oadmin/sub2api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
6d01be0c30090d3483e21b099c16ef0ba35590fd
sub2api/deploy
History
IanShaw 34c102045a fix: 修复 /v1/messages 间歇性 400 错误 (#18) 
* fix(upstream): 修复上游格式兼容性问题

- 跳过Claude模型无signature的thinking block
- 支持custom类型工具(MCP)格式转换
- 添加ClaudeCustomToolSpec结构体支持MCP工具
- 添加Custom字段验证,跳过无效custom工具
- 在convertClaudeToolsToGeminiTools中添加schema清理
- 完整的单元测试覆盖,包含边界情况

修复: Issue 0.1 signature缺失, Issue 0.2 custom工具格式
改进: Codex审查发现的2个重要问题

测试:
- TestBuildParts_ThinkingBlockWithoutSignature: 验证thinking block处理
- TestBuildTools_CustomTypeTools: 验证custom工具转换和边界情况
- TestConvertClaudeToolsToGeminiTools_CustomType: 验证service层转换

* feat(gemini): 添加Gemini限额与TierID支持

实现PR1:Gemini限额与TierID功能

后端修改:
- GeminiTokenInfo结构体添加TierID字段
- fetchProjectID函数返回(projectID, tierID, error)
- 从LoadCodeAssist响应中提取tierID(优先IsDefault,回退到第一个非空tier)
- ExchangeCode、RefreshAccountToken、GetAccessToken函数更新以处理tierID
- BuildAccountCredentials函数保存tier_id到credentials

前端修改:
- AccountStatusIndicator组件添加tier显示
- 支持LEGACY/PRO/ULTRA等tier类型的友好显示
- 使用蓝色badge展示tier信息

技术细节:
- tierID提取逻辑:优先选择IsDefault的tier,否则选择第一个非空tier
- 所有fetchProjectID调用点已更新以处理新的返回签名
- 前端gracefully处理missing/unknown tier_id

* refactor(gemini): 优化TierID实现并添加安全验证

根据并发代码审查(code-reviewer, security-auditor, gemini, codex)的反馈进行改进:

安全改进:
- 添加validateTierID函数验证tier_id格式和长度(最大64字符)
- 限制tier_id字符集为字母数字、下划线、连字符和斜杠
- 在BuildAccountCredentials中验证tier_id后再存储
- 静默跳过无效tier_id,不阻塞账户创建

代码质量改进:
- 提取extractTierIDFromAllowedTiers辅助函数消除重复代码
- 重构fetchProjectID函数,tierID提取逻辑只执行一次
- 改进代码可读性和可维护性

审查工具:
- code-reviewer agent (a09848e)
- security-auditor agent (a9a149c)
- gemini CLI (bcc7c81)
- codex (b5d8919)

修复问题:
- HIGH: 未验证的tier_id输入
- MEDIUM: 代码重复(tierID提取逻辑重复2次)

* fix(format): 修复 gofmt 格式问题

- 修复 claude_types.go 中的字段对齐问题
- 修复 gemini_messages_compat_service.go 中的缩进问题

* fix(upstream): 修复上游格式兼容性问题 (#14)

* fix(upstream): 修复上游格式兼容性问题

- 跳过Claude模型无signature的thinking block
- 支持custom类型工具(MCP)格式转换
- 添加ClaudeCustomToolSpec结构体支持MCP工具
- 添加Custom字段验证,跳过无效custom工具
- 在convertClaudeToolsToGeminiTools中添加schema清理
- 完整的单元测试覆盖,包含边界情况

修复: Issue 0.1 signature缺失, Issue 0.2 custom工具格式
改进: Codex审查发现的2个重要问题

测试:
- TestBuildParts_ThinkingBlockWithoutSignature: 验证thinking block处理
- TestBuildTools_CustomTypeTools: 验证custom工具转换和边界情况
- TestConvertClaudeToolsToGeminiTools_CustomType: 验证service层转换

