backend/internal/service/setting_service.go

package service

import (
	"context"
	"crypto/rand"
	"encoding/hex"
	"encoding/json"
	"errors"
	"fmt"
	"log/slog"
	"net/url"
	"strconv"
	"strings"
	"sync/atomic"
	"time"

	"github.com/Wei-Shaw/sub2api/internal/config"
	infraerrors "github.com/Wei-Shaw/sub2api/internal/pkg/errors"
	"golang.org/x/sync/singleflight"
)

var (
	ErrRegistrationDisabled   = infraerrors.Forbidden("REGISTRATION_DISABLED", "registration is currently disabled")
	ErrSettingNotFound        = infraerrors.NotFound("SETTING_NOT_FOUND", "setting not found")
	ErrSoraS3ProfileNotFound  = infraerrors.NotFound("SORA_S3_PROFILE_NOT_FOUND", "sora s3 profile not found")
	ErrSoraS3ProfileExists    = infraerrors.Conflict("SORA_S3_PROFILE_EXISTS", "sora s3 profile already exists")
	ErrDefaultSubGroupInvalid = infraerrors.BadRequest(
		"DEFAULT_SUBSCRIPTION_GROUP_INVALID",
		"default subscription group must exist and be subscription type",
	)
	ErrDefaultSubGroupDuplicate = infraerrors.BadRequest(
		"DEFAULT_SUBSCRIPTION_GROUP_DUPLICATE",
		"default subscription group cannot be duplicated",
	)
)

type SettingRepository interface {
	Get(ctx context.Context, key string) (*Setting, error)
	GetValue(ctx context.Context, key string) (string, error)
	Set(ctx context.Context, key, value string) error
	GetMultiple(ctx context.Context, keys []string) (map[string]string, error)
	SetMultiple(ctx context.Context, settings map[string]string) error
	GetAll(ctx context.Context) (map[string]string, error)
	Delete(ctx context.Context, key string) error
}

// cachedMinVersion 缓存最低 Claude Code 版本号（进程内缓存，60s TTL）
type cachedMinVersion struct {
	value     string // 空字符串 = 不检查
	expiresAt int64  // unix nano
}

// minVersionCache 最低版本号进程内缓存
var minVersionCache atomic.Value // *cachedMinVersion

// minVersionSF 防止缓存过期时 thundering herd
var minVersionSF singleflight.Group

// minVersionCacheTTL 缓存有效期
const minVersionCacheTTL = 60 * time.Second

// minVersionErrorTTL DB 错误时的短缓存，快速重试
const minVersionErrorTTL = 5 * time.Second

// minVersionDBTimeout singleflight 内 DB 查询超时，独立于请求 context
const minVersionDBTimeout = 5 * time.Second

// DefaultSubscriptionGroupReader validates group references used by default subscriptions.
type DefaultSubscriptionGroupReader interface {
	GetByID(ctx context.Context, id int64) (*Group, error)
}

// SettingService 系统设置服务
type SettingService struct {
	settingRepo           SettingRepository
	defaultSubGroupReader DefaultSubscriptionGroupReader
	cfg                   *config.Config
	onUpdate              func() // Callback when settings are updated (for cache invalidation)
	onS3Update            func() // Callback when Sora S3 settings are updated
	version               string // Application version
}

// NewSettingService 创建系统设置服务实例
func NewSettingService(settingRepo SettingRepository, cfg *config.Config) *SettingService {
	return &SettingService{
		settingRepo: settingRepo,
		cfg:         cfg,
	}
}

// SetDefaultSubscriptionGroupReader injects an optional group reader for default subscription validation.
func (s *SettingService) SetDefaultSubscriptionGroupReader(reader DefaultSubscriptionGroupReader) {
	s.defaultSubGroupReader = reader
}

// GetAllSettings 获取所有系统设置
func (s *SettingService) GetAllSettings(ctx context.Context) (*SystemSettings, error) {
	settings, err := s.settingRepo.GetAll(ctx)
	if err != nil {
		return nil, fmt.Errorf("get all settings: %w", err)
	}

	return s.parseSettings(settings), nil
}

// GetPublicSettings 获取公开设置（无需登录）
func (s *SettingService) GetPublicSettings(ctx context.Context) (*PublicSettings, error) {
	keys := []string{
		SettingKeyRegistrationEnabled,
		SettingKeyEmailVerifyEnabled,
		SettingKeyRegistrationEmailSuffixWhitelist,
		SettingKeyPromoCodeEnabled,
		SettingKeyPasswordResetEnabled,
		SettingKeyInvitationCodeEnabled,
		SettingKeyTotpEnabled,
		SettingKeyTurnstileEnabled,
		SettingKeyTurnstileSiteKey,
		SettingKeySiteName,
		SettingKeySiteLogo,
		SettingKeySiteSubtitle,
		SettingKeyAPIBaseURL,
		SettingKeyContactInfo,
		SettingKeyDocURL,
		SettingKeyHomeContent,
		SettingKeyHideCcsImportButton,
		SettingKeyPurchaseSubscriptionEnabled,
		SettingKeyPurchaseSubscriptionURL,
		SettingKeySoraClientEnabled,
		SettingKeyCustomMenuItems,
		SettingKeyLinuxDoConnectEnabled,
	}

	settings, err := s.settingRepo.GetMultiple(ctx, keys)
	if err != nil {
		return nil, fmt.Errorf("get public settings: %w", err)
	}

	linuxDoEnabled := false
	if raw, ok := settings[SettingKeyLinuxDoConnectEnabled]; ok {
		linuxDoEnabled = raw == "true"
	} else {
		linuxDoEnabled = s.cfg != nil && s.cfg.LinuxDo.Enabled
	}

	// Password reset requires email verification to be enabled
	emailVerifyEnabled := settings[SettingKeyEmailVerifyEnabled] == "true"
	passwordResetEnabled := emailVerifyEnabled && settings[SettingKeyPasswordResetEnabled] == "true"
	registrationEmailSuffixWhitelist := ParseRegistrationEmailSuffixWhitelist(
		settings[SettingKeyRegistrationEmailSuffixWhitelist],
	)

	return &PublicSettings{
		RegistrationEnabled:              settings[SettingKeyRegistrationEnabled] == "true",
		EmailVerifyEnabled:               emailVerifyEnabled,
		RegistrationEmailSuffixWhitelist: registrationEmailSuffixWhitelist,
		PromoCodeEnabled:                 settings[SettingKeyPromoCodeEnabled] != "false", // 默认启用
		PasswordResetEnabled:             passwordResetEnabled,
		InvitationCodeEnabled:            settings[SettingKeyInvitationCodeEnabled] == "true",
		TotpEnabled:                      settings[SettingKeyTotpEnabled] == "true",
		TurnstileEnabled:                 settings[SettingKeyTurnstileEnabled] == "true",
		TurnstileSiteKey:                 settings[SettingKeyTurnstileSiteKey],
		SiteName:                         s.getStringOrDefault(settings, SettingKeySiteName, "Sub2API"),
		SiteLogo:                         settings[SettingKeySiteLogo],
		SiteSubtitle:                     s.getStringOrDefault(settings, SettingKeySiteSubtitle, "Subscription to API Conversion Platform"),
		APIBaseURL:                       settings[SettingKeyAPIBaseURL],
		ContactInfo:                      settings[SettingKeyContactInfo],
		DocURL:                           settings[SettingKeyDocURL],
		HomeContent:                      settings[SettingKeyHomeContent],
		HideCcsImportButton:              settings[SettingKeyHideCcsImportButton] == "true",
		PurchaseSubscriptionEnabled:      settings[SettingKeyPurchaseSubscriptionEnabled] == "true",
		PurchaseSubscriptionURL:          strings.TrimSpace(settings[SettingKeyPurchaseSubscriptionURL]),
		SoraClientEnabled:                settings[SettingKeySoraClientEnabled] == "true",
		CustomMenuItems:                  settings[SettingKeyCustomMenuItems],
		LinuxDoOAuthEnabled:              linuxDoEnabled,
	}, nil
}

// SetOnUpdateCallback sets a callback function to be called when settings are updated
// This is used for cache invalidation (e.g., HTML cache in frontend server)
func (s *SettingService) SetOnUpdateCallback(callback func()) {
	s.onUpdate = callback
}

// SetOnS3UpdateCallback 设置 Sora S3 配置变更时的回调函数（用于刷新 S3 客户端缓存）。
func (s *SettingService) SetOnS3UpdateCallback(callback func()) {
	s.onS3Update = callback
}

// SetVersion sets the application version for injection into public settings
func (s *SettingService) SetVersion(version string) {
	s.version = version
}

// GetPublicSettingsForInjection returns public settings in a format suitable for HTML injection
// This implements the web.PublicSettingsProvider interface
func (s *SettingService) GetPublicSettingsForInjection(ctx context.Context) (any, error) {
	settings, err := s.GetPublicSettings(ctx)
	if err != nil {
		return nil, err
	}

	// Return a struct that matches the frontend's expected format
	return &struct {
		RegistrationEnabled              bool            `json:"registration_enabled"`
		EmailVerifyEnabled               bool            `json:"email_verify_enabled"`
		RegistrationEmailSuffixWhitelist []string        `json:"registration_email_suffix_whitelist"`
		PromoCodeEnabled                 bool            `json:"promo_code_enabled"`
		PasswordResetEnabled             bool            `json:"password_reset_enabled"`
		InvitationCodeEnabled            bool            `json:"invitation_code_enabled"`
		TotpEnabled                      bool            `json:"totp_enabled"`
		TurnstileEnabled                 bool            `json:"turnstile_enabled"`
		TurnstileSiteKey                 string          `json:"turnstile_site_key,omitempty"`
		SiteName                         string          `json:"site_name"`
		SiteLogo                         string          `json:"site_logo,omitempty"`
		SiteSubtitle                     string          `json:"site_subtitle,omitempty"`
		APIBaseURL                       string          `json:"api_base_url,omitempty"`
		ContactInfo                      string          `json:"contact_info,omitempty"`
		DocURL                           string          `json:"doc_url,omitempty"`
		HomeContent                      string          `json:"home_content,omitempty"`
		HideCcsImportButton              bool            `json:"hide_ccs_import_button"`
		PurchaseSubscriptionEnabled      bool            `json:"purchase_subscription_enabled"`
		PurchaseSubscriptionURL          string          `json:"purchase_subscription_url,omitempty"`
		SoraClientEnabled                bool            `json:"sora_client_enabled"`
		CustomMenuItems                  json.RawMessage `json:"custom_menu_items"`
		LinuxDoOAuthEnabled              bool            `json:"linuxdo_oauth_enabled"`
		Version                          string          `json:"version,omitempty"`
	}{
		RegistrationEnabled:              settings.RegistrationEnabled,
		EmailVerifyEnabled:               settings.EmailVerifyEnabled,
		RegistrationEmailSuffixWhitelist: settings.RegistrationEmailSuffixWhitelist,
		PromoCodeEnabled:                 settings.PromoCodeEnabled,
		PasswordResetEnabled:             settings.PasswordResetEnabled,
		InvitationCodeEnabled:            settings.InvitationCodeEnabled,
		TotpEnabled:                      settings.TotpEnabled,
		TurnstileEnabled:                 settings.TurnstileEnabled,
		TurnstileSiteKey:                 settings.TurnstileSiteKey,
		SiteName:                         settings.SiteName,
		SiteLogo:                         settings.SiteLogo,
		SiteSubtitle:                     settings.SiteSubtitle,
		APIBaseURL:                       settings.APIBaseURL,
		ContactInfo:                      settings.ContactInfo,
		DocURL:                           settings.DocURL,
		HomeContent:                      settings.HomeContent,
		HideCcsImportButton:              settings.HideCcsImportButton,
		PurchaseSubscriptionEnabled:      settings.PurchaseSubscriptionEnabled,
		PurchaseSubscriptionURL:          settings.PurchaseSubscriptionURL,
		SoraClientEnabled:                settings.SoraClientEnabled,
		CustomMenuItems:                  filterUserVisibleMenuItems(settings.CustomMenuItems),
		LinuxDoOAuthEnabled:              settings.LinuxDoOAuthEnabled,
		Version:                          s.version,
	}, nil
}

// filterUserVisibleMenuItems filters out admin-only menu items from a raw JSON
// array string, returning only items with visibility != "admin".
func filterUserVisibleMenuItems(raw string) json.RawMessage {
	raw = strings.TrimSpace(raw)
	if raw == "" || raw == "[]" {
		return json.RawMessage("[]")
	}
	var items []struct {
		Visibility string `json:"visibility"`
	}
	if err := json.Unmarshal([]byte(raw), &items); err != nil {
		return json.RawMessage("[]")
	}

	// Parse full items to preserve all fields
	var fullItems []json.RawMessage
	if err := json.Unmarshal([]byte(raw), &fullItems); err != nil {
		return json.RawMessage("[]")
	}

	var filtered []json.RawMessage
	for i, item := range items {
		if item.Visibility != "admin" {
			filtered = append(filtered, fullItems[i])
		}
	}
	if len(filtered) == 0 {
		return json.RawMessage("[]")
	}
	result, err := json.Marshal(filtered)
	if err != nil {
		return json.RawMessage("[]")
	}
	return result
}

// GetFrameSrcOrigins returns deduplicated http(s) origins from purchase_subscription_url
// and all custom_menu_items URLs. Used by the router layer for CSP frame-src injection.
func (s *SettingService) GetFrameSrcOrigins(ctx context.Context) ([]string, error) {
	settings, err := s.GetPublicSettings(ctx)
	if err != nil {
		return nil, err
	}

	seen := make(map[string]struct{})
	var origins []string

	addOrigin := func(rawURL string) {
		if origin := extractOriginFromURL(rawURL); origin != "" {
			if _, ok := seen[origin]; !ok {
				seen[origin] = struct{}{}
				origins = append(origins, origin)
			}
		}
	}

	// purchase subscription URL
	if settings.PurchaseSubscriptionEnabled {
		addOrigin(settings.PurchaseSubscriptionURL)
	}

	// all custom menu items (including admin-only, since CSP must allow all iframes)
	for _, item := range parseCustomMenuItemURLs(settings.CustomMenuItems) {
		addOrigin(item)
	}

	return origins, nil
}

// extractOriginFromURL returns the scheme+host origin from rawURL.
// Only http and https schemes are accepted.
func extractOriginFromURL(rawURL string) string {
	rawURL = strings.TrimSpace(rawURL)
	if rawURL == "" {
		return ""
	}
	u, err := url.Parse(rawURL)
	if err != nil || u.Host == "" {
		return ""
	}
	if u.Scheme != "http" && u.Scheme != "https" {
		return ""
	}
	return u.Scheme + "://" + u.Host
}

