diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml
new file mode 100644
index 00000000..67c8d6e9
--- /dev/null
+++ b/.github/workflows/cla.yml
@@ -0,0 +1,59 @@
+name: "CLA Assistant"
+
+on:
+ issue_comment:
+ types: [created]
+ pull_request_target:
+ types: [opened, reopened, closed, synchronize]
+
+permissions:
+ actions: write
+ contents: write
+ pull-requests: write
+ statuses: write
+
+jobs:
+ cla-check:
+ if: |
+ github.event_name == 'issue_comment' ||
+ (github.event_name == 'pull_request_target' && github.event.action != 'closed')
+ runs-on: ubuntu-latest
+ steps:
+ - name: "CLA Assistant"
+ if: |
+ (github.event.comment.body == 'recheck' ||
+ github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') ||
+ github.event_name == 'pull_request_target'
+ uses: contributor-assistant/github-action@v2.6.1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ path-to-signatures: "cla.json"
+ path-to-document: "https://github.com/Wei-Shaw/sub2api/blob/main/CLA.md"
+ branch: "cla-signatures"
+ allowlist: "dependabot[bot],renovate[bot],bot*"
+ lock-pullrequest-aftermerge: false
+ custom-notsigned-prcomment: |
+ Thank you for your contribution! Before we can merge this PR, we need $you to sign our [Contributor License Agreement (CLA)](https://github.com/Wei-Shaw/sub2api/blob/main/CLA.md).
+
+ **To sign**, please reply with the following comment:
+
+ > I have read the CLA Document and I hereby sign the CLA
+
+ You only need to sign once — it will be valid for all your future contributions to this project.
+ custom-pr-sign-comment: "I have read the CLA Document and I hereby sign the CLA"
+ custom-allsigned-prcomment: "All contributors have signed the CLA. ✅"
+
+ cla-lock:
+ if: github.event_name == 'pull_request_target' && github.event.action == 'closed' && github.event.pull_request.merged == true
+ runs-on: ubuntu-latest
+ steps:
+ - name: "Lock merged PR"
+ uses: contributor-assistant/github-action@v2.6.1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ path-to-signatures: "cla.json"
+ path-to-document: "https://github.com/Wei-Shaw/sub2api/blob/main/CLA.md"
+ branch: "cla-signatures"
+ lock-pullrequest-aftermerge: true
diff --git a/CLA.md b/CLA.md
new file mode 100644
index 00000000..ed0d74b8
--- /dev/null
+++ b/CLA.md
@@ -0,0 +1,73 @@
+# Sub2API Individual Contributor License Agreement (v1.0)
+
+Thank you for your interest in contributing to Sub2API ("the Project"). This Contributor License Agreement ("Agreement") documents the rights granted by contributors to the Project.
+
+By signing this Agreement, you accept and agree to the following terms and conditions for your present and future contributions submitted to the Project.
+
+## 1. Definitions
+
+- **"You" (or "Your")** means the copyright owner or legal entity authorized by the copyright owner that is making this Agreement.
+- **"Contribution"** means any original work of authorship, including any modifications or additions to an existing work, that is intentionally submitted by You to the Project for inclusion in, or documentation of, any of the products owned or managed by the Project. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Project or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Project for the purpose of discussing and improving the Project, but excluding communication that is conspicuously marked or otherwise designated in writing by You as "Not a Contribution."
+- **"Project Owner"** means Wesley Liddick, or any individual or legal entity to whom Wesley Liddick has explicitly assigned or transferred ownership of the Project in writing, and their respective successors and assigns.
+
+## 2. Grant of Copyright License
+
+Subject to the terms and conditions of this Agreement, You hereby grant to the Project Owner a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Your Contributions and such derivative works. This license includes, without limitation, the right to sublicense, assign, and transfer these rights to any third party, including without limitation any successor, assignee, or acquiring entity of the Project or the Project Owner, and to use Your Contributions under any license, including proprietary or commercial licenses.
+
+## 3. Moral Rights
+
+To the fullest extent permitted by applicable law, You irrevocably waive and agree not to assert any moral rights (including rights of attribution and integrity) that You may have in Your Contributions, and agree that the Project Owner and its licensees may use, modify, and distribute Your Contributions without attribution or other obligations arising from moral rights.
+
+## 4. Grant of Patent License
+
+Subject to the terms and conditions of this Agreement, You hereby grant to the Project Owner a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer Your Contributions, where such license applies only to those patent claims licensable by You that are necessarily infringed by Your Contribution(s) alone or by combination of Your Contribution(s) with the Project to which such Contribution(s) was submitted.
+
+## 5. Representations and Warranties
+
+You represent and warrant that:
+
+(a) You are legally entitled to grant the above licenses.
+
+(b) If Your employer(s) has rights to intellectual property that You create that includes Your Contributions, You have received permission to make Contributions on behalf of that employer, or that Your employer has waived such rights for Your Contributions to the Project.
+
+(c) Each of Your Contributions is Your original creation, or You have sufficient rights to submit it under the terms of this Agreement. You agree to provide, upon request, reasonable documentation or explanation of any third-party materials included in Your Contributions.
+
+## 6. No Warranty
+
+Your Contributions are provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are not expected to provide support for Your Contributions, except to the extent You desire to provide support.
+
+## 7. No Obligation
+
+You understand that the decision to include Your Contribution in any product or project is entirely at the discretion of the Project Owner, and this Agreement does not obligate the Project Owner to use Your Contribution.
+
+## 8. Retention of Rights
+
+You retain ownership of the copyright in Your Contributions. This Agreement does not transfer any copyright or other intellectual property rights from You to the Project Owner. This Agreement only grants the licenses described above.
+
+## 9. Term and Termination
+
+This Agreement shall remain in effect indefinitely. You may terminate this Agreement prospectively by providing written notice to the Project Owner, but such termination shall not affect the licenses granted for Contributions submitted prior to the effective date of termination. The licenses granted herein for Contributions submitted prior to termination are perpetual and irrevocable.
+
+## 10. Electronic Signature
+
+You agree that Your electronic signature (including but not limited to typing a specific phrase in a pull request, issue, or other electronic communication) is legally binding and has the same force and effect as a handwritten signature. You consent to the use of electronic means to enter into this Agreement and acknowledge that this Agreement is enforceable as if executed in a traditional written format.
+
+## 11. General Provisions
+
+**Entire Agreement.** This Agreement constitutes the entire agreement between You and the Project Owner with respect to Your Contributions and supersedes all prior or contemporaneous understandings regarding such subject matter.
+
+**Severability.** If any provision of this Agreement is held to be unenforceable or invalid, that provision will be enforced to the maximum extent possible and the remaining provisions will remain in full force and effect.
+
+**No Waiver.** The failure of the Project Owner to enforce any provision of this Agreement shall not constitute a waiver of that provision or any other provision.
+
+**Amendment.** This Agreement may only be modified by a written instrument signed by both parties. Modifications to this Agreement apply only to Contributions submitted after the modified Agreement is published and accepted by You. Prior Contributions remain governed by the version of the Agreement in effect at the time of submission.
+
+**Notification.** Notices under this Agreement shall be sent to the Project Owner via a GitHub issue on the Project repository. Notices are effective upon receipt.
+
+---
+
+**By signing this CLA, you acknowledge that you have read and understood this Agreement and agree to be bound by its terms.**
+
+To sign, reply in the pull request with:
+
+> I have read the CLA Document and I hereby sign the CLA
diff --git a/LICENSE b/LICENSE
index 7a94ca9d..153d416d 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,21 +1,165 @@
-MIT License
+ GNU LESSER GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
-Copyright (c) 2025 Wesley Liddick
+ Copyright (C) 2007 Free Software Foundation, Inc. Huge thanks to BmoPlus for sponsoring this project! BmoPlus is a highly reliable AI account provider built strictly for heavy AI users and developers. They offer rock-solid, ready-to-use accounts and official top-up services for ChatGPT Plus / ChatGPT Pro (Full Warranty) / Claude Pro / Super Grok / Gemini Pro. By registering and ordering through BmoPlus - Premium AI Accounts & Top-ups , users can unlock the mind-blowing rate of 10% of the official GPT subscription price (90% OFF)
+
+Thanks to Bestproxy for sponsoring this project! Bestproxy provides high-purity residential IPs with dedicated one-IP-per-account support. By combining real home networks with fingerprint isolation, it enables link environment isolation and reduces the probability of association-based risk control.
+
+
## Ecosystem
@@ -618,7 +623,9 @@ sub2api/
## License
-MIT License
+This project is licensed under the [GNU Lesser General Public License v3.0](LICENSE) (or later).
+
+Copyright (c) 2026 Wesley Liddick
---
diff --git a/README_CN.md b/README_CN.md
index c701372c..add32a17 100644
--- a/README_CN.md
+++ b/README_CN.md
@@ -95,6 +95,11 @@ Sub2API 是一个 AI API 网关平台,用于分发和管理 AI 产品订阅的
感谢 BmoPlus 赞助了本项目!BmoPlus 是一家专为AI订阅重度用户打造的可靠 AI 账号代充服务商,提供稳定的 ChatGPT Plus / ChatGPT Pro(全程质保) / Claude Pro / Super Grok / Gemini Pro 的官方代充&成品账号。 通过BmoPlus AI成品号专卖/代充 注册下单的用户,可享GPT 官网订阅一折 的震撼价格!
+
+感谢 Bestproxy 赞助了本项目!Bestproxy 是一家提供高纯度住宅IP,支持一号一IP独享,结合真实家庭网络与指纹隔离,可实现链路环境隔离,降低关联风控概率。
+
+
## 生态项目
@@ -679,7 +684,9 @@ sub2api/
## 许可证
-MIT License
+本项目基于 [GNU 宽通用公共许可证 v3.0](LICENSE)(或更高版本)授权。
+
+Copyright (c) 2026 Wesley Liddick
---
diff --git a/README_JA.md b/README_JA.md
index 0d4db616..ccd595b9 100644
--- a/README_JA.md
+++ b/README_JA.md
@@ -95,6 +95,11 @@ Sub2API は、AI 製品のサブスクリプションから API クォータを
本プロジェクトにご支援いただいた BmoPlus に感謝いたします!BmoPlusは、AIサブスクリプションのヘビーユーザー向けに特化した信頼性の高いAIアカウントサービスプロバイダーであり、安定した ChatGPT Plus / ChatGPT Pro (完全保証) / Claude Pro / Super Grok / Gemini Pro の公式代行チャージおよび即納アカウントを提供しています。こちらのBmoPlus AIアカウント専門店/代行チャージ 経由でご登録・ご注文いただいたユーザー様は、GPTを 公式サイト価格の約1割(90% OFF) という驚異的な価格でご利用いただけます!
+
+Bestproxy のご支援に感謝します!Bestproxy は高純度の住宅IPを提供し、1アカウント1IP専有をサポートしています。実際の家庭ネットワークとフィンガープリント分離を組み合わせることで、リンク環境の分離を実現し、関連付けによるリスク管理の確率を低減します。
+
+
## エコシステム
@@ -617,7 +622,9 @@ sub2api/
## ライセンス
-MIT License
+本プロジェクトは [GNU Lesser General Public License v3.0](LICENSE)(またはそれ以降のバージョン)の下でライセンスされています。
+
+Copyright (c) 2026 Wesley Liddick
---
diff --git a/assets/partners/logos/bestproxy.png b/assets/partners/logos/bestproxy.png
new file mode 100644
index 00000000..87c58670
Binary files /dev/null and b/assets/partners/logos/bestproxy.png differ
diff --git a/backend/internal/config/config.go b/backend/internal/config/config.go
index 6136e9ea..44bc5c9f 100644
--- a/backend/internal/config/config.go
+++ b/backend/internal/config/config.go
@@ -52,6 +52,11 @@ const (
ConnectionPoolIsolationAccountProxy = "account_proxy"
)
+// DefaultUpstreamResponseReadMaxBytes 上游非流式响应体的默认读取上限。
+// 128 MB 可容纳 2-3 张 4K PNG(base64 膨胀 33%,单张 4K PNG 最坏约 67MB base64)。
+// 可通过 gateway.upstream_response_read_max_bytes 配置项覆盖。
+const DefaultUpstreamResponseReadMaxBytes int64 = 128 * 1024 * 1024
+
type Config struct {
Server ServerConfig `mapstructure:"server"`
Log LogConfig `mapstructure:"log"`
@@ -1407,7 +1412,7 @@ func setDefaults() {
viper.SetDefault("gateway.antigravity_fallback_cooldown_minutes", 1)
viper.SetDefault("gateway.antigravity_extra_retries", 10)
viper.SetDefault("gateway.max_body_size", int64(256*1024*1024))
- viper.SetDefault("gateway.upstream_response_read_max_bytes", int64(8*1024*1024))
+ viper.SetDefault("gateway.upstream_response_read_max_bytes", DefaultUpstreamResponseReadMaxBytes)
viper.SetDefault("gateway.proxy_probe_response_read_max_bytes", int64(1024*1024))
viper.SetDefault("gateway.gemini_debug_response_headers", false)
viper.SetDefault("gateway.connection_pool_isolation", ConnectionPoolIsolationAccountProxy)
diff --git a/backend/internal/handler/payment_handler.go b/backend/internal/handler/payment_handler.go
index 0fba4726..16b25355 100644
--- a/backend/internal/handler/payment_handler.go
+++ b/backend/internal/handler/payment_handler.go
@@ -215,7 +215,10 @@ type CreateOrderRequest struct {
PaymentSource string `json:"payment_source"`
OrderType string `json:"order_type"`
PlanID int64 `json:"plan_id"`
- IsMobile *bool `json:"is_mobile,omitempty"`
+ // IsMobile lets the frontend declare its mobile status directly. When
+ // nil we fall back to User-Agent heuristics (which miss iPadOS / some
+ // embedded browsers that strip the "Mobile" keyword).
+ IsMobile *bool `json:"is_mobile,omitempty"`
}
// CreateOrder creates a new payment order.
@@ -247,7 +250,6 @@ func (h *PaymentHandler) CreateOrder(c *gin.Context) {
if req.IsMobile != nil {
mobile = *req.IsMobile
}
-
result, err := h.paymentService.CreateOrder(c.Request.Context(), service.CreateOrderRequest{
UserID: subject.UserID,
Amount: req.Amount,
diff --git a/backend/internal/payment/crypto.go b/backend/internal/payment/crypto.go
index e39e957f..0581469d 100644
--- a/backend/internal/payment/crypto.go
+++ b/backend/internal/payment/crypto.go
@@ -10,12 +10,20 @@ import (
"strings"
)
+// AES256KeySize is the required key length (in bytes) for AES-256-GCM.
+const AES256KeySize = 32
+
// Encrypt encrypts plaintext using AES-256-GCM with the given 32-byte key.
// The output format is "iv:authTag:ciphertext" where each component is base64-encoded,
// matching the Node.js crypto.ts format for cross-compatibility.
+//
+// Deprecated: payment provider configs are now stored as plaintext JSON.
+// This function is kept only for seeding legacy ciphertext in tests and for
+// the transitional Decrypt fallback. Scheduled for removal after all live
+// deployments complete migration by re-saving their configs.
func Encrypt(plaintext string, key []byte) (string, error) {
- if len(key) != 32 {
- return "", fmt.Errorf("encryption key must be 32 bytes, got %d", len(key))
+ if len(key) != AES256KeySize {
+ return "", fmt.Errorf("encryption key must be %d bytes, got %d", AES256KeySize, len(key))
}
block, err := aes.NewCipher(key)
@@ -51,9 +59,14 @@ func Encrypt(plaintext string, key []byte) (string, error) {
// Decrypt decrypts a ciphertext string produced by Encrypt.
// The input format is "iv:authTag:ciphertext" where each component is base64-encoded.
+//
+// Deprecated: payment provider configs are now stored as plaintext JSON.
+// This function remains only as a read-path fallback for pre-migration
+// ciphertext records. Scheduled for removal once all deployments re-save
+// their provider configs through the admin UI.
func Decrypt(ciphertext string, key []byte) (string, error) {
- if len(key) != 32 {
- return "", fmt.Errorf("encryption key must be 32 bytes, got %d", len(key))
+ if len(key) != AES256KeySize {
+ return "", fmt.Errorf("encryption key must be %d bytes, got %d", AES256KeySize, len(key))
}
parts := strings.SplitN(ciphertext, ":", 3)
diff --git a/backend/internal/payment/load_balancer.go b/backend/internal/payment/load_balancer.go
index ddf792bb..41fd2c50 100644
--- a/backend/internal/payment/load_balancer.go
+++ b/backend/internal/payment/load_balancer.go
@@ -297,6 +297,9 @@ func (lb *DefaultLoadBalancer) buildSelection(selected *dbent.PaymentProviderIns
if err != nil {
return nil, fmt.Errorf("decrypt instance %d config: %w", selected.ID, err)
}
+ if config == nil {
+ config = map[string]string{}
+ }
if selected.PaymentMode != "" {
config["paymentMode"] = selected.PaymentMode
@@ -311,16 +314,36 @@ func (lb *DefaultLoadBalancer) buildSelection(selected *dbent.PaymentProviderIns
}, nil
}
-func (lb *DefaultLoadBalancer) decryptConfig(encrypted string) (map[string]string, error) {
- plaintext, err := Decrypt(encrypted, lb.encryptionKey)
- if err != nil {
- return nil, err
+// decryptConfig parses a stored provider config.
+// New records are plaintext JSON; legacy records are AES-256-GCM ciphertext.
+// Unreadable values (legacy ciphertext without a valid key, or malformed data)
+// are treated as empty so the service keeps running while the admin re-enters
+// the config via the UI.
+//
+// TODO(deprecated-legacy-ciphertext): The AES fallback branch below is a
+// transitional compatibility shim for pre-plaintext records. Remove it (and
+// the encryptionKey field + the Decrypt import) after a few releases once all
+// live deployments have re-saved their provider configs through the UI.
+func (lb *DefaultLoadBalancer) decryptConfig(stored string) (map[string]string, error) {
+ if stored == "" {
+ return nil, nil
}
var config map[string]string
- if err := json.Unmarshal([]byte(plaintext), &config); err != nil {
- return nil, fmt.Errorf("unmarshal config: %w", err)
+ if err := json.Unmarshal([]byte(stored), &config); err == nil {
+ return config, nil
}
- return config, nil
+ // Deprecated: legacy AES-256-GCM ciphertext fallback — scheduled for removal.
+ if len(lb.encryptionKey) == AES256KeySize {
+ //nolint:staticcheck // SA1019: intentional legacy fallback, scheduled for removal
+ if plaintext, err := Decrypt(stored, lb.encryptionKey); err == nil {
+ if err := json.Unmarshal([]byte(plaintext), &config); err == nil {
+ return config, nil
+ }
+ }
+ }
+ slog.Warn("payment provider config unreadable, treating as empty for re-entry",
+ "stored_len", len(stored))
+ return nil, nil
}
// GetInstanceDailyAmount returns the total completed order amount for an instance today.
diff --git a/backend/internal/payment/load_balancer_test.go b/backend/internal/payment/load_balancer_test.go
index ec9532bc..ed08a7dd 100644
--- a/backend/internal/payment/load_balancer_test.go
+++ b/backend/internal/payment/load_balancer_test.go
@@ -474,6 +474,103 @@ func TestStartOfDay(t *testing.T) {
}
}
+func TestDecryptConfig_PlaintextAndLegacyCompat(t *testing.T) {
+ t.Parallel()
+
+ key := make([]byte, AES256KeySize)
+ for i := range key {
+ key[i] = byte(i + 1)
+ }
+ wrongKey := make([]byte, AES256KeySize)
+ for i := range wrongKey {
+ wrongKey[i] = byte(0xFF - i)
+ }
+
+ plaintextJSON := `{"appId":"app-123","secret":"sec-xyz"}`
+
+ legacyEncrypted, err := Encrypt(plaintextJSON, key)
+ if err != nil {
+ t.Fatalf("seed Encrypt: %v", err)
+ }
+
+ tests := []struct {
+ name string
+ stored string
+ key []byte
+ want map[string]string
+ }{
+ {
+ name: "empty stored returns nil map",
+ stored: "",
+ key: key,
+ want: nil,
+ },
+ {
+ name: "plaintext JSON parses directly",
+ stored: plaintextJSON,
+ key: nil,
+ want: map[string]string{"appId": "app-123", "secret": "sec-xyz"},
+ },
+ {
+ name: "plaintext JSON works even with key present",
+ stored: plaintextJSON,
+ key: key,
+ want: map[string]string{"appId": "app-123", "secret": "sec-xyz"},
+ },
+ {
+ name: "legacy ciphertext with correct key decrypts",
+ stored: legacyEncrypted,
+ key: key,
+ want: map[string]string{"appId": "app-123", "secret": "sec-xyz"},
+ },
+ {
+ name: "legacy ciphertext with no key treated as empty",
+ stored: legacyEncrypted,
+ key: nil,
+ want: nil,
+ },
+ {
+ name: "legacy ciphertext with wrong key treated as empty",
+ stored: legacyEncrypted,
+ key: wrongKey,
+ want: nil,
+ },
+ {
+ name: "garbage data treated as empty",
+ stored: "not-json-and-not-ciphertext",
+ key: key,
+ want: nil,
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ t.Parallel()
+ lb := NewDefaultLoadBalancer(nil, tt.key)
+ got, err := lb.decryptConfig(tt.stored)
+ if err != nil {
+ t.Fatalf("decryptConfig unexpected error: %v", err)
+ }
+ if !stringMapEqual(got, tt.want) {
+ t.Fatalf("decryptConfig = %v, want %v", got, tt.want)
+ }
+ })
+ }
+}
+
+// stringMapEqual compares two map[string]string values; nil and empty are equal.