* fix(format): 修复 gofmt 格式问题

- 修复 claude_types.go 中的字段对齐问题
- 修复 gemini_messages_compat_service.go 中的缩进问题

* fix(format): 修复 claude_types.go 的 gofmt 格式问题

* feat(antigravity): 优化 thinking block 和 schema 处理

- 为 dummy thinking block 添加 ThoughtSignature
- 重构 thinking block 处理逻辑,在每个条件分支内创建 part
- 优化 excludedSchemaKeys,移除 Gemini 实际支持的字段
  (minItems, maxItems, minimum, maximum, additionalProperties, format)
- 添加详细注释说明 Gemini API 支持的 schema 字段

* fix(antigravity): 增强 schema 清理的安全性

基于 Codex review 建议:
- 添加 format 字段白名单过滤,只保留 Gemini 支持的 date-time/date/time
- 补充更多不支持的 schema 关键字到黑名单:
  * 组合 schema: oneOf, anyOf, allOf, not, if/then/else
  * 对象验证: minProperties, maxProperties, patternProperties 等
  * 定义引用: $defs, definitions
- 避免不支持的 schema 字段导致 Gemini API 校验失败

* fix(lint): 修复 gemini_messages_compat_service 空分支警告

- 在 cleanToolSchema 的 if 语句中添加 continue
- 移除重复的注释

* fix(antigravity): 移除 minItems/maxItems 以兼容 Claude API

- 将 minItems 和 maxItems 添加到 schema 黑名单
- Claude API (Vertex AI) 不支持这些数组验证字段
- 添加调试日志记录工具 schema 转换过程
- 修复 tools.14.custom.input_schema 验证错误

* fix(antigravity): 修复 additionalProperties schema 对象问题

- 将 additionalProperties 的 schema 对象转换为布尔值 true
- Claude API 只支持 additionalProperties: false,不支持 schema 对象
- 修复 tools.14.custom.input_schema 验证错误
- 参考 Claude 官方文档的 JSON Schema 限制

* fix(antigravity): 修复 Claude 模型 thinking 块兼容性问题

- 完全跳过 Claude 模型的 thinking 块以避免 signature 验证失败
- 只在 Gemini 模型中使用 dummy thought signature
- 修改 additionalProperties 默认值为 false(更安全)
- 添加调试日志以便排查问题

* fix(upstream): 修复跨模型切换时的 dummy signature 问题

基于 Codex review 和用户场景分析的修复:

1. 问题场景
   - Gemini (thinking) → Claude (thinking) 切换时
   - Gemini 返回的 thinking 块使用 dummy signature
   - Claude API 会拒绝 dummy signature,导致 400 错误

2. 修复内容
   - request_transformer.go:262: 跳过 dummy signature
   - 只保留真实的 Claude signature
   - 支持频繁的跨模型切换

3. 其他修复(基于 Codex review)
   - gateway_service.go:691: 修复 io.ReadAll 错误处理
   - gateway_service.go:687: 条件日志(尊重 LogUpstreamErrorBody 配置)
   - gateway_service.go:915: 收紧 400 failover 启发式
   - request_transformer.go:188: 移除签名成功日志

4. 新增功能(默认关闭)
   - 阶段 1: 上游错误日志(GATEWAY_LOG_UPSTREAM_ERROR_BODY)
   - 阶段 2: Antigravity thinking 修复
   - 阶段 3: API-key beta 注入(GATEWAY_INJECT_BETA_FOR_APIKEY)
   - 阶段 3: 智能 400 failover(GATEWAY_FAILOVER_ON_400)

