From 6d0152c8e2e32f00e88de16fefa456cf4cadb758 Mon Sep 17 00:00:00 2001 From: shaw Date: Thu, 5 Feb 2026 13:39:31 +0800 Subject: [PATCH] =?UTF-8?q?chore:=20=E7=A7=BB=E9=99=A4=E5=A4=9A=E4=BD=99?= =?UTF-8?q?=E7=9A=84=E6=96=87=E6=A1=A3/=E9=85=8D=E7=BD=AE=E7=A4=BA?= =?UTF-8?q?=E4=BE=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Linux DO Connect.md | 368 ----------------------------- config.yaml | 556 -------------------------------------------- 2 files changed, 924 deletions(-) delete mode 100644 Linux DO Connect.md delete mode 100644 config.yaml diff --git a/Linux DO Connect.md b/Linux DO Connect.md deleted file mode 100644 index 7ca1260f..00000000 --- a/Linux DO Connect.md +++ /dev/null @@ -1,368 +0,0 @@ -# Linux DO Connect - -OAuth(Open Authorization)是一个开放的网络授权标准,目前最新版本为 OAuth 2.0。我们日常使用的第三方登录(如 Google 账号登录)就采用了该标准。OAuth 允许用户授权第三方应用访问存储在其他服务提供商(如 Google)上的信息,无需在不同平台上重复填写注册信息。用户授权后,平台可以直接访问用户的账户信息进行身份验证,而用户无需向第三方应用提供密码。 - -目前系统已实现完整的 OAuth2 授权码(code)方式鉴权,但界面等配套功能还在持续完善中。让我们一起打造一个更完善的共享方案。 - -## 基本介绍 - -这是一套标准的 OAuth2 鉴权系统,可以让开发者共享论坛的用户基本信息。 - -- 可获取字段: - -| 参数 | 说明 | -| ----------------- | ------------------------------- | -| `id` | 用户唯一标识(不可变) | -| `username` | 论坛用户名 | -| `name` | 论坛用户昵称(可变) | -| `avatar_template` | 用户头像模板URL(支持多种尺寸) | -| `active` | 账号活跃状态 | -| `trust_level` | 信任等级(0-4) | -| `silenced` | 禁言状态 | -| `external_ids` | 外部ID关联信息 | -| `api_key` | API访问密钥 | - -通过这些信息,公益网站/接口可以实现: - -1. 基于 `id` 的服务频率限制 -2. 基于 `trust_level` 的服务额度分配 -3. 基于用户信息的滥用举报机制 - -## 相关端点 - -- Authorize 端点: `https://connect.linux.do/oauth2/authorize` -- Token 端点:`https://connect.linux.do/oauth2/token` -- 用户信息 端点:`https://connect.linux.do/api/user` - -## 申请使用 - -- 访问 [Connect.Linux.Do](https://connect.linux.do/) 申请接入你的应用。 - -![linuxdoconnect_1](https://wiki.linux.do/_next/image?url=%2Flinuxdoconnect_1.png&w=1080&q=75) - -- 点击 **`我的应用接入`** - **`申请新接入`**,填写相关信息。其中 **`回调地址`** 是你的应用接收用户信息的地址。 - -![linuxdoconnect_2](https://wiki.linux.do/_next/image?url=%2Flinuxdoconnect_2.png&w=1080&q=75) - -- 申请成功后,你将获得 **`Client Id`** 和 **`Client Secret`**,这是你应用的唯一身份凭证。 - -![linuxdoconnect_3](https://wiki.linux.do/_next/image?url=%2Flinuxdoconnect_3.png&w=1080&q=75) - -## 接入 Linux Do - -JavaScript -```JavaScript -// 安装第三方请求库(或使用原生的 Fetch API),本例中使用 axios -// npm install axios - -// 通过 OAuth2 获取 Linux Do 用户信息的参考流程 -const axios = require('axios'); -const readline = require('readline'); - -// 配置信息(建议通过环境变量配置,避免使用硬编码) -const CLIENT_ID = '你的 Client ID'; -const CLIENT_SECRET = '你的 Client Secret'; -const REDIRECT_URI = '你的回调地址'; -const AUTH_URL = 'https://connect.linux.do/oauth2/authorize'; -const TOKEN_URL = 'https://connect.linux.do/oauth2/token'; -const USER_INFO_URL = 'https://connect.linux.do/api/user'; - -// 第一步:生成授权 URL -function getAuthUrl() { - const params = new URLSearchParams({ - client_id: CLIENT_ID, - redirect_uri: REDIRECT_URI, - response_type: 'code', - scope: 'user' - }); - - return `${AUTH_URL}?${params.toString()}`; -} - -// 第二步:获取 code 参数 -function getCode() { - return new Promise((resolve) => { - // 本例中使用终端输入来模拟流程,仅供本地测试 - // 请在实际应用中替换为真实的处理逻辑 - const rl = readline.createInterface({ input: process.stdin, output: process.stdout }); - rl.question('从回调 URL 中提取出 code,粘贴到此处并按回车:', (answer) => { - rl.close(); - resolve(answer.trim()); - }); - }); -} - -// 第三步:使用 code 参数获取访问令牌 -async function getAccessToken(code) { - try { - const form = new URLSearchParams({ - client_id: CLIENT_ID, - client_secret: CLIENT_SECRET, - code: code, - redirect_uri: REDIRECT_URI, - grant_type: 'authorization_code' - }).toString(); - - const