+func stringMapEqual(a, b map[string]string) bool {
+ if len(a) != len(b) {
+ return false
+ }
+ for k, v := range a {
+ if bv, ok := b[k]; !ok || bv != v {
+ return false
+ }
+ }
+ return true
+}
+
// ---------------------------------------------------------------------------
// Helpers
// ---------------------------------------------------------------------------
diff --git a/backend/internal/payment/provider/alipay.go b/backend/internal/payment/provider/alipay.go
index 0604883a..a6448109 100644
--- a/backend/internal/payment/provider/alipay.go
+++ b/backend/internal/payment/provider/alipay.go
@@ -15,8 +15,8 @@ import (
// Alipay product codes.
const (
- alipayProductCodePagePay = "FAST_INSTANT_TRADE_PAY"
alipayProductCodeWapPay = "QUICK_WAP_WAY"
+ alipayProductCodePagePay = "FAST_INSTANT_TRADE_PAY"
)
// Alipay response constants.
@@ -102,8 +102,13 @@ func (a *Alipay) MerchantIdentityMetadata() map[string]string {
return map[string]string{"app_id": appID}
}
-// CreatePayment creates an Alipay payment page URL.
-func (a *Alipay) CreatePayment(ctx context.Context, req payment.CreatePaymentRequest) (*payment.CreatePaymentResponse, error) {
+// CreatePayment creates an Alipay payment using redirect-only flow:
+// - Mobile (H5): alipay.trade.wap.pay — returns a URL the browser jumps to.
+// - PC: alipay.trade.page.pay — returns a gateway URL the browser opens in a
+// new window; Alipay's own page then shows login/QR. We intentionally do
+// NOT encode the URL into a QR on the client (it isn't a scannable payload
+// and would produce an invalid scan result).
+func (a *Alipay) CreatePayment(_ context.Context, req payment.CreatePaymentRequest) (*payment.CreatePaymentResponse, error) {
client, err := a.getClient()
if err != nil {
return nil, err
@@ -119,44 +124,46 @@ func (a *Alipay) CreatePayment(ctx context.Context, req payment.CreatePaymentReq
}
if req.IsMobile {
- return a.createTrade(ctx, client, req, notifyURL, returnURL, true)
+ return a.createWapTrade(client, req, notifyURL, returnURL)
}
- return a.createTrade(ctx, client, req, notifyURL, returnURL, false)
+ return a.createPagePayTrade(client, req, notifyURL, returnURL)
}
-func (a *Alipay) createTrade(ctx context.Context, client *alipay.Client, req payment.CreatePaymentRequest, notifyURL, returnURL string, isMobile bool) (*payment.CreatePaymentResponse, error) {
- if isMobile {
- param := alipay.TradeWapPay{}
- param.OutTradeNo = req.OrderID
- param.TotalAmount = req.Amount
- param.Subject = req.Subject
- param.ProductCode = alipayProductCodeWapPay
- param.NotifyURL = notifyURL
- param.ReturnURL = returnURL
-
- payURL, err := alipayTradeWapPay(client, param)
- if err != nil {
- return nil, fmt.Errorf("alipay TradeWapPay: %w", err)
- }
- return &payment.CreatePaymentResponse{
- TradeNo: req.OrderID,
- PayURL: payURL.String(),
- }, nil
- }
-
- param := alipay.TradePreCreate{}
+func (a *Alipay) createWapTrade(client *alipay.Client, req payment.CreatePaymentRequest, notifyURL, returnURL string) (*payment.CreatePaymentResponse, error) {
+ param := alipay.TradeWapPay{}
param.OutTradeNo = req.OrderID
param.TotalAmount = req.Amount
param.Subject = req.Subject
+ param.ProductCode = alipayProductCodeWapPay
param.NotifyURL = notifyURL
+ param.ReturnURL = returnURL
- resp, err := alipayTradePreCreate(ctx, client, param)
+ payURL, err := client.TradeWapPay(param)
if err != nil {
- return nil, fmt.Errorf("alipay TradePreCreate: %w", err)
+ return nil, fmt.Errorf("alipay TradeWapPay: %w", err)
}
return &payment.CreatePaymentResponse{
TradeNo: req.OrderID,
- QRCode: strings.TrimSpace(resp.QRCode),
+ PayURL: payURL.String(),
+ }, nil
+}
+
+func (a *Alipay) createPagePayTrade(client *alipay.Client, req payment.CreatePaymentRequest, notifyURL, returnURL string) (*payment.CreatePaymentResponse, error) {
+ param := alipay.TradePagePay{}
+ param.OutTradeNo = req.OrderID
+ param.TotalAmount = req.Amount
+ param.Subject = req.Subject
+ param.ProductCode = alipayProductCodePagePay
+ param.NotifyURL = notifyURL
+ param.ReturnURL = returnURL
+
+ payURL, err := alipayTradePagePay(client, param)
+ if err != nil {
+ return nil, fmt.Errorf("alipay TradePagePay: %w", err)
+ }
+ return &payment.CreatePaymentResponse{
+ TradeNo: req.OrderID,
+ PayURL: payURL.String(),
}, nil
}
diff --git a/backend/internal/payment/provider/wxpay.go b/backend/internal/payment/provider/wxpay.go
index 30016338..4b334513 100644
--- a/backend/internal/payment/provider/wxpay.go
+++ b/backend/internal/payment/provider/wxpay.go
@@ -3,16 +3,17 @@ package provider
import (
"bytes"
"context"
- "crypto/rsa"
"fmt"
"io"
"net/http"
"net/url"
+ "strconv"
"strings"
"sync"
"time"
"github.com/Wei-Shaw/sub2api/internal/payment"
+ infraerrors "github.com/Wei-Shaw/sub2api/internal/pkg/errors"
"github.com/wechatpay-apiv3/wechatpay-go/core"
"github.com/wechatpay-apiv3/wechatpay-go/core/auth/verifiers"
"github.com/wechatpay-apiv3/wechatpay-go/core/notify"
@@ -84,15 +85,35 @@ type Wxpay struct {
notifyHandler *notify.Handler
}
+const wxpayAPIv3KeyLength = 32
+
func NewWxpay(instanceID string, config map[string]string) (*Wxpay, error) {
- required := []string{"appId", "mchId", "privateKey", "apiV3Key", "publicKey", "publicKeyId", "certSerial"}
+ // All fields are required. Platform-certificate mode is intentionally unsupported —
+ // WeChat has been migrating all merchants to the pubkey verifier since 2024-10,
+ // and newly-provisioned merchants cannot download platform certificates at all.
+ required := []string{"appId", "mchId", "privateKey", "apiV3Key", "certSerial", "publicKey", "publicKeyId"}
for _, k := range required {
if config[k] == "" {
- return nil, fmt.Errorf("wxpay config missing required key: %s", k)
+ return nil, infraerrors.BadRequest("WXPAY_CONFIG_MISSING_KEY", "missing_required_key").
+ WithMetadata(map[string]string{"key": k})
}
}
- if len(config["apiV3Key"]) != 32 {
- return nil, fmt.Errorf("wxpay apiV3Key must be exactly 32 bytes, got %d", len(config["apiV3Key"]))
+ if len(config["apiV3Key"]) != wxpayAPIv3KeyLength {
+ return nil, infraerrors.BadRequest("WXPAY_CONFIG_INVALID_KEY_LENGTH", "invalid_key_length").
+ WithMetadata(map[string]string{
+ "key": "apiV3Key",
+ "expected": strconv.Itoa(wxpayAPIv3KeyLength),
+ "actual": strconv.Itoa(len(config["apiV3Key"])),
+ })
+ }
+ // Parse PEMs eagerly so malformed keys surface at save time, not at order creation.
+ if _, err := utils.LoadPrivateKey(formatPEM(config["privateKey"], "PRIVATE KEY")); err != nil {
+ return nil, infraerrors.BadRequest("WXPAY_CONFIG_INVALID_KEY", "invalid_key").
+ WithMetadata(map[string]string{"key": "privateKey"})
+ }
+ if _, err := utils.LoadPublicKey(formatPEM(config["publicKey"], "PUBLIC KEY")); err != nil {
+ return nil, infraerrors.BadRequest("WXPAY_CONFIG_INVALID_KEY", "invalid_key").
+ WithMetadata(map[string]string{"key": "publicKey"})
}
return &Wxpay{instanceID: instanceID, config: config}, nil
}
@@ -127,14 +148,19 @@ func (w *Wxpay) ensureClient() (*core.Client, error) {
if w.coreClient != nil {
return w.coreClient, nil
}
- privateKey, publicKey, err := w.loadKeyPair()
+ privateKey, err := utils.LoadPrivateKey(formatPEM(w.config["privateKey"], "PRIVATE KEY"))
if err != nil {
- return nil, err
+ return nil, infraerrors.BadRequest("WXPAY_CONFIG_INVALID_KEY", "invalid_key").
+ WithMetadata(map[string]string{"key": "privateKey"})
+ }
+ publicKey, err := utils.LoadPublicKey(formatPEM(w.config["publicKey"], "PUBLIC KEY"))
+ if err != nil {
+ return nil, infraerrors.BadRequest("WXPAY_CONFIG_INVALID_KEY", "invalid_key").
+ WithMetadata(map[string]string{"key": "publicKey"})
}
- certSerial := w.config["certSerial"]
verifier := verifiers.NewSHA256WithRSAPubkeyVerifier(w.config["publicKeyId"], *publicKey)
client, err := core.NewClient(context.Background(),
- option.WithMerchantCredential(w.config["mchId"], certSerial, privateKey),
+ option.WithMerchantCredential(w.config["mchId"], w.config["certSerial"], privateKey),
option.WithVerifier(verifier))
if err != nil {
return nil, fmt.Errorf("wxpay init client: %w", err)
@@ -148,18 +174,6 @@ func (w *Wxpay) ensureClient() (*core.Client, error) {
return w.coreClient, nil
}
-func (w *Wxpay) loadKeyPair() (*rsa.PrivateKey, *rsa.PublicKey, error) {
- privateKey, err := utils.LoadPrivateKey(formatPEM(w.config["privateKey"], "PRIVATE KEY"))
- if err != nil {
- return nil, nil, fmt.Errorf("wxpay load private key: %w", err)
- }
- publicKey, err := utils.LoadPublicKey(formatPEM(w.config["publicKey"], "PUBLIC KEY"))
- if err != nil {
- return nil, nil, fmt.Errorf("wxpay load public key: %w", err)
- }
- return privateKey, publicKey, nil
-}
-
func (w *Wxpay) CreatePayment(ctx context.Context, req payment.CreatePaymentRequest) (*payment.CreatePaymentResponse, error) {
client, err := w.ensureClient()
if err != nil {
diff --git a/backend/internal/payment/provider/wxpay_test.go b/backend/internal/payment/provider/wxpay_test.go
index 0d79b1b0..ebbd9d34 100644
--- a/backend/internal/payment/provider/wxpay_test.go
+++ b/backend/internal/payment/provider/wxpay_test.go
@@ -4,6 +4,10 @@ package provider
import (
"context"
+ "crypto/rand"
+ "crypto/rsa"
+ "crypto/x509"
+ "encoding/pem"
"net/url"
"strings"
"testing"
@@ -16,6 +20,26 @@ import (
"github.com/wechatpay-apiv3/wechatpay-go/services/payments/native"
)
+// generateTestKeyPair returns a fresh RSA 2048 key pair as PEM strings.
+// The wechatpay-go SDK expects PKCS8 private keys and PKIX public keys.
+func generateTestKeyPair(t *testing.T) (privPEM, pubPEM string) {
+ t.Helper()
+ key, err := rsa.GenerateKey(rand.Reader, 2048)
+ if err != nil {
+ t.Fatalf("generate rsa key: %v", err)
+ }
+ privDER, err := x509.MarshalPKCS8PrivateKey(key)
+ if err != nil {
+ t.Fatalf("marshal pkcs8: %v", err)
+ }
+ pubDER, err := x509.MarshalPKIXPublicKey(&key.PublicKey)
+ if err != nil {
+ t.Fatalf("marshal pkix: %v", err)
+ }
+ return string(pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: privDER})),
+ string(pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: pubDER}))
+}
+
func TestMapWxState(t *testing.T) {
t.Parallel()
@@ -183,13 +207,14 @@ func TestFormatPEM(t *testing.T) {
func TestNewWxpay(t *testing.T) {
t.Parallel()
+ privPEM, pubPEM := generateTestKeyPair(t)
validConfig := map[string]string{
"appId": "wx1234567890",
"mchId": "1234567890",
- "privateKey": "fake-private-key",
+ "privateKey": privPEM,
"apiV3Key": "12345678901234567890123456789012", // exactly 32 bytes
- "publicKey": "fake-public-key",
- "publicKeyId": "key-id-001",
+ "publicKey": pubPEM,
+ "publicKeyId": "PUB_KEY_ID_TEST",
"certSerial": "SERIAL001",
}
@@ -240,6 +265,12 @@ func TestNewWxpay(t *testing.T) {
wantErr: true,
errSubstr: "apiV3Key",
},
+ {
+ name: "missing certSerial",
+ config: withOverride(map[string]string{"certSerial": ""}),
+ wantErr: true,
+ errSubstr: "certSerial",
+ },
{
name: "missing publicKey",
config: withOverride(map[string]string{"publicKey": ""}),
@@ -252,17 +283,29 @@ func TestNewWxpay(t *testing.T) {
wantErr: true,
errSubstr: "publicKeyId",
},
+ {
+ name: "malformed privateKey PEM",
+ config: withOverride(map[string]string{"privateKey": "not-a-valid-pem"}),
+ wantErr: true,
+ errSubstr: "WXPAY_CONFIG_INVALID_KEY",
+ },
+ {
+ name: "malformed publicKey PEM",
+ config: withOverride(map[string]string{"publicKey": "not-a-valid-pem"}),
+ wantErr: true,
+ errSubstr: "WXPAY_CONFIG_INVALID_KEY",
+ },
{
name: "apiV3Key too short",
config: withOverride(map[string]string{"apiV3Key": "short"}),
wantErr: true,
- errSubstr: "exactly 32 bytes",
+ errSubstr: "WXPAY_CONFIG_INVALID_KEY_LENGTH",
},
{
name: "apiV3Key too long",
config: withOverride(map[string]string{"apiV3Key": "123456789012345678901234567890123"}), // 33 bytes
wantErr: true,
- errSubstr: "exactly 32 bytes",
+ errSubstr: "WXPAY_CONFIG_INVALID_KEY_LENGTH",
},
}
diff --git a/backend/internal/pkg/openai/constants.go b/backend/internal/pkg/openai/constants.go
index 49e38bf8..980f058d 100644
--- a/backend/internal/pkg/openai/constants.go
+++ b/backend/internal/pkg/openai/constants.go
@@ -17,16 +17,9 @@ type Model struct {
var DefaultModels = []Model{
{ID: "gpt-5.4", Object: "model", Created: 1738368000, OwnedBy: "openai", Type: "model", DisplayName: "GPT-5.4"},
{ID: "gpt-5.4-mini", Object: "model", Created: 1738368000, OwnedBy: "openai", Type: "model", DisplayName: "GPT-5.4 Mini"},
- {ID: "gpt-5.4-nano", Object: "model", Created: 1738368000, OwnedBy: "openai", Type: "model", DisplayName: "GPT-5.4 Nano"},
{ID: "gpt-5.3-codex", Object: "model", Created: 1735689600, OwnedBy: "openai", Type: "model", DisplayName: "GPT-5.3 Codex"},
{ID: "gpt-5.3-codex-spark", Object: "model", Created: 1735689600, OwnedBy: "openai", Type: "model", DisplayName: "GPT-5.3 Codex Spark"},
{ID: "gpt-5.2", Object: "model", Created: 1733875200, OwnedBy: "openai", Type: "model", DisplayName: "GPT-5.2"},
- {ID: "gpt-5.2-codex", Object: "model", Created: 1733011200, OwnedBy: "openai", Type: "model", DisplayName: "GPT-5.2 Codex"},
- {ID: "gpt-5.1-codex-max", Object: "model", Created: 1730419200, OwnedBy: "openai", Type: "model", DisplayName: "GPT-5.1 Codex Max"},
- {ID: "gpt-5.1-codex", Object: "model", Created: 1730419200, OwnedBy: "openai", Type: "model", DisplayName: "GPT-5.1 Codex"},
- {ID: "gpt-5.1", Object: "model", Created: 1731456000, OwnedBy: "openai", Type: "model", DisplayName: "GPT-5.1"},
- {ID: "gpt-5.1-codex-mini", Object: "model", Created: 1730419200, OwnedBy: "openai", Type: "model", DisplayName: "GPT-5.1 Codex Mini"},
- {ID: "gpt-5", Object: "model", Created: 1722988800, OwnedBy: "openai", Type: "model", DisplayName: "GPT-5"},
}
// DefaultModelIDs returns the default model ID list
@@ -39,7 +32,7 @@ func DefaultModelIDs() []string {
}
// DefaultTestModel default model for testing OpenAI accounts
-const DefaultTestModel = "gpt-5.1-codex"
+const DefaultTestModel = "gpt-5.4"
// DefaultInstructions default instructions for non-Codex CLI requests
// Content loaded from instructions.txt at compile time
diff --git a/backend/internal/repository/account_repo.go b/backend/internal/repository/account_repo.go
index 24115c33..78f739ac 100644
--- a/backend/internal/repository/account_repo.go
+++ b/backend/internal/repository/account_repo.go
@@ -438,6 +438,9 @@ func (r *accountRepository) Delete(ctx context.Context, id int64) error {
if _, err := txClient.AccountGroup.Delete().Where(dbaccountgroup.AccountIDEQ(id)).Exec(ctx); err != nil {
return err
}
+ if _, err := txClient.ExecContext(ctx, "DELETE FROM scheduled_test_plans WHERE account_id = $1", id); err != nil {
+ return err
+ }
if _, err := txClient.Account.Delete().Where(dbaccount.IDEQ(id)).Exec(ctx); err != nil {
return err
}
diff --git a/backend/internal/service/account.go b/backend/internal/service/account.go
index 52db3073..af686ae7 100644
--- a/backend/internal/service/account.go
+++ b/backend/internal/service/account.go
@@ -121,6 +121,9 @@ func (a *Account) IsSchedulable() bool {
if a.TempUnschedulableUntil != nil && now.Before(*a.TempUnschedulableUntil) {
return false
}
+ if a.IsAPIKeyOrBedrock() && a.IsQuotaExceeded() {
+ return false
+ }
return true
}
diff --git a/backend/internal/service/account_quota_schedulable_test.go b/backend/internal/service/account_quota_schedulable_test.go
new file mode 100644
index 00000000..2895b34c
--- /dev/null
+++ b/backend/internal/service/account_quota_schedulable_test.go
@@ -0,0 +1,123 @@
+//go:build unit
+
+package service
+
+import (
+ "testing"
+ "time"
+
+ "github.com/stretchr/testify/require"
+)
+
+func TestAccountIsSchedulable_QuotaExceeded(t *testing.T) {
+ now := time.Now()
+
+ tests := []struct {
+ name string
+ account *Account
+ want bool
+ }{
+ {
+ name: "apikey daily quota exceeded",
+ account: &Account{
+ Status: StatusActive,
+ Schedulable: true,
+ Type: AccountTypeAPIKey,
+ Extra: map[string]any{
+ "quota_daily_limit": 10.0,
+ "quota_daily_used": 10.0,
+ "quota_daily_start": now.Add(-1 * time.Hour).Format(time.RFC3339),
+ },
+ },
+ want: false,
+ },
+ {
+ name: "apikey weekly quota exceeded",
+ account: &Account{
+ Status: StatusActive,
+ Schedulable: true,
+ Type: AccountTypeAPIKey,
+ Extra: map[string]any{
+ "quota_weekly_limit": 50.0,
+ "quota_weekly_used": 50.0,
+ "quota_weekly_start": now.Add(-2 * 24 * time.Hour).Format(time.RFC3339),
+ },
+ },
+ want: false,
+ },
+ {
+ name: "apikey total quota exceeded",
+ account: &Account{
+ Status: StatusActive,
+ Schedulable: true,
+ Type: AccountTypeAPIKey,
+ Extra: map[string]any{
+ "quota_limit": 100.0,
+ "quota_used": 100.0,
+ },
+ },
+ want: false,
+ },
+ {
+ name: "apikey quota not exceeded",
+ account: &Account{
+ Status: StatusActive,
+ Schedulable: true,
+ Type: AccountTypeAPIKey,
+ Extra: map[string]any{
+ "quota_daily_limit": 10.0,
+ "quota_daily_used": 5.0,
+ "quota_daily_start": now.Add(-1 * time.Hour).Format(time.RFC3339),
+ },
+ },
+ want: true,
+ },
+ {
+ name: "apikey expired daily period restores schedulable",
+ account: &Account{
+ Status: StatusActive,
+ Schedulable: true,
+ Type: AccountTypeAPIKey,
+ Extra: map[string]any{
+ "quota_daily_limit": 10.0,
+ "quota_daily_used": 10.0,
+ "quota_daily_start": now.Add(-25 * time.Hour).Format(time.RFC3339),
+ },
+ },
+ want: true,
+ },
+ {
+ name: "oauth ignores quota exceeded",
+ account: &Account{
+ Status: StatusActive,
+ Schedulable: true,
+ Type: AccountTypeOAuth,
+ Extra: map[string]any{
+ "quota_daily_limit": 10.0,
+ "quota_daily_used": 10.0,
+ "quota_daily_start": now.Add(-1 * time.Hour).Format(time.RFC3339),
+ },
+ },
+ want: true,
+ },
+ {
+ name: "bedrock quota exceeded",
+ account: &Account{
+ Status: StatusActive,
+ Schedulable: true,
+ Type: AccountTypeBedrock,
+ Extra: map[string]any{
+ "quota_limit": 200.0,
+ "quota_used": 200.0,
+ },
+ },
+ want: false,
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ require.Equal(t, tt.want, tt.account.IsSchedulable())
+ })
+ }
+}
diff --git a/backend/internal/service/admin_service.go b/backend/internal/service/admin_service.go
index e0effa66..a485af16 100644
--- a/backend/internal/service/admin_service.go
+++ b/backend/internal/service/admin_service.go
@@ -651,6 +651,15 @@ func (s *adminServiceImpl) assignDefaultSubscriptions(ctx context.Context, userI
}
func (s *adminServiceImpl) UpdateUser(ctx context.Context, id int64, input *UpdateUserInput) (*User, error) {
+ // 校验用户专属分组倍率:必须 > 0(nil 合法,表示清除专属倍率)
+ if input.GroupRates != nil {
+ for groupID, rate := range input.GroupRates {
+ if rate != nil && *rate <= 0 {
+ return nil, fmt.Errorf("rate_multiplier must be > 0 (group_id=%d)", groupID)
+ }
+ }
+ }
+
user, err := s.userRepo.GetByID(ctx, id)
if err != nil {
return nil, err
@@ -1108,6 +1117,10 @@ func (s *adminServiceImpl) GetGroup(ctx context.Context, id int64) (*Group, erro
}
func (s *adminServiceImpl) CreateGroup(ctx context.Context, input *CreateGroupInput) (*Group, error) {
+ if input.RateMultiplier <= 0 {
+ return nil, errors.New("rate_multiplier must be > 0")
+ }
+
platform := input.Platform
if platform == "" {
platform = PlatformAnthropic
@@ -1347,6 +1360,9 @@ func (s *adminServiceImpl) UpdateGroup(ctx context.Context, id int64, input *Upd
group.Platform = input.Platform
}
if input.RateMultiplier != nil {
+ if *input.RateMultiplier <= 0 {
+ return nil, errors.New("rate_multiplier must be > 0")
+ }
group.RateMultiplier = *input.RateMultiplier
}
if input.IsExclusive != nil {
@@ -1583,6 +1599,11 @@ func (s *adminServiceImpl) BatchSetGroupRateMultipliers(ctx context.Context, gro
if s.userGroupRateRepo == nil {
return nil
}
+ for _, e := range entries {
+ if e.RateMultiplier <= 0 {
+ return fmt.Errorf("rate_multiplier must be > 0 (user_id=%d)", e.UserID)
+ }
+ }
return s.userGroupRateRepo.SyncGroupRateMultipliers(ctx, groupID, entries)
}
diff --git a/backend/internal/service/admin_service_group_test.go b/backend/internal/service/admin_service_group_test.go
index a4c6d0ca..41d2c26a 100644
--- a/backend/internal/service/admin_service_group_test.go
+++ b/backend/internal/service/admin_service_group_test.go
@@ -621,6 +621,7 @@ func TestAdminService_CreateGroup_InvalidRequestFallbackRejectsUnsupportedPlatfo
_, err := svc.CreateGroup(context.Background(), &CreateGroupInput{
Name: "g1",
Platform: PlatformOpenAI,
+ RateMultiplier: 1.0,
SubscriptionType: SubscriptionTypeStandard,
FallbackGroupIDOnInvalidRequest: &fallbackID,
})
@@ -641,6 +642,7 @@ func TestAdminService_CreateGroup_InvalidRequestFallbackRejectsSubscription(t *t
_, err := svc.CreateGroup(context.Background(), &CreateGroupInput{
Name: "g1",
Platform: PlatformAnthropic,
+ RateMultiplier: 1.0,
SubscriptionType: SubscriptionTypeSubscription,
FallbackGroupIDOnInvalidRequest: &fallbackID,
})
@@ -695,6 +697,7 @@ func TestAdminService_CreateGroup_InvalidRequestFallbackRejectsFallbackGroup(t *
_, err := svc.CreateGroup(context.Background(), &CreateGroupInput{
Name: "g1",
Platform: PlatformAnthropic,
+ RateMultiplier: 1.0,
SubscriptionType: SubscriptionTypeStandard,
FallbackGroupIDOnInvalidRequest: &fallbackID,
})
@@ -713,6 +716,7 @@ func TestAdminService_CreateGroup_InvalidRequestFallbackNotFound(t *testing.T) {
_, err := svc.CreateGroup(context.Background(), &CreateGroupInput{
Name: "g1",
Platform: PlatformAnthropic,
+ RateMultiplier: 1.0,
SubscriptionType: SubscriptionTypeStandard,
FallbackGroupIDOnInvalidRequest: &fallbackID,
})
@@ -733,6 +737,7 @@ func TestAdminService_CreateGroup_InvalidRequestFallbackAllowsAntigravity(t *tes
group, err := svc.CreateGroup(context.Background(), &CreateGroupInput{
Name: "g1",
Platform: PlatformAntigravity,
+ RateMultiplier: 1.0,
SubscriptionType: SubscriptionTypeStandard,
FallbackGroupIDOnInvalidRequest: &fallbackID,
})
@@ -750,6 +755,7 @@ func TestAdminService_CreateGroup_InvalidRequestFallbackClearsOnZero(t *testing.