测试:所有测试通过

* fix(lint): 修复 golangci-lint 问题

- 应用 De Morgan 定律简化条件判断
- 修复 gofmt 格式问题
- 移除未使用的 min 函数
2026-01-01 04:21:18 +08:00
..
.env.example
feat(全栈): 实现简易模式核心功能
2025-12-29 03:24:15 +08:00
Caddyfile
feat: 增加caddy 安全配置示例 (#57)
2025-12-27 21:36:26 +08:00
config.example.yaml
fix: 修复 /v1/messages 间歇性 400 错误 (#18)
2026-01-01 04:21:18 +08:00
docker-compose-test.yml
chore(配置): 提升容器文件描述符上限到10万
2025-12-30 20:28:41 +08:00
docker-compose.yml
chore(配置): 提升容器文件描述符上限到10万
2025-12-30 20:28:41 +08:00
DOCKER.md
fix: add missing deploy/DOCKER.md for Docker workflow
2025-12-18 15:46:43 +08:00
install.sh
fix: 修复安装脚本通过 pipe 执行时 root 权限检查失效的问题
2025-12-28 12:25:55 +08:00
Makefile
feat: 还原误删的makefile
2025-12-30 10:29:26 +08:00
README.md
refactor(数据库): 迁移持久层到 Ent 并清理 GORM
2025-12-29 10:03:27 +08:00
sub2api.service
First commit
2025-12-18 13:50:39 +08:00

README.md

Sub2API Deployment Files

This directory contains files for deploying Sub2API on Linux servers.

Deployment Methods

Method Best For Setup Wizard
Docker Compose Quick setup, all-in-one Not needed (auto-setup)
Binary Install Production servers, systemd Web-based wizard

Files

File Description
docker-compose.yml Docker Compose configuration
.env.example Docker environment variables template
DOCKER.md Docker Hub documentation
install.sh One-click binary installation script
sub2api.service Systemd service unit file
config.example.yaml Example configuration file

Docker Deployment (Recommended)

Quick Start

# Clone repository
git clone https://github.com/Wei-Shaw/sub2api.git
cd sub2api/deploy

# Configure environment
cp .env.example .env
nano .env  # Set POSTGRES_PASSWORD (required)

# Start all services
docker-compose up -d

# View logs (check for auto-generated admin password)
docker-compose logs -f sub2api

# Access Web UI
# http://localhost:8080

How Auto-Setup Works

When using Docker Compose with AUTO_SETUP=true:

  1. On first run, the system automatically:

    • Connects to PostgreSQL and Redis
    • Applies database migrations (SQL files in backend/migrations/*.sql) and records them in schema_migrations
    • Generates JWT secret (if not provided)
    • Creates admin account (password auto-generated if not provided)
    • Writes config.yaml

  2. No manual Setup Wizard needed - just configure .env and start

  3. If ADMIN_PASSWORD is not set, check logs for the generated password:

    docker-compose logs sub2api | grep "admin password"

Database Migration Notes (PostgreSQL)

  • Migrations are applied in lexicographic order (e.g. 001_...sql, 002_...sql).
  • schema_migrations tracks applied migrations (filename + checksum).
  • Migrations are forward-only; rollback requires a DB backup restore or a manual compensating SQL script.

Verify users.allowed_groupsuser_allowed_groups backfill

During the incremental GORM→Ent migration, users.allowed_groups (legacy BIGINT[]) is being replaced by a normalized join table user_allowed_groups(user_id, group_id).

Run this query to compare the legacy data vs the join table:

WITH old_pairs AS (
  SELECT DISTINCT u.id AS user_id, x.group_id
  FROM users u
  CROSS JOIN LATERAL unnest(u.allowed_groups) AS x(group_id)
  WHERE u.allowed_groups IS NOT NULL
)
SELECT
  (SELECT COUNT(*) FROM old_pairs)           AS old_pair_count,
  (SELECT COUNT(*) FROM user_allowed_groups) AS new_pair_count;

Commands

# Start services
docker-compose up -d

# Stop services
docker-compose down

# View logs
docker-compose logs -f sub2api

# Restart Sub2API only
docker-compose restart sub2api

# Update to latest version
docker-compose pull
docker-compose up -d

# Remove all data (caution!)
docker-compose down -v

Environment Variables

Variable Required Default Description
POSTGRES_PASSWORD Yes - PostgreSQL password
SERVER_PORT No 8080 Server port
ADMIN_EMAIL No admin@sub2api.local Admin email
ADMIN_PASSWORD No (auto-generated) Admin password
JWT_SECRET No (auto-generated) JWT secret
TZ No Asia/Shanghai Timezone
GEMINI_OAUTH_CLIENT_ID No (builtin) Google OAuth client ID (Gemini OAuth). Leave empty to use the built-in Gemini CLI client.
GEMINI_OAUTH_CLIENT_SECRET No (builtin) Google OAuth client secret (Gemini OAuth). Leave empty to use the built-in Gemini CLI client.
GEMINI_OAUTH_SCOPES No (default) OAuth scopes (Gemini OAuth)

See .env.example for all available options.

Gemini OAuth Configuration

Sub2API supports three methods to connect to Gemini:

Method 1: Code Assist OAuth (Recommended for GCP Users)

No configuration needed - always uses the built-in Gemini CLI OAuth client (public).

  1. Leave GEMINI_OAUTH_CLIENT_ID and GEMINI_OAUTH_CLIENT_SECRET empty
  2. In the Admin UI, create a Gemini OAuth account and select "Code Assist" type
  3. Complete the OAuth flow in your browser

Note: Even if you configure GEMINI_OAUTH_CLIENT_ID / GEMINI_OAUTH_CLIENT_SECRET for AI Studio OAuth, Code Assist OAuth will still use the built-in Gemini CLI client.

Requirements:

  • Google account with access to Google Cloud Platform
  • A GCP project (auto-detected or manually specified)

How to get Project ID (if auto-detection fails):

  1. Go to Google Cloud Console
  2. Click the project dropdown at the top of the page
  3. Copy the Project ID (not the project name) from the list
  4. Common formats: my-project-123456 or cloud-ai-companion-xxxxx

Method 2: AI Studio OAuth (For Regular Google Accounts)

Requires your own OAuth client credentials.

Step 1: Create OAuth Client in Google Cloud Console

  1. Go to Google Cloud Console - Credentials
  2. Create a new project or select an existing one
  3. Enable the Generative Language API:
    • Go to "APIs & Services" → "Library"
    • Search for "Generative Language API"
    • Click "Enable"
  4. Configure OAuth Consent Screen (if not done):
    • Go to "APIs & Services" → "OAuth consent screen"
    • Choose "External" user type
    • Fill in app name, user support email, developer contact
    • Add scopes: https://www.googleapis.com/auth/generative-language.retriever (and optionally https://www.googleapis.com/auth/cloud-platform)
    • Add test users (your Google account email)
  5. Create OAuth 2.0 credentials:
    • Go to "APIs & Services" → "Credentials"
    • Click "Create Credentials" → "OAuth client ID"
    • Application type: Web application (or Desktop app)
    • Name: e.g., "Sub2API Gemini"
    • Authorized redirect URIs: Add http://localhost:1455/auth/callback
  6. Copy the Client ID and Client Secret
  7. ⚠️ Publish to Production (IMPORTANT):
    • Go to "APIs & Services" → "OAuth consent screen"
    • Click "PUBLISH APP" to move from Testing to Production
    • Testing mode limitations:
      • Only manually added test users can authenticate (max 100 users)
      • Refresh tokens expire after 7 days
      • Users must be re-added periodically
    • Production mode: Any Google user can authenticate, tokens don't expire
    • Note: For sensitive scopes, Google may require verification (demo video, privacy policy)

Step 2: Configure Environment Variables

GEMINI_OAUTH_CLIENT_ID=your-client-id.apps.googleusercontent.com
GEMINI_OAUTH_CLIENT_SECRET=GOCSPX-your-client-secret

Step 3: Create Account in Admin UI

  1. Create a Gemini OAuth account and select "AI Studio" type
  2. Complete the OAuth flow
    • After consent, your browser will be redirected to http://localhost:1455/auth/callback?code=...&state=...
    • Copy the full callback URL (recommended) or just the code and paste it back into the Admin UI

Method 3: API Key (Simplest)

  1. Go to Google AI Studio
  2. Click "Create API key"
  3. In Admin UI, create a Gemini API Key account
  4. Paste your API key (starts with AIza...)

