huangzhenpc
2d77047287
Merge upstream/main: v0.1.61 updates with TOTP & password reset
...
CI / test (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Security Scan / backend-security (push) Has been cancelled
Security Scan / frontend-security (push) Has been cancelled
Major features:
- feat(auth): add TOTP (2FA) support for enhanced security
- feat(auth): add password reset functionality
- feat(openai): improve rate limit handling with reset time tracking
- feat(subscription): add expiry notification service
- fix(urlvalidator): remove trailing slash from validated URLs
- docs: update demo site domain
Resolved conflicts:
- deploy/docker-compose.yml: added TOTP_ENCRYPTION_KEY config
- setting_service.go: keep TianShuAPI site name while adding new features
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com >
2026-01-26 10:35:33 +08:00
huangzhenpc
dc42bf585b
chore: use 1panel docker-compose config as default
...
- Replace docker-compose.yml with docker-compose.1panel.yml content
- Better compatibility with 1Panel environment
- Simplify future updates and maintenance
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com >
2026-01-26 10:32:46 +08:00
shaw
1245f07a2d
feat(auth): 实现 TOTP 双因素认证功能
...
新增功能:
- 支持 Google Authenticator 等应用进行 TOTP 二次验证
- 用户可在个人设置中启用/禁用 2FA
- 登录时支持 TOTP 验证流程
- 管理后台可全局开关 TOTP 功能
安全增强:
- TOTP 密钥使用 AES-256-GCM 加密存储
- 添加 TOTP_ENCRYPTION_KEY 配置项,必须手动配置才能启用功能
- 防止服务重启导致加密密钥变更使用户无法登录
- 验证失败次数限制,防止暴力破解
配置说明:
- Docker 部署:在 .env 中设置 TOTP_ENCRYPTION_KEY
- 非 Docker 部署:在 config.yaml 中设置 totp.encryption_key
- 生成密钥命令:openssl rand -hex 32
2026-01-26 09:19:53 +08:00
huangzhenpc
dc031ec3d0
Merge upstream/main: sync latest updates
...
CI / test (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Security Scan / backend-security (push) Has been cancelled
Security Scan / frontend-security (push) Has been cancelled
- feat(gateway): aggregate all text chunks in non-streaming Gemini responses
- feat(gateway): add SUGGESTION MODE request interception
- feat(oauth): support Anthropic Team accounts with sk authorization
- fix(oauth): update Anthropic OAuth parameters to sync with latest client
- feat: add PromoCodeEnabled setting (default: true)
- resolved conflict: keep TianShuAPI site name while adding PromoCode feature
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com >
2026-01-24 10:21:16 +08:00
Wesley Liddick
5602d02b1b
Merge pull request #343 from mt21625457/main
...
fix(调度): 完善粘性会话清理与账号调度刷新 和 启用 OpenAI OAuth HTTP/2 并修复清理任务 lint
2026-01-20 16:05:53 +08:00
yangjianbo
5e5d4a513b
feat: 移动镜像脚本位置
2026-01-20 15:11:27 +08:00
huangzhenpc
6989e3420e
Merge remote-tracking branch 'upstream/main'
CI / test (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Security Scan / backend-security (push) Has been cancelled
Security Scan / frontend-security (push) Has been cancelled
2026-01-20 14:39:03 +08:00
shaw
c95a864975
docs: add TLS fingerprint tool link
2026-01-20 11:30:10 +08:00
Wesley Liddick
0f8d42c577
Merge pull request #327 from mt21625457/main
...
feat(usage): 添加清理任务与统计过滤
2026-01-19 09:18:00 +08:00
huangzhenpc
c4cc56eb10
Merge remote-tracking branch 'upstream/main'
CI / test (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Security Scan / backend-security (push) Has been cancelled
Security Scan / frontend-security (push) Has been cancelled
2026-01-18 23:46:19 +08:00
shaw
9abda1bc59
feat(tls): 新增 TLS 指纹模拟功能
2026-01-18 20:08:40 +08:00
yangjianbo
ef5a41057f
feat(usage): 添加清理任务与统计过滤
2026-01-18 10:52:18 +08:00
huangzhenpc
868f75a792
feat: 品牌重命名 Sub2API -> TianShuAPI (基于官方 v0.1.56)
...
