zfc/sub2api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,394 Commits 3 Branches 0 Tags
Commit Graph

2394 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
win
3673936cb3 fix: Node.js TLS 代理仅拦截 Anthropic 请求(DoWithTLS 路径)
Some checks failed
CI / test (push) Failing after 4s
Details
CI / golangci-lint (push) Failing after 4s
Details
Security Scan / backend-security (push) Failing after 4s
Details
Security Scan / frontend-security (push) Failing after 5s
Details 
- Do() 去掉 Node.js 代理拦截,Antigravity/Google 请求走原路径
- 只有 DoWithTLS 且 enableTLSFingerprint=true 时走 Node.js 代理
- 按平台分治:Anthropic → Node.js 原生 TLS,Google → 原有 uTLS/直连
 2026-03-22 02:25:40 +08:00
win
5d476fbc09 fix: 重写 proxy.js — 预收集 body + H1/H2 自适应,本地测试 4/4 通过
Some checks failed
CI / golangci-lint (push) Has been cancelled
Details
Security Scan / backend-security (push) Has been cancelled
Details
CI / test (push) Has been cancelled
Details
Security Scan / frontend-security (push) Has been cancelled
Details
2026-03-22 02:19:38 +08:00
win
88432f9438 feat: 智能 H1/H2 自适应 — 首次 H1 秒挂自动切 H2 并缓存
Some checks failed
CI / test (push) Failing after 3s
Details
CI / golangci-lint (push) Failing after 3s
Details
Security Scan / backend-security (push) Failing after 3s
Details
Security Scan / frontend-security (push) Failing after 3s
Details 
- 首次请求走 HTTP/1.1,如果 socket hang up < 2s 自动切 HTTP/2
- H2 主机缓存在内存中,后续请求直接走 H2(如 googleapis.com)
- H2 session 池复用 + 空闲超时自动清理
- 详细日志:proxy_request → proxy_response/error,含协议标识
- 解决 googleapis.com 强制 H2 导致请求失败的问题
 2026-03-22 02:06:10 +08:00
win
4ea945bb56 fix: 去掉 H2/ALPN 复杂度,回到纯 https.request + 动态主机 + 响应日志
Some checks failed
CI / test (push) Failing after 1m24s
Details
CI / golangci-lint (push) Failing after 4s
Details
Security Scan / backend-security (push) Failing after 4s
Details
Security Scan / frontend-security (push) Failing after 4s
Details
2026-03-22 02:03:19 +08:00
win
47066d4111 feat: Node.js TLS 代理支持 HTTP/2 + 动态主机路由
Some checks failed
CI / test (push) Failing after 1m32s
Details
CI / golangci-lint (push) Failing after 31s
Details
Security Scan / backend-security (push) Failing after 1m32s
Details
Security Scan / frontend-security (push) Failing after 32s
Details 
- proxy.js: 自动探测上游 ALPN (h2/http1.1),按需选择协议
- proxy.js: X-Forwarded-Host 动态路由,支持任意上游主机
- proxy.js: HTTP/2 session 缓存 + 空闲超时自动清理
- Go: 所有 HTTPS 上游请求统一走 Node.js 代理,无域名白名单
- 解决 googleapis.com 要求 HTTP/2 导致 socket hang up
 2026-03-22 01:49:30 +08:00
win
764623c7a0 fix: Node.js TLS 代理对所有 HTTPS 上游生效,去掉域名白名单
Some checks failed
CI / test (push) Has been cancelled
Details
CI / golangci-lint (push) Has been cancelled
Details
Security Scan / backend-security (push) Has been cancelled
Details
Security Scan / frontend-security (push) Has been cancelled
Details 
- 移除 proxy_hosts 白名单限制和 shouldRouteViaNodeProxy
- 所有 HTTPS 上游请求统一走 Node.js 代理
- 通过 X-Forwarded-Host 动态识别目标主机
- Anthropic / Gemini / 任意上游自动适配
- 移除诊断日志(已定位问题)
 2026-03-22 01:42:44 +08:00
win
c179c348c6 diag: 在 DoWithTLS 路径也添加诊断日志
Some checks failed
CI / test (push) Has been cancelled
Details
CI / golangci-lint (push) Has been cancelled
Details
Security Scan / backend-security (push) Has been cancelled
Details
Security Scan / frontend-security (push) Has been cancelled
Details
2026-03-22 01:39:55 +08:00
win
fbcaab03da fix: Node.js TLS 代理按 proxy_hosts 白名单过滤 + 诊断日志
Some checks failed
CI / test (push) Has been cancelled
Details
CI / golangci-lint (push) Has been cancelled
Details
Security Scan / backend-security (push) Has been cancelled
Details
Security Scan / frontend-security (push) Has been cancelled
Details 
- 新增 proxy_hosts 配置:可配置需要走 Node.js 代理的主机列表
- 默认仅代理 api.anthropic.com,Gemini/Sora 走原路径
- 添加 warn 级别诊断日志,输出请求的 scheme/host/hostname/should_route
- 用于定位 Anthropic 请求未命中 Node.js 代理的原因
 2026-03-22 01:36:12 +08:00
win
c6a282c2e7 fix: Node.js TLS 代理按主机白名单过滤,Gemini 走原路径
Some checks failed
CI / test (push) Failing after 6m40s
Details
Security Scan / backend-security (push) Has been cancelled
Details
Security Scan / frontend-security (push) Has been cancelled
Details
CI / golangci-lint (push) Failing after 19m50s
Details 
- 新增 proxy_hosts 配置:白名单内的主机走 Node.js 代理
- 默认仅代理 api.anthropic.com
- Gemini/Sora 等非 Anthropic 请求自动走原有 uTLS 路径
- 解决 Gemini 请求经 Node.js 代理后 socket hang up 的问题
 2026-03-22 01:15:56 +08:00
win
5c587c1095 fix: Node.js TLS 代理动态识别上游主机
Some checks failed
CI / test (push) Has been cancelled
Details
CI / golangci-lint (push) Has been cancelled
Details
Security Scan / backend-security (push) Has been cancelled
Details
Security Scan / frontend-security (push) Has been cancelled
Details 
- Go: 通过 X-Forwarded-Host 传递原始目标主机给 Node.js 代理
- Node.js: 读取 X-Forwarded-Host 动态连接到正确的上游主机
- 所有 HTTPS 上游请求统一走代理,不再固定绑定 api.anthropic.com
- Gemini/Sora 等不同上游自动识别,无需手动配置
 2026-03-22 01:09:39 +08:00
win
2fff535bcd fix: Node.js TLS 代理对所有 HTTPS 上游请求生效
Some checks failed
CI / golangci-lint (push) Has been cancelled
Details
Security Scan / backend-security (push) Has been cancelled
Details
Security Scan / frontend-security (push) Has been cancelled
Details
CI / test (push) Has been cancelled
Details 
Do() 方法新增 Node.js 代理检查,不再依赖账号级 TLS 指纹开关。
当 node_tls_proxy.enabled=true 时,所有 HTTPS 上游请求统一走
Node.js 代理,确保 JA3/JA4 指纹一致。
 2026-03-22 01:01:38 +08:00
win
a72ba424cc feat: Node.js TLS 指纹代理 + 网络隔离防泄露
Some checks failed
CI / test (push) Failing after 1m32s
Details
CI / golangci-lint (push) Failing after 33s
Details
Security Scan / backend-security (push) Failing after 32s
Details
Security Scan / frontend-security (push) Failing after 32s
Details 
- 新增 Node.js TLS Forward Proxy (tools/node-tls-proxy/)
  原生 Node.js TLS 栈发起上游 HTTPS,JA3/JA4 天然匹配 Claude CLI
  SSE 流式透传,支持上游 HTTP CONNECT 代理
  零依赖,Node.js 24.13.0 锁定版本