Comparison Table

Feature Code Assist OAuth AI Studio OAuth API Key
Setup Complexity Easy (no config) Medium (OAuth client) Easy
GCP Project Required Yes No No
Custom OAuth Client No (built-in) Yes (required) N/A
Rate Limits GCP quota Standard Standard
Best For GCP developers Regular users needing OAuth Quick testing

Binary Installation

For production servers using systemd.

One-Line Installation

curl -sSL https://raw.githubusercontent.com/Wei-Shaw/sub2api/main/deploy/install.sh | sudo bash

Manual Installation

  1. Download the latest release from GitHub Releases
  2. Extract and copy the binary to /opt/sub2api/
  3. Copy sub2api.service to /etc/systemd/system/
  4. Run: 
    sudo systemctl daemon-reload
sudo systemctl enable sub2api
sudo systemctl start sub2api
  5. Open the Setup Wizard in your browser to complete configuration

Commands

# Install
sudo ./install.sh

# Upgrade
sudo ./install.sh upgrade

# Uninstall
sudo ./install.sh uninstall

Service Management

# Start the service
sudo systemctl start sub2api

# Stop the service
sudo systemctl stop sub2api

# Restart the service
sudo systemctl restart sub2api

# Check status
sudo systemctl status sub2api

# View logs
sudo journalctl -u sub2api -f

# Enable auto-start on boot
sudo systemctl enable sub2api

Configuration

Server Address and Port

During installation, you will be prompted to configure the server listen address and port. These settings are stored in the systemd service file as environment variables.

To change after installation:

  1. Edit the systemd service:

    sudo systemctl edit sub2api

  2. Add or modify:

    [Service]
Environment=SERVER_HOST=0.0.0.0
Environment=SERVER_PORT=3000

  3. Reload and restart:

    sudo systemctl daemon-reload
sudo systemctl restart sub2api

Gemini OAuth Configuration

If you need to use AI Studio OAuth for Gemini accounts, add the OAuth client credentials to the systemd service file:

  1. Edit the service file:

    sudo nano /etc/systemd/system/sub2api.service

  2. Add your OAuth credentials in the [Service] section (after the existing Environment= lines):

    Environment=GEMINI_OAUTH_CLIENT_ID=your-client-id.apps.googleusercontent.com
Environment=GEMINI_OAUTH_CLIENT_SECRET=GOCSPX-your-client-secret

  3. Reload and restart:

    sudo systemctl daemon-reload
sudo systemctl restart sub2api

Note: Code Assist OAuth does not require any configuration - it uses the built-in Gemini CLI client. See the Gemini OAuth Configuration section above for detailed setup instructions.

Application Configuration

The main config file is at /etc/sub2api/config.yaml (created by Setup Wizard).

Prerequisites

  • Linux server (Ubuntu 20.04+, Debian 11+, CentOS 8+, etc.)
  • PostgreSQL 14+
  • Redis 6+
  • systemd

Directory Structure

/opt/sub2api/
├── sub2api              # Main binary
├── sub2api.backup       # Backup (after upgrade)
└── data/                # Runtime data

/etc/sub2api/
└── config.yaml          # Configuration file

Troubleshooting

Docker

# Check container status
docker-compose ps

# View detailed logs
docker-compose logs --tail=100 sub2api

# Check database connection
docker-compose exec postgres pg_isready

# Check Redis connection
docker-compose exec redis redis-cli ping

# Restart all services
docker-compose restart

Binary Install

# Check service status
sudo systemctl status sub2api

# View recent logs
sudo journalctl -u sub2api -n 50

# Check config file
sudo cat /etc/sub2api/config.yaml

# Check PostgreSQL
sudo systemctl status postgresql

# Check Redis
sudo systemctl status redis

Common Issues

  1. Port already in use: Change SERVER_PORT in .env or systemd config
  2. Database connection failed: Check PostgreSQL is running and credentials are correct
  3. Redis connection failed: Check Redis is running and password is correct
  4. Permission denied: Ensure proper file ownership for binary install