)
+
+func main() {
+	// 测试 Client Credentials 流程
+	//testClientCredentials()
+
+	// 测试 Authorization Code + PKCE 流程（需要浏览器交互）
+	testAuthorizationCode()
+}
+
+// testClientCredentials 测试服务对服务认证
+func testClientCredentials() {
+	fmt.Println("=== Testing Client Credentials Flow ===")
+
+	cfg := clientcredentials.Config{
+		ClientID:     "client_dsFyyoyNZWjhbNa2", // 需要先创建客户端
+		ClientSecret: "hLLdn2Ia4UM7hcsJaSuUFDV0Px9BrkNq",
+		TokenURL:     "http://localhost:3000/api/oauth/token",
+		Scopes:       []string{"api:read", "api:write"},
+		EndpointParams: map[string][]string{
+			"audience": {"api://new-api"},
+		},
+	}
+
+	// 创建HTTP客户端
+	httpClient := cfg.Client(context.Background())
+
+	// 调用受保护的API
+	resp, err := httpClient.Get("http://localhost:3000/api/status")
+	if err != nil {
+		log.Printf("Request failed: %v", err)
+		return
+	}
+	defer resp.Body.Close()
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		log.Printf("Failed to read response: %v", err)
+		return
+	}
+
+	fmt.Printf("Status: %s\n", resp.Status)
+	fmt.Printf("Response: %s\n", string(body))
+}
+
+// testAuthorizationCode 测试授权码流程
+func testAuthorizationCode() {
+	fmt.Println("=== Testing Authorization Code + PKCE Flow ===")
+
+	conf := oauth2.Config{
+		ClientID:     "client_dsFyyoyNZWjhbNa2", // 需要先创建客户端
+		ClientSecret: "JHiugKf89OMmTLuZMZyA2sgZnO0Ioae3",
+		RedirectURL:  "http://localhost:9999/callback",
+		// 包含 openid/profile/email 以便调用 UserInfo
+		Scopes: []string{"openid", "profile", "email", "api:read"},
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  "http://localhost:3000/api/oauth/authorize",
+			TokenURL: "http://localhost:3000/api/oauth/token",
+		},
+	}
+
+	// 生成PKCE参数
+	codeVerifier := oauth2.GenerateVerifier()
+	state := fmt.Sprintf("state-%d", time.Now().Unix())
+
+	// 构建授权URL
+	url := conf.AuthCodeURL(
+		state,
+		oauth2.S256ChallengeOption(codeVerifier),
+		//oauth2.SetAuthURLParam("audience", "api://new-api"),
+	)
+
+	fmt.Printf("Visit this URL to authorize:\n%s\n\n", url)
+	fmt.Printf("A local server will listen on http://localhost:9999/callback to receive the code...\n")
+
+	// 启动回调本地服务器，自动接收授权码
+	codeCh := make(chan string, 1)
+	srv := &http.Server{Addr: ":9999"}
+	http.HandleFunc("/callback", func(w http.ResponseWriter, r *http.Request) {
+		q := r.URL.Query()
+		if errParam := q.Get("error"); errParam != "" {
+			fmt.Fprintf(w, "Authorization failed: %s", errParam)
+			return
+		}
+		gotState := q.Get("state")
+		if gotState != state {
+			http.Error(w, "state mismatch", http.StatusBadRequest)
+			return
+		}
+		code := q.Get("code")
+		if code == "" {
+			http.Error(w, "missing code", http.StatusBadRequest)
+			return
+		}
+		fmt.Fprintln(w, "Authorization received. You may close this window.")
+		select {
+		case codeCh <- code:
+		default:
+		}
+		go func() {
+			// 稍后关闭服务
+			_ = srv.Shutdown(context.Background())
+		}()
+	})
+	go func() {
+		_ = srv.ListenAndServe()
+	}()
+
+	// 等待授权码
+	var code string
+	select {
+	case code = <-codeCh:
+	case <-time.After(5 * time.Minute):
+		log.Println("Timeout waiting for authorization code")
+		_ = srv.Shutdown(context.Background())
+		return
+	}
+
+	// 交换令牌
+	token, err := conf.Exchange(
+		context.Background(),
+		code,
+		oauth2.VerifierOption(codeVerifier),
+	)
+	if err != nil {
+		log.Printf("Token exchange failed: %v", err)
+		return
+	}
+
+	fmt.Printf("Access Token: %s\n", token.AccessToken)
+	fmt.Printf("Token Type: %s\n", token.TokenType)
+	fmt.Printf("Expires In: %v\n", token.Expiry)
+
+	// 使用令牌调用 UserInfo
+	client := conf.Client(context.Background(), token)
+	userInfoURL := buildUserInfoFromAuth(conf.Endpoint.AuthURL)
+	resp, err := client.Get(userInfoURL)
+	if err != nil {
+		log.Printf("UserInfo request failed: %v", err)
+		return
+	}
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		log.Printf("Failed to read UserInfo response: %v", err)
+		return
+	}
+	fmt.Printf("UserInfo: %s\n", string(body))
+}
+
+// buildUserInfoFromAuth 将授权端点URL转换为UserInfo端点URL
+func buildUserInfoFromAuth(auth string) string {
+	u, err := url.Parse(auth)
+	if err != nil {
+		return ""
+	}
+	// 将最后一个路径段 authorize 替换为 userinfo
+	dir := path.Dir(u.Path)
+	if strings.HasSuffix(u.Path, "/authorize") {
+		u.Path = path.Join(dir, "userinfo")
+	} else {
+		// 回退：追加默认 /oauth/userinfo
+		u.Path = path.Join(dir, "userinfo")
+	}
+	return u.String()
+}
--- a/go.mod
+++ b/go.mod
@@ -1,7 +1,7 @@
 module one-api

 // +heroku goVersion go1.18
-go 1.25.1
+go 1.23.4

 require (
 	github.com/Calcium-Ion/go-epay v0.0.4
@@ -11,21 +11,24 @@ require (
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.11
 	github.com/aws/aws-sdk-go-v2/service/bedrockruntime v1.33.0
 	github.com/aws/smithy-go v1.22.5
-	github.com/bytedance/gopkg v0.1.3
+	github.com/bytedance/gopkg v0.0.0-20221122125632-68358b8ecec6
 	github.com/gin-contrib/cors v1.7.2
 	github.com/gin-contrib/gzip v0.0.6
 	github.com/gin-contrib/sessions v0.0.5
 	github.com/gin-contrib/static v0.0.1
 	github.com/gin-gonic/gin v1.9.1
 	github.com/glebarez/sqlite v1.9.0
+	github.com/go-oauth2/gin-server v1.1.0
+	github.com/go-oauth2/oauth2/v4 v4.5.4
 	github.com/go-playground/validator/v10 v10.20.0
 	github.com/go-redis/redis/v8 v8.11.5
-	github.com/go-webauthn/webauthn v0.14.0
 	github.com/golang-jwt/jwt v3.2.2+incompatible
+	github.com/golang-jwt/jwt/v5 v5.3.0
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/websocket v1.5.0
 	github.com/jinzhu/copier v0.4.0
 	github.com/joho/godotenv v1.5.1
+	github.com/lestrrat-go/jwx/v2 v2.1.6
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.5.0
 	github.com/samber/lo v1.39.0
@@ -36,10 +39,11 @@ require (
 	github.com/tidwall/gjson v1.18.0
 	github.com/tidwall/sjson v1.2.5
 	github.com/tiktoken-go/tokenizer v0.6.2
-	golang.org/x/crypto v0.42.0
+	golang.org/x/crypto v0.35.0
 	golang.org/x/image v0.23.0
-	golang.org/x/net v0.43.0
-	golang.org/x/sync v0.17.0
+	golang.org/x/net v0.35.0
+	golang.org/x/oauth2 v0.30.0
+	golang.org/x/sync v0.11.0
 	gorm.io/driver/mysql v1.4.3
 	gorm.io/driver/postgres v1.5.2
 	gorm.io/gorm v1.25.2
@@ -51,14 +55,15 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.2 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.2 // indirect
 	github.com/boombuler/barcode v1.1.0 // indirect
-	github.com/bytedance/sonic v1.14.1 // indirect
-	github.com/bytedance/sonic/loader v0.3.0 // indirect
+	github.com/bytedance/sonic v1.11.6 // indirect
+	github.com/bytedance/sonic/loader v0.1.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/cloudwego/base64x v0.1.6 // indirect
+	github.com/cloudwego/base64x v0.1.4 // indirect
+	github.com/cloudwego/iasm v0.2.0 // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/dlclark/regexp2 v1.11.5 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
-	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/glebarez/go-sqlite v1.21.2 // indirect
@@ -66,11 +71,8 @@ require (
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-sql-driver/mysql v1.7.0 // indirect
-	github.com/go-webauthn/x v0.1.25 // indirect
-	github.com/goccy/go-json v0.10.2 // indirect
-	github.com/golang-jwt/jwt/v5 v5.3.0 // indirect
+	github.com/goccy/go-json v0.10.3 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/google/go-tpm v0.9.5 // indirect
 	github.com/gorilla/context v1.1.1 // indirect
 	github.com/gorilla/securecookie v1.1.1 // indirect
 	github.com/gorilla/sessions v1.2.1 // indirect
@@ -81,26 +83,36 @@ require (
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.3 // indirect
+	github.com/lestrrat-go/httpcc v1.0.1 // indirect
+	github.com/lestrrat-go/httprc v1.0.6 // indirect
+	github.com/lestrrat-go/iter v1.0.2 // indirect
+	github.com/lestrrat-go/option v1.0.1 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.1 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
+	github.com/segmentio/asm v1.2.0 // indirect
+	github.com/tidwall/btree v0.0.0-20191029221954-400434d76274 // indirect
+	github.com/tidwall/buntdb v1.1.2 // indirect
+	github.com/tidwall/grect v0.0.0-20161006141115-ba9a043346eb // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
+	github.com/tidwall/rtree v0.0.0-20180113144539-6cd427091e0e // indirect
+	github.com/tidwall/tinyqueue v0.0.0-20180302190814-1e39f5511563 // indirect
 	github.com/tklauser/go-sysconf v0.3.12 // indirect
 	github.com/tklauser/numcpus v0.6.1 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
-	github.com/x448/float16 v0.8.4 // indirect
 	github.com/yusufpapurcu/wmi v1.2.3 // indirect
-	golang.org/x/arch v0.21.0 // indirect
+	golang.org/x/arch v0.12.0 // indirect
 	golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0 // indirect
-	golang.org/x/sys v0.36.0 // indirect
-	golang.org/x/text v0.29.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
 	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	modernc.org/libc v1.22.5 // indirect
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,7 @@
 github.com/Calcium-Ion/go-epay v0.0.4 h1:C96M7WfRLadcIVscWzwLiYs8etI1wrDmtFMuK2zP22A=
 github.com/Calcium-Ion/go-epay v0.0.4/go.mod h1:cxo/ZOg8ClvE3VAnCmEzbuyAZINSq7kFEN9oHj5WQ2U=
+github.com/ajg/form v1.5.1 h1:t9c7v8JUKu/XxOGBU0yjNpaMloxGEJhUkqFRq0ibGeU=
+github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY=
 github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA=
 github.com/andybalholm/brotli v1.1.1/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA=
 github.com/anknown/ahocorasick v0.0.0-20190904063843-d75dbd5169c0 h1:onfun1RA+KcxaMk1lfrRnwCd1UUuOjJM/lri5eM1qMs=
@@ -23,32 +25,38 @@ github.com/aws/smithy-go v1.22.5/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/boombuler/barcode v1.1.0 h1:ChaYjBR63fr4LFyGn8E8nt7dBSt3MiU3zMOZqFvVkHo=
 github.com/boombuler/barcode v1.1.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
-github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
-github.com/bytedance/sonic v1.14.1 h1:FBMC0zVz5XUmE4z9wF4Jey0An5FueFvOsTKKKtwIl7w=
-github.com/bytedance/sonic v1.14.1/go.mod h1:gi6uhQLMbTdeP0muCnrjHLeCUPyb70ujhnNlhOylAFc=
-github.com/bytedance/sonic/loader v0.3.0 h1:dskwH8edlzNMctoruo8FPTJDF3vLtDT0sXZwvZJyqeA=
-github.com/bytedance/sonic/loader v0.3.0/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
+github.com/bytedance/gopkg v0.0.0-20221122125632-68358b8ecec6 h1:FCLDGi1EmB7JzjVVYNZiqc/zAJj2BQ5M0lfkVOxbfs8=
+github.com/bytedance/gopkg v0.0.0-20221122125632-68358b8ecec6/go.mod h1:5FoAH5xUHHCMDvQPy1rnj8moqLkLHFaDVBjHhcFwEi0=
+github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0=
+github.com/bytedance/sonic v1.11.6/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4=
+github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM=
+github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
-github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
+github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
+github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
+github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
+github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 h1:NMZiJj8QnKe1LgsbDayM4UoHwbvwDRwnI3hwNaAHRnc=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0/go.mod h1:ZXNYxsqcloTdSy/rNShjYzMhyjf0LaoftYK0p+A3h40=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/dlclark/regexp2 v1.11.5 h1:Q/sSnsKerHeCkc/jSTNq1oCm7KiVgUMZRDUoRu0JQZQ=
 github.com/dlclark/regexp2 v1.11.5/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
+github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM=
-github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
 github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
 github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
+github.com/gavv/httpexpect v2.0.0+incompatible h1:1X9kcRshkSKEjNJJxX9Y9mQ5BRfbxU5kORdjhlA1yX8=
+github.com/gavv/httpexpect v2.0.0+incompatible/go.mod h1:x+9tiU1YnrOvnB725RkpoLv1M62hOWzwo5OXotisrKc=
 github.com/gin-contrib/cors v1.7.2 h1:oLDHxdg8W/XDoN/8zamqk/Drgt4oVZDvaV0YmvVICQw=
 github.com/gin-contrib/cors v1.7.2/go.mod h1:SUJVARKgQ40dmrzgXEVxj2m7Ig1v1qIboQkPDTQ9t2E=
 github.com/gin-contrib/gzip v0.0.6 h1:NjcunTcGAj5CO1gn4N8jHOSIeRFHIbn51z6K+xaN4d4=
@@ -67,6 +75,10 @@ github.com/glebarez/go-sqlite v1.21.2 h1:3a6LFC4sKahUunAmynQKLZceZCOzUthkRkEAl9g
 github.com/glebarez/go-sqlite v1.21.2/go.mod h1:sfxdZyhQjTM2Wry3gVYWaW072Ri1WMdWJi0k6+3382k=
 github.com/glebarez/sqlite v1.9.0 h1:Aj6bPA12ZEx5GbSF6XADmCkYXlljPNUY+Zf1EQxynXs=
 github.com/glebarez/sqlite v1.9.0/go.mod h1:YBYCoyupOao60lzp1MVBLEjZfgkq0tdB1voAQ09K9zw=
+github.com/go-oauth2/gin-server v1.1.0 h1:+7AyIfrcKaThZxxABRYECysxAfTccgpFdAqY1enuzBk=
+github.com/go-oauth2/gin-server v1.1.0/go.mod h1:f08F3l5/Pbayb4pjnv5PpUdQLFejgGfHrTjA6IZb0eM=
+github.com/go-oauth2/oauth2/v4 v4.5.4 h1:YjI0tmGW8oxVhn9QSBIxlr641QugWrJY5UWa6XmLcW0=
+github.com/go-oauth2/oauth2/v4 v4.5.4/go.mod h1:BXiOY+QZtZy2ewbsGk2B5P8TWmtz/Rf7ES5ZttQFxfQ=
 github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
 github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
@@ -89,13 +101,9 @@ github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ7YPc=
 github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
-github.com/go-webauthn/webauthn v0.14.0 h1:ZLNPUgPcDlAeoxe+5umWG/tEeCoQIDr7gE2Zx2QnhL0=
-github.com/go-webauthn/webauthn v0.14.0/go.mod h1:QZzPFH3LJ48u5uEPAu+8/nWJImoLBWM7iAH/kSVSo6k=
-github.com/go-webauthn/x v0.1.25 h1:g/0noooIGcz/yCVqebcFgNnGIgBlJIccS+LYAa+0Z88=
-github.com/go-webauthn/x v0.1.25/go.mod h1:ieblaPY1/BVCV0oQTsA/VAo08/TWayQuJuo5Q+XxmTY=
 github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
-github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
-github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
+github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=
@@ -105,13 +113,15 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-tpm v0.9.5 h1:ocUmnDebX54dnW+MQWGQRbdaAcJELsa6PqZhJ48KwVU=
-github.com/google/go-tpm v0.9.5/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY=
+github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
+github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 h1:Xim43kblpZXfIBQsbuBVKCudVG457BR2GZFIz3uw3hQ=
 github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00 h1:l5lAOZEym3oK3SQ2HBHWsJUfbNBiTXJDeW2QDxw9AQ0=
+github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
@@ -120,6 +130,8 @@ github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7Fsg
 github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
 github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/imkira/go-interpol v1.1.0 h1:KIiKr0VSG2CUW1hl1jpiyuzuJeKUUpC8iM1AIE7N1Vk=
+github.com/imkira/go-interpol v1.1.0/go.mod h1:z0h2/2T3XF8kyEPpRgJ3kmNv+C43p+I/CoI+jC3w2iA=
 github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
@@ -140,8 +152,14 @@ github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwA
 github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
-github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
+github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
+github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/klauspost/compress v1.15.0 h1:xqfchp4whNFxn5A4XFyyYtitiWI8Hy5EW59jEwcyL6U=
+github.com/klauspost/compress v1.15.0/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
+github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
+github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
+github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
@@ -154,6 +172,18 @@ github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgx
 github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
+github.com/lestrrat-go/blackmagic v1.0.3 h1:94HXkVLxkZO9vJI/w2u1T0DAoprShFd13xtnSINtDWs=
+github.com/lestrrat-go/blackmagic v1.0.3/go.mod h1:6AWFyKNNj0zEXQYfTMPfZrAXUWUfTIZ5ECEUEJaijtw=
+github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
+github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
+github.com/lestrrat-go/httprc v1.0.6 h1:qgmgIRhpvBqexMJjA/PmwSvhNk679oqD1RbovdCGW8k=
+github.com/lestrrat-go/httprc v1.0.6/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
+github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
+github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
+github.com/lestrrat-go/jwx/v2 v2.1.6 h1:hxM1gfDILk/l5ylers6BX/Eq1m/pnxe9NBwW6lVfecA=
+github.com/lestrrat-go/jwx/v2 v2.1.6/go.mod h1:Y722kU5r/8mV7fYDifjug0r8FK8mZdw0K0GpJw/l8pU=
+github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
+github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
@@ -166,6 +196,8 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/moul/http2curl v1.0.0 h1:dRMWoAtb+ePxMlLkrCbAqh4TlPHXvoGUSQ323/9Zahs=
+github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
@@ -190,10 +222,18 @@ github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUA
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/samber/lo v1.39.0 h1:4gTz1wUhNYLhFSKl6O+8peW0v2F4BCY034GRpU9WnuA=
 github.com/samber/lo v1.39.0/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA=
+github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
+github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
+github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
+github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/shirou/gopsutil v3.21.11+incompatible h1:+1+c1VGhc88SSonWP6foOcLhvnKlUeu/erjjvaPEYiI=
 github.com/shirou/gopsutil v3.21.11+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
 github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
 github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
+github.com/smartystreets/assertions v1.1.0 h1:MkTeG1DMwsrdH7QtLXy5W+fUxWq+vmb6cLmyJ7aRtF0=
+github.com/smartystreets/assertions v1.1.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
+github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
+github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
@@ -207,21 +247,34 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
-github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stripe/stripe-go/v81 v81.4.0 h1:AuD9XzdAvl193qUCSaLocf8H+nRopOouXhxqJUzCLbw=
 github.com/stripe/stripe-go/v81 v81.4.0/go.mod h1:C/F4jlmnGNacvYtBp/LUHCvVUJEZffFQCobkzwY1WOo=
 github.com/thanhpk/randstr v1.0.6 h1:psAOktJFD4vV9NEVb3qkhRSMvYh4ORRaj1+w/hn4B+o=
 github.com/thanhpk/randstr v1.0.6/go.mod h1:M/H2P1eNLZzlDwAzpkkkUvoyNNMbzRGhESZuEQk3r0U=
+github.com/tidwall/btree v0.0.0-20191029221954-400434d76274 h1:G6Z6HvJuPjG6XfNGi/feOATzeJrfgTNJY+rGrHbA04E=
+github.com/tidwall/btree v0.0.0-20191029221954-400434d76274/go.mod h1:huei1BkDWJ3/sLXmO+bsCNELL+Bp2Kks9OLyQFkzvA8=
+github.com/tidwall/buntdb v1.1.2 h1:noCrqQXL9EKMtcdwJcmuVKSEjqu1ua99RHHgbLTEHRo=
+github.com/tidwall/buntdb v1.1.2/go.mod h1:xAzi36Hir4FarpSHyfuZ6JzPJdjRZ8QlLZSntE2mqlI=
+github.com/tidwall/gjson v1.3.4/go.mod h1:P256ACg0Mn+j1RXIDXoss50DeIABTYK1PULOJHhxOls=
 github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
 github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY=
 github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
+github.com/tidwall/grect v0.0.0-20161006141115-ba9a043346eb h1:5NSYaAdrnblKByzd7XByQEJVT8+9v0W/tIY0Oo4OwrE=
+github.com/tidwall/grect v0.0.0-20161006141115-ba9a043346eb/go.mod h1:lKYYLFIr9OIgdgrtgkZ9zgRxRdvPYsExnYBsEAd8W5M=
+github.com/tidwall/match v1.0.1/go.mod h1:LujAq0jyVjBy028G1WhWfIzbpQfMO8bBZ6Tyb0+pL9E=
 github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
 github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
+github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
 github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
+github.com/tidwall/rtree v0.0.0-20180113144539-6cd427091e0e h1:+NL1GDIUOKxVfbp2KoJQD9cTQ6dyP2co9q4yzmT9FZo=
+github.com/tidwall/rtree v0.0.0-20180113144539-6cd427091e0e/go.mod h1:/h+UnNGt0IhNNJLkGikcdcJqm66zGD/uJGMRxK/9+Ao=
 github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY=
 github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28=
+github.com/tidwall/tinyqueue v0.0.0-20180302190814-1e39f5511563 h1:Otn9S136ELckZ3KKDyCkxapfufrqDqwmGjcHfAyXRrE=
+github.com/tidwall/tinyqueue v0.0.0-20180302190814-1e39f5511563/go.mod h1:mLqSmt7Dv/CNneF2wfcChfN1rvapyQr01LGKnKex0DQ=
 github.com/tiktoken-go/tokenizer v0.6.2 h1:t0GN2DvcUZSFWT/62YOgoqb10y7gSXBGs0A+4VCQK+g=
 github.com/tiktoken-go/tokenizer v0.6.2/go.mod h1:6UCYI/DtOallbmL7sSy30p6YQv60qNyU/4aVigPOx6w=
 github.com/tklauser/go-sysconf v0.3.12 h1:0QaGUFOdQaIVdPgfITYzaTegZvdCjmYO52cSFAEVmqU=
@@ -236,29 +289,45 @@ github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLY
 github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY=
 github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
 github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
-github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
-github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
+github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
+github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
+github.com/valyala/fasthttp v1.34.0 h1:d3AAQJ2DRcxJYHm7OXNXtXt2as1vMDfxeIcFvhmGGm4=
+github.com/valyala/fasthttp v1.34.0/go.mod h1:epZA5N+7pY6ZaEKRmstzOuYJx9HI8DI1oaCGZpdH4h0=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
+github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
+github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
 github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
+github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0 h1:6fRhSjgLCkTD3JnJxvaJ4Sj+TYblw757bqYgZaOq5ZY=
+github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0/go.mod h1:/LWChgwKmvncFJFHJ7Gvn9wZArjbV5/FppcK2fKk/tI=
+github.com/yudai/gojsondiff v1.0.0 h1:27cbfqXLVEJ1o8I6v3y9lg8Ydm53EKqHXAOMxEGlCOA=
+github.com/yudai/gojsondiff v1.0.0/go.mod h1:AY32+k2cwILAkW1fbgxQ5mUmMiZFgLIV+FBNExI05xg=
+github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 h1:BHyfKlQyqbsFN5p3IfnEUduWvb9is428/nNb5L3U01M=
+github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82/go.mod h1:lgjkn3NuSvDfVJdfcVVdX+jpBxNmX4rDAzaS45IcYoM=
 github.com/yusufpapurcu/wmi v1.2.3 h1:E1ctvB7uKFMOJw3fdOW32DwGE9I7t++CRUEMKvFoFiw=
 github.com/yusufpapurcu/wmi v1.2.3/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
-go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
-go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
-golang.org/x/arch v0.21.0 h1:iTC9o7+wP6cPWpDWkivCvQFGAHDQ59SrSxsLPcnkArw=
-golang.org/x/arch v0.21.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
+golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+golang.org/x/arch v0.12.0 h1:UsYJhbzPYGsT0HbEdmYcqtCv8UNGvnaL561NnIUvaKg=
+golang.org/x/arch v0.12.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
-golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
+golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
+golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
 golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0 h1:985EYyeCOxTpcgOTJpflJUwOeEz0CQOdPt73OzpE9F8=
 golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI=
 golang.org/x/image v0.23.0 h1:HseQ7c2OpPKTPVzNjG5fwJsOTCiiwS4QdsYi5XU6H68=
 golang.org/x/image v0.23.0/go.mod h1:wJJBTdLfCCf3tiHa1fNxpZmUI4mmoZvwMCPP0ddoNKY=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
-golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
-golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
-golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
+golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
+golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
+golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
+golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -266,17 +335,18 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20221010170243-090e33056c14/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
-golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
-golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
@@ -313,3 +383,5 @@ modernc.org/memory v1.5.0 h1:N+/8c5rE6EqugZwHii4IFsaJ7MUhoWX07J5tC/iI5Ds=
 modernc.org/memory v1.5.0/go.mod h1:PkUhL0Mugw21sHPeskwZW4D6VscE/GQJOnIpCnW6pSU=
 modernc.org/sqlite v1.23.1 h1:nrSBg4aRQQwq59JpvGEQ15tNxoO5pX/kUjcRNwSAGQM=
 modernc.org/sqlite v1.23.1/go.mod h1:OrDj17Mggn6MhE+iPbBNf7RGKODDE9NFT0f3EwDzJqk=
+nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
--- a/logger/logger.go
+++ b/logger/logger.go
@@ -7,7 +7,6 @@ import (
 	"io"
 	"log"
 	"one-api/common"
-	"one-api/setting/operation_setting"
 	"os"
 	"path/filepath"
 	"sync"
@@ -93,55 +92,18 @@ func logHelper(ctx context.Context, level string, msg string) {
 }

