fix(openai): 修复 codex_cli_only 误拦截并补充 codex 家族识别

- 为 codex_cli_only 增加 originator 判定通道，避免仅依赖 User-Agent 误拦截 - 扩展官方客户端家族标识，补充 codex_chatgpt_desktop 等常见前缀 - 新增并更新单元测试与网关透传回归测试，覆盖 UA 与 originator 组合场景 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 12:06:24 +08:00
parent 03f69dd394
commit f323174d07
5 changed files with 116 additions and 29 deletions
--- a/backend/internal/service/openai_client_restriction_detector_test.go
+++ b/backend/internal/service/openai_client_restriction_detector_test.go
@@ -10,13 +10,16 @@ import (
 	"github.com/stretchr/testify/require"
 )

-func newCodexDetectorTestContext(ua string) *gin.Context {
+func newCodexDetectorTestContext(ua string, originator string) *gin.Context {
 	rec := httptest.NewRecorder()
 	c, _ := gin.CreateTestContext(rec)
 	c.Request = httptest.NewRequest(http.MethodPost, "/v1/responses", nil)
 	if ua != "" {
 		c.Request.Header.Set("User-Agent", ua)
 	}
+	if originator != "" {
+		c.Request.Header.Set("originator", originator)
+	}
 	return c
 }

@@ -27,7 +30,7 @@ func TestOpenAICodexClientRestrictionDetector_Detect(t *testing.T) {
 		detector := NewOpenAICodexClientRestrictionDetector(nil)
 		account := &Account{Platform: PlatformOpenAI, Type: AccountTypeOAuth, Extra: map[string]any{}}

-		result := detector.Detect(newCodexDetectorTestContext("curl/8.0"), account)
+		result := detector.Detect(newCodexDetectorTestContext("curl/8.0", ""), account)
 		require.False(t, result.Enabled)
 		require.False(t, result.Matched)
 		require.Equal(t, CodexClientRestrictionReasonDisabled, result.Reason)
@@ -41,7 +44,7 @@ func TestOpenAICodexClientRestrictionDetector_Detect(t *testing.T) {
 			Extra:    map[string]any{"codex_cli_only": true},
 		}

-		result := detector.Detect(newCodexDetectorTestContext("codex_cli_rs/0.99.0"), account)
+		result := detector.Detect(newCodexDetectorTestContext("codex_cli_rs/0.99.0", ""), account)
 		require.True(t, result.Enabled)
 		require.True(t, result.Matched)
 		require.Equal(t, CodexClientRestrictionReasonMatchedUA, result.Reason)
@@ -55,7 +58,7 @@ func TestOpenAICodexClientRestrictionDetector_Detect(t *testing.T) {
 			Extra:    map[string]any{"codex_cli_only": true},
 		}

-		result := detector.Detect(newCodexDetectorTestContext("codex_vscode/1.0.0"), account)
+		result := detector.Detect(newCodexDetectorTestContext("codex_vscode/1.0.0", ""), account)
 		require.True(t, result.Enabled)
 		require.True(t, result.Matched)
 		require.Equal(t, CodexClientRestrictionReasonMatchedUA, result.Reason)
@@ -69,12 +72,26 @@ func TestOpenAICodexClientRestrictionDetector_Detect(t *testing.T) {
 			Extra:    map[string]any{"codex_cli_only": true},
 		}

-		result := detector.Detect(newCodexDetectorTestContext("codex_app/2.1.0"), account)
+		result := detector.Detect(newCodexDetectorTestContext("codex_app/2.1.0", ""), account)
 		require.True(t, result.Enabled)
 		require.True(t, result.Matched)
 		require.Equal(t, CodexClientRestrictionReasonMatchedUA, result.Reason)
 	})

+	t.Run("开启后 originator 命中", func(t *testing.T) {
+		detector := NewOpenAICodexClientRestrictionDetector(nil)
+		account := &Account{
+			Platform: PlatformOpenAI,
+			Type:     AccountTypeOAuth,
+			Extra:    map[string]any{"codex_cli_only": true},
+		}
+
+		result := detector.Detect(newCodexDetectorTestContext("curl/8.0", "codex_chatgpt_desktop"), account)
+		require.True(t, result.Enabled)
+		require.True(t, result.Matched)
+		require.Equal(t, CodexClientRestrictionReasonMatchedOriginator, result.Reason)
+	})
+
 	t.Run("开启后非官方客户端拒绝", func(t *testing.T) {
 		detector := NewOpenAICodexClientRestrictionDetector(nil)
 		account := &Account{
@@ -83,7 +100,7 @@ func TestOpenAICodexClientRestrictionDetector_Detect(t *testing.T) {
 			Extra:    map[string]any{"codex_cli_only": true},
 		}

-		result := detector.Detect(newCodexDetectorTestContext("curl/8.0"), account)
+		result := detector.Detect(newCodexDetectorTestContext("curl/8.0", "my_client"), account)
 		require.True(t, result.Enabled)
 		require.False(t, result.Matched)
 		require.Equal(t, CodexClientRestrictionReasonNotMatchedUA, result.Reason)
@@ -99,7 +116,7 @@ func TestOpenAICodexClientRestrictionDetector_Detect(t *testing.T) {
 			Extra:    map[string]any{"codex_cli_only": true},
 		}

-		result := detector.Detect(newCodexDetectorTestContext("curl/8.0"), account)
+		result := detector.Detect(newCodexDetectorTestContext("curl/8.0", "my_client"), account)
 		require.True(t, result.Enabled)
 		require.True(t, result.Matched)
 		require.Equal(t, CodexClientRestrictionReasonForceCodexCLI, result.Reason)