// parseCustomMenuItemURLs extracts URLs from a raw JSON array of custom menu items.
func parseCustomMenuItemURLs(raw string) []string {
	raw = strings.TrimSpace(raw)
	if raw == "" || raw == "[]" {
		return nil
	}
	var items []struct {
		URL string `json:"url"`
	}
	if err := json.Unmarshal([]byte(raw), &items); err != nil {
		return nil
	}
	urls := make([]string, 0, len(items))
	for _, item := range items {
		if item.URL != "" {
			urls = append(urls, item.URL)
		}
	}
	return urls
}

// UpdateSettings 更新系统设置
func (s *SettingService) UpdateSettings(ctx context.Context, settings *SystemSettings) error {
	if err := s.validateDefaultSubscriptionGroups(ctx, settings.DefaultSubscriptions); err != nil {
		return err
	}
	normalizedWhitelist, err := NormalizeRegistrationEmailSuffixWhitelist(settings.RegistrationEmailSuffixWhitelist)
	if err != nil {
		return infraerrors.BadRequest("INVALID_REGISTRATION_EMAIL_SUFFIX_WHITELIST", err.Error())
	}
	if normalizedWhitelist == nil {
		normalizedWhitelist = []string{}
	}
	settings.RegistrationEmailSuffixWhitelist = normalizedWhitelist

	updates := make(map[string]string)

	// 注册设置
	updates[SettingKeyRegistrationEnabled] = strconv.FormatBool(settings.RegistrationEnabled)
	updates[SettingKeyEmailVerifyEnabled] = strconv.FormatBool(settings.EmailVerifyEnabled)
	registrationEmailSuffixWhitelistJSON, err := json.Marshal(settings.RegistrationEmailSuffixWhitelist)
	if err != nil {
		return fmt.Errorf("marshal registration email suffix whitelist: %w", err)
	}
	updates[SettingKeyRegistrationEmailSuffixWhitelist] = string(registrationEmailSuffixWhitelistJSON)
	updates[SettingKeyPromoCodeEnabled] = strconv.FormatBool(settings.PromoCodeEnabled)
	updates[SettingKeyPasswordResetEnabled] = strconv.FormatBool(settings.PasswordResetEnabled)
	updates[SettingKeyInvitationCodeEnabled] = strconv.FormatBool(settings.InvitationCodeEnabled)
	updates[SettingKeyTotpEnabled] = strconv.FormatBool(settings.TotpEnabled)

	// 邮件服务设置（只有非空才更新密码）
	updates[SettingKeySMTPHost] = settings.SMTPHost
	updates[SettingKeySMTPPort] = strconv.Itoa(settings.SMTPPort)
	updates[SettingKeySMTPUsername] = settings.SMTPUsername
	if settings.SMTPPassword != "" {
		updates[SettingKeySMTPPassword] = settings.SMTPPassword
	}
	updates[SettingKeySMTPFrom] = settings.SMTPFrom
	updates[SettingKeySMTPFromName] = settings.SMTPFromName
	updates[SettingKeySMTPUseTLS] = strconv.FormatBool(settings.SMTPUseTLS)

	// Cloudflare Turnstile 设置（只有非空才更新密钥）
	updates[SettingKeyTurnstileEnabled] = strconv.FormatBool(settings.TurnstileEnabled)
	updates[SettingKeyTurnstileSiteKey] = settings.TurnstileSiteKey
	if settings.TurnstileSecretKey != "" {
		updates[SettingKeyTurnstileSecretKey] = settings.TurnstileSecretKey
	}

	// LinuxDo Connect OAuth 登录
	updates[SettingKeyLinuxDoConnectEnabled] = strconv.FormatBool(settings.LinuxDoConnectEnabled)
	updates[SettingKeyLinuxDoConnectClientID] = settings.LinuxDoConnectClientID
	updates[SettingKeyLinuxDoConnectRedirectURL] = settings.LinuxDoConnectRedirectURL
	if settings.LinuxDoConnectClientSecret != "" {
		updates[SettingKeyLinuxDoConnectClientSecret] = settings.LinuxDoConnectClientSecret
	}

	// OEM设置
	updates[SettingKeySiteName] = settings.SiteName
	updates[SettingKeySiteLogo] = settings.SiteLogo
	updates[SettingKeySiteSubtitle] = settings.SiteSubtitle
	updates[SettingKeyAPIBaseURL] = settings.APIBaseURL
	updates[SettingKeyContactInfo] = settings.ContactInfo
	updates[SettingKeyDocURL] = settings.DocURL
	updates[SettingKeyHomeContent] = settings.HomeContent
	updates[SettingKeyHideCcsImportButton] = strconv.FormatBool(settings.HideCcsImportButton)
	updates[SettingKeyPurchaseSubscriptionEnabled] = strconv.FormatBool(settings.PurchaseSubscriptionEnabled)
	updates[SettingKeyPurchaseSubscriptionURL] = strings.TrimSpace(settings.PurchaseSubscriptionURL)
	updates[SettingKeySoraClientEnabled] = strconv.FormatBool(settings.SoraClientEnabled)
	updates[SettingKeyCustomMenuItems] = settings.CustomMenuItems

	// 默认配置
	updates[SettingKeyDefaultConcurrency] = strconv.Itoa(settings.DefaultConcurrency)
	updates[SettingKeyDefaultBalance] = strconv.FormatFloat(settings.DefaultBalance, 'f', 8, 64)
	defaultSubsJSON, err := json.Marshal(settings.DefaultSubscriptions)
	if err != nil {
		return fmt.Errorf("marshal default subscriptions: %w", err)
	}
	updates[SettingKeyDefaultSubscriptions] = string(defaultSubsJSON)

	// Model fallback configuration
	updates[SettingKeyEnableModelFallback] = strconv.FormatBool(settings.EnableModelFallback)
	updates[SettingKeyFallbackModelAnthropic] = settings.FallbackModelAnthropic
	updates[SettingKeyFallbackModelOpenAI] = settings.FallbackModelOpenAI
	updates[SettingKeyFallbackModelGemini] = settings.FallbackModelGemini
	updates[SettingKeyFallbackModelAntigravity] = settings.FallbackModelAntigravity

	// Identity patch configuration (Claude -> Gemini)
	updates[SettingKeyEnableIdentityPatch] = strconv.FormatBool(settings.EnableIdentityPatch)
	updates[SettingKeyIdentityPatchPrompt] = settings.IdentityPatchPrompt

	// Ops monitoring (vNext)
	updates[SettingKeyOpsMonitoringEnabled] = strconv.FormatBool(settings.OpsMonitoringEnabled)
	updates[SettingKeyOpsRealtimeMonitoringEnabled] = strconv.FormatBool(settings.OpsRealtimeMonitoringEnabled)
	updates[SettingKeyOpsQueryModeDefault] = string(ParseOpsQueryMode(settings.OpsQueryModeDefault))
	if settings.OpsMetricsIntervalSeconds > 0 {
		updates[SettingKeyOpsMetricsIntervalSeconds] = strconv.Itoa(settings.OpsMetricsIntervalSeconds)
	}

	// Claude Code version check
	updates[SettingKeyMinClaudeCodeVersion] = settings.MinClaudeCodeVersion

	// 分组隔离
	updates[SettingKeyAllowUngroupedKeyScheduling] = strconv.FormatBool(settings.AllowUngroupedKeyScheduling)

	err = s.settingRepo.SetMultiple(ctx, updates)
	if err == nil {
		// 先使 inflight singleflight 失效，再刷新缓存，缩小旧值覆盖新值的竞态窗口
		minVersionSF.Forget("min_version")
		minVersionCache.Store(&cachedMinVersion{
			value:     settings.MinClaudeCodeVersion,
			expiresAt: time.Now().Add(minVersionCacheTTL).UnixNano(),
		})
		if s.onUpdate != nil {
			s.onUpdate() // Invalidate cache after settings update
		}
	}
	return err
}

func (s *SettingService) validateDefaultSubscriptionGroups(ctx context.Context, items []DefaultSubscriptionSetting) error {
	if len(items) == 0 {
		return nil
	}

	checked := make(map[int64]struct{}, len(items))
	for _, item := range items {
		if item.GroupID <= 0 {
			continue
		}
		if _, ok := checked[item.GroupID]; ok {
			return ErrDefaultSubGroupDuplicate.WithMetadata(map[string]string{
				"group_id": strconv.FormatInt(item.GroupID, 10),
			})
		}
		checked[item.GroupID] = struct{}{}
		if s.defaultSubGroupReader == nil {
			continue
		}

		group, err := s.defaultSubGroupReader.GetByID(ctx, item.GroupID)
		if err != nil {
			if errors.Is(err, ErrGroupNotFound) {
				return ErrDefaultSubGroupInvalid.WithMetadata(map[string]string{
					"group_id": strconv.FormatInt(item.GroupID, 10),
				})
			}
			return fmt.Errorf("get default subscription group %d: %w", item.GroupID, err)
		}
		if !group.IsSubscriptionType() {
			return ErrDefaultSubGroupInvalid.WithMetadata(map[string]string{
				"group_id": strconv.FormatInt(item.GroupID, 10),
			})
		}
	}

	return nil
}

// IsRegistrationEnabled 检查是否开放注册
func (s *SettingService) IsRegistrationEnabled(ctx context.Context) bool {
	value, err := s.settingRepo.GetValue(ctx, SettingKeyRegistrationEnabled)
	if err != nil {
		// 安全默认：如果设置不存在或查询出错，默认关闭注册
		return false
	}
	return value == "true"
}

// IsEmailVerifyEnabled 检查是否开启邮件验证
func (s *SettingService) IsEmailVerifyEnabled(ctx context.Context) bool {
	value, err := s.settingRepo.GetValue(ctx, SettingKeyEmailVerifyEnabled)
	if err != nil {
		return false
	}
	return value == "true"
}

// GetRegistrationEmailSuffixWhitelist returns normalized registration email suffix whitelist.
func (s *SettingService) GetRegistrationEmailSuffixWhitelist(ctx context.Context) []string {
	value, err := s.settingRepo.GetValue(ctx, SettingKeyRegistrationEmailSuffixWhitelist)
	if err != nil {
		return []string{}
	}
	return ParseRegistrationEmailSuffixWhitelist(value)
}

// IsPromoCodeEnabled 检查是否启用优惠码功能
func (s *SettingService) IsPromoCodeEnabled(ctx context.Context) bool {
	value, err := s.settingRepo.GetValue(ctx, SettingKeyPromoCodeEnabled)
	if err != nil {
		return true // 默认启用
	}
	return value != "false"
}

// IsInvitationCodeEnabled 检查是否启用邀请码注册功能
func (s *SettingService) IsInvitationCodeEnabled(ctx context.Context) bool {
	value, err := s.settingRepo.GetValue(ctx, SettingKeyInvitationCodeEnabled)
	if err != nil {
		return false // 默认关闭
	}
	return value == "true"
}

// IsPasswordResetEnabled 检查是否启用密码重置功能
// 要求：必须同时开启邮件验证
func (s *SettingService) IsPasswordResetEnabled(ctx context.Context) bool {
	// Password reset requires email verification to be enabled
	if !s.IsEmailVerifyEnabled(ctx) {
		return false
	}
	value, err := s.settingRepo.GetValue(ctx, SettingKeyPasswordResetEnabled)
	if err != nil {
		return false // 默认关闭
	}
	return value == "true"
}

// IsTotpEnabled 检查是否启用 TOTP 双因素认证功能
func (s *SettingService) IsTotpEnabled(ctx context.Context) bool {
	value, err := s.settingRepo.GetValue(ctx, SettingKeyTotpEnabled)
	if err != nil {
		return false // 默认关闭
	}
	return value == "true"
}

// IsTotpEncryptionKeyConfigured 检查 TOTP 加密密钥是否已手动配置
// 只有手动配置了密钥才允许在管理后台启用 TOTP 功能
func (s *SettingService) IsTotpEncryptionKeyConfigured() bool {
	return s.cfg.Totp.EncryptionKeyConfigured
}

// GetSiteName 获取网站名称
func (s *SettingService) GetSiteName(ctx context.Context) string {
	value, err := s.settingRepo.GetValue(ctx, SettingKeySiteName)
	if err != nil || value == "" {
		return "Sub2API"
	}
	return value
}

// GetDefaultConcurrency 获取默认并发量
func (s *SettingService) GetDefaultConcurrency(ctx context.Context) int {
	value, err := s.settingRepo.GetValue(ctx, SettingKeyDefaultConcurrency)
	if err != nil {
		return s.cfg.Default.UserConcurrency
	}
	if v, err := strconv.Atoi(value); err == nil && v > 0 {
		return v
	}
	return s.cfg.Default.UserConcurrency
}

// GetDefaultBalance 获取默认余额
func (s *SettingService) GetDefaultBalance(ctx context.Context) float64 {
	value, err := s.settingRepo.GetValue(ctx, SettingKeyDefaultBalance)
	if err != nil {
		return s.cfg.Default.UserBalance
	}
	if v, err := strconv.ParseFloat(value, 64); err == nil && v >= 0 {
		return v
	}
	return s.cfg.Default.UserBalance
}

// GetDefaultSubscriptions 获取新用户默认订阅配置列表。
func (s *SettingService) GetDefaultSubscriptions(ctx context.Context) []DefaultSubscriptionSetting {
	value, err := s.settingRepo.GetValue(ctx, SettingKeyDefaultSubscriptions)
	if err != nil {
		return nil
	}
	return parseDefaultSubscriptions(value)
}

// InitializeDefaultSettings 初始化默认设置
func (s *SettingService) InitializeDefaultSettings(ctx context.Context) error {
	// 检查是否已有设置
	_, err := s.settingRepo.GetValue(ctx, SettingKeyRegistrationEnabled)
	if err == nil {
		// 已有设置，不需要初始化
		return nil
	}
	if !errors.Is(err, ErrSettingNotFound) {
		return fmt.Errorf("check existing settings: %w", err)
	}