response = await axios.post(TOKEN_URL, form, { - // 提醒:需正确配置请求头,否则无法正常获取访问令牌 - headers: { - 'Content-Type': 'application/x-www-form-urlencoded', - 'Accept': 'application/json' - } - }); - - return response.data; - } catch (error) { - console.error(`获取访问令牌失败:${error.response ? JSON.stringify(error.response.data) : error.message}`); - throw error; - } -} - -// 第四步:使用访问令牌获取用户信息 -async function getUserInfo(accessToken) { - try { - const response = await axios.get(USER_INFO_URL, { - headers: { - Authorization: `Bearer ${accessToken}` - } - }); - - return response.data; - } catch (error) { - console.error(`获取用户信息失败:${error.response ? JSON.stringify(error.response.data) : error.message}`); - throw error; - } -} - -// 主流程 -async function main() { - // 1. 生成授权 URL,前端引导用户访问授权页 - const authUrl = getAuthUrl(); - console.log(`请访问此 URL 授权:${authUrl} -`); - - // 2. 用户授权后,从回调 URL 获取 code 参数 - const code = await getCode(); - - try { - // 3. 使用 code 参数获取访问令牌 - const tokenData = await getAccessToken(code); - const accessToken = tokenData.access_token; - - // 4. 使用访问令牌获取用户信息 - if (accessToken) { - const userInfo = await getUserInfo(accessToken); - console.log(` -获取用户信息成功:${JSON.stringify(userInfo, null, 2)}`); - } else { - console.log(` -获取访问令牌失败:${JSON.stringify(tokenData)}`); - } - } catch (error) { - console.error('发生错误:', error); - } -} -``` -Python -```python -# 安装第三方请求库,本例中使用 requests -# pip install requests - -# 通过 OAuth2 获取 Linux Do 用户信息的参考流程 -import requests -import json - -# 配置信息(建议通过环境变量配置,避免使用硬编码) -CLIENT_ID = '你的 Client ID' -CLIENT_SECRET = '你的 Client Secret' -REDIRECT_URI = '你的回调地址' -AUTH_URL = 'https://connect.linux.do/oauth2/authorize' -TOKEN_URL = 'https://connect.linux.do/oauth2/token' -USER_INFO_URL = 'https://connect.linux.do/api/user' - -# 第一步:生成授权 URL -def get_auth_url(): - params = { - 'client_id': CLIENT_ID, - 'redirect_uri': REDIRECT_URI, - 'response_type': 'code', - 'scope': 'user' - } - auth_url = f"{AUTH_URL}?{'&'.join(f'{k}={v}' for k, v in params.items())}" - return auth_url - -# 第二步:获取 code 参数 -def get_code(): - # 本例中使用终端输入来模拟流程,仅供本地测试 - # 请在实际应用中替换为真实的处理逻辑 - return input('从回调 URL 中提取出 code,粘贴到此处并按回车:').strip() - -# 第三步:使用 code 参数获取访问令牌 -def get_access_token(code): - try: - data = { - 'client_id': CLIENT_ID, - 'client_secret': CLIENT_SECRET, - 'code': code, - 'redirect_uri': REDIRECT_URI, - 'grant_type': 'authorization_code' - } - # 提醒:需正确配置请求头,否则无法正常获取访问令牌 - headers = { - 'Content-Type': 'application/x-www-form-urlencoded', - 'Accept': 'application/json' - } - response = requests.post(TOKEN_URL, data=data, headers=headers) - response.raise_for_status() - return response.json() - except requests.exceptions.RequestException as e: - print(f"获取访问令牌失败:{e}") - return None - -# 第四步:使用访问令牌获取用户信息 -def get_user_info(access_token): - try: - headers = { - 'Authorization': f'Bearer {access_token}' - } - response = requests.get(USER_INFO_URL, headers=headers) - response.raise_for_status() - return response.json() - except requests.exceptions.RequestException as e: - print(f"获取用户信息失败:{e}") - return None - -# 主流程 -if __name__ == '__main__': - # 1. 生成授权 URL,前端引导用户访问授权页 - auth_url = get_auth_url() - print(f'请访问此 URL 授权:{auth_url} -') - - # 2. 用户授权后,从回调 URL 获取 code 参数 - code = get_code() - - # 3. 使用 code 参数获取访问令牌 - token_data = get_access_token(code) - if token_data: - access_token = token_data.get('access_token') - - # 4. 