group, err := svc.CreateGroup(context.Background(), &CreateGroupInput{
Name: "g1",
Platform: PlatformAnthropic,
+ RateMultiplier: 1.0,
SubscriptionType: SubscriptionTypeStandard,
FallbackGroupIDOnInvalidRequest: &zero,
})
diff --git a/backend/internal/service/billing_service.go b/backend/internal/service/billing_service.go
index 32a54cbe..a45203a3 100644
--- a/backend/internal/service/billing_service.go
+++ b/backend/internal/service/billing_service.go
@@ -203,17 +203,6 @@ func (s *BillingService) initFallbackPricing() {
SupportsCacheBreakdown: false,
}
- // OpenAI GPT-5.1(本地兜底,防止动态定价不可用时拒绝计费)
- s.fallbackPrices["gpt-5.1"] = &ModelPricing{
- InputPricePerToken: 1.25e-6, // $1.25 per MTok
- InputPricePerTokenPriority: 2.5e-6, // $2.5 per MTok
- OutputPricePerToken: 10e-6, // $10 per MTok
- OutputPricePerTokenPriority: 20e-6, // $20 per MTok
- CacheCreationPricePerToken: 1.25e-6, // $1.25 per MTok
- CacheReadPricePerToken: 0.125e-6,
- CacheReadPricePerTokenPriority: 0.25e-6,
- SupportsCacheBreakdown: false,
- }
// OpenAI GPT-5.4(业务指定价格)
s.fallbackPrices["gpt-5.4"] = &ModelPricing{
InputPricePerToken: 2.5e-6, // $2.5 per MTok
@@ -234,12 +223,6 @@ func (s *BillingService) initFallbackPricing() {
CacheReadPricePerToken: 7.5e-8,
SupportsCacheBreakdown: false,
}
- s.fallbackPrices["gpt-5.4-nano"] = &ModelPricing{
- InputPricePerToken: 2e-7,
- OutputPricePerToken: 1.25e-6,
- CacheReadPricePerToken: 2e-8,
- SupportsCacheBreakdown: false,
- }
// OpenAI GPT-5.2(本地兜底)
s.fallbackPrices["gpt-5.2"] = &ModelPricing{
InputPricePerToken: 1.75e-6,
@@ -251,8 +234,8 @@ func (s *BillingService) initFallbackPricing() {
CacheReadPricePerTokenPriority: 0.35e-6,
SupportsCacheBreakdown: false,
}
- // Codex 族兜底统一按 GPT-5.1 Codex 价格计费
- s.fallbackPrices["gpt-5.1-codex"] = &ModelPricing{
+ // Codex 族兜底统一按 GPT-5.3 Codex 价格计费
+ s.fallbackPrices["gpt-5.3-codex"] = &ModelPricing{
InputPricePerToken: 1.5e-6, // $1.5 per MTok
InputPricePerTokenPriority: 3e-6, // $3 per MTok
OutputPricePerToken: 12e-6, // $12 per MTok
@@ -262,17 +245,6 @@ func (s *BillingService) initFallbackPricing() {
CacheReadPricePerTokenPriority: 0.3e-6,
SupportsCacheBreakdown: false,
}
- s.fallbackPrices["gpt-5.2-codex"] = &ModelPricing{
- InputPricePerToken: 1.75e-6,
- InputPricePerTokenPriority: 3.5e-6,
- OutputPricePerToken: 14e-6,
- OutputPricePerTokenPriority: 28e-6,
- CacheCreationPricePerToken: 1.75e-6,
- CacheReadPricePerToken: 0.175e-6,
- CacheReadPricePerTokenPriority: 0.35e-6,
- SupportsCacheBreakdown: false,
- }
- s.fallbackPrices["gpt-5.3-codex"] = s.fallbackPrices["gpt-5.1-codex"]
}
// getFallbackPricing 根据模型系列获取回退价格
@@ -318,20 +290,12 @@ func (s *BillingService) getFallbackPricing(model string) *ModelPricing {
switch normalized {
case "gpt-5.4-mini":
return s.fallbackPrices["gpt-5.4-mini"]
- case "gpt-5.4-nano":
- return s.fallbackPrices["gpt-5.4-nano"]
case "gpt-5.4":
return s.fallbackPrices["gpt-5.4"]
case "gpt-5.2":
return s.fallbackPrices["gpt-5.2"]
- case "gpt-5.2-codex":
- return s.fallbackPrices["gpt-5.2-codex"]
- case "gpt-5.3-codex":
+ case "gpt-5.3-codex", "gpt-5.3-codex-spark":
return s.fallbackPrices["gpt-5.3-codex"]
- case "gpt-5.1-codex", "gpt-5.1-codex-max", "gpt-5.1-codex-mini", "codex-mini-latest":
- return s.fallbackPrices["gpt-5.1-codex"]
- case "gpt-5.1":
- return s.fallbackPrices["gpt-5.1"]
}
}
@@ -448,8 +412,9 @@ func (s *BillingService) CalculateCostUnified(input CostInput) (*CostBreakdown,
})
}
- if input.RateMultiplier <= 0 {
- input.RateMultiplier = 1.0
+ // 保存时强制 > 0;若仍有负数泄漏(缓存/迁移残留),按 0 处理避免按 1x 误扣。
+ if input.RateMultiplier < 0 {
+ input.RateMultiplier = 0
}
var breakdown *CostBreakdown
@@ -493,8 +458,9 @@ func (s *BillingService) computeTokenBreakdown(
rateMultiplier float64, serviceTier string,
applyLongCtx bool,
) *CostBreakdown {
- if rateMultiplier <= 0 {
- rateMultiplier = 1.0
+ // 保存时强制 > 0;若仍有负数泄漏,按 0 处理避免按 1x 误扣。
+ if rateMultiplier < 0 {
+ rateMultiplier = 0
}
inputPrice := pricing.InputPricePerToken
@@ -665,8 +631,13 @@ func (s *BillingService) shouldApplySessionLongContextPricing(tokens UsageTokens
}
func isOpenAIGPT54Model(model string) bool {
- normalized := normalizeCodexModel(strings.TrimSpace(strings.ToLower(model)))
- return normalized == "gpt-5.4"
+ trimmed := strings.TrimSpace(strings.ToLower(model))
+ // 仅当模型字符串实际属于 GPT-5/Codex 族时才做归一判定,避免 normalizeCodexModel
+ // 的默认兜底把非 OpenAI 模型(claude-*、gemini-*、gpt-4o)误识别为 gpt-5.4。
+ if !strings.Contains(trimmed, "gpt-5") && !strings.Contains(trimmed, "codex") {
+ return false
+ }
+ return normalizeCodexModel(trimmed) == "gpt-5.4"
}
// CalculateCostWithConfig 使用配置中的默认倍率计算费用
@@ -831,9 +802,9 @@ func (s *BillingService) CalculateImageCost(model string, imageSize string, imag
// 计算总费用
totalCost := unitPrice * float64(imageCount)
- // 应用倍率
- if rateMultiplier <= 0 {
- rateMultiplier = 1.0
+ // 应用倍率(保存时强制 > 0;负数按 0 处理避免按 1x 误扣)
+ if rateMultiplier < 0 {
+ rateMultiplier = 0
}
actualCost := totalCost * rateMultiplier
diff --git a/backend/internal/service/billing_service_image_test.go b/backend/internal/service/billing_service_image_test.go
index fa90f6bb..8d3ca987 100644
--- a/backend/internal/service/billing_service_image_test.go
+++ b/backend/internal/service/billing_service_image_test.go
@@ -90,13 +90,14 @@ func TestCalculateImageCost_NegativeCount(t *testing.T) {
require.Equal(t, 0.0, cost.ActualCost)
}
-// TestCalculateImageCost_ZeroRateMultiplier 测试费率倍数为 0 时默认使用 1.0
+// TestCalculateImageCost_ZeroRateMultiplier 锁定新行为:倍率 0 直接按 0 计费
+// (保存时已强制 > 0;若仍有 0 泄漏到计费层,零消耗比历史的 1.0 更安全)。
func TestCalculateImageCost_ZeroRateMultiplier(t *testing.T) {
svc := &BillingService{}
cost := svc.CalculateImageCost("gemini-3-pro-image", "2K", 1, nil, 0)
require.InDelta(t, 0.201, cost.TotalCost, 0.0001)
- require.InDelta(t, 0.201, cost.ActualCost, 0.0001) // 0 倍率当作 1.0 处理
+ require.InDelta(t, 0.0, cost.ActualCost, 1e-10)
}
// TestGetImageUnitPrice_GroupPriorityOverDefault 测试分组价格优先于默认价格
diff --git a/backend/internal/service/billing_service_rate_multiplier_test.go b/backend/internal/service/billing_service_rate_multiplier_test.go
new file mode 100644
index 00000000..83788196
--- /dev/null
+++ b/backend/internal/service/billing_service_rate_multiplier_test.go
@@ -0,0 +1,63 @@
+//go:build unit
+
+package service
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/require"
+)
+
+// TestCalculateCost_RateMultiplier_NegativeClampedToZero 锁定负数倍率被
+// 钳制为 0(而非历史上的 1.0),避免配置异常导致静默按标准价扣费。
+func TestCalculateCost_RateMultiplier_NegativeClampedToZero(t *testing.T) {
+ svc := newTestBillingService()
+ tokens := UsageTokens{InputTokens: 1000, OutputTokens: 500}
+
+ tests := []struct {
+ name string
+ multiplier float64
+ wantRatio float64 // ActualCost / TotalCost
+ }{
+ {"negative clamped to 0", -1.5, 0},
+ {"zero passes through as 0 (defense in depth)", 0, 0},
+ {"positive 2x applied", 2.0, 2.0},
+ {"positive 0.5x applied", 0.5, 0.5},
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ cost, err := svc.CalculateCost("claude-sonnet-4", tokens, tt.multiplier)
+ require.NoError(t, err)
+ require.Greater(t, cost.TotalCost, 0.0, "TotalCost should be non-zero")
+ require.InDelta(t, tt.wantRatio*cost.TotalCost, cost.ActualCost, 1e-9)
+ })
+ }
+}
+
+// TestCalculateImageCost_RateMultiplier_NegativeClampedToZero 图片按次计费路径
+// 同样遵循"负数 → 0"语义。
+func TestCalculateImageCost_RateMultiplier_NegativeClampedToZero(t *testing.T) {
+ svc := newTestBillingService()
+ price := 0.04
+ cfg := &ImagePriceConfig{Price1K: &price}
+
+ tests := []struct {
+ name string
+ multiplier float64
+ wantRatio float64
+ }{
+ {"negative clamped to 0", -0.5, 0},
+ {"zero passes through", 0, 0},
+ {"positive 3x applied", 3.0, 3.0},
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ cost := svc.CalculateImageCost("imagen-3", "1K", 2, cfg, tt.multiplier)
+ require.NotNil(t, cost)
+ require.Greater(t, cost.TotalCost, 0.0)
+ require.InDelta(t, tt.wantRatio*cost.TotalCost, cost.ActualCost, 1e-9)
+ })
+ }
+}
diff --git a/backend/internal/service/billing_service_test.go b/backend/internal/service/billing_service_test.go
index 2cf134e2..222abd69 100644
--- a/backend/internal/service/billing_service_test.go
+++ b/backend/internal/service/billing_service_test.go
@@ -71,34 +71,6 @@ func TestCalculateCost_RateMultiplier(t *testing.T) {
require.InDelta(t, cost1x.ActualCost*2, cost2x.ActualCost, 1e-10)
}
-func TestCalculateCost_ZeroMultiplierDefaultsToOne(t *testing.T) {
- svc := newTestBillingService()
-
- tokens := UsageTokens{InputTokens: 1000}
-
- costZero, err := svc.CalculateCost("claude-sonnet-4", tokens, 0)
- require.NoError(t, err)
-
- costOne, err := svc.CalculateCost("claude-sonnet-4", tokens, 1.0)
- require.NoError(t, err)
-
- require.InDelta(t, costOne.ActualCost, costZero.ActualCost, 1e-10)
-}
-
-func TestCalculateCost_NegativeMultiplierDefaultsToOne(t *testing.T) {
- svc := newTestBillingService()
-
- tokens := UsageTokens{InputTokens: 1000}
-
- costNeg, err := svc.CalculateCost("claude-sonnet-4", tokens, -1.0)
- require.NoError(t, err)
-
- costOne, err := svc.CalculateCost("claude-sonnet-4", tokens, 1.0)
- require.NoError(t, err)
-
- require.InDelta(t, costOne.ActualCost, costNeg.ActualCost, 1e-10)
-}
-
func TestGetModelPricing_FallbackMatchesByFamily(t *testing.T) {
svc := newTestBillingService()
@@ -151,15 +123,6 @@ func TestGetModelPricing_UnknownOpenAIModelReturnsError(t *testing.T) {
require.Contains(t, err.Error(), "pricing not found")
}
-func TestGetModelPricing_OpenAIGPT51Fallback(t *testing.T) {
- svc := newTestBillingService()
-
- pricing, err := svc.GetModelPricing("gpt-5.1")
- require.NoError(t, err)
- require.NotNil(t, pricing)
- require.InDelta(t, 1.25e-6, pricing.InputPricePerToken, 1e-12)
-}
-
func TestGetModelPricing_OpenAIGPT54Fallback(t *testing.T) {
svc := newTestBillingService()
@@ -186,18 +149,6 @@ func TestGetModelPricing_OpenAIGPT54MiniFallback(t *testing.T) {
require.Zero(t, pricing.LongContextInputThreshold)
}
-func TestGetModelPricing_OpenAIGPT54NanoFallback(t *testing.T) {
- svc := newTestBillingService()
-
- pricing, err := svc.GetModelPricing("gpt-5.4-nano")
- require.NoError(t, err)
- require.NotNil(t, pricing)
- require.InDelta(t, 2e-7, pricing.InputPricePerToken, 1e-12)
- require.InDelta(t, 1.25e-6, pricing.OutputPricePerToken, 1e-12)
- require.InDelta(t, 2e-8, pricing.CacheReadPricePerToken, 1e-12)
- require.Zero(t, pricing.LongContextInputThreshold)
-}
-
func TestCalculateCost_OpenAIGPT54LongContextAppliesWholeSessionMultipliers(t *testing.T) {
svc := newTestBillingService()
@@ -232,13 +183,13 @@ func TestGetFallbackPricing_FamilyMatching(t *testing.T) {
{name: "claude generic model fallback sonnet", model: "claude-foo-bar", expectedInput: 3e-6},
{name: "gemini explicit fallback", model: "gemini-3-1-pro", expectedInput: 2e-6},
{name: "gemini unknown no fallback", model: "gemini-2.0-pro", expectNilPricing: true},
- {name: "openai gpt5.1", model: "gpt-5.1", expectedInput: 1.25e-6},
{name: "openai gpt5.4", model: "gpt-5.4", expectedInput: 2.5e-6},
{name: "openai gpt5.4 mini", model: "gpt-5.4-mini", expectedInput: 7.5e-7},
- {name: "openai gpt5.4 nano", model: "gpt-5.4-nano", expectedInput: 2e-7},
{name: "openai gpt5.3 codex", model: "gpt-5.3-codex", expectedInput: 1.5e-6},
- {name: "openai gpt5.1 codex max alias", model: "gpt-5.1-codex-max", expectedInput: 1.5e-6},
- {name: "openai codex mini latest alias", model: "codex-mini-latest", expectedInput: 1.5e-6},
+ {name: "openai gpt5.3 codex spark", model: "gpt-5.3-codex-spark", expectedInput: 1.5e-6},
+ {name: "openai legacy gpt5.1 falls back to gpt5.4", model: "gpt-5.1", expectedInput: 2.5e-6},
+ {name: "openai legacy gpt5.1 codex falls back to gpt5.3 codex", model: "gpt-5.1-codex", expectedInput: 1.5e-6},
+ {name: "openai legacy codex mini latest falls back to gpt5.3 codex", model: "codex-mini-latest", expectedInput: 1.5e-6},
{name: "openai unknown no fallback", model: "gpt-unknown-model", expectNilPricing: true},
{name: "non supported family", model: "qwen-max", expectNilPricing: true},
}
diff --git a/backend/internal/service/billing_service_unified_test.go b/backend/internal/service/billing_service_unified_test.go
index 694c3384..e6a92d1a 100644
--- a/backend/internal/service/billing_service_unified_test.go
+++ b/backend/internal/service/billing_service_unified_test.go
@@ -147,40 +147,35 @@ func TestCalculateCostUnified_ImageMode(t *testing.T) {
require.Equal(t, string(BillingModeImage), cost.BillingMode)
}
-func TestCalculateCostUnified_RateMultiplierZeroDefaultsToOne(t *testing.T) {
+// TestCalculateCostUnified_RateMultiplierZeroProducesZero 锁定新行为:
+// 保存时强制 > 0;若 0 仍泄漏到计费层,按 0 计费(而非历史上的 1.0)。
+func TestCalculateCostUnified_RateMultiplierZeroProducesZero(t *testing.T) {
bs := newTestBillingService()
resolver := NewModelPricingResolver(nil, bs)
tokens := UsageTokens{InputTokens: 1000, OutputTokens: 500}
- costZero, err := bs.CalculateCostUnified(CostInput{
+ cost, err := bs.CalculateCostUnified(CostInput{
Ctx: context.Background(),
Model: "claude-sonnet-4",
Tokens: tokens,
- RateMultiplier: 0, // should default to 1.0
+ RateMultiplier: 0,
Resolver: resolver,
})
require.NoError(t, err)
-
- costOne, err := bs.CalculateCostUnified(CostInput{
- Ctx: context.Background(),
- Model: "claude-sonnet-4",
- Tokens: tokens,
- RateMultiplier: 1.0,
- Resolver: resolver,
- })
- require.NoError(t, err)
-
- require.InDelta(t, costOne.ActualCost, costZero.ActualCost, 1e-10)
+ require.Greater(t, cost.TotalCost, 0.0)
+ require.InDelta(t, 0.0, cost.ActualCost, 1e-10)
}
-func TestCalculateCostUnified_NegativeRateMultiplierDefaultsToOne(t *testing.T) {
+// TestCalculateCostUnified_NegativeRateMultiplierClampedToZero 锁定新行为:
+// 负数倍率按 0 计费,避免历史的 <=0 → 1.0 把配置异常静默按标准价扣费。
+func TestCalculateCostUnified_NegativeRateMultiplierClampedToZero(t *testing.T) {
bs := newTestBillingService()
resolver := NewModelPricingResolver(nil, bs)
tokens := UsageTokens{InputTokens: 1000}
- costNeg, err := bs.CalculateCostUnified(CostInput{
+ cost, err := bs.CalculateCostUnified(CostInput{
Ctx: context.Background(),
Model: "claude-sonnet-4",
Tokens: tokens,
@@ -188,17 +183,8 @@ func TestCalculateCostUnified_NegativeRateMultiplierDefaultsToOne(t *testing.T)
Resolver: resolver,
})
require.NoError(t, err)
-
- costOne, err := bs.CalculateCostUnified(CostInput{
- Ctx: context.Background(),
- Model: "claude-sonnet-4",
- Tokens: tokens,
- RateMultiplier: 1.0,