	// 初始化默认设置
	defaults := map[string]string{
		SettingKeyRegistrationEnabled:              "true",
		SettingKeyEmailVerifyEnabled:               "false",
		SettingKeyRegistrationEmailSuffixWhitelist: "[]",
		SettingKeyPromoCodeEnabled:                 "true", // 默认启用优惠码功能
		SettingKeySiteName:                         "Sub2API",
		SettingKeySiteLogo:                         "",
		SettingKeyPurchaseSubscriptionEnabled:      "false",
		SettingKeyPurchaseSubscriptionURL:          "",
		SettingKeySoraClientEnabled:                "false",
		SettingKeyCustomMenuItems:                  "[]",
		SettingKeyDefaultConcurrency:               strconv.Itoa(s.cfg.Default.UserConcurrency),
		SettingKeyDefaultBalance:                   strconv.FormatFloat(s.cfg.Default.UserBalance, 'f', 8, 64),
		SettingKeyDefaultSubscriptions:             "[]",
		SettingKeySMTPPort:                         "587",
		SettingKeySMTPUseTLS:                       "false",
		// Model fallback defaults
		SettingKeyEnableModelFallback:      "false",
		SettingKeyFallbackModelAnthropic:   "claude-3-5-sonnet-20241022",
		SettingKeyFallbackModelOpenAI:      "gpt-4o",
		SettingKeyFallbackModelGemini:      "gemini-2.5-pro",
		SettingKeyFallbackModelAntigravity: "gemini-2.5-pro",
		// Identity patch defaults
		SettingKeyEnableIdentityPatch: "true",
		SettingKeyIdentityPatchPrompt: "",

		// Ops monitoring defaults (vNext)
		SettingKeyOpsMonitoringEnabled:         "true",
		SettingKeyOpsRealtimeMonitoringEnabled: "true",
		SettingKeyOpsQueryModeDefault:          "auto",
		SettingKeyOpsMetricsIntervalSeconds:    "60",

		// Claude Code version check (default: empty = disabled)
		SettingKeyMinClaudeCodeVersion: "",

		// 分组隔离（默认不允许未分组 Key 调度）
		SettingKeyAllowUngroupedKeyScheduling: "false",
	}

	return s.settingRepo.SetMultiple(ctx, defaults)
}

// parseSettings 解析设置到结构体
func (s *SettingService) parseSettings(settings map[string]string) *SystemSettings {
	emailVerifyEnabled := settings[SettingKeyEmailVerifyEnabled] == "true"
	result := &SystemSettings{
		RegistrationEnabled:              settings[SettingKeyRegistrationEnabled] == "true",
		EmailVerifyEnabled:               emailVerifyEnabled,
		RegistrationEmailSuffixWhitelist: ParseRegistrationEmailSuffixWhitelist(settings[SettingKeyRegistrationEmailSuffixWhitelist]),
		PromoCodeEnabled:                 settings[SettingKeyPromoCodeEnabled] != "false", // 默认启用
		PasswordResetEnabled:             emailVerifyEnabled && settings[SettingKeyPasswordResetEnabled] == "true",
		InvitationCodeEnabled:            settings[SettingKeyInvitationCodeEnabled] == "true",
		TotpEnabled:                      settings[SettingKeyTotpEnabled] == "true",
		SMTPHost:                         settings[SettingKeySMTPHost],
		SMTPUsername:                     settings[SettingKeySMTPUsername],
		SMTPFrom:                         settings[SettingKeySMTPFrom],
		SMTPFromName:                     settings[SettingKeySMTPFromName],
		SMTPUseTLS:                       settings[SettingKeySMTPUseTLS] == "true",
		SMTPPasswordConfigured:           settings[SettingKeySMTPPassword] != "",
		TurnstileEnabled:                 settings[SettingKeyTurnstileEnabled] == "true",
		TurnstileSiteKey:                 settings[SettingKeyTurnstileSiteKey],
		TurnstileSecretKeyConfigured:     settings[SettingKeyTurnstileSecretKey] != "",
		SiteName:                         s.getStringOrDefault(settings, SettingKeySiteName, "Sub2API"),
		SiteLogo:                         settings[SettingKeySiteLogo],
		SiteSubtitle:                     s.getStringOrDefault(settings, SettingKeySiteSubtitle, "Subscription to API Conversion Platform"),
		APIBaseURL:                       settings[SettingKeyAPIBaseURL],
		ContactInfo:                      settings[SettingKeyContactInfo],
		DocURL:                           settings[SettingKeyDocURL],
		HomeContent:                      settings[SettingKeyHomeContent],
		HideCcsImportButton:              settings[SettingKeyHideCcsImportButton] == "true",
		PurchaseSubscriptionEnabled:      settings[SettingKeyPurchaseSubscriptionEnabled] == "true",
		PurchaseSubscriptionURL:          strings.TrimSpace(settings[SettingKeyPurchaseSubscriptionURL]),
		SoraClientEnabled:                settings[SettingKeySoraClientEnabled] == "true",
		CustomMenuItems:                  settings[SettingKeyCustomMenuItems],
	}

	// 解析整数类型
	if port, err := strconv.Atoi(settings[SettingKeySMTPPort]); err == nil {
		result.SMTPPort = port
	} else {
		result.SMTPPort = 587
	}

	if concurrency, err := strconv.Atoi(settings[SettingKeyDefaultConcurrency]); err == nil {
		result.DefaultConcurrency = concurrency
	} else {
		result.DefaultConcurrency = s.cfg.Default.UserConcurrency
	}

	// 解析浮点数类型
	if balance, err := strconv.ParseFloat(settings[SettingKeyDefaultBalance], 64); err == nil {
		result.DefaultBalance = balance
	} else {
		result.DefaultBalance = s.cfg.Default.UserBalance
	}
	result.DefaultSubscriptions = parseDefaultSubscriptions(settings[SettingKeyDefaultSubscriptions])

	// 敏感信息直接返回，方便测试连接时使用
	result.SMTPPassword = settings[SettingKeySMTPPassword]
	result.TurnstileSecretKey = settings[SettingKeyTurnstileSecretKey]

	// LinuxDo Connect 设置：
	// - 兼容 config.yaml/env（避免老部署因为未迁移到数据库设置而被意外关闭）
	// - 支持在后台“系统设置”中覆盖并持久化（存储于 DB）
	linuxDoBase := config.LinuxDoConnectConfig{}
	if s.cfg != nil {
		linuxDoBase = s.cfg.LinuxDo
	}

	if raw, ok := settings[SettingKeyLinuxDoConnectEnabled]; ok {
		result.LinuxDoConnectEnabled = raw == "true"
	} else {
		result.LinuxDoConnectEnabled = linuxDoBase.Enabled
	}

	if v, ok := settings[SettingKeyLinuxDoConnectClientID]; ok && strings.TrimSpace(v) != "" {
		result.LinuxDoConnectClientID = strings.TrimSpace(v)
	} else {
		result.LinuxDoConnectClientID = linuxDoBase.ClientID
	}

	if v, ok := settings[SettingKeyLinuxDoConnectRedirectURL]; ok && strings.TrimSpace(v) != "" {
		result.LinuxDoConnectRedirectURL = strings.TrimSpace(v)
	} else {
		result.LinuxDoConnectRedirectURL = linuxDoBase.RedirectURL
	}

	result.LinuxDoConnectClientSecret = strings.TrimSpace(settings[SettingKeyLinuxDoConnectClientSecret])
	if result.LinuxDoConnectClientSecret == "" {
		result.LinuxDoConnectClientSecret = strings.TrimSpace(linuxDoBase.ClientSecret)
	}
	result.LinuxDoConnectClientSecretConfigured = result.LinuxDoConnectClientSecret != ""

	// Model fallback settings
	result.EnableModelFallback = settings[SettingKeyEnableModelFallback] == "true"
	result.FallbackModelAnthropic = s.getStringOrDefault(settings, SettingKeyFallbackModelAnthropic, "claude-3-5-sonnet-20241022")
	result.FallbackModelOpenAI = s.getStringOrDefault(settings, SettingKeyFallbackModelOpenAI, "gpt-4o")
	result.FallbackModelGemini = s.getStringOrDefault(settings, SettingKeyFallbackModelGemini, "gemini-2.5-pro")
	result.FallbackModelAntigravity = s.getStringOrDefault(settings, SettingKeyFallbackModelAntigravity, "gemini-2.5-pro")

	// Identity patch settings (default: enabled, to preserve existing behavior)
	if v, ok := settings[SettingKeyEnableIdentityPatch]; ok && v != "" {
		result.EnableIdentityPatch = v == "true"
	} else {
		result.EnableIdentityPatch = true
	}
	result.IdentityPatchPrompt = settings[SettingKeyIdentityPatchPrompt]

	// Ops monitoring settings (default: enabled, fail-open)
	result.OpsMonitoringEnabled = !isFalseSettingValue(settings[SettingKeyOpsMonitoringEnabled])
	result.OpsRealtimeMonitoringEnabled = !isFalseSettingValue(settings[SettingKeyOpsRealtimeMonitoringEnabled])
	result.OpsQueryModeDefault = string(ParseOpsQueryMode(settings[SettingKeyOpsQueryModeDefault]))
	result.OpsMetricsIntervalSeconds = 60
	if raw := strings.TrimSpace(settings[SettingKeyOpsMetricsIntervalSeconds]); raw != "" {
		if v, err := strconv.Atoi(raw); err == nil {
			if v < 60 {
				v = 60
			}
			if v > 3600 {
				v = 3600
			}
			result.OpsMetricsIntervalSeconds = v
		}
	}

	// Claude Code version check
	result.MinClaudeCodeVersion = settings[SettingKeyMinClaudeCodeVersion]

	// 分组隔离
	result.AllowUngroupedKeyScheduling = settings[SettingKeyAllowUngroupedKeyScheduling] == "true"

	return result
}

func isFalseSettingValue(value string) bool {
	switch strings.ToLower(strings.TrimSpace(value)) {
	case "false", "0", "off", "disabled":
		return true
	default:
		return false
	}
}

func parseDefaultSubscriptions(raw string) []DefaultSubscriptionSetting {
	raw = strings.TrimSpace(raw)
	if raw == "" {
		return nil
	}

	var items []DefaultSubscriptionSetting
	if err := json.Unmarshal([]byte(raw), &items); err != nil {
		return nil
	}

	normalized := make([]DefaultSubscriptionSetting, 0, len(items))
	for _, item := range items {
		if item.GroupID <= 0 || item.ValidityDays <= 0 {
			continue
		}
		if item.ValidityDays > MaxValidityDays {
			item.ValidityDays = MaxValidityDays
		}
		normalized = append(normalized, item)
	}

	return normalized
}

// getStringOrDefault 获取字符串值或默认值
func (s *SettingService) getStringOrDefault(settings map[string]string, key, defaultValue string) string {
	if value, ok := settings[key]; ok && value != "" {
		return value
	}
	return defaultValue
}

// IsTurnstileEnabled 检查是否启用 Turnstile 验证
func (s *SettingService) IsTurnstileEnabled(ctx context.Context) bool {
	value, err := s.settingRepo.GetValue(ctx, SettingKeyTurnstileEnabled)
	if err != nil {
		return false
	}
	return value == "true"
}

// GetTurnstileSecretKey 获取 Turnstile Secret Key
func (s *SettingService) GetTurnstileSecretKey(ctx context.Context) string {
	value, err := s.settingRepo.GetValue(ctx, SettingKeyTurnstileSecretKey)
	if err != nil {
		return ""
	}
	return value
}

// IsIdentityPatchEnabled 检查是否启用身份补丁（Claude -> Gemini systemInstruction 注入）
func (s *SettingService) IsIdentityPatchEnabled(ctx context.Context) bool {
	value, err := s.settingRepo.GetValue(ctx, SettingKeyEnableIdentityPatch)
	if err != nil {
		// 默认开启，保持兼容
		return true
	}
	return value == "true"
}

// GetIdentityPatchPrompt 获取自定义身份补丁提示词（为空表示使用内置默认模板）
func (s *SettingService) GetIdentityPatchPrompt(ctx context.Context) string {
	value, err := s.settingRepo.GetValue(ctx, SettingKeyIdentityPatchPrompt)
	if err != nil {
		return ""
	}
	return value
}

// GenerateAdminAPIKey 生成新的管理员 API Key
func (s *SettingService) GenerateAdminAPIKey(ctx context.Context) (string, error) {
	// 生成 32 字节随机数 = 64 位十六进制字符
	bytes := make([]byte, 32)
	if _, err := rand.Read(bytes); err != nil {
		return "", fmt.Errorf("generate random bytes: %w", err)
	}

	key := AdminAPIKeyPrefix + hex.EncodeToString(bytes)

	// 存储到 settings 表
	if err := s.settingRepo.Set(ctx, SettingKeyAdminAPIKey, key); err != nil {
		return "", fmt.Errorf("save admin api key: %w", err)
	}

	return key, nil
}

// GetAdminAPIKeyStatus 获取管理员 API Key 状态
// 返回脱敏的 key、是否存在、错误
func (s *SettingService) GetAdminAPIKeyStatus(ctx context.Context) (maskedKey string, exists bool, err error) {
	key, err := s.settingRepo.GetValue(ctx, SettingKeyAdminAPIKey)
	if err != nil {
		if errors.Is(err, ErrSettingNotFound) {
			return "", false, nil
		}
		return "", false, err
	}
	if key == "" {
		return "", false, nil
	}

	// 脱敏：显示前 10 位和后 4 位
	if len(key) > 14 {
		maskedKey = key[:10] + "..." + key[len(key)-4:]
	} else {
		maskedKey = key
	}

	return maskedKey, true, nil
}

// GetAdminAPIKey 获取完整的管理员 API Key（仅供内部验证使用）
// 如果未配置返回空字符串和 nil 错误，只有数据库错误时才返回 error
func (s *SettingService) GetAdminAPIKey(ctx context.Context) (string, error) {
	key, err := s.settingRepo.GetValue(ctx, SettingKeyAdminAPIKey)
	if err != nil {
		if errors.Is(err, ErrSettingNotFound) {
			return "", nil // 未配置，返回空字符串
		}
		return "", err // 数据库错误
	}
	return key, nil
}

// DeleteAdminAPIKey 删除管理员 API Key
func (s *SettingService) DeleteAdminAPIKey(ctx context.Context) error {
	return s.settingRepo.Delete(ctx, SettingKeyAdminAPIKey)
}

// IsModelFallbackEnabled 检查是否启用模型兜底机制
func (s *SettingService) IsModelFallbackEnabled(ctx context.Context) bool {
	value, err := s.settingRepo.GetValue(ctx, SettingKeyEnableModelFallback)
	if err != nil {
		return false // Default: disabled
	}
	return value == "true"
}

// GetFallbackModel 获取指定平台的兜底模型
func (s *SettingService) GetFallbackModel(ctx context.Context, platform string) string {
	var key string
	var defaultModel string

	switch platform {
	case PlatformAnthropic:
		key = SettingKeyFallbackModelAnthropic
		defaultModel = "claude-3-5-sonnet-20241022"
	case PlatformOpenAI:
		key = SettingKeyFallbackModelOpenAI
		defaultModel = "gpt-4o"
	case PlatformGemini:
		key = SettingKeyFallbackModelGemini
		defaultModel = "gemini-2.5-pro"
	case PlatformAntigravity:
		key = SettingKeyFallbackModelAntigravity
		defaultModel = "gemini-2.5-pro"
	default:
		return ""
	}

	value, err := s.settingRepo.GetValue(ctx, key)
	if err != nil || value == "" {
		return defaultModel
	}
	return value
}

