CaIon
0a8055286b
fix: 修复 BillingSession 多个边界问题
...
- Settle 部分失败保护:新增 fundingSettled 标记,资金来源提交后
令牌调整失败不再导致 Refund 误退已结算的资金
- 订阅多扣费修复:trySubscription 传 subConsume 而非 preConsumedQuota
给 preConsume,保证三者(amount/preConsume/FinalPreConsumedQuota)一致
- 令牌回滚错误记录:preConsume 中 funding 失败时令牌回滚错误不再丢弃
- 移除钱包路径死代码:用户额度不足的 strings.Contains 匹配不可能命中
- WalletFunding.Refund 不重试:IncreaseUserQuota 非幂等,重试会多退
2026-02-06 23:41:51 +08:00
CaIon
116004fd44
refactor: 抽象统一计费会话 BillingSession
...
将散落在多个文件中的预扣费/结算/退款逻辑抽象为统一的 BillingSession 生命周期管理:
- 新增 BillingSettler 接口 (relay/common/billing.go) 避免循环引用
- 新增 FundingSource 接口 + WalletFunding / SubscriptionFunding 实现 (service/funding_source.go)
- 新增 BillingSession 封装预扣/结算/退款原子操作 (service/billing_session.go)
- 新增 SettleBilling 统一结算辅助函数,替换各 handler 中的 quotaDelta 模式
- 重写 PreConsumeBilling 为 BillingSession 工厂入口
- controller/relay.go 退款守卫改用 BillingSession.Refund()
修复的 Bug:
- 令牌额度泄漏:PreConsumeTokenQuota 成功但 DecreaseUserQuota 失败时未回滚
- 订阅退款遗漏:FinalPreConsumedQuota=0 但 SubscriptionPreConsumed>0 时跳过退款
- 订阅多扣费:subConsume 强制为 1 但 FinalPreConsumedQuota 不同步
- 退款路径不统一:钱包/订阅退款逻辑现统一由 FundingSource.Refund 分派
2026-02-06 23:14:25 +08:00
Calcium-Ion
3576036709
Merge pull request #2876 from seefs001/fix/json_schema
...
fix: /v1/chat/completions -> /v1/responses json_schema
2026-02-06 23:08:49 +08:00
Seefs
acd7fc9d89
fix: /v1/chat/completions -> /v1/responses json_schema
2026-02-06 23:03:58 +08:00
Seefs
4455058754
fix: auto default codex to /v1/responses without overriding user-selected endpoint
2026-02-06 22:08:55 +08:00
Seefs
0c0b69a31a
feat: channel test stream
2026-02-06 21:57:38 +08:00
CaIon
5cf788f1bf
refactor: enhance API security with read-only token authentication and improved rate limiting
2026-02-06 21:26:26 +08:00
MUTED64
2f867bc299
feat: Force beta=true parameter for Anthropic channel
2026-02-06 21:22:39 +08:00
QuentinHsu
725473d3d5
feat(topup): hide subscription plans card when no plans available
2026-02-06 20:27:25 +08:00
CaIon
2ada935460
fix: update LIKE pattern sanitization for token search
...
Publish Docker image (Multi Registries, native amd64+arm64) / Build & push (amd64) [native] (push) Has been cancelled
Publish Docker image (Multi Registries, native amd64+arm64) / Build & push (arm64) [native] (push) Has been cancelled
Publish Docker image (Multi Registries, native amd64+arm64) / Create multi-arch manifests (Docker Hub) (push) Has been cancelled
- Change ESCAPE character from '\' to '!' for compatibility with MySQL/PostgreSQL/SQLite
- Adjust sanitization logic to escape '!' and '_' correctly, improving input validation for search queries
2026-02-06 19:52:35 +08:00
Seefs
8ef6089bf7
feat: make 5m cache-creation ratio configurable
2026-02-06 19:46:59 +08:00
CaIon
cb34e23918
chore: add fmt import for improved logging in token controller
Publish Docker image (Multi Registries, native amd64+arm64) / Build & push (amd64) [native] (push) Has been cancelled
Publish Docker image (Multi Registries, native amd64+arm64) / Build & push (arm64) [native] (push) Has been cancelled
Publish Docker image (Multi Registries, native amd64+arm64) / Create multi-arch manifests (Docker Hub) (push) Has been cancelled
2026-02-06 18:01:11 +08:00
Calcium-Ion
1bae8928fb
Merge commit from fork
...
fix: harden token search with pagination, rate limiting and input validation
2026-02-06 17:54:40 +08:00
CaIon
327cc5fa23
fix: harden token search with pagination, rate limiting and input validation
...
