sub2api

mirror of https://github.com/Wei-Shaw/sub2api.git synced 2026-03-30 14:30:48 +00:00

Author	SHA1	Message	Date
erio	50a8116ae9	fix: update SecurityHeaders call sites to match new signature	2026-03-03 06:37:50 +08:00
erio	bf6fe5e962	fix: custom menu security hardening and code quality improvements - Add admin menu permission check in CustomPageView (visibility + role) - Sanitize SVG content with DOMPurify before v-html rendering (XSS prevention) - Decouple router.go from dto package using anonymous struct - Consolidate duplicate parseCustomMenuItems into dto.ParseCustomMenuItems - Enhance menu item validation (count, length, ID uniqueness limits) - Add audit logging for purchase_subscription and custom_menu_items changes - Update API contract test to include custom_menu_items field Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-03 06:23:56 +08:00
erio	e4f8799323	fix: include custom_menu_items in GetPublicSettingsForInjection	2026-03-03 06:21:23 +08:00
erio	1f95524996	feat: ImageUpload component, custom page title, sidebar menu order	2026-03-03 06:20:10 +08:00
erio	a50d5d351b	fix: replace curly quotes with straight quotes in domain_constants.go Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-03 06:18:35 +08:00
erio	067810fa98	feat: custom menu pages with iframe embedding and CSP injection Add configurable custom menu items that appear in sidebar, each rendering an iframe-embedded external page. Includes shared URL builder with src_host/src_url tracking, CSP frame-src multi-origin deduplication, admin settings UI, and i18n support. chore: bump version to 0.1.87.19 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-03 06:18:20 +08:00
QTom	a9285b8a94	feat(gateway): 双模式用户消息队列 — 串行队列 + 软性限速新增 UMQ (User Message Queue) 双模式支持: - serialize: 账号级分布式串行锁 + RPM 自适应延迟（严格限流） - throttle: 仅 RPM 自适应前置延迟，不阻塞并发（软性限速）后端: - config: 新增 Mode 字段，保留 Enabled 向后兼容 - service: 新增 UserMessageQueueService（Lua 锁/延迟算法/清理 worker） - repository: 新增 UserMsgQueueCache（Redis Lua acquire/release/force-release） - handler: 新增 UserMsgQueueHelper（SSE ping + 等待循环 + throttle） - gateway: 按 mode 分支集成 serialize/throttle 逻辑 - lint: 修复 gofmt rewrite rules、errcheck 类型断言、staticcheck QF1012 前端: - 三态选择器 UI（关闭/软性限速/串行队列）替代 toggle 开关 - BulkEdit 支持 null 语义（不修改） - i18n 中英文文案通过 6 轮专家评审（42 次 review）、golangci-lint、单元测试、集成测试。	2026-03-03 01:05:11 +08:00
zqq61	ec6bcfeb83	fix: OAuth 401 不再永久锁死账号，改用临时不可调度实现自动恢复 OAuth 账号收到 401 时，原逻辑同时设置 expires_at=now() 和 SetError()，但刷新服务只查询 status=active 的账号，导致 error 状态的账号永远无法被刷新服务拾取，expires_at=now() 实际上是死代码。修复: - OAuth 401 使用 SetTempUnschedulable 替代 SetError，保持 status=active - 新增 oauth_401_cooldown_minutes 配置项（默认 10 分钟） - 刷新成功后同步清除 DB 和 Redis 中的临时不可调度状态 - 不可重试错误检查(invalid_grant 等)从 Antigravity 推广到所有平台 - 可重试错误耗尽后不再标记 error，下个刷新周期继续重试恢复流程: OAuth 401 → temp_unschedulable + expires_at=now → 刷新服务拾取 → 成功: 清除 temp_unschedulable → 自动恢复 → invalid_grant: SetError → 永久禁用 → 网络错误: 仅记日志 → 下周期重试	2026-03-02 22:54:38 +08:00
Wesley Liddick	7abec1888f	Merge pull request #712 from DaydreamCoding/feat/proxy-failfast-proxyurl feat(proxy): 集中代理 URL 验证并实现全局 fail-fast	2026-03-02 16:52:22 +08:00
QTom	fdcbf7aacf	feat(proxy): 集中代理 URL 验证并实现全局 fail-fast 提取 proxyurl.Parse() 公共包，将分散在 6 处的代理 URL 验证逻辑统一收敛，确保无效代理配置在创建时立即失败，永不静默回退直连。主要变更： - 新增 proxyurl 包：统一 TrimSpace → url.Parse → Host 校验 → Scheme 白名单 - socks5:// 自动升级为 socks5h://，防止 DNS 泄漏（大小写不敏感） - antigravity: http.ProxyURL → proxyutil.ConfigureTransportProxy 支持 SOCKS5 - openai_oauth: 删除 newOpenAIOAuthHTTPClient，收编至 httpclient.GetClient - 移除未使用的 ProxyStrict 字段（fail-fast 已是全局默认行为） - 补充 15 个 proxyurl 测试 + pricing/usage fail-fast 测试	2026-03-02 16:04:20 +08:00
Wesley Liddick	445bfdf242	Merge pull request #706 from PMExtra/feat/default-subscriptions-on-user-create feat(settings): add default subscriptions for new users	2026-03-02 11:38:26 +08:00
PMExtra	0fba1901c8	fix(ci): fix backend unit test constructor arg and gofmt issues	2026-03-02 10:54:14 +08:00