// GetLinuxDoConnectOAuthConfig 返回用于登录的"最终生效" LinuxDo Connect 配置。
//
// 优先级：
// - 若对应系统设置键存在，则覆盖 config.yaml/env 的值
// - 否则回退到 config.yaml/env 的值
func (s *SettingService) GetLinuxDoConnectOAuthConfig(ctx context.Context) (config.LinuxDoConnectConfig, error) {
	if s == nil || s.cfg == nil {
		return config.LinuxDoConnectConfig{}, infraerrors.ServiceUnavailable("CONFIG_NOT_READY", "config not loaded")
	}

	effective := s.cfg.LinuxDo

	keys := []string{
		SettingKeyLinuxDoConnectEnabled,
		SettingKeyLinuxDoConnectClientID,
		SettingKeyLinuxDoConnectClientSecret,
		SettingKeyLinuxDoConnectRedirectURL,
	}
	settings, err := s.settingRepo.GetMultiple(ctx, keys)
	if err != nil {
		return config.LinuxDoConnectConfig{}, fmt.Errorf("get linuxdo connect settings: %w", err)
	}

	if raw, ok := settings[SettingKeyLinuxDoConnectEnabled]; ok {
		effective.Enabled = raw == "true"
	}
	if v, ok := settings[SettingKeyLinuxDoConnectClientID]; ok && strings.TrimSpace(v) != "" {
		effective.ClientID = strings.TrimSpace(v)
	}
	if v, ok := settings[SettingKeyLinuxDoConnectClientSecret]; ok && strings.TrimSpace(v) != "" {
		effective.ClientSecret = strings.TrimSpace(v)
	}
	if v, ok := settings[SettingKeyLinuxDoConnectRedirectURL]; ok && strings.TrimSpace(v) != "" {
		effective.RedirectURL = strings.TrimSpace(v)
	}

	if !effective.Enabled {
		return config.LinuxDoConnectConfig{}, infraerrors.NotFound("OAUTH_DISABLED", "oauth login is disabled")
	}

	// 基础健壮性校验（避免把用户重定向到一个必然失败或不安全的 OAuth 流程里）。
	if strings.TrimSpace(effective.ClientID) == "" {
		return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth client id not configured")
	}
	if strings.TrimSpace(effective.AuthorizeURL) == "" {
		return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth authorize url not configured")
	}
	if strings.TrimSpace(effective.TokenURL) == "" {
		return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth token url not configured")
	}
	if strings.TrimSpace(effective.UserInfoURL) == "" {
		return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth userinfo url not configured")
	}
	if strings.TrimSpace(effective.RedirectURL) == "" {
		return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth redirect url not configured")
	}
	if strings.TrimSpace(effective.FrontendRedirectURL) == "" {
		return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth frontend redirect url not configured")
	}

	if err := config.ValidateAbsoluteHTTPURL(effective.AuthorizeURL); err != nil {
		return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth authorize url invalid")
	}
	if err := config.ValidateAbsoluteHTTPURL(effective.TokenURL); err != nil {
		return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth token url invalid")
	}
	if err := config.ValidateAbsoluteHTTPURL(effective.UserInfoURL); err != nil {
		return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth userinfo url invalid")
	}
	if err := config.ValidateAbsoluteHTTPURL(effective.RedirectURL); err != nil {
		return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth redirect url invalid")
	}
	if err := config.ValidateFrontendRedirectURL(effective.FrontendRedirectURL); err != nil {
		return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth frontend redirect url invalid")
	}

	method := strings.ToLower(strings.TrimSpace(effective.TokenAuthMethod))
	switch method {
	case "", "client_secret_post", "client_secret_basic":
		if strings.TrimSpace(effective.ClientSecret) == "" {
			return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth client secret not configured")
		}
	case "none":
		if !effective.UsePKCE {
			return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth pkce must be enabled when token_auth_method=none")
		}
	default:
		return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth token_auth_method invalid")
	}

	return effective, nil
}

// GetStreamTimeoutSettings 获取流超时处理配置
func (s *SettingService) GetStreamTimeoutSettings(ctx context.Context) (*StreamTimeoutSettings, error) {
	value, err := s.settingRepo.GetValue(ctx, SettingKeyStreamTimeoutSettings)
	if err != nil {
		if errors.Is(err, ErrSettingNotFound) {
			return DefaultStreamTimeoutSettings(), nil
		}
		return nil, fmt.Errorf("get stream timeout settings: %w", err)
	}
	if value == "" {
		return DefaultStreamTimeoutSettings(), nil
	}

	var settings StreamTimeoutSettings
	if err := json.Unmarshal([]byte(value), &settings); err != nil {
		return DefaultStreamTimeoutSettings(), nil
	}

	// 验证并修正配置值
	if settings.TempUnschedMinutes < 1 {
		settings.TempUnschedMinutes = 1
	}
	if settings.TempUnschedMinutes > 60 {
		settings.TempUnschedMinutes = 60
	}
	if settings.ThresholdCount < 1 {
		settings.ThresholdCount = 1
	}
	if settings.ThresholdCount > 10 {
		settings.ThresholdCount = 10
	}
	if settings.ThresholdWindowMinutes < 1 {
		settings.ThresholdWindowMinutes = 1
	}
	if settings.ThresholdWindowMinutes > 60 {
		settings.ThresholdWindowMinutes = 60
	}

	// 验证 action
	switch settings.Action {
	case StreamTimeoutActionTempUnsched, StreamTimeoutActionError, StreamTimeoutActionNone:
		// valid
	default:
		settings.Action = StreamTimeoutActionTempUnsched
	}

	return &settings, nil
}

// IsUngroupedKeySchedulingAllowed 查询是否允许未分组 Key 调度
func (s *SettingService) IsUngroupedKeySchedulingAllowed(ctx context.Context) bool {
	value, err := s.settingRepo.GetValue(ctx, SettingKeyAllowUngroupedKeyScheduling)
	if err != nil {
		return false // fail-closed: 查询失败时默认不允许
	}
	return value == "true"
}

// GetMinClaudeCodeVersion 获取最低 Claude Code 版本号要求
// 使用进程内 atomic.Value 缓存，60 秒 TTL，热路径零锁开销
// singleflight 防止缓存过期时 thundering herd
// 返回空字符串表示不做版本检查
func (s *SettingService) GetMinClaudeCodeVersion(ctx context.Context) string {
	if cached, ok := minVersionCache.Load().(*cachedMinVersion); ok {
		if time.Now().UnixNano() < cached.expiresAt {
			return cached.value
		}
	}
	// singleflight: 同一时刻只有一个 goroutine 查询 DB，其余复用结果
	result, err, _ := minVersionSF.Do("min_version", func() (any, error) {
		// 二次检查，避免排队的 goroutine 重复查询
		if cached, ok := minVersionCache.Load().(*cachedMinVersion); ok {
			if time.Now().UnixNano() < cached.expiresAt {
				return cached.value, nil
			}
		}
		// 使用独立 context：断开请求取消链，避免客户端断连导致空值被长期缓存
		dbCtx, cancel := context.WithTimeout(context.WithoutCancel(ctx), minVersionDBTimeout)
		defer cancel()
		value, err := s.settingRepo.GetValue(dbCtx, SettingKeyMinClaudeCodeVersion)
		if err != nil {
			// fail-open: DB 错误时不阻塞请求，但记录日志并使用短 TTL 快速重试
			slog.Warn("failed to get min claude code version setting, skipping version check", "error", err)
			minVersionCache.Store(&cachedMinVersion{
				value:     "",
				expiresAt: time.Now().Add(minVersionErrorTTL).UnixNano(),
			})
			return "", nil
		}
		minVersionCache.Store(&cachedMinVersion{
			value:     value,
			expiresAt: time.Now().Add(minVersionCacheTTL).UnixNano(),
		})
		return value, nil
	})
	if err != nil {
		return ""
	}
	ver, ok := result.(string)
	if !ok {
		return ""
	}
	return ver
}

// SetStreamTimeoutSettings 设置流超时处理配置
func (s *SettingService) SetStreamTimeoutSettings(ctx context.Context, settings *StreamTimeoutSettings) error {
	if settings == nil {
		return fmt.Errorf("settings cannot be nil")
	}

	// 验证配置值
	if settings.TempUnschedMinutes < 1 || settings.TempUnschedMinutes > 60 {
		return fmt.Errorf("temp_unsched_minutes must be between 1-60")
	}
	if settings.ThresholdCount < 1 || settings.ThresholdCount > 10 {
		return fmt.Errorf("threshold_count must be between 1-10")
	}
	if settings.ThresholdWindowMinutes < 1 || settings.ThresholdWindowMinutes > 60 {
		return fmt.Errorf("threshold_window_minutes must be between 1-60")
	}

	switch settings.Action {
	case StreamTimeoutActionTempUnsched, StreamTimeoutActionError, StreamTimeoutActionNone:
		// valid
	default:
		return fmt.Errorf("invalid action: %s", settings.Action)
	}

	data, err := json.Marshal(settings)
	if err != nil {
		return fmt.Errorf("marshal stream timeout settings: %w", err)
	}

	return s.settingRepo.Set(ctx, SettingKeyStreamTimeoutSettings, string(data))
}

type soraS3ProfilesStore struct {
	ActiveProfileID string                   `json:"active_profile_id"`
	Items           []soraS3ProfileStoreItem `json:"items"`
}

type soraS3ProfileStoreItem struct {
	ProfileID                string `json:"profile_id"`
	Name                     string `json:"name"`
	Enabled                  bool   `json:"enabled"`
	Endpoint                 string `json:"endpoint"`
	Region                   string `json:"region"`
	Bucket                   string `json:"bucket"`
	AccessKeyID              string `json:"access_key_id"`
	SecretAccessKey          string `json:"secret_access_key"`
	Prefix                   string `json:"prefix"`
	ForcePathStyle           bool   `json:"force_path_style"`
	CDNURL                   string `json:"cdn_url"`
	DefaultStorageQuotaBytes int64  `json:"default_storage_quota_bytes"`
	UpdatedAt                string `json:"updated_at"`
}

// GetSoraS3Settings 获取 Sora S3 存储配置（兼容旧单配置语义：返回当前激活配置）
func (s *SettingService) GetSoraS3Settings(ctx context.Context) (*SoraS3Settings, error) {
	profiles, err := s.ListSoraS3Profiles(ctx)
	if err != nil {
		return nil, err
	}

	activeProfile := pickActiveSoraS3Profile(profiles.Items, profiles.ActiveProfileID)
	if activeProfile == nil {
		return &SoraS3Settings{}, nil
	}

	return &SoraS3Settings{
		Enabled:                   activeProfile.Enabled,
		Endpoint:                  activeProfile.Endpoint,
		Region:                    activeProfile.Region,
		Bucket:                    activeProfile.Bucket,
		AccessKeyID:               activeProfile.AccessKeyID,
		SecretAccessKey:           activeProfile.SecretAccessKey,
		SecretAccessKeyConfigured: activeProfile.SecretAccessKeyConfigured,
		Prefix:                    activeProfile.Prefix,
		ForcePathStyle:            activeProfile.ForcePathStyle,
		CDNURL:                    activeProfile.CDNURL,
		DefaultStorageQuotaBytes:  activeProfile.DefaultStorageQuotaBytes,
	}, nil
}

// SetSoraS3Settings 更新 Sora S3 存储配置（兼容旧单配置语义：写入当前激活配置）
func (s *SettingService) SetSoraS3Settings(ctx context.Context, settings *SoraS3Settings) error {
	if settings == nil {
		return fmt.Errorf("settings cannot be nil")
	}

	store, err := s.loadSoraS3ProfilesStore(ctx)
	if err != nil {
		return err
	}

	now := time.Now().UTC().Format(time.RFC3339)
	activeIndex := findSoraS3ProfileIndex(store.Items, store.ActiveProfileID)
	if activeIndex < 0 {
		activeID := "default"
		if hasSoraS3ProfileID(store.Items, activeID) {
			activeID = fmt.Sprintf("default-%d", time.Now().Unix())
		}
		store.Items = append(store.Items, soraS3ProfileStoreItem{
			ProfileID: activeID,
			Name:      "Default",
			UpdatedAt: now,
		})
		store.ActiveProfileID = activeID
		activeIndex = len(store.Items) - 1
	}

	active := store.Items[activeIndex]
	active.Enabled = settings.Enabled
	active.Endpoint = strings.TrimSpace(settings.Endpoint)
	active.Region = strings.TrimSpace(settings.Region)
	active.Bucket = strings.TrimSpace(settings.Bucket)
	active.AccessKeyID = strings.TrimSpace(settings.AccessKeyID)
	active.Prefix = strings.TrimSpace(settings.Prefix)
	active.ForcePathStyle = settings.ForcePathStyle
	active.CDNURL = strings.TrimSpace(settings.CDNURL)
	active.DefaultStorageQuotaBytes = maxInt64(settings.DefaultStorageQuotaBytes, 0)
	if settings.SecretAccessKey != "" {
		active.SecretAccessKey = settings.SecretAccessKey
	}
	active.UpdatedAt = now
	store.Items[activeIndex] = active

	return s.persistSoraS3ProfilesStore(ctx, store)
}

// ListSoraS3Profiles 获取 Sora S3 多配置列表
func (s *SettingService) ListSoraS3Profiles(ctx context.Context) (*SoraS3ProfileList, error) {
	store, err := s.loadSoraS3ProfilesStore(ctx)
	if err != nil {
		return nil, err
	}
	return convertSoraS3ProfilesStore(store), nil
}

