Merge branch 'main' into test

# Conflicts: # backend/cmd/server/VERSION # backend/ent/migrate/schema.go # backend/ent/mutation.go # backend/ent/runtime/runtime.go # backend/ent/usagelog.go # backend/ent/usagelog/usagelog.go # backend/ent/usagelog/where.go # backend/ent/usagelog_create.go # backend/ent/usagelog_update.go # backend/internal/repository/usage_log_repo.go # backend/internal/server/api_contract_test.go # backend/internal/server/middleware/cors.go # backend/internal/service/gateway_service.go
2026-02-18 20:16:31 +08:00
parent 6577f2ef03 fad04ca995
commit 5d9667d27a
31 changed files with 668 additions and 32 deletions
--- a/backend/internal/server/middleware/cors.go
+++ b/backend/internal/server/middleware/cors.go
@@ -50,6 +50,19 @@ func CORS(cfg config.CORSConfig) gin.HandlerFunc {
 		}
 		allowedSet[origin] = struct{}{}
 	}
+	allowHeaders := []string{
+		"Content-Type", "Content-Length", "Accept-Encoding", "X-CSRF-Token", "Authorization",
+		"accept", "origin", "Cache-Control", "X-Requested-With", "X-API-Key",
+	}
+	// OpenAI Node SDK 会发送 x-stainless-* 请求头，需在 CORS 中显式放行。
+	openAIProperties := []string{
+		"lang", "package-version", "os", "arch", "retry-count", "runtime",
+		"runtime-version", "async", "helper-method", "poll-helper", "custom-poll-interval", "timeout",
+	}
+	for _, prop := range openAIProperties {
+		allowHeaders = append(allowHeaders, "x-stainless-"+prop)
+	}
+	allowHeadersValue := strings.Join(allowHeaders, ", ")

 	return func(c *gin.Context) {
 		origin := strings.TrimSpace(c.GetHeader("Origin"))
@@ -68,11 +81,10 @@ func CORS(cfg config.CORSConfig) gin.HandlerFunc {
 			if allowCredentials {
 				c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
 			}
-			c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With, X-API-Key")
+			c.Writer.Header().Set("Access-Control-Allow-Headers", allowHeadersValue)
 			c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE, PATCH")
 			c.Writer.Header().Set("Access-Control-Max-Age", "86400")
 		}
-
 		// 处理预检请求
 		if c.Request.Method == http.MethodOptions {
 			if originAllowed {