 func LogQuota(quota int) string {
-	// 新逻辑：根据额度展示类型输出
-	q := float64(quota)
-	switch operation_setting.GetQuotaDisplayType() {
-	case operation_setting.QuotaDisplayTypeCNY:
-		usd := q / common.QuotaPerUnit
-		cny := usd * operation_setting.USDExchangeRate
-		return fmt.Sprintf("¥%.6f 额度", cny)
-	case operation_setting.QuotaDisplayTypeCustom:
-		usd := q / common.QuotaPerUnit
-		rate := operation_setting.GetGeneralSetting().CustomCurrencyExchangeRate
-		symbol := operation_setting.GetGeneralSetting().CustomCurrencySymbol
-		if symbol == "" {
-			symbol = "¤"
-		}
-		if rate <= 0 {
-			rate = 1
-		}
-		v := usd * rate
-		return fmt.Sprintf("%s%.6f 额度", symbol, v)
-	case operation_setting.QuotaDisplayTypeTokens:
+	if common.DisplayInCurrencyEnabled {
+		return fmt.Sprintf("＄%.6f 额度", float64(quota)/common.QuotaPerUnit)
+	} else {
 		return fmt.Sprintf("%d 点额度", quota)
-	default: // USD
-		return fmt.Sprintf("＄%.6f 额度", q/common.QuotaPerUnit)
 	}
 }

 func FormatQuota(quota int) string {
-	q := float64(quota)
-	switch operation_setting.GetQuotaDisplayType() {
-	case operation_setting.QuotaDisplayTypeCNY:
-		usd := q / common.QuotaPerUnit
-		cny := usd * operation_setting.USDExchangeRate
-		return fmt.Sprintf("¥%.6f", cny)
-	case operation_setting.QuotaDisplayTypeCustom:
-		usd := q / common.QuotaPerUnit
-		rate := operation_setting.GetGeneralSetting().CustomCurrencyExchangeRate
-		symbol := operation_setting.GetGeneralSetting().CustomCurrencySymbol
-		if symbol == "" {
-			symbol = "¤"
-		}
-		if rate <= 0 {
-			rate = 1
-		}
-		v := usd * rate
-		return fmt.Sprintf("%s%.6f", symbol, v)
-	case operation_setting.QuotaDisplayTypeTokens:
+	if common.DisplayInCurrencyEnabled {
+		return fmt.Sprintf("＄%.6f", float64(quota)/common.QuotaPerUnit)
+	} else {
 		return fmt.Sprintf("%d", quota)
-	default:
-		return fmt.Sprintf("＄%.6f", q/common.QuotaPerUnit)
 	}
 }

--- a/main.go
+++ b/main.go
@@ -1,7 +1,6 @@
 package main

 import (
-	"bytes"
 	"embed"
 	"fmt"
 	"log"
@@ -15,10 +14,9 @@ import (
 	"one-api/router"
 	"one-api/service"
 	"one-api/setting/ratio_setting"
+	"one-api/src/oauth"
 	"os"
 	"strconv"
-	"strings"
-	"time"

 	"github.com/bytedance/gopkg/util/gopool"
 	"github.com/gin-contrib/sessions"
@@ -36,7 +34,6 @@ var buildFS embed.FS
 var indexPage []byte

 func main() {
-	startTime := time.Now()

 	err := InitResources()
 	if err != nil {
@@ -149,31 +146,11 @@ func main() {
 	})
 	server.Use(sessions.Sessions("session", store))

-	analyticsInjectBuilder := &strings.Builder{}
-	if os.Getenv("UMAMI_WEBSITE_ID") != "" {
-		umamiSiteID := os.Getenv("UMAMI_WEBSITE_ID")
-		umamiScriptURL := os.Getenv("UMAMI_SCRIPT_URL")
-		if umamiScriptURL == "" {
-			umamiScriptURL = "https://analytics.umami.is/script.js"
-		}
-		analyticsInjectBuilder.WriteString("<script defer src=\"")
-		analyticsInjectBuilder.WriteString(umamiScriptURL)
-		analyticsInjectBuilder.WriteString("\" data-website-id=\"")
-		analyticsInjectBuilder.WriteString(umamiSiteID)
-		analyticsInjectBuilder.WriteString("\"></script>")
-	}
-	analyticsInject := analyticsInjectBuilder.String()
-	indexPage = bytes.ReplaceAll(indexPage, []byte("<analytics></analytics>\n"), []byte(analyticsInject))
-
 	router.SetRouter(server, buildFS, indexPage)
 	var port = os.Getenv("PORT")
 	if port == "" {
 		port = strconv.Itoa(*common.Port)
 	}
-
-	// Log startup success message
-	common.LogStartupSuccess(startTime, port)
-
 	err = server.Run(":" + port)
 	if err != nil {
 		common.FatalLog("failed to start HTTP server: " + err.Error())
@@ -185,9 +162,8 @@ func InitResources() error {
 	// This is a placeholder function for future resource initialization
 	err := godotenv.Load(".env")
 	if err != nil {
-		if common.DebugEnabled {
-			common.SysLog("No .env file found, using default environment variables. If needed, please create a .env file and set the relevant variables.")
-		}
+		common.SysLog("未找到 .env 文件，使用默认环境变量，如果需要，请创建 .env 文件并设置相关变量")
+		common.SysLog("No .env file found, using default environment variables. If needed, please create a .env file and set the relevant variables.")
 	}

 	// 加载环境变量
@@ -228,5 +204,13 @@ func InitResources() error {
 	if err != nil {
 		return err
 	}
+
+	// Initialize OAuth2 server
+	err = oauth.InitOAuthServer()
+	if err != nil {
+		common.SysLog("Warning: Failed to initialize OAuth2 server: " + err.Error())
+		// OAuth2 失败不应该阻止系统启动
+	}
+
 	return nil
-}
+}
--- a/middleware/auth.go
+++ b/middleware/auth.go
@@ -8,11 +8,14 @@ import (
 	"one-api/model"
 	"one-api/setting"
 	"one-api/setting/ratio_setting"
+	"one-api/setting/system_setting"
+	"one-api/src/oauth"
 	"strconv"
 	"strings"

 	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
+	jwt "github.com/golang-jwt/jwt/v5"
 )

 func validUserInfo(username string, role int) bool {
@@ -177,6 +180,7 @@ func WssAuth(c *gin.Context) {

 func TokenAuth() func(c *gin.Context) {
 	return func(c *gin.Context) {
+		rawAuth := c.Request.Header.Get("Authorization")
 		// 先检测是否为ws
 		if c.Request.Header.Get("Sec-WebSocket-Protocol") != "" {
 			// Sec-WebSocket-Protocol: realtime, openai-insecure-api-key.sk-xxx, openai-beta.realtime-v1
@@ -235,6 +239,11 @@ func TokenAuth() func(c *gin.Context) {
 			}
 		}
 		if err != nil {
+			// OAuth Bearer fallback
+			if tryOAuthBearer(c, rawAuth) {
+				c.Next()
+				return
+			}
 			abortWithOpenAiMessage(c, http.StatusUnauthorized, err.Error())
 			return
 		}
@@ -288,6 +297,74 @@ func TokenAuth() func(c *gin.Context) {
 	}
 }