- Resolver: resolver,
- })
- require.NoError(t, err)
-
- require.InDelta(t, costOne.ActualCost, costNeg.ActualCost, 1e-10)
+ require.Greater(t, cost.TotalCost, 0.0)
+ require.InDelta(t, 0.0, cost.ActualCost, 1e-10)
}
func TestCalculateCostUnified_BillingModeFieldFilled(t *testing.T) {
diff --git a/backend/internal/service/gateway_request.go b/backend/internal/service/gateway_request.go
index 55cb2c84..498336a4 100644
--- a/backend/internal/service/gateway_request.go
+++ b/backend/internal/service/gateway_request.go
@@ -962,7 +962,7 @@ func NormalizeClaudeOutputEffort(raw string) *string {
return nil
}
switch value {
- case "low", "medium", "high", "max":
+ case "low", "medium", "high", "xhigh", "max":
return &value
default:
return nil
diff --git a/backend/internal/service/gateway_request_test.go b/backend/internal/service/gateway_request_test.go
index d262456d..40bd1186 100644
--- a/backend/internal/service/gateway_request_test.go
+++ b/backend/internal/service/gateway_request_test.go
@@ -1149,6 +1149,11 @@ func TestParseGatewayRequest_OutputEffort(t *testing.T) {
body: `{"model":"claude-opus-4-6","output_config":{"effort":"max"},"messages":[]}`,
wantEffort: "max",
},
+ {
+ name: "output_config.effort xhigh",
+ body: `{"model":"claude-opus-4-7","output_config":{"effort":"xhigh"},"messages":[]}`,
+ wantEffort: "xhigh",
+ },
{
name: "output_config without effort",
body: `{"model":"claude-opus-4-6","output_config":{},"messages":[]}`,
@@ -1186,9 +1191,10 @@ func TestNormalizeClaudeOutputEffort(t *testing.T) {
{"LOW", strPtr("low")},
{"Max", strPtr("max")},
{" medium ", strPtr("medium")},
+ {"xhigh", strPtr("xhigh")},
+ {"XHIGH", strPtr("xhigh")},
{"", nil},
{"unknown", nil},
- {"xhigh", nil},
}
for _, tt := range tests {
t.Run(tt.input, func(t *testing.T) {
diff --git a/backend/internal/service/gateway_service.go b/backend/internal/service/gateway_service.go
index 4b4fc0bf..5a91d0de 100644
--- a/backend/internal/service/gateway_service.go
+++ b/backend/internal/service/gateway_service.go
@@ -435,26 +435,19 @@ func prefetchedStickyAccountIDFromContext(ctx context.Context, groupID *int64) i
}
// shouldClearStickySession 检查账号是否处于不可调度状态,需要清理粘性会话绑定。
-// 当账号状态为错误、禁用、不可调度、处于临时不可调度期间,
-// 或请求的模型处于限流状态时,返回 true。
-// 这确保后续请求不会继续使用不可用的账号。
+// 委托 IsSchedulable() 判断账号级可调度性(状态、配额、过载、限流等),
+// 额外检查模型级限流。
//
// shouldClearStickySession checks if an account is in an unschedulable state
// and the sticky session binding should be cleared.
-// Returns true when account status is error/disabled, schedulable is false,
-// within temporary unschedulable period, or the requested model is rate-limited.
-// This ensures subsequent requests won't continue using unavailable accounts.
+// Delegates to IsSchedulable() for account-level checks, plus model-level rate limiting.
func shouldClearStickySession(account *Account, requestedModel string) bool {
if account == nil {
return false
}
- if account.Status == StatusError || account.Status == StatusDisabled || !account.Schedulable {
+ if !account.IsSchedulable() {
return true
}
- if account.TempUnschedulableUntil != nil && time.Now().Before(*account.TempUnschedulableUntil) {
- return true
- }
- // 检查模型限流和 scope 限流,有限流即清除粘性会话
if remaining := account.GetRateLimitRemainingTimeWithContext(context.Background(), requestedModel); remaining > 0 {
return true
}
@@ -7317,8 +7310,10 @@ func postUsageBilling(ctx context.Context, p *postUsageBillingParams, deps *bill
cost := p.Cost
if p.IsSubscriptionBill {
- if cost.TotalCost > 0 {
- if err := deps.userSubRepo.IncrementUsage(billingCtx, p.Subscription.ID, cost.TotalCost); err != nil {
+ // Subscription usage tracked by ActualCost so group rate multiplier
+ // consumes the quota at the expected speed.
+ if cost.ActualCost > 0 {
+ if err := deps.userSubRepo.IncrementUsage(billingCtx, p.Subscription.ID, cost.ActualCost); err != nil {
slog.Error("increment subscription usage failed", "subscription_id", p.Subscription.ID, "error", err)
}
}
@@ -7417,9 +7412,13 @@ func buildUsageBillingCommand(requestID string, usageLog *UsageLog, p *postUsage
}
}
+ // Record subscription / balance cost using ActualCost so the group (and any
+ // user-specific) rate multiplier consumes subscription quota at the expected
+ // speed. TotalCost remains the raw (pre-multiplier) value; downstream guards
+ // on "> 0" still correctly skip free subscriptions (RateMultiplier == 0).
if p.IsSubscriptionBill && p.Subscription != nil && p.Cost.TotalCost > 0 {
cmd.SubscriptionID = &p.Subscription.ID
- cmd.SubscriptionCost = p.Cost.TotalCost
+ cmd.SubscriptionCost = p.Cost.ActualCost
} else if p.Cost.ActualCost > 0 {
cmd.BalanceCost = p.Cost.ActualCost
}
@@ -7478,8 +7477,8 @@ func finalizePostUsageBilling(p *postUsageBillingParams, deps *billingDeps, resu
}
if p.IsSubscriptionBill {
- if p.Cost.TotalCost > 0 && p.User != nil && p.APIKey != nil && p.APIKey.GroupID != nil {
- deps.billingCacheService.QueueUpdateSubscriptionUsage(p.User.ID, *p.APIKey.GroupID, p.Cost.TotalCost)
+ if p.Cost.ActualCost > 0 && p.User != nil && p.APIKey != nil && p.APIKey.GroupID != nil {
+ deps.billingCacheService.QueueUpdateSubscriptionUsage(p.User.ID, *p.APIKey.GroupID, p.Cost.ActualCost)
}
} else if p.Cost.ActualCost > 0 && p.User != nil {
deps.billingCacheService.QueueDeductBalance(p.User.ID, p.Cost.ActualCost)
diff --git a/backend/internal/service/gateway_service_subscription_billing_test.go b/backend/internal/service/gateway_service_subscription_billing_test.go
new file mode 100644
index 00000000..42a81035
--- /dev/null
+++ b/backend/internal/service/gateway_service_subscription_billing_test.go
@@ -0,0 +1,85 @@
+//go:build unit
+
+package service
+
+import (
+ "testing"
+)
+
+// TestBuildUsageBillingCommand_SubscriptionAppliesRateMultiplier locks in the fix
+// that subscription-mode billing honours the group (and any user-specific) rate
+// multiplier — i.e. cmd.SubscriptionCost tracks ActualCost (= TotalCost *
+// RateMultiplier), not raw TotalCost.
+func TestBuildUsageBillingCommand_SubscriptionAppliesRateMultiplier(t *testing.T) {
+ t.Parallel()
+
+ groupID := int64(7)
+ subID := int64(42)
+
+ tests := []struct {
+ name string
+ totalCost float64
+ actualCost float64
+ isSubscription bool
+ wantSub float64
+ wantBalance float64
+ }{
+ {
+ name: "subscription with 2x multiplier consumes 2x quota",
+ totalCost: 1.0,
+ actualCost: 2.0,
+ isSubscription: true,
+ wantSub: 2.0,
+ wantBalance: 0,
+ },
+ {
+ name: "subscription with 0.5x multiplier consumes 0.5x quota",
+ totalCost: 1.0,
+ actualCost: 0.5,
+ isSubscription: true,
+ wantSub: 0.5,
+ wantBalance: 0,
+ },
+ {
+ name: "free subscription (multiplier 0) consumes no quota",
+ totalCost: 1.0,
+ actualCost: 0,
+ isSubscription: true,
+ wantSub: 0,
+ wantBalance: 0,
+ },
+ {
+ name: "balance billing keeps using ActualCost (regression)",
+ totalCost: 1.0,
+ actualCost: 2.0,
+ isSubscription: false,
+ wantSub: 0,
+ wantBalance: 2.0,
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ t.Parallel()
+ p := &postUsageBillingParams{
+ Cost: &CostBreakdown{TotalCost: tt.totalCost, ActualCost: tt.actualCost},
+ User: &User{ID: 1},
+ APIKey: &APIKey{ID: 2, GroupID: &groupID},
+ Account: &Account{ID: 3},
+ Subscription: &UserSubscription{ID: subID},
+ IsSubscriptionBill: tt.isSubscription,
+ }
+
+ cmd := buildUsageBillingCommand("req-1", nil, p)
+ if cmd == nil {
+ t.Fatal("buildUsageBillingCommand returned nil")
+ }
+ if cmd.SubscriptionCost != tt.wantSub {
+ t.Errorf("SubscriptionCost = %v, want %v", cmd.SubscriptionCost, tt.wantSub)
+ }
+ if cmd.BalanceCost != tt.wantBalance {
+ t.Errorf("BalanceCost = %v, want %v", cmd.BalanceCost, tt.wantBalance)
+ }
+ })
+ }
+}
diff --git a/backend/internal/service/group.go b/backend/internal/service/group.go
index 12262613..64434ae1 100644
--- a/backend/internal/service/group.go
+++ b/backend/internal/service/group.go
@@ -76,10 +76,6 @@ func (g *Group) IsSubscriptionType() bool {
return g.SubscriptionType == SubscriptionTypeSubscription
}
-func (g *Group) IsFreeSubscription() bool {
- return g.IsSubscriptionType() && g.RateMultiplier == 0
-}
-
func (g *Group) HasDailyLimit() bool {
return g.DailyLimitUSD != nil && *g.DailyLimitUSD > 0
}
diff --git a/backend/internal/service/openai_codex_transform.go b/backend/internal/service/openai_codex_transform.go
index a266d6a0..457309d3 100644
--- a/backend/internal/service/openai_codex_transform.go
+++ b/backend/internal/service/openai_codex_transform.go
@@ -8,7 +8,6 @@ import (
var codexModelMap = map[string]string{
"gpt-5.4": "gpt-5.4",
"gpt-5.4-mini": "gpt-5.4-mini",
- "gpt-5.4-nano": "gpt-5.4-nano",
"gpt-5.4-none": "gpt-5.4",
"gpt-5.4-low": "gpt-5.4",
"gpt-5.4-medium": "gpt-5.4",
@@ -22,52 +21,21 @@ var codexModelMap = map[string]string{
"gpt-5.3-high": "gpt-5.3-codex",
"gpt-5.3-xhigh": "gpt-5.3-codex",
"gpt-5.3-codex": "gpt-5.3-codex",
- "gpt-5.3-codex-spark": "gpt-5.3-codex",
- "gpt-5.3-codex-spark-low": "gpt-5.3-codex",
- "gpt-5.3-codex-spark-medium": "gpt-5.3-codex",
- "gpt-5.3-codex-spark-high": "gpt-5.3-codex",
- "gpt-5.3-codex-spark-xhigh": "gpt-5.3-codex",
+ "gpt-5.3-codex-spark": "gpt-5.3-codex-spark",
+ "gpt-5.3-codex-spark-low": "gpt-5.3-codex-spark",
+ "gpt-5.3-codex-spark-medium": "gpt-5.3-codex-spark",
+ "gpt-5.3-codex-spark-high": "gpt-5.3-codex-spark",
+ "gpt-5.3-codex-spark-xhigh": "gpt-5.3-codex-spark",
"gpt-5.3-codex-low": "gpt-5.3-codex",
"gpt-5.3-codex-medium": "gpt-5.3-codex",
"gpt-5.3-codex-high": "gpt-5.3-codex",
"gpt-5.3-codex-xhigh": "gpt-5.3-codex",
- "gpt-5.1-codex": "gpt-5.1-codex",
- "gpt-5.1-codex-low": "gpt-5.1-codex",
- "gpt-5.1-codex-medium": "gpt-5.1-codex",
- "gpt-5.1-codex-high": "gpt-5.1-codex",
- "gpt-5.1-codex-max": "gpt-5.1-codex-max",
- "gpt-5.1-codex-max-low": "gpt-5.1-codex-max",
- "gpt-5.1-codex-max-medium": "gpt-5.1-codex-max",
- "gpt-5.1-codex-max-high": "gpt-5.1-codex-max",
- "gpt-5.1-codex-max-xhigh": "gpt-5.1-codex-max",
"gpt-5.2": "gpt-5.2",
"gpt-5.2-none": "gpt-5.2",
"gpt-5.2-low": "gpt-5.2",
"gpt-5.2-medium": "gpt-5.2",
"gpt-5.2-high": "gpt-5.2",
"gpt-5.2-xhigh": "gpt-5.2",
- "gpt-5.2-codex": "gpt-5.2-codex",
- "gpt-5.2-codex-low": "gpt-5.2-codex",
- "gpt-5.2-codex-medium": "gpt-5.2-codex",
- "gpt-5.2-codex-high": "gpt-5.2-codex",
- "gpt-5.2-codex-xhigh": "gpt-5.2-codex",
- "gpt-5.1-codex-mini": "gpt-5.1-codex-mini",
- "gpt-5.1-codex-mini-medium": "gpt-5.1-codex-mini",
- "gpt-5.1-codex-mini-high": "gpt-5.1-codex-mini",
- "gpt-5.1": "gpt-5.1",
- "gpt-5.1-none": "gpt-5.1",
- "gpt-5.1-low": "gpt-5.1",
- "gpt-5.1-medium": "gpt-5.1",
- "gpt-5.1-high": "gpt-5.1",
- "gpt-5.1-chat-latest": "gpt-5.1",
- "gpt-5-codex": "gpt-5.1-codex",
- "codex-mini-latest": "gpt-5.1-codex-mini",
- "gpt-5-codex-mini": "gpt-5.1-codex-mini",
- "gpt-5-codex-mini-medium": "gpt-5.1-codex-mini",
- "gpt-5-codex-mini-high": "gpt-5.1-codex-mini",
- "gpt-5": "gpt-5.1",
- "gpt-5-mini": "gpt-5.1",
- "gpt-5-nano": "gpt-5.1",
}
type codexTransformResult struct {
@@ -220,7 +188,7 @@ func applyCodexOAuthTransform(reqBody map[string]any, isCodexCLI bool, isCompact
func normalizeCodexModel(model string) string {
if model == "" {
- return "gpt-5.1"
+ return "gpt-5.4"
}
modelID := model
@@ -238,49 +206,29 @@ func normalizeCodexModel(model string) string {
if strings.Contains(normalized, "gpt-5.4-mini") || strings.Contains(normalized, "gpt 5.4 mini") {
return "gpt-5.4-mini"
}
- if strings.Contains(normalized, "gpt-5.4-nano") || strings.Contains(normalized, "gpt 5.4 nano") {
- return "gpt-5.4-nano"
- }
if strings.Contains(normalized, "gpt-5.4") || strings.Contains(normalized, "gpt 5.4") {
return "gpt-5.4"
}
- if strings.Contains(normalized, "gpt-5.2-codex") || strings.Contains(normalized, "gpt 5.2 codex") {
- return "gpt-5.2-codex"
- }
if strings.Contains(normalized, "gpt-5.2") || strings.Contains(normalized, "gpt 5.2") {
return "gpt-5.2"
}
+ if strings.Contains(normalized, "gpt-5.3-codex-spark") || strings.Contains(normalized, "gpt 5.3 codex spark") {
+ return "gpt-5.3-codex-spark"
+ }
if strings.Contains(normalized, "gpt-5.3-codex") || strings.Contains(normalized, "gpt 5.3 codex") {
return "gpt-5.3-codex"
}
if strings.Contains(normalized, "gpt-5.3") || strings.Contains(normalized, "gpt 5.3") {
return "gpt-5.3-codex"
}
- if strings.Contains(normalized, "gpt-5.1-codex-max") || strings.Contains(normalized, "gpt 5.1 codex max") {
- return "gpt-5.1-codex-max"
- }
- if strings.Contains(normalized, "gpt-5.1-codex-mini") || strings.Contains(normalized, "gpt 5.1 codex mini") {
- return "gpt-5.1-codex-mini"
- }
- if strings.Contains(normalized, "codex-mini-latest") ||
- strings.Contains(normalized, "gpt-5-codex-mini") ||
- strings.Contains(normalized, "gpt 5 codex mini") {
- return "codex-mini-latest"
- }
- if strings.Contains(normalized, "gpt-5.1-codex") || strings.Contains(normalized, "gpt 5.1 codex") {
- return "gpt-5.1-codex"
- }
- if strings.Contains(normalized, "gpt-5.1") || strings.Contains(normalized, "gpt 5.1") {
- return "gpt-5.1"
- }
if strings.Contains(normalized, "codex") {
- return "gpt-5.1-codex"
+ return "gpt-5.3-codex"
}
if strings.Contains(normalized, "gpt-5") || strings.Contains(normalized, "gpt 5") {
- return "gpt-5.1"
+ return "gpt-5.4"
}
- return "gpt-5.1"
+ return "gpt-5.4"
}
func normalizeOpenAIModelForUpstream(account *Account, model string) string {
diff --git a/backend/internal/service/openai_codex_transform_test.go b/backend/internal/service/openai_codex_transform_test.go
index 993ade07..22264f5e 100644
--- a/backend/internal/service/openai_codex_transform_test.go
+++ b/backend/internal/service/openai_codex_transform_test.go
@@ -240,15 +240,13 @@ func TestNormalizeCodexModel_Gpt53(t *testing.T) {
"gpt 5.4": "gpt-5.4",
"gpt-5.4-mini": "gpt-5.4-mini",
"gpt 5.4 mini": "gpt-5.4-mini",
- "gpt-5.4-nano": "gpt-5.4-nano",
- "gpt 5.4 nano": "gpt-5.4-nano",
"gpt-5.3": "gpt-5.3-codex",
"gpt-5.3-codex": "gpt-5.3-codex",
"gpt-5.3-codex-xhigh": "gpt-5.3-codex",
- "gpt-5.3-codex-spark": "gpt-5.3-codex",
- "gpt 5.3 codex spark": "gpt-5.3-codex",
- "gpt-5.3-codex-spark-high": "gpt-5.3-codex",
- "gpt-5.3-codex-spark-xhigh": "gpt-5.3-codex",
+ "gpt-5.3-codex-spark": "gpt-5.3-codex-spark",
+ "gpt 5.3 codex spark": "gpt-5.3-codex-spark",
+ "gpt-5.3-codex-spark-high": "gpt-5.3-codex-spark",
+ "gpt-5.3-codex-spark-xhigh": "gpt-5.3-codex-spark",
"gpt 5.3 codex": "gpt-5.3-codex",
}
@@ -257,6 +255,26 @@ func TestNormalizeCodexModel_Gpt53(t *testing.T) {