Wesley Liddick	fc5b9c8235	Merge pull request #705 from DaydreamCoding/feat/fingerprint-ttl-lazy-renewal feat(identity): 指纹缓存 TTL 懒续期机制	2026-03-02 08:33:23 +08:00
Wesley Liddick	f490f44501	Merge pull request #699 from geminiwen/fix/dashboard-tooltip-token-sort fix(dashboard): sort recent usage tooltip labels by token consumption	2026-03-02 08:33:00 +08:00
PMExtra	7e02082209	feat(settings): add default subscriptions for new users - add default subscriptions to admin settings - auto-assign subscriptions on register and admin user creation - add validation/tests and align settings UI with subscription selector patterns	2026-03-02 03:59:31 +08:00
erio	1e03b2974a	chore: bump version to 0.1.87.18	2026-03-02 01:23:12 +08:00
erio	daa7c783b9	fix(csp): add timeout ctx, preserve cache on error, validate scheme in extractOrigin	2026-03-02 01:15:29 +08:00
QTom	d869ac95fa	feat(identity): 指纹缓存 TTL 懒续期机制 - TTL 改为 7 天，配合 24 小时自动续期保持活跃账号永不过期 - 版本升级时采用合并语义，仅更新请求中实际存在的字段 - 添加产品名验证防止浏览器 UA 误判为更新版本	2026-03-02 01:12:41 +08:00
erio	8a82a2a648	feat(csp): auto-inject purchase_subscription_url origin into frame-src	2026-03-02 00:19:25 +08:00
Gemini Wen	5c856460a6	fix(dashboard): sort recent usage tooltip labels by token consumption	2026-03-01 23:21:45 +08:00
Wesley Liddick	3613695f91	Merge pull request #697 from DaydreamCoding/feat/proxy-password-visibility feat(admin): 代理密码可见性 + 复制代理 URL 功能	2026-03-01 22:21:30 +08:00
QTom	8fb7d476b8	feat(admin): 代理密码可见性 + 复制代理 URL 功能 - 新增 AdminProxy / AdminProxyWithAccountCount DTO，遵循项目 Admin DTO 分层模式 - Proxy.Password 恢复 json:"-" 隐藏，ProxyFromService 不再赋值密码（纵深防御） - 管理员接口使用 ProxyFromServiceAdmin / ProxyWithAccountCountFromServiceAdmin - 前端代理列表新增 Auth 列：显示用户名 + 掩码密码 + 眼睛图标切换可见性 - Address 列新增复制按钮：左键复制完整 URL，右键选择格式 - 编辑模态框密码预填充 + 脏标记，避免误更新	2026-03-01 21:29:31 +08:00
Wesley Liddick	dd8df483cd	Merge pull request #696 from touwaeriol/feat/group-usage-distribution-chart feat(dashboard): add group usage distribution chart to usage page	2026-03-01 20:35:58 +08:00
erio	c3ac68af2a	chore: bump version to 0.1.87.16	2026-03-01 20:14:48 +08:00
erio	65459a99b6	feat(dashboard): add group usage distribution chart to usage page Add a doughnut chart showing usage statistics broken down by group on the admin usage records page. The chart appears alongside the existing model distribution chart (2-column grid), with the token usage trend chart moved to a separate full-width row below. Changes: - backend/pkg/usagestats: add GroupStat type - backend/service: add GetGroupStatsWithFilters interface method and implementation - backend/repository: implement GetGroupStatsWithFilters with LEFT JOIN groups - backend/handler: add GetGroupStats handler with full filter support - backend/routes: register GET /admin/dashboard/groups route - backend/tests: add GetGroupStatsWithFilters stubs to contract/sora tests - frontend/types: add GroupStat interface - frontend/api: add getGroupStats API function and types - frontend/components: add GroupDistributionChart.vue doughnut chart - frontend/views: update UsageView layout and load group stats in parallel - frontend/i18n: add groupDistribution, group, noGroup keys (zh + en)	2026-03-01 20:10:51 +08:00
erio	ec3897b981	docs: add PR description format to CLAUDE.md and sync to AGENTS.md	2026-03-01 19:59:03 +08:00
erio	62486cee37	chore: bump version to 0.1.87.15	2026-03-01 19:49:12 +08:00
erio	7c5746ffbc	feat(usage): add group usage distribution chart alongside model distribution - Add GroupStat type to usagestats package - Add GetGroupStatsWithFilters to UsageLogRepository interface and implement with LEFT JOIN groups - Add GetGroupStats dashboard API endpoint (GET /admin/dashboard/groups) - Add GroupDistributionChart.vue component mirroring ModelDistributionChart - Rearrange UsageView layout: model + group in one row, token trend full-width below - All filters (user, api_key, account, group, model, date range) apply to group stats	2026-03-01 19:49:01 +08:00