使用访问令牌获取用户信息 - if access_token: - user_info = get_user_info(access_token) - if user_info: - print(f" -获取用户信息成功:{json.dumps(user_info, indent=2)}") - else: - print(" -获取用户信息失败") - else: - print(f" -获取访问令牌失败:{json.dumps(token_data, indent=2)}") - else: - print(" -获取访问令牌失败") -``` -PHP -```php -// 通过 OAuth2 获取 Linux Do 用户信息的参考流程 - -// 配置信息 -$CLIENT_ID = '你的 Client ID'; -$CLIENT_SECRET = '你的 Client Secret'; -$REDIRECT_URI = '你的回调地址'; -$AUTH_URL = 'https://connect.linux.do/oauth2/authorize'; -$TOKEN_URL = 'https://connect.linux.do/oauth2/token'; -$USER_INFO_URL = 'https://connect.linux.do/api/user'; - -// 生成授权 URL -function getAuthUrl($clientId, $redirectUri) { - global $AUTH_URL; - return $AUTH_URL . '?' . http_build_query([ - 'client_id' => $clientId, - 'redirect_uri' => $redirectUri, - 'response_type' => 'code', - 'scope' => 'user' - ]); -} - -// 使用 code 参数获取用户信息(合并获取令牌和获取用户信息的步骤) -function getUserInfoWithCode($code, $clientId, $clientSecret, $redirectUri) { - global $TOKEN_URL, $USER_INFO_URL; - - // 1. 获取访问令牌 - $ch = curl_init($TOKEN_URL); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($ch, CURLOPT_POST, true); - curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([ - 'client_id' => $clientId, - 'client_secret' => $clientSecret, - 'code' => $code, - 'redirect_uri' => $redirectUri, - 'grant_type' => 'authorization_code' - ])); - curl_setopt($ch, CURLOPT_HTTPHEADER, [ - 'Content-Type: application/x-www-form-urlencoded', - 'Accept: application/json' - ]); - - $tokenResponse = curl_exec($ch); - curl_close($ch); - - $tokenData = json_decode($tokenResponse, true); - if (!isset($tokenData['access_token'])) { - return ['error' => '获取访问令牌失败', 'details' => $tokenData]; - } - - // 2. 获取用户信息 - $ch = curl_init($USER_INFO_URL); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($ch, CURLOPT_HTTPHEADER, [ - 'Authorization: Bearer ' . $tokenData['access_token'] - ]); - - $userResponse = curl_exec($ch); - curl_close($ch); - - return json_decode($userResponse, true); -} - -// 主流程 -// 1. 生成授权 URL -$authUrl = getAuthUrl($CLIENT_ID, $REDIRECT_URI); -echo "使用 Linux Do 登录"; - -// 2. 处理回调并获取用户信息 -if (isset($_GET['code'])) { - $userInfo = getUserInfoWithCode( - $_GET['code'], - $CLIENT_ID, - $CLIENT_SECRET, - $REDIRECT_URI - ); - - if (isset($userInfo['error'])) { - echo '错误: ' . $userInfo['error']; - } else { - echo '欢迎, ' . $userInfo['name'] . '!'; - // 处理用户登录逻辑... - } -} -``` - -## 使用说明 - -### 授权流程 - -1. 用户点击应用中的’使用 Linux Do 登录’按钮 -2. 系统将用户重定向至 Linux Do 的授权页面 -3. 用户完成授权后,系统自动重定向回应用并携带授权码 -4. 应用使用授权码获取访问令牌 -5. 使用访问令牌获取用户信息 - -### 安全建议 - -- 切勿在前端代码中暴露 Client Secret -- 对所有用户输入数据进行严格验证 -- 确保使用 HTTPS 协议传输数据 -- 定期更新并妥善保管 Client Secret \ No newline at end of file diff --git a/config.yaml b/config.yaml deleted file mode 100644 index 1cbd8c11..00000000 --- a/config.yaml +++ /dev/null @@ -1,556 +0,0 @@ -# Sub2API Configuration File -# Sub2API 配置文件 -# -# Copy this file to /etc/sub2api/config.yaml and modify as needed -# 复制此文件到 /etc/sub2api/config.yaml 并根据需要修改 -# -# Documentation / 文档: https://github.com/Wei-Shaw/sub2api - -# ============================================================================= -# Server Configuration -# 服务器配置 -# ============================================================================= -server: - # Bind address (0.0.0.0 for all interfaces) - # 绑定地址(0.0.0.0 表示监听所有网络接口) - host: "0.0.0.0" - # Port to listen on - # 监听端口 - port: 8080 - # Mode: "debug" for development, "release" for production - # 运行模式:"debug" 用于开发,"release" 用于生产环境 - mode: "release" - # Trusted proxies for X-Forwarded-For parsing (CIDR/IP). Empty disables trusted proxies. - # 信任的代理地址(CIDR/IP 格式),用于解析 X-Forwarded-For 头。留空则禁用代理信任。 - trusted_proxies: [] - # Global max request body size in bytes (default: 100MB) - # 全局最大请求体大小(字节,默认 100MB) - # Applies to all requests, especially important for h2c first request memory protection - # 适用于所有请求,对 h2c 第一请求的内存保护尤为重要 - max_request_body_size: 104857600 - # HTTP/2 Cleartext (h2c) configuration - # HTTP/2 Cleartext (h2c) 配置 - h2c: - # Enable HTTP/2 Cleartext for client connections - # 启用 HTTP/2 Cleartext 客户端连接 - enabled: true - # Max concurrent streams per connection - # 每个连接的最大并发流数量 - max_concurrent_streams: 50 - # Idle timeout for connections (seconds) - # 连接空闲超时时间(秒) - idle_timeout: 75 - # Max frame size in bytes (default: 1MB) - # 最大帧大小(字节,默认 1MB) - max_read_frame_size: 1048576 - # Max upload buffer per connection in bytes (default: 2MB) - # 每个连接的最大上传缓冲区(字节,默认 2MB) - max_upload_buffer_per_connection: 2097152 - # Max upload buffer per stream in bytes (default: 512KB) - # 每个流的最大上传缓冲区(字节,默认 512KB) - max_upload_buffer_per_stream: 524288 - -# ============================================================================= -# Run Mode Configuration -# 运行模式配置 -# ============================================================================= -# Run mode: "standard" (default) or "simple" (for internal use) -# 运行模式:"standard"(默认)或 "simple"(内部使用) -# - standard: Full SaaS features with billing/balance checks -# - standard: 完整 SaaS 功能,包含计费和余额校验 -# - simple: Hides SaaS features and skips billing/balance checks -# - simple: 隐藏 SaaS 功能,跳过计费和余额校验 -run_mode: "standard" - -# ============================================================================= -# CORS Configuration -# 跨域资源共享 (CORS) 配置 -# ============================================================================= -cors: - # Allowed origins list. Leave empty to disable cross-origin requests. - # 允许的来源列表。留空则禁用跨域请求。 - allowed_origins: [] - # Allow credentials (cookies/authorization headers). Cannot be used with "*". - # 允许携带凭证(cookies/授权头)。不能与 "*" 通配符同时使用。 - allow_credentials: true - -# ============================================================================= -# Security Configuration -# 安全配置 -# ============================================================================= -security: - url_allowlist: - # Enable URL allowlist validation (disable to skip all URL checks) - # 启用 URL 白名单验证(禁用则跳过所有 URL 检查) - enabled: false - # Allowed upstream hosts for API proxying - # 允许代理的上游 API 主机列表 - upstream_hosts: - - "api.openai.com" - - "api.anthropic.com" - - "api.kimi.com" - - "open.bigmodel.cn" - - "api.minimaxi.com" - - "generativelanguage.googleapis.com" - - "cloudcode-pa.googleapis.com" - - "*.openai.azure.com" - # Allowed hosts for pricing data download - # 允许下载定价数据的主机列表 - pricing_hosts: - - "raw.githubusercontent.com" - # Allowed hosts for CRS sync (required when using CRS sync) - # 允许 CRS 同步的主机列表(使用 CRS 同步功能时必须配置) - crs_hosts: [] - # Allow localhost/private IPs for upstream/pricing/CRS (use only in trusted networks) - # 允许本地/私有 IP 地址用于上游/定价/CRS(仅在可信网络中使用) - allow_private_hosts: true - # Allow http:// URLs when allowlist is disabled (default: false, require https) - # 白名单禁用时是否允许 http:// URL(默认: false,要求 https) - allow_insecure_http: true - response_headers: - # Enable configurable response header filtering (disable to use default allowlist) - # 启用可配置的响应头过滤(禁用则使用默认白名单) - enabled: false - # Extra allowed response headers from upstream - # 额外允许的上游响应头 - additional_allowed: [] - # Force-remove response headers from upstream - # 强制移除的上游响应头 - force_remove: [] - csp: - # Enable Content-Security-Policy header - # 启用内容安全策略 (CSP) 响应头 - enabled: true - # Default CSP policy (override if you host