// CreateSoraS3Profile 创建 Sora S3 配置
func (s *SettingService) CreateSoraS3Profile(ctx context.Context, profile *SoraS3Profile, setActive bool) (*SoraS3Profile, error) {
	if profile == nil {
		return nil, fmt.Errorf("profile cannot be nil")
	}

	profileID := strings.TrimSpace(profile.ProfileID)
	if profileID == "" {
		return nil, infraerrors.BadRequest("SORA_S3_PROFILE_ID_REQUIRED", "profile_id is required")
	}
	name := strings.TrimSpace(profile.Name)
	if name == "" {
		return nil, infraerrors.BadRequest("SORA_S3_PROFILE_NAME_REQUIRED", "name is required")
	}

	store, err := s.loadSoraS3ProfilesStore(ctx)
	if err != nil {
		return nil, err
	}
	if hasSoraS3ProfileID(store.Items, profileID) {
		return nil, ErrSoraS3ProfileExists
	}

	now := time.Now().UTC().Format(time.RFC3339)
	store.Items = append(store.Items, soraS3ProfileStoreItem{
		ProfileID:                profileID,
		Name:                     name,
		Enabled:                  profile.Enabled,
		Endpoint:                 strings.TrimSpace(profile.Endpoint),
		Region:                   strings.TrimSpace(profile.Region),
		Bucket:                   strings.TrimSpace(profile.Bucket),
		AccessKeyID:              strings.TrimSpace(profile.AccessKeyID),
		SecretAccessKey:          profile.SecretAccessKey,
		Prefix:                   strings.TrimSpace(profile.Prefix),
		ForcePathStyle:           profile.ForcePathStyle,
		CDNURL:                   strings.TrimSpace(profile.CDNURL),
		DefaultStorageQuotaBytes: maxInt64(profile.DefaultStorageQuotaBytes, 0),
		UpdatedAt:                now,
	})

	if setActive || store.ActiveProfileID == "" {
		store.ActiveProfileID = profileID
	}

	if err := s.persistSoraS3ProfilesStore(ctx, store); err != nil {
		return nil, err
	}

	profiles := convertSoraS3ProfilesStore(store)
	created := findSoraS3ProfileByID(profiles.Items, profileID)
	if created == nil {
		return nil, ErrSoraS3ProfileNotFound
	}
	return created, nil
}

// UpdateSoraS3Profile 更新 Sora S3 配置
func (s *SettingService) UpdateSoraS3Profile(ctx context.Context, profileID string, profile *SoraS3Profile) (*SoraS3Profile, error) {
	if profile == nil {
		return nil, fmt.Errorf("profile cannot be nil")
	}

	targetID := strings.TrimSpace(profileID)
	if targetID == "" {
		return nil, infraerrors.BadRequest("SORA_S3_PROFILE_ID_REQUIRED", "profile_id is required")
	}

	store, err := s.loadSoraS3ProfilesStore(ctx)
	if err != nil {
		return nil, err
	}

	targetIndex := findSoraS3ProfileIndex(store.Items, targetID)
	if targetIndex < 0 {
		return nil, ErrSoraS3ProfileNotFound
	}

	target := store.Items[targetIndex]
	name := strings.TrimSpace(profile.Name)
	if name == "" {
		return nil, infraerrors.BadRequest("SORA_S3_PROFILE_NAME_REQUIRED", "name is required")
	}
	target.Name = name
	target.Enabled = profile.Enabled
	target.Endpoint = strings.TrimSpace(profile.Endpoint)
	target.Region = strings.TrimSpace(profile.Region)
	target.Bucket = strings.TrimSpace(profile.Bucket)
	target.AccessKeyID = strings.TrimSpace(profile.AccessKeyID)
	target.Prefix = strings.TrimSpace(profile.Prefix)
	target.ForcePathStyle = profile.ForcePathStyle
	target.CDNURL = strings.TrimSpace(profile.CDNURL)
	target.DefaultStorageQuotaBytes = maxInt64(profile.DefaultStorageQuotaBytes, 0)
	if profile.SecretAccessKey != "" {
		target.SecretAccessKey = profile.SecretAccessKey
	}
	target.UpdatedAt = time.Now().UTC().Format(time.RFC3339)
	store.Items[targetIndex] = target

	if err := s.persistSoraS3ProfilesStore(ctx, store); err != nil {
		return nil, err
	}

	profiles := convertSoraS3ProfilesStore(store)
	updated := findSoraS3ProfileByID(profiles.Items, targetID)
	if updated == nil {
		return nil, ErrSoraS3ProfileNotFound
	}
	return updated, nil
}

// DeleteSoraS3Profile 删除 Sora S3 配置
func (s *SettingService) DeleteSoraS3Profile(ctx context.Context, profileID string) error {
	targetID := strings.TrimSpace(profileID)
	if targetID == "" {
		return infraerrors.BadRequest("SORA_S3_PROFILE_ID_REQUIRED", "profile_id is required")
	}

	store, err := s.loadSoraS3ProfilesStore(ctx)
	if err != nil {
		return err
	}

	targetIndex := findSoraS3ProfileIndex(store.Items, targetID)
	if targetIndex < 0 {
		return ErrSoraS3ProfileNotFound
	}

	store.Items = append(store.Items[:targetIndex], store.Items[targetIndex+1:]...)
	if store.ActiveProfileID == targetID {
		store.ActiveProfileID = ""
		if len(store.Items) > 0 {
			store.ActiveProfileID = store.Items[0].ProfileID
		}
	}

	return s.persistSoraS3ProfilesStore(ctx, store)
}

// SetActiveSoraS3Profile 设置激活的 Sora S3 配置
func (s *SettingService) SetActiveSoraS3Profile(ctx context.Context, profileID string) (*SoraS3Profile, error) {
	targetID := strings.TrimSpace(profileID)
	if targetID == "" {
		return nil, infraerrors.BadRequest("SORA_S3_PROFILE_ID_REQUIRED", "profile_id is required")
	}

	store, err := s.loadSoraS3ProfilesStore(ctx)
	if err != nil {
		return nil, err
	}

	targetIndex := findSoraS3ProfileIndex(store.Items, targetID)
	if targetIndex < 0 {
		return nil, ErrSoraS3ProfileNotFound
	}

	store.ActiveProfileID = targetID
	store.Items[targetIndex].UpdatedAt = time.Now().UTC().Format(time.RFC3339)
	if err := s.persistSoraS3ProfilesStore(ctx, store); err != nil {
		return nil, err
	}

	profiles := convertSoraS3ProfilesStore(store)
	active := pickActiveSoraS3Profile(profiles.Items, profiles.ActiveProfileID)
	if active == nil {
		return nil, ErrSoraS3ProfileNotFound
	}
	return active, nil
}

func (s *SettingService) loadSoraS3ProfilesStore(ctx context.Context) (*soraS3ProfilesStore, error) {
	raw, err := s.settingRepo.GetValue(ctx, SettingKeySoraS3Profiles)
	if err == nil {
		trimmed := strings.TrimSpace(raw)
		if trimmed == "" {
			return &soraS3ProfilesStore{}, nil
		}
		var store soraS3ProfilesStore
		if unmarshalErr := json.Unmarshal([]byte(trimmed), &store); unmarshalErr != nil {
			legacy, legacyErr := s.getLegacySoraS3Settings(ctx)
			if legacyErr != nil {
				return nil, fmt.Errorf("unmarshal sora s3 profiles: %w", unmarshalErr)
			}
			if isEmptyLegacySoraS3Settings(legacy) {
				return &soraS3ProfilesStore{}, nil
			}
			now := time.Now().UTC().Format(time.RFC3339)
			return &soraS3ProfilesStore{
				ActiveProfileID: "default",
				Items: []soraS3ProfileStoreItem{
					{
						ProfileID:                "default",
						Name:                     "Default",
						Enabled:                  legacy.Enabled,
						Endpoint:                 strings.TrimSpace(legacy.Endpoint),
						Region:                   strings.TrimSpace(legacy.Region),
						Bucket:                   strings.TrimSpace(legacy.Bucket),
						AccessKeyID:              strings.TrimSpace(legacy.AccessKeyID),
						SecretAccessKey:          legacy.SecretAccessKey,
						Prefix:                   strings.TrimSpace(legacy.Prefix),
						ForcePathStyle:           legacy.ForcePathStyle,
						CDNURL:                   strings.TrimSpace(legacy.CDNURL),
						DefaultStorageQuotaBytes: maxInt64(legacy.DefaultStorageQuotaBytes, 0),
						UpdatedAt:                now,
					},
				},
			}, nil
		}
		normalized := normalizeSoraS3ProfilesStore(store)
		return &normalized, nil
	}

	if !errors.Is(err, ErrSettingNotFound) {
		return nil, fmt.Errorf("get sora s3 profiles: %w", err)
	}

	legacy, legacyErr := s.getLegacySoraS3Settings(ctx)
	if legacyErr != nil {
		return nil, legacyErr
	}
	if isEmptyLegacySoraS3Settings(legacy) {
		return &soraS3ProfilesStore{}, nil
	}

	now := time.Now().UTC().Format(time.RFC3339)
	return &soraS3ProfilesStore{
		ActiveProfileID: "default",
		Items: []soraS3ProfileStoreItem{
			{
				ProfileID:                "default",
				Name:                     "Default",
				Enabled:                  legacy.Enabled,
				Endpoint:                 strings.TrimSpace(legacy.Endpoint),
				Region:                   strings.TrimSpace(legacy.Region),
				Bucket:                   strings.TrimSpace(legacy.Bucket),
				AccessKeyID:              strings.TrimSpace(legacy.AccessKeyID),
				SecretAccessKey:          legacy.SecretAccessKey,
				Prefix:                   strings.TrimSpace(legacy.Prefix),
				ForcePathStyle:           legacy.ForcePathStyle,
				CDNURL:                   strings.TrimSpace(legacy.CDNURL),
				DefaultStorageQuotaBytes: maxInt64(legacy.DefaultStorageQuotaBytes, 0),
				UpdatedAt:                now,
			},
		},
	}, nil
}

func (s *SettingService) persistSoraS3ProfilesStore(ctx context.Context, store *soraS3ProfilesStore) error {
	if store == nil {
		return fmt.Errorf("sora s3 profiles store cannot be nil")
	}

	normalized := normalizeSoraS3ProfilesStore(*store)
	data, err := json.Marshal(normalized)
	if err != nil {
		return fmt.Errorf("marshal sora s3 profiles: %w", err)
	}

	updates := map[string]string{
		SettingKeySoraS3Profiles: string(data),
	}

	active := pickActiveSoraS3ProfileFromStore(normalized.Items, normalized.ActiveProfileID)
	if active == nil {
		updates[SettingKeySoraS3Enabled] = "false"
		updates[SettingKeySoraS3Endpoint] = ""
		updates[SettingKeySoraS3Region] = ""
		updates[SettingKeySoraS3Bucket] = ""
		updates[SettingKeySoraS3AccessKeyID] = ""
		updates[SettingKeySoraS3Prefix] = ""
		updates[SettingKeySoraS3ForcePathStyle] = "false"
		updates[SettingKeySoraS3CDNURL] = ""
		updates[SettingKeySoraDefaultStorageQuotaBytes] = "0"
		updates[SettingKeySoraS3SecretAccessKey] = ""
	} else {
		updates[SettingKeySoraS3Enabled] = strconv.FormatBool(active.Enabled)
		updates[SettingKeySoraS3Endpoint] = strings.TrimSpace(active.Endpoint)
		updates[SettingKeySoraS3Region] = strings.TrimSpace(active.Region)
		updates[SettingKeySoraS3Bucket] = strings.TrimSpace(active.Bucket)
		updates[SettingKeySoraS3AccessKeyID] = strings.TrimSpace(active.AccessKeyID)
		updates[SettingKeySoraS3Prefix] = strings.TrimSpace(active.Prefix)
		updates[SettingKeySoraS3ForcePathStyle] = strconv.FormatBool(active.ForcePathStyle)
		updates[SettingKeySoraS3CDNURL] = strings.TrimSpace(active.CDNURL)
		updates[SettingKeySoraDefaultStorageQuotaBytes] = strconv.FormatInt(maxInt64(active.DefaultStorageQuotaBytes, 0), 10)
		updates[SettingKeySoraS3SecretAccessKey] = active.SecretAccessKey
	}

	if err := s.settingRepo.SetMultiple(ctx, updates); err != nil {
		return err
	}

	if s.onUpdate != nil {
		s.onUpdate()
	}
	if s.onS3Update != nil {
		s.onS3Update()
	}
	return nil
}

func (s *SettingService) getLegacySoraS3Settings(ctx context.Context) (*SoraS3Settings, error) {
	keys := []string{
		SettingKeySoraS3Enabled,
		SettingKeySoraS3Endpoint,
		SettingKeySoraS3Region,
		SettingKeySoraS3Bucket,
		SettingKeySoraS3AccessKeyID,
		SettingKeySoraS3SecretAccessKey,
		SettingKeySoraS3Prefix,
		SettingKeySoraS3ForcePathStyle,
		SettingKeySoraS3CDNURL,
		SettingKeySoraDefaultStorageQuotaBytes,
	}

	values, err := s.settingRepo.GetMultiple(ctx, keys)
	if err != nil {
		return nil, fmt.Errorf("get legacy sora s3 settings: %w", err)
	}

	result := &SoraS3Settings{
		Enabled:                   values[SettingKeySoraS3Enabled] == "true",
		Endpoint:                  values[SettingKeySoraS3Endpoint],
		Region:                    values[SettingKeySoraS3Region],
		Bucket:                    values[SettingKeySoraS3Bucket],
		AccessKeyID:               values[SettingKeySoraS3AccessKeyID],
		SecretAccessKey:           values[SettingKeySoraS3SecretAccessKey],
		SecretAccessKeyConfigured: values[SettingKeySoraS3SecretAccessKey] != "",
		Prefix:                    values[SettingKeySoraS3Prefix],
		ForcePathStyle:            values[SettingKeySoraS3ForcePathStyle] == "true",
		CDNURL:                    values[SettingKeySoraS3CDNURL],
	}
	if v, parseErr := strconv.ParseInt(values[SettingKeySoraDefaultStorageQuotaBytes], 10, 64); parseErr == nil {
		result.DefaultStorageQuotaBytes = v
	}
	return result, nil
}

func normalizeSoraS3ProfilesStore(store soraS3ProfilesStore) soraS3ProfilesStore {
	seen := make(map[string]struct{}, len(store.Items))
	normalized := soraS3ProfilesStore{
		ActiveProfileID: strings.TrimSpace(store.ActiveProfileID),
		Items:           make([]soraS3ProfileStoreItem, 0, len(store.Items)),
	}
	now := time.Now().UTC().Format(time.RFC3339)

	for idx := range store.Items {
		item := store.Items[idx]
		item.ProfileID = strings.TrimSpace(item.ProfileID)
		if item.ProfileID == "" {
			item.ProfileID = fmt.Sprintf("profile-%d", idx+1)
		}
		if _, exists := seen[item.ProfileID]; exists {
			continue
		}
		seen[item.ProfileID] = struct{}{}