}
}
+func TestNormalizeCodexModel_RemovedModelsFallbackToSupportedTargets(t *testing.T) {
+ cases := map[string]string{
+ "": "gpt-5.4",
+ "gpt-5": "gpt-5.4",
+ "gpt-5-mini": "gpt-5.4",
+ "gpt-5-nano": "gpt-5.4",
+ "gpt-5.1": "gpt-5.4",
+ "gpt-5.1-codex": "gpt-5.3-codex",
+ "gpt-5.1-codex-max": "gpt-5.3-codex",
+ "gpt-5.1-codex-mini": "gpt-5.3-codex",
+ "gpt-5.2-codex": "gpt-5.2",
+ "codex-mini-latest": "gpt-5.3-codex",
+ "gpt-5-codex": "gpt-5.3-codex",
+ }
+
+ for input, expected := range cases {
+ require.Equal(t, expected, normalizeCodexModel(input))
+ }
+}
+
func TestApplyCodexOAuthTransform_PreservesBareSparkModel(t *testing.T) {
reqBody := map[string]any{
"model": "gpt-5.3-codex-spark",
diff --git a/backend/internal/service/openai_compat_prompt_cache_key.go b/backend/internal/service/openai_compat_prompt_cache_key.go
index 88e16a4d..fcd27f19 100644
--- a/backend/internal/service/openai_compat_prompt_cache_key.go
+++ b/backend/internal/service/openai_compat_prompt_cache_key.go
@@ -10,8 +10,14 @@ import (
const compatPromptCacheKeyPrefix = "compat_cc_"
func shouldAutoInjectPromptCacheKeyForCompat(model string) bool {
- switch normalizeCodexModel(strings.TrimSpace(model)) {
- case "gpt-5.4", "gpt-5.3-codex":
+ trimmed := strings.TrimSpace(strings.ToLower(model))
+ // 仅对 Codex OAuth 路径支持的 GPT-5 族开启自动注入,避免 normalizeCodexModel
+ // 的默认兜底把任意模型(如 gpt-4o、claude-*)误判为 gpt-5.4。
+ if !strings.Contains(trimmed, "gpt-5") && !strings.Contains(trimmed, "codex") {
+ return false
+ }
+ switch normalizeCodexModel(trimmed) {
+ case "gpt-5.4", "gpt-5.3-codex", "gpt-5.3-codex-spark":
return true
default:
return false
diff --git a/backend/internal/service/openai_gateway_record_usage_test.go b/backend/internal/service/openai_gateway_record_usage_test.go
index e6fa94aa..6fa8a5bd 100644
--- a/backend/internal/service/openai_gateway_record_usage_test.go
+++ b/backend/internal/service/openai_gateway_record_usage_test.go
@@ -1031,7 +1031,7 @@ func TestOpenAIGatewayServiceRecordUsage_SubscriptionBillingSetsSubscriptionFiel
Model: "gpt-5.1",
Duration: time.Second,
},
- APIKey: &APIKey{ID: 100, GroupID: i64p(88), Group: &Group{ID: 88, SubscriptionType: SubscriptionTypeSubscription}},
+ APIKey: &APIKey{ID: 100, GroupID: i64p(88), Group: &Group{ID: 88, SubscriptionType: SubscriptionTypeSubscription, RateMultiplier: 1.0}},
User: &User{ID: 200},
Account: &Account{ID: 300},
Subscription: subscription,
diff --git a/backend/internal/service/openai_model_mapping_test.go b/backend/internal/service/openai_model_mapping_test.go
index cda7e369..35e7c250 100644
--- a/backend/internal/service/openai_model_mapping_test.go
+++ b/backend/internal/service/openai_model_mapping_test.go
@@ -69,14 +69,14 @@ func TestResolveOpenAIForwardModel(t *testing.T) {
}
}
-func TestResolveOpenAIForwardModel_PreventsClaudeModelFromFallingBackToGpt51(t *testing.T) {
+func TestResolveOpenAIForwardModel_PreventsClaudeModelFromFallingBackToGpt54(t *testing.T) {
account := &Account{
Credentials: map[string]any{},
}
withoutDefault := normalizeCodexModel(resolveOpenAIForwardModel(account, "claude-opus-4-6", ""))
- if withoutDefault != "gpt-5.1" {
- t.Fatalf("normalizeCodexModel(...) = %q, want %q", withoutDefault, "gpt-5.1")
+ if withoutDefault != "gpt-5.4" {
+ t.Fatalf("normalizeCodexModel(...) = %q, want %q", withoutDefault, "gpt-5.4")
}
withDefault := normalizeCodexModel(resolveOpenAIForwardModel(account, "claude-opus-4-6", "gpt-5.4"))
@@ -87,9 +87,9 @@ func TestResolveOpenAIForwardModel_PreventsClaudeModelFromFallingBackToGpt51(t *
func TestNormalizeCodexModel(t *testing.T) {
cases := map[string]string{
- "gpt-5.3-codex-spark": "gpt-5.3-codex",
- "gpt-5.3-codex-spark-high": "gpt-5.3-codex",
- "gpt-5.3-codex-spark-xhigh": "gpt-5.3-codex",
+ "gpt-5.3-codex-spark": "gpt-5.3-codex-spark",
+ "gpt-5.3-codex-spark-high": "gpt-5.3-codex-spark",
+ "gpt-5.3-codex-spark-xhigh": "gpt-5.3-codex-spark",
"gpt-5.3": "gpt-5.3-codex",
}
@@ -111,7 +111,7 @@ func TestNormalizeOpenAIModelForUpstream(t *testing.T) {
name: "oauth keeps codex normalization behavior",
account: &Account{Type: AccountTypeOAuth},
model: "gemini-3-flash-preview",
- want: "gpt-5.1",
+ want: "gpt-5.4",
},
{
name: "apikey preserves custom compatible model",
diff --git a/backend/internal/service/payment_config_providers.go b/backend/internal/service/payment_config_providers.go
index 9e1b5039..d2f89b06 100644
--- a/backend/internal/service/payment_config_providers.go
+++ b/backend/internal/service/payment_config_providers.go
@@ -4,6 +4,7 @@ import (
"context"
"encoding/json"
"fmt"
+ "log/slog"
"strconv"
"strings"
@@ -11,9 +12,22 @@ import (
"github.com/Wei-Shaw/sub2api/ent/paymentorder"
"github.com/Wei-Shaw/sub2api/ent/paymentproviderinstance"
"github.com/Wei-Shaw/sub2api/internal/payment"
+ "github.com/Wei-Shaw/sub2api/internal/payment/provider"
infraerrors "github.com/Wei-Shaw/sub2api/internal/pkg/errors"
)
+// validateProviderConfig runs the provider's constructor to surface config-level
+// errors at save time (e.g. wxpay missing certSerial), instead of only failing
+// when an order is created. Returns the structured ApplicationError from the
+// constructor so the frontend i18n layer can localize it.
+//
+// Only validates enabled instances — a disabled instance may be a half-filled
+// draft the admin will complete later.
+func (s *PaymentConfigService) validateProviderConfig(providerKey string, config map[string]string) error {
+ _, err := provider.CreateProvider(providerKey, "_validate_", config)
+ return err
+}
+
// --- Provider Instance CRUD ---
func (s *PaymentConfigService) ListProviderInstances(ctx context.Context) ([]*dbent.PaymentProviderInstance, error) {
@@ -47,11 +61,10 @@ func (s *PaymentConfigService) ListProviderInstancesWithConfig(ctx context.Conte
resp := ProviderInstanceResponse{
ID: int64(inst.ID), ProviderKey: inst.ProviderKey, Name: inst.Name,
SupportedTypes: splitTypes(inst.SupportedTypes), Limits: inst.Limits,
- Enabled: inst.Enabled, RefundEnabled: inst.RefundEnabled,
- AllowUserRefund: inst.AllowUserRefund,
- SortOrder: inst.SortOrder, PaymentMode: inst.PaymentMode,
+ Enabled: inst.Enabled, RefundEnabled: inst.RefundEnabled, AllowUserRefund: inst.AllowUserRefund,
+ SortOrder: inst.SortOrder, PaymentMode: inst.PaymentMode,
}
- resp.Config, err = s.decryptAndMaskConfig(inst.Config)
+ resp.Config, err = s.decryptAndMaskConfig(inst.ProviderKey, inst.Config)
if err != nil {
return nil, fmt.Errorf("decrypt config for instance %d: %w", inst.ID, err)
}
@@ -60,8 +73,26 @@ func (s *PaymentConfigService) ListProviderInstancesWithConfig(ctx context.Conte
return result, nil
}
-func (s *PaymentConfigService) decryptAndMaskConfig(encrypted string) (map[string]string, error) {
- return s.decryptConfig(encrypted)
+// decryptAndMaskConfig returns the stored config with sensitive fields omitted.
+// Admin UIs display masked placeholders for these; the raw values never leave
+// the server. Callers that need the full config (e.g. payment runtime) must
+// use decryptConfig directly.
+func (s *PaymentConfigService) decryptAndMaskConfig(providerKey, encrypted string) (map[string]string, error) {
+ cfg, err := s.decryptConfig(encrypted)
+ if err != nil {
+ return nil, err
+ }
+ if cfg == nil {
+ return nil, nil
+ }
+ masked := make(map[string]string, len(cfg))
+ for k, v := range cfg {
+ if isSensitiveProviderConfigField(providerKey, k) {
+ continue
+ }
+ masked[k] = v
+ }
+ return masked, nil
}
// pendingOrderStatuses are order statuses considered "in progress".
@@ -71,16 +102,27 @@ var pendingOrderStatuses = []string{
payment.OrderStatusRecharging,
}
-var sensitiveConfigPatterns = []string{"key", "pkey", "secret", "private", "password"}
+// providerSensitiveConfigFields is the authoritative list of config keys that
+// are treated as secrets per provider. Must stay in sync with the frontend
+// definition at frontend/src/components/payment/providerConfig.ts
+// (PROVIDER_CONFIG_FIELDS, fields with sensitive: true).
+//
+// Key matching is case-insensitive. Non-listed keys (e.g. appId, notifyUrl,
+// stripe publishableKey) are returned in plaintext by the admin GET API.
+var providerSensitiveConfigFields = map[string]map[string]struct{}{
+ payment.TypeEasyPay: {"pkey": {}},
+ payment.TypeAlipay: {"privatekey": {}, "publickey": {}, "alipaypublickey": {}},
+ payment.TypeWxpay: {"privatekey": {}, "apiv3key": {}, "publickey": {}},
+ payment.TypeStripe: {"secretkey": {}, "webhooksecret": {}},
+}
-func isSensitiveConfigField(fieldName string) bool {
- lower := strings.ToLower(fieldName)
- for _, p := range sensitiveConfigPatterns {
- if strings.Contains(lower, p) {
- return true
- }
+func isSensitiveProviderConfigField(providerKey, fieldName string) bool {
+ fields, ok := providerSensitiveConfigFields[providerKey]
+ if !ok {
+ return false
}
- return false
+ _, found := fields[strings.ToLower(fieldName)]
+ return found
}
func (s *PaymentConfigService) countPendingOrders(ctx context.Context, providerInstanceID int64) (int, error) {
@@ -111,6 +153,11 @@ func (s *PaymentConfigService) CreateProviderInstance(ctx context.Context, req C
if err := s.validateVisibleMethodEnablementConflicts(ctx, 0, req.ProviderKey, typesStr, req.Enabled); err != nil {
return nil, err
}
+ if req.Enabled {
+ if err := s.validateProviderConfig(req.ProviderKey, req.Config); err != nil {
+ return nil, err
+ }
+ }
enc, err := s.encryptConfig(req.Config)
if err != nil {
return nil, err
@@ -141,7 +188,7 @@ func validateProviderRequest(providerKey, name, supportedTypes string) error {
func (s *PaymentConfigService) UpdateProviderInstance(ctx context.Context, id int64, req UpdateProviderInstanceRequest) (*dbent.PaymentProviderInstance, error) {
current, err := s.entClient.PaymentProviderInstance.Get(ctx, id)
if err != nil {
- return nil, err
+ return nil, fmt.Errorf("load provider instance: %w", err)
}
nextEnabled := current.Enabled
if req.Enabled != nil {
@@ -156,8 +203,8 @@ func (s *PaymentConfigService) UpdateProviderInstance(ctx context.Context, id in
}
if req.Config != nil {
hasSensitive := false
- for k := range req.Config {
- if isSensitiveConfigField(k) && req.Config[k] != "" {
+ for k, v := range req.Config {
+ if v != "" && isSensitiveProviderConfigField(current.ProviderKey, k) {
hasSensitive = true
break
}
@@ -183,16 +230,38 @@ func (s *PaymentConfigService) UpdateProviderInstance(ctx context.Context, id in
WithMetadata(map[string]string{"count": strconv.Itoa(count)})
}
}
+ // Validate merged config when the instance will end up enabled.
+ // This surfaces provider-level errors (e.g. wxpay missing certSerial) at save time,
+ // so admins see them in the dialog instead of only when an order is created.
+ finalEnabled := current.Enabled
+ if req.Enabled != nil {
+ finalEnabled = *req.Enabled
+ }
+ var mergedConfig map[string]string
+ if req.Config != nil {
+ mergedConfig, err = s.mergeConfig(ctx, id, req.Config)
+ if err != nil {
+ return nil, err
+ }
+ }
+ if finalEnabled {
+ configToValidate := mergedConfig
+ if configToValidate == nil {
+ configToValidate, err = s.decryptConfig(current.Config)
+ if err != nil {
+ return nil, fmt.Errorf("decrypt existing config: %w", err)
+ }
+ }
+ if err := s.validateProviderConfig(current.ProviderKey, configToValidate); err != nil {
+ return nil, err
+ }
+ }
u := s.entClient.PaymentProviderInstance.UpdateOneID(id)
if req.Name != nil {
u.SetName(*req.Name)
}
- if req.Config != nil {
- merged, err := s.mergeConfig(ctx, id, req.Config)
- if err != nil {
- return nil, err
- }
- enc, err := s.encryptConfig(merged)
+ if mergedConfig != nil {
+ enc, err := s.encryptConfig(mergedConfig)
if err != nil {
return nil, err
}
@@ -293,27 +362,48 @@ func (s *PaymentConfigService) mergeConfig(ctx context.Context, id int64, newCon
return nil, fmt.Errorf("decrypt existing config for instance %d: %w", id, err)
}
if existing == nil {
- return newConfig, nil
+ existing = map[string]string{}
}
for k, v := range newConfig {
+ // Preserve existing secrets when the client submits an empty value
+ // (admin UI omits the value to indicate "leave unchanged").
+ if v == "" && isSensitiveProviderConfigField(inst.ProviderKey, k) {
+ continue
+ }
existing[k] = v
}
return existing, nil
}
-func (s *PaymentConfigService) decryptConfig(encrypted string) (map[string]string, error) {
- if encrypted == "" {
+// decryptConfig parses a stored provider config.
+// New records are plaintext JSON; legacy records are AES-256-GCM ciphertext
+// ("iv:authTag:ciphertext"). Values that cannot be parsed as either — including
+// legacy ciphertext with no/invalid TOTP_ENCRYPTION_KEY — are treated as empty,
+// letting the admin re-enter the config via the UI to complete the migration.
+//
+// TODO(deprecated-legacy-ciphertext): The AES fallback branch is a transitional
+// shim for pre-plaintext records. Remove it (and the encryptionKey field) after
+// a few releases once all live deployments have re-saved their provider configs.
+func (s *PaymentConfigService) decryptConfig(stored string) (map[string]string, error) {
+ if stored == "" {
return nil, nil
}
- decrypted, err := payment.Decrypt(encrypted, s.encryptionKey)
- if err != nil {
- return nil, fmt.Errorf("decrypt config: %w", err)
+ var cfg map[string]string
+ if err := json.Unmarshal([]byte(stored), &cfg); err == nil {
+ return cfg, nil
}
- var raw map[string]string
- if err := json.Unmarshal([]byte(decrypted), &raw); err != nil {
- return nil, fmt.Errorf("unmarshal decrypted config: %w", err)
+ // Deprecated: legacy AES-256-GCM ciphertext fallback — scheduled for removal.
+ if len(s.encryptionKey) == payment.AES256KeySize {
+ //nolint:staticcheck // SA1019: intentional legacy fallback, scheduled for removal
+ if plaintext, err := payment.Decrypt(stored, s.encryptionKey); err == nil {
+ if err := json.Unmarshal([]byte(plaintext), &cfg); err == nil {
+ return cfg, nil
+ }
+ }
}
- return raw, nil
+ slog.Warn("payment provider config unreadable, treating as empty for re-entry",
+ "stored_len", len(stored))
+ return nil, nil
}
func (s *PaymentConfigService) DeleteProviderInstance(ctx context.Context, id int64) error {
@@ -328,14 +418,13 @@ func (s *PaymentConfigService) DeleteProviderInstance(ctx context.Context, id in
return s.entClient.PaymentProviderInstance.DeleteOneID(id).Exec(ctx)
}
+// encryptConfig serialises a provider config for storage.