assets on other domains) - # 默认 CSP 策略(如果静态资源托管在其他域名,请自行覆盖) - policy: "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'" - proxy_probe: - # Allow skipping TLS verification for proxy probe (debug only) - # 允许代理探测时跳过 TLS 证书验证(仅用于调试) - insecure_skip_verify: false - -# ============================================================================= -# Gateway Configuration -# 网关配置 -# ============================================================================= -gateway: - # Timeout for waiting upstream response headers (seconds) - # 等待上游响应头超时时间(秒) - response_header_timeout: 600 - # Max request body size in bytes (default: 100MB) - # 请求体最大字节数(默认 100MB) - max_body_size: 104857600 - # Connection pool isolation strategy: - # 连接池隔离策略: - # - proxy: Isolate by proxy, same proxy shares connection pool (suitable for few proxies, many accounts) - # - proxy: 按代理隔离,同一代理共享连接池(适合代理少、账户多) - # - account: Isolate by account, same account shares connection pool (suitable for few accounts, strict isolation) - # - account: 按账户隔离,同一账户共享连接池(适合账户少、需严格隔离) - # - account_proxy: Isolate by account+proxy combination (default, finest granularity) - # - account_proxy: 按账户+代理组合隔离(默认,最细粒度) - connection_pool_isolation: "account_proxy" - # HTTP upstream connection pool settings (HTTP/2 + multi-proxy scenario defaults) - # HTTP 上游连接池配置(HTTP/2 + 多代理场景默认值) - # Max idle connections across all hosts - # 所有主机的最大空闲连接数 - max_idle_conns: 240 - # Max idle connections per host - # 每个主机的最大空闲连接数 - max_idle_conns_per_host: 120 - # Max connections per host - # 每个主机的最大连接数 - max_conns_per_host: 240 - # Idle connection timeout (seconds) - # 空闲连接超时时间(秒) - idle_conn_timeout_seconds: 90 - # Upstream client cache settings - # 上游连接池客户端缓存配置 - # max_upstream_clients: Max cached clients, evicts least recently used when exceeded - # max_upstream_clients: 最大缓存客户端数量,超出后淘汰最久未使用的 - max_upstream_clients: 5000 - # client_idle_ttl_seconds: Client idle reclaim threshold (seconds), reclaimed when idle and no active requests - # client_idle_ttl_seconds: 客户端空闲回收阈值(秒),超时且无活跃请求时回收 - client_idle_ttl_seconds: 900 - # Concurrency slot expiration time (minutes) - # 并发槽位过期时间(分钟) - concurrency_slot_ttl_minutes: 30 - # Stream data interval timeout (seconds), 0=disable - # 流数据间隔超时(秒),0=禁用 - stream_data_interval_timeout: 180 - # Stream keepalive interval (seconds), 0=disable - # 流式 keepalive 间隔(秒),0=禁用 - stream_keepalive_interval: 10 - # SSE max line size in bytes (default: 40MB) - # SSE 单行最大字节数(默认 40MB) - max_line_size: 41943040 - # Log upstream error response body summary (safe/truncated; does not log request content) - # 记录上游错误响应体摘要(安全/截断;不记录请求内容) - log_upstream_error_body: true - # Max bytes to log from upstream error body - # 记录上游错误响应体的最大字节数 - log_upstream_error_body_max_bytes: 2048 - # Auto inject anthropic-beta header for API-key accounts when needed (default: off) - # 需要时自动为 API-key 账户注入 anthropic-beta 头(默认:关闭) - inject_beta_for_apikey: false - # Allow failover on selected 400 errors (default: off) - # 允许在特定 400 错误时进行故障转移(默认:关闭) - failover_on_400: false - -# ============================================================================= -# API Key Auth Cache Configuration -# API Key 认证缓存配置 -# ============================================================================= -api_key_auth_cache: - # L1 cache size (entries), in-process LRU/TTL cache - # L1 缓存容量(条目数),进程内 LRU/TTL 缓存 - l1_size: 65535 - # L1 cache TTL (seconds) - # L1 缓存 TTL(秒) - l1_ttl_seconds: 15 - # L2 cache TTL (seconds), stored in Redis - # L2 缓存 TTL(秒),Redis 中存储 - l2_ttl_seconds: 300 - # Negative