oadmin/xinghuoapi
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
1,793 Commits 1 Branch 0 Tags
39ca192c41ea8e040aee99b015b7761bec6964d1
Commit Graph

1793 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
erio
39ca192c41 feat(admin): add create-and-redeem API and payment integration docs 2026-03-01 00:42:21 +08:00
shaw
f7fa71bc28 fix: 将 README 中 Codex WS 配置迁移至使用密钥弹窗 
- 移除 README.md / README_CN.md 中的 Codex CLI WebSocket v2 配置示例
- UseKeyModal OpenAI 分组新增 "Codex CLI (WebSocket)" tab,区分普通模式与 WS 模式
- 普通模式 config.toml 不含 WebSocket 字段,WS 模式包含 supports_websockets 和 features 配置
- 所有配置统一使用 sub2api 作为 model_provider 名称
 2026-02-28 23:35:31 +08:00
shaw
fbfbb26fd2 fix(ci): 将 gosec 集成到 golangci-lint 解决安全扫描超时 
standalone gosec 扫描 24 万行 Go 代码在 CI 中持续超时,
将其作为 golangci-lint 的内置 linter 运行,复用 AST 解析和缓存大幅提速。

- 在 .golangci.yml 中启用 gosec 并迁移原有排除规则
- golangci-lint timeout 从 5m 提升到 30m
- 从 security-scan.yml 移除 standalone gosec 步骤
- 删除不再需要的 .gosec.json 配置文件
 2026-02-28 23:12:38 +08:00
Wesley Liddick
493bd188d5 Merge pull request #680 from alfadb/fix/ops-normalize-nil-error-type 
fix(ops): validate error_type against known whitelist before classification
 2026-02-28 22:39:32 +08:00
Wesley Liddick
9fd95df5cf Merge pull request #679 from DaydreamCoding/feat/account-rpm-limit 
feat: 添加账号级别 RPM(每分钟请求数)限流功能
 2026-02-28 22:37:10 +08:00
shaw
54de3bf27a fix(ci): gosec 跳过自动生成的代码文件避免扫描超时 
为 gosec 添加 -exclude-generated 标志,跳过带有
"// Code generated" 注释的文件(如 wire_gen.go),
防止安全扫描因分析自动生成代码而超时。
 2026-02-28 22:30:53 +08:00
Wesley Liddick
4587c3e53e Merge pull request #670 from DaydreamCoding/feat/admin-apikey-group-update 
feat(admin): 添加管理员直接修改用户 API Key 分组的功能
 2026-02-28 22:20:29 +08:00
shaw
be18bc6fc3 chore: 恢复数据库迁移文件060和修正版本号 2026-02-28 22:02:01 +08:00
QTom
212cbbd3a2 fix: add missing rpmCache nil arg in sora_client_handler_test 2026-02-28 21:30:59 +08:00
QTom
6f9e690345 test(sora): 补充测试 stub 中缺失的 AddGroupToAllowedGroups 方法 
feat/admin-apikey-group-update 分支给 UserRepository 接口新增了
AddGroupToAllowedGroups 方法,需要在测试 stub 中补充实现以通过编译。
- sora_client_handler_test.go: stubUserRepoForHandler
- sora_generation_service_test.go: stubUserRepoForQuota
 2026-02-28 20:55:31 +08:00
QTom
115d06edf0 fix: 修复 gofmt 格式问题 2026-02-28 20:38:35 +08:00
QTom
e135435ce2 fix: sync test constructor calls with new rpmCache parameter 
Add missing nil argument for rpmCache to NewAccountHandler (5 sites)
and NewGatewayService (2 sites) after RPM feature expanded their
signatures.
 2026-02-28 20:38:35 +08:00
QTom
cd09adc3cc fix: add sanitizeExtraBaseRPM to BatchCreate handler 
Ensures base_rpm validation (clamp 0-10000) is consistent across
all four account mutation paths: Create, Update, BulkUpdate, BatchCreate.
 2026-02-28 20:38:06 +08:00
QTom
2491e9b5ad fix: round-3 review fixes for RPM limiting 
- Add sanitizeExtraBaseRPM to BulkUpdate handler (was missing)
- Add WindowCost scheduling checks to legacy non-sticky selection
  paths (4 sites), matching existing sticky + load-aware coverage
- Export ParseExtraInt from service package, remove duplicate
  parseExtraIntForValidation from admin handler
 2026-02-28 20:38:06 +08:00
QTom
e63c83955a fix: address deep code review issues for RPM limiting 
- Move IncrementRPM after Forward success to prevent phantom RPM
  consumption during account switch retries
- Add base_rpm input sanitization (clamp to 0-10000) in Create/Update
- Add WindowCost scheduling checks to legacy path sticky sessions
  (4 check sites + 4 prefetch sites), fixing pre-existing gap
- Clean up rpm_strategy/rpm_sticky_buffer when disabling RPM in
  BulkEditModal (JSONB merge cannot delete keys, use empty values)
- Add json.Number test cases to TestGetBaseRPM/TestGetRPMStickyBuffer
- Document TOCTOU race as accepted soft-limit design trade-off
 2026-02-28 20:38:06 +08:00
QTom
4b72aa33f3 fix: add enableRpmLimit to hasAnyFieldEnabled check in BulkEditModal 
Without this, submitting a bulk edit with only RPM changes would be
rejected as "no fields selected".
 2026-02-28 20:37:37 +08:00
QTom
ff9683b0fc fix: move RPM prefetch before routing segment in legacy/mixed paths 
Ensures isAccountSchedulableForRPM calls within the routing segment
hit the prefetch cache instead of querying Redis individually.
 2026-02-28 20:37:37 +08:00
QTom
607237571f fix: address code review issues for RPM limiting feature 
- Use TxPipeline (MULTI/EXEC) instead of Pipeline for atomic INCR+EXPIRE
- Filter negative values in GetBaseRPM(), update test expectation
- Add RPM batch query (GetRPMBatch) to account List API
- Add warn logs for RPM increment failures in gateway handler
- Reset enableRpmLimit on BulkEditAccountModal close
- Use union type 'tiered' | 'sticky_exempt' for rpmStrategy refs
- Add design decision comments for rdb.Time() RTT trade-off
 2026-02-28 20:37:37 +08:00
QTom
28ca7df297 feat: add RPM display to AccountCapacityCell 2026-02-28 20:37:10 +08:00
QTom
856c955386 feat: add RPM config to CreateAccountModal 2026-02-28 20:37:10 +08:00
QTom
e1c9016d90 feat: add RPM config to EditAccountModal 2026-02-28 20:37:10 +08:00
QTom
953c5036bf feat: add RPM types and i18n translations 2026-02-28 20:37:10 +08:00
QTom
37fa980565 feat: flatten RPM config fields in Account DTO 2026-02-28 20:37:10 +08:00
QTom
f648b8e026 feat: increment RPM counter before request forwarding 2026-02-28 20:37:10 +08:00
QTom
678c3ae132 feat: integrate RPM scheduling checks into account selection flow 2026-02-28 20:37:10 +08:00
QTom
c1c31ed9b2 feat: wire RPMCache into GatewayService and AccountHandler 2026-02-28 20:35:38 +08:00
QTom
777be05348 feat: add RPMCache interface and Redis implementation with Lua scripts 2026-02-28 20:34:22 +08:00
QTom
0bb3e4a98c feat: add RPM getter methods and schedulability check to Account model 2026-02-28 20:34:22 +08:00
QTom
9a91815b94 feat(admin): 完整实现管理员修改用户 API Key 分组的功能 
## 核心功能
- 添加 AdminUpdateAPIKeyGroupID 服务方法,支持绑定/解绑/保持不变三态语义
- 实现 UserRepository.AddGroupToAllowedGroups 接口,自动同步专属分组权限
- 添加 HTTP PUT /api-keys/:id handler 端点,支持管理员直接修改 API Key 分组

## 事务一致性
- 使用 ent Tx 保证专属分组绑定时「添加权限」和「更新 Key」的原子性
- Repository 方法支持 clientFromContext,兼容事务内调用
- 事务失败时自动回滚,避免权限孤立

## 业务逻辑
- 订阅类型分组阻断,需通过订阅管理流程
- 非活跃分组拒绝绑定
- 负 ID 和非法 ID 验证
- 自动授权响应,告知管理员成功授权的分组

## 代码质量
- 16 个单元测试覆盖所有业务路径和边界用例
- 7 个 handler 集成测试覆盖 HTTP 层
- GroupRepo stub 返回克隆副本,防止测试间数据泄漏
- API 类型安全修复(PaginatedResponse<ApiKey>)
- 前端 ref 回调类型对齐 Vue 规范

## 国际化支持
- 中英文提示信息完整
- 自动授权成功/失败提示
 2026-02-28 20:18:14 +08:00
QTom
000e621eb6 feat(admin): 添加管理员直接修改用户 API Key 分组的功能 
- 新增 PUT /api/v1/admin/api-keys/:id 端点,允许管理员修改任意用户 API Key 的分组绑定
- 跳过用户级权限校验但保留分组有效性验证,修改后触发认证缓存失效
- Service 层支持三态语义:nil=不修改,0=解绑,>0=绑定,<0=拒绝
- 指针值拷贝保证安全隔离,负数 groupID 返回 400 INVALID_GROUP_ID
- 前端 UserApiKeysModal 新增可点击的分组选择下拉框,支持多 Key 并发更新
- 下拉支持视口翻转和滚动关闭,按钮有 disabled 和加载状态
- 覆盖:后端 20 个单元测试 (Service 11 + Handler 9) + 前端 16 个 E2E 测试
- golangci-lint 0 issues, make test-unit 全部通过
 2026-02-28 20:18:14 +08:00
alfadb
093d7ba858 fix(ops): use normalized error type for all classification functions 
- Compute normalizedType once and pass to classifyOpsPhase,
  classifyOpsSeverity, classifyOpsIsBusinessLimited, classifyOpsIsRetryable
  instead of raw parsed.ErrorType
- Add test case verifying known type takes precedence over conflicting code

Addresses Copilot review feedback on PR #680.
 2026-02-28 19:28:08 +08:00
alfadb
ce006a7a91 fix(ops): validate error_type against known whitelist before classification 
Upstream proxies (account 4, 112) return `"<nil>"` as the error.type in
their JSON responses — a Go fmt.Sprintf("%v", nil) artifact. Since
`normalizeOpsErrorType` only checked for empty string, the literal
"<nil>" passed through and poisoned the entire classification chain:
error_phase was misclassified as "internal" (instead of "request"),
severity was inflated to P2, and the stored error_type was meaningless.

Add `isKnownOpsErrorType` whitelist so any unrecognised type falls
through to the code-based or default "api_error" classification.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-28 19:28:08 +08:00
Wesley Liddick
9d795061af Merge pull request #682 from mt21625457/pr/all-code-sync-20260228 
feat(openai-ws): support websocket mode v2, optimize relay performance, enhance sora
 2026-02-28 19:11:40 +08:00
yangjianbo
1d1fc019dc fix(lint): resolve data management staticcheck warnings 2026-02-28 15:05:54 +08:00
yangjianbo
bb664d9bbf feat(sync): full code sync from release 2026-02-28 15:01:20 +08:00
Wesley Liddick
bfc7b339f7 Merge pull request #675 from wucm667/fix/gosec-timeout-exclude-ent-dir 
fix(ci): 修复 gosec 扫描因 ent 生成代码导致超时的问题
 2026-02-28 10:59:19 +08:00
wucm667
f30f8905ec fix(ci): 修复 gosec 扫描因 ent 生成代码导致超时的问题 
【问题描述】
backend-security CI job 持续运行约 6 小时后被 GitHub Actions 强制取消,
表现为 'Run gosec' 步骤挂起,最终以 cancelled 状态结束。