+// New records are written as plaintext JSON; the historical AES-GCM wrapping
+// has been dropped but decryptConfig still accepts old ciphertext during migration.
func (s *PaymentConfigService) encryptConfig(cfg map[string]string) (string, error) {
data, err := json.Marshal(cfg)
if err != nil {
return "", fmt.Errorf("marshal config: %w", err)
}
- enc, err := payment.Encrypt(string(data), s.encryptionKey)
- if err != nil {
- return "", fmt.Errorf("encrypt config: %w", err)
- }
- return enc, nil
+ return string(data), nil
}
diff --git a/backend/internal/service/payment_config_providers_test.go b/backend/internal/service/payment_config_providers_test.go
index 3d1b19fd..b8c1b15b 100644
--- a/backend/internal/service/payment_config_providers_test.go
+++ b/backend/internal/service/payment_config_providers_test.go
@@ -99,41 +99,52 @@ func TestValidateProviderRequest(t *testing.T) {
}
}
-func TestIsSensitiveConfigField(t *testing.T) {
+func TestIsSensitiveProviderConfigField(t *testing.T) {
t.Parallel()
tests := []struct {
- field string
- wantSen bool
+ providerKey string
+ field string
+ wantSen bool
}{
- // Sensitive fields (contain key/secret/private/password/pkey patterns)
- {"secretKey", true},
- {"apiSecret", true},
- {"pkey", true},
- {"privateKey", true},
- {"apiPassword", true},
- {"appKey", true},
- {"SECRET_TOKEN", true},
- {"PrivateData", true},
- {"PASSWORD", true},
- {"mySecretValue", true},
+ // Stripe: publishableKey is public, only secretKey/webhookSecret are secrets
+ {"stripe", "secretKey", true},
+ {"stripe", "webhookSecret", true},
+ {"stripe", "SecretKey", true}, // case-insensitive
+ {"stripe", "publishableKey", false},
+ {"stripe", "appId", false},
- // Non-sensitive fields
- {"appId", false},
- {"mchId", false},
- {"apiBase", false},
- {"endpoint", false},
- {"merchantNo", false},
- {"paymentMode", false},
- {"notifyUrl", false},
+ // Alipay
+ {"alipay", "privateKey", true},
+ {"alipay", "publicKey", true},
+ {"alipay", "alipayPublicKey", true},
+ {"alipay", "appId", false},
+ {"alipay", "notifyUrl", false},
+
+ // Wxpay
+ {"wxpay", "privateKey", true},
+ {"wxpay", "apiV3Key", true},
+ {"wxpay", "publicKey", true},
+ {"wxpay", "publicKeyId", false},
+ {"wxpay", "certSerial", false},
+ {"wxpay", "mchId", false},
+
+ // EasyPay
+ {"easypay", "pkey", true},
+ {"easypay", "pid", false},
+ {"easypay", "apiBase", false},
+
+ // Unknown provider: never sensitive
+ {"unknown", "secretKey", false},
}
for _, tc := range tests {
- t.Run(tc.field, func(t *testing.T) {
+ tc := tc
+ t.Run(tc.providerKey+"/"+tc.field, func(t *testing.T) {
t.Parallel()
- got := isSensitiveConfigField(tc.field)
- assert.Equal(t, tc.wantSen, got, "isSensitiveConfigField(%q)", tc.field)
+ got := isSensitiveProviderConfigField(tc.providerKey, tc.field)
+ assert.Equal(t, tc.wantSen, got, "isSensitiveProviderConfigField(%q, %q)", tc.providerKey, tc.field)
})
}
}
diff --git a/backend/internal/service/payment_order.go b/backend/internal/service/payment_order.go
index 4740cb0f..6554526e 100644
--- a/backend/internal/service/payment_order.go
+++ b/backend/internal/service/payment_order.go
@@ -2,6 +2,7 @@ package service
import (
"context"
+ "errors"
"fmt"
"log/slog"
"math"
@@ -201,7 +202,7 @@ func (s *PaymentService) checkPendingLimit(ctx context.Context, tx *dbent.Tx, us
return fmt.Errorf("count pending orders: %w", err)
}
if c >= max {
- return infraerrors.TooManyRequests("TOO_MANY_PENDING", fmt.Sprintf("too many pending orders (max %d)", max)).
+ return infraerrors.TooManyRequests("TOO_MANY_PENDING", "too_many_pending").
WithMetadata(map[string]string{"max": strconv.Itoa(max)})
}
return nil
@@ -284,7 +285,8 @@ func (s *PaymentService) checkDailyLimit(ctx context.Context, tx *dbent.Tx, user
used += o.Amount
}
if used+amount > limit {
- return infraerrors.TooManyRequests("DAILY_LIMIT_EXCEEDED", fmt.Sprintf("daily recharge limit reached, remaining: %.2f", math.Max(0, limit-used)))
+ return infraerrors.TooManyRequests("DAILY_LIMIT_EXCEEDED", "daily_limit_exceeded").
+ WithMetadata(map[string]string{"remaining": fmt.Sprintf("%.2f", math.Max(0, limit-used))})
}
return nil
}
@@ -296,10 +298,11 @@ func (s *PaymentService) selectCreateOrderInstance(ctx context.Context, req Crea
}
sel, err := s.loadBalancer.SelectInstance(selectCtx, "", req.PaymentType, payment.Strategy(cfg.LoadBalanceStrategy), payAmount)
if err != nil {
- return nil, infraerrors.ServiceUnavailable("PAYMENT_GATEWAY_ERROR", fmt.Sprintf("payment method (%s) is not configured", req.PaymentType))
+ return nil, infraerrors.ServiceUnavailable("PAYMENT_GATEWAY_ERROR", "method_not_configured").
+ WithMetadata(map[string]string{"payment_type": req.PaymentType})
}
if sel == nil {
- return nil, infraerrors.TooManyRequests("NO_AVAILABLE_INSTANCE", "no available payment instance")
+ return nil, infraerrors.TooManyRequests("NO_AVAILABLE_INSTANCE", "no_available_instance")
}
return sel, nil
}
@@ -342,7 +345,18 @@ func (s *PaymentService) usesOfficialWxpayVisibleMethod(ctx context.Context) boo
func (s *PaymentService) invokeProvider(ctx context.Context, order *dbent.PaymentOrder, req CreateOrderRequest, cfg *PaymentConfig, limitAmount float64, payAmountStr string, payAmount float64, plan *dbent.SubscriptionPlan, sel *payment.InstanceSelection) (*CreateOrderResponse, error) {
prov, err := provider.CreateProvider(sel.ProviderKey, sel.InstanceID, sel.Config)
if err != nil {
- return nil, infraerrors.ServiceUnavailable("PAYMENT_GATEWAY_ERROR", "payment method is temporarily unavailable")
+ slog.Error("[PaymentService] CreateProvider failed", "provider", sel.ProviderKey, "instance", sel.InstanceID, "error", err)
+ // If the provider returned a structured ApplicationError (e.g. WXPAY_CONFIG_MISSING_KEY),
+ // pass it through with provider context added to metadata. Otherwise wrap as PAYMENT_PROVIDER_MISCONFIGURED.
+ if appErr := new(infraerrors.ApplicationError); errors.As(err, &appErr) {
+ md := map[string]string{"provider": sel.ProviderKey, "instance_id": sel.InstanceID}
+ for k, v := range appErr.Metadata {
+ md[k] = v
+ }
+ return nil, appErr.WithMetadata(md)
+ }
+ return nil, infraerrors.ServiceUnavailable("PAYMENT_PROVIDER_MISCONFIGURED", "provider_misconfigured").
+ WithMetadata(map[string]string{"provider": sel.ProviderKey, "instance_id": sel.InstanceID})
}
subject := s.buildPaymentSubject(plan, limitAmount, cfg)
outTradeNo := order.OutTradeNo
@@ -380,6 +394,9 @@ func (s *PaymentService) invokeProvider(ctx context.Context, order *dbent.Paymen
pr, err := prov.CreatePayment(ctx, providerReq)
if err != nil {
slog.Error("[PaymentService] CreatePayment failed", "provider", sel.ProviderKey, "instance", sel.InstanceID, "error", err)
+ if appErr := new(infraerrors.ApplicationError); errors.As(err, &appErr) {
+ return nil, appErr
+ }
return nil, classifyCreatePaymentError(req, sel.ProviderKey, err)
}
_, err = s.entClient.PaymentOrder.UpdateOneID(order.ID).
diff --git a/backend/internal/service/sticky_session_test.go b/backend/internal/service/sticky_session_test.go
index e7ef8982..11ace7bd 100644
--- a/backend/internal/service/sticky_session_test.go
+++ b/backend/internal/service/sticky_session_test.go
@@ -15,20 +15,8 @@ import (
"github.com/stretchr/testify/require"
)
-// TestShouldClearStickySession 测试粘性会话清理判断逻辑。
-// 验证在以下情况下是否正确判断需要清理粘性会话:
-// - nil 账号:不清理(返回 false)
-// - 状态为错误或禁用:清理
-// - 不可调度:清理
-// - 临时不可调度且未过期:清理
-// - 临时不可调度已过期:不清理
-// - 正常可调度状态:不清理
-// - 模型限流(任意时长):清理
-//
-// TestShouldClearStickySession tests the sticky session clearing logic.
-// Verifies correct behavior for various account states including:
-// nil account, error/disabled status, unschedulable, temporary unschedulable,
-// and model rate limiting scenarios.
+// TestShouldClearStickySession tests sticky session clearing via IsSchedulable() delegation
+// plus model-level rate limiting.
func TestShouldClearStickySession(t *testing.T) {
now := time.Now()
future := now.Add(1 * time.Hour)
@@ -101,6 +89,56 @@ func TestShouldClearStickySession(t *testing.T) {
requestedModel: "claude-opus-4", // 请求不同模型
want: false, // 不同模型不受影响
},
+ {
+ name: "apikey quota exceeded",
+ account: &Account{
+ Status: StatusActive,
+ Schedulable: true,
+ Type: AccountTypeAPIKey,
+ Extra: map[string]any{
+ "quota_daily_limit": 10.0,
+ "quota_daily_used": 10.0,
+ "quota_daily_start": now.Add(-1 * time.Hour).Format(time.RFC3339),
+ },
+ },
+ requestedModel: "",
+ want: true,
+ },
+ {
+ name: "oauth quota exceeded not cleared",
+ account: &Account{
+ Status: StatusActive,
+ Schedulable: true,
+ Type: AccountTypeOAuth,
+ Extra: map[string]any{
+ "quota_daily_limit": 10.0,
+ "quota_daily_used": 10.0,
+ "quota_daily_start": now.Add(-1 * time.Hour).Format(time.RFC3339),
+ },
+ },
+ requestedModel: "",
+ want: false,
+ },
+ {
+ name: "overloaded account",
+ account: &Account{
+ Status: StatusActive,
+ Schedulable: true,
+ OverloadUntil: &future,
+ },
+ requestedModel: "",
+ want: true,
+ },
+ {
+ name: "account-level rate limited",
+ account: &Account{
+ Status: StatusActive,
+ Schedulable: true,
+ RateLimitResetAt: &future,
+ },
+ requestedModel: "",
+ want: true,
+ },
}
for _, tt := range tests {
diff --git a/backend/internal/service/upstream_response_limit.go b/backend/internal/service/upstream_response_limit.go
index a0444d52..ddf0e818 100644
--- a/backend/internal/service/upstream_response_limit.go
+++ b/backend/internal/service/upstream_response_limit.go
@@ -12,7 +12,9 @@ import (
var ErrUpstreamResponseBodyTooLarge = errors.New("upstream response body too large")
-const defaultUpstreamResponseReadMaxBytes int64 = 8 * 1024 * 1024
+// defaultUpstreamResponseReadMaxBytes 源自 config.DefaultUpstreamResponseReadMaxBytes,
+// 仅在 cfg 为 nil 时作为兜底(测试或极端场景)。
+const defaultUpstreamResponseReadMaxBytes = config.DefaultUpstreamResponseReadMaxBytes
func resolveUpstreamResponseReadLimit(cfg *config.Config) int64 {
if cfg != nil && cfg.Gateway.UpstreamResponseReadMaxBytes > 0 {
diff --git a/frontend/src/components/account/AccountStatusIndicator.vue b/frontend/src/components/account/AccountStatusIndicator.vue
index fc2f7d0c..dd38a49f 100644
--- a/frontend/src/components/account/AccountStatusIndicator.vue
+++ b/frontend/src/components/account/AccountStatusIndicator.vue
@@ -284,6 +284,16 @@ const hasError = computed(() => {
return props.account.status === 'error'
})
+const isQuotaExceeded = computed(() => {
+ const exceeded = (used?: number | null, limit?: number | null) =>
+ typeof limit === 'number' && limit > 0 && typeof used === 'number' && used >= limit
+ return (
+ exceeded(props.account.quota_used, props.account.quota_limit) ||
+ exceeded(props.account.quota_daily_used, props.account.quota_daily_limit) ||
+ exceeded(props.account.quota_weekly_used, props.account.quota_weekly_limit)
+ )
+})
+
// Computed: countdown text for rate limit (429)
const rateLimitCountdown = computed(() => {
return formatCountdown(props.account.rate_limit_reset_at)
@@ -307,19 +317,16 @@ const statusClass = computed(() => {
if (isTempUnschedulable.value) {
return 'badge-warning'
}
+ if (props.account.status !== 'active') {
+ return props.account.status === 'error' ? 'badge-danger' : 'badge-gray'
+ }
+ if (isQuotaExceeded.value) {
+ return 'badge-warning'
+ }
if (!props.account.schedulable) {
return 'badge-gray'
}
- switch (props.account.status) {
- case 'active':
- return 'badge-success'
- case 'inactive':
- return 'badge-gray'
- case 'error':
- return 'badge-danger'
- default:
- return 'badge-gray'
- }
+ return 'badge-success'
})
// Computed: status text
@@ -330,6 +337,12 @@ const statusText = computed(() => {
if (isTempUnschedulable.value) {
return t('admin.accounts.status.tempUnschedulable')
}
+ if (props.account.status !== 'active') {
+ return t(`admin.accounts.status.${props.account.status}`)
+ }
+ if (isQuotaExceeded.value) {
+ return t('admin.accounts.status.quotaExceeded')
+ }
if (!props.account.schedulable) {
return t('admin.accounts.status.paused')
}
diff --git a/frontend/src/components/account/EditAccountModal.vue b/frontend/src/components/account/EditAccountModal.vue
index 1da32e2c..59ca0b9c 100644
--- a/frontend/src/components/account/EditAccountModal.vue
+++ b/frontend/src/components/account/EditAccountModal.vue
@@ -52,6 +52,10 @@
v-model="editApiKey"
type="password"
class="input font-mono"
+ autocomplete="new-password"
+ data-1p-ignore
+ data-lpignore="true"
+ data-bwignore="true"
:placeholder="
account.platform === 'openai'
? 'sk-proj-...'
diff --git a/frontend/src/components/admin/group/GroupRateMultipliersModal.vue b/frontend/src/components/admin/group/GroupRateMultipliersModal.vue
index bf79bea2..41b2e63c 100644
--- a/frontend/src/components/admin/group/GroupRateMultipliersModal.vue
+++ b/frontend/src/components/admin/group/GroupRateMultipliersModal.vue
@@ -166,7 +166,7 @@
= {}
for (const [k, v] of Object.entries(config)) {
if (!v || !v.trim()) continue
- // Skip masked values — backend keeps existing credentials
- if (v === '••••••••') continue
filteredConfig[k] = v
}
@@ -470,7 +482,8 @@ function loadProvider(provider: ProviderInstance) {
form.refund_enabled = provider.refund_enabled
form.allow_user_refund = provider.allow_user_refund
clearConfig()
- // Pre-fill config from API response (non-sensitive in cleartext, sensitive masked as ••••••••)
+ // Pre-fill config from API response. Backend omits sensitive fields entirely,
+ // so those inputs stay blank — submitting blank preserves the stored secret.
if (provider.config) {
for (const [k, v] of Object.entries(provider.config)) {
// Skip notifyUrl/returnUrl — they are derived from callbackBaseUrl
diff --git a/frontend/src/components/payment/PaymentQRDialog.vue b/frontend/src/components/payment/PaymentQRDialog.vue
index b9026e78..09d273cc 100644
--- a/frontend/src/components/payment/PaymentQRDialog.vue
+++ b/frontend/src/components/payment/PaymentQRDialog.vue
@@ -78,8 +78,8 @@ import Icon from '@/components/icons/Icon.vue'
import { usePaymentStore } from '@/stores/payment'
import { useAppStore } from '@/stores'
import { paymentAPI } from '@/api/payment'
-import { extractApiErrorMessage } from '@/utils/apiError'
-import { POPUP_WINDOW_FEATURES } from '@/components/payment/providerConfig'
+import { extractI18nErrorMessage } from '@/utils/apiError'
+import { getPaymentPopupFeatures } from '@/components/payment/providerConfig'
import type { PaymentOrder } from '@/types/payment'
import QRCode from 'qrcode'
import alipayIcon from '@/assets/icons/alipay.svg'
@@ -147,7 +147,7 @@ function getLogoForType(): string | null {
function reopenPopup() {
if (props.payUrl) {
- window.open(props.payUrl, 'paymentPopup', POPUP_WINDOW_FEATURES)
+ window.open(props.payUrl, 'paymentPopup', getPaymentPopupFeatures())
}
}
@@ -222,7 +222,7 @@ async function handleCancel() {
cleanup()
emit('close')
} catch (err: unknown) {
- appStore.showError(extractApiErrorMessage(err, t('common.error')))
+ appStore.showError(extractI18nErrorMessage(err, t, 'payment.errors', t('common.error')))
} finally {
cancelling.value = false
}
diff --git a/frontend/src/components/payment/PaymentStatusPanel.vue b/frontend/src/components/payment/PaymentStatusPanel.vue
index f48036b4..0fd444ac 100644
--- a/frontend/src/components/payment/PaymentStatusPanel.vue
+++ b/frontend/src/components/payment/PaymentStatusPanel.vue
@@ -124,8 +124,8 @@ import { useI18n } from 'vue-i18n'
import { usePaymentStore } from '@/stores/payment'
import { useAppStore } from '@/stores'
import { paymentAPI } from '@/api/payment'
-import { extractApiErrorMessage } from '@/utils/apiError'
-import { POPUP_WINDOW_FEATURES } from '@/components/payment/providerConfig'
+import { extractI18nErrorMessage } from '@/utils/apiError'
+import { getPaymentPopupFeatures } from '@/components/payment/providerConfig'
import type { PaymentOrder } from '@/types/payment'
import Icon from '@/components/icons/Icon.vue'
import QRCode from 'qrcode'
@@ -200,7 +200,7 @@ function isSuccessStatus(status: string | null | undefined): boolean {
function reopenPopup() {
if (props.payUrl) {
- const win = window.open(props.payUrl, 'paymentPopup', POPUP_WINDOW_FEATURES)
+ const win = window.open(props.payUrl, 'paymentPopup', getPaymentPopupFeatures())
if (!win || win.closed) {
window.location.href = props.payUrl
}
@@ -257,7 +257,7 @@ async function handleCancel() {
cleanup()
setOutcome('cancelled')
} catch (err: unknown) {
- appStore.showError(extractApiErrorMessage(err, t('common.error')))
+ appStore.showError(extractI18nErrorMessage(err, t, 'payment.errors', t('common.error')))
} finally {
cancelling.value = false
}
diff --git a/frontend/src/components/payment/StripePaymentInline.vue b/frontend/src/components/payment/StripePaymentInline.vue
index b8fd55ef..bdb0dd6b 100644
--- a/frontend/src/components/payment/StripePaymentInline.vue
+++ b/frontend/src/components/payment/StripePaymentInline.vue
@@ -67,10 +67,10 @@
import { ref, onMounted, nextTick } from 'vue'
import { useI18n } from 'vue-i18n'
import { useRouter } from 'vue-router'
-import { extractApiErrorMessage } from '@/utils/apiError'
+import { extractI18nErrorMessage } from '@/utils/apiError'
import { paymentAPI } from '@/api/payment'
import { useAppStore } from '@/stores'
-import { STRIPE_POPUP_WINDOW_FEATURES } from '@/components/payment/providerConfig'
+import { getPaymentPopupFeatures } from '@/components/payment/providerConfig'
import type { Stripe, StripeElements } from '@stripe/stripe-js'
import Icon from '@/components/icons/Icon.vue'
@@ -132,7 +132,7 @@ onMounted(async () => {
selectedType.value = event.value.type
})
} catch (err: unknown) {
- initError.value = extractApiErrorMessage(err, t('payment.stripeLoadFailed'))
+ initError.value = extractI18nErrorMessage(err, t, 'payment.errors', t('payment.stripeLoadFailed'))
} finally {
loading.value = false
}
