sub2api

Files

程序猿MT 799b010631 fix(auth): 修复 RefreshToken 使用过期 token 时的 nil pointer panic (#214 )

* fix(auth): 修复 RefreshToken 使用过期 token 时的 nil pointer panic

问题分析：
- RefreshToken 允许过期 token 继续流程（用于无感刷新）
- 但 ValidateToken 在 token 过期时返回 nil claims
- 导致后续访问 claims.UserID 时触发 panic

修复方案：
- 修改 ValidateToken，在检测到 ErrTokenExpired 时仍然返回 claims
- jwt-go 在解析时即使遇到过期错误，token.Claims 仍会被填充
- 这样 RefreshToken 可以正常获取用户信息并生成新 token

新增测试：
- TestAuthService_ValidateToken_ExpiredReturnsClaimsWithError
- TestAuthService_RefreshToken_ExpiredTokenNoPanic

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(auth): 修复邮件验证服务未配置时可绕过验证的安全漏洞

当邮件验证开启但 emailService 未配置时，原逻辑允许用户绕过验证直接注册。
现在会返回 ErrServiceUnavailable 拒绝注册，确保配置错误不会导致安全问题。

- 在验证码检查前先检查 emailService 是否配置
- 添加日志记录帮助发现配置问题
- 新增单元测试覆盖该场景

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: yangjianbo <yangjianbo@leagsoft.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-09 10:37:15 +08:00

account_expiry_service.go

feat: auto-pause expired accounts

2026-01-07 16:59:35 +08:00

account_group.go

refactor: 调整项目结构为单向依赖

2025-12-26 16:45:40 +08:00

account_service_delete_test.go

feat: auto-pause expired accounts

2026-01-07 16:59:35 +08:00

account_service.go

feat: auto-pause expired accounts

2026-01-07 16:59:35 +08:00

account_test_service.go

fix(gemini): Google One 强制使用内置 OAuth client + 自动获取 project_id + UI 优化 (#212 )

2026-01-08 23:47:29 +08:00

account_usage_service.go

feat(admin/usage): 优化管理员用量页面功能和体验

2026-01-06 22:19:07 +08:00

account.go

feat: auto-pause expired accounts

2026-01-07 16:59:35 +08:00

admin_service_create_user_test.go

refactor: migrate wechat to user attributes and enhance users list

2026-01-01 18:59:38 +08:00

admin_service_delete_test.go

test: fix unit tests for user_agent and proxy repo interface

2026-01-08 21:44:18 +08:00

admin_service_group_test.go

feat: 图片生成计费功能

2026-01-05 17:07:29 +08:00

admin_service.go

fix: update mock interfaces and fix gofmt issues for CI

2026-01-08 23:13:57 +08:00

antigravity_gateway_service_test.go

fix(backend): 修复 CI 失败问题

2026-01-05 00:56:48 +08:00

antigravity_gateway_service.go

feat(antigravity): 添加 URL fallback 机制 (sandbox → daily → prod)

2026-01-09 10:36:56 +08:00

antigravity_image_test.go

fix: 图片计费代码审查问题修复

2026-01-05 17:14:06 +08:00

antigravity_model_mapping_test.go

feat(antigravity): 增强网关功能和 thinking 块处理

2026-01-03 06:29:02 -08:00

antigravity_oauth_service.go

fix: 修复Antigravity token刷新间隔问题

2025-12-31 10:33:00 +08:00

antigravity_quota_fetcher.go

feat(antigravity): 增强网关功能和 thinking 块处理

2026-01-03 06:29:02 -08:00

antigravity_token_provider.go

refactor(service): 统一时间戳解析，支持多种格式

2025-12-31 16:25:45 +08:00

antigravity_token_refresher.go

chore(token-refresh): 添加 Antigravity Token 刷新调试日志

2025-12-31 23:37:51 +08:00

api_key_service_delete_test.go

fix(lint): 修复所有 Go 命名规范问题

2026-01-04 19:28:20 +08:00

api_key_service.go

fix(lint): 修复所有 Go 命名规范问题

2026-01-04 19:28:20 +08:00

api_key.go

fix(lint): 修复所有 Go 命名规范问题

2026-01-04 19:28:20 +08:00

auth_service_register_test.go

fix(auth): 修复 RefreshToken 使用过期 token 时的 nil pointer panic (#214 )

2026-01-09 10:37:15 +08:00

auth_service.go

fix(auth): 修复 RefreshToken 使用过期 token 时的 nil pointer panic (#214 )

2026-01-09 10:37:15 +08:00

billing_cache_port.go

refactor: 删除 ports 目录

2025-12-25 17:15:01 +08:00

billing_cache_service_test.go

perf(后端): 完成性能优化与连接池配置

2025-12-31 08:50:12 +08:00

billing_cache_service.go

fix(后端): 修复 lint 失败并清理无用代码

2026-01-04 22:10:32 +08:00

billing_service_image_test.go

feat: 图片生成计费功能

2026-01-05 17:07:29 +08:00

billing_service.go

feat: 图片生成计费功能

2026-01-05 17:07:29 +08:00

claude_code_validator.go

feat(groups): add Claude Code client restriction and session isolation

2026-01-08 23:07:00 +08:00

concurrency_service.go

perf(gateway): 优化负载感知调度

2026-01-03 06:32:51 -08:00

crs_sync_service.go

fix(安全): 关闭白名单时保留最小校验与默认白名单

2026-01-05 14:41:08 +08:00

dashboard_service.go

fix(lint): 修复所有 Go 命名规范问题

2026-01-04 19:28:20 +08:00

deferred_service.go

feat: Schedule batch update for account last_used_at

2025-12-28 09:49:54 +08:00

domain_constants.go

fix: 修复代码审查报告中的4个关键问题

2026-01-04 22:49:40 +08:00

email_queue_service.go

First commit

2025-12-18 13:50:39 +08:00

email_service.go

fix(安全): 修复依赖漏洞并强化安全扫描

2026-01-06 11:36:38 +08:00

gateway_multiplatform_test.go

fix: update mock interfaces and fix gofmt issues for CI

2026-01-08 23:13:57 +08:00

gateway_prompt_test.go

fix: 修复创建账号schedulable值默认为false的bug

2026-01-04 10:45:18 +08:00

gateway_request_test.go

fix(backend): 修复 CI 失败问题

2026-01-05 00:56:48 +08:00

gateway_request.go

fix: 修复空content处理及更新Gemini使用指南链接

2026-01-04 18:26:39 -08:00

gateway_service_benchmark_test.go

perf(后端): 完成性能优化与连接池配置

2025-12-31 08:50:12 +08:00

gateway_service.go

feat(groups): add Claude Code client restriction and session isolation

2026-01-08 23:07:00 +08:00

gemini_messages_compat_service_test.go

fix: 修复 /v1/messages 间歇性 400 错误 (#18 )

2026-01-01 04:21:18 +08:00

gemini_messages_compat_service.go

feat(groups): add Claude Code client restriction and session isolation

2026-01-08 23:07:00 +08:00

gemini_multiplatform_test.go

fix: update mock interfaces and fix gofmt issues for CI

2026-01-08 23:13:57 +08:00

gemini_oauth_service_test.go

fix(gemini): Google One 强制使用内置 OAuth client + 自动获取 project_id + UI 优化 (#212 )

2026-01-08 23:47:29 +08:00

gemini_oauth_service.go

fix(gemini): Google One 强制使用内置 OAuth client + 自动获取 project_id + UI 优化 (#212 )

2026-01-08 23:47:29 +08:00

gemini_oauth.go

feat(service): 改进 Gemini OAuth 服务层，区分 Code Assist 和 AI Studio 客户端

2025-12-26 00:11:03 -08:00

gemini_quota.go

feat(gemini): 完善 Gemini OAuth 配额系统和用量显示

2026-01-04 15:36:00 +08:00

gemini_token_cache.go

fix(backend): 移除对已删除 ports 包的依赖

2025-12-26 00:11:03 -08:00

gemini_token_provider.go

refactor(gemini): 简化用量窗口显示为等级+限流状态

2026-01-01 04:29:22 +08:00

gemini_token_refresher.go

refactor(service): 统一时间戳解析，支持多种格式

2025-12-31 16:25:45 +08:00

geminicli_codeassist.go

fix(backend): 移除对已删除 ports 包的依赖

2025-12-26 00:11:03 -08:00

group_service.go

refactor: 移除 infrastructure 目录 (#108 )

