erio
|
20a4e41872
|
feat(monitor): admin channel monitor MVP with SSRF protection and batch aggregation
新增 admin「渠道监控」模块(参考 BingZi-233/check-cx),独立于现有 Channel 体系。
admin 配置 + 后台定时调用上游 LLM chat completions 健康检查 + 所有登录用户只读可见。
后端:
- ent: channel_monitor + channel_monitor_history(AES-256-GCM 加密 api_key)
- service 按职责拆分:service/aggregator/validate/checker/runner/ssrf
- provider strategy map 替代 switch(openai/anthropic/gemini)
- repository batch 聚合(ListLatestForMonitorIDs + ComputeAvailabilityForMonitors)消除 N+1
- runner: ticker(5s) + pond worker pool(5) + inFlight 防并发 + TrySubmit 防雪崩
+ 凌晨 3 点 cron 清理 30 天历史
- SSRF 防护:强制 https + 私网/loopback/云元数据 IP 拒绝(127/8、10/8、172.16/12、
192.168/16、169.254/16、100.64/10、::1、fc00::/7、fe80::/10)+ DialContext
在 socket 层防 DNS rebinding
- API key sanitize:擦除 url.Error 与上游响应 body 中的 sk-/sk-ant-/AIza/JWT 模式
- APIKeyDecryptFailed 标志位 + 单 monitor 路径检测,避免空 key 调用上游
handler:
- admin: CRUD + 手动触发 + 历史接口(api_key 脱敏)
- user: 只读列表 + 状态详情(去除 api_key/endpoint)
- ParseChannelMonitorID 共用 + dto.ChannelMonitorExtraModelStatus 共用
前端:
- 路由 /admin/channels/{pricing,monitor} + /monitor(用户只读)
- AppSidebar 父项 expandOnly 支持
- ChannelMonitorView 拆为 8 个子组件 + ChannelStatusView 拆出 detail dialog
- composables/useChannelMonitorFormat + constants/channelMonitor 共享
- i18n monitorCommon namespace 消除 admin/user 两 view 重复
合规:所有文件符合 CLAUDE.md(Go ≤ 500 行 / Vue ≤ 300 行 / 函数 ≤ 30 行)
CI: go build / gofmt / golangci-lint(0 issues) / make test-unit / pnpm build 全绿
|
2026-04-20 20:21:02 +08:00 |
|
IanShaw027
|
f35e967516
|
fix payment qr fallback and admin guidance
|
2026-04-22 07:33:14 -07:00 |
|
IanShaw027
|
5551349349
|
fix: clean up profile auth binding notes
|
2026-04-22 19:11:51 +08:00 |
|
shaw
|
c6d25f69d5
|
chore: 恢复PAYMENT系列文件
|
2026-04-22 18:48:40 +08:00 |
|
IanShaw027
|
22385be515
|
Merge remote-tracking branch 'upstream/main' into rebuild/auth-identity-foundation
# Conflicts:
# backend/internal/service/openai_images.go
|
2026-04-22 18:13:05 +08:00 |
|
shaw
|
1e0d466002
|
feat: 补充gpt生图模型测试功能
|
2026-04-22 18:06:14 +08:00 |
|
IanShaw027
|
ad4600964e
|
fix(ci): clean up lint and dead code
|
2026-04-22 16:38:36 +08:00 |
|
IanShaw027
|
ca4e38aa01
|
fix(profile): stabilize binding compatibility and frontend checks
|
2026-04-22 14:57:47 +08:00 |
|
IanShaw027
|
1aab084ecb
|
fix(payment): restore upgrade-safe payment flows
|
2026-04-22 14:57:16 +08:00 |
|
IanShaw027
|
6696e61c7b
|
fix(frontend): preserve callback recovery state
|
2026-04-22 13:19:41 +08:00 |
|
IanShaw027
|
81c827ee51
|
fix(profile): stabilize identity binding management
|
2026-04-22 13:19:28 +08:00 |
|
IanShaw027
|
29caf85104
|
fix(frontend): stabilize wechat payment resume recovery
|
2026-04-22 12:30:24 +08:00 |
|
IanShaw027
|
84628108fc
|
fix(auth): preserve backward-compatible oauth defaults
|
2026-04-22 11:17:32 +08:00 |
|
IanShaw027
|
dd314c41e3
|
fix(payment): restore public resume and result flows
|
2026-04-22 11:17:23 +08:00 |
|
IanShaw027
|
c229f33e9e
|
fix(review): harden payment, oauth, and migration paths
|
2026-04-22 10:26:22 +08:00 |
|
IanShaw027
|
6d51834a95
|
refactor(profile): simplify profile page flow
|
2026-04-22 01:48:09 +08:00 |
|
IanShaw027
|
863258d782
|
Always show register password hint
|
2026-04-21 10:15:57 -07:00 |
|
IanShaw027
|
287f2f56d6
|
Show embedded avatar preview after selection
|
2026-04-21 10:13:28 -07:00 |
|
IanShaw027
|
0f4a8d7be8
|
feat(profile): redesign profile center layout
|
2026-04-22 00:54:38 +08:00 |
|
IanShaw027
|
906802abe3
|
