/api/status never returned `register_enabled` or `password_register_enabled`,
so the sign-in page had no way to react when an admin disabled registration.
The "Sign up" link was only gated on `self_use_mode_enabled`, which is a
separate and unrelated concept (single-user vs. multi-user deployment).
Result: toggling "Registration Enabled" in admin settings had no visible
effect on the login page — users could still see the sign-up link even when
registration was disabled, and could not see it even when it was enabled
(if the system happened to be in self-use mode from initial setup).
Fix:
- Add `register_enabled` and `password_register_enabled` to GetStatus()
- Gate the "Sign up" link on `register_enabled !== false` in addition to
the existing `!self_use_mode_enabled` check
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
The "Send reset email" button was missing type="submit", preventing
form submission when clicked. All other auth forms (sign-in, sign-up,
OTP) already have this attribute set correctly.
Closes#4793
* chore(dev): add local setup state reset target
- add a reset-setup make target to clear setup records, root users, and related options.
- support both docker dev PostgreSQL and local SQLite development databases.
- restart the docker dev backend so setup status is recalculated after reset.
* fix(chat): prevent preset menu text overflow
- add truncation layout for chat preset names to keep long labels inside the sidebar menu.
- prevent loading and external-link icons from shrinking in constrained menu rows.
* fix(i18n): translate dashboard granularity options
- call t() for granularity option labels in dashboard system settings.
- keep localized text consistent between the select trigger and dropdown items.
* chore(dev): add backend dev service rebuild target
- add a dev-api-rebuild make target to rebuild and start the docker backend service.
- reuse DEV_COMPOSE_FILE and DEV_BACKEND_SERVICE variables to avoid repeated compose config literals.
* fix(i18n): align interface language option labels
- add shared interface language options to keep display names consistent.
- reuse the shared options in the header switcher and profile preferences.
- normalize language codes so zh-CN and zh_CN resolve to Simplified Chinese.
* fix(i18n): add missing frontend translation keys
- route channel key prompts, form validation messages, and channel fallback text through i18n.
- add missing translations across six locales for channels, rankings, billing, and logs.
- update i18n sync reports so literal t() keys are present in the base locale.
When users filter channels by group without entering a search keyword,
the frontend calls GetAllChannels (GET /api/channel/) instead of
SearchChannels. However, GetAllChannels did not process the group
query parameter, causing the filter to have no effect.
Added group filtering logic to GetAllChannels for both normal mode
and tag mode, using the same CONCAT/|| pattern as SearchChannels
for cross-database compatibility (MySQL, PostgreSQL, SQLite).
- Add singleSelect to status/role filters in API keys, users, and redemptions tables (#4880)
- Fix affiliate link 404 by changing /register to /sign-up (#4893)
- Open FetchModelsDialog in channel creation mode via customFetcher prop (#4817)
- Add TruncatedText component with tooltip for long channel names, token names, and usernames (#4877)
- Elevate forgot-password link z-index to prevent label click interception (#4898)
When proxying through another new-api instance, the upstream
X-Oneapi-Request-Id was overwriting the local one in client responses.
This adds a new `upstream_request_id` field to the logs table, captures
the upstream ID during relay, and filters it from being copied back to
the client. Frontend gains search/filter and detail display support.
* fix: theme-aware payment paths, auto-group validation, route guards, perf group filtering
- Add common.ThemeAwarePath to generate correct redirect URLs based on
active theme (default vs classic), replacing hardcoded /console/* paths
in 7 controllers and service/quota.go (#4765)
- Validate auto-group availability against getUserGroups before defaulting
form values; playground falls back to 'default' group when 'auto' is
unavailable (#4796, #4799)
- Enforce HeaderNavModules settings in rankings route (frontend + backend
API) and SidebarModulesAdmin in playground route to block direct URL
access when features are disabled (#4704, #4512)
- Filter perf_metrics API response to only include currently configured
groups, hiding stale data from deleted groups (#4790)
- Preserve query params (pay=success/fail) in /console/topup → /wallet
frontend redirect
* fix: update hero section text and localization strings for clarity
fix(ui): add onSelect compat wrapper for DropdownMenuItem
Bridges Base UI DropdownMenu with Radix-style onSelect so existing consumers work without migration.
fix(web/default): use getUserGroups for ratio display to respect GroupGroupRatio
Unifies admin/user ratio display so API key list matches the actual billing ratio.
fix(wallet): read topup gateway flags from topupInfo instead of status
Fixes#4632 — subscription purchase modal wrongly said online payment not enabled.
Add a Bun script to apply and normalize AGPL copyright headers across the default frontend source files.
The script keeps headers idempotent, upgrades existing headers to the 2023-2026 QuantumNous range, and is exposed through `bun run copyright` for future maintenance.
Add a shared `performance-metrics` feature module for perf metric APIs, DTOs, and formatting, then surface global 24h model performance on the dashboard with cards and a top-model table.
Reuse the shared metrics module from pricing model details, remove duplicated perf API/formatting code from pricing, and add localized labels for the new dashboard performance UI.
PostgreSQL raises 'column reference is ambiguous' (SQLSTATE 42702) on
ON CONFLICT DO UPDATE because unqualified column names match both the
target row and EXCLUDED. Prefix with the table name so the existing
value is referenced unambiguously. Compatible with MySQL and SQLite.
Closes#4683
Signed-off-by: SAY-5 <SAY-5@users.noreply.github.com>
Rename the layout branding component to reflect that it displays the system identity rather than switching workspaces. Update header usage and layout exports, and remove the now-unused workspace data dependency.
Refresh the overview page with an actionable Get Started guide, live API request details, real usage sparklines, and OpenAI-inspired dashboard panels. Add collapsible setup state, role-aware quick actions, and localized copy so returning users can focus on platform health.
Add a batched performance summary API for model square cards and show compact latency, throughput, and status metrics without increasing card size. Also fix OTP verification form submission.
Move top_up_link out of the public GetStatus endpoint into the
authenticated GetTopUpInfo endpoint. Update classic frontend to
read topup_link from the topup info response instead of status.
Also add mailto links in SECURITY.md.
close#4582
Uncoordinated bulk vulnerability submissions have caused significant
disruption. Added a prominent notice requiring prior coordination for
bulk reports, with clear consequences: closure without review and
potential blocking of repeated offenders.