- Go 集成 (config.go + http_upstream.go)
  新增 NodeTLSProxyConfig 配置
  DoWithTLS 优先走 Node.js 代理模式,URL 重写 https→http://localhost:3456

- Docker 网络隔离 (docker-compose.tls-proxy.yml)
  sub2api 容器仅 internal 网络,物理隔离外网
  node-tls-proxy 唯一出站通道,IPv6 内核级禁用

- iptables 防泄露脚本 (tools/firewall/)
  QUIC/UDP 443 全局 DROP,仅 nodeproxy 用户可出站 TCP 443

- 镜像切换为 zfc931912343/ 仓库
 2026-03-22 00:18:43 +08:00
Wesley Liddick
bda7c39e55
Merge pull request #1196 from Eilen6316/fix/settings-form-url-validation 
fix: prevent silent save failure in admin settings form
 2026-03-21 20:55:23 +08:00
Wesley Liddick
3583283ebb
Merge pull request #1197 from mutuyihao/fix/apicompat-array-content 
fix(apicompat): support array content for system and tool messages
 2026-03-21 20:53:27 +08:00
mutuyihao
4feacf2213 fix(apicompat): support array content for system and tool messages 2026-03-21 15:34:28 +08:00
Eilen6316
73eb731881 fix: prevent silent save failure in admin settings form 
The settings form contains multiple <input type="url"> fields that lack
a name attribute. When a field value fails browser URL validation, the
browser silently blocks form submission without showing an error — no
network request is made, and the user sees no feedback.