		item.Name = strings.TrimSpace(item.Name)
		if item.Name == "" {
			item.Name = item.ProfileID
		}
		item.Endpoint = strings.TrimSpace(item.Endpoint)
		item.Region = strings.TrimSpace(item.Region)
		item.Bucket = strings.TrimSpace(item.Bucket)
		item.AccessKeyID = strings.TrimSpace(item.AccessKeyID)
		item.Prefix = strings.TrimSpace(item.Prefix)
		item.CDNURL = strings.TrimSpace(item.CDNURL)
		item.DefaultStorageQuotaBytes = maxInt64(item.DefaultStorageQuotaBytes, 0)
		item.UpdatedAt = strings.TrimSpace(item.UpdatedAt)
		if item.UpdatedAt == "" {
			item.UpdatedAt = now
		}
		normalized.Items = append(normalized.Items, item)
	}

	if len(normalized.Items) == 0 {
		normalized.ActiveProfileID = ""
		return normalized
	}

	if findSoraS3ProfileIndex(normalized.Items, normalized.ActiveProfileID) >= 0 {
		return normalized
	}

	normalized.ActiveProfileID = normalized.Items[0].ProfileID
	return normalized
}

func convertSoraS3ProfilesStore(store *soraS3ProfilesStore) *SoraS3ProfileList {
	if store == nil {
		return &SoraS3ProfileList{}
	}
	items := make([]SoraS3Profile, 0, len(store.Items))
	for idx := range store.Items {
		item := store.Items[idx]
		items = append(items, SoraS3Profile{
			ProfileID:                 item.ProfileID,
			Name:                      item.Name,
			IsActive:                  item.ProfileID == store.ActiveProfileID,
			Enabled:                   item.Enabled,
			Endpoint:                  item.Endpoint,
			Region:                    item.Region,
			Bucket:                    item.Bucket,
			AccessKeyID:               item.AccessKeyID,
			SecretAccessKey:           item.SecretAccessKey,
			SecretAccessKeyConfigured: item.SecretAccessKey != "",
			Prefix:                    item.Prefix,
			ForcePathStyle:            item.ForcePathStyle,
			CDNURL:                    item.CDNURL,
			DefaultStorageQuotaBytes:  item.DefaultStorageQuotaBytes,
			UpdatedAt:                 item.UpdatedAt,
		})
	}
	return &SoraS3ProfileList{
		ActiveProfileID: store.ActiveProfileID,
		Items:           items,
	}
}

func pickActiveSoraS3Profile(items []SoraS3Profile, activeProfileID string) *SoraS3Profile {
	for idx := range items {
		if items[idx].ProfileID == activeProfileID {
			return &items[idx]
		}
	}
	if len(items) == 0 {
		return nil
	}
	return &items[0]
}

func findSoraS3ProfileByID(items []SoraS3Profile, profileID string) *SoraS3Profile {
	for idx := range items {
		if items[idx].ProfileID == profileID {
			return &items[idx]
		}
	}
	return nil
}

func pickActiveSoraS3ProfileFromStore(items []soraS3ProfileStoreItem, activeProfileID string) *soraS3ProfileStoreItem {
	for idx := range items {
		if items[idx].ProfileID == activeProfileID {
			return &items[idx]
		}
	}
	if len(items) == 0 {
		return nil
	}
	return &items[0]
}

func findSoraS3ProfileIndex(items []soraS3ProfileStoreItem, profileID string) int {
	for idx := range items {
		if items[idx].ProfileID == profileID {
			return idx
		}
	}
	return -1
}

func hasSoraS3ProfileID(items []soraS3ProfileStoreItem, profileID string) bool {
	return findSoraS3ProfileIndex(items, profileID) >= 0
}

func isEmptyLegacySoraS3Settings(settings *SoraS3Settings) bool {
	if settings == nil {
		return true
	}
	if settings.Enabled {
		return false
	}
	if strings.TrimSpace(settings.Endpoint) != "" {
		return false
	}
	if strings.TrimSpace(settings.Region) != "" {
		return false
	}
	if strings.TrimSpace(settings.Bucket) != "" {
		return false
	}
	if strings.TrimSpace(settings.AccessKeyID) != "" {
		return false
	}
	if settings.SecretAccessKey != "" {
		return false
	}
	if strings.TrimSpace(settings.Prefix) != "" {
		return false
	}
	if strings.TrimSpace(settings.CDNURL) != "" {
		return false
	}
	return settings.DefaultStorageQuotaBytes == 0
}

func maxInt64(value int64, min int64) int64 {
	if value < min {
		return min
	}
	return value
}
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+								package service
 								import (
 									"context"
-												feat: 支持创建管理员APIKEY

											
										
										
											2025-12-20 15:11:43 +08:00
+									"crypto/rand"
 									"encoding/hex"
-												feat(gateway): 添加流超时处理机制

- 添加 StreamTimeoutSettings 配置结构体和系统设置
- 实现 TimeoutCounterCache Redis 计数器用于累计超时次数
- 在 RateLimitService 添加 HandleStreamTimeout 方法
- 在 gateway_service、openai_gateway_service、antigravity_gateway_service 中调用超时处理
- 添加后端 API 端点 GET/PUT /admin/settings/stream-timeout
- 添加前端配置界面到系统设置页面
- 支持配置：启用开关、超时阈值、处理方式、暂停时长、触发阈值、阈值窗口

默认配置：
- 启用：true
- 超时阈值：60秒
- 处理方式：临时不可调度
- 暂停时长：5分钟
- 触发阈值：3次
- 阈值窗口：10分钟

											
										
										
											2026-01-11 21:54:52 -08:00
+									"encoding/json"
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									"errors"
 									"fmt"
-												feat(gateway): 添加 Claude Code 客户端最低版本检查功能

- 通过 User-Agent 识别 Claude Code 客户端并提取版本号
- 在网关层验证客户端版本是否满足管理员配置的最低要求
- 在管理后台提供版本要求配置选项（英文/中文双语）
- 实现原子缓存 + singleflight 防止并发问题和 thundering herd
- 使用 context.WithoutCancel 隔离 DB 查询，避免客户端断连影响缓存
- 双 TTL 策略：60s 正常、5s 错误恢复，保证性能与可用性
- 仅检查 Claude Code 客户端，其他客户端不受影响
- 添加完整单元测试覆盖版本提取、比对、上下文操作

											
										
										
											2026-03-01 15:35:46 +08:00
+									"log/slog"
-												fix: security hardening and architectural improvements for custom menu

1. (Critical) Filter admin-only menu items from public API responses -
   both GetPublicSettings handler and GetPublicSettingsForInjection now
   exclude visibility=admin items, preventing unauthorized access to
   admin menu URLs.

2. (Medium) Validate JSON array structure in sanitizeCustomMenuItemsJSON -
   use json.Unmarshal into []json.RawMessage instead of json.Valid to
   reject non-array JSON values that would cause frontend runtime errors.

3. (Medium) Decouple router from business JSON parsing - move origin
   extraction logic from router.go to SettingService.GetFrameSrcOrigins,
   eliminating direct JSON parsing of custom_menu_items in the routing
   layer.

4. (Low) Restrict custom menu item ID charset to [a-zA-Z0-9_-] via
   regex validation, preventing route-breaking characters like / ? # or
   spaces.

5. (Low) Handle crypto/rand error in generateMenuItemID - return error
   instead of silently ignoring, preventing potential duplicate IDs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

											
										
										
											2026-03-03 07:05:01 +08:00
+									"net/url"
-												refactor: 删除 ports 目录

											
										
										
											2025-12-25 17:15:01 +08:00
+									"strconv"
-												feat(设置): 集成运维监控配置到系统设置

- 扩展 setting_handler 支持 ops 配置管理
- 扩展 setting_service 支持 ops 配置持久化
- 更新 settings_view 包含 ops 配置视图

											
										
										
											2026-01-09 20:57:32 +08:00
+									"strings"
-												feat(gateway): 添加 Claude Code 客户端最低版本检查功能

- 通过 User-Agent 识别 Claude Code 客户端并提取版本号
- 在网关层验证客户端版本是否满足管理员配置的最低要求
- 在管理后台提供版本要求配置选项（英文/中文双语）
- 实现原子缓存 + singleflight 防止并发问题和 thundering herd
- 使用 context.WithoutCancel 隔离 DB 查询，避免客户端断连影响缓存
- 双 TTL 策略：60s 正常、5s 错误恢复，保证性能与可用性
- 仅检查 Claude Code 客户端，其他客户端不受影响
- 添加完整单元测试覆盖版本提取、比对、上下文操作

											
										
										
											2026-03-01 15:35:46 +08:00
+									"sync/atomic"
-												feat(sync): full code sync from release

											
										
										
											2026-02-28 15:01:20 +08:00
+									"time"
-												refactor: 删除 ports 目录

											
										
										
											2025-12-25 17:15:01 +08:00
-												refactor: 重命名 go module

											
										
										
											2025-12-24 21:07:21 +08:00
+									"github.com/Wei-Shaw/sub2api/internal/config"
-												refactor: 移除 infrastructure 目录 (#108)

* refactor: 迁移初始化 db 和 redis 到 repository

* refactor: 迁移 errors 到 pkg
											
										
										
											2025-12-31 23:42:01 +08:00
+									infraerrors "github.com/Wei-Shaw/sub2api/internal/pkg/errors"
-												feat(gateway): 添加 Claude Code 客户端最低版本检查功能

- 通过 User-Agent 识别 Claude Code 客户端并提取版本号
- 在网关层验证客户端版本是否满足管理员配置的最低要求
- 在管理后台提供版本要求配置选项（英文/中文双语）
- 实现原子缓存 + singleflight 防止并发问题和 thundering herd
- 使用 context.WithoutCancel 隔离 DB 查询，避免客户端断连影响缓存
- 双 TTL 策略：60s 正常、5s 错误恢复，保证性能与可用性
- 仅检查 Claude Code 客户端，其他客户端不受影响
- 添加完整单元测试覆盖版本提取、比对、上下文操作

											
										
										
											2026-03-01 15:35:46 +08:00
+									"golang.org/x/sync/singleflight"
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+								)
 								var (
-												feat(settings): add default subscriptions for new users

- add default subscriptions to admin settings

- auto-assign subscriptions on register and admin user creation

- add validation/tests and align settings UI with subscription selector patterns

											
										
										
											2026-03-02 03:41:50 +08:00
+									ErrRegistrationDisabled   = infraerrors.Forbidden("REGISTRATION_DISABLED", "registration is currently disabled")
 									ErrSettingNotFound        = infraerrors.NotFound("SETTING_NOT_FOUND", "setting not found")
 									ErrSoraS3ProfileNotFound  = infraerrors.NotFound("SORA_S3_PROFILE_NOT_FOUND", "sora s3 profile not found")
 									ErrSoraS3ProfileExists    = infraerrors.Conflict("SORA_S3_PROFILE_EXISTS", "sora s3 profile already exists")
 									ErrDefaultSubGroupInvalid = infraerrors.BadRequest(
 										"DEFAULT_SUBSCRIPTION_GROUP_INVALID",
 										"default subscription group must exist and be subscription type",
 									)
 									ErrDefaultSubGroupDuplicate = infraerrors.BadRequest(
 										"DEFAULT_SUBSCRIPTION_GROUP_DUPLICATE",
 										"default subscription group cannot be duplicated",
 									)
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+								)
-												refactor: 删除 ports 目录

											
										
										
											2025-12-25 17:15:01 +08:00
+								type SettingRepository interface {
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+									Get(ctx context.Context, key string) (*Setting, error)
-												refactor: 删除 ports 目录

											
										
										
											2025-12-25 17:15:01 +08:00
+									GetValue(ctx context.Context, key string) (string, error)
 									Set(ctx context.Context, key, value string) error
 									GetMultiple(ctx context.Context, keys []string) (map[string]string, error)
 									SetMultiple(ctx context.Context, settings map[string]string) error
 									GetAll(ctx context.Context) (map[string]string, error)
 									Delete(ctx context.Context, key string) error
 								}
-												feat(gateway): 添加 Claude Code 客户端最低版本检查功能

- 通过 User-Agent 识别 Claude Code 客户端并提取版本号
- 在网关层验证客户端版本是否满足管理员配置的最低要求
- 在管理后台提供版本要求配置选项（英文/中文双语）
- 实现原子缓存 + singleflight 防止并发问题和 thundering herd
- 使用 context.WithoutCancel 隔离 DB 查询，避免客户端断连影响缓存
- 双 TTL 策略：60s 正常、5s 错误恢复，保证性能与可用性
- 仅检查 Claude Code 客户端，其他客户端不受影响
- 添加完整单元测试覆盖版本提取、比对、上下文操作

											
										
										
											2026-03-01 15:35:46 +08:00
+								// cachedMinVersion 缓存最低 Claude Code 版本号（进程内缓存，60s TTL）
 								type cachedMinVersion struct {
 									value     string // 空字符串 = 不检查
 									expiresAt int64  // unix nano
 								}
 								// minVersionCache 最低版本号进程内缓存
 								var minVersionCache atomic.Value // *cachedMinVersion
 								// minVersionSF 防止缓存过期时 thundering herd
 								var minVersionSF singleflight.Group
 								// minVersionCacheTTL 缓存有效期
 								const minVersionCacheTTL = 60 * time.Second
 								// minVersionErrorTTL DB 错误时的短缓存，快速重试
 								const minVersionErrorTTL = 5 * time.Second
 								// minVersionDBTimeout singleflight 内 DB 查询超时，独立于请求 context
 								const minVersionDBTimeout = 5 * time.Second
-												feat(settings): add default subscriptions for new users

- add default subscriptions to admin settings

- auto-assign subscriptions on register and admin user creation

- add validation/tests and align settings UI with subscription selector patterns

											
										
										
											2026-03-02 03:41:50 +08:00
+								// DefaultSubscriptionGroupReader validates group references used by default subscriptions.
 								type DefaultSubscriptionGroupReader interface {
 									GetByID(ctx context.Context, id int64) (*Group, error)
 								}
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+								// SettingService 系统设置服务
 								type SettingService struct {
-												feat(settings): add default subscriptions for new users

- add default subscriptions to admin settings

- auto-assign subscriptions on register and admin user creation

- add validation/tests and align settings UI with subscription selector patterns

											
										
										
											2026-03-02 03:41:50 +08:00
+									settingRepo           SettingRepository
 									defaultSubGroupReader DefaultSubscriptionGroupReader
 									cfg                   *config.Config
 									onUpdate              func() // Callback when settings are updated (for cache invalidation)
 									onS3Update            func() // Callback when Sora S3 settings are updated
 									version               string // Application version
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+								}
 								// NewSettingService 创建系统设置服务实例
-												refactor: 删除 ports 目录

											
										
										
											2025-12-25 17:15:01 +08:00
+								func NewSettingService(settingRepo SettingRepository, cfg *config.Config) *SettingService {
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									return &SettingService{
 										settingRepo: settingRepo,
 										cfg:         cfg,
 									}
 								}
-												feat(settings): add default subscriptions for new users

