huangzhenpc/sub2api-ht
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cf2d5067c335baea60687deb91d8ffc8057486d5
sub2api-ht/backend/internal/handler
History
Michael-Jetson cf2d5067c3 fix(security): add JWT auth + visibility check to pages API 
- GET /pages/:slug now requires JWT + checks custom_menu_items visibility
- GET /pages (list) is admin-only
- GET /pages/:slug/images/* uses visibility check without JWT (browser
  img tags cannot carry auth headers), blocks admin-only page images
- Frontend fetch adds Authorization header from authStore.token
- settingService nil guard changed to fail-closed (deny access)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-05 07:00:08 -07:00
..
admin
feat: add redeem code affiliate rebate, batch concurrency API, and markdown page rendering
2026-05-05 06:44:37 -07:00
dto
feat: add redeem code affiliate rebate, batch concurrency API, and markdown page rendering
2026-05-05 06:44:37 -07:00
announcement_handler.go
api_key_handler.go
auth_current_user_test.go
fix(profile): stabilize identity binding management
2026-04-22 13:19:28 +08:00
auth_handler.go
feat: add affiliate invite rebate flow and admin rebate-rate setting
2026-04-24 22:22:26 +08:00
auth_linuxdo_oauth_test.go
fix(auth): harden oauth identity upgrade paths
2026-04-22 14:56:56 +08:00
auth_linuxdo_oauth.go
feat(affiliate): 完善邀请返利系统
2026-04-26 12:42:35 +08:00
auth_oauth_logout_test.go
fix(auth): harden pending oauth and backend mode flows
2026-04-22 12:30:00 +08:00
auth_oauth_pending_flow_test.go
feat: add redeem code affiliate rebate, batch concurrency API, and markdown page rendering
2026-05-05 06:44:37 -07:00
auth_oauth_pending_flow.go
feat(affiliate): 完善邀请返利系统
2026-04-26 12:42:35 +08:00
auth_oauth_test_helpers_test.go
fix(auth): harden oauth callback adoption flows
2026-04-22 13:19:20 +08:00
auth_oidc_oauth_test.go
fix(auth): harden oauth identity upgrade paths
2026-04-22 14:56:56 +08:00
auth_oidc_oauth.go
feat(affiliate): 完善邀请返利系统
2026-04-26 12:42:35 +08:00
auth_session_revocation_test.go
refactor(affiliate): tighten DI and harden inviter code validation
2026-04-25 08:44:18 +08:00
auth_wechat_oauth_test.go
refactor(affiliate): tighten DI and harden inviter code validation
2026-04-25 08:44:18 +08:00
auth_wechat_oauth.go
feat(affiliate): 完善邀请返利系统
2026-04-26 12:42:35 +08:00
available_channel_handler_test.go
feat(channels): themed model popover + group-badge with rate, subscription & exclusivity
2026-04-21 21:44:34 +08:00
available_channel_handler.go
feat(channels): themed model popover + group-badge with rate, subscription & exclusivity
2026-04-21 21:44:34 +08:00
channel_monitor_user_handler.go
endpoint_test.go
feat(openai): 同步生图 API 支持并接入图片计费调度
2026-04-22 12:30:08 +08:00
endpoint.go
feat(openai): 同步生图 API 支持并接入图片计费调度
2026-04-22 12:30:08 +08:00
failover_loop_test.go
failover_loop.go
gateway_handler_billing_error_test.go
feat(rpm): RPM 限流模块优化
2026-04-23 16:34:37 +08:00
gateway_handler_chat_completions.go
feat(rpm): RPM 限流模块优化
2026-04-23 16:34:37 +08:00
gateway_handler_error_fallback_test.go
gateway_handler_intercept_test.go
gateway_handler_responses.go
feat(rpm): RPM 限流模块优化
2026-04-23 16:34:37 +08:00
gateway_handler_stream_failover_test.go
gateway_handler_warmup_intercept_unit_test.go
fix(scheduler): resolve SetSnapshot race conditions and remove usage throttle
2026-04-29 22:48:39 +08:00
gateway_handler.go
fix: improve sticky session scheduling
2026-04-30 11:38:11 +08:00
gateway_helper_backoff_test.go
gateway_helper_fastpath_test.go
gateway_helper_hotpath_test.go
gateway_helper_test.go
gateway_helper.go
gemini_cli_session_test.go
gemini_v1beta_handler_test.go
gemini_v1beta_handler.go
feat(rpm): RPM 限流模块优化
2026-04-23 16:34:37 +08:00
handler.go
feat(affiliate): add feature toggle and per-user custom invite settings
2026-04-25 20:22:07 +08:00
idempotency_helper_test.go
idempotency_helper.go
image_concurrency_limiter_test.go
feat: add OpenAI image generation controls
2026-05-05 03:26:54 +08:00
image_concurrency_limiter.go
feat: add OpenAI image generation controls
2026-05-05 03:26:54 +08:00
logging.go
openai_chat_completions.go
feat: add OpenAI image generation controls
2026-05-05 03:26:54 +08:00
openai_gateway_compact_log_test.go
fix(openai): bump codex CLI version from 0.104.0 to 0.125.0
2026-04-25 05:26:33 +00:00
openai_gateway_endpoint_normalization_test.go
openai_gateway_handler_test.go
feat: improve OpenAI messages compatibility for Claude Code
2026-05-05 19:36:33 +08:00
openai_gateway_handler.go
feat: improve OpenAI messages compatibility for Claude Code
2026-05-05 19:36:33 +08:00
openai_images_controls_test.go
feat: add OpenAI image generation controls
2026-05-05 03:26:54 +08:00
openai_images.go
feat: add OpenAI image generation controls
2026-05-05 03:26:54 +08:00
ops_error_logger_test.go
ops_error_logger.go
feat(openai): 同步生图 API 支持并接入图片计费调度
2026-04-22 12:30:08 +08:00
page_handler.go
fix(security): add JWT auth + visibility check to pages API
2026-05-05 07:00:08 -07:00
payment_handler_resume_test.go
refactor(affiliate): tighten DI and harden inviter code validation
2026-04-25 08:44:18 +08:00
payment_handler.go
fix(payment): restore public resume and result flows
2026-04-22 11:17:23 +08:00
payment_webhook_handler_test.go
test(payment): cover ErrOrderNotFound sentinel contract
2026-04-23 19:22:43 +08:00
payment_webhook_handler.go
fix(payment): ack unknown-order webhooks with 2xx to stop provider retries
2026-04-23 18:33:28 +08:00
redeem_handler.go
request_body_limit_test.go
request_body_limit.go
setting_handler_public_test.go
feat(settings): support dual-mode wechat oauth defaults
2026-04-21 20:36:10 +08:00
setting_handler.go
feat(affiliate): add feature toggle and per-user custom invite settings
2026-04-25 20:22:07 +08:00
subscription_handler.go
totp_handler.go
usage_handler_request_type_test.go
usage_handler_sort_test.go
usage_handler.go
usage_record_submit_task_test.go
feat: add OpenAI image generation controls
2026-05-05 03:26:54 +08:00
user_handler_test.go
feat: add redeem code affiliate rebate, batch concurrency API, and markdown page rendering
2026-05-05 06:44:37 -07:00
user_handler.go
refactor(affiliate): tighten DI and harden inviter code validation
2026-04-25 08:44:18 +08:00
user_msg_queue_helper.go
wire.go
feat(affiliate): add feature toggle and per-user custom invite settings
2026-04-25 20:22:07 +08:00