【根本原因】
gosec 对 ./... 执行 AST 静态分析时,包含了 ent/ 目录下的
自动生成文件(如 mutation.go 共 24800 行),导致分析时间
超出 GitHub Actions 默认的 6 小时上限。

【修复方案】
1. gosec 命令增加 -exclude-dir=ent 跳过自动生成代码目录
2. backend-security job 增加 timeout-minutes: 15,避免未来
   类似问题再次长时间卡死后才被发现

ent/ 目录内容全部由 Ent ORM 框架自动生成,开发者不直接编写,
不需要纳入人工安全审计范围,排除后不影响扫描有效性。
 2026-02-28 10:20:57 +08:00
Wesley Liddick
3bae525026 Merge pull request #650 from wucm667/feat/sync-page-title-on-locale-change 
feat(i18n): 切换语言时同步更新页面标题
 2026-02-27 19:48:36 +08:00
shaw
df00805a2a feat(frontend): 为管理端用量页面添加列显示设置 2026-02-27 19:41:26 +08:00
Wesley Liddick
a88ee96518 Merge pull request #665 from touwaeriol/fix/2k-image-default-pricing 
fix: add 2K image default pricing at 1.5x base price
 2026-02-27 19:20:44 +08:00
Wesley Liddick
3cc2f9bd57 Merge pull request #664 from wucm667/fix/account-priority-hint 
fix(frontend): add priority hint in edit account modal
 2026-02-27 19:19:36 +08:00
erio
d1b684b782 fix: add 2K image default pricing at 1.5x base price 
Previously 2K images used the same base price as 1K ($0.134).
Now 2K uses 1.5x multiplier ($0.201), consistent with 4K using 2x ($0.268).

- Backend: add 2K size branch in getDefaultImagePrice
- Frontend: update 2K placeholder from 0.134 to 0.201
- Tests: update assertions for new 2K default price
 2026-02-27 17:37:30 +08:00
wucm667
6460d4ad3a fix(frontend): add priority hint in edit account modal 2026-02-27 16:00:11 +08:00
Wesley Liddick
19ea392d5d Merge pull request #663 from touwaeriol/fix/update-antigravity-useragent-version 
fix: update antigravity user-agent version to 1.19.6
 2026-02-27 15:28:45 +08:00
Wesley Liddick
fb4d016176 Merge pull request #659 from touwaeriol/feature/gemini-3.1-flash-image 
feat: 新增 gemini-3.1-flash-image 支持,替代 gemini-3-pro-image
 2026-02-27 15:28:33 +08:00
erio
afec747d9e fix: update antigravity user-agent version to 1.19.6 
Update the default user-agent version from 1.18.4 to 1.19.6
to match the latest official antigravity client.
 2026-02-27 12:31:51 +08:00
erio
7388fcce41 fix: gofmt alignment in constants.go 2026-02-27 09:52:50 +08:00
erio
a6f9f9f968 feat: replace gemini-3-pro-image with gemini-3.1-flash-image 
- Add migration 060 to update model_mapping for all antigravity accounts
- Remove gemini-3-pro-image and gemini-3-pro-image-preview mappings
- Add gemini-3.1-flash-image and gemini-3.1-flash-image-preview mappings
- Update frontend usage window to show GImage for new model
- Update isImageGenerationModel to support new model
 2026-02-27 09:52:50 +08:00
Wesley Liddick
29759721e0 Merge pull request #651 from cagedbird043/pr/bulk-edit-platform-filter 
fix(frontend): 批量编辑添加跨平台模型映射警告与智能过滤
 2026-02-27 09:03:00 +08:00
Wesley Liddick
1941b20521 Merge pull request #657 from alfadb/fix/count-tokens-404-passthrough 
fix(gateway): count_tokens 不支持时返回 404 而非伪造的 200
 2026-02-27 08:42:46 +08:00