Fix mobile payment launch detection
|
2026-04-22 00:36:55 +08:00 |
|
IanShaw027
|
da1d26001f
|
Merge branch 'main' into rebuild/auth-identity-foundation
|
2026-04-22 00:35:34 +08:00 |
|
IanShaw027
|
40f7e832b4
|
fix: restore wechat settings compatibility after rebase
|
2026-04-21 23:26:45 +08:00 |
|
IanShaw027
|
b22d00e541
|
feat: drive visible payment methods from enabled providers
|
2026-04-21 23:20:37 +08:00 |
|
IanShaw027
|
54dc176725
|
feat(settings): support per-channel WeChat OAuth and persist payment options
|
2026-04-21 07:51:41 -07:00 |
|
IanShaw027
|
d5819181ea
|
feat(auth): reclaim stale identities and refresh profile UI
|
2026-04-21 07:49:40 -07:00 |
|
IanShaw027
|
c0371e9104
|
frontend: align gateway scheduling toggles
|
2026-04-21 22:38:47 +08:00 |
|
IanShaw027
|
65d3bd728b
|
frontend: normalize payment error presentation
|
2026-04-21 22:26:54 +08:00 |
|
IanShaw027
|
20062b44dc
|
frontend: normalize profile and admin i18n cleanup
|
2026-04-21 22:26:35 +08:00 |
|
IanShaw027
|
a6b919eb53
|
frontend: normalize auth oauth i18n and error toasts
|
2026-04-21 22:26:11 +08:00 |
|
IanShaw027
|
4c21320d1b
|
fix(auth): require explicit choice for third-party signup
|
2026-04-21 20:36:58 +08:00 |
|
IanShaw027
|
2cebb0dc60
|
feat(settings): support dual-mode wechat oauth defaults
|
2026-04-21 20:36:10 +08:00 |
|
IanShaw027
|
17c6348b57
|
fix(profile): restore source hints and upload-only avatar
|
2026-04-21 18:23:35 +08:00 |
|
IanShaw027
|
7309c02f0b
|
refactor(profile): split avatar and bindings cards
|
2026-04-21 17:56:15 +08:00 |
|
IanShaw027
|
ee3f158f4e
|
fix(settings): restore wechat and payment config persistence
|
2026-04-21 17:35:12 +08:00 |
|
IanShaw027
|
d08757ce9e
|
refactor(admin): remove auth migration reports
|
2026-04-21 17:34:18 +08:00 |
|
IanShaw027
|
ed01c59916
|
feat: track authenticated user activity
|
2026-04-21 14:54:53 +08:00 |
|
IanShaw027
|
65efef1eee
|
feat: support replacing bound primary email
|
2026-04-21 13:47:15 +08:00 |
|
IanShaw027
|
12f1e19d68
|
fix: restore wechat oauth legacy callback compatibility
|
2026-04-21 13:36:19 +08:00 |
|
IanShaw027
|
ebd053c87e
|
docs: clarify openai scheduler flag semantics
|
2026-04-21 13:07:40 +08:00 |
|
IanShaw027
|
9742796ee7
|
fix: retire public payment verify and backfill trade no
|
2026-04-21 11:41:02 +08:00 |
|
IanShaw027
|
33b208ab6f
|
fix: restore legacy oauth callback fragment compatibility
|
2026-04-21 11:00:18 +08:00 |
|
IanShaw027
|
7e89bca5e6
|
fix: tighten pending oauth email routing and binding state
|
2026-04-21 10:41:29 +08:00 |
|
IanShaw027
|
dcd5c43da4
|
feat: complete email binding and pending oauth verification flows
|
2026-04-21 10:00:06 +08:00 |
|
IanShaw027
|
6da08262d7
|
feat avatar compress uploads to 20kb
|
2026-04-21 08:53:59 +08:00 |
|
Wesley Liddick
|
ffc9c38722
|
Merge pull request #1766 from touwaeriol/fix/codex-drop-removed-models
fix(openai): drop removed Codex models and fix normalization fallback side-effects
|
2026-04-21 08:50:00 +08:00 |
|
IanShaw027
|
07f23aaa7d
|
fix wxpay config contract and h5 scene info
|
2026-04-21 08:35:53 +08:00 |
|
IanShaw027
|
09351e9459
|
fix auth completion and payment resume hardening
|
2026-04-21 08:23:26 +08:00 |
|
IanShaw027
|
ebe7524415
|
fix profile activity and migration remediation
|
2026-04-21 02:08:56 +08:00 |
|
IanShaw027
|
a27a7add3d
|
fix payment resume result consistency
|
2026-04-21 02:08:34 +08:00 |
|
IanShaw027
|
cd0338fbae
|
fix frontend wechat oauth capability recovery
|
2026-04-21 01:48:23 +08:00 |
|