- add default subscriptions to admin settings

- auto-assign subscriptions on register and admin user creation

- add validation/tests and align settings UI with subscription selector patterns

											
										
										
											2026-03-02 03:41:50 +08:00
+								// SetDefaultSubscriptionGroupReader injects an optional group reader for default subscription validation.
 								func (s *SettingService) SetDefaultSubscriptionGroupReader(reader DefaultSubscriptionGroupReader) {
 									s.defaultSubGroupReader = reader
 								}
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+								// GetAllSettings 获取所有系统设置
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+								func (s *SettingService) GetAllSettings(ctx context.Context) (*SystemSettings, error) {
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									settings, err := s.settingRepo.GetAll(ctx)
 									if err != nil {
 										return nil, fmt.Errorf("get all settings: %w", err)
 									}
 									return s.parseSettings(settings), nil
 								}
 								// GetPublicSettings 获取公开设置（无需登录）
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+								func (s *SettingService) GetPublicSettings(ctx context.Context) (*PublicSettings, error) {
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									keys := []string{
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+										SettingKeyRegistrationEnabled,
 										SettingKeyEmailVerifyEnabled,
-												feat(registration): add email domain whitelist policy

											
										
										
											2026-03-02 23:13:39 +08:00
+										SettingKeyRegistrationEmailSuffixWhitelist,
-												feat(promo-code): complete promo code feature implementation

- Add promo_code_enabled field to SystemSettings and PublicSettings DTOs
- Add promo code validation in registration flow
- Add admin settings UI for promo code configuration
- Add i18n translations for promo code feature

											
										
										
											2026-01-20 15:56:26 +08:00
+										SettingKeyPromoCodeEnabled,
-												feat(auth): 密码重置邮件队列化与限流优化

- 邮件发送改为异步队列处理，避免并发导致发送失败
- 新增 Email 维度限流（30秒冷却期），防止邮件轰炸
- Token 验证使用常量时间比较，防止时序攻击
- 重构代码消除冗余，提取公共验证逻辑

											
										
										
											2026-01-24 22:33:45 +08:00
+										SettingKeyPasswordResetEnabled,
-												feat: 增加邀请码注册功能

											
										
										
											2026-01-29 16:29:59 +08:00
+										SettingKeyInvitationCodeEnabled,
-												feat(auth): 实现 TOTP 双因素认证功能

新增功能：
- 支持 Google Authenticator 等应用进行 TOTP 二次验证
- 用户可在个人设置中启用/禁用 2FA
- 登录时支持 TOTP 验证流程
- 管理后台可全局开关 TOTP 功能

安全增强：
- TOTP 密钥使用 AES-256-GCM 加密存储
- 添加 TOTP_ENCRYPTION_KEY 配置项，必须手动配置才能启用功能
- 防止服务重启导致加密密钥变更使用户无法登录
- 验证失败次数限制，防止暴力破解

配置说明：
- Docker 部署：在 .env 中设置 TOTP_ENCRYPTION_KEY
- 非 Docker 部署：在 config.yaml 中设置 totp.encryption_key
- 生成密钥命令：openssl rand -hex 32

											
										
										
											2026-01-26 08:45:43 +08:00
+										SettingKeyTotpEnabled,
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+										SettingKeyTurnstileEnabled,
 										SettingKeyTurnstileSiteKey,
 										SettingKeySiteName,
 										SettingKeySiteLogo,
 										SettingKeySiteSubtitle,
-												fix(lint): 修复所有 Go 命名规范问题

- 全局替换 ApiKey → APIKey（类型、字段、方法、变量）
- 修复所有 initialism 命名（API, SMTP, HTML, URL 等）
- 添加所有缺失的包注释
- 修复导出符号的注释格式

主要修改：
- ApiKey → APIKey（所有出现的地方）
- ApiKeyID → APIKeyID
- ApiKeyIDs → APIKeyIDs
- TestSmtpConnection → TestSMTPConnection
- HtmlURL → HTMLURL
- 添加 20+ 个包注释
- 修复 10+ 个导出符号注释格式

验证结果：
- ✓ golangci-lint: 0 issues
- ✓ 单元测试: 通过
- ✓ 集成测试: 通过

											
										
										
											2026-01-04 19:27:53 +08:00
+										SettingKeyAPIBaseURL,
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+										SettingKeyContactInfo,
-												fix(lint): 修复所有 Go 命名规范问题

- 全局替换 ApiKey → APIKey（类型、字段、方法、变量）
- 修复所有 initialism 命名（API, SMTP, HTML, URL 等）
- 添加所有缺失的包注释
- 修复导出符号的注释格式

主要修改：
- ApiKey → APIKey（所有出现的地方）
- ApiKeyID → APIKeyID
- ApiKeyIDs → APIKeyIDs
- TestSmtpConnection → TestSMTPConnection
- HtmlURL → HTMLURL
- 添加 20+ 个包注释
- 修复 10+ 个导出符号注释格式

验证结果：
- ✓ golangci-lint: 0 issues
- ✓ 单元测试: 通过
- ✓ 集成测试: 通过

											
										
										
											2026-01-04 19:27:53 +08:00
+										SettingKeyDocURL,
-												feat(settings): add home content customization and config injection

- Add home_content setting for custom homepage (HTML or iframe URL)
- Inject public settings into index.html to eliminate page flash
- Support ETag caching with automatic invalidation on settings update
- Add Vite plugin for dev mode settings injection
- Refactor HomeView to use appStore instead of local API calls

											
										
										
											2026-01-10 18:37:44 +08:00
+										SettingKeyHomeContent,
-												feat: 添加隐藏CCS导入按钮的设置选项

在管理后台设置页面新增开关，允许管理员隐藏API Keys页面的"导入CCS"按钮

											
										
										
											2026-01-19 19:25:16 +08:00
+										SettingKeyHideCcsImportButton,
-												feat(purchase): 增加购买订阅 iframe 页面与配置

- 新增 /purchase 页面（iframe + 新窗口兜底）

- 管理员系统设置可配置开关与URL

- 非 simple mode 才在侧边栏展示入口

											
										
										
											2026-01-28 13:54:32 +08:00
+										SettingKeyPurchaseSubscriptionEnabled,
 										SettingKeyPurchaseSubscriptionURL,
-												feat(sync): full code sync from release

											
										
										
											2026-02-28 15:01:20 +08:00
+										SettingKeySoraClientEnabled,
-												feat: custom menu pages with iframe embedding and CSP injection

Add configurable custom menu items that appear in sidebar, each rendering
an iframe-embedded external page. Includes shared URL builder with
src_host/src_url tracking, CSP frame-src multi-origin deduplication,
admin settings UI, and i18n support.

chore: bump version to 0.1.87.19

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

											
										
										
											2026-03-02 19:37:40 +08:00
+										SettingKeyCustomMenuItems,
-												refactor(auth): 将 Linux DO OAuth 配置迁移到系统设置

- 将 LinuxDo Connect 配置从环境变量迁移到数据库持久化
- 在管理后台系统设置中添加 LinuxDo OAuth 配置项
- 简化部署流程，无需修改 docker-compose.override.yml

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

											
										
										
											2026-01-09 13:52:27 +08:00
+										SettingKeyLinuxDoConnectEnabled,
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									}
 									settings, err := s.settingRepo.GetMultiple(ctx, keys)
 									if err != nil {
 										return nil, fmt.Errorf("get public settings: %w", err)
 									}
-												refactor(auth): 将 Linux DO OAuth 配置迁移到系统设置

- 将 LinuxDo Connect 配置从环境变量迁移到数据库持久化
- 在管理后台系统设置中添加 LinuxDo OAuth 配置项
- 简化部署流程，无需修改 docker-compose.override.yml

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

											
										
										
											2026-01-09 13:52:27 +08:00
+									linuxDoEnabled := false
 									if raw, ok := settings[SettingKeyLinuxDoConnectEnabled]; ok {
 										linuxDoEnabled = raw == "true"
 									} else {
 										linuxDoEnabled = s.cfg != nil && s.cfg.LinuxDo.Enabled
 									}
-												feat(auth): 密码重置邮件队列化与限流优化

- 邮件发送改为异步队列处理，避免并发导致发送失败
- 新增 Email 维度限流（30秒冷却期），防止邮件轰炸
- Token 验证使用常量时间比较，防止时序攻击
- 重构代码消除冗余，提取公共验证逻辑

											
										
										
											2026-01-24 22:33:45 +08:00
+									// Password reset requires email verification to be enabled
 									emailVerifyEnabled := settings[SettingKeyEmailVerifyEnabled] == "true"
 									passwordResetEnabled := emailVerifyEnabled && settings[SettingKeyPasswordResetEnabled] == "true"
-												feat(registration): add email domain whitelist policy

											
										
										
											2026-03-02 23:13:39 +08:00
+									registrationEmailSuffixWhitelist := ParseRegistrationEmailSuffixWhitelist(
 										settings[SettingKeyRegistrationEmailSuffixWhitelist],
 									)
-												feat(auth): 密码重置邮件队列化与限流优化

- 邮件发送改为异步队列处理，避免并发导致发送失败
- 新增 Email 维度限流（30秒冷却期），防止邮件轰炸
- Token 验证使用常量时间比较，防止时序攻击
- 重构代码消除冗余，提取公共验证逻辑

											
										
										
											2026-01-24 22:33:45 +08:00
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+									return &PublicSettings{
-												feat(registration): add email domain whitelist policy

											
										
										
											2026-03-02 23:13:39 +08:00
+										RegistrationEnabled:              settings[SettingKeyRegistrationEnabled] == "true",
 										EmailVerifyEnabled:               emailVerifyEnabled,
 										RegistrationEmailSuffixWhitelist: registrationEmailSuffixWhitelist,
 										PromoCodeEnabled:                 settings[SettingKeyPromoCodeEnabled] != "false", // 默认启用
 										PasswordResetEnabled:             passwordResetEnabled,
 										InvitationCodeEnabled:            settings[SettingKeyInvitationCodeEnabled] == "true",
 										TotpEnabled:                      settings[SettingKeyTotpEnabled] == "true",
 										TurnstileEnabled:                 settings[SettingKeyTurnstileEnabled] == "true",
 										TurnstileSiteKey:                 settings[SettingKeyTurnstileSiteKey],
 										SiteName:                         s.getStringOrDefault(settings, SettingKeySiteName, "Sub2API"),
 										SiteLogo:                         settings[SettingKeySiteLogo],
 										SiteSubtitle:                     s.getStringOrDefault(settings, SettingKeySiteSubtitle, "Subscription to API Conversion Platform"),
 										APIBaseURL:                       settings[SettingKeyAPIBaseURL],
 										ContactInfo:                      settings[SettingKeyContactInfo],
 										DocURL:                           settings[SettingKeyDocURL],
 										HomeContent:                      settings[SettingKeyHomeContent],
 										HideCcsImportButton:              settings[SettingKeyHideCcsImportButton] == "true",
 										PurchaseSubscriptionEnabled:      settings[SettingKeyPurchaseSubscriptionEnabled] == "true",
 										PurchaseSubscriptionURL:          strings.TrimSpace(settings[SettingKeyPurchaseSubscriptionURL]),
 										SoraClientEnabled:                settings[SettingKeySoraClientEnabled] == "true",
 										CustomMenuItems:                  settings[SettingKeyCustomMenuItems],
 										LinuxDoOAuthEnabled:              linuxDoEnabled,
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									}, nil
 								}
-												feat(settings): add home content customization and config injection

- Add home_content setting for custom homepage (HTML or iframe URL)
- Inject public settings into index.html to eliminate page flash
- Support ETag caching with automatic invalidation on settings update
- Add Vite plugin for dev mode settings injection
- Refactor HomeView to use appStore instead of local API calls

											
										
										
											2026-01-10 18:37:44 +08:00
+								// SetOnUpdateCallback sets a callback function to be called when settings are updated
 								// This is used for cache invalidation (e.g., HTML cache in frontend server)
 								func (s *SettingService) SetOnUpdateCallback(callback func()) {
 									s.onUpdate = callback
 								}
-												feat(sync): full code sync from release

											
										
										
											2026-02-28 15:01:20 +08:00
+								// SetOnS3UpdateCallback 设置 Sora S3 配置变更时的回调函数（用于刷新 S3 客户端缓存）。
 								func (s *SettingService) SetOnS3UpdateCallback(callback func()) {
 									s.onS3Update = callback
 								}
-												feat(settings): add home content customization and config injection

- Add home_content setting for custom homepage (HTML or iframe URL)
- Inject public settings into index.html to eliminate page flash
- Support ETag caching with automatic invalidation on settings update
- Add Vite plugin for dev mode settings injection
- Refactor HomeView to use appStore instead of local API calls

											
										
										
											2026-01-10 18:37:44 +08:00
+								// SetVersion sets the application version for injection into public settings
 								func (s *SettingService) SetVersion(version string) {
 									s.version = version
 								}
 								// GetPublicSettingsForInjection returns public settings in a format suitable for HTML injection
 								// This implements the web.PublicSettingsProvider interface
-												style: replace interface{} with any per golangci-lint rules

											
										
										
											2026-01-10 19:08:41 +08:00
+								func (s *SettingService) GetPublicSettingsForInjection(ctx context.Context) (any, error) {
-												feat(settings): add home content customization and config injection

- Add home_content setting for custom homepage (HTML or iframe URL)
- Inject public settings into index.html to eliminate page flash
- Support ETag caching with automatic invalidation on settings update
- Add Vite plugin for dev mode settings injection
- Refactor HomeView to use appStore instead of local API calls

											
										
										
											2026-01-10 18:37:44 +08:00
+									settings, err := s.GetPublicSettings(ctx)
 									if err != nil {
 										return nil, err
 									}
 									// Return a struct that matches the frontend's expected format
 									return &struct {
-												feat(registration): add email domain whitelist policy

											
										
