20a4e41872
新增 admin「渠道监控」模块(参考 BingZi-233/check-cx),独立于现有 Channel 体系。
admin 配置 + 后台定时调用上游 LLM chat completions 健康检查 + 所有登录用户只读可见。
后端:
- ent: channel_monitor + channel_monitor_history(AES-256-GCM 加密 api_key)
- service 按职责拆分:service/aggregator/validate/checker/runner/ssrf
- provider strategy map 替代 switch(openai/anthropic/gemini)
- repository batch 聚合(ListLatestForMonitorIDs + ComputeAvailabilityForMonitors)消除 N+1
- runner: ticker(5s) + pond worker pool(5) + inFlight 防并发 + TrySubmit 防雪崩
+ 凌晨 3 点 cron 清理 30 天历史
- SSRF 防护:强制 https + 私网/loopback/云元数据 IP 拒绝(127/8、10/8、172.16/12、
192.168/16、169.254/16、100.64/10、::1、fc00::/7、fe80::/10)+ DialContext
在 socket 层防 DNS rebinding
- API key sanitize:擦除 url.Error 与上游响应 body 中的 sk-/sk-ant-/AIza/JWT 模式
- APIKeyDecryptFailed 标志位 + 单 monitor 路径检测,避免空 key 调用上游
handler:
- admin: CRUD + 手动触发 + 历史接口(api_key 脱敏)
- user: 只读列表 + 状态详情(去除 api_key/endpoint)
- ParseChannelMonitorID 共用 + dto.ChannelMonitorExtraModelStatus 共用
前端:
- 路由 /admin/channels/{pricing,monitor} + /monitor(用户只读)
- AppSidebar 父项 expandOnly 支持
- ChannelMonitorView 拆为 8 个子组件 + ChannelStatusView 拆出 detail dialog
- composables/useChannelMonitorFormat + constants/channelMonitor 共享
- i18n monitorCommon namespace 消除 admin/user 两 view 重复
合规:所有文件符合 CLAUDE.md(Go ≤ 500 行 / Vue ≤ 300 行 / 函数 ≤ 30 行)
CI: go build / gofmt / golangci-lint(0 issues) / make test-unit / pnpm build 全绿
115 lines
3.4 KiB
Go
115 lines
3.4 KiB
Go
package routes
|
|
|
|
import (
|
|
"github.com/Wei-Shaw/sub2api/internal/handler"
|
|
"github.com/Wei-Shaw/sub2api/internal/server/middleware"
|
|
"github.com/Wei-Shaw/sub2api/internal/service"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
// RegisterUserRoutes 注册用户相关路由(需要认证)
|
|
func RegisterUserRoutes(
|
|
v1 *gin.RouterGroup,
|
|
h *handler.Handlers,
|
|
jwtAuth middleware.JWTAuthMiddleware,
|
|
settingService *service.SettingService,
|
|
) {
|
|
authenticated := v1.Group("")
|
|
authenticated.Use(gin.HandlerFunc(jwtAuth))
|
|
authenticated.Use(middleware.BackendModeUserGuard(settingService))
|
|
{
|
|
// 用户接口
|
|
user := authenticated.Group("/user")
|
|
{
|
|
user.GET("/profile", h.User.GetProfile)
|
|
user.PUT("/password", h.User.ChangePassword)
|
|
user.PUT("", h.User.UpdateProfile)
|
|
user.POST("/account-bindings/email/send-code", h.User.SendEmailBindingCode)
|
|
user.POST("/account-bindings/email", h.User.BindEmailIdentity)
|
|
user.DELETE("/account-bindings/:provider", h.User.UnbindIdentity)
|
|
user.POST("/auth-identities/bind/start", h.User.StartIdentityBinding)
|
|
|
|
// 通知邮箱管理
|
|
notifyEmail := user.Group("/notify-email")
|
|
{
|
|
notifyEmail.POST("/send-code", h.User.SendNotifyEmailCode)
|
|
notifyEmail.POST("/verify", h.User.VerifyNotifyEmail)
|
|
notifyEmail.PUT("/toggle", h.User.ToggleNotifyEmail)
|
|
notifyEmail.DELETE("", h.User.RemoveNotifyEmail)
|
|
}
|
|
|
|
// TOTP 双因素认证
|
|
totp := user.Group("/totp")
|
|
{
|
|
totp.GET("/status", h.Totp.GetStatus)
|
|
totp.GET("/verification-method", h.Totp.GetVerificationMethod)
|
|
totp.POST("/send-code", h.Totp.SendVerifyCode)
|
|
totp.POST("/setup", h.Totp.InitiateSetup)
|
|
totp.POST("/enable", h.Totp.Enable)
|
|
totp.POST("/disable", h.Totp.Disable)
|
|
}
|
|
}
|
|
|
|
// API Key管理
|
|
keys := authenticated.Group("/keys")
|
|
{
|
|
keys.GET("", h.APIKey.List)
|
|
keys.GET("/:id", h.APIKey.GetByID)
|
|
keys.POST("", h.APIKey.Create)
|
|
keys.PUT("/:id", h.APIKey.Update)
|
|
keys.DELETE("/:id", h.APIKey.Delete)
|
|
}
|
|
|
|
// 用户可用分组(非管理员接口)
|
|
groups := authenticated.Group("/groups")
|
|
{
|
|
groups.GET("/available", h.APIKey.GetAvailableGroups)
|
|
groups.GET("/rates", h.APIKey.GetUserGroupRates)
|
|
}
|
|
|
|
// 使用记录
|
|
usage := authenticated.Group("/usage")
|
|
{
|
|
usage.GET("", h.Usage.List)
|
|
usage.GET("/:id", h.Usage.GetByID)
|
|
usage.GET("/stats", h.Usage.Stats)
|
|
// User dashboard endpoints
|
|
usage.GET("/dashboard/stats", h.Usage.DashboardStats)
|
|
usage.GET("/dashboard/trend", h.Usage.DashboardTrend)
|
|
usage.GET("/dashboard/models", h.Usage.DashboardModels)
|
|
usage.POST("/dashboard/api-keys-usage", h.Usage.DashboardAPIKeysUsage)
|
|
}
|
|
|
|
// 公告(用户可见)
|
|
announcements := authenticated.Group("/announcements")
|
|
{
|
|
announcements.GET("", h.Announcement.List)
|
|
announcements.POST("/:id/read", h.Announcement.MarkRead)
|
|
}
|
|
|
|
// 卡密兑换
|
|
redeem := authenticated.Group("/redeem")
|
|
{
|
|
redeem.POST("", h.Redeem.Redeem)
|
|
redeem.GET("/history", h.Redeem.GetHistory)
|
|
}
|
|
|
|
// 用户订阅
|
|
subscriptions := authenticated.Group("/subscriptions")
|
|
{
|
|
subscriptions.GET("", h.Subscription.List)
|
|
subscriptions.GET("/active", h.Subscription.GetActive)
|
|
subscriptions.GET("/progress", h.Subscription.GetProgress)
|
|
subscriptions.GET("/summary", h.Subscription.GetSummary)
|
|
}
|
|
|
|
// 渠道监控(用户只读)
|
|
monitors := authenticated.Group("/channel-monitors")
|
|
{
|
|
monitors.GET("", h.ChannelMonitor.List)
|
|
monitors.GET("/:id/status", h.ChannelMonitor.GetStatus)
|
|
}
|
|
}
|
|
}
|