- Add configurable per-user token creation limit (max_user_tokens)
- Sanitize search input patterns to prevent expensive queries
- Add per-user search rate limiting (by user ID)
- Add pagination to search endpoint with strict page size cap
- Skip empty search fields instead of matching nothing
- Hide internal errors from API responses
- Fix Interface2String float64 formatting causing config parse failures
- Add float-string fallback in config system for int/uint fields
2026-02-06 17:52:19 +08:00
Calcium-Ion
96f9ff19df
Merge pull request #2863 from prnake/feat/claude-opus-4-6
...
Publish Docker image (Multi Registries, native amd64+arm64) / Build & push (amd64) [native] (push) Has been cancelled
Publish Docker image (Multi Registries, native amd64+arm64) / Build & push (arm64) [native] (push) Has been cancelled
Publish Docker image (Multi Registries, native amd64+arm64) / Create multi-arch manifests (Docker Hub) (push) Has been cancelled
feat: add claude-opus-4-6
2026-02-06 16:18:00 +08:00
Calcium-Ion
1113181a61
Merge commit from fork
...
🔒 fix(security): sanitize AI-generated HTML to prevent XSS in playground
2026-02-06 16:16:20 +08:00
Seefs
c3298a166d
fix max_output_token
2026-02-06 16:04:49 +08:00
Seefs
8f52072f53
feat: /v1/messages -> /v1/responses
2026-02-06 15:22:32 +08:00
t0ng7u
708b7bef50
🔒 fix(security): sanitize AI-generated HTML to prevent XSS in playground
...
Mitigate XSS vulnerabilities in the playground where AI-generated content
is rendered without sanitization, allowing potential script injection via
prompt injection attacks.
MarkdownRenderer.jsx:
- Replace dangerouslySetInnerHTML with a sandboxed iframe for HTML preview
- Use sandbox="allow-same-origin" to block script execution while allowing
CSS rendering and iframe height auto-sizing
- Add SandboxedHtmlPreview component with automatic height adjustment
CodeViewer.jsx:
- Add escapeHtml() utility to encode HTML entities before rendering
- Rewrite highlightJson() to process tokens iteratively, escaping each
token and structural text before wrapping in syntax highlighting spans
- Escape non-JSON and very-large content paths that previously bypassed
sanitization
- Update linkRegex to correctly match URLs containing & entities
These changes only affect the playground (AI output rendering). Admin-
configured content (home page, about page, footer, notices) remains
unaffected as they use separate code paths and are within the trusted
admin boundary.
2026-02-06 15:10:05 +08:00
Seefs
517b6ba50d
feat: gpt-5.3-codex
2026-02-06 14:47:23 +08:00
Seefs
d5f0ab01df
fix: add paragraph breaks between reasoning summary chunks in chat2responses stream
2026-02-06 14:46:29 +08:00
Papersnake
a872a1ede1
Merge branch 'feat/claude-opus-4-6' of https://github.com/prnake/new-api into feat/claude-opus-4-6
2026-02-06 11:59:14 +08:00
Papersnake
d75c8f331a
fix: set temperature to 1
2026-02-06 11:56:38 +08:00
Papersnake
e194b747c3
feat: support adaptive thinking
2026-02-06 11:01:23 +08:00
Papersnake
27825ec377
fix: aws claude
2026-02-06 09:51:15 +08:00
Papersnake
7ca072b1b0
feat: add claude-opus-4-6
2026-02-06 09:12:45 +08:00
CaIon
a9982ef244
Remove deprecated components and hooks
2026-02-05 23:04:49 +08:00
CaIon
d13fa74368
Update .gitattributes to enhance text file handling and mark additional file types for LF normalization and binary detection
2026-02-05 22:57:32 +08:00
CaIon
493dbd2acb
Add .gitattributes to mark frontend as vendored
2026-02-05 22:53:07 +08:00
CaIon
0e095d4ad8
feat(api): add 'cookie' to passthroughSkipHeaderNamesLower
Publish Docker image (Multi Registries, native amd64+arm64) / Build & push (amd64) [native] (push) Has been cancelled
Publish Docker image (Multi Registries, native amd64+arm64) / Build & push (arm64) [native] (push) Has been cancelled
Publish Docker image (Multi Registries, native amd64+arm64) / Create multi-arch manifests (Docker Hub) (push) Has been cancelled
2026-02-05 22:16:35 +08:00
CaIon
a5a7d92edd
refactor(oauth): update UpdateCustomOAuthProviderRequest to use pointers for optional fields
...
- Change fields in UpdateCustomOAuthProviderRequest struct to use pointers for optional values, allowing for better handling of nil cases.
- Update UpdateCustomOAuthProvider function to check for nil before assigning optional fields, ensuring existing values are preserved when not provided.
2026-02-05 22:03:30 +08:00
CaIon
a94142f603
fix(oauth): enhance error handling and transaction management for OAuth user creation and binding
...