2025-12-31 23:42:01 +08:00

group_test.go

feat: 图片生成计费功能

2026-01-05 17:07:29 +08:00

group.go

feat(groups): add Claude Code client restriction and session isolation

2026-01-08 23:07:00 +08:00

http_upstream_port.go

perf(网关): 实现上游账号连接池隔离

2025-12-31 11:43:58 +08:00

identity_service.go

refactor: 删除 ports 目录

2025-12-25 17:15:01 +08:00

oauth_service.go

fix: 修复claude setup token授权效期短的问题

2025-12-27 20:42:00 +08:00

openai_gateway_service_test.go

fix(安全): 关闭白名单时保留最小校验与默认白名单

2026-01-05 14:41:08 +08:00

openai_gateway_service.go

feat(groups): add Claude Code client restriction and session isolation

2026-01-08 23:07:00 +08:00

openai_oauth_service.go

refactor: 调整项目结构为单向依赖

2025-12-26 16:45:40 +08:00

pricing_service.go

merge: 合并 upstream/main 并保留本地图片计费功能

2026-01-06 10:49:26 +08:00

proxy_service.go

feat(proxies): add account count column to proxy list

2026-01-08 21:20:12 +08:00

proxy.go

refactor: 调整项目结构为单向依赖

2025-12-26 16:45:40 +08:00

quota_fetcher.go

feat(antigravity): 增强网关功能和 thinking 块处理

2026-01-03 06:29:02 -08:00

ratelimit_service.go

feat(gemini): 完善 Gemini OAuth 配额系统和用量显示

2026-01-04 15:36:00 +08:00

redeem_code.go

refactor: 调整项目结构为单向依赖

2025-12-26 16:45:40 +08:00

redeem_service.go

refactor: 移除 infrastructure 目录 (#108 )

2025-12-31 23:42:01 +08:00

setting_service.go

merge: 合并 upstream/main 并解决冲突

2026-01-04 23:17:15 +08:00

setting.go

refactor: 调整项目结构为单向依赖

2025-12-26 16:45:40 +08:00

settings_view.go

merge: 合并 upstream/main 并解决冲突

2026-01-04 23:17:15 +08:00

subscription_service.go

refactor: 移除 infrastructure 目录 (#108 )

2025-12-31 23:42:01 +08:00

temp_unsched.go

feat(admin): 添加临时不可调度功能

2026-01-03 06:34:00 -08:00

timing_wheel_service.go

feat: Schedule batch update for account last_used_at

2025-12-28 09:49:54 +08:00

token_refresh_service.go

fix(antigravity): 优化 token 刷新错误处理

2026-01-04 15:59:21 +08:00

token_refresher_test.go

fix(lint): 修复所有 Go 命名规范问题

2026-01-04 19:28:20 +08:00

token_refresher.go

refactor(service): 统一时间戳解析，支持多种格式

2025-12-31 16:25:45 +08:00

turnstile_service.go

refactor: 移除 infrastructure 目录 (#108 )

2025-12-31 23:42:01 +08:00

update_service.go

fix(lint): 修复所有 Go 命名规范问题

2026-01-04 19:28:20 +08:00

usage_log.go

feat(usage-log): 增加请求 User-Agent 记录

2026-01-07 22:49:46 +08:00

usage_service.go

feat(admin/usage): 优化管理员用量页面功能和体验

2026-01-06 22:19:07 +08:00

user_attribute_service.go

chore: 更新依赖、配置和代码生成

2026-01-03 06:37:08 -08:00

user_attribute.go

feat(backend): add user custom attributes system

2026-01-01 18:58:34 +08:00

user_service.go

fix: resolve CI failures

2026-01-01 19:09:06 +08:00

user_subscription_port.go

refactor: 调整项目结构为单向依赖

2025-12-26 16:45:40 +08:00

user_subscription.go

refactor: 调整项目结构为单向依赖

2025-12-26 16:45:40 +08:00

user.go

fix(lint): 修复所有 Go 命名规范问题

2026-01-04 19:28:20 +08:00

wire.go

feat: auto-pause expired accounts

2026-01-07 16:59:35 +08:00