Root cause: HTML5 form validation requires a focusable element with a
name attribute to surface errors. Without it, validation fails silently.

Fix:
- Add novalidate to the <form> to disable browser-native URL validation
- Add an isValidHttpUrl() helper in saveSettings() to replicate the
  same checks the backend performs
- Optional URL fields (frontend_url, doc_url): auto-clear invalid values
  instead of blocking the save, matching backend behaviour (these fields
  accept empty string without error)
- purchase_subscription_url: block save with a clear error message when
  enabled + invalid; auto-clear when disabled to prevent the backend 400
  "Purchase Subscription URL must be an absolute http(s) URL" error

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-21 15:03:18 +08:00
Wesley Liddick
186e36752d
Merge pull request #1194 from Ethan0x0000/feat/requested-upstream-model-semantics 
feat(usage): 统一使用记录中的请求模型与上游模型语义
 2026-03-21 14:02:10 +08:00
Wesley Liddick
421728a985
Merge pull request #1193 from xilu0/worktree-fix-thinking-block-log-level 
fix: correct log levels for thinking block signature retry flow
 2026-03-21 13:57:30 +08:00
Wesley Liddick
39a5701184
Merge pull request #1182 from DaydreamCoding/fix/ops-alert-wg-race-and-context-leak 
fix(ops_alert): wg.Add 竞态修复 + leader lock release context 泄漏
 2026-03-21 13:52:14 +08:00
Ethan0x0000
27948c777e fix(dto): fallback to legacy model in usage mapping 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-03-21 11:10:40 +08:00
Dave King
c64ed46d05 fix: correct log levels for thinking block signature retry flow 
LegacyPrintf uses inferStdLogLevel() to infer log level from message
text. Any message containing the word "error" is classified as ERROR
level, causing the entire signature-retry recovery flow (which succeeds)
to produce spurious ERROR log entries.

Changes:
- Remove noisy [SignatureCheck] debug logs inside isThinkingBlockSignatureError
  that were logging every detected signature check as ERROR
- Change retry-start log to WARN level via [warn] prefix
- Change retry-success log to INFO level by removing "error" from message

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-21 00:38:07 +00:00
Ethan0x0000
c64465ff7e test(frontend): align admin usage typing with upstream model 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-03-21 01:26:03 +08:00
Ethan0x0000
095200bd16 refactor(dto): split admin usage upstream model exposure 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-03-21 01:25:34 +08:00
Ethan0x0000
2c667a159c fix(provider): retain upstream model for gemini compat and ws 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-03-21 01:24:59 +08:00
Ethan0x0000
bac408044f fix(provider): preserve requested model in antigravity and sora 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-03-21 01:24:30 +08:00
Ethan0x0000
4edcfe1f7c fix(usage): preserve requested model in gateway billing paths 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-03-21 01:23:54 +08:00
Ethan0x0000
9259dcb6f5 test(repo): cover requested model repository semantics 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-03-21 01:23:20 +08:00
Ethan0x0000
7ef933c7cf feat(repo): persist requested model in usage log queries 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-03-21 01:22:49 +08:00
Ethan0x0000
7d312822c1 feat(usage): add requested model usage metadata helpers 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-03-21 01:22:16 +08:00
Ethan0x0000
1b3e5c6ea6 chore(go): sync backend go.sum 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-03-21 01:21:48 +08:00
Ethan0x0000
efe8401e92 chore(ent): regenerate usage log requested model artifacts 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-03-21 01:21:21 +08:00
Ethan0x0000
0b845c2532 feat(ent): add requested model to usage log schema 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-03-21 01:20:56 +08:00
Ethan0x0000
fe60412a17 feat(db): add requested model usage log migrations 
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
 2026-03-21 01:20:23 +08:00
QTom
5c39e6f2fb fix(ops_alert): wg.Add 竞态修复 + leader lock release context 泄漏 
1. Start() 中 wg.Add(1) 从 run() goroutine 内部移到 go s.run() 之前,
   防止 Stop().wg.Wait() 在 Add 之前返回导致孤儿 goroutine。
2. tryAcquireLeaderLock 返回的 release 闭包改用独立的
   context.Background()+5s 超时,避免捕获的 evaluateOnce ctx
   在 defer 执行时已过期导致锁释放失败(最长阻塞 90s TTL)。
 2026-03-20 18:22:00 +08:00
Wesley Liddick
a225a241d7
Merge pull request #1162 from remxcode/main 
feat(openai): 增加 gpt-5.4-mini/nano 模型支持与定价配置
 2026-03-20 13:57:47 +08:00
Wesley Liddick
553a486d17
Merge pull request #1171 from wucm667/fix/quota-display-stale-after-reset 
fix: quota display shows stale cumulative usage after daily/weekly reset
 2026-03-20 13:54:18 +08:00
Wesley Liddick
c73374a221
Merge pull request #1176 from learnerLj/fix-bugs 
fix: 修复 OpenAI 转发路径未应用分组默认模型映射
 2026-03-20 13:53:20 +08:00
Wesley Liddick
94e26dee4f
Merge pull request #1172 from alfadb/fix/openai-messages-effort-max-to-xhigh 
fix(apicompat): 修正 Anthropic→OpenAI 推理级别映射
 2026-03-20 13:48:41 +08:00
Jiahao Luo
4617ef2bb8 Fix OpenAI default model forwarding 2026-03-20 13:36:54 +08:00
alfadb
8afa8c1091 fix(apicompat): 修正 Anthropic→OpenAI 推理级别映射 
旧映射错误地将所有级别上移一档(medium→high, high→xhigh),
导致 effort=max 被原样透传到 OpenAI 上游并返回 400 错误。