Wesley Liddick	2129584fd6	Merge pull request #695 from geminiwen/fix/group-limit-clear-on-unlimited-pr fix(group): clear nullable limit fields on update	2026-03-01 19:25:01 +08:00
Wesley Liddick	2da9c216c3	Merge pull request #694 from salmanmkc/upgrade-github-actions-node24-general Upgrade GitHub Actions to latest versions	2026-03-01 19:20:50 +08:00
Gemini Wen	c6e26c5a16	fix(group): clear nullable limit fields on update	2026-03-01 18:46:38 +08:00
Wesley Liddick	fd57fa4913	Merge pull request #690 from touwaeriol/pr/bulk-edit-mixed-channel-warning feat: add mixed-channel warning for bulk account edit	2026-03-01 18:25:05 +08:00
Wesley Liddick	8c4d22b3f9	Merge pull request #685 from touwaeriol/pr/admin-create-and-redeem-docs feat(admin): add create-and-redeem endpoint for payment integrations	2026-03-01 18:24:15 +08:00
Wesley Liddick	c221774c51	Merge pull request #693 from salmanmkc/upgrade-github-actions-node24 Upgrade GitHub Actions for Node 24 compatibility	2026-03-01 18:23:50 +08:00
erio	47f7b0213b	chore: bump version to 0.1.87.14	2026-03-01 18:16:41 +08:00
erio	8df42f7aab	refactor(docs): move integration doc to docs/ and add download link in settings - Move ADMIN_PAYMENT_INTEGRATION_API.md → docs/ADMIN_PAYMENT_INTEGRATION_API.md - Update README.md reference path - Add payment integration doc download link in admin settings UI (Purchase section) - Add i18n keys: integrationDoc / integrationDocHint (zh + en)	2026-03-01 18:14:43 +08:00
erio	d666e05a6d	refactor(purchase): use URL/searchParams only for purchase query merge	2026-03-01 18:14:43 +08:00
erio	c37edf2de5	docs+ui: add bilingual payment integration doc and rename purchase entry to recharge/subscription	2026-03-01 18:14:43 +08:00
erio	bb9af2465e	feat(frontend): append purchase query params and make integration doc bilingual	2026-03-01 18:14:14 +08:00
erio	7af00864b3	feat(admin): add create-and-redeem API and payment integration docs	2026-03-01 18:13:43 +08:00
erio	23686b1391	refactor(docs): move integration doc to docs/ and add download link in settings - Move ADMIN_PAYMENT_INTEGRATION_API.md → docs/ADMIN_PAYMENT_INTEGRATION_API.md - Update README.md reference path - Add payment integration doc download link in admin settings UI (Purchase section) - Add i18n keys: integrationDoc / integrationDocHint (zh + en)	2026-03-01 18:08:42 +08:00
Wesley Liddick	0fffba5423	Merge pull request #692 from DaydreamCoding/feat/CC_UA feat(gateway): 添加 Claude Code 客户端最低版本检查功能	2026-03-01 18:03:44 +08:00
Salman Muin Kayser Chishti	0e0eb747b5	Upgrade GitHub Actions to latest versions Signed-off-by: Salman Muin Kayser Chishti <13schishti@gmail.com>	2026-03-01 09:10:06 +00:00
Salman Muin Kayser Chishti	f6f8695a8e	Upgrade GitHub Actions for Node 24 compatibility Signed-off-by: Salman Muin Kayser Chishti <13schishti@gmail.com>	2026-03-01 09:10:02 +00:00
QTom	b2141a96e2	fix(ci): 修复 golangci-lint 和 API 合约测试失败 - 修复 errcheck: singleflight 返回值类型断言添加 ok 检查 - 修复 gofmt: 格式化 setting_service.go 和 claude_code_validator_test.go - 修复 TestAPIContracts: 在 GET /admin/settings 期望中添加 min_claude_code_version 字段	2026-03-01 16:39:21 +08:00
erio	81903e87e3	chore: bump version to 0.1.87.13	2026-03-01 16:37:12 +08:00
erio	0b96c7a65e	fix(auth): replace submit turnstile widget with VerifyTurnstileForRegister Port upstream's VerifyTurnstileForRegister which skips the duplicate Turnstile check when email verify flow is already completed, instead of requiring a second Turnstile widget on the verify page.	2026-03-01 16:34:14 +08:00
erio	34ccfe45ea	chore: bump version to 0.1.87.12	2026-03-01 15:59:29 +08:00
erio	d4231150a9	fix: add groupExistenceBatchReader interface and update test stub for release branch compatibility	2026-03-01 15:53:45 +08:00
erio	2268e93aec	fix: remove unused preload/snapshot functions and fix gofmt	2026-03-01 15:49:26 +08:00

... 5 6 7 8 9 ...

2312 Commits