+// tryOAuthBearer validates an OAuth JWT access token and sets minimal context for relay
+func tryOAuthBearer(c *gin.Context, rawAuth string) bool {
+	if rawAuth == "" || !strings.HasPrefix(rawAuth, "Bearer ") {
+		return false
+	}
+	tokenString := strings.TrimSpace(strings.TrimPrefix(rawAuth, "Bearer "))
+	if tokenString == "" {
+		return false
+	}
+	settings := system_setting.GetOAuth2Settings()
+	// Parse & verify
+	parsed, err := jwt.Parse(tokenString, func(t *jwt.Token) (interface{}, error) {
+		if _, ok := t.Method.(*jwt.SigningMethodRSA); !ok {
+			return nil, jwt.ErrTokenSignatureInvalid
+		}
+		if kid, ok := t.Header["kid"].(string); ok {
+			if settings.JWTKeyID != "" && kid != settings.JWTKeyID {
+				return nil, jwt.ErrTokenSignatureInvalid
+			}
+		}
+		pub := oauth.GetRSAPublicKey()
+		if pub == nil {
+			return nil, jwt.ErrTokenUnverifiable
+		}
+		return pub, nil
+	})
+	if err != nil || parsed == nil || !parsed.Valid {
+		return false
+	}
+	claims, ok := parsed.Claims.(jwt.MapClaims)
+	if !ok {
+		return false
+	}
+	// issuer check when configured
+	if iss, ok2 := claims["iss"].(string); !ok2 || (settings.Issuer != "" && iss != settings.Issuer) {
+		return false
+	}
+	// revoke check
+	if jti, ok2 := claims["jti"].(string); ok2 && jti != "" {
+		if revoked, _ := model.IsTokenRevoked(jti); revoked {
+			return false
+		}
+	}
+	// scope check: must contain api:read or api:write or admin
+	scope, _ := claims["scope"].(string)
+	scopePadded := " " + scope + " "
+	if !(strings.Contains(scopePadded, " api:read ") || strings.Contains(scopePadded, " api:write ") || strings.Contains(scopePadded, " admin ")) {
+		return false
+	}
+	// subject must be user id to support quota logic
+	sub, _ := claims["sub"].(string)
+	uid, err := strconv.Atoi(sub)
+	if err != nil || uid <= 0 {
+		return false
+	}
+	// load user cache & set context
+	userCache, err := model.GetUserCache(uid)
+	if err != nil || userCache == nil || userCache.Status != common.UserStatusEnabled {
+		return false
+	}
+	c.Set("id", uid)
+	c.Set("group", userCache.Group)
+	c.Set("user_group", userCache.Group)
+	// set UsingGroup
+	common.SetContextKey(c, constant.ContextKeyUsingGroup, userCache.Group)
+	return true
+}
+
 func SetupContextForToken(c *gin.Context, token *model.Token, parts ...string) error {
 	if token == nil {
 		return fmt.Errorf("token is nil")
--- a/middleware/distributor.go
+++ b/middleware/distributor.go
@@ -169,9 +169,6 @@ func getModelRequest(c *gin.Context) (*ModelRequest, bool, error) {
 		relayMode := relayconstant.RelayModeUnknown
 		if c.Request.Method == http.MethodPost {
 			err = common.UnmarshalBodyReusable(c, &modelRequest)
-			if err != nil {
-				return nil, false, errors.New("video无效的请求, " + err.Error())
-			}
 			relayMode = relayconstant.RelayModeVideoSubmit
 		} else if c.Request.Method == http.MethodGet {
 			relayMode = relayconstant.RelayModeVideoFetchByID
--- a/middleware/oauth_jwt.go
+++ b/middleware/oauth_jwt.go
@@ -0,0 +1,291 @@
+package middleware
+
+import (
+	"crypto/rsa"
+	"fmt"
+	"net/http"
+	"one-api/common"
+	"one-api/model"
+	"one-api/setting/system_setting"
+	"one-api/src/oauth"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+	"github.com/golang-jwt/jwt/v5"
+)
+
+// OAuthJWTAuth OAuth2 JWT认证中间件
+func OAuthJWTAuth() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		// 检查OAuth2是否启用
+		settings := system_setting.GetOAuth2Settings()
+		if !settings.Enabled {
+			c.Next()
+			return
+		}
+
+		// 获取Authorization header
+		authHeader := c.GetHeader("Authorization")
+		if authHeader == "" {
+			c.Next() // 没有Authorization header，继续到下一个中间件
+			return
+		}
+
+		// 检查是否为Bearer token
+		if !strings.HasPrefix(authHeader, "Bearer ") {
+			c.Next() // 不是Bearer token，继续到下一个中间件
+			return
+		}
+
+		tokenString := strings.TrimPrefix(authHeader, "Bearer ")
+		if tokenString == "" {
+			abortWithOAuthError(c, "invalid_token", "Missing token")
+			return
+		}
+
+		// 验证JWT token
+		claims, err := validateOAuthJWT(tokenString)
+		if err != nil {
+			abortWithOAuthError(c, "invalid_token", err.Error())
+			return
+		}
+
+		// 验证token的有效性
+		if err := validateOAuthClaims(claims); err != nil {
+			abortWithOAuthError(c, "invalid_token", err.Error())
+			return
+		}
+
+		// 设置上下文信息
+		setOAuthContext(c, claims)
+		c.Next()
+	}
+}
+
+// validateOAuthJWT 验证OAuth2 JWT令牌
+func validateOAuthJWT(tokenString string) (jwt.MapClaims, error) {
+	// 解析JWT而不验证签名（先获取header中的kid）
+	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
+		// 检查签名方法
+		if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
+			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+		}
+
+		// 获取kid
+		kid, ok := token.Header["kid"].(string)
+		if !ok {
+			return nil, fmt.Errorf("missing kid in token header")
+		}
+
+		// 根据kid获取公钥
+		publicKey, err := getPublicKeyByKid(kid)
+		if err != nil {
+			return nil, fmt.Errorf("failed to get public key: %w", err)
+		}
+
+		return publicKey, nil
+	})
+
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse token: %w", err)
+	}
+
+	if !token.Valid {
+		return nil, fmt.Errorf("invalid token")
+	}
+
+	claims, ok := token.Claims.(jwt.MapClaims)
+	if !ok {
+		return nil, fmt.Errorf("invalid token claims")
+	}
+
+	return claims, nil
+}
+
+// getPublicKeyByKid 根据kid获取公钥
+func getPublicKeyByKid(kid string) (*rsa.PublicKey, error) {
+	// 这里需要从JWKS获取公钥
+	// 在实际实现中，你可能需要从OAuth server获取JWKS
+	// 这里先实现一个简单版本
+
+	// TODO: 实现JWKS缓存和刷新机制
+	pub := oauth.GetPublicKeyByKid(kid)
+	if pub == nil {
+		return nil, fmt.Errorf("unknown kid: %s", kid)
+	}
+	return pub, nil
+}
+
+// validateOAuthClaims 验证OAuth2 claims
+func validateOAuthClaims(claims jwt.MapClaims) error {
+	settings := system_setting.GetOAuth2Settings()
+
+	// 验证issuer（若配置了 Issuer 则强校验，否则仅要求存在）
+	if iss, ok := claims["iss"].(string); ok {
+		if settings.Issuer != "" && iss != settings.Issuer {
+			return fmt.Errorf("invalid issuer")
+		}
+	} else {
+		return fmt.Errorf("missing issuer claim")
+	}
+
+	// 验证audience
+	// if aud, ok := claims["aud"].(string); ok {
+	// 	// TODO: 验证audience
+	// }
+
+	// 验证客户端ID
+	if clientID, ok := claims["client_id"].(string); ok {
+		// 验证客户端是否存在且有效
+		client, err := model.GetOAuthClientByID(clientID)
+		if err != nil {
+			return fmt.Errorf("invalid client")
+		}
+		if client.Status != common.UserStatusEnabled {
+			return fmt.Errorf("client disabled")
+		}
+
+		// 检查是否被撤销
+		if jti, ok := claims["jti"].(string); ok && jti != "" {
+			revoked, _ := model.IsTokenRevoked(jti)
+			if revoked {
+				return fmt.Errorf("token revoked")
+			}
+		}
+	} else {
+		return fmt.Errorf("missing client_id claim")
+	}
+
+	return nil
+}
+
+// setOAuthContext 设置OAuth上下文信息
+func setOAuthContext(c *gin.Context, claims jwt.MapClaims) {
+	c.Set("oauth_claims", claims)
+	c.Set("oauth_authenticated", true)
+
+	// 提取基本信息
+	if clientID, ok := claims["client_id"].(string); ok {
+		c.Set("oauth_client_id", clientID)
+	}
+
+	if scope, ok := claims["scope"].(string); ok {
+		c.Set("oauth_scope", scope)
+	}
+
+	if sub, ok := claims["sub"].(string); ok {
+		c.Set("oauth_subject", sub)
+	}
+
+	// 对于client_credentials流程，subject就是client_id
+	// 对于authorization_code流程，subject是用户ID
+	if grantType, ok := claims["grant_type"].(string); ok {
+		c.Set("oauth_grant_type", grantType)
+	}
+}
+
+// abortWithOAuthError 返回OAuth错误响应
+func abortWithOAuthError(c *gin.Context, errorCode, description string) {
+	c.Header("WWW-Authenticate", fmt.Sprintf(`Bearer error="%s", error_description="%s"`, errorCode, description))
+	c.JSON(http.StatusUnauthorized, gin.H{
+		"error":             errorCode,
+		"error_description": description,
+	})
+	c.Abort()
+}
+
+// RequireOAuthScope OAuth2 scope验证中间件
+func RequireOAuthScope(requiredScope string) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		// 检查是否通过OAuth认证
+		if !c.GetBool("oauth_authenticated") {
+			abortWithOAuthError(c, "insufficient_scope", "OAuth2 authentication required")
+			return
+		}
+
+		// 获取token的scope
+		scope, exists := c.Get("oauth_scope")
+		if !exists {
+			abortWithOAuthError(c, "insufficient_scope", "No scope in token")
+			return
+		}
+
+		scopeStr, ok := scope.(string)
+		if !ok {
+			abortWithOAuthError(c, "insufficient_scope", "Invalid scope format")
+			return
+		}
+
+		// 检查是否包含所需的scope
+		scopes := strings.Split(scopeStr, " ")
+		for _, s := range scopes {
+			if strings.TrimSpace(s) == requiredScope {
+				c.Next()
+				return
+			}
+		}
+
+		abortWithOAuthError(c, "insufficient_scope", fmt.Sprintf("Required scope: %s", requiredScope))
+	}
+}
+
+// OptionalOAuthAuth 可选的OAuth认证中间件（不会阻止请求）
+func OptionalOAuthAuth() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		// 尝试OAuth认证，但不会阻止请求
+		authHeader := c.GetHeader("Authorization")
+		if authHeader != "" && strings.HasPrefix(authHeader, "Bearer ") {
+			tokenString := strings.TrimPrefix(authHeader, "Bearer ")
+			if claims, err := validateOAuthJWT(tokenString); err == nil {
+				if validateOAuthClaims(claims) == nil {
+					setOAuthContext(c, claims)
+				}
+			}
+		}
+		c.Next()
+	}
+}
+
+// RequireOAuthScopeIfPresent enforces scope only when OAuth is present; otherwise no-op
+func RequireOAuthScopeIfPresent(requiredScope string) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if !c.GetBool("oauth_authenticated") {
+			c.Next()
+			return
+		}
+		scope, exists := c.Get("oauth_scope")
+		if !exists {
+			abortWithOAuthError(c, "insufficient_scope", "No scope in token")
+			return
+		}
+		scopeStr, ok := scope.(string)
+		if !ok {
+			abortWithOAuthError(c, "insufficient_scope", "Invalid scope format")
+			return
+		}
+		scopes := strings.Split(scopeStr, " ")
+		for _, s := range scopes {
+			if strings.TrimSpace(s) == requiredScope {
+				c.Next()
+				return
+			}
+		}
+		abortWithOAuthError(c, "insufficient_scope", fmt.Sprintf("Required scope: %s", requiredScope))
+	}
+}
+
+// GetOAuthClaims 获取OAuth claims
+func GetOAuthClaims(c *gin.Context) (jwt.MapClaims, bool) {
+	claims, exists := c.Get("oauth_claims")
+	if !exists {
+		return nil, false
+	}
+
+	mapClaims, ok := claims.(jwt.MapClaims)
+	return mapClaims, ok
+}
+
+// IsOAuthAuthenticated 检查是否通过OAuth认证
+func IsOAuthAuthenticated(c *gin.Context) bool {
+	return c.GetBool("oauth_authenticated")
+}
--- a/middleware/secure_verification.go
+++ b/middleware/secure_verification.go
@@ -1,131 +0,0 @@
-package middleware
-
-import (
-	"net/http"
-	"time"
-
-	"github.com/gin-contrib/sessions"
-	"github.com/gin-gonic/gin"
-)
-
-const (
-	// SecureVerificationSessionKey 安全验证的 session key（与 controller 保持一致）
-	SecureVerificationSessionKey = "secure_verified_at"
-	// SecureVerificationTimeout 验证有效期（秒）
-	SecureVerificationTimeout = 300 // 5分钟
-)
-
-// SecureVerificationRequired 安全验证中间件
-// 检查用户是否在有效时间内通过了安全验证
-// 如果未验证或验证已过期，返回 401 错误
-func SecureVerificationRequired() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		// 检查用户是否已登录
-		userId := c.GetInt("id")
-		if userId == 0 {
-			c.JSON(http.StatusUnauthorized, gin.H{
-				"success": false,
-				"message": "未登录",
-			})
-			c.Abort()
-			return
-		}
-
-		// 检查 session 中的验证时间戳
-		session := sessions.Default(c)
-		verifiedAtRaw := session.Get(SecureVerificationSessionKey)
-
-		if verifiedAtRaw == nil {
-			c.JSON(http.StatusForbidden, gin.H{
-				"success": false,
-				"message": "需要安全验证",
-				"code":    "VERIFICATION_REQUIRED",
-			})
-			c.Abort()
-			return
-		}
-
-		verifiedAt, ok := verifiedAtRaw.(int64)
-		if !ok {
-			// session 数据格式错误
-			session.Delete(SecureVerificationSessionKey)
-			_ = session.Save()
-			c.JSON(http.StatusForbidden, gin.H{
-				"success": false,
-				"message": "验证状态异常，请重新验证",
-				"code":    "VERIFICATION_INVALID",
-			})
-			c.Abort()
-			return
-		}
-
-		// 检查验证是否过期
-		elapsed := time.Now().Unix() - verifiedAt
-		if elapsed >= SecureVerificationTimeout {
-			// 验证已过期，清除 session
-			session.Delete(SecureVerificationSessionKey)
-			_ = session.Save()
-			c.JSON(http.StatusForbidden, gin.H{
-				"success": false,
-				"message": "验证已过期，请重新验证",
-				"code":    "VERIFICATION_EXPIRED",
-			})
-			c.Abort()
-			return
-		}
-
-		// 验证有效，继续处理请求
-		c.Next()
-	}
-}
-
-// OptionalSecureVerification 可选的安全验证中间件
-// 如果用户已验证，则在 context 中设置标记，但不阻止请求继续
-// 用于某些需要区分是否已验证的场景
-func OptionalSecureVerification() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		userId := c.GetInt("id")
-		if userId == 0 {
-			c.Set("secure_verified", false)
-			c.Next()
-			return
-		}
-
-		session := sessions.Default(c)
-		verifiedAtRaw := session.Get(SecureVerificationSessionKey)
-
-		if verifiedAtRaw == nil {
-			c.Set("secure_verified", false)
-			c.Next()
-			return
-		}
-
-		verifiedAt, ok := verifiedAtRaw.(int64)
-		if !ok {
-			c.Set("secure_verified", false)
-			c.Next()
-			return
-		}
-
-		elapsed := time.Now().Unix() - verifiedAt
-		if elapsed >= SecureVerificationTimeout {
-			session.Delete(SecureVerificationSessionKey)
-			_ = session.Save()
-			c.Set("secure_verified", false)
-			c.Next()
-			return
-		}
-
-		c.Set("secure_verified", true)
-		c.Set("secure_verified_at", verifiedAt)
-		c.Next()
-	}
-}
-
-// ClearSecureVerification 清除安全验证状态
-// 用于用户登出或需要强制重新验证的场景
-func ClearSecureVerification(c *gin.Context) {
-	session := sessions.Default(c)
-	session.Delete(SecureVerificationSessionKey)
-	_ = session.Save()
-}
--- a/model/main.go
+++ b/model/main.go
@@ -251,7 +251,6 @@ func migrateDB() error {
 		&Channel{},
 		&Token{},
 		&User{},
-		&PasskeyCredential{},
 		&Option{},
 		&Redemption{},
 		&Ability{},
@@ -266,6 +265,7 @@ func migrateDB() error {
 		&Setup{},
 		&TwoFA{},
 		&TwoFABackupCode{},
+		&OAuthClient{},
 	)
 	if err != nil {
 		return err
@@ -284,7 +284,6 @@ func migrateDBFast() error {
 		{&Channel{}, "Channel"},
 		{&Token{}, "Token"},
 		{&User{}, "User"},
-		{&PasskeyCredential{}, "PasskeyCredential"},
 		{&Option{}, "Option"},
 		{&Redemption{}, "Redemption"},
 		{&Ability{}, "Ability"},
--- a/model/oauth_client.go
+++ b/model/oauth_client.go
@@ -0,0 +1,183 @@
+package model
+
+import (
+	"encoding/json"
+	"one-api/common"
+	"strings"
+	"time"
+
+	"gorm.io/gorm"
+)
+
+// OAuthClient OAuth2 客户端模型
+type OAuthClient struct {
+	ID           string         `json:"id" gorm:"type:varchar(64);primaryKey"`
+	Secret       string         `json:"secret" gorm:"type:varchar(128);not null"`
+	Name         string         `json:"name" gorm:"type:varchar(255);not null"`
+	Domain       string         `json:"domain" gorm:"type:varchar(255)"` // 允许的重定向域名
+	RedirectURIs string         `json:"redirect_uris" gorm:"type:text"`  // JSON array of redirect URIs
+	GrantTypes   string         `json:"grant_types" gorm:"type:varchar(255);default:'client_credentials'"`
+	Scopes       string         `json:"scopes" gorm:"type:varchar(255);default:'api:read'"`
+	RequirePKCE  bool           `json:"require_pkce" gorm:"default:true"`
+	Status       int            `json:"status" gorm:"type:int;default:1"`    // 1: enabled, 2: disabled
+	CreatedBy    int            `json:"created_by" gorm:"type:int;not null"` // 创建者用户ID
+	CreatedTime  int64          `json:"created_time" gorm:"bigint"`
+	LastUsedTime int64          `json:"last_used_time" gorm:"bigint;default:0"`
+	TokenCount   int            `json:"token_count" gorm:"type:int;default:0"` // 已签发的token数量
+	Description  string         `json:"description" gorm:"type:text"`
+	ClientType   string         `json:"client_type" gorm:"type:varchar(32);default:'confidential'"` // confidential, public
+	DeletedAt    gorm.DeletedAt `gorm:"index"`
+}
+
+// GetRedirectURIs 获取重定向URI列表
+func (c *OAuthClient) GetRedirectURIs() []string {
+	if c.RedirectURIs == "" {
+		return []string{}
+	}
+	var uris []string
+	err := json.Unmarshal([]byte(c.RedirectURIs), &uris)
+	if err != nil {
+		common.SysLog("failed to unmarshal redirect URIs: " + err.Error())
+		return []string{}
+	}
+	return uris
+}
+
+// SetRedirectURIs 设置重定向URI列表
+func (c *OAuthClient) SetRedirectURIs(uris []string) {
+	data, err := json.Marshal(uris)
+	if err != nil {
+		common.SysLog("failed to marshal redirect URIs: " + err.Error())
+		return
+	}
+	c.RedirectURIs = string(data)
+}
+
+// GetGrantTypes 获取允许的授权类型列表
+func (c *OAuthClient) GetGrantTypes() []string {
+	if c.GrantTypes == "" {
+		return []string{"client_credentials"}
+	}
+	return strings.Split(c.GrantTypes, ",")
+}
+
+// SetGrantTypes 设置允许的授权类型列表
+func (c *OAuthClient) SetGrantTypes(types []string) {
+	c.GrantTypes = strings.Join(types, ",")
+}
+
+// GetScopes 获取允许的scope列表
+func (c *OAuthClient) GetScopes() []string {
+	if c.Scopes == "" {
+		return []string{"api:read"}
+	}
+	return strings.Split(c.Scopes, ",")
+}
+
+// SetScopes 设置允许的scope列表
+func (c *OAuthClient) SetScopes(scopes []string) {
+	c.Scopes = strings.Join(scopes, ",")
+}
+
+// ValidateRedirectURI 验证重定向URI是否有效
+func (c *OAuthClient) ValidateRedirectURI(uri string) bool {
+	allowedURIs := c.GetRedirectURIs()
+	for _, allowedURI := range allowedURIs {
+		if allowedURI == uri {
+			return true
+		}
+	}
+	return false
+}
+
+// ValidateGrantType 验证授权类型是否被允许
+func (c *OAuthClient) ValidateGrantType(grantType string) bool {
+	allowedTypes := c.GetGrantTypes()
+	for _, allowedType := range allowedTypes {
+		if allowedType == grantType {
+			return true
+		}
+	}
+	return false
+}
+
+// ValidateScope 验证scope是否被允许
+func (c *OAuthClient) ValidateScope(scope string) bool {
+	allowedScopes := c.GetScopes()
+	requestedScopes := strings.Split(scope, " ")
+
+	for _, requestedScope := range requestedScopes {
+		requestedScope = strings.TrimSpace(requestedScope)
+		if requestedScope == "" {
+			continue
+		}
+		found := false
+		for _, allowedScope := range allowedScopes {
+			if allowedScope == requestedScope {
+				found = true
+				break
+			}
+		}
+		if !found {
+			return false
+		}
+	}
+	return true
+}
+
+// BeforeCreate GORM hook - 在创建前设置时间
+func (c *OAuthClient) BeforeCreate(tx *gorm.DB) (err error) {
+	c.CreatedTime = time.Now().Unix()
+	return
+}
+
+// UpdateLastUsedTime 更新最后使用时间
+func (c *OAuthClient) UpdateLastUsedTime() error {
+	c.LastUsedTime = time.Now().Unix()
+	c.TokenCount++
+	return DB.Model(c).Select("last_used_time", "token_count").Updates(c).Error
+}
+
+// GetOAuthClientByID 根据ID获取OAuth客户端
+func GetOAuthClientByID(id string) (*OAuthClient, error) {
+	var client OAuthClient
+	err := DB.Where("id = ? AND status = ?", id, common.UserStatusEnabled).First(&client).Error
+	return &client, err
+}
+
+// GetAllOAuthClients 获取所有OAuth客户端
+func GetAllOAuthClients(startIdx int, num int) ([]*OAuthClient, error) {
+	var clients []*OAuthClient
+	err := DB.Order("created_time desc").Limit(num).Offset(startIdx).Find(&clients).Error
+	return clients, err
+}
+
+// SearchOAuthClients 搜索OAuth客户端
+func SearchOAuthClients(keyword string) ([]*OAuthClient, error) {
+	var clients []*OAuthClient
+	err := DB.Where("name LIKE ? OR id LIKE ? OR description LIKE ?",
+		"%"+keyword+"%", "%"+keyword+"%", "%"+keyword+"%").Find(&clients).Error
+	return clients, err
+}
+
+// CreateOAuthClient 创建OAuth客户端
+func CreateOAuthClient(client *OAuthClient) error {
+	return DB.Create(client).Error
+}
+
+// UpdateOAuthClient 更新OAuth客户端
+func UpdateOAuthClient(client *OAuthClient) error {
+	return DB.Save(client).Error
+}
+
+// DeleteOAuthClient 删除OAuth客户端
+func DeleteOAuthClient(id string) error {
+	return DB.Where("id = ?", id).Delete(&OAuthClient{}).Error
+}
+
+// CountOAuthClients 统计OAuth客户端数量
+func CountOAuthClients() (int64, error) {
+	var count int64
+	err := DB.Model(&OAuthClient{}).Count(&count).Error
+	return count, err
+}
--- a/model/oauth_revoked_token.go
+++ b/model/oauth_revoked_token.go
@@ -0,0 +1,57 @@
+package model
+
+import (
+	"fmt"
+	"one-api/common"
+	"sync"
+	"time"
+)
+
+var revokedMem sync.Map // jti -> exp(unix)
+
+func RevokeToken(jti string, exp int64) error {
+	if jti == "" {
+		return nil
+	}
+	// Prefer Redis, else in-memory
+	if common.RedisEnabled {
+		ttl := time.Duration(0)
+		if exp > 0 {
+			ttl = time.Until(time.Unix(exp, 0))
+		}
+		if ttl <= 0 {
+			ttl = time.Minute
+		}
+		key := fmt.Sprintf("oauth:revoked:%s", jti)
+		return common.RedisSet(key, "1", ttl)
+	}
+	if exp <= 0 {
+		exp = time.Now().Add(time.Minute).Unix()
+	}
+	revokedMem.Store(jti, exp)
+	return nil
+}
+
+func IsTokenRevoked(jti string) (bool, error) {
+	if jti == "" {
+		return false, nil
+	}
+	if common.RedisEnabled {
+		key := fmt.Sprintf("oauth:revoked:%s", jti)
+		if _, err := common.RedisGet(key); err == nil {
+			return true, nil
+		} else {
+			// Not found or error; treat as not revoked on error to avoid hard failures
+			return false, nil
+		}
+	}
+	// In-memory check
+	if v, ok := revokedMem.Load(jti); ok {
+		exp, _ := v.(int64)
+		if exp == 0 || time.Now().Unix() <= exp {
+			return true, nil
+		}
+		revokedMem.Delete(jti)
+	}
+	return false, nil
+}
--- a/model/option.go
+++ b/model/option.go
@@ -82,7 +82,6 @@ func InitOptionMap() {
 	common.OptionMap["StripeWebhookSecret"] = setting.StripeWebhookSecret
 	common.OptionMap["StripePriceId"] = setting.StripePriceId
 	common.OptionMap["StripeUnitPrice"] = strconv.FormatFloat(setting.StripeUnitPrice, 'f', -1, 64)
-	common.OptionMap["StripePromotionCodesEnabled"] = strconv.FormatBool(setting.StripePromotionCodesEnabled)
 	common.OptionMap["TopupGroupRatio"] = common.TopupGroupRatio2JSONString()
 	common.OptionMap["Chats"] = setting.Chats2JsonString()
 	common.OptionMap["AutoGroups"] = setting.AutoGroups2JsonString()
@@ -113,9 +112,6 @@ func InitOptionMap() {
 	common.OptionMap["GroupGroupRatio"] = ratio_setting.GroupGroupRatio2JSONString()
 	common.OptionMap["UserUsableGroups"] = setting.UserUsableGroups2JSONString()
 	common.OptionMap["CompletionRatio"] = ratio_setting.CompletionRatio2JSONString()
-	common.OptionMap["ImageRatio"] = ratio_setting.ImageRatio2JSONString()
-	common.OptionMap["AudioRatio"] = ratio_setting.AudioRatio2JSONString()
-	common.OptionMap["AudioCompletionRatio"] = ratio_setting.AudioCompletionRatio2JSONString()
 	common.OptionMap["TopUpLink"] = common.TopUpLink
 	//common.OptionMap["ChatLink"] = common.ChatLink
 	//common.OptionMap["ChatLink2"] = common.ChatLink2
@@ -240,15 +236,7 @@ func updateOptionMap(key string, value string) (err error) {
 		case "LogConsumeEnabled":
 			common.LogConsumeEnabled = boolValue
 		case "DisplayInCurrencyEnabled":
-			// 兼容旧字段：同步到新配置 general_setting.quota_display_type（运行时生效）
-			// true -> USD, false -> TOKENS
-			newVal := "USD"
-			if !boolValue {
-				newVal = "TOKENS"
-			}
-			if cfg := config.GlobalConfig.Get("general_setting"); cfg != nil {
-				_ = config.UpdateConfigFromMap(cfg, map[string]string{"quota_display_type": newVal})
-			}
+			common.DisplayInCurrencyEnabled = boolValue
 		case "DisplayTokenStatEnabled":
 			common.DisplayTokenStatEnabled = boolValue
 		case "DrawingEnabled":
@@ -339,8 +327,6 @@ func updateOptionMap(key string, value string) (err error) {
 		setting.StripeUnitPrice, _ = strconv.ParseFloat(value, 64)
 	case "StripeMinTopUp":
 		setting.StripeMinTopUp, _ = strconv.Atoi(value)
-	case "StripePromotionCodesEnabled":
-		setting.StripePromotionCodesEnabled = value == "true"
 	case "TopupGroupRatio":
 		err = common.UpdateTopupGroupRatioByJSONString(value)
 	case "GitHubClientId":
@@ -411,12 +397,6 @@ func updateOptionMap(key string, value string) (err error) {
 		err = ratio_setting.UpdateModelPriceByJSONString(value)
 	case "CacheRatio":
 		err = ratio_setting.UpdateCacheRatioByJSONString(value)
-	case "ImageRatio":
-		err = ratio_setting.UpdateImageRatioByJSONString(value)
-	case "AudioRatio":
-		err = ratio_setting.UpdateAudioRatioByJSONString(value)
-	case "AudioCompletionRatio":
-		err = ratio_setting.UpdateAudioCompletionRatioByJSONString(value)
 	case "TopUpLink":
 		common.TopUpLink = value
 	//case "ChatLink":
--- a/model/passkey.go
+++ b/model/passkey.go
@@ -1,209 +0,0 @@
-package model
-
-import (
-	"encoding/base64"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"one-api/common"
-	"strings"
-	"time"
-
-	"github.com/go-webauthn/webauthn/protocol"
-	"github.com/go-webauthn/webauthn/webauthn"
-	"gorm.io/gorm"
-)
-
-var (
-	ErrPasskeyNotFound         = errors.New("passkey credential not found")
-	ErrFriendlyPasskeyNotFound = errors.New("Passkey 验证失败，请重试或联系管理员")
-)
-
-type PasskeyCredential struct {
-	ID              int            `json:"id" gorm:"primaryKey"`
-	UserID          int            `json:"user_id" gorm:"uniqueIndex;not null"`
-	CredentialID    string         `json:"credential_id" gorm:"type:varchar(512);uniqueIndex;not null"` // base64 encoded
-	PublicKey       string         `json:"public_key" gorm:"type:text;not null"`                        // base64 encoded
-	AttestationType string         `json:"attestation_type" gorm:"type:varchar(255)"`
-	AAGUID          string         `json:"aaguid" gorm:"type:varchar(512)"` // base64 encoded
-	SignCount       uint32         `json:"sign_count" gorm:"default:0"`
-	CloneWarning    bool           `json:"clone_warning"`
-	UserPresent     bool           `json:"user_present"`
-	UserVerified    bool           `json:"user_verified"`
-	BackupEligible  bool           `json:"backup_eligible"`
-	BackupState     bool           `json:"backup_state"`
-	Transports      string         `json:"transports" gorm:"type:text"`
-	Attachment      string         `json:"attachment" gorm:"type:varchar(32)"`
-	LastUsedAt      *time.Time     `json:"last_used_at"`
-	CreatedAt       time.Time      `json:"created_at"`
-	UpdatedAt       time.Time      `json:"updated_at"`
-	DeletedAt       gorm.DeletedAt `json:"-" gorm:"index"`
-}
-
-func (p *PasskeyCredential) TransportList() []protocol.AuthenticatorTransport {
-	if p == nil || strings.TrimSpace(p.Transports) == "" {
-		return nil
-	}
-	var transports []string
-	if err := json.Unmarshal([]byte(p.Transports), &transports); err != nil {
-		return nil
-	}
-	result := make([]protocol.AuthenticatorTransport, 0, len(transports))
-	for _, transport := range transports {
-		result = append(result, protocol.AuthenticatorTransport(transport))
-	}
-	return result
-}
-
-func (p *PasskeyCredential) SetTransports(list []protocol.AuthenticatorTransport) {
-	if len(list) == 0 {
-		p.Transports = ""
-		return
-	}
-	stringList := make([]string, len(list))
-	for i, transport := range list {
-		stringList[i] = string(transport)
-	}
-	encoded, err := json.Marshal(stringList)
-	if err != nil {
-		return
-	}
-	p.Transports = string(encoded)
-}
-
-func (p *PasskeyCredential) ToWebAuthnCredential() webauthn.Credential {
-	flags := webauthn.CredentialFlags{
-		UserPresent:    p.UserPresent,
-		UserVerified:   p.UserVerified,
-		BackupEligible: p.BackupEligible,
-		BackupState:    p.BackupState,
-	}
-
-	credID, _ := base64.StdEncoding.DecodeString(p.CredentialID)
-	pubKey, _ := base64.StdEncoding.DecodeString(p.PublicKey)
-	aaguid, _ := base64.StdEncoding.DecodeString(p.AAGUID)
-
-	return webauthn.Credential{
-		ID:              credID,
-		PublicKey:       pubKey,
-		AttestationType: p.AttestationType,
-		Transport:       p.TransportList(),
-		Flags:           flags,
-		Authenticator: webauthn.Authenticator{
-			AAGUID:       aaguid,
-			SignCount:    p.SignCount,
-			CloneWarning: p.CloneWarning,
-			Attachment:   protocol.AuthenticatorAttachment(p.Attachment),
-		},
-	}
-}
-
-func NewPasskeyCredentialFromWebAuthn(userID int, credential *webauthn.Credential) *PasskeyCredential {
-	if credential == nil {
-		return nil
-	}
-	passkey := &PasskeyCredential{
-		UserID:          userID,
-		CredentialID:    base64.StdEncoding.EncodeToString(credential.ID),
-		PublicKey:       base64.StdEncoding.EncodeToString(credential.PublicKey),
-		AttestationType: credential.AttestationType,
-		AAGUID:          base64.StdEncoding.EncodeToString(credential.Authenticator.AAGUID),
-		SignCount:       credential.Authenticator.SignCount,
-		CloneWarning:    credential.Authenticator.CloneWarning,
-		UserPresent:     credential.Flags.UserPresent,
-		UserVerified:    credential.Flags.UserVerified,
-		BackupEligible:  credential.Flags.BackupEligible,
-		BackupState:     credential.Flags.BackupState,
-		Attachment:      string(credential.Authenticator.Attachment),
-	}
-	passkey.SetTransports(credential.Transport)
-	return passkey
-}
-
-func (p *PasskeyCredential) ApplyValidatedCredential(credential *webauthn.Credential) {
-	if credential == nil || p == nil {
-		return
-	}
-	p.CredentialID = base64.StdEncoding.EncodeToString(credential.ID)
-	p.PublicKey = base64.StdEncoding.EncodeToString(credential.PublicKey)
-	p.AttestationType = credential.AttestationType
-	p.AAGUID = base64.StdEncoding.EncodeToString(credential.Authenticator.AAGUID)
-	p.SignCount = credential.Authenticator.SignCount
-	p.CloneWarning = credential.Authenticator.CloneWarning
-	p.UserPresent = credential.Flags.UserPresent
-	p.UserVerified = credential.Flags.UserVerified
-	p.BackupEligible = credential.Flags.BackupEligible
-	p.BackupState = credential.Flags.BackupState
-	p.Attachment = string(credential.Authenticator.Attachment)
-	p.SetTransports(credential.Transport)
-}
-
-func GetPasskeyByUserID(userID int) (*PasskeyCredential, error) {
-	if userID == 0 {
-		common.SysLog("GetPasskeyByUserID: empty user ID")
-		return nil, ErrFriendlyPasskeyNotFound
-	}
-	var credential PasskeyCredential
-	if err := DB.Where("user_id = ?", userID).First(&credential).Error; err != nil {
-		if errors.Is(err, gorm.ErrRecordNotFound) {
-			// 未找到记录是正常情况（用户未绑定），返回 ErrPasskeyNotFound 而不记录日志
-			return nil, ErrPasskeyNotFound
-		}
-		// 只有真正的数据库错误才记录日志
-		common.SysLog(fmt.Sprintf("GetPasskeyByUserID: database error for user %d: %v", userID, err))
-		return nil, ErrFriendlyPasskeyNotFound
-	}
-	return &credential, nil
-}
-
-func GetPasskeyByCredentialID(credentialID []byte) (*PasskeyCredential, error) {
-	if len(credentialID) == 0 {
-		common.SysLog("GetPasskeyByCredentialID: empty credential ID")
-		return nil, ErrFriendlyPasskeyNotFound
-	}
-
-	credIDStr := base64.StdEncoding.EncodeToString(credentialID)
-	var credential PasskeyCredential
-	if err := DB.Where("credential_id = ?", credIDStr).First(&credential).Error; err != nil {
-		if errors.Is(err, gorm.ErrRecordNotFound) {
-			common.SysLog(fmt.Sprintf("GetPasskeyByCredentialID: passkey not found for credential ID length %d", len(credentialID)))
-			return nil, ErrFriendlyPasskeyNotFound
-		}
-		common.SysLog(fmt.Sprintf("GetPasskeyByCredentialID: database error for credential ID: %v", err))
-		return nil, ErrFriendlyPasskeyNotFound
-	}
-
-	return &credential, nil
-}
-
-func UpsertPasskeyCredential(credential *PasskeyCredential) error {
-	if credential == nil {
-		common.SysLog("UpsertPasskeyCredential: nil credential provided")
-		return fmt.Errorf("Passkey 保存失败，请重试")
-	}
-	return DB.Transaction(func(tx *gorm.DB) error {
-		// 使用Unscoped()进行硬删除，避免唯一索引冲突
-		if err := tx.Unscoped().Where("user_id = ?", credential.UserID).Delete(&PasskeyCredential{}).Error; err != nil {
-			common.SysLog(fmt.Sprintf("UpsertPasskeyCredential: failed to delete existing credential for user %d: %v", credential.UserID, err))
-			return fmt.Errorf("Passkey 保存失败，请重试")
-		}
-		if err := tx.Create(credential).Error; err != nil {
-			common.SysLog(fmt.Sprintf("UpsertPasskeyCredential: failed to create credential for user %d: %v", credential.UserID, err))
-			return fmt.Errorf("Passkey 保存失败，请重试")
-		}
-		return nil
-	})
-}
-
-func DeletePasskeyByUserID(userID int) error {
-	if userID == 0 {
-		common.SysLog("DeletePasskeyByUserID: empty user ID")
-		return fmt.Errorf("删除失败，请重试")
-	}
-	// 使用Unscoped()进行硬删除，避免唯一索引冲突
-	if err := DB.Unscoped().Where("user_id = ?", userID).Delete(&PasskeyCredential{}).Error; err != nil {
-		common.SysLog(fmt.Sprintf("DeletePasskeyByUserID: failed to delete passkey for user %d: %v", userID, err))
-		return fmt.Errorf("删除失败，请重试")
-	}
-	return nil
-}
--- a/model/task.go
+++ b/model/task.go
@@ -24,7 +24,7 @@ type Task struct {
 	ID         int64                 `json:"id" gorm:"primary_key;AUTO_INCREMENT"`
 	CreatedAt  int64                 `json:"created_at" gorm:"index"`
 	UpdatedAt  int64                 `json:"updated_at"`
-	TaskID     string                `json:"task_id" gorm:"type:varchar(191);index"` // 第三方id，不一定有/ song id\ Task id
+	TaskID     string                `json:"task_id" gorm:"type:varchar(50);index"`  // 第三方id，不一定有/ song id\ Task id
 	Platform   constant.TaskPlatform `json:"platform" gorm:"type:varchar(30);index"` // 平台
 	UserId     int                   `json:"user_id" gorm:"index"`
 	ChannelId  int                   `json:"channel_id" gorm:"index"`
--- a/model/user.go
+++ b/model/user.go
@@ -18,7 +18,7 @@ import (
 // Otherwise, the sensitive information will be saved on local storage in plain text!
 type User struct {
 	Id               int            `json:"id"`
-	Username         string         `json:"username" gorm:"unique;index" validate:"max=20"`
+	Username         string         `json:"username" gorm:"unique;index" validate:"max=12"`
 	Password         string         `json:"password" gorm:"not null;" validate:"min=8,max=20"`
 	OriginalPassword string         `json:"original_password" gorm:"-:all"` // this field is only for Password change verification, don't save it to database!
 	DisplayName      string         `json:"display_name" gorm:"index" validate:"max=20"`
--- a/relay/channel/api_request.go
+++ b/relay/channel/api_request.go
@@ -14,7 +14,6 @@ import (
 	"one-api/service"
 	"one-api/setting/operation_setting"
 	"one-api/types"
-	"strings"
 	"sync"
 	"time"