cache TTL (seconds) - # 负缓存 TTL(秒) - negative_ttl_seconds: 30 - # TTL jitter percent (0-100) - # TTL 抖动百分比(0-100) - jitter_percent: 10 - # Enable singleflight for cache misses - # 缓存未命中时启用 singleflight 合并回源 - singleflight: true - -# ============================================================================= -# Dashboard Cache Configuration -# 仪表盘缓存配置 -# ============================================================================= -dashboard_cache: - # Enable dashboard cache - # 启用仪表盘缓存 - enabled: true - # Redis key prefix for multi-environment isolation - # Redis key 前缀,用于多环境隔离 - key_prefix: "sub2api:" - # Fresh TTL (seconds); within this window cached stats are considered fresh - # 新鲜阈值(秒);命中后处于该窗口视为新鲜数据 - stats_fresh_ttl_seconds: 15 - # Cache TTL (seconds) stored in Redis - # Redis 缓存 TTL(秒) - stats_ttl_seconds: 30 - # Async refresh timeout (seconds) - # 异步刷新超时(秒) - stats_refresh_timeout_seconds: 30 - -# ============================================================================= -# Dashboard Aggregation Configuration -# 仪表盘预聚合配置(重启生效) -# ============================================================================= -dashboard_aggregation: - # Enable aggregation job - # 启用聚合作业 - enabled: true - # Refresh interval (seconds) - # 刷新间隔(秒) - interval_seconds: 60 - # Lookback window (seconds) for late-arriving data - # 回看窗口(秒),处理迟到数据 - lookback_seconds: 120 - # Allow manual backfill - # 允许手动回填 - backfill_enabled: false - # Backfill max range (days) - # 回填最大跨度(天) - backfill_max_days: 31 - # Recompute recent N days on startup - # 启动时重算最近 N 天 - recompute_days: 2 - # Retention windows (days) - # 保留窗口(天) - retention: - # Raw usage_logs retention - # 原始 usage_logs 保留天数 - usage_logs_days: 90 - # Hourly aggregation retention - # 小时聚合保留天数 - hourly_days: 180 - # Daily aggregation retention - # 日聚合保留天数 - daily_days: 730 - -# ============================================================================= -# Usage Cleanup Task Configuration -# 使用记录清理任务配置(重启生效) -# ============================================================================= -usage_cleanup: - # Enable cleanup task worker - # 启用清理任务执行器 - enabled: true - # Max date range (days) per task - # 单次任务最大时间跨度(天) - max_range_days: 31 - # Batch delete size - # 单批删除数量 - batch_size: 5000 - # Worker interval (seconds) - # 执行器轮询间隔(秒) - worker_interval_seconds: 10 - # Task execution timeout (seconds) - # 单次任务最大执行时长(秒) - task_timeout_seconds: 1800 - -# ============================================================================= -# Concurrency Wait Configuration -# 并发等待配置 -# ============================================================================= -concurrency: - # SSE ping interval during concurrency wait (seconds) - # 并发等待期间的 SSE ping 间隔(秒) - ping_interval: 10 - -# ============================================================================= -# Database Configuration (PostgreSQL) -# 数据库配置 (PostgreSQL) -# ============================================================================= -database: - # Database host address - # 数据库主机地址 - host: "localhost" - # Database port - # 数据库端口 - port: 5432 - # Database username - # 数据库用户名 - user: "postgres" - # Database password - # 数据库密码 - password: "your_secure_password_here" - # Database name - # 数据库名称 - dbname: "sub2api" - # SSL mode: disable, require, verify-ca, verify-full - # SSL 模式:disable(禁用), require(要求), verify-ca(验证CA), verify-full(完全验证) - sslmode: "disable" - -# ============================================================================= -# Redis Configuration -# Redis 配置 -# ============================================================================= -redis: - # Redis host address - # Redis 主机地址 - host: "localhost" - # Redis port - # Redis 端口 - port: 6379 - # Redis password (leave empty if no password is set) - # Redis 密码(如果未设置密码则留空) - password: "" - # Database number (0-15) - # 数据库编号(0-15) - db: 0 - # Enable TLS/SSL connection - # 是否启用 TLS/SSL 连接 - enable_tls: false - -# ============================================================================= -# Ops Monitoring (Optional) -# 运维监控 (可选) -# ============================================================================= -ops: - # Hard switch: disable all ops background jobs and APIs when false - # 硬开关:为 false 时禁用所有 Ops 后台任务与接口 - enabled: true - - # Prefer pre-aggregated tables (ops_metrics_hourly/ops_metrics_daily) for long-window dashboard queries. - # 优先使用预聚合表(用于长时间窗口查询性能) - use_preaggregated_tables: false - - # Data cleanup configuration - # 数据清理配置(vNext 默认统一保留 30 天) - cleanup: - enabled: true - # Cron expression (minute hour dom month dow), e.g. "0 2 * * *" = daily at 2 AM - # Cron 表达式(分 时 日 月 周),例如 "0 2 * * *" = 每天凌晨 2 点 - schedule: "0 2 * * *" - error_log_retention_days: 30 - minute_metrics_retention_days: 30 - hourly_metrics_retention_days: 30 - - # Pre-aggregation configuration - # 预聚合任务配置 - aggregation: - enabled: true - - # OpsMetricsCollector Redis cache (reduces duplicate expensive window aggregation in multi-replica deployments) - # 指标采集 Redis 缓存(多副本部署时减少重复计算) - metrics_collector_cache: - enabled: true - ttl: 65s - -# ============================================================================= -# JWT Configuration -# JWT 配置 -# ============================================================================= -jwt: - # IMPORTANT: Change this to a random string in production! - # 重要:生产环境中请更改为随机字符串! - # Generate with / 生成命令: openssl rand -hex 32 - secret: "change-this-to-a-secure-random-string" - # Token expiration time in hours (max 24) - # 令牌过期时间(小时,最大 24) - expire_hour: 24 - -# ============================================================================= -# Default Settings -# 默认设置 -# ============================================================================= -default: - # Initial admin account (created on first run) - # 初始管理员账户(首次运行时创建) - admin_email: "admin@example.com" - admin_password: "admin123" - - # Default settings for new users - # 新用户默认设置 - # Max concurrent requests per user - # 每用户最大并发请求数 - user_concurrency: 5 - # Initial balance for new users - # 新用户初始余额 - user_balance: 0 - - # API key settings - # API 密钥设置 - # Prefix for generated API keys - # 生成的 API 密钥前缀 - api_key_prefix: "sk-" - - # Rate multiplier (affects billing calculation) - # 费率倍数(影响计费计算) - rate_multiplier: 1.0 - -# ============================================================================= -# Rate Limiting -# 速率限制 -# ============================================================================= -rate_limit: - # Cooldown time (in minutes) when upstream returns 529 (overloaded) - # 上游返回 529(过载)时的冷却时间(分钟) - overload_cooldown_minutes: 10 - -# ============================================================================= -# Pricing Data Source (Optional) -# 定价数据源(可选) -# ============================================================================= -pricing: - # URL to fetch model pricing data (default: LiteLLM) - # 获取模型定价数据的 URL(默认:LiteLLM) - remote_url: "https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json" - # Hash verification URL (optional) - # 哈希校验 URL(可选) - hash_url: "" - # Local data directory for caching - # 本地数据缓存目录 - data_dir: "./data" - # Fallback pricing file - # 备用定价文件 - fallback_file: "./resources/model-pricing/model_prices_and_context_window.json" - # Update interval in hours - # 更新间隔(小时) - update_interval_hours: 24 - # Hash check interval in minutes - # 哈希检查间隔(分钟) - hash_check_interval_minutes: 10 - -# ============================================================================= -# Billing Configuration -# 计费配置 -# ============================================================================= -billing: - circuit_breaker: - # Enable circuit breaker for billing service - # 启用计费服务熔断器 - enabled: true - # Number of failures before opening circuit - # 触发熔断的失败次数阈值 - failure_threshold: 5 - # Time to wait before attempting reset (seconds) - # 熔断后重试等待时间(秒) - reset_timeout_seconds: 30 - # Number of requests to allow in half-open state - # 半开状态允许通过的请求数 - half_open_requests: 3 - -# ============================================================================= -# Turnstile Configuration -# Turnstile 人机验证配置 -# ============================================================================= -turnstile: - # Require Turnstile in release mode (when enabled, login/register will fail if not configured) - # 在 release 模式下要求 Turnstile 验证(启用后,若未配置则登录/注册会失败) - required: false - -# ============================================================================= -# Gemini OAuth (Required for Gemini accounts) -# Gemini OAuth 配置(Gemini 账户必需) -# ============================================================================= -# Sub2API supports TWO Gemini OAuth modes: -# Sub2API 支持两种 Gemini OAuth 模式: -# -# 1. Code Assist OAuth (requires GCP project_id) -# 1. Code Assist OAuth(需要 GCP project_id) -# - Uses: cloudcode-pa.googleapis.com (Code Assist API) -# - 使用:cloudcode-pa.googleapis.com(Code Assist API) -# -# 2. AI Studio OAuth (no project_id needed) -# 2. AI Studio OAuth(不需要 project_id) -# - Uses: generativelanguage.googleapis.com (AI Studio API) -# - 使用:generativelanguage.googleapis.com(AI Studio API) -# -# Default: Uses Gemini CLI's public OAuth credentials (same as Google's official CLI tool) -# 默认:使用 Gemini CLI 的公开 OAuth 凭证(与 Google 官方 CLI 工具相同) -gemini: - oauth: - # Gemini CLI public OAuth credentials (works for both Code Assist and AI Studio) - # Gemini CLI 公开 OAuth 凭证(适用于 Code Assist 和 AI Studio) - client_id: "681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com" - client_secret: "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" - # Optional scopes (space-separated). Leave empty to auto-select based on oauth_type. - # 可选的权限范围(空格分隔)。留空则根据 oauth_type 自动选择。 - scopes: "" - quota: - # Optional: local quota simulation for Gemini Code Assist (local billing). - # 可选:Gemini Code Assist 本地配额模拟(本地计费)。 - # These values are used for UI progress + precheck scheduling, not official Google quotas. - # 这些值用于 UI 进度显示和预检调度,并非 Google 官方配额。 - tiers: - LEGACY: - # Pro model requests per day - # Pro 模型每日请求数 - pro_rpd: 50 - # Flash model requests per day - # Flash 模型每日请求数 - flash_rpd: 1500 - # Cooldown time (minutes) after hitting quota - # 达到配额后的冷却时间(分钟) - cooldown_minutes: 30 - PRO: - # Pro model requests per day - # Pro 模型每日请求数 - pro_rpd: 1500 - # Flash model requests per day - # Flash 模型每日请求数 - flash_rpd: 4000 - # Cooldown time (minutes) after hitting quota - # 达到配额后的冷却时间(分钟) - cooldown_minutes: 5 - ULTRA: - # Pro model requests per day - # Pro 模型每日请求数 - pro_rpd: 2000 - # Flash model requests per day (0 = unlimited) - # Flash 模型每日请求数(0 = 无限制) - flash_rpd: 0 - # Cooldown time (minutes) after hitting quota - # 达到配额后的冷却时间(分钟) - cooldown_minutes: 5