- Improve error handling in DeleteCustomOAuthProvider to log and return errors when fetching binding counts.
- Refactor user creation and OAuth binding logic to use transactions for atomic operations, ensuring data integrity.
- Add unique constraints to UserOAuthBinding model to prevent duplicate bindings.
- Enhance GitHub OAuth provider error logging for non-200 responses.
- Update AccountManagement component to provide clearer error messages on API failures.
2026-02-05 21:48:05 +08:00
CaIon
17be836aa4
feat(oauth): implement custom OAuth provider management #1106
...
- Add support for custom OAuth providers, including creation, retrieval, updating, and deletion.
- Introduce new model and controller for managing custom OAuth providers.
- Enhance existing OAuth logic to accommodate custom providers.
- Update API routes for custom OAuth provider management.
- Include i18n support for custom OAuth-related messages.
2026-02-05 21:18:43 +08:00
CaIon
424595e620
feat(oauth): migrate GitHub user identification from login to numeric ID
2026-02-05 20:30:48 +08:00
CaIon
7801dc6762
refactor: unify OAuth providers with i18n support
...
- Introduce Provider interface pattern for standard OAuth protocols
- Create unified controller/oauth.go with common OAuth logic
- Add OAuthError type for translatable error messages
- Add i18n keys and translations (zh/en) for OAuth messages
- Use common.ApiErrorI18n/ApiSuccessI18n for consistent responses
- Preserve backward compatibility for existing routes and data
2026-02-05 20:21:38 +08:00
Seefs
5171070f7a
fix: Claude stream block index/type transitions
2026-02-05 19:32:26 +08:00
Seefs
574ee8a284
fix: Claude stream block index/type transitions
2026-02-05 19:11:58 +08:00
Calcium-Ion
eaee7a99d1
Merge pull request #2853 from QuantumNous/remove/claude-legacy-models
...
remove: drop support for claude-2 and claude-1 series models
2026-02-05 17:26:29 +08:00
CaIon
330e1e6395
remove: drop support for claude-2 and claude-1 series models
...
- Remove claude-instant-1.2, claude-2, claude-2.0, claude-2.1 from model lists
- Remove /v1/complete endpoint support (legacy completion API)
- Remove RequestModeCompletion and related code paths
- Simplify handler functions by removing requestMode parameter
- Update all channel adaptors that referenced claude handlers
2026-02-05 17:20:46 +08:00
Seefs
68f92903a3
fix: restore log content column
2026-02-05 16:59:53 +08:00
Seefs
e7c043d866
feat: add Codex channel disclaimer (i18n, OpenAI terms)
2026-02-05 16:36:52 +08:00
Calcium-Ion
3b1866b6af
Merge pull request #2848 from seefs001/fix/gemini-empty-responses-local-usage
...
fix: charge local input tokens when Gemini returns empty response
2026-02-05 16:24:23 +08:00
Seefs
99928bcfde
fix: charge local input tokens when Gemini returns empty response
2026-02-05 15:57:17 +08:00
Seefs
c70fa24ea4
Merge pull request #2826 from dahetaoa/fix-codex-and-sqlite
...
fix: optimize Codex relay
2026-02-05 13:43:09 +08:00
dahetaoa
b2d79ce4a7
fix(relay/codex): optimize headers and ensure instructions presence
2026-02-04 21:43:33 +00:00
Calcium-Ion
b3934e83e2
Merge pull request #2842 from QuantumNous/feat/backend-i18n
...
Publish Docker image (Multi Registries, native amd64+arm64) / Build & push (amd64) [native] (push) Has been cancelled
Publish Docker image (Multi Registries, native amd64+arm64) / Build & push (arm64) [native] (push) Has been cancelled
Publish Docker image (Multi Registries, native amd64+arm64) / Create multi-arch manifests (Docker Hub) (push) Has been cancelled
feat: backend i18n
2026-02-05 01:57:44 +08:00
Calcium-Ion
c5efbe47bf
Merge pull request #2840 from seefs001/feature/header-regex-override
...
feat: 支持基于Go Regex规则和全量的请求体透传
2026-02-05 01:56:27 +08:00
Calcium-Ion
4b07737fff
Merge pull request #2837 from seefs001/fix/chat2responses_reasoning
...
fix: map Responses reasoning stream to chat completion deltas
2026-02-05 01:56:12 +08:00
Calcium-Ion
59c30ff1e1
Merge pull request #2839 from QuantumNous/fix/sidebar-scroll-dvh
...
🐛 fix: sidebar scroll on mobile dynamic viewport
2026-02-05 01:46:32 +08:00
Calcium-Ion
492003dfad
Merge pull request #2838 from QuantumNous/fix/subscription-epay
...
✨ fix: Improve subscription payment handling and card layout consistency
2026-02-05 01:46:18 +08:00