@@ -151,7 +151,7 @@ async function handlePay() {
amount: String(props.payAmount),
},
}).href
- const popup = window.open(popupUrl, 'paymentPopup', STRIPE_POPUP_WINDOW_FEATURES)
+ const popup = window.open(popupUrl, 'paymentPopup', getPaymentPopupFeatures())
const onReady = (event: MessageEvent) => {
if (event.source !== popup || event.data?.type !== 'STRIPE_POPUP_READY') return
@@ -186,7 +186,7 @@ async function handlePay() {
emit('success')
}
} catch (err: unknown) {
- error.value = extractApiErrorMessage(err, t('payment.result.failed'))
+ error.value = extractI18nErrorMessage(err, t, 'payment.errors', t('payment.result.failed'))
} finally {
submitting.value = false
}
@@ -199,7 +199,7 @@ async function handleCancel() {
await paymentAPI.cancelOrder(props.orderId)
emit('back')
} catch (err: unknown) {
- appStore.showError(extractApiErrorMessage(err, t('common.error')))
+ appStore.showError(extractI18nErrorMessage(err, t, 'payment.errors', t('common.error')))
} finally {
cancelling.value = false
}
diff --git a/frontend/src/components/payment/providerConfig.ts b/frontend/src/components/payment/providerConfig.ts
index 5d52eddf..67ffdec1 100644
--- a/frontend/src/components/payment/providerConfig.ts
+++ b/frontend/src/components/payment/providerConfig.ts
@@ -43,11 +43,24 @@ export const METHOD_ORDER = ['alipay', 'alipay_direct', 'wxpay', 'wxpay_direct',
export const PAYMENT_MODE_QRCODE = 'qrcode'
export const PAYMENT_MODE_POPUP = 'popup'
-/** Window features for payment popup windows */
-export const POPUP_WINDOW_FEATURES = 'width=1000,height=750,left=100,top=80,scrollbars=yes,resizable=yes'
+/** Preferred popup size for payment gateways. Alipay's standard checkout
+ * (QR + account login panel) needs ~1200×900 to render without any scrolling. */
+const PAYMENT_POPUP_PREFERRED_WIDTH = 1250
+const PAYMENT_POPUP_PREFERRED_HEIGHT = 900
-/** Wider popup for Stripe redirect methods (Alipay checkout page needs ~1200px) */
-export const STRIPE_POPUP_WINDOW_FEATURES = 'width=1250,height=780,left=80,top=60,scrollbars=yes,resizable=yes'
+/** Build a window.open features string sized to fit within the current screen
+ * while preferring the above dimensions. Centers the popup on the available
+ * work area so nothing is clipped on smaller laptop displays. */
+export function getPaymentPopupFeatures(): string {
+ const screen = typeof window !== 'undefined' ? window.screen : null
+ const availW = screen?.availWidth ?? PAYMENT_POPUP_PREFERRED_WIDTH
+ const availH = screen?.availHeight ?? PAYMENT_POPUP_PREFERRED_HEIGHT
+ const width = Math.min(PAYMENT_POPUP_PREFERRED_WIDTH, availW - 40)
+ const height = Math.min(PAYMENT_POPUP_PREFERRED_HEIGHT, availH - 40)
+ const left = Math.max(0, Math.floor((availW - width) / 2))
+ const top = Math.max(0, Math.floor((availH - height) / 2))
+ return `width=${width},height=${height},left=${left},top=${top},scrollbars=yes,resizable=yes`
+}
/** Webhook paths for each provider (relative to origin). */
export const WEBHOOK_PATHS: Record = {
@@ -87,9 +100,9 @@ export const PROVIDER_CONFIG_FIELDS: Record = {
{ key: 'mchId', label: '', sensitive: false },
{ key: 'privateKey', label: '', sensitive: true },
{ key: 'apiV3Key', label: '', sensitive: true },
+ { key: 'certSerial', label: '', sensitive: false },
{ key: 'publicKey', label: '', sensitive: true },
{ key: 'publicKeyId', label: '', sensitive: false },
- { key: 'certSerial', label: '', sensitive: false },
{ key: 'h5AppName', label: '', sensitive: false, optional: true },
{ key: 'h5AppUrl', label: '', sensitive: false, optional: true },
],
diff --git a/frontend/src/composables/__tests__/useModelWhitelist.spec.ts b/frontend/src/composables/__tests__/useModelWhitelist.spec.ts
index 4061be4d..d35e3b12 100644
--- a/frontend/src/composables/__tests__/useModelWhitelist.spec.ts
+++ b/frontend/src/composables/__tests__/useModelWhitelist.spec.ts
@@ -12,10 +12,20 @@ describe('useModelWhitelist', () => {
expect(models).toContain('gpt-5.4')
expect(models).toContain('gpt-5.4-mini')
- expect(models).toContain('gpt-5.4-nano')
expect(models).toContain('gpt-5.4-2026-03-05')
})
+ it('openai 模型列表不再暴露已下线的 ChatGPT 登录 Codex 模型', () => {
+ const models = getModelsByPlatform('openai')
+
+ expect(models).not.toContain('gpt-5')
+ expect(models).not.toContain('gpt-5.1')
+ expect(models).not.toContain('gpt-5.1-codex')
+ expect(models).not.toContain('gpt-5.1-codex-max')
+ expect(models).not.toContain('gpt-5.1-codex-mini')
+ expect(models).not.toContain('gpt-5.2-codex')
+ })
+
it('antigravity 模型列表包含图片模型兼容项', () => {
const models = getModelsByPlatform('antigravity')
@@ -55,12 +65,11 @@ describe('useModelWhitelist', () => {
})
})
- it('whitelist keeps GPT-5.4 mini and nano exact mappings', () => {
- const mapping = buildModelMappingObject('whitelist', ['gpt-5.4-mini', 'gpt-5.4-nano'], [])
+ it('whitelist keeps GPT-5.4 mini exact mappings', () => {
+ const mapping = buildModelMappingObject('whitelist', ['gpt-5.4-mini'], [])
expect(mapping).toEqual({
- 'gpt-5.4-mini': 'gpt-5.4-mini',
- 'gpt-5.4-nano': 'gpt-5.4-nano'
+ 'gpt-5.4-mini': 'gpt-5.4-mini'
})
})
})
diff --git a/frontend/src/composables/useModelWhitelist.ts b/frontend/src/composables/useModelWhitelist.ts
index a282ae7d..ddd7af48 100644
--- a/frontend/src/composables/useModelWhitelist.ts
+++ b/frontend/src/composables/useModelWhitelist.ts
@@ -13,19 +13,11 @@ const openaiModels = [
'o1', 'o1-preview', 'o1-mini', 'o1-pro',
'o3', 'o3-mini', 'o3-pro',
'o4-mini',
- // GPT-5 系列(同步后端定价文件)
- 'gpt-5', 'gpt-5-2025-08-07', 'gpt-5-chat', 'gpt-5-chat-latest',
- 'gpt-5-codex', 'gpt-5.3-codex-spark', 'gpt-5-pro', 'gpt-5-pro-2025-10-06',
- 'gpt-5-mini', 'gpt-5-mini-2025-08-07',
- 'gpt-5-nano', 'gpt-5-nano-2025-08-07',
- // GPT-5.1 系列
- 'gpt-5.1', 'gpt-5.1-2025-11-13', 'gpt-5.1-chat-latest',
- 'gpt-5.1-codex', 'gpt-5.1-codex-max', 'gpt-5.1-codex-mini',
// GPT-5.2 系列
'gpt-5.2', 'gpt-5.2-2025-12-11', 'gpt-5.2-chat-latest',
- 'gpt-5.2-codex', 'gpt-5.2-pro', 'gpt-5.2-pro-2025-12-11',
+ 'gpt-5.2-pro', 'gpt-5.2-pro-2025-12-11',
// GPT-5.4 系列
- 'gpt-5.4', 'gpt-5.4-mini', 'gpt-5.4-nano', 'gpt-5.4-2026-03-05',
+ 'gpt-5.4', 'gpt-5.4-mini', 'gpt-5.4-2026-03-05',
// GPT-5.3 系列
'gpt-5.3-codex', 'gpt-5.3-codex-spark',
'chatgpt-4o-latest',
@@ -264,12 +256,9 @@ const openaiPresetMappings = [
{ label: 'GPT-4.1', from: 'gpt-4.1', to: 'gpt-4.1', color: 'bg-indigo-100 text-indigo-700 hover:bg-indigo-200 dark:bg-indigo-900/30 dark:text-indigo-400' },
{ label: 'o1', from: 'o1', to: 'o1', color: 'bg-purple-100 text-purple-700 hover:bg-purple-200 dark:bg-purple-900/30 dark:text-purple-400' },
{ label: 'o3', from: 'o3', to: 'o3', color: 'bg-emerald-100 text-emerald-700 hover:bg-emerald-200 dark:bg-emerald-900/30 dark:text-emerald-400' },
- { label: 'GPT-5', from: 'gpt-5', to: 'gpt-5', color: 'bg-amber-100 text-amber-700 hover:bg-amber-200 dark:bg-amber-900/30 dark:text-amber-400' },
{ label: 'GPT-5.3 Codex Spark', from: 'gpt-5.3-codex-spark', to: 'gpt-5.3-codex-spark', color: 'bg-teal-100 text-teal-700 hover:bg-teal-200 dark:bg-teal-900/30 dark:text-teal-400' },
- { label: 'GPT-5.1', from: 'gpt-5.1', to: 'gpt-5.1', color: 'bg-orange-100 text-orange-700 hover:bg-orange-200 dark:bg-orange-900/30 dark:text-orange-400' },
{ label: 'GPT-5.2', from: 'gpt-5.2', to: 'gpt-5.2', color: 'bg-red-100 text-red-700 hover:bg-red-200 dark:bg-red-900/30 dark:text-red-400' },
{ label: 'GPT-5.4', from: 'gpt-5.4', to: 'gpt-5.4', color: 'bg-rose-100 text-rose-700 hover:bg-rose-200 dark:bg-rose-900/30 dark:text-rose-400' },
- { label: 'GPT-5.1 Codex', from: 'gpt-5.1-codex', to: 'gpt-5.1-codex', color: 'bg-cyan-100 text-cyan-700 hover:bg-cyan-200 dark:bg-cyan-900/30 dark:text-cyan-400' },
{ label: 'Haiku→5.4', from: 'claude-haiku-4-5-20251001', to: 'gpt-5.4', color: 'bg-emerald-100 text-emerald-700 hover:bg-emerald-200 dark:bg-emerald-900/30 dark:text-emerald-400' },
{ label: 'Opus→5.4', from: 'claude-opus-4-6', to: 'gpt-5.4', color: 'bg-purple-100 text-purple-700 hover:bg-purple-200 dark:bg-purple-900/30 dark:text-purple-400' },
{ label: 'Sonnet→5.4', from: 'claude-sonnet-4-6', to: 'gpt-5.4', color: 'bg-blue-100 text-blue-700 hover:bg-blue-200 dark:bg-blue-900/30 dark:text-blue-400' }
diff --git a/frontend/src/i18n/locales/en.ts b/frontend/src/i18n/locales/en.ts
index 6637dfad..f43e6771 100644
--- a/frontend/src/i18n/locales/en.ts
+++ b/frontend/src/i18n/locales/en.ts
@@ -895,6 +895,14 @@ export default {
accountBalance: 'Account Balance',
concurrencyLimit: 'Concurrency Limit',
memberSince: 'Member Since',
+ overviewTitle: 'Account Overview',
+ overviewDescription: 'Check account status, profile sources, and common actions at a glance.',
+ basicsTitle: 'Profile & Avatar',
+ basicsDescription: 'Keep your public profile details and avatar aligned.',
+ linkedProfileSources: 'Profile Sources',
+ linkedProfileSourcesDescription: 'Some profile details may stay synced from third-party sign-in methods.',
+ securityTitle: 'Security Settings',
+ securityDescription: 'Password, two-factor authentication, and alerts live in the right rail.',
administrator: 'Administrator',
user: 'User',
username: 'Username',
@@ -1015,10 +1023,15 @@ export default {
passwordPlaceholder: 'Set a login password',
replaceEmailPasswordPlaceholder: 'Enter current password',
sendCodeAction: 'Send code',
+ manageEmailAction: 'Manage email',
+ hideEmailFormAction: 'Hide email form',
confirmEmailBindAction: 'Bind email',
confirmEmailReplaceAction: 'Replace primary email',
codeSentTo: 'Code sent to {email}',
replaceSuccess: 'Primary email updated',
+ unbindAction: 'Unbind',
+ unbindSuccess: '{providerName} unbound',
+ boundCount: '{count} linked records',
status: {
bound: 'Bound',
notBound: 'Not bound',
@@ -2222,6 +2235,7 @@ export default {
rateLimited: 'Rate Limited',
overloaded: 'Overloaded',
tempUnschedulable: 'Temp Unschedulable',
+ quotaExceeded: 'Quota Exceeded',
unschedulable: 'Unschedulable',
rateLimitedUntil: 'Rate limited and removed from scheduling. Auto resumes at {time}',
rateLimitedAutoResume: 'Auto resumes in {time}',
@@ -5612,8 +5626,34 @@ export default {
alipayDesktopQrHint: 'Desktop Alipay should render a QR code. Refresh and retry, or make sure the payment page was not blocked.',
alipayMobileUnavailable: 'This page could not hand off to Alipay.',
alipayMobileOpenHint: 'Allow the current page to open the Alipay app, or retry from the system browser.',
+ // Structured error codes (reason strings from backend ApplicationError)
+ PAYMENT_DISABLED: 'Payment system is disabled.',
+ USER_INACTIVE: 'Your account is disabled.',
+ BALANCE_PAYMENT_DISABLED: 'Balance recharge has been disabled.',
+ INVALID_AMOUNT: 'Invalid amount.',
+ INVALID_INPUT: 'Invalid request.',
+ PLAN_NOT_AVAILABLE: 'Plan not found or no longer available.',
+ GROUP_NOT_FOUND: 'Subscription group is no longer available.',
+ GROUP_TYPE_MISMATCH: 'Group is not a subscription type.',
+ TOO_MANY_PENDING: 'Too many pending orders (max {max}). Please complete or cancel existing orders first.',
+ DAILY_LIMIT_EXCEEDED: 'Daily recharge limit reached. Remaining: {remaining}.',
+ PAYMENT_GATEWAY_ERROR: 'Payment method is unavailable.',
+ NO_AVAILABLE_INSTANCE: 'No payment channel available right now.',
+ PAYMENT_PROVIDER_MISCONFIGURED: 'Payment provider misconfigured. Please contact an administrator.',
+ WXPAY_CONFIG_MISSING_KEY: 'WeChat Pay config missing required key: {key}.',
+ WXPAY_CONFIG_INVALID_KEY_LENGTH: 'WeChat Pay {key} length is invalid (expected {expected} bytes, got {actual}).',
+ WXPAY_CONFIG_INVALID_KEY: 'WeChat Pay {key} is malformed. Make sure you copied the full PEM content.',
PENDING_ORDERS: 'This provider has pending orders. Please wait for them to complete before making changes.',
PAYMENT_PROVIDER_CONFLICT: 'Another enabled provider instance is already serving this payment method. Disable it before continuing.',
+ CANCEL_RATE_LIMITED: 'Too many cancellations. Please try again later.',
+ NOT_FOUND: 'Order not found.',
+ FORBIDDEN: 'No permission for this order.',
+ CONFLICT: 'Order status has changed. Please refresh.',
+ INVALID_ORDER_TYPE: 'Only balance orders can request a refund.',
+ INVALID_STATUS: 'The current order status does not allow this operation.',
+ BALANCE_NOT_ENOUGH: 'Refund amount exceeds balance.',
+ REFUND_AMOUNT_EXCEEDED: 'Refund amount exceeds the recharge amount.',
+ REFUND_FAILED: 'Refund failed.',
},
stripePay: 'Pay Now',
stripeSuccessProcessing: 'Payment successful, processing your order...',
diff --git a/frontend/src/i18n/locales/zh.ts b/frontend/src/i18n/locales/zh.ts
index ace4d6df..7d8cdc16 100644
--- a/frontend/src/i18n/locales/zh.ts
+++ b/frontend/src/i18n/locales/zh.ts
@@ -899,6 +899,14 @@ export default {
accountBalance: '账户余额',
concurrencyLimit: '并发限制',
memberSince: '注册时间',
+ overviewTitle: '账户总览',
+ overviewDescription: '快速查看账号状态、资料来源与常用设置。',
+ basicsTitle: '资料与头像',
+ basicsDescription: '维护公开展示信息,并保持头像与昵称风格一致。',
+ linkedProfileSources: '资料来源',
+ linkedProfileSourcesDescription: '部分头像和昵称可能同步自第三方登录方式。',
+ securityTitle: '安全设置',
+ securityDescription: '密码、双因素认证和通知提醒集中放在右侧。',
administrator: '管理员',
user: '用户',
username: '用户名',
@@ -1019,10 +1027,15 @@ export default {
passwordPlaceholder: '设置登录密码',
replaceEmailPasswordPlaceholder: '输入当前密码',
sendCodeAction: '发送验证码',
+ manageEmailAction: '管理邮箱',
+ hideEmailFormAction: '收起邮箱表单',
confirmEmailBindAction: '绑定邮箱',
confirmEmailReplaceAction: '更换主邮箱',
codeSentTo: '验证码已发送到 {email}',
replaceSuccess: '主邮箱已更新',
+ unbindAction: '解绑',
+ unbindSuccess: '{providerName} 已解绑',
+ boundCount: '已关联 {count} 条记录',
status: {
bound: '已绑定',
notBound: '未绑定',
@@ -2411,6 +2424,7 @@ export default {
rateLimited: '限流中',
overloaded: '过载中',
tempUnschedulable: '临时不可调度',
+ quotaExceeded: '配额超限',
unschedulable: '不可调度',
rateLimitedUntil: '限流中,当前不参与调度,预计 {time} 自动恢复',
rateLimitedAutoResume: '{time} 自动恢复',
@@ -5800,8 +5814,34 @@ export default {
alipayDesktopQrHint: '电脑端支付宝应展示扫码单,请刷新后重试,或确认浏览器未拦截当前支付页。',
alipayMobileUnavailable: '当前页面未成功跳转到支付宝。',
alipayMobileOpenHint: '请允许当前页面打开支付宝 App,或改用系统浏览器重新发起支付。',
+ // Structured error codes (reason strings from backend ApplicationError)
+ PAYMENT_DISABLED: '支付系统已关闭',
+ USER_INACTIVE: '账号已被禁用',
+ BALANCE_PAYMENT_DISABLED: '余额充值功能已关闭',
+ INVALID_AMOUNT: '金额无效',
+ INVALID_INPUT: '参数有误',
+ PLAN_NOT_AVAILABLE: '套餐不存在或已下架',
+ GROUP_NOT_FOUND: '订阅分组不可用',
+ GROUP_TYPE_MISMATCH: '分组类型不是订阅类型',
+ TOO_MANY_PENDING: '待支付订单过多(最多 {max} 个),请先完成或取消现有订单',
+ DAILY_LIMIT_EXCEEDED: '今日充值已达上限,剩余额度 {remaining}',
+ PAYMENT_GATEWAY_ERROR: '支付方式不可用',
+ NO_AVAILABLE_INSTANCE: '暂无可用的支付通道',
+ PAYMENT_PROVIDER_MISCONFIGURED: '支付通道配置错误,请联系管理员',
+ WXPAY_CONFIG_MISSING_KEY: '微信支付配置缺少必填项:{key}',
+ WXPAY_CONFIG_INVALID_KEY_LENGTH: '微信支付 {key} 长度错误,应为 {expected} 字节(实际 {actual})',
+ WXPAY_CONFIG_INVALID_KEY: '微信支付 {key} 格式错误,请确认复制了完整的 PEM 内容',
PENDING_ORDERS: '该服务商有未完成的订单,请等待订单完成后再操作',
PAYMENT_PROVIDER_CONFLICT: '该支付方式已有其他启用中的服务商实例,请先停用后再继续。',
+ CANCEL_RATE_LIMITED: '取消订单过于频繁,请稍后再试',
+ NOT_FOUND: '订单不存在',
+ FORBIDDEN: '无权限操作此订单',
+ CONFLICT: '订单状态已变更,请刷新',
+ INVALID_ORDER_TYPE: '仅余额订单可申请退款',
+ INVALID_STATUS: '当前订单状态不允许此操作',
+ BALANCE_NOT_ENOUGH: '退款金额超过余额',
+ REFUND_AMOUNT_EXCEEDED: '退款金额超过充值金额',
+ REFUND_FAILED: '退款失败',
},
stripePay: '立即支付',
stripeSuccessProcessing: '支付成功,正在处理订单...',
diff --git a/frontend/src/utils/apiError.ts b/frontend/src/utils/apiError.ts
index e1fe0c30..07a17aca 100644
--- a/frontend/src/utils/apiError.ts
+++ b/frontend/src/utils/apiError.ts
@@ -23,14 +23,96 @@ interface ApiErrorLike {
/**
* Extract the error code from an API error object.
+ *
+ * Prefers the string `reason` (e.g. "PAYMENT_PROVIDER_MISCONFIGURED") over the
+ * numeric HTTP `code`, because reason is granular enough to drive i18n lookup
+ * while HTTP code is not.
*/
export function extractApiErrorCode(err: unknown): string | undefined {
if (!err || typeof err !== 'object') return undefined
const e = err as ApiErrorLike
- const code = e.code ?? e.reason ?? e.response?.data?.code
+ const code = e.reason ?? e.code ?? e.response?.data?.code
return code != null ? String(code) : undefined
}
+/**
+ * Extract metadata (interpolation params) from an API error object.
+ * Backend errors carry `metadata` with template variables that fill i18n placeholders.
+ */
+export function extractApiErrorMetadata(err: unknown): Record | undefined {
+ if (!err || typeof err !== 'object') return undefined
+ const e = err as ApiErrorLike
+ return e.metadata
+}
+
+type TranslateFn = (key: string, params?: Record) => string
+type TranslateWithExistsFn = TranslateFn & { te?: (key: string) => boolean }
+
+/**
+ * Translate a value via i18n if a matching key exists, otherwise return the original.
+ * Example: "certSerial" → t('admin.settings.payment.field_certSerial') → "证书序列号".
+ */
+function tryTranslate(t: TranslateFn, key: string, fallback: string): string {
+ const translated = t(key)
+ if (translated === key) return fallback
+ const te = (t as TranslateWithExistsFn).te
+ if (te && !te(key)) return fallback
+ return translated
+}
+
+/**
+ * Replace raw config field names in metadata (e.g. "certSerial") with their
+ * localized UI labels (e.g. "证书序列号"), using the provider-config field i18n namespace.
+ * Handles both single `key` and `/`-joined `keys` patterns used by wxpay errors.
+ */
+function localizeMetadata(metadata: Record, t: TranslateFn): Record {
+ const out: Record = { ...metadata }
+ if (typeof out.key === 'string') {
+ out.key = tryTranslate(t, `admin.settings.payment.field_${out.key}`, out.key)
+ }
+ if (typeof out.keys === 'string') {
+ out.keys = out.keys
+ .split('/')
+ .map(k => tryTranslate(t, `admin.settings.payment.field_${k}`, k))
+ .join(' / ')
+ }
+ return out
+}
+
+/**
+ * Extract a localized error message from an API error by looking up
+ * `.` in i18n and substituting metadata as placeholders.
+ *
+ * Config-field names in metadata (`key` / `keys`) are automatically translated
+ * to their UI labels before substitution, so error messages read like
+ * "缺少必填项:证书序列号" instead of "缺少必填项:certSerial".
+ *
+ * @param err - The caught error
+ * @param t - Vue i18n translate function
+ * @param namespace- i18n key prefix, e.g. "payment.errors"
+ * @param fallback - Fallback key or plain string if no localized mapping exists
+ */
+export function extractI18nErrorMessage(
+ err: unknown,
+ t: TranslateFn,
+ namespace: string,
+ fallback: string,
+): string {
+ const code = extractApiErrorCode(err)
+ if (code) {
+ const key = `${namespace}.${code}`
+ const rawMetadata = extractApiErrorMetadata(err) ?? {}
+ const metadata = localizeMetadata(rawMetadata, t)
+ const translated = t(key, metadata)
+ // Vue i18n returns the key itself when missing; detect that and fall back.
+ if (translated !== key) return translated
+ // If the framework exposes `te`, use it to double-check.
+ const te = (t as TranslateWithExistsFn).te
+ if (te && te(key)) return translated
+ }
+ return extractApiErrorMessage(err, fallback)
+}
+
/**
* Extract a displayable error message from an API error.
*
diff --git a/frontend/src/utils/format.ts b/frontend/src/utils/format.ts
index ea5d597b..6f13a065 100644
--- a/frontend/src/utils/format.ts
+++ b/frontend/src/utils/format.ts
@@ -193,7 +193,9 @@ export function formatReasoningEffort(effort: string | null | undefined): string
return 'High'
case 'xhigh':
case 'extrahigh':
- return 'Xhigh'
+ return 'XHigh'
+ case 'max':
+ return 'Max'
case 'none':
case 'minimal':
return '-'
diff --git a/frontend/src/views/admin/SettingsView.vue b/frontend/src/views/admin/SettingsView.vue
index b2ab3e00..a13f1981 100644
--- a/frontend/src/views/admin/SettingsView.vue
+++ b/frontend/src/views/admin/SettingsView.vue
@@ -4710,7 +4710,7 @@ import ProxySelector from "@/components/common/ProxySelector.vue";
import ImageUpload from "@/components/common/ImageUpload.vue";
import BackupSettings from "@/views/admin/BackupView.vue";
import { useClipboard } from "@/composables/useClipboard";
-import { extractApiErrorMessage } from "@/utils/apiError";
+import { extractApiErrorMessage, extractI18nErrorMessage } from "@/utils/apiError";
import { useAppStore } from "@/stores";
import { useAdminSettingsStore } from "@/stores/adminSettings";
import { normalizeVisibleMethod } from "@/components/payment/paymentFlow";
@@ -6431,11 +6431,6 @@ const cancelRateLimitModeOptions = computed(() => [
},
]);
-const paymentErrorMap = computed(() => ({
- PENDING_ORDERS: t("payment.errors.PENDING_ORDERS"),
- PAYMENT_PROVIDER_CONFLICT: t("payment.errors.PAYMENT_PROVIDER_CONFLICT"),
-}));
-
type ProviderEnablementCandidate = Pick<
ProviderInstance,
"id" | "provider_key" | "supported_types" | "enabled" | "name"
@@ -6531,7 +6526,7 @@ async function loadProviders() {
const res = await adminAPI.payment.getProviders();
providers.value = res.data || [];
} catch (err: unknown) {
- appStore.showError(extractApiErrorMessage(err, t("common.error")));
+ appStore.showError(extractI18nErrorMessage(err, t, "payment.errors", t("common.error")));
} finally {
providersLoading.value = false;
}
@@ -6580,9 +6575,7 @@ async function handleSaveProvider(payload: Partial) {
// Auto-save settings so provider changes take effect immediately
await saveSettings();
} catch (err: unknown) {
- appStore.showError(
- extractApiErrorMessage(err, t("common.error"), paymentErrorMap.value),
- );
+ appStore.showError(extractI18nErrorMessage(err, t, "payment.errors", t("common.error")));
} finally {
providerSaving.value = false;
}
@@ -6620,9 +6613,7 @@ async function handleToggleField(
await adminAPI.payment.updateProvider(provider.id, payload);
await loadProviders();
} catch (err: unknown) {
- appStore.showError(
- extractApiErrorMessage(err, t("common.error"), paymentErrorMap.value),
- );
+ appStore.showError(extractI18nErrorMessage(err, t, "payment.errors", t("common.error")));
}
}
@@ -6647,9 +6638,7 @@ async function handleToggleType(provider: ProviderInstance, type: string) {
} as any);
await loadProviders();
} catch (err: unknown) {
- appStore.showError(
- extractApiErrorMessage(err, t("common.error"), paymentErrorMap.value),
- );
+ appStore.showError(extractI18nErrorMessage(err, t, "payment.errors", t("common.error")));
}
}
@@ -6671,7 +6660,7 @@ async function handleReorderProviders(
);
await loadProviders();
} catch (err: unknown) {
- appStore.showError(extractApiErrorMessage(err, t("common.error")));
+ appStore.showError(extractI18nErrorMessage(err, t, "payment.errors", t("common.error")));
loadProviders();
}
}
@@ -6684,9 +6673,7 @@ async function handleDeleteProvider() {
showDeleteProviderDialog.value = false;
loadProviders();
} catch (err: unknown) {
- appStore.showError(
- extractApiErrorMessage(err, t("common.error"), paymentErrorMap.value),
- );
+ appStore.showError(extractI18nErrorMessage(err, t, "payment.errors", t("common.error")));
}
}
diff --git a/frontend/src/views/admin/orders/AdminOrdersView.vue b/frontend/src/views/admin/orders/AdminOrdersView.vue
index 027c8e5e..dd9fa7e6 100644
--- a/frontend/src/views/admin/orders/AdminOrdersView.vue
+++ b/frontend/src/views/admin/orders/AdminOrdersView.vue
@@ -116,7 +116,7 @@ import { ref, reactive, computed, onMounted } from 'vue'
import { useI18n } from 'vue-i18n'
import { useAppStore } from '@/stores/app'
import { adminPaymentAPI } from '@/api/admin/payment'
-import { extractApiErrorMessage } from '@/utils/apiError'
+import { extractI18nErrorMessage } from '@/utils/apiError'
import { formatOrderDateTime } from '@/components/payment/orderUtils'
import type { PaymentOrder } from '@/types/payment'
import AppLayout from '@/components/layout/AppLayout.vue'
@@ -167,7 +167,7 @@ async function loadOrders() {
orders.value = res.data.items || []
orderPagination.total = res.data.total || 0
} catch (err: unknown) {
- appStore.showError(extractApiErrorMessage(err, t('common.error')))
+ appStore.showError(extractI18nErrorMessage(err, t, 'payment.errors', t('common.error')))
} finally { ordersLoading.value = false }
}
@@ -214,12 +214,12 @@ async function showOrderDetail(order: PaymentOrder) {
async function handleCancelOrder(order: PaymentOrder) {
try { await adminPaymentAPI.cancelOrder(order.id); appStore.showSuccess(t('payment.admin.orderCancelled')); loadOrders() }
- catch (err: unknown) { appStore.showError(extractApiErrorMessage(err, t('common.error'))) }
+ catch (err: unknown) { appStore.showError(extractI18nErrorMessage(err, t, 'payment.errors', t('common.error'))) }
}
async function handleRetryOrder(order: PaymentOrder) {
try { await adminPaymentAPI.retryRecharge(order.id); appStore.showSuccess(t('payment.admin.retrySuccess')); loadOrders() }
- catch (err: unknown) { appStore.showError(extractApiErrorMessage(err, t('common.error'))) }
+ catch (err: unknown) { appStore.showError(extractI18nErrorMessage(err, t, 'payment.errors', t('common.error'))) }
}
function openRefundDialog(order: PaymentOrder) { selectedOrder.value = order; showRefundDialog.value = true }
@@ -230,7 +230,7 @@ async function handleRefund(data: { amount: number; reason: string; deduct_balan
try {
await adminPaymentAPI.refundOrder(selectedOrder.value.id, { amount: data.amount, reason: data.reason, deduct_balance: data.deduct_balance, force: data.force })
appStore.showSuccess(t('payment.admin.refundSuccess')); showRefundDialog.value = false; loadOrders()
- } catch (err: unknown) { appStore.showError(extractApiErrorMessage(err, t('common.error'))) }
+ } catch (err: unknown) { appStore.showError(extractI18nErrorMessage(err, t, 'payment.errors', t('common.error'))) }
finally { refundSubmitting.value = false }
}
diff --git a/frontend/src/views/admin/orders/AdminPaymentDashboardView.vue b/frontend/src/views/admin/orders/AdminPaymentDashboardView.vue
index 06bc9218..5a80db44 100644
--- a/frontend/src/views/admin/orders/AdminPaymentDashboardView.vue
+++ b/frontend/src/views/admin/orders/AdminPaymentDashboardView.vue
@@ -72,7 +72,7 @@ import { ref, watch, onMounted } from 'vue'
import { useI18n } from 'vue-i18n'
import { useAppStore } from '@/stores/app'
import { adminPaymentAPI } from '@/api/admin/payment'
-import { extractApiErrorMessage } from '@/utils/apiError'
+import { extractI18nErrorMessage } from '@/utils/apiError'
import type { DashboardStats } from '@/types/payment'
import AppLayout from '@/components/layout/AppLayout.vue'
import LoadingSpinner from '@/components/common/LoadingSpinner.vue'
@@ -110,7 +110,7 @@ async function loadDashboard() {
const res = await adminPaymentAPI.getDashboard(days.value)
stats.value = res.data
} catch (err: unknown) {
- appStore.showError(extractApiErrorMessage(err, t('common.error')))
+ appStore.showError(extractI18nErrorMessage(err, t, 'payment.errors', t('common.error')))
} finally {
loading.value = false
}
diff --git a/frontend/src/views/admin/orders/AdminPaymentPlansView.vue b/frontend/src/views/admin/orders/AdminPaymentPlansView.vue
index 876b2aa1..c2fc26fe 100644
--- a/frontend/src/views/admin/orders/AdminPaymentPlansView.vue
+++ b/frontend/src/views/admin/orders/AdminPaymentPlansView.vue
@@ -78,7 +78,7 @@ import { ref, computed, onMounted } from 'vue'
import { useI18n } from 'vue-i18n'
import { useAppStore } from '@/stores/app'
import { adminPaymentAPI } from '@/api/admin/payment'
-import { extractApiErrorMessage } from '@/utils/apiError'
+import { extractI18nErrorMessage } from '@/utils/apiError'
import adminAPI from '@/api/admin'
import type { SubscriptionPlan } from '@/types/payment'
import type { AdminGroup } from '@/types'
@@ -150,7 +150,7 @@ async function loadPlans() {
: (p.features || []),
}))
}
- catch (err: unknown) { appStore.showError(extractApiErrorMessage(err, t('common.error'))) }
+ catch (err: unknown) { appStore.showError(extractI18nErrorMessage(err, t, 'payment.errors', t('common.error'))) }
finally { plansLoading.value = false }
}
@@ -166,7 +166,7 @@ async function toggleForSale(plan: SubscriptionPlan) {
await adminPaymentAPI.updatePlan(plan.id, { for_sale: !plan.for_sale })
plan.for_sale = !plan.for_sale
} catch (err: unknown) {
- appStore.showError(extractApiErrorMessage(err, t('common.error')))
+ appStore.showError(extractI18nErrorMessage(err, t, 'payment.errors', t('common.error')))
}
}
@@ -174,7 +174,7 @@ function confirmDeletePlan(plan: SubscriptionPlan) { deletingPlanId.value = plan
async function handleDeletePlan() {
if (!deletingPlanId.value) return
try { await adminPaymentAPI.deletePlan(deletingPlanId.value); appStore.showSuccess(t('common.deleted')); showDeletePlanDialog.value = false; loadPlans() }
- catch (err: unknown) { appStore.showError(extractApiErrorMessage(err, t('common.error'))) }
+ catch (err: unknown) { appStore.showError(extractI18nErrorMessage(err, t, 'payment.errors', t('common.error'))) }
}
// ==================== Lifecycle ====================
diff --git a/frontend/src/views/user/PaymentQRCodeView.vue b/frontend/src/views/user/PaymentQRCodeView.vue
index 0965947a..f844858d 100644
--- a/frontend/src/views/user/PaymentQRCodeView.vue
+++ b/frontend/src/views/user/PaymentQRCodeView.vue
@@ -39,7 +39,7 @@ import { useRoute, useRouter } from 'vue-router'
import AppLayout from '@/components/layout/AppLayout.vue'
import { usePaymentStore } from '@/stores/payment'
import { paymentAPI } from '@/api/payment'
-import { extractApiErrorMessage } from '@/utils/apiError'
+import { extractI18nErrorMessage } from '@/utils/apiError'
import { useAppStore } from '@/stores'
import QRCode from 'qrcode'
import alipayIcon from '@/assets/icons/alipay.svg'
@@ -167,7 +167,7 @@ async function handleCancel() {
cleanup()
router.push('/purchase')
} catch (err: unknown) {
- appStore.showError(extractApiErrorMessage(err, t('common.error')))
+ appStore.showError(extractI18nErrorMessage(err, t, 'payment.errors', t('common.error')))
} finally {
cancelling.value = false
}
diff --git a/frontend/src/views/user/PaymentView.vue b/frontend/src/views/user/PaymentView.vue
index e80686cf..fd5c7b22 100644
--- a/frontend/src/views/user/PaymentView.vue
+++ b/frontend/src/views/user/PaymentView.vue
@@ -252,13 +252,13 @@ import { usePaymentStore } from '@/stores/payment'
import { useSubscriptionStore } from '@/stores/subscriptions'
import { useAppStore } from '@/stores'
import { paymentAPI } from '@/api/payment'
-import { extractApiErrorMessage } from '@/utils/apiError'
+import { extractApiErrorMessage, extractI18nErrorMessage } from '@/utils/apiError'
import { isMobileDevice } from '@/utils/device'
import type { SubscriptionPlan, CheckoutInfoResponse, CreateOrderResult, OrderType } from '@/types/payment'
import AppLayout from '@/components/layout/AppLayout.vue'
import AmountInput from '@/components/payment/AmountInput.vue'
import PaymentMethodSelector from '@/components/payment/PaymentMethodSelector.vue'
-import { METHOD_ORDER, POPUP_WINDOW_FEATURES, STRIPE_POPUP_WINDOW_FEATURES } from '@/components/payment/providerConfig'
+import { METHOD_ORDER, getPaymentPopupFeatures } from '@/components/payment/providerConfig'
import {
PAYMENT_RECOVERY_STORAGE_KEY,
buildCreateOrderPayload,
@@ -630,8 +630,8 @@ async function createOrder(orderAmount: number, orderType: OrderType, planId?: n
payload.is_mobile = isMobileDevice()
const result = await paymentStore.createOrder(payload) as CreateOrderResult & { resume_token?: string }
- const openWindow = (url: string, features = POPUP_WINDOW_FEATURES) => {
- const win = window.open(url, 'paymentPopup', features)
+ const openWindow = (url: string) => {
+ const win = window.open(url, 'paymentPopup', getPaymentPopupFeatures())
if (!win || win.closed) {
window.location.href = url
}
@@ -672,7 +672,7 @@ async function createOrder(orderAmount: number, orderType: OrderType, planId?: n
persistRecoverySnapshot(decision.recovery)
if (decision.kind === 'stripe_popup') {
- openWindow(decision.paymentState.payUrl, STRIPE_POPUP_WINDOW_FEATURES)
+ openWindow(decision.paymentState.payUrl)
return
}
if (decision.kind === 'stripe_route') {
@@ -710,8 +710,8 @@ async function createOrder(orderAmount: number, orderType: OrderType, planId?: n
err,
normalizeVisibleMethod(options.paymentType || selectedMethod.value) || selectedMethod.value,
)
- if (!errorMessage.value) {
- errorMessage.value = extractApiErrorMessage(err, t('payment.result.failed'))
+ if (!handled) {
+ errorMessage.value = extractI18nErrorMessage(err, t, 'payment.errors', extractApiErrorMessage(err, t('payment.result.failed')))
errorHintMessage.value = ''
}
if (handled) {
@@ -825,7 +825,7 @@ onMounted(async () => {
}
}
}
- } catch (err: unknown) { appStore.showError(extractApiErrorMessage(err, t('common.error'))) }
+ } catch (err: unknown) { appStore.showError(extractI18nErrorMessage(err, t, 'payment.errors', t('common.error'))) }
finally { loading.value = false }
// Fetch active subscriptions (uses cache, non-blocking)
subscriptionStore.fetchActiveSubscriptions().catch(() => {})
diff --git a/frontend/src/views/user/StripePaymentView.vue b/frontend/src/views/user/StripePaymentView.vue
index 20a4a408..3f73d4d5 100644
--- a/frontend/src/views/user/StripePaymentView.vue
+++ b/frontend/src/views/user/StripePaymentView.vue
@@ -99,7 +99,7 @@ import { useI18n } from 'vue-i18n'
import { useRoute, useRouter } from 'vue-router'
import { usePaymentStore } from '@/stores/payment'
import { paymentAPI } from '@/api/payment'
-import { extractApiErrorMessage } from '@/utils/apiError'
+import { extractI18nErrorMessage } from '@/utils/apiError'
import { isMobileDevice } from '@/utils/device'
import type { PaymentOrder } from '@/types/payment'
import type { Stripe, StripeElements } from '@stripe/stripe-js'
@@ -167,7 +167,7 @@ onMounted(async () => {
mountPaymentElement(stripe, clientSecret)
}
} catch (err: unknown) {
- initError.value = extractApiErrorMessage(err, t('payment.stripeLoadFailed'))
+ initError.value = extractI18nErrorMessage(err, t, 'payment.errors', t('payment.stripeLoadFailed'))
} finally {
loading.value = false
}
@@ -248,7 +248,7 @@ async function handleGenericPay() {
scheduleClose()
}
} catch (err: unknown) {
- stripeError.value = extractApiErrorMessage(err, t('payment.result.failed'))
+ stripeError.value = extractI18nErrorMessage(err, t, 'payment.errors', t('payment.result.failed'))
} finally {
stripeSubmitting.value = false
}
diff --git a/frontend/src/views/user/StripePopupView.vue b/frontend/src/views/user/StripePopupView.vue
index 2704c62d..688ad644 100644
--- a/frontend/src/views/user/StripePopupView.vue
+++ b/frontend/src/views/user/StripePopupView.vue
@@ -56,7 +56,7 @@
import { computed, ref, onMounted, onUnmounted } from 'vue'
import { useI18n } from 'vue-i18n'
import { useRoute } from 'vue-router'
-import { extractApiErrorMessage } from '@/utils/apiError'
+import { extractI18nErrorMessage } from '@/utils/apiError'
import { isMobileDevice } from '@/utils/device'
interface StripeWithWechatPay {
@@ -143,7 +143,7 @@ async function initStripe(clientSecret: string, publishableKey: string) {
}
}
} catch (err: unknown) {
- error.value = extractApiErrorMessage(err, t('payment.stripeLoadFailed'))
+ error.value = extractI18nErrorMessage(err, t, 'payment.errors', t('payment.stripeLoadFailed'))
}
}
diff --git a/frontend/src/views/user/UserOrdersView.vue b/frontend/src/views/user/UserOrdersView.vue
index ea888eb7..c3ed80eb 100644
--- a/frontend/src/views/user/UserOrdersView.vue
+++ b/frontend/src/views/user/UserOrdersView.vue
@@ -86,7 +86,7 @@ import { useI18n } from 'vue-i18n'
import { useRouter } from 'vue-router'
import { useAppStore } from '@/stores'
import { paymentAPI } from '@/api/payment'
-import { extractApiErrorMessage } from '@/utils/apiError'
+import { extractI18nErrorMessage } from '@/utils/apiError'
import type { PaymentOrder } from '@/types/payment'
import AppLayout from '@/components/layout/AppLayout.vue'
import Pagination from '@/components/common/Pagination.vue'
@@ -128,7 +128,7 @@ async function fetchOrders() {
orders.value = res.data.items || []
pagination.total = res.data.total || 0
} catch (err: unknown) {
- appStore.showError(extractApiErrorMessage(err, t('common.error')))
+ appStore.showError(extractI18nErrorMessage(err, t, 'payment.errors', t('common.error')))
} finally {
loading.value = false
}
@@ -148,7 +148,7 @@ async function confirmCancel() {
cancelTargetId.value = null
await fetchOrders()
} catch (err: unknown) {
- appStore.showError(extractApiErrorMessage(err, t('common.error')))
+ appStore.showError(extractI18nErrorMessage(err, t, 'payment.errors', t('common.error')))
} finally {
actionLoading.value = false
}
@@ -166,7 +166,7 @@ async function confirmRefund() {
refundReason.value = ''
await fetchOrders()
} catch (err: unknown) {
- appStore.showError(extractApiErrorMessage(err, t('common.error')))
+ appStore.showError(extractI18nErrorMessage(err, t, 'payment.errors', t('common.error')))
} finally {
actionLoading.value = false
}