根据两边官方 API 定义对齐:
- Anthropic: low, medium, high(默认), max
- OpenAI:    low, medium, high(默认), xhigh

新的 1:1 映射:low→low, medium→medium, high→high, max→xhigh
 2026-03-20 12:01:02 +08:00
Remx
578608d301 fix: format gpt-5.4 mini fallback pricing 2026-03-20 10:54:50 +08:00
wucm667
0d45d8669e fix: quota display shows stale cumulative usage after daily/weekly reset 
The quota reset mechanism is lazy — quota_daily_used/quota_weekly_used
in the database are only reset on the next IncrementQuotaUsed call.
The scheduling layer (IsQuotaExceeded) correctly checks period expiry
before enforcing limits, so the account remains usable. However, the
API response mapper reads the raw DB value without checking expiry,
causing the frontend to display cumulative usage (e.g. 110%) even
after the reset period has passed.

Add IsDailyQuotaPeriodExpired/IsWeeklyQuotaPeriodExpired methods and
use them in the mapper to return used=0 when the period has expired.
 2026-03-20 10:22:54 +08:00
github-actions[bot]
94bba415b1 chore: sync VERSION to 0.1.104 [skip ci] 2026-03-20 01:31:30 +00:00
shaw
4f7629a4cb fix: add max_claude_code_version to API contract test expected output 2026-03-20 09:17:32 +08:00
Wesley Liddick
4015f31f28
Merge pull request #1157 from LvyuanW/fix-bulk-model-restriction-empty 
fix: allow clearing model restriction in bulk edit when whitelist is empty
 2026-03-20 09:13:44 +08:00
Wesley Liddick
9dccbe1b07
Merge pull request #1169 from touwaeriol/pr/credits-exhausted-fix 
fix(antigravity): correctly mark credits exhausted on "Resource has been exhausted" 429
 2026-03-20 09:12:55 +08:00
Wesley Liddick
9a88df7f28
Merge pull request #1167 from touwaeriol/pr/proxy-fast-fail 
fix(antigravity): fast-fail on proxy unavailable, temp-unschedule account
 2026-03-20 09:12:39 +08:00
Wesley Liddick
a47f622e7e
Merge pull request #1159 from JerryFan626/fix/docker-compose-to-docker-compose-v2 
docs: update docker-compose commands to Docker Compose V2 syntax
 2026-03-20 09:12:14 +08:00
Wesley Liddick
3529148455
Merge pull request #1151 from DaydreamCoding/feat/admin-user-group-filter 
feat(admin): 用户管理新增分组列、分组筛选与专属分组一键替换
 2026-03-20 09:10:38 +08:00
shaw
01d8286bd9 feat: add max_claude_code_version setting and disable auto-upgrade env var 
Add maximum Claude Code version limit to complement the existing minimum
version check. Refactor the version cache from single-value to unified
bounds struct (min+max) with a single atomic.Value and singleflight group.

- Backend: new constant, struct field, cache refactor, validation (semver
  format + cross-validation max >= min), gateway enforcement, audit diff
- Frontend: settings UI input, TypeScript types, zh/en i18n
- Add CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1 to all Claude Code
  tutorials on /keys page (unix/cmd/powershell/vscode settings.json)
 2026-03-20 09:10:01 +08:00