feat(openai): 增加 OAuth 透传开关

- 仅对 Codex CLI 且账号开启时走原样透传（只替换认证） - 透传模式禁用工具修正/模型替换，并旁路解析 usage 用于计费 - 管理后台增加开关与文案，ops upstream error 记录 passthrough 标记 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-11 00:59:39 +08:00
parent 86f3124720
commit f1e884ce2b
7 changed files with 821 additions and 0 deletions
--- a/frontend/src/components/account/EditAccountModal.vue
+++ b/frontend/src/components/account/EditAccountModal.vue
@@ -694,6 +694,36 @@
        <p class="input-hint">{{ t('admin.accounts.expiresAtHint') }}</p>
      </div>

+      <!-- OpenAI OAuth passthrough toggle (OpenAI OAuth only) -->
+      <div
+        v-if="account?.platform === 'openai' && account?.type === 'oauth'"
+        class="border-t border-gray-200 pt-4 dark:border-dark-600"
+      >
+        <div class="flex items-center justify-between">
+          <div>
+            <label class="input-label mb-0">{{ t('admin.accounts.openai.oauthPassthrough') }}</label>
+            <p class="mt-1 text-xs text-gray-500 dark:text-gray-400">
+              {{ t('admin.accounts.openai.oauthPassthroughDesc') }}
+            </p>
+          </div>
+          <button
+            type="button"
+            @click="openaiOAuthPassthroughEnabled = !openaiOAuthPassthroughEnabled"
+            :class="[
+              'relative inline-flex h-6 w-11 flex-shrink-0 cursor-pointer rounded-full border-2 border-transparent transition-colors duration-200 ease-in-out focus:outline-none focus:ring-2 focus:ring-primary-500 focus:ring-offset-2',
+              openaiOAuthPassthroughEnabled ? 'bg-primary-600' : 'bg-gray-200 dark:bg-dark-600'
+            ]"
+          >
+            <span
+              :class="[
+                'pointer-events-none inline-block h-5 w-5 transform rounded-full bg-white shadow ring-0 transition duration-200 ease-in-out',
+                openaiOAuthPassthroughEnabled ? 'translate-x-5' : 'translate-x-0'
+              ]"
+            />
+          </button>
+        </div>
+      </div>
+
      <div>
        <div class="flex items-center justify-between">
          <div>
@@ -1103,6 +1133,9 @@ const sessionIdleTimeout = ref<number | null>(null)
 const tlsFingerprintEnabled = ref(false)
 const sessionIdMaskingEnabled = ref(false)

+// OpenAI OAuth: passthrough mode toggle
+const openaiOAuthPassthroughEnabled = ref(false)
+
 // Computed: current preset mappings based on platform
 const presetMappings = computed(() => getPresetMappingsByPlatform(props.account?.platform || 'anthropic'))
 const tempUnschedPresets = computed(() => [
@@ -1190,6 +1223,12 @@ watch(
      const extra = newAccount.extra as Record<string, unknown> | undefined
      mixedScheduling.value = extra?.mixed_scheduling === true

+      // Load OpenAI OAuth passthrough toggle (OpenAI OAuth only)
+      openaiOAuthPassthroughEnabled.value = false
+      if (newAccount.platform === 'openai' && newAccount.type === 'oauth') {
+        openaiOAuthPassthroughEnabled.value = extra?.openai_oauth_passthrough === true
+      }
+
      // Load antigravity model mapping (Antigravity 只支持映射模式)
      if (newAccount.platform === 'antigravity') {
        const credentials = newAccount.credentials as Record<string, unknown> | undefined
@@ -1726,6 +1765,18 @@ const handleSubmit = async () => {
      updatePayload.extra = newExtra
    }

+    // For OpenAI OAuth accounts, handle passthrough mode in extra
+    if (props.account.platform === 'openai' && props.account.type === 'oauth') {
+      const currentExtra = (props.account.extra as Record<string, unknown>) || {}
+      const newExtra: Record<string, unknown> = { ...currentExtra }
+      if (openaiOAuthPassthroughEnabled.value) {
+        newExtra.openai_oauth_passthrough = true
+      } else {
+        delete newExtra.openai_oauth_passthrough
+      }
+      updatePayload.extra = newExtra
+    }
+
    await adminAPI.accounts.update(props.account.id, updatePayload)
    appStore.showSuccess(t('admin.accounts.accountUpdated'))
    emit('updated')
--- a/frontend/src/i18n/locales/en.ts
+++ b/frontend/src/i18n/locales/en.ts
@@ -1531,6 +1531,9 @@ export default {
      openai: {
        baseUrlHint: 'Leave default for official OpenAI API',
        apiKeyHint: 'Your OpenAI API Key',
+        oauthPassthrough: 'Auto passthrough (auth only)',
+        oauthPassthroughDesc:
+          'When enabled, applies to Codex CLI requests only: the gateway forwards request/response as-is and only swaps OAuth auth, while keeping billing/concurrency/audit. Disable to rollback if you hit 4xx or compatibility issues.',
        enableSora: 'Enable Sora simultaneously',
        enableSoraHint: 'Sora uses the same OpenAI account. Enable to create Sora account simultaneously.'
      },
--- a/frontend/src/i18n/locales/zh.ts
+++ b/frontend/src/i18n/locales/zh.ts
@@ -1680,6 +1680,9 @@ export default {
      openai: {
        baseUrlHint: '留空使用官方 OpenAI API',
        apiKeyHint: '您的 OpenAI API Key',
+        oauthPassthrough: '自动透传（仅替换认证）',
+        oauthPassthroughDesc:
+          '开启后，仅对 Codex CLI 请求生效：网关将原样透传请求与响应内容，只替换 OAuth 认证并保留计费/并发/审计；如遇 4xx/兼容性问题可关闭回滚。',
        enableSora: '同时启用 Sora',
        enableSoraHint: 'Sora 使用相同的 OpenAI 账号，开启后将同时创建 Sora 平台账号'
      },