@@ -37,26 +36,6 @@ func SetupApiRequestHeader(info *common.RelayInfo, c *gin.Context, req *http.Hea
 	}
 }

-// processHeaderOverride 处理请求头覆盖，支持变量替换
-// 支持的变量：{api_key}
-func processHeaderOverride(info *common.RelayInfo) (map[string]string, error) {
-	headerOverride := make(map[string]string)
-	for k, v := range info.HeadersOverride {
-		str, ok := v.(string)
-		if !ok {
-			return nil, types.NewError(nil, types.ErrorCodeChannelHeaderOverrideInvalid)
-		}
-
-		// 替换支持的变量
-		if strings.Contains(str, "{api_key}") {
-			str = strings.ReplaceAll(str, "{api_key}", info.ApiKey)
-		}
-
-		headerOverride[k] = str
-	}
-	return headerOverride, nil
-}
-
 func DoApiRequest(a Adaptor, c *gin.Context, info *common.RelayInfo, requestBody io.Reader) (*http.Response, error) {
 	fullRequestURL, err := a.GetRequestURL(info)
 	if err != nil {
@@ -70,9 +49,13 @@ func DoApiRequest(a Adaptor, c *gin.Context, info *common.RelayInfo, requestBody
 		return nil, fmt.Errorf("new request failed: %w", err)
 	}
 	headers := req.Header
-	headerOverride, err := processHeaderOverride(info)
-	if err != nil {
-		return nil, err
+	headerOverride := make(map[string]string)
+	for k, v := range info.HeadersOverride {
+		if str, ok := v.(string); ok {
+			headerOverride[k] = str
+		} else {
+			return nil, types.NewError(err, types.ErrorCodeChannelHeaderOverrideInvalid)
+		}
 	}
 	for key, value := range headerOverride {
 		headers.Set(key, value)
@@ -103,9 +86,13 @@ func DoFormRequest(a Adaptor, c *gin.Context, info *common.RelayInfo, requestBod
 	// set form data
 	req.Header.Set("Content-Type", c.Request.Header.Get("Content-Type"))
 	headers := req.Header
-	headerOverride, err := processHeaderOverride(info)
-	if err != nil {
-		return nil, err
+	headerOverride := make(map[string]string)
+	for k, v := range info.HeadersOverride {
+		if str, ok := v.(string); ok {
+			headerOverride[k] = str
+		} else {
+			return nil, types.NewError(err, types.ErrorCodeChannelHeaderOverrideInvalid)
+		}
 	}
 	for key, value := range headerOverride {
 		headers.Set(key, value)
@@ -127,13 +114,6 @@ func DoWssRequest(a Adaptor, c *gin.Context, info *common.RelayInfo, requestBody
 		return nil, fmt.Errorf("get request url failed: %w", err)
 	}
 	targetHeader := http.Header{}
-	headerOverride, err := processHeaderOverride(info)
-	if err != nil {
-		return nil, err
-	}
-	for key, value := range headerOverride {
-		targetHeader.Set(key, value)
-	}
 	err = a.SetupRequestHeader(c, &targetHeader, info)
 	if err != nil {
 		return nil, fmt.Errorf("setup request header failed: %w", err)
@@ -285,7 +265,6 @@ func doRequest(c *gin.Context, req *http.Request, info *common.RelayInfo) (*http

 	resp, err := client.Do(req)
 	if err != nil {
-		logger.LogError(c, "do request failed: "+err.Error())
 		return nil, types.NewError(err, types.ErrorCodeDoRequestFailed, types.ErrOptionWithHideErrMsg("upstream error: do request failed"))
 	}
 	if resp == nil {
--- a/relay/channel/aws/adaptor.go
+++ b/relay/channel/aws/adaptor.go
@@ -7,6 +7,7 @@ import (
 	"one-api/dto"
 	"one-api/relay/channel/claude"
 	relaycommon "one-api/relay/common"
+	"one-api/setting/model_setting"
 	"one-api/types"

 	"github.com/gin-gonic/gin"
@@ -51,7 +52,7 @@ func (a *Adaptor) GetRequestURL(info *relaycommon.RelayInfo) (string, error) {
 }

 func (a *Adaptor) SetupRequestHeader(c *gin.Context, req *http.Header, info *relaycommon.RelayInfo) error {
-	claude.CommonClaudeHeadersOperation(c, req, info)
+	model_setting.GetClaudeSettings().WriteHeaders(info.OriginModelName, req)
 	return nil
 }

--- a/relay/channel/aws/constants.go
+++ b/relay/channel/aws/constants.go
@@ -16,16 +16,11 @@ var awsModelIDMap = map[string]string{
 	"claude-sonnet-4-20250514":   "anthropic.claude-sonnet-4-20250514-v1:0",
 	"claude-opus-4-20250514":     "anthropic.claude-opus-4-20250514-v1:0",
 	"claude-opus-4-1-20250805":   "anthropic.claude-opus-4-1-20250805-v1:0",
-	"claude-sonnet-4-5-20250929": "anthropic.claude-sonnet-4-5-20250929-v1:0",
 	// Nova models
 	"nova-micro-v1:0":   "amazon.nova-micro-v1:0",
 	"nova-lite-v1:0":    "amazon.nova-lite-v1:0",
 	"nova-pro-v1:0":     "amazon.nova-pro-v1:0",
 	"nova-premier-v1:0": "amazon.nova-premier-v1:0",
-	"nova-canvas-v1:0":  "amazon.nova-canvas-v1:0",
-	"nova-reel-v1:0":    "amazon.nova-reel-v1:0",
-	"nova-reel-v1:1":    "amazon.nova-reel-v1:1",
-	"nova-sonic-v1:0":   "amazon.nova-sonic-v1:0",
 }

 var awsModelCanCrossRegionMap = map[string]map[string]bool{
@@ -70,11 +65,6 @@ var awsModelCanCrossRegionMap = map[string]map[string]bool{
 	"anthropic.claude-opus-4-1-20250805-v1:0": {
 		"us": true,
 	},
-	"anthropic.claude-sonnet-4-5-20250929-v1:0": {
-		"us": true,
-		"ap": true,
-		"eu": true,
-	},
 	// Nova models - all support three major regions
 	"amazon.nova-micro-v1:0": {
 		"us":   true,
@@ -92,27 +82,10 @@ var awsModelCanCrossRegionMap = map[string]map[string]bool{
 		"apac": true,
 	},
 	"amazon.nova-premier-v1:0": {
-		"us": true,
-	},
-	"amazon.nova-canvas-v1:0": {
 		"us":   true,
 		"eu":   true,
 		"apac": true,
-	},
-	"amazon.nova-reel-v1:0": {
-		"us":   true,
-		"eu":   true,
-		"apac": true,
-	},
-	"amazon.nova-reel-v1:1": {
-		"us": true,
-	},
-	"amazon.nova-sonic-v1:0": {
-		"us":   true,
-		"eu":   true,
-		"apac": true,
-	},
-}
+	}}

 var awsRegionCrossModelPrefixMap = map[string]string{
 	"us": "us",
--- a/relay/channel/claude/adaptor.go
+++ b/relay/channel/claude/adaptor.go
@@ -52,25 +52,11 @@ func (a *Adaptor) Init(info *relaycommon.RelayInfo) {
 }

 func (a *Adaptor) GetRequestURL(info *relaycommon.RelayInfo) (string, error) {
-	baseURL := ""
 	if a.RequestMode == RequestModeMessage {
-		baseURL = fmt.Sprintf("%s/v1/messages", info.ChannelBaseUrl)
+		return fmt.Sprintf("%s/v1/messages", info.ChannelBaseUrl), nil
 	} else {
-		baseURL = fmt.Sprintf("%s/v1/complete", info.ChannelBaseUrl)
+		return fmt.Sprintf("%s/v1/complete", info.ChannelBaseUrl), nil
 	}
-	if info.IsClaudeBetaQuery {
-		baseURL = baseURL + "?beta=true"
-	}
-	return baseURL, nil
-}
-
-func CommonClaudeHeadersOperation(c *gin.Context, req *http.Header, info *relaycommon.RelayInfo) {
-	// common headers operation
-	anthropicBeta := c.Request.Header.Get("anthropic-beta")
-	if anthropicBeta != "" {
-		req.Set("anthropic-beta", anthropicBeta)
-	}
-	model_setting.GetClaudeSettings().WriteHeaders(info.OriginModelName, req)
 }

 func (a *Adaptor) SetupRequestHeader(c *gin.Context, req *http.Header, info *relaycommon.RelayInfo) error {
@@ -81,7 +67,7 @@ func (a *Adaptor) SetupRequestHeader(c *gin.Context, req *http.Header, info *rel
 		anthropicVersion = "2023-06-01"
 	}
 	req.Set("anthropic-version", anthropicVersion)
-	CommonClaudeHeadersOperation(c, req, info)
+	model_setting.GetClaudeSettings().WriteHeaders(info.OriginModelName, req)
 	return nil
 }

--- a/relay/channel/claude/constants.go
+++ b/relay/channel/claude/constants.go
@@ -19,8 +19,6 @@ var ModelList = []string{
 	"claude-opus-4-20250514-thinking",
 	"claude-opus-4-1-20250805",
 	"claude-opus-4-1-20250805-thinking",
-	"claude-sonnet-4-5-20250929",
-	"claude-sonnet-4-5-20250929-thinking",
 }

 var ChannelName = "claude"
--- a/relay/channel/deepseek/adaptor.go
+++ b/relay/channel/deepseek/adaptor.go
@@ -3,17 +3,17 @@ package deepseek
 import (
 	"errors"
 	"fmt"
-	"github.com/gin-gonic/gin"
 	"io"
 	"net/http"
 	"one-api/dto"
 	"one-api/relay/channel"
-	"one-api/relay/channel/claude"
 	"one-api/relay/channel/openai"
 	relaycommon "one-api/relay/common"
 	"one-api/relay/constant"
 	"one-api/types"
 	"strings"
+
+	"github.com/gin-gonic/gin"
 )

 type Adaptor struct {
@@ -25,7 +25,7 @@ func (a *Adaptor) ConvertGeminiRequest(*gin.Context, *relaycommon.RelayInfo, *dt
 }

 func (a *Adaptor) ConvertClaudeRequest(c *gin.Context, info *relaycommon.RelayInfo, req *dto.ClaudeRequest) (any, error) {
-	adaptor := claude.Adaptor{}
+	adaptor := openai.Adaptor{}
 	return adaptor.ConvertClaudeRequest(c, info, req)
 }

@@ -44,19 +44,14 @@ func (a *Adaptor) Init(info *relaycommon.RelayInfo) {

 func (a *Adaptor) GetRequestURL(info *relaycommon.RelayInfo) (string, error) {
 	fimBaseUrl := info.ChannelBaseUrl
-	switch info.RelayFormat {
-	case types.RelayFormatClaude:
-		return fmt.Sprintf("%s/anthropic/v1/messages", info.ChannelBaseUrl), nil
+	if !strings.HasSuffix(info.ChannelBaseUrl, "/beta") {
+		fimBaseUrl += "/beta"
+	}
+	switch info.RelayMode {
+	case constant.RelayModeCompletions:
+		return fmt.Sprintf("%s/completions", fimBaseUrl), nil
 	default:
-		if !strings.HasSuffix(info.ChannelBaseUrl, "/beta") {
-			fimBaseUrl += "/beta"
-		}
-		switch info.RelayMode {
-		case constant.RelayModeCompletions:
-			return fmt.Sprintf("%s/completions", fimBaseUrl), nil
-		default:
-			return fmt.Sprintf("%s/v1/chat/completions", info.ChannelBaseUrl), nil
-		}
+		return fmt.Sprintf("%s/v1/chat/completions", info.ChannelBaseUrl), nil
 	}
 }

@@ -92,17 +87,12 @@ func (a *Adaptor) DoRequest(c *gin.Context, info *relaycommon.RelayInfo, request
 }

 func (a *Adaptor) DoResponse(c *gin.Context, resp *http.Response, info *relaycommon.RelayInfo) (usage any, err *types.NewAPIError) {
-	switch info.RelayFormat {
-	case types.RelayFormatClaude:
-		if info.IsStream {
-			return claude.ClaudeStreamHandler(c, resp, info, claude.RequestModeMessage)
-		} else {
-			return claude.ClaudeHandler(c, resp, info, claude.RequestModeMessage)
-		}
-	default:
-		adaptor := openai.Adaptor{}
-		return adaptor.DoResponse(c, resp, info)
+	if info.IsStream {
+		usage, err = openai.OaiStreamHandler(c, info, resp)
+	} else {
+		usage, err = openai.OpenaiHandler(c, info, resp)
 	}
+	return
 }

 func (a *Adaptor) GetModelList() []string {
--- a/relay/channel/gemini/adaptor.go
+++ b/relay/channel/gemini/adaptor.go
@@ -215,8 +215,8 @@ func (a *Adaptor) DoRequest(c *gin.Context, info *relaycommon.RelayInfo, request

 func (a *Adaptor) DoResponse(c *gin.Context, resp *http.Response, info *relaycommon.RelayInfo) (usage any, err *types.NewAPIError) {
 	if info.RelayMode == constant.RelayModeGemini {
-		if strings.Contains(info.RequestURLPath, ":embedContent") ||
-			strings.Contains(info.RequestURLPath, ":batchEmbedContents") {
+		if strings.HasSuffix(info.RequestURLPath, ":embedContent") ||
+			strings.HasSuffix(info.RequestURLPath, ":batchEmbedContents") {
 			return NativeGeminiEmbeddingHandler(c, resp, info)
 		}
 		if info.IsStream {
--- a/relay/channel/gemini/relay-gemini.go
+++ b/relay/channel/gemini/relay-gemini.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 )

-// https://cloud.google.com/vertex-ai/generative-ai/docs/model-reference/inference?hl=zh-cn#blob
 var geminiSupportedMimeTypes = map[string]bool{
 	"application/pdf": true,
 	"audio/mpeg":      true,
@@ -31,7 +30,6 @@ var geminiSupportedMimeTypes = map[string]bool{
 	"audio/wav":       true,
 	"image/png":       true,
 	"image/jpeg":      true,
-	"image/webp":      true,
 	"text/plain":      true,
 	"video/mov":       true,
 	"video/mpeg":      true,
@@ -245,7 +243,6 @@ func CovertGemini2OpenAI(c *gin.Context, textRequest dto.GeneralOpenAIRequest, i
 		functions := make([]dto.FunctionRequest, 0, len(textRequest.Tools))
 		googleSearch := false
 		codeExecution := false
-		urlContext := false
 		for _, tool := range textRequest.Tools {
 			if tool.Function.Name == "googleSearch" {
 				googleSearch = true
@@ -255,10 +252,6 @@ func CovertGemini2OpenAI(c *gin.Context, textRequest dto.GeneralOpenAIRequest, i
 				codeExecution = true
 				continue
 			}
-			if tool.Function.Name == "urlContext" {
-				urlContext = true
-				continue
-			}
 			if tool.Function.Parameters != nil {

 				params, ok := tool.Function.Parameters.(map[string]interface{})
@@ -286,11 +279,6 @@ func CovertGemini2OpenAI(c *gin.Context, textRequest dto.GeneralOpenAIRequest, i
 				GoogleSearch: make(map[string]string),
 			})
 		}
-		if urlContext {
-			geminiTools = append(geminiTools, dto.GeminiChatTool{
-				URLContext: make(map[string]string),
-			})
-		}
 		if len(functions) > 0 {
 			geminiTools = append(geminiTools, dto.GeminiChatTool{
 				FunctionDeclarations: functions,
@@ -961,15 +949,9 @@ func GeminiChatStreamHandler(c *gin.Context, info *relaycommon.RelayInfo, resp *
 			// send first response
 			emptyResponse := helper.GenerateStartEmptyResponse(id, createAt, info.UpstreamModelName, nil)
 			if response.IsToolCall() {
-				if len(emptyResponse.Choices) > 0 && len(response.Choices) > 0 {
-					toolCalls := response.Choices[0].Delta.ToolCalls
-					copiedToolCalls := make([]dto.ToolCallResponse, len(toolCalls))
-					for idx := range toolCalls {
-						copiedToolCalls[idx] = toolCalls[idx]
-						copiedToolCalls[idx].Function.Arguments = ""
-					}
-					emptyResponse.Choices[0].Delta.ToolCalls = copiedToolCalls
-				}
+				emptyResponse.Choices[0].Delta.ToolCalls = make([]dto.ToolCallResponse, 1)
+				emptyResponse.Choices[0].Delta.ToolCalls[0] = *response.GetFirstToolCall()
+				emptyResponse.Choices[0].Delta.ToolCalls[0].Function.Arguments = ""
 				finishReason = constant.FinishReasonToolCalls
 				err = handleStream(c, info, emptyResponse)
 				if err != nil {
@@ -1050,12 +1032,7 @@ func GeminiChatHandler(c *gin.Context, info *relaycommon.RelayInfo, resp *http.R
 		return nil, types.NewOpenAIError(err, types.ErrorCodeBadResponseBody, http.StatusInternalServerError)
 	}
 	if len(geminiResponse.Candidates) == 0 {
-		//return nil, types.NewOpenAIError(errors.New("no candidates returned"), types.ErrorCodeBadResponseBody, http.StatusInternalServerError)
-		if geminiResponse.PromptFeedback != nil && geminiResponse.PromptFeedback.BlockReason != nil {
-			return nil, types.NewOpenAIError(errors.New("request blocked by Gemini API: "+*geminiResponse.PromptFeedback.BlockReason), types.ErrorCodePromptBlocked, http.StatusBadRequest)
-		} else {
-			return nil, types.NewOpenAIError(errors.New("empty response from Gemini API"), types.ErrorCodeEmptyResponse, http.StatusInternalServerError)
-		}
+		return nil, types.NewOpenAIError(errors.New("no candidates returned"), types.ErrorCodeBadResponseBody, http.StatusInternalServerError)
 	}
 	fullTextResponse := responseGeminiChat2OpenAI(c, &geminiResponse)
 	fullTextResponse.Model = info.UpstreamModelName
--- a/relay/channel/jina/adaptor.go
+++ b/relay/channel/jina/adaptor.go
@@ -76,7 +76,6 @@ func (a *Adaptor) ConvertRerankRequest(c *gin.Context, relayMode int, request dt
 }

 func (a *Adaptor) ConvertEmbeddingRequest(c *gin.Context, info *relaycommon.RelayInfo, request dto.EmbeddingRequest) (any, error) {
-	request.EncodingFormat = ""
 	return request, nil
 }

--- a/relay/channel/moonshot/adaptor.go
+++ b/relay/channel/moonshot/adaptor.go
@@ -25,7 +25,7 @@ func (a *Adaptor) ConvertGeminiRequest(*gin.Context, *relaycommon.RelayInfo, *dt
 }

 func (a *Adaptor) ConvertClaudeRequest(c *gin.Context, info *relaycommon.RelayInfo, req *dto.ClaudeRequest) (any, error) {
-	adaptor := claude.Adaptor{}
+	adaptor := openai.Adaptor{}
 	return adaptor.ConvertClaudeRequest(c, info, req)
 }

--- a/relay/channel/ollama/adaptor.go
+++ b/relay/channel/ollama/adaptor.go
@@ -10,7 +10,6 @@ import (
 	relaycommon "one-api/relay/common"
 	relayconstant "one-api/relay/constant"
 	"one-api/types"
-	"strings"

 	"github.com/gin-gonic/gin"
 )
@@ -19,6 +18,7 @@ type Adaptor struct {
 }

 func (a *Adaptor) ConvertGeminiRequest(*gin.Context, *relaycommon.RelayInfo, *dto.GeminiChatRequest) (any, error) {
+	//TODO implement me
 	return nil, errors.New("not implemented")
 }

@@ -31,15 +31,16 @@ func (a *Adaptor) ConvertClaudeRequest(c *gin.Context, info *relaycommon.RelayIn
 	openaiRequest.(*dto.GeneralOpenAIRequest).StreamOptions = &dto.StreamOptions{
 		IncludeUsage: true,
 	}
-	// map to ollama chat request (Claude -> OpenAI -> Ollama chat)
-	return openAIChatToOllamaChat(c, openaiRequest.(*dto.GeneralOpenAIRequest))
+	return requestOpenAI2Ollama(c, openaiRequest.(*dto.GeneralOpenAIRequest))
 }

 func (a *Adaptor) ConvertAudioRequest(c *gin.Context, info *relaycommon.RelayInfo, request dto.AudioRequest) (io.Reader, error) {
+	//TODO implement me
 	return nil, errors.New("not implemented")
 }

 func (a *Adaptor) ConvertImageRequest(c *gin.Context, info *relaycommon.RelayInfo, request dto.ImageRequest) (any, error) {
+	//TODO implement me
 	return nil, errors.New("not implemented")
 }

@@ -47,13 +48,15 @@ func (a *Adaptor) Init(info *relaycommon.RelayInfo) {
 }

 func (a *Adaptor) GetRequestURL(info *relaycommon.RelayInfo) (string, error) {
-	if info.RelayMode == relayconstant.RelayModeEmbeddings {
+	if info.RelayFormat == types.RelayFormatClaude {
+		return info.ChannelBaseUrl + "/v1/chat/completions", nil
+	}
+	switch info.RelayMode {
+	case relayconstant.RelayModeEmbeddings:
 		return info.ChannelBaseUrl + "/api/embed", nil
+	default:
+		return relaycommon.GetFullRequestURL(info.ChannelBaseUrl, info.RequestURLPath, info.ChannelType), nil
 	}
-	if strings.Contains(info.RequestURLPath, "/v1/completions") || info.RelayMode == relayconstant.RelayModeCompletions {
-		return info.ChannelBaseUrl + "/api/generate", nil
-	}
-	return info.ChannelBaseUrl + "/api/chat", nil
 }

 func (a *Adaptor) SetupRequestHeader(c *gin.Context, req *http.Header, info *relaycommon.RelayInfo) error {
@@ -66,11 +69,7 @@ func (a *Adaptor) ConvertOpenAIRequest(c *gin.Context, info *relaycommon.RelayIn
 	if request == nil {
 		return nil, errors.New("request is nil")
 	}
-	// decide generate or chat
-	if strings.Contains(info.RequestURLPath, "/v1/completions") || info.RelayMode == relayconstant.RelayModeCompletions {
-		return openAIToGenerate(c, request)
-	}
-	return openAIChatToOllamaChat(c, request)
+	return requestOpenAI2Ollama(c, request)
 }

 func (a *Adaptor) ConvertRerankRequest(c *gin.Context, relayMode int, request dto.RerankRequest) (any, error) {
@@ -82,6 +81,7 @@ func (a *Adaptor) ConvertEmbeddingRequest(c *gin.Context, info *relaycommon.Rela
 }

 func (a *Adaptor) ConvertOpenAIResponsesRequest(c *gin.Context, info *relaycommon.RelayInfo, request dto.OpenAIResponsesRequest) (any, error) {
+	// TODO implement me
 	return nil, errors.New("not implemented")
 }

@@ -92,13 +92,15 @@ func (a *Adaptor) DoRequest(c *gin.Context, info *relaycommon.RelayInfo, request
 func (a *Adaptor) DoResponse(c *gin.Context, resp *http.Response, info *relaycommon.RelayInfo) (usage any, err *types.NewAPIError) {
 	switch info.RelayMode {
 	case relayconstant.RelayModeEmbeddings:
-		return ollamaEmbeddingHandler(c, info, resp)
+		usage, err = ollamaEmbeddingHandler(c, info, resp)
 	default:
 		if info.IsStream {
-			return ollamaStreamHandler(c, info, resp)
+			usage, err = openai.OaiStreamHandler(c, info, resp)
+		} else {
+			usage, err = openai.OpenaiHandler(c, info, resp)
 		}
-		return ollamaChatHandler(c, info, resp)
 	}
+	return
 }

 func (a *Adaptor) GetModelList() []string {
--- a/relay/channel/ollama/dto.go
+++ b/relay/channel/ollama/dto.go
@@ -2,68 +2,48 @@ package ollama

 import (
 	"encoding/json"
+	"one-api/dto"
 )

-type OllamaChatMessage struct {
-	Role      string           `json:"role"`
-	Content   string           `json:"content,omitempty"`
-	Images    []string         `json:"images,omitempty"`
-	ToolCalls []OllamaToolCall `json:"tool_calls,omitempty"`
-	ToolName  string           `json:"tool_name,omitempty"`
-	Thinking  json.RawMessage  `json:"thinking,omitempty"`
+type OllamaRequest struct {
+	Model            string                `json:"model,omitempty"`
+	Messages         []dto.Message         `json:"messages,omitempty"`
+	Stream           bool                  `json:"stream,omitempty"`
+	Temperature      *float64              `json:"temperature,omitempty"`
+	Seed             float64               `json:"seed,omitempty"`
+	Topp             float64               `json:"top_p,omitempty"`
+	TopK             int                   `json:"top_k,omitempty"`
+	Stop             any                   `json:"stop,omitempty"`
+	MaxTokens        uint                  `json:"max_tokens,omitempty"`
+	Tools            []dto.ToolCallRequest `json:"tools,omitempty"`
+	ResponseFormat   any                   `json:"response_format,omitempty"`
+	FrequencyPenalty float64               `json:"frequency_penalty,omitempty"`
+	PresencePenalty  float64               `json:"presence_penalty,omitempty"`
+	Suffix           any                   `json:"suffix,omitempty"`
+	StreamOptions    *dto.StreamOptions    `json:"stream_options,omitempty"`
+	Prompt           any                   `json:"prompt,omitempty"`
+	Think            json.RawMessage       `json:"think,omitempty"`
 }