										
											2026-03-02 23:13:39 +08:00
+										RegistrationEnabled              bool            `json:"registration_enabled"`
 										EmailVerifyEnabled               bool            `json:"email_verify_enabled"`
 										RegistrationEmailSuffixWhitelist []string        `json:"registration_email_suffix_whitelist"`
 										PromoCodeEnabled                 bool            `json:"promo_code_enabled"`
 										PasswordResetEnabled             bool            `json:"password_reset_enabled"`
 										InvitationCodeEnabled            bool            `json:"invitation_code_enabled"`
 										TotpEnabled                      bool            `json:"totp_enabled"`
 										TurnstileEnabled                 bool            `json:"turnstile_enabled"`
 										TurnstileSiteKey                 string          `json:"turnstile_site_key,omitempty"`
 										SiteName                         string          `json:"site_name"`
 										SiteLogo                         string          `json:"site_logo,omitempty"`
 										SiteSubtitle                     string          `json:"site_subtitle,omitempty"`
 										APIBaseURL                       string          `json:"api_base_url,omitempty"`
 										ContactInfo                      string          `json:"contact_info,omitempty"`
 										DocURL                           string          `json:"doc_url,omitempty"`
 										HomeContent                      string          `json:"home_content,omitempty"`
 										HideCcsImportButton              bool            `json:"hide_ccs_import_button"`
 										PurchaseSubscriptionEnabled      bool            `json:"purchase_subscription_enabled"`
 										PurchaseSubscriptionURL          string          `json:"purchase_subscription_url,omitempty"`
 										SoraClientEnabled                bool            `json:"sora_client_enabled"`
 										CustomMenuItems                  json.RawMessage `json:"custom_menu_items"`
 										LinuxDoOAuthEnabled              bool            `json:"linuxdo_oauth_enabled"`
 										Version                          string          `json:"version,omitempty"`
-												feat(settings): add home content customization and config injection

- Add home_content setting for custom homepage (HTML or iframe URL)
- Inject public settings into index.html to eliminate page flash
- Support ETag caching with automatic invalidation on settings update
- Add Vite plugin for dev mode settings injection
- Refactor HomeView to use appStore instead of local API calls

											
										
										
											2026-01-10 18:37:44 +08:00
+									}{
-												feat(registration): add email domain whitelist policy

											
										
										
											2026-03-02 23:13:39 +08:00
+										RegistrationEnabled:              settings.RegistrationEnabled,
 										EmailVerifyEnabled:               settings.EmailVerifyEnabled,
 										RegistrationEmailSuffixWhitelist: settings.RegistrationEmailSuffixWhitelist,
 										PromoCodeEnabled:                 settings.PromoCodeEnabled,
 										PasswordResetEnabled:             settings.PasswordResetEnabled,
 										InvitationCodeEnabled:            settings.InvitationCodeEnabled,
 										TotpEnabled:                      settings.TotpEnabled,
 										TurnstileEnabled:                 settings.TurnstileEnabled,
 										TurnstileSiteKey:                 settings.TurnstileSiteKey,
 										SiteName:                         settings.SiteName,
 										SiteLogo:                         settings.SiteLogo,
 										SiteSubtitle:                     settings.SiteSubtitle,
 										APIBaseURL:                       settings.APIBaseURL,
 										ContactInfo:                      settings.ContactInfo,
 										DocURL:                           settings.DocURL,
 										HomeContent:                      settings.HomeContent,
 										HideCcsImportButton:              settings.HideCcsImportButton,
 										PurchaseSubscriptionEnabled:      settings.PurchaseSubscriptionEnabled,
 										PurchaseSubscriptionURL:          settings.PurchaseSubscriptionURL,
 										SoraClientEnabled:                settings.SoraClientEnabled,
 										CustomMenuItems:                  filterUserVisibleMenuItems(settings.CustomMenuItems),
 										LinuxDoOAuthEnabled:              settings.LinuxDoOAuthEnabled,
 										Version:                          s.version,
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									}, nil
 								}
-												fix: security hardening and architectural improvements for custom menu

1. (Critical) Filter admin-only menu items from public API responses -
   both GetPublicSettings handler and GetPublicSettingsForInjection now
   exclude visibility=admin items, preventing unauthorized access to
   admin menu URLs.

2. (Medium) Validate JSON array structure in sanitizeCustomMenuItemsJSON -
   use json.Unmarshal into []json.RawMessage instead of json.Valid to
   reject non-array JSON values that would cause frontend runtime errors.

3. (Medium) Decouple router from business JSON parsing - move origin
   extraction logic from router.go to SettingService.GetFrameSrcOrigins,
   eliminating direct JSON parsing of custom_menu_items in the routing
   layer.

4. (Low) Restrict custom menu item ID charset to [a-zA-Z0-9_-] via
   regex validation, preventing route-breaking characters like / ? # or
   spaces.

5. (Low) Handle crypto/rand error in generateMenuItemID - return error
   instead of silently ignoring, preventing potential duplicate IDs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

											
										
										
											2026-03-03 07:05:01 +08:00
+								// filterUserVisibleMenuItems filters out admin-only menu items from a raw JSON
 								// array string, returning only items with visibility != "admin".
 								func filterUserVisibleMenuItems(raw string) json.RawMessage {
 									raw = strings.TrimSpace(raw)
 									if raw == "" || raw == "[]" {
 										return json.RawMessage("[]")
 									}
 									var items []struct {
 										Visibility string `json:"visibility"`
 									}
 									if err := json.Unmarshal([]byte(raw), &items); err != nil {
 										return json.RawMessage("[]")
 									}
 									// Parse full items to preserve all fields
 									var fullItems []json.RawMessage
 									if err := json.Unmarshal([]byte(raw), &fullItems); err != nil {
 										return json.RawMessage("[]")
 									}
 									var filtered []json.RawMessage
 									for i, item := range items {
 										if item.Visibility != "admin" {
 											filtered = append(filtered, fullItems[i])
 										}
 									}
 									if len(filtered) == 0 {
 										return json.RawMessage("[]")
 									}
 									result, err := json.Marshal(filtered)
 									if err != nil {
 										return json.RawMessage("[]")
 									}
 									return result
 								}
 								// GetFrameSrcOrigins returns deduplicated http(s) origins from purchase_subscription_url
 								// and all custom_menu_items URLs. Used by the router layer for CSP frame-src injection.
 								func (s *SettingService) GetFrameSrcOrigins(ctx context.Context) ([]string, error) {
 									settings, err := s.GetPublicSettings(ctx)
 									if err != nil {
 										return nil, err
 									}
 									seen := make(map[string]struct{})
 									var origins []string
 									addOrigin := func(rawURL string) {
 										if origin := extractOriginFromURL(rawURL); origin != "" {
 											if _, ok := seen[origin]; !ok {
 												seen[origin] = struct{}{}
 												origins = append(origins, origin)
 											}
 										}
 									}
 									// purchase subscription URL
 									if settings.PurchaseSubscriptionEnabled {
 										addOrigin(settings.PurchaseSubscriptionURL)
 									}
 									// all custom menu items (including admin-only, since CSP must allow all iframes)
 									for _, item := range parseCustomMenuItemURLs(settings.CustomMenuItems) {
 										addOrigin(item)
 									}
 									return origins, nil
 								}
 								// extractOriginFromURL returns the scheme+host origin from rawURL.
 								// Only http and https schemes are accepted.
 								func extractOriginFromURL(rawURL string) string {
 									rawURL = strings.TrimSpace(rawURL)
 									if rawURL == "" {
 										return ""
 									}
 									u, err := url.Parse(rawURL)
 									if err != nil || u.Host == "" {
 										return ""
 									}
 									if u.Scheme != "http" && u.Scheme != "https" {
 										return ""
 									}
 									return u.Scheme + "://" + u.Host
 								}
 								// parseCustomMenuItemURLs extracts URLs from a raw JSON array of custom menu items.
 								func parseCustomMenuItemURLs(raw string) []string {
 									raw = strings.TrimSpace(raw)
 									if raw == "" || raw == "[]" {
 										return nil
 									}
 									var items []struct {
 										URL string `json:"url"`
 									}
 									if err := json.Unmarshal([]byte(raw), &items); err != nil {
 										return nil
 									}
 									urls := make([]string, 0, len(items))
 									for _, item := range items {
 										if item.URL != "" {
 											urls = append(urls, item.URL)
 										}
-												fix: include custom_menu_items in GetPublicSettingsForInjection

											
										
										
											2026-03-03 06:21:23 +08:00
+									}
-												fix: security hardening and architectural improvements for custom menu

1. (Critical) Filter admin-only menu items from public API responses -
   both GetPublicSettings handler and GetPublicSettingsForInjection now
   exclude visibility=admin items, preventing unauthorized access to
   admin menu URLs.

2. (Medium) Validate JSON array structure in sanitizeCustomMenuItemsJSON -
   use json.Unmarshal into []json.RawMessage instead of json.Valid to
   reject non-array JSON values that would cause frontend runtime errors.

3. (Medium) Decouple router from business JSON parsing - move origin
   extraction logic from router.go to SettingService.GetFrameSrcOrigins,
   eliminating direct JSON parsing of custom_menu_items in the routing
   layer.

4. (Low) Restrict custom menu item ID charset to [a-zA-Z0-9_-] via
   regex validation, preventing route-breaking characters like / ? # or
   spaces.

5. (Low) Handle crypto/rand error in generateMenuItemID - return error
   instead of silently ignoring, preventing potential duplicate IDs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

											
										
										
											2026-03-03 07:05:01 +08:00
+									return urls
-												fix: include custom_menu_items in GetPublicSettingsForInjection

											
										
										
											2026-03-03 06:21:23 +08:00
+								}
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+								// UpdateSettings 更新系统设置
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+								func (s *SettingService) UpdateSettings(ctx context.Context, settings *SystemSettings) error {
-												feat(settings): add default subscriptions for new users

- add default subscriptions to admin settings

- auto-assign subscriptions on register and admin user creation

- add validation/tests and align settings UI with subscription selector patterns

											
										
										
											2026-03-02 03:41:50 +08:00
+									if err := s.validateDefaultSubscriptionGroups(ctx, settings.DefaultSubscriptions); err != nil {
 										return err
 									}
-												feat(registration): add email domain whitelist policy

											
										
										
											2026-03-02 23:13:39 +08:00
+									normalizedWhitelist, err := NormalizeRegistrationEmailSuffixWhitelist(settings.RegistrationEmailSuffixWhitelist)
 									if err != nil {
 										return infraerrors.BadRequest("INVALID_REGISTRATION_EMAIL_SUFFIX_WHITELIST", err.Error())
 									}
 									if normalizedWhitelist == nil {
 										normalizedWhitelist = []string{}
 									}
 									settings.RegistrationEmailSuffixWhitelist = normalizedWhitelist
-												feat(settings): add default subscriptions for new users

- add default subscriptions to admin settings

- auto-assign subscriptions on register and admin user creation

- add validation/tests and align settings UI with subscription selector patterns

											
										
										
											2026-03-02 03:41:50 +08:00
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									updates := make(map[string]string)
 									// 注册设置
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+									updates[SettingKeyRegistrationEnabled] = strconv.FormatBool(settings.RegistrationEnabled)
 									updates[SettingKeyEmailVerifyEnabled] = strconv.FormatBool(settings.EmailVerifyEnabled)
-												feat(registration): add email domain whitelist policy

											
										
										
											2026-03-02 23:13:39 +08:00
+									registrationEmailSuffixWhitelistJSON, err := json.Marshal(settings.RegistrationEmailSuffixWhitelist)
 									if err != nil {
 										return fmt.Errorf("marshal registration email suffix whitelist: %w", err)
 									}
 									updates[SettingKeyRegistrationEmailSuffixWhitelist] = string(registrationEmailSuffixWhitelistJSON)
-												feat(promo-code): complete promo code feature implementation

- Add promo_code_enabled field to SystemSettings and PublicSettings DTOs
- Add promo code validation in registration flow
- Add admin settings UI for promo code configuration
- Add i18n translations for promo code feature

											
										
										
											2026-01-20 15:56:26 +08:00
+									updates[SettingKeyPromoCodeEnabled] = strconv.FormatBool(settings.PromoCodeEnabled)
-												feat(auth): 密码重置邮件队列化与限流优化

- 邮件发送改为异步队列处理，避免并发导致发送失败
- 新增 Email 维度限流（30秒冷却期），防止邮件轰炸
- Token 验证使用常量时间比较，防止时序攻击
- 重构代码消除冗余，提取公共验证逻辑

											
										
										
											2026-01-24 22:33:45 +08:00
+									updates[SettingKeyPasswordResetEnabled] = strconv.FormatBool(settings.PasswordResetEnabled)
-												feat: 增加邀请码注册功能

											
										
										
											2026-01-29 16:29:59 +08:00
+									updates[SettingKeyInvitationCodeEnabled] = strconv.FormatBool(settings.InvitationCodeEnabled)
-												feat(auth): 实现 TOTP 双因素认证功能

新增功能：
- 支持 Google Authenticator 等应用进行 TOTP 二次验证
- 用户可在个人设置中启用/禁用 2FA
- 登录时支持 TOTP 验证流程
- 管理后台可全局开关 TOTP 功能

安全增强：
- TOTP 密钥使用 AES-256-GCM 加密存储
- 添加 TOTP_ENCRYPTION_KEY 配置项，必须手动配置才能启用功能
- 防止服务重启导致加密密钥变更使用户无法登录
- 验证失败次数限制，防止暴力破解

配置说明：
- Docker 部署：在 .env 中设置 TOTP_ENCRYPTION_KEY
- 非 Docker 部署：在 config.yaml 中设置 totp.encryption_key
- 生成密钥命令：openssl rand -hex 32

											
										
										
											2026-01-26 08:45:43 +08:00
+									updates[SettingKeyTotpEnabled] = strconv.FormatBool(settings.TotpEnabled)
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
 									// 邮件服务设置（只有非空才更新密码）
-												fix(lint): 修复所有 Go 命名规范问题

- 全局替换 ApiKey → APIKey（类型、字段、方法、变量）
- 修复所有 initialism 命名（API, SMTP, HTML, URL 等）
- 添加所有缺失的包注释
- 修复导出符号的注释格式

主要修改：
- ApiKey → APIKey（所有出现的地方）
- ApiKeyID → APIKeyID
- ApiKeyIDs → APIKeyIDs
- TestSmtpConnection → TestSMTPConnection
- HtmlURL → HTMLURL
- 添加 20+ 个包注释
- 修复 10+ 个导出符号注释格式

验证结果：
- ✓ golangci-lint: 0 issues
- ✓ 单元测试: 通过
- ✓ 集成测试: 通过

											
										
										
											2026-01-04 19:27:53 +08:00
+									updates[SettingKeySMTPHost] = settings.SMTPHost
 									updates[SettingKeySMTPPort] = strconv.Itoa(settings.SMTPPort)
 									updates[SettingKeySMTPUsername] = settings.SMTPUsername
-												refactor(settings): 规范化缩写词命名并优化前端帮助界面

- 后端：将 Smtp/Api/Doc 字段改为 SMTP/API/Doc（遵循 Go 命名规范）
- 前端：添加 Gemini 帮助按钮，简化配额说明展示

											
										
										
											2026-01-04 17:02:38 +08:00
+									if settings.SMTPPassword != "" {
-												fix(lint): