fix(gateway): 分组隔离 — 禁止未分组账号被跨组调度

当 API Key 无分组时，调度仅从未分组账号池中选取。修复 isAccountInGroup 在 groupID==nil 时的逻辑，同时补全 scheduler_snapshot_service 和 gemini_compat_service 中的 SimpleMode 保护，确保分组隔离在所有调度路径生效。新增 ListSchedulableUngroupedByPlatform/s 方法，使用 Ent 的 Not(HasAccountGroups()) 谓词实现未分组账号隔离。新增 17 个单元和端到端隔离测试，覆盖所有分支和边界条件。
2026-03-03 13:10:26 +08:00
parent 9792b17597
commit 530a16291c
14 changed files with 475 additions and 10 deletions
--- a/backend/internal/service/account_service.go
+++ b/backend/internal/service/account_service.go
@@ -54,6 +54,8 @@ type AccountRepository interface {
 	ListSchedulableByGroupIDAndPlatform(ctx context.Context, groupID int64, platform string) ([]Account, error)
 	ListSchedulableByPlatforms(ctx context.Context, platforms []string) ([]Account, error)
 	ListSchedulableByGroupIDAndPlatforms(ctx context.Context, groupID int64, platforms []string) ([]Account, error)
+	ListSchedulableUngroupedByPlatform(ctx context.Context, platform string) ([]Account, error)
+	ListSchedulableUngroupedByPlatforms(ctx context.Context, platforms []string) ([]Account, error)

 	SetRateLimited(ctx context.Context, id int64, resetAt time.Time) error
 	SetModelRateLimit(ctx context.Context, id int64, scope string, resetAt time.Time) error