-type OllamaToolFunction struct {
-	Name        string      `json:"name"`
-	Description string      `json:"description,omitempty"`
-	Parameters  interface{} `json:"parameters,omitempty"`
-}
-
-type OllamaTool struct {
-	Type     string             `json:"type"`
-	Function OllamaToolFunction `json:"function"`
-}
-
-type OllamaToolCall struct {
-	Function struct {
-		Name      string      `json:"name"`
-		Arguments interface{} `json:"arguments"`
-	} `json:"function"`
-}
-
-type OllamaChatRequest struct {
-	Model     string              `json:"model"`
-	Messages  []OllamaChatMessage `json:"messages"`
-	Tools     interface{}         `json:"tools,omitempty"`
-	Format    interface{}         `json:"format,omitempty"`
-	Stream    bool                `json:"stream,omitempty"`
-	Options   map[string]any      `json:"options,omitempty"`
-	KeepAlive interface{}         `json:"keep_alive,omitempty"`
-	Think     json.RawMessage     `json:"think,omitempty"`
-}
-
-type OllamaGenerateRequest struct {
-	Model     string          `json:"model"`
-	Prompt    string          `json:"prompt,omitempty"`
-	Suffix    string          `json:"suffix,omitempty"`
-	Images    []string        `json:"images,omitempty"`
-	Format    interface{}     `json:"format,omitempty"`
-	Stream    bool            `json:"stream,omitempty"`
-	Options   map[string]any  `json:"options,omitempty"`
-	KeepAlive interface{}     `json:"keep_alive,omitempty"`
-	Think     json.RawMessage `json:"think,omitempty"`
+type Options struct {
+	Seed             int      `json:"seed,omitempty"`
+	Temperature      *float64 `json:"temperature,omitempty"`
+	TopK             int      `json:"top_k,omitempty"`
+	TopP             float64  `json:"top_p,omitempty"`
+	FrequencyPenalty float64  `json:"frequency_penalty,omitempty"`
+	PresencePenalty  float64  `json:"presence_penalty,omitempty"`
+	NumPredict       int      `json:"num_predict,omitempty"`
+	NumCtx           int      `json:"num_ctx,omitempty"`
 }

 type OllamaEmbeddingRequest struct {
-	Model      string         `json:"model"`
-	Input      interface{}    `json:"input"`
-	Options    map[string]any `json:"options,omitempty"`
-	Dimensions int            `json:"dimensions,omitempty"`
+	Model   string   `json:"model,omitempty"`
+	Input   []string `json:"input"`
+	Options *Options `json:"options,omitempty"`
 }

 type OllamaEmbeddingResponse struct {
-	Error           string      `json:"error,omitempty"`
-	Model           string      `json:"model"`
-	Embeddings      [][]float64 `json:"embeddings"`
-	PromptEvalCount int         `json:"prompt_eval_count,omitempty"`
+	Error     string      `json:"error,omitempty"`
+	Model     string      `json:"model"`
+	Embedding [][]float64 `json:"embeddings,omitempty"`
 }
--- a/relay/channel/ollama/relay-ollama.go
+++ b/relay/channel/ollama/relay-ollama.go
@@ -1,7 +1,6 @@
 package ollama

 import (
-	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
@@ -15,270 +14,121 @@ import (
 	"github.com/gin-gonic/gin"
 )

-func openAIChatToOllamaChat(c *gin.Context, r *dto.GeneralOpenAIRequest) (*OllamaChatRequest, error) {
-	chatReq := &OllamaChatRequest{
-		Model:   r.Model,
-		Stream:  r.Stream,
-		Options: map[string]any{},
-		Think:   r.Think,
-	}
-	if r.ResponseFormat != nil {
-		if r.ResponseFormat.Type == "json" {
-			chatReq.Format = "json"
-		} else if r.ResponseFormat.Type == "json_schema" {
-			if len(r.ResponseFormat.JsonSchema) > 0 {
-				var schema any
-				_ = json.Unmarshal(r.ResponseFormat.JsonSchema, &schema)
-				chatReq.Format = schema
-			}
-		}
-	}
-
-	// options mapping
-	if r.Temperature != nil {
-		chatReq.Options["temperature"] = r.Temperature
-	}
-	if r.TopP != 0 {
-		chatReq.Options["top_p"] = r.TopP
-	}
-	if r.TopK != 0 {
-		chatReq.Options["top_k"] = r.TopK
-	}
-	if r.FrequencyPenalty != 0 {
-		chatReq.Options["frequency_penalty"] = r.FrequencyPenalty
-	}
-	if r.PresencePenalty != 0 {
-		chatReq.Options["presence_penalty"] = r.PresencePenalty
-	}
-	if r.Seed != 0 {
-		chatReq.Options["seed"] = int(r.Seed)
-	}
-	if mt := r.GetMaxTokens(); mt != 0 {
-		chatReq.Options["num_predict"] = int(mt)
-	}
-
-	if r.Stop != nil {
-		switch v := r.Stop.(type) {
-		case string:
-			chatReq.Options["stop"] = []string{v}
-		case []string:
-			chatReq.Options["stop"] = v
-		case []any:
-			arr := make([]string, 0, len(v))
-			for _, i := range v {
-				if s, ok := i.(string); ok {
-					arr = append(arr, s)
-				}
-			}
-			if len(arr) > 0 {
-				chatReq.Options["stop"] = arr
-			}
-		}
-	}
-
-	if len(r.Tools) > 0 {
-		tools := make([]OllamaTool, 0, len(r.Tools))
-		for _, t := range r.Tools {
-			tools = append(tools, OllamaTool{Type: "function", Function: OllamaToolFunction{Name: t.Function.Name, Description: t.Function.Description, Parameters: t.Function.Parameters}})
-		}
-		chatReq.Tools = tools
-	}
-
-	chatReq.Messages = make([]OllamaChatMessage, 0, len(r.Messages))
-	for _, m := range r.Messages {
-		var textBuilder strings.Builder
-		var images []string
-		if m.IsStringContent() {
-			textBuilder.WriteString(m.StringContent())
-		} else {
-			parts := m.ParseContent()
-			for _, part := range parts {
-				if part.Type == dto.ContentTypeImageURL {
-					img := part.GetImageMedia()
-					if img != nil && img.Url != "" {
-						var base64Data string
-						if strings.HasPrefix(img.Url, "http") {
-							fileData, err := service.GetFileBase64FromUrl(c, img.Url, "fetch image for ollama chat")
-							if err != nil {
-								return nil, err
-							}
-							base64Data = fileData.Base64Data
-						} else if strings.HasPrefix(img.Url, "data:") {
-							if idx := strings.Index(img.Url, ","); idx != -1 && idx+1 < len(img.Url) {
-								base64Data = img.Url[idx+1:]
-							}
-						} else {
-							base64Data = img.Url
-						}
-						if base64Data != "" {
-							images = append(images, base64Data)
+func requestOpenAI2Ollama(c *gin.Context, request *dto.GeneralOpenAIRequest) (*OllamaRequest, error) {
+	messages := make([]dto.Message, 0, len(request.Messages))
+	for _, message := range request.Messages {
+		if !message.IsStringContent() {
+			mediaMessages := message.ParseContent()
+			for j, mediaMessage := range mediaMessages {
+				if mediaMessage.Type == dto.ContentTypeImageURL {
+					imageUrl := mediaMessage.GetImageMedia()
+					// check if not base64
+					if strings.HasPrefix(imageUrl.Url, "http") {
+						fileData, err := service.GetFileBase64FromUrl(c, imageUrl.Url, "formatting image for Ollama")
+						if err != nil {
+							return nil, err
 						}
+						imageUrl.Url = fmt.Sprintf("data:%s;base64,%s", fileData.MimeType, fileData.Base64Data)
 					}
-				} else if part.Type == dto.ContentTypeText {
-					textBuilder.WriteString(part.Text)
+					mediaMessage.ImageUrl = imageUrl
+					mediaMessages[j] = mediaMessage
 				}
 			}
+			message.SetMediaContent(mediaMessages)
 		}
-		cm := OllamaChatMessage{Role: m.Role, Content: textBuilder.String()}
-		if len(images) > 0 {
-			cm.Images = images
-		}
-		if m.Role == "tool" && m.Name != nil {
-			cm.ToolName = *m.Name
-		}
-		if m.ToolCalls != nil && len(m.ToolCalls) > 0 {
-			parsed := m.ParseToolCalls()
-			if len(parsed) > 0 {
-				calls := make([]OllamaToolCall, 0, len(parsed))
-				for _, tc := range parsed {
-					var args interface{}
-					if tc.Function.Arguments != "" {
-						_ = json.Unmarshal([]byte(tc.Function.Arguments), &args)
-					}
-					if args == nil {
-						args = map[string]any{}
-					}
-					oc := OllamaToolCall{}
-					oc.Function.Name = tc.Function.Name
-					oc.Function.Arguments = args
-					calls = append(calls, oc)
-				}
-				cm.ToolCalls = calls
-			}
-		}
-		chatReq.Messages = append(chatReq.Messages, cm)
+		messages = append(messages, dto.Message{
+			Role:       message.Role,
+			Content:    message.Content,
+			ToolCalls:  message.ToolCalls,
+			ToolCallId: message.ToolCallId,
+		})
 	}
-	return chatReq, nil
+	str, ok := request.Stop.(string)
+	var Stop []string
+	if ok {
+		Stop = []string{str}
+	} else {
+		Stop, _ = request.Stop.([]string)
+	}
+	ollamaRequest := &OllamaRequest{
+		Model:            request.Model,
+		Messages:         messages,
+		Stream:           request.Stream,
+		Temperature:      request.Temperature,
+		Seed:             request.Seed,
+		Topp:             request.TopP,
+		TopK:             request.TopK,
+		Stop:             Stop,
+		Tools:            request.Tools,
+		MaxTokens:        request.GetMaxTokens(),
+		ResponseFormat:   request.ResponseFormat,
+		FrequencyPenalty: request.FrequencyPenalty,
+		PresencePenalty:  request.PresencePenalty,
+		Prompt:           request.Prompt,
+		StreamOptions:    request.StreamOptions,
+		Suffix:           request.Suffix,
+	}
+	ollamaRequest.Think = request.Think
+	return ollamaRequest, nil
 }

-// openAIToGenerate converts OpenAI completions request to Ollama generate
-func openAIToGenerate(c *gin.Context, r *dto.GeneralOpenAIRequest) (*OllamaGenerateRequest, error) {
-	gen := &OllamaGenerateRequest{
-		Model:   r.Model,
-		Stream:  r.Stream,
-		Options: map[string]any{},
-		Think:   r.Think,
+func requestOpenAI2Embeddings(request dto.EmbeddingRequest) *OllamaEmbeddingRequest {
+	return &OllamaEmbeddingRequest{
+		Model: request.Model,
+		Input: request.ParseInput(),
+		Options: &Options{
+			Seed:             int(request.Seed),
+			Temperature:      request.Temperature,
+			TopP:             request.TopP,
+			FrequencyPenalty: request.FrequencyPenalty,
+			PresencePenalty:  request.PresencePenalty,
+		},
 	}
-	// Prompt may be in r.Prompt (string or []any)
-	if r.Prompt != nil {
-		switch v := r.Prompt.(type) {
-		case string:
-			gen.Prompt = v
-		case []any:
-			var sb strings.Builder
-			for _, it := range v {
-				if s, ok := it.(string); ok {
-					sb.WriteString(s)
-				}
-			}
-			gen.Prompt = sb.String()
-		default:
-			gen.Prompt = fmt.Sprintf("%v", r.Prompt)
-		}
-	}
-	if r.Suffix != nil {
-		if s, ok := r.Suffix.(string); ok {
-			gen.Suffix = s
-		}
-	}
-	if r.ResponseFormat != nil {
-		if r.ResponseFormat.Type == "json" {
-			gen.Format = "json"
-		} else if r.ResponseFormat.Type == "json_schema" {
-			var schema any
-			_ = json.Unmarshal(r.ResponseFormat.JsonSchema, &schema)
-			gen.Format = schema
-		}
-	}
-	if r.Temperature != nil {
-		gen.Options["temperature"] = r.Temperature
-	}
-	if r.TopP != 0 {
-		gen.Options["top_p"] = r.TopP
-	}
-	if r.TopK != 0 {
-		gen.Options["top_k"] = r.TopK
-	}
-	if r.FrequencyPenalty != 0 {
-		gen.Options["frequency_penalty"] = r.FrequencyPenalty
-	}
-	if r.PresencePenalty != 0 {
-		gen.Options["presence_penalty"] = r.PresencePenalty
-	}
-	if r.Seed != 0 {
-		gen.Options["seed"] = int(r.Seed)
-	}
-	if mt := r.GetMaxTokens(); mt != 0 {
-		gen.Options["num_predict"] = int(mt)
-	}
-	if r.Stop != nil {
-		switch v := r.Stop.(type) {
-		case string:
-			gen.Options["stop"] = []string{v}
-		case []string:
-			gen.Options["stop"] = v
-		case []any:
-			arr := make([]string, 0, len(v))
-			for _, i := range v {
-				if s, ok := i.(string); ok {
-					arr = append(arr, s)
-				}
-			}
-			if len(arr) > 0 {
-				gen.Options["stop"] = arr
-			}
-		}
-	}
-	return gen, nil
-}
-
-func requestOpenAI2Embeddings(r dto.EmbeddingRequest) *OllamaEmbeddingRequest {
-	opts := map[string]any{}
-	if r.Temperature != nil {
-		opts["temperature"] = r.Temperature
-	}
-	if r.TopP != 0 {
-		opts["top_p"] = r.TopP
-	}
-	if r.FrequencyPenalty != 0 {
-		opts["frequency_penalty"] = r.FrequencyPenalty
-	}
-	if r.PresencePenalty != 0 {
-		opts["presence_penalty"] = r.PresencePenalty
-	}
-	if r.Seed != 0 {
-		opts["seed"] = int(r.Seed)
-	}
-	if r.Dimensions != 0 {
-		opts["dimensions"] = r.Dimensions
-	}
-	input := r.ParseInput()
-	if len(input) == 1 {
-		return &OllamaEmbeddingRequest{Model: r.Model, Input: input[0], Options: opts, Dimensions: r.Dimensions}
-	}
-	return &OllamaEmbeddingRequest{Model: r.Model, Input: input, Options: opts, Dimensions: r.Dimensions}
 }

 func ollamaEmbeddingHandler(c *gin.Context, info *relaycommon.RelayInfo, resp *http.Response) (*dto.Usage, *types.NewAPIError) {
-	var oResp OllamaEmbeddingResponse
-	body, err := io.ReadAll(resp.Body)
+	var ollamaEmbeddingResponse OllamaEmbeddingResponse
+	responseBody, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, types.NewOpenAIError(err, types.ErrorCodeBadResponseBody, http.StatusInternalServerError)
 	}
 	service.CloseResponseBodyGracefully(resp)
-	if err = common.Unmarshal(body, &oResp); err != nil {
+	err = common.Unmarshal(responseBody, &ollamaEmbeddingResponse)
+	if err != nil {
 		return nil, types.NewOpenAIError(err, types.ErrorCodeBadResponseBody, http.StatusInternalServerError)
 	}
-	if oResp.Error != "" {
-		return nil, types.NewOpenAIError(fmt.Errorf("ollama error: %s", oResp.Error), types.ErrorCodeBadResponseBody, http.StatusInternalServerError)
+	if ollamaEmbeddingResponse.Error != "" {
+		return nil, types.NewOpenAIError(fmt.Errorf("ollama error: %s", ollamaEmbeddingResponse.Error), types.ErrorCodeBadResponseBody, http.StatusInternalServerError)
 	}
-	data := make([]dto.OpenAIEmbeddingResponseItem, 0, len(oResp.Embeddings))
-	for i, emb := range oResp.Embeddings {
-		data = append(data, dto.OpenAIEmbeddingResponseItem{Index: i, Object: "embedding", Embedding: emb})
+	flattenedEmbeddings := flattenEmbeddings(ollamaEmbeddingResponse.Embedding)
+	data := make([]dto.OpenAIEmbeddingResponseItem, 0, 1)
+	data = append(data, dto.OpenAIEmbeddingResponseItem{
+		Embedding: flattenedEmbeddings,
+		Object:    "embedding",
+	})
+	usage := &dto.Usage{
+		TotalTokens:      info.PromptTokens,
+		CompletionTokens: 0,
+		PromptTokens:     info.PromptTokens,
 	}
-	usage := &dto.Usage{PromptTokens: oResp.PromptEvalCount, CompletionTokens: 0, TotalTokens: oResp.PromptEvalCount}
-	embResp := &dto.OpenAIEmbeddingResponse{Object: "list", Data: data, Model: info.UpstreamModelName, Usage: *usage}
-	out, _ := common.Marshal(embResp)
-	service.IOCopyBytesGracefully(c, resp, out)
+	embeddingResponse := &dto.OpenAIEmbeddingResponse{
+		Object: "list",
+		Data:   data,
+		Model:  info.UpstreamModelName,
+		Usage:  *usage,
+	}
+	doResponseBody, err := common.Marshal(embeddingResponse)
+	if err != nil {
+		return nil, types.NewOpenAIError(err, types.ErrorCodeBadResponseBody, http.StatusInternalServerError)
+	}
+	service.IOCopyBytesGracefully(c, resp, doResponseBody)
 	return usage, nil
 }
+
+func flattenEmbeddings(embeddings [][]float64) []float64 {
+	flattened := []float64{}
+	for _, row := range embeddings {
+		flattened = append(flattened, row...)
+	}
+	return flattened
+}
--- a/relay/channel/ollama/stream.go
+++ b/relay/channel/ollama/stream.go
@@ -1,278 +0,0 @@
-package ollama
-
-import (
-	"bufio"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"one-api/common"
-	"one-api/dto"
-	"one-api/logger"
-	relaycommon "one-api/relay/common"
-	"one-api/relay/helper"
-	"one-api/service"
-	"one-api/types"
-	"strings"
-	"time"
-
-	"github.com/gin-gonic/gin"
-)
-
-type ollamaChatStreamChunk struct {
-	Model     string `json:"model"`
-	CreatedAt string `json:"created_at"`
-	// chat
-	Message *struct {
-		Role      string          `json:"role"`
-		Content   string          `json:"content"`
-		Thinking  json.RawMessage `json:"thinking"`
-		ToolCalls []struct {
-			Function struct {
-				Name      string      `json:"name"`
-				Arguments interface{} `json:"arguments"`
-			} `json:"function"`
-		} `json:"tool_calls"`
-	} `json:"message"`
-	// generate
-	Response           string `json:"response"`
-	Done               bool   `json:"done"`
-	DoneReason         string `json:"done_reason"`
-	TotalDuration      int64  `json:"total_duration"`
-	LoadDuration       int64  `json:"load_duration"`
-	PromptEvalCount    int    `json:"prompt_eval_count"`
-	EvalCount          int    `json:"eval_count"`
-	PromptEvalDuration int64  `json:"prompt_eval_duration"`
-	EvalDuration       int64  `json:"eval_duration"`
-}
-
-func toUnix(ts string) int64 {
-	if ts == "" {
-		return time.Now().Unix()
-	}
-	// try time.RFC3339 or with nanoseconds
-	t, err := time.Parse(time.RFC3339Nano, ts)
-	if err != nil {
-		t2, err2 := time.Parse(time.RFC3339, ts)
-		if err2 == nil {
-			return t2.Unix()
-		}
-		return time.Now().Unix()
-	}
-	return t.Unix()
-}
-
-func ollamaStreamHandler(c *gin.Context, info *relaycommon.RelayInfo, resp *http.Response) (*dto.Usage, *types.NewAPIError) {
-	if resp == nil || resp.Body == nil {
-		return nil, types.NewOpenAIError(fmt.Errorf("empty response"), types.ErrorCodeBadResponse, http.StatusBadRequest)
-	}
-	defer service.CloseResponseBodyGracefully(resp)
-
-	helper.SetEventStreamHeaders(c)
-	scanner := bufio.NewScanner(resp.Body)
-	usage := &dto.Usage{}
-	var model = info.UpstreamModelName
-	var responseId = common.GetUUID()
-	var created = time.Now().Unix()
-	var toolCallIndex int
-	start := helper.GenerateStartEmptyResponse(responseId, created, model, nil)
-	if data, err := common.Marshal(start); err == nil {
-		_ = helper.StringData(c, string(data))
-	}
-
-	for scanner.Scan() {
-		line := scanner.Text()
-		line = strings.TrimSpace(line)
-		if line == "" {
-			continue
-		}
-		var chunk ollamaChatStreamChunk
-		if err := json.Unmarshal([]byte(line), &chunk); err != nil {
-			logger.LogError(c, "ollama stream json decode error: "+err.Error()+" line="+line)
-			return usage, types.NewOpenAIError(err, types.ErrorCodeBadResponseBody, http.StatusInternalServerError)
-		}
-		if chunk.Model != "" {
-			model = chunk.Model
-		}
-		created = toUnix(chunk.CreatedAt)
-
-		if !chunk.Done {
-			// delta content
-			var content string
-			if chunk.Message != nil {
-				content = chunk.Message.Content
-			} else {
-				content = chunk.Response
-			}
-			delta := dto.ChatCompletionsStreamResponse{
-				Id:      responseId,
-				Object:  "chat.completion.chunk",
-				Created: created,
-				Model:   model,
-				Choices: []dto.ChatCompletionsStreamResponseChoice{{
-					Index: 0,
-					Delta: dto.ChatCompletionsStreamResponseChoiceDelta{Role: "assistant"},
-				}},
-			}
-			if content != "" {
-				delta.Choices[0].Delta.SetContentString(content)
-			}
-			if chunk.Message != nil && len(chunk.Message.Thinking) > 0 {
-				raw := strings.TrimSpace(string(chunk.Message.Thinking))
-				if raw != "" && raw != "null" {
-					delta.Choices[0].Delta.SetReasoningContent(raw)
-				}
-			}
-			// tool calls
-			if chunk.Message != nil && len(chunk.Message.ToolCalls) > 0 {
-				delta.Choices[0].Delta.ToolCalls = make([]dto.ToolCallResponse, 0, len(chunk.Message.ToolCalls))
-				for _, tc := range chunk.Message.ToolCalls {
-					// arguments -> string
-					argBytes, _ := json.Marshal(tc.Function.Arguments)
-					toolId := fmt.Sprintf("call_%d", toolCallIndex)
-					tr := dto.ToolCallResponse{ID: toolId, Type: "function", Function: dto.FunctionResponse{Name: tc.Function.Name, Arguments: string(argBytes)}}
-					tr.SetIndex(toolCallIndex)
-					toolCallIndex++
-					delta.Choices[0].Delta.ToolCalls = append(delta.Choices[0].Delta.ToolCalls, tr)
-				}
-			}
-			if data, err := common.Marshal(delta); err == nil {
-				_ = helper.StringData(c, string(data))
-			}
-			continue
-		}
-		// done frame
-		// finalize once and break loop
-		usage.PromptTokens = chunk.PromptEvalCount
-		usage.CompletionTokens = chunk.EvalCount
-		usage.TotalTokens = usage.PromptTokens + usage.CompletionTokens
-		finishReason := chunk.DoneReason
-		if finishReason == "" {
-			finishReason = "stop"
-		}
-		// emit stop delta
-		if stop := helper.GenerateStopResponse(responseId, created, model, finishReason); stop != nil {
-			if data, err := common.Marshal(stop); err == nil {
-				_ = helper.StringData(c, string(data))
-			}
-		}
-		// emit usage frame
-		if final := helper.GenerateFinalUsageResponse(responseId, created, model, *usage); final != nil {
-			if data, err := common.Marshal(final); err == nil {
-				_ = helper.StringData(c, string(data))
-			}
-		}
-		// send [DONE]
-		helper.Done(c)
-		break
-	}
-	if err := scanner.Err(); err != nil && err != io.EOF {
-		logger.LogError(c, "ollama stream scan error: "+err.Error())
-	}
-	return usage, nil
-}
-
-// non-stream handler for chat/generate
-func ollamaChatHandler(c *gin.Context, info *relaycommon.RelayInfo, resp *http.Response) (*dto.Usage, *types.NewAPIError) {
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, types.NewOpenAIError(err, types.ErrorCodeReadResponseBodyFailed, http.StatusInternalServerError)
-	}
-	service.CloseResponseBodyGracefully(resp)
-	raw := string(body)
-	if common.DebugEnabled {
-		println("ollama non-stream raw resp:", raw)
-	}
-
-	lines := strings.Split(raw, "\n")
-	var (
-		aggContent       strings.Builder
-		reasoningBuilder strings.Builder
-		lastChunk        ollamaChatStreamChunk
-		parsedAny        bool
-	)
-	for _, ln := range lines {
-		ln = strings.TrimSpace(ln)
-		if ln == "" {
-			continue
-		}
-		var ck ollamaChatStreamChunk
-		if err := json.Unmarshal([]byte(ln), &ck); err != nil {
-			if len(lines) == 1 {
-				return nil, types.NewOpenAIError(err, types.ErrorCodeBadResponseBody, http.StatusInternalServerError)
-			}
-			continue
-		}
-		parsedAny = true
-		lastChunk = ck
-		if ck.Message != nil && len(ck.Message.Thinking) > 0 {
-			raw := strings.TrimSpace(string(ck.Message.Thinking))
-			if raw != "" && raw != "null" {
-				reasoningBuilder.WriteString(raw)
-			}
-		}
-		if ck.Message != nil && ck.Message.Content != "" {
-			aggContent.WriteString(ck.Message.Content)
-		} else if ck.Response != "" {
-			aggContent.WriteString(ck.Response)
-		}
-	}
-
-	if !parsedAny {
-		var single ollamaChatStreamChunk
-		if err := json.Unmarshal(body, &single); err != nil {
-			return nil, types.NewOpenAIError(err, types.ErrorCodeBadResponseBody, http.StatusInternalServerError)
-		}
-		lastChunk = single
-		if single.Message != nil {
-			if len(single.Message.Thinking) > 0 {
-				raw := strings.TrimSpace(string(single.Message.Thinking))
-				if raw != "" && raw != "null" {
-					reasoningBuilder.WriteString(raw)
-				}
-			}
-			aggContent.WriteString(single.Message.Content)
-		} else {
-			aggContent.WriteString(single.Response)
-		}
-	}
-
-	model := lastChunk.Model
-	if model == "" {
-		model = info.UpstreamModelName
-	}
-	created := toUnix(lastChunk.CreatedAt)
-	usage := &dto.Usage{PromptTokens: lastChunk.PromptEvalCount, CompletionTokens: lastChunk.EvalCount, TotalTokens: lastChunk.PromptEvalCount + lastChunk.EvalCount}
-	content := aggContent.String()
-	finishReason := lastChunk.DoneReason
-	if finishReason == "" {
-		finishReason = "stop"
-	}
-
-	msg := dto.Message{Role: "assistant", Content: contentPtr(content)}
-	if rc := reasoningBuilder.String(); rc != "" {
-		msg.ReasoningContent = rc
-	}
-	full := dto.OpenAITextResponse{
-		Id:      common.GetUUID(),
-		Model:   model,
-		Object:  "chat.completion",
-		Created: created,
-		Choices: []dto.OpenAITextResponseChoice{{
-			Index:        0,
-			Message:      msg,
-			FinishReason: finishReason,
-		}},
-		Usage: *usage,
-	}
-	out, _ := common.Marshal(full)
-	service.IOCopyBytesGracefully(c, resp, out)
-	return usage, nil
-}
-
-func contentPtr(s string) *string {
-	if s == "" {
-		return nil
-	}
-	return &s
-}
--- a/relay/channel/openai/relay-openai.go
+++ b/relay/channel/openai/relay-openai.go
@@ -12,7 +12,6 @@ import (
 	"one-api/constant"
 	"one-api/dto"
 	"one-api/logger"
-	"one-api/relay/channel/openrouter"
 	relaycommon "one-api/relay/common"
 	"one-api/relay/helper"
 	"one-api/service"
@@ -186,27 +185,10 @@ func OpenaiHandler(c *gin.Context, info *relaycommon.RelayInfo, resp *http.Respo
 	if common.DebugEnabled {
 		println("upstream response body:", string(responseBody))
 	}
-	// Unmarshal to simpleResponse
-	if info.ChannelType == constant.ChannelTypeOpenRouter && info.ChannelOtherSettings.IsOpenRouterEnterprise() {
-		// 尝试解析为 openrouter enterprise
-		var enterpriseResponse openrouter.OpenRouterEnterpriseResponse
-		err = common.Unmarshal(responseBody, &enterpriseResponse)
-		if err != nil {
-			return nil, types.NewOpenAIError(err, types.ErrorCodeBadResponseBody, http.StatusInternalServerError)
-		}
-		if enterpriseResponse.Success {
-			responseBody = enterpriseResponse.Data
-		} else {
-			logger.LogError(c, fmt.Sprintf("openrouter enterprise response success=false, data: %s", enterpriseResponse.Data))
-			return nil, types.NewOpenAIError(fmt.Errorf("openrouter response success=false"), types.ErrorCodeBadResponseBody, http.StatusInternalServerError)
-		}
-	}
-
 	err = common.Unmarshal(responseBody, &simpleResponse)
 	if err != nil {
 		return nil, types.NewOpenAIError(err, types.ErrorCodeBadResponseBody, http.StatusInternalServerError)
 	}
-
 	if oaiError := simpleResponse.GetOpenAIError(); oaiError != nil && oaiError.Type != "" {
 		return nil, types.WithOpenAIError(*oaiError, resp.StatusCode)
 	}
--- a/relay/channel/openai/relay_responses.go
+++ b/relay/channel/openai/relay_responses.go
@@ -33,12 +33,6 @@ func OaiResponsesHandler(c *gin.Context, info *relaycommon.RelayInfo, resp *http
 		return nil, types.WithOpenAIError(*oaiError, resp.StatusCode)
 	}

-	if responsesResponse.HasImageGenerationCall() {
-		c.Set("image_generation_call", true)
-		c.Set("image_generation_call_quality", responsesResponse.GetQuality())
-		c.Set("image_generation_call_size", responsesResponse.GetSize())
-	}
-
 	// 写入新的 response body
 	service.IOCopyBytesGracefully(c, resp, responseBody)

@@ -86,25 +80,18 @@ func OaiResponsesStreamHandler(c *gin.Context, info *relaycommon.RelayInfo, resp
 			sendResponsesStreamData(c, streamResponse, data)
 			switch streamResponse.Type {
 			case "response.completed":
-				if streamResponse.Response != nil {
-					if streamResponse.Response.Usage != nil {
-						if streamResponse.Response.Usage.InputTokens != 0 {
-							usage.PromptTokens = streamResponse.Response.Usage.InputTokens
-						}
-						if streamResponse.Response.Usage.OutputTokens != 0 {
-							usage.CompletionTokens = streamResponse.Response.Usage.OutputTokens
-						}
-						if streamResponse.Response.Usage.TotalTokens != 0 {
-							usage.TotalTokens = streamResponse.Response.Usage.TotalTokens
-						}
-						if streamResponse.Response.Usage.InputTokensDetails != nil {
-							usage.PromptTokensDetails.CachedTokens = streamResponse.Response.Usage.InputTokensDetails.CachedTokens
-						}
+				if streamResponse.Response != nil && streamResponse.Response.Usage != nil {
+					if streamResponse.Response.Usage.InputTokens != 0 {
+						usage.PromptTokens = streamResponse.Response.Usage.InputTokens
 					}
-					if streamResponse.Response.HasImageGenerationCall() {
-						c.Set("image_generation_call", true)
-						c.Set("image_generation_call_quality", streamResponse.Response.GetQuality())
-						c.Set("image_generation_call_size", streamResponse.Response.GetSize())
+					if streamResponse.Response.Usage.OutputTokens != 0 {
+						usage.CompletionTokens = streamResponse.Response.Usage.OutputTokens
+					}
+					if streamResponse.Response.Usage.TotalTokens != 0 {
+						usage.TotalTokens = streamResponse.Response.Usage.TotalTokens
+					}
+					if streamResponse.Response.Usage.InputTokensDetails != nil {
+						usage.PromptTokensDetails.CachedTokens = streamResponse.Response.Usage.InputTokensDetails.CachedTokens
 					}
 				}
 			case "response.output_text.delta":
@@ -115,11 +102,7 @@ func OaiResponsesStreamHandler(c *gin.Context, info *relaycommon.RelayInfo, resp
 				if streamResponse.Item != nil {
 					switch streamResponse.Item.Type {
 					case dto.BuildInCallWebSearchCall:
-						if info != nil && info.ResponsesUsageInfo != nil && info.ResponsesUsageInfo.BuiltInTools != nil {
-							if webSearchTool, exists := info.ResponsesUsageInfo.BuiltInTools[dto.BuildInToolWebSearchPreview]; exists && webSearchTool != nil {
-								webSearchTool.CallCount++
-							}
-						}
+						info.ResponsesUsageInfo.BuiltInTools[dto.BuildInToolWebSearchPreview].CallCount++
 					}
 				}
 			}
--- a/relay/channel/openrouter/dto.go
+++ b/relay/channel/openrouter/dto.go
@@ -1,7 +1,5 @@
 package openrouter

-import "encoding/json"
-
 type RequestReasoning struct {
 	// One of the following (not both):
 	Effort    string `json:"effort,omitempty"`     // Can be "high", "medium", or "low" (OpenAI-style)
@@ -9,8 +7,3 @@ type RequestReasoning struct {
 	// Optional: Default is false. All models support this.
 	Exclude bool `json:"exclude,omitempty"` // Set to true to exclude reasoning tokens from response
 }
-
-type OpenRouterEnterpriseResponse struct {
-	Data    json.RawMessage `json:"data"`
-	Success bool            `json:"success"`
-}
--- a/relay/channel/siliconflow/adaptor.go
+++ b/relay/channel/siliconflow/adaptor.go
@@ -61,16 +61,6 @@ func (a *Adaptor) SetupRequestHeader(c *gin.Context, req *http.Header, info *rel
 }

 func (a *Adaptor) ConvertOpenAIRequest(c *gin.Context, info *relaycommon.RelayInfo, request *dto.GeneralOpenAIRequest) (any, error) {
-	// SiliconFlow requires messages array for FIM requests, even if client doesn't send it
-	if (request.Prefix != nil || request.Suffix != nil) && len(request.Messages) == 0 {
-		// Add an empty user message to satisfy SiliconFlow's requirement
-		request.Messages = []dto.Message{
-			{
-				Role:    "user",
-				Content: "",
-			},
-		}
-	}
 	return request, nil
 }