CI / test (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Security Scan / backend-security (push) Has been cancelled
Security Scan / frontend-security (push) Has been cancelled
基于官方最新代码 upstream/main (dae0d53🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com >
2026-01-17 01:52:16 +08:00
yangjianbo
74a3c74514
perf(Caddy): 添加静态资源长期缓存配置
...
- 为 /assets/* 设置 1 年缓存 + immutable 标记
- 包含 logo.png 和 favicon.ico
- 移除可能干扰缓存的 Pragma/Expires 头
效果:
- 浏览器缓存命中后不再发送请求
- Cloudflare CDN 可正确缓存静态资源
- 重复访问页面秒开
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-16 22:49:05 +08:00
yangjianbo
c9f79dee66
feat(安全): 实现 CSP nonce 支持解决内联脚本安全问题
...
- 添加 GenerateNonce() 生成加密安全的随机 nonce
- SecurityHeaders 中间件为每个请求生成唯一 nonce
- CSP 策略支持 __CSP_NONCE__ 占位符动态替换
- embed_on.go 注入的内联脚本添加 nonce 属性
- 添加 Cloudflare Insights 域名到 CSP 允许列表
- 添加完整单元测试,覆盖率达到 89.8%
解决的问题:
- 内联脚本违反 CSP script-src 指令
- Cloudflare Insights beacon.min.js 加载被阻止
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-16 17:05:49 +08:00
yangjianbo
a458e684bc
fix(认证): OAuth 401 直接标记错误状态
...
- OAuth 401 清理缓存并设置错误状态
- 移除 oauth_401_cooldown_minutes 配置及示例
- 更新 401 相关单测
破坏性变更: OAuth 401 不再临时不可调度,需手动恢复
2026-01-15 15:06:34 +08:00
yangjianbo
daf10907e4
fix(认证): 修复 OAuth token 缓存失效与 401 处理
...
新增 token 缓存失效接口并在刷新后清理
401 限流支持自定义规则与可配置冷却时间
补齐缓存失效与 401 处理测试
测试: make test
2026-01-14 15:55:44 +08:00
yangjianbo
202ec21bab
fix(config): 提升粘性会话默认等待时长
...
- 默认值调整为 120s
- 同步示例配置与环境变量
2026-01-12 14:26:31 +08:00
yangjianbo
3141aa5144
feat(scheduler): 引入调度快照缓存与 outbox 回放
...
- 调度热路径优先读 Redis 快照,保留分组排序语义
- outbox 回放 + 全量重建纠偏,失败重试不推进水位
- 自动 Atlas 基线对齐并同步调度配置示例
2026-01-12 14:19:06 +08:00
IanShaw027
3dfb62e996
merge: 合并main分支最新改动
...
解决冲突:
- backend/internal/config/config.go: 合并Ops和Dashboard配置
- backend/internal/server/api_contract_test.go: 合并handler初始化
- backend/internal/service/openai_gateway_service.go: 保留Ops错误追踪逻辑
- backend/internal/service/wire.go: 合并Ops和APIKeyAuth provider
主要合并内容:
- Dashboard缓存和预聚合功能
- API Key认证缓存优化
- Codex转换支持
- 使用日志分区表
2026-01-11 23:15:01 +08:00
IanShaw027
c1a3dd41dd
feat(ops): 添加运维监控配置开关
...
- 在 .env.example 和 config.example.yaml 中添加 ops.enabled 配置项
- 默认值为 true,保持现有行为
- 当设置为 false 时,左侧栏隐藏运维监控菜单并禁用所有运维监控功能
- 修改后端 GetSettings API,让 ops_monitoring_enabled 受 config.ops.enabled 控制
- 数据清理和预聚合任务默认保持开启状态(通过运维监控设置对话框配置)
2026-01-11 20:10:08 +08:00
yangjianbo
6271a33d08
fix(仪表盘): 兼容禁用聚合与回填限制
2026-01-11 18:20:15 +08:00
yangjianbo
1a869547d7
feat(仪表盘): 引入预聚合统计与聚合作业
2026-01-11 16:01:35 +08:00
IanShaw027
e5857161ff
feat(ops): 增强错误详情弹窗与API支持
...
**前端改动**:
1. OpsErrorDetailModal.vue:
- 新增上游错误详情展示功能
- 支持查看上游错误的请求头、响应体等调试信息
- 改进错误信息格式化与可读性
2. ops.ts API:
- 新增getUpstreamErrors接口调用上游错误查询API
**后端配置**:
- config.go/config.yaml/deploy/config.example.yaml:
- 更新配置支持上游错误事件记录开关
- 添加相关配置项文档说明
2026-01-11 15:31:48 +08:00
yangjianbo
c2c865b0cb
perf(仪表盘): 增强统计缓存与隔离配置
...
新增仪表盘缓存开关与 TTL 配置,支持 Redis key 前缀隔离,并补充单测与校验。
测试: make test-backend
2026-01-11 10:07:03 +08:00
yangjianbo
9d0a4f3d68
perf(认证): 引入 API Key 认证缓存与轻量删除查询
...
增加 L1/L2 缓存、负缓存与单飞回源
使用 key+owner 轻量查询替代全量加载并清理旧接口
补充缓存失效与余额更新测试,修复随机抖动 lint
测试: make test
2026-01-10 22:23:51 +08:00
Song Siyu
7d1fe818be
feat: antigravity 配额域限流 + SSE 上限 ( #222 )
...
* fix: 添加 gemini-3-flash 前缀映射支持 gemini-3-flash-preview
* feat(antigravity): 增强请求参数和注入 Antigravity 身份 system prompt
* feat: antigravity 配额域限流
* chore: 调整 SSE 单行上限到 25MB
* chore: 提升 SSE 单行上限到 40MB
2026-01-09 22:00:14 +08:00
Edric.Li
0a4641c24e
feat(api-key): 添加 IP 白名单/黑名单限制功能 ( #221 )
...
* feat(api-key): add IP whitelist/blacklist restriction and usage log IP tracking
- Add IP restriction feature for API keys (whitelist/blacklist with CIDR support)
- Add IP address logging to usage logs (admin-only visibility)
- Remove billing_type column from usage logs UI (redundant)
- Use generic "Access denied" error message for security
Backend:
- New ip package with IP/CIDR validation and matching utilities
- Database migrations for ip_whitelist, ip_blacklist (api_keys) and ip_address (usage_logs)
- Middleware IP restriction check after API key validation
- Input validation for IP/CIDR patterns on create/update
Frontend:
- API key form with enable toggle for IP restriction
- Shield icon indicator in table for keys with IP restriction
- Removed billing_type filter and column from usage views
* fix: update API contract tests for ip_whitelist/ip_blacklist fields
Add ip_whitelist and ip_blacklist fields to expected JSON responses
in API contract tests to match the new API key schema.
2026-01-09 21:59:32 +08:00
admin
152d0cdec6
feat(auth): 添加 Linux DO Connect OAuth 登录支持
...
- 新增 Linux DO OAuth 配置项和环境变量支持
- 实现 OAuth 授权流程和回调处理
- 前端添加 Linux DO 登录按钮和回调页面
- 支持通过 Linux DO 账号注册/登录
- 添加相关国际化文本
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-09 18:26:32 +08:00
shaw
27291f2e5f
fix(docker): 修改 Redis 配置以支持可选的密码设置
2026-01-09 17:28:55 +08:00
Edric Li
38d875b06f
feat(update): 添加在线更新和定价数据获取的代理支持
...
针对国内服务器访问 GitHub 困难的问题,为在线更新和定价数据获取功能添加代理支持。
主要变更:
- 新增 update.proxy_url 配置项,支持 http/https/socks5/socks5h 协议
- 修改 GitHubReleaseClient 和 PricingRemoteClient 支持代理配置
- 更新 Wire 依赖注入,通过 Provider 函数传递配置
- 更新 Docker 配置文件,支持通过 UPDATE_PROXY_URL 环境变量设置代理
配置示例:
update:
proxy_url: "http://127.0.0.1:7890 "
Docker 环境变量:
UPDATE_PROXY_URL=http://host.docker.internal:7890
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-07 23:15:20 +08:00
yangjianbo
17ae51c0a0
merge: 合并远程分支并修复代码冲突
...
合并了远程分支 cb72262✅ 保留 emit 模式修复(避免 vue/no-mutating-props 错误)
- ✅ 添加第三个筛选器 type(账户类型)
- ✅ 新增 antigravity 平台和 inactive 状态选项
2. UserBalanceModal.vue
- ✅ 保留 console.error 错误日志
- ✅ 添加输入验证(金额校验、余额不足检查)
- ✅ 使用 appStore.showError 向用户显示友好错误
3. AccountsView.vue
- ✅ 保留所有 console.error 错误日志(避免 no-empty 错误)
- ✅ 使用新 API:clearRateLimit 和 setSchedulable
4. UsageView.vue
- ✅ 添加 console.error 错误日志
- ✅ 添加图表功能(模型分布、使用趋势)
- ✅ 添加粒度选择(按天/按小时)
- ✅ 保留 XLSX 动态导入优化
**测试结果:**
- ✅ Go tests: PASS
- ✅ golangci-lint: 0 issues
- ✅ ESLint: 0 errors
- ✅ TypeScript: PASS
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-06 12:50:51 +08:00
yangjianbo
3f0017d1f1
fix(安全): 修复依赖漏洞并强化安全扫描
...
主要改动:
- 固定 Go 1.25.5 与 CI 校验并更新扫描流程
- 升级 quic-go、x/crypto、req 等依赖并通过 govulncheck
- 强化 JWT 校验、TLS 配置与 xlsx 动态加载
- 新增审计豁免清单与校验脚本
2026-01-06 11:36:38 +08:00
shaw
2920409404
docs: 更新 Docker 部署文档强调 JWT_SECRET 配置重要性
...
- docker-compose.yml: 添加注释说明设置固定 JWT_SECRET 可防止容器重启后登录失效
- .env.example: 添加 openssl rand -hex 32 生成安全密钥的命令
2026-01-06 09:44:54 +08:00
shaw
aaaa68ea7f
fix: 修复 CSP 策略阻止 Cloudflare Turnstile 加载的问题
...
在 script-src 和 frame-src 中添加 challenges.cloudflare.com 域名,
允许 Turnstile 脚本加载和 iframe 渲染。
2026-01-06 09:15:03 +08:00
yangjianbo
6451b3cd83
Merge branch 'test'
2026-01-05 17:05:30 +08:00
yangjianbo
c4628d4604
fix(安全): 允许在禁用白名单时使用不安全的 HTTP URL
2026-01-05 16:09:42 +08:00
yangjianbo
ee6d01fd1c
fix(配置): 更新配置文件,添加中文注释并优化部分字段说明
2026-01-05 16:06:03 +08:00
yangjianbo
5668736389
fix(依赖): 更新 Redis 镜像版本至 8-alpine
2026-01-05 15:54:47 +08:00
yangjianbo
1aef4ce20d
fix(部署): 配置文件挂载改为可选,避免 Docker 自动创建目录
...
当挂载的源文件不存在时,Docker 会自动创建同名目录而非文件。
将配置文件挂载默认注释,用户需要时先创建文件再取消注释。
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-05 15:50:29 +08:00
yangjianbo
ce7893ee44
feat(部署): 支持通过环境变量配置挂载的配置文件路径
...
- docker-compose.yml 配置文件挂载路径改为 ${CONFIG_FILE:-./config.yaml}
- .env.example 添加 CONFIG_FILE 配置项,方便用户指定自定义配置文件
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-05 15:40:30 +08:00
yangjianbo
4c1293a74c
fix(安全): CSP 策略添加 Google Fonts 支持
...
在 style-src 中添加 fonts.googleapis.com,在 font-src 中添加
fonts.gstatic.com,解决浏览器控制台因 CSP 策略阻止加载
Google Fonts 样式表的错误。
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com >
2026-01-05 15:32:36 +08:00
yangjianbo
fb313356f7
Merge branch 'main' into test-dev
2026-01-05 14:43:08 +08:00
yangjianbo
048ed061c2
fix(安全): 关闭白名单时保留最小校验与默认白名单
...
实现 allow_insecure_http 并在关闭校验时执行最小格式验证
- 关闭 allowlist 时要求 URL 可解析且 scheme 合规
- 响应头过滤关闭时使用默认白名单策略
- 更新相关文档、示例与测试覆盖
2026-01-05 14:41:08 +08:00
yangjianbo
794a9f969b
feat(安全): 添加安全开关并完善测试流程
...
实现安全开关默认关闭与响应头透传逻辑
- URL 校验与响应头过滤支持开关并覆盖流式路径
- 非流式 Content-Type 透传/默认值按配置生效
- 接入 go test、golangci-lint 与前端 lint/typecheck
- 补充相关测试与配置/文档说明
2026-01-05 13:54:43 +08:00
Jiahao Luo
204190f807
feat(crs-sync): improve error messages and add private IP allowlist support
...
## Changes
### 1. Enhanced Error Messages
- Modified CRS sync error handling to show detailed error messages
- Changed from generic "internal error" to "CRS sync failed: <details>"
- Helps diagnose connection issues with private CRS deployments
### 2. Security Configuration
- Added SECURITY_URL_ALLOWLIST_ALLOW_PRIVATE_HOSTS environment variable
- Allows administrators to enable/disable private IP access for CRS sync
- Production default: false (secure)
- Test environment default: true (convenient for internal testing)
### 3. Flexible Configuration Support
- Added config.yaml mount support in both production and test environments
- Supports dual configuration methods:
* config.yaml for detailed/complex configurations
* Environment variables for quick overrides
- Priority: ENV vars > config.yaml > defaults
## Use Case
Enables CRS sync from internal deployments where CRS resolves to private IPs
(e.g., 10.x.x.x, 192.168.x.x) while maintaining security by default.
## Files Modified
- backend/internal/handler/admin/account_handler.go
- deploy/docker-compose.yml
- deploy/docker-compose-test.yml
2026-01-05 12:57:03 +08:00
shaw
7cc7e15174
Merge branch 'IanShaw027/main'
2026-01-05 11:20:28 +08:00
Jiahao Luo
0f79c3cc0e
fix(docker): 修复 Dockerfile npm 构建错误并优化测试配置
...
- 修复 Dockerfile 使用 pnpm 替代 npm ci(适配 pnpm 迁移)
- 为 docker-compose-test.yml 添加自动构建配置
- 更新测试配置文档说明一键构建命令
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com >
2026-01-05 11:10:31 +08:00
ianshaw
118ca5cf6d
fix: 修复空content处理及更新Gemini使用指南链接
...
- 修复FilterThinkingBlocksForRetry对空content数组的处理
- docker-compose添加SECURITY_URL_ALLOWLIST_UPSTREAM_HOSTS配置
- 更新Gemini使用指南链接:检查归属地、修改归属地、激活Gemini Web
2026-01-04 18:26:39 -08:00
yangjianbo
c8e5455df0
chore(配置): 更新上游白名单默认值
...
新增 Kimi/BigModel/Minimax 官方域名到 allowlist
保持示例配置与默认值一致
2026-01-05 09:18:17 +08:00