--- a/relay/channel/submodel/adaptor.go
+++ b/relay/channel/submodel/adaptor.go
@@ -1,86 +0,0 @@
-package submodel
-
-import (
-	"errors"
-	"io"
-	"net/http"
-	"one-api/dto"
-	"one-api/relay/channel"
-	"one-api/relay/channel/openai"
-	relaycommon "one-api/relay/common"
-	"one-api/types"
-
-	"github.com/gin-gonic/gin"
-)
-
-type Adaptor struct {
-}
-
-func (a *Adaptor) ConvertGeminiRequest(c *gin.Context, info *relaycommon.RelayInfo, request *dto.GeminiChatRequest) (any, error) {
-	return nil, errors.New("submodel channel: endpoint not supported")
-}
-
-func (a *Adaptor) ConvertClaudeRequest(*gin.Context, *relaycommon.RelayInfo, *dto.ClaudeRequest) (any, error) {
-	return nil, errors.New("submodel channel: endpoint not supported")
-}
-
-func (a *Adaptor) ConvertAudioRequest(c *gin.Context, info *relaycommon.RelayInfo, request dto.AudioRequest) (io.Reader, error) {
-	return nil, errors.New("submodel channel: endpoint not supported")
-}
-
-func (a *Adaptor) ConvertImageRequest(c *gin.Context, info *relaycommon.RelayInfo, request dto.ImageRequest) (any, error) {
-	return nil, errors.New("submodel channel: endpoint not supported")
-}
-
-func (a *Adaptor) Init(info *relaycommon.RelayInfo) {
-}
-
-func (a *Adaptor) GetRequestURL(info *relaycommon.RelayInfo) (string, error) {
-	return relaycommon.GetFullRequestURL(info.ChannelBaseUrl, info.RequestURLPath, info.ChannelType), nil
-}
-
-func (a *Adaptor) SetupRequestHeader(c *gin.Context, req *http.Header, info *relaycommon.RelayInfo) error {
-	channel.SetupApiRequestHeader(info, c, req)
-	req.Set("Authorization", "Bearer "+info.ApiKey)
-	return nil
-}
-
-func (a *Adaptor) ConvertOpenAIRequest(c *gin.Context, info *relaycommon.RelayInfo, request *dto.GeneralOpenAIRequest) (any, error) {
-	if request == nil {
-		return nil, errors.New("request is nil")
-	}
-	return request, nil
-}
-
-func (a *Adaptor) ConvertRerankRequest(c *gin.Context, relayMode int, request dto.RerankRequest) (any, error) {
-	return nil, errors.New("submodel channel: endpoint not supported")
-}
-
-func (a *Adaptor) ConvertEmbeddingRequest(c *gin.Context, info *relaycommon.RelayInfo, request dto.EmbeddingRequest) (any, error) {
-	return nil, errors.New("submodel channel: endpoint not supported")
-}
-
-func (a *Adaptor) ConvertOpenAIResponsesRequest(c *gin.Context, info *relaycommon.RelayInfo, request dto.OpenAIResponsesRequest) (any, error) {
-	return nil, errors.New("submodel channel: endpoint not supported")
-}
-
-func (a *Adaptor) DoRequest(c *gin.Context, info *relaycommon.RelayInfo, requestBody io.Reader) (any, error) {
-	return channel.DoApiRequest(a, c, info, requestBody)
-}
-
-func (a *Adaptor) DoResponse(c *gin.Context, resp *http.Response, info *relaycommon.RelayInfo) (usage any, err *types.NewAPIError) {
-	if info.IsStream {
-		usage, err = openai.OaiStreamHandler(c, info, resp)
-	} else {
-		usage, err = openai.OpenaiHandler(c, info, resp)
-	}
-	return
-}
-
-func (a *Adaptor) GetModelList() []string {
-	return ModelList
-}
-
-func (a *Adaptor) GetChannelName() string {
-	return ChannelName
-}
--- a/relay/channel/submodel/constants.go
+++ b/relay/channel/submodel/constants.go
@@ -1,16 +0,0 @@
-package submodel
-
-var ModelList = []string{
-	"NousResearch/Hermes-4-405B-FP8",
-	"Qwen/Qwen3-235B-A22B-Thinking-2507",
-	"Qwen/Qwen3-Coder-480B-A35B-Instruct-FP8",
-	"Qwen/Qwen3-235B-A22B-Instruct-2507",
-	"zai-org/GLM-4.5-FP8",
-	"openai/gpt-oss-120b",
-	"deepseek-ai/DeepSeek-R1-0528",
-	"deepseek-ai/DeepSeek-R1",
-	"deepseek-ai/DeepSeek-V3-0324",
-	"deepseek-ai/DeepSeek-V3.1",
-}
-
-const ChannelName = "submodel"
--- a/relay/channel/task/doubao/adaptor.go
+++ b/relay/channel/task/doubao/adaptor.go
@@ -1,248 +0,0 @@
-package doubao
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"one-api/constant"
-	"one-api/dto"
-	"one-api/model"
-	"one-api/relay/channel"
-	relaycommon "one-api/relay/common"
-	"one-api/service"
-
-	"github.com/gin-gonic/gin"
-	"github.com/pkg/errors"
-)
-
-// ============================
-// Request / Response structures
-// ============================
-
-type ContentItem struct {
-	Type     string    `json:"type"`                // "text" or "image_url"
-	Text     string    `json:"text,omitempty"`      // for text type
-	ImageURL *ImageURL `json:"image_url,omitempty"` // for image_url type
-}
-
-type ImageURL struct {
-	URL string `json:"url"`
-}
-
-type requestPayload struct {
-	Model   string        `json:"model"`
-	Content []ContentItem `json:"content"`
-}
-
-type responsePayload struct {
-	ID string `json:"id"` // task_id
-}
-
-type responseTask struct {
-	ID      string `json:"id"`
-	Model   string `json:"model"`
-	Status  string `json:"status"`
-	Content struct {
-		VideoURL string `json:"video_url"`
-	} `json:"content"`
-	Seed            int    `json:"seed"`
-	Resolution      string `json:"resolution"`
-	Duration        int    `json:"duration"`
-	Ratio           string `json:"ratio"`
-	FramesPerSecond int    `json:"framespersecond"`
-	Usage           struct {
-		CompletionTokens int `json:"completion_tokens"`
-		TotalTokens      int `json:"total_tokens"`
-	} `json:"usage"`
-	CreatedAt int64 `json:"created_at"`
-	UpdatedAt int64 `json:"updated_at"`
-}
-
-// ============================
-// Adaptor implementation
-// ============================
-
-type TaskAdaptor struct {
-	ChannelType int
-	apiKey      string
-	baseURL     string
-}
-
-func (a *TaskAdaptor) Init(info *relaycommon.RelayInfo) {
-	a.ChannelType = info.ChannelType
-	a.baseURL = info.ChannelBaseUrl
-	a.apiKey = info.ApiKey
-}
-
-// ValidateRequestAndSetAction parses body, validates fields and sets default action.
-func (a *TaskAdaptor) ValidateRequestAndSetAction(c *gin.Context, info *relaycommon.RelayInfo) (taskErr *dto.TaskError) {
-	// Accept only POST /v1/video/generations as "generate" action.
-	return relaycommon.ValidateBasicTaskRequest(c, info, constant.TaskActionGenerate)
-}
-
-// BuildRequestURL constructs the upstream URL.
-func (a *TaskAdaptor) BuildRequestURL(info *relaycommon.RelayInfo) (string, error) {
-	return fmt.Sprintf("%s/api/v3/contents/generations/tasks", a.baseURL), nil
-}
-
-// BuildRequestHeader sets required headers.
-func (a *TaskAdaptor) BuildRequestHeader(c *gin.Context, req *http.Request, info *relaycommon.RelayInfo) error {
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Accept", "application/json")
-	req.Header.Set("Authorization", "Bearer "+a.apiKey)
-	return nil
-}
-
-// BuildRequestBody converts request into Doubao specific format.
-func (a *TaskAdaptor) BuildRequestBody(c *gin.Context, info *relaycommon.RelayInfo) (io.Reader, error) {
-	v, exists := c.Get("task_request")
-	if !exists {
-		return nil, fmt.Errorf("request not found in context")
-	}
-	req := v.(relaycommon.TaskSubmitReq)
-
-	body, err := a.convertToRequestPayload(&req)
-	if err != nil {
-		return nil, errors.Wrap(err, "convert request payload failed")
-	}
-	data, err := json.Marshal(body)
-	if err != nil {
-		return nil, err
-	}
-	return bytes.NewReader(data), nil
-}
-
-// DoRequest delegates to common helper.
-func (a *TaskAdaptor) DoRequest(c *gin.Context, info *relaycommon.RelayInfo, requestBody io.Reader) (*http.Response, error) {
-	return channel.DoTaskApiRequest(a, c, info, requestBody)
-}
-
-// DoResponse handles upstream response, returns taskID etc.
-func (a *TaskAdaptor) DoResponse(c *gin.Context, resp *http.Response, info *relaycommon.RelayInfo) (taskID string, taskData []byte, taskErr *dto.TaskError) {
-	responseBody, err := io.ReadAll(resp.Body)
-	if err != nil {
-		taskErr = service.TaskErrorWrapper(err, "read_response_body_failed", http.StatusInternalServerError)
-		return
-	}
-	_ = resp.Body.Close()
-
-	// Parse Doubao response
-	var dResp responsePayload
-	if err := json.Unmarshal(responseBody, &dResp); err != nil {
-		taskErr = service.TaskErrorWrapper(errors.Wrapf(err, "body: %s", responseBody), "unmarshal_response_body_failed", http.StatusInternalServerError)
-		return
-	}
-
-	if dResp.ID == "" {
-		taskErr = service.TaskErrorWrapper(fmt.Errorf("task_id is empty"), "invalid_response", http.StatusInternalServerError)
-		return
-	}
-
-	c.JSON(http.StatusOK, gin.H{"task_id": dResp.ID})
-	return dResp.ID, responseBody, nil
-}
-
-// FetchTask fetch task status
-func (a *TaskAdaptor) FetchTask(baseUrl, key string, body map[string]any) (*http.Response, error) {
-	taskID, ok := body["task_id"].(string)
-	if !ok {
-		return nil, fmt.Errorf("invalid task_id")
-	}
-
-	uri := fmt.Sprintf("%s/api/v3/contents/generations/tasks/%s", baseUrl, taskID)
-
-	req, err := http.NewRequest(http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	req.Header.Set("Accept", "application/json")
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Authorization", "Bearer "+key)
-
-	return service.GetHttpClient().Do(req)
-}
-
-func (a *TaskAdaptor) GetModelList() []string {
-	return ModelList
-}
-
-func (a *TaskAdaptor) GetChannelName() string {
-	return ChannelName
-}
-
-func (a *TaskAdaptor) convertToRequestPayload(req *relaycommon.TaskSubmitReq) (*requestPayload, error) {
-	r := requestPayload{
-		Model:   req.Model,
-		Content: []ContentItem{},
-	}
-
-	// Add text prompt
-	if req.Prompt != "" {
-		r.Content = append(r.Content, ContentItem{
-			Type: "text",
-			Text: req.Prompt,
-		})
-	}
-
-	// Add images if present
-	if req.HasImage() {
-		for _, imgURL := range req.Images {
-			r.Content = append(r.Content, ContentItem{
-				Type: "image_url",
-				ImageURL: &ImageURL{
-					URL: imgURL,
-				},
-			})
-		}
-	}
-
-	// TODO: Add support for additional parameters from metadata
-	// such as ratio, duration, seed, etc.
-	// metadata := req.Metadata
-	// if metadata != nil {
-	//     // Parse and apply metadata parameters
-	// }
-
-	return &r, nil
-}
-
-func (a *TaskAdaptor) ParseTaskResult(respBody []byte) (*relaycommon.TaskInfo, error) {
-	resTask := responseTask{}
-	if err := json.Unmarshal(respBody, &resTask); err != nil {
-		return nil, errors.Wrap(err, "unmarshal task result failed")
-	}
-
-	taskResult := relaycommon.TaskInfo{
-		Code: 0,
-	}
-
-	// Map Doubao status to internal status
-	switch resTask.Status {
-	case "pending", "queued":
-		taskResult.Status = model.TaskStatusQueued
-		taskResult.Progress = "10%"
-	case "processing":
-		taskResult.Status = model.TaskStatusInProgress
-		taskResult.Progress = "50%"
-	case "succeeded":
-		taskResult.Status = model.TaskStatusSuccess
-		taskResult.Progress = "100%"
-		taskResult.Url = resTask.Content.VideoURL
-		// 解析 usage 信息用于按倍率计费
-		taskResult.CompletionTokens = resTask.Usage.CompletionTokens
-		taskResult.TotalTokens = resTask.Usage.TotalTokens
-	case "failed":
-		taskResult.Status = model.TaskStatusFailure
-		taskResult.Progress = "100%"
-		taskResult.Reason = "task failed"
-	default:
-		// Unknown status, treat as processing
-		taskResult.Status = model.TaskStatusInProgress
-		taskResult.Progress = "30%"
-	}
-
-	return &taskResult, nil
-}
--- a/relay/channel/task/doubao/constants.go
+++ b/relay/channel/task/doubao/constants.go
@@ -1,9 +0,0 @@
-package doubao
-
-var ModelList = []string{
-	"doubao-seedance-1-0-pro-250528",
-	"doubao-seedance-1-0-lite-t2v",
-	"doubao-seedance-1-0-lite-i2v",
-}
-
-var ChannelName = "doubao-video"
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
t0ng7u	380e1b7d56	🔐 fix(oauth): stop authorize flow from bouncing to /console; respect `next` and redirect unauthenticated users to consent Problem - Starting OAuth from Discourse hit GET /api/oauth/authorize and 302’d to /login?next=/oauth/consent… - The login page and AuthRedirect always navigated to /console when a session existed, ignoring next, which aborted the OAuth flow and dropped users in the console. Changes - Backend (src/oauth/server.go) - When not logged in, redirect directly to /oauth/consent?<original_query> instead of /login?next=… - Keep no-store headers; preserve the original authorize querystring. - Frontend - web/src/helpers/auth.jsx: AuthRedirect now honors the login page’s next query param and only redirects to safe internal paths (starts with “/”, not “//”); otherwise falls back to /console. - web/src/components/auth/LoginForm.jsx: After successful login and after 2FA success, navigate to next when present and safe; otherwise go to /console. Result - The OAuth authorize flow now reliably reaches the consent screen. - On approval, the server issues an authorization code and 302’s back to the client’s redirect_uri (e.g., Discourse), completing SSO as expected. Security - Sanitize next to avoid open-redirects by allowing only same-origin internal paths. Compatibility - No behavior change for normal username/password sign-ins outside the OAuth flow. - No changes to token/userinfo endpoints. Testing - Manually verified end-to-end with Discourse OAuth2 Basic: - authorize → consent → approve → redirect with code - Lint checks pass for modified files.	2025-09-25 13:02:40 +08:00
t0ng7u	63828349de	🔐 fix(oauth2): initialize JWKS on first key creation; prevent nil panic and set current key Why - First-time “Initialize Keys” caused a nil pointer panic when adding the first JWK to a nil JWKS set. - As a result, the returned kid was missing and the first key appeared as “historical” until a second rotation. - Improve first-time UX: only show Key Management when the server is healthy and guide admins to the correct init flow. Backend (bug fix) - src/oauth/server.go - RotateSigningKey / GenerateAndPersistKey / ImportPEMKey: - If simpleJWKSSet is nil, create a new jwk.NewSet() before AddKey, otherwise AddKey as usual. - Ensure currentKeyID is updated; enforceKeyRetention remains unchanged. - This prevents the nil pointer panic, ensures the first key is added to JWKS, and is immediately the current key. Frontend (UX) - web/src/components/settings/oauth2/OAuth2ServerSettings.jsx - Show “Key Management” only when OAuth2 is enabled AND server is healthy (serverInfo present). - Refine the warning banner text to instruct: enable OAuth2 & SSO → Save configuration → Key Management → Initialize Keys. - web/src/components/settings/oauth2/modals/JWKSManagerModal.jsx - Dynamic primary action in “Key List” tab: - No keys → “Initialize Keys” - Has keys → “Rotate Keys” - Simplify error handling by relying on `message` + localized fallback. Notes - No API surface changes; functional bugfix plus UI/UX improvements. - Linting passed; no new warnings. Test plan 1) Start with OAuth2 enabled and no signing keys. 2) Open “Key Management” → click “Initialize Keys”. 3) Expect: success response with new kid; table shows the new kid as Current; JWKS endpoint returns the key; no server panic.	2025-09-23 05:08:51 +08:00
t0ng7u	5706f0ee9f	🌏 i18n: Improve i18n translation	2025-09-23 04:15:59 +08:00
t0ng7u	e9e1dbff5e	♻️ refactor: reorganize OAuth consent page structure - Move OAuth consent component to dedicated OAuth directory as index.jsx - Rename component export structure for better module organization - Update App.jsx import path to reflect new OAuth page structure - Maintain existing OAuth consent functionality while improving	2025-09-23 04:01:48 +08:00
t0ng7u	315eabc1e7	🎨 refactor(oauth2): merge modals and improve UI consistency This commit consolidates OAuth2 client management components and enhances the overall user experience with improved UI consistency. ### Major Changes: Component Consolidation: - Merge CreateOAuth2ClientModal.jsx and EditOAuth2ClientModal.jsx into OAuth2ClientModal.jsx - Extract inline Modal.info into dedicated ClientInfoModal.jsx component - Adopt consistent SideSheet + Card layout following EditTokenModal.jsx style UI/UX Improvements: - Replace custom client type selection with SemiUI RadioGroup component - Use 'card' type RadioGroup with descriptive 'extra' prop for better UX - Remove all Row/Col components in favor of flexbox and margin-based layouts - Refactor redirect URI section to mimic JSONEditor.jsx visual style - Add responsive design support for mobile devices Form Enhancements: - Add 'required' attributes to all mandatory form fields - Implement placeholders for grant types, scopes, and redirect URI inputs - Set grant types and scopes to default empty arrays - Add dynamic validation and conditional rendering for client types - Improve redirect URI management with template filling functionality Bug Fixes: - Fix SideSheet closing direction consistency between create/edit modes - Resolve client_type submission issue (object vs string) - Prevent "Client Credentials" selection for public clients - Fix grant type filtering when switching between client types - Resolve i18n issues for API scope options (api:read, api:write) Code Quality: - Extract RedirectUriCard as reusable sub-component - Add comprehensive internationalization support - Implement proper state management and form validation - Follow single responsibility principle for component separation Files Modified: - web/src/components/settings/oauth2/modals/OAuth2ClientModal.jsx - web/src/components/settings/oauth2/modals/ClientInfoModal.jsx (new) - web/src/components/settings/oauth2/OAuth2ClientSettings.jsx - web/src/i18n/locales/en.json Files Removed: - web/src/components/settings/oauth2/modals/CreateOAuth2ClientModal.jsx - web/src/components/settings/oauth2/modals/EditOAuth2ClientModal.jsx This refactoring significantly improves code maintainability, reduces duplication, and provides a more consistent and intuitive user interface for OAuth2 client management.	2025-09-23 03:49:53 +08:00
t0ng7u	359dbc9d94	✨ feat(oauth2): enhance JWKS manager modal with improved UX and i18n support - Refactor JWKSManagerModal with tab-based navigation using Card components - Add comprehensive i18n support with English translations for all text - Optimize header actions: refresh button only appears in key list tab - Improve responsive design using ResponsiveModal component - Move cautionary text from bottom to Card titles for better visibility - Update button styles: danger type for delete, circle shape for status tags - Standardize code formatting (single quotes, multiline formatting) - Enhance user workflow: separate Import PEM and Generate PEM operations - Remove redundant cancel buttons as modal already has close icon Breaking changes: None Affects: JWKS key management, OAuth2 settings UI	2025-09-23 01:16:17 +08:00
t0ng7u	e157ea6ba2	🎨 style(oauth2): modernize Empty component and clean up inline styles - Empty Component Enhancement: - Replace custom User icon with professional IllustrationNoResult from Semi Design - Add dark mode support with IllustrationNoResultDark component - Standardize illustration size to 150x150px for consistency - Add proper padding (30px) to match design system standards - Style Modernization: - Convert inline styles to Tailwind CSS classes where appropriate - Replace `style={{ marginBottom: 16 }}` with `className='mb-4'` - Remove redundant `style={{ marginTop: 8 }}` from Table component - Remove custom `style={{ marginTop: 16 }}` from pagination and button - Pagination Simplification: - Simplify showTotal configuration from custom function to boolean `true` - Remove unnecessary `size='small'` property from pagination - Clean up pagination styling for better consistency - Design System Alignment: - Ensure Empty component matches UsersTable styling patterns - Improve visual consistency across OAuth2 management interfaces - Follow Semi Design illustration guidelines for empty states - Code Quality: - Reduce inline style usage in favor of utility classes - Simplify component props where default behavior is sufficient - Maintain functionality while improving maintainability This update enhances visual consistency and follows modern React styling practices while maintaining all existing functionality.	2025-09-20 23:30:26 +08:00
t0ng7u	dc3dba0665	✨ enhance(oauth2): improve UI components and code display experience - Table Layout Optimization: - Remove description column from OAuth2 client table to save space - Add tooltip on client name hover to display full description - Adjust table scroll width from 1200px to 1000px for better layout - Improve client name column width to 180px for better readability - Action Button Simplification: - Replace icon-only buttons with text labels for better accessibility - Simplify Popconfirm content by removing complex styled layouts - Remove unnecessary Tooltip wrappers around action buttons - Clean up unused Lucide icon imports (Edit, Key, Trash2) - Code Display Enhancement: - Replace basic <pre> tags with CodeViewer component in modal dialogs - Add syntax highlighting for JSON content in ServerInfoModal and JWKSInfoModal - Implement copy-to-clipboard functionality for server info and JWKS data - Add performance optimization for large content display - Provide expandable/collapsible interface for better UX - Component Architecture: - Import and integrate CodeViewer component in both modal components - Set appropriate props: content, title, and language='json' - Maintain loading states and error handling functionality - Internationalization: - Add English translations for new UI elements: * '暂无描述': 'No description' * 'OAuth2 服务器配置': 'OAuth2 Server Configuration' * 'JWKS 密钥集': 'JWKS Key Set' - User Experience Improvements: - Enhanced tooltip interaction for description display - Better visual feedback with cursor-help styling - Improved code readability with professional dark theme - Consistent styling across all OAuth2 management interfaces This update focuses on UI/UX improvements while maintaining full functionality and adding modern code viewing capabilities to the OAuth2 management system.	2025-09-20 23:19:42 +08:00
t0ng7u	81272da9ac	♻️ refactor(oauth2): restructure OAuth2 client settings UI and extract modal components - UI Restructuring: - Separate client info into individual table columns (name, ID, description) - Replace icon-only action buttons with text labels for better UX - Adjust table scroll width from 1000px to 1200px for new column layout - Remove unnecessary Tooltip wrappers and Lucide icons (Edit, Key, Trash2) - Component Architecture: - Extract all modal dialogs into separate reusable components: * SecretDisplayModal.jsx - for displaying regenerated client secrets * ServerInfoModal.jsx - for OAuth2 server configuration info * JWKSInfoModal.jsx - for JWKS key set information - Simplify main component by removing ~60 lines of inline modal code - Implement proper state management for each modal component - Code Quality: - Remove unused imports and clean up component dependencies - Consolidate modal logic into dedicated components with error handling - Improve code maintainability and reusability across the application - Internationalization: - Add English translation for '客户端名称': 'Client Name' - Remove duplicate translation keys to fix linter warnings - Ensure all new components support full i18n functionality - User Experience: - Enhance table readability with dedicated columns for each data type - Maintain copyable client ID functionality in separate column - Improve action button accessibility with clear text labels - Add loading states and proper error handling in modal components This refactoring improves code organization, enhances user experience, and follows React best practices for component composition and separation of concerns.	2025-09-20 22:52:50 +08:00
t0ng7u	926cad87b3	📱 feat(oauth): implement responsive design for consent page - Add responsive layout for user info section with flex-col on mobile - Optimize button layout: vertical stack on mobile, horizontal on desktop - Implement mobile-first approach with sm: breakpoints throughout - Adjust container width: max-w-sm on mobile, max-w-lg on desktop - Enhance touch targets with larger buttons (size='large') on mobile - Improve content hierarchy with primary action button on top for mobile - Add responsive padding and spacing: px-3 sm:px-4, py-6 sm:py-8 - Optimize text sizing: text-sm sm:text-base for better mobile readability - Implement responsive gaps: gap-4 sm:gap-6 for icon spacing - Add break-all class for long URL text wrapping - Adjust meta info card spacing and dot separator sizing - Ensure consistent responsive padding across all content sections This update significantly improves the mobile user experience while maintaining the desktop layout, following mobile-first design principles with Tailwind CSS responsive utilities.	2025-09-20 17:45:58 +08:00
t0ng7u	418ce449b7	✨ feat(oauth): redesign consent page with GitHub-style UI and improved UX - Redesign OAuth consent page layout with centered card design - Implement GitHub-style authorization flow presentation - Add application popover with detailed information on hover - Replace generic icons with scope-specific icons (email, profile, admin, etc.) - Integrate i18n support for all hardcoded strings - Optimize permission display with encapsulated ScopeItem component - Improve visual hierarchy with Semi UI Divider components - Unify avatar sizes and implement dynamic color generation - Move action buttons and redirect info to card footer - Add separate meta information card for technical details - Remove redundant color styles to rely on Semi UI theming - Enhance user account section with clearer GitHub-style messaging - Replace dot separators with Lucide icons for better visual consistency - Add site logo with fallback mechanism for branding - Implement responsive design with Tailwind CSS utilities This redesign significantly improves the OAuth consent experience by following modern UI patterns and providing clearer information hierarchy for users.	2025-09-20 17:01:00 +08:00
Seefs	4a02ab23ce	rm env	2025-09-16 17:21:11 +08:00
Seefs	984097c60b	rm docs	2025-09-16 17:20:34 +08:00
Seefs	5550ec017e	feat: oauth2	2025-09-16 17:10:01 +08:00
Seefs	9e6752e0ee	Merge branch 'main-upstream' into feature/sso	2025-09-16 13:31:40 +08:00
Seefs	91a0eb7031	wip sso	2025-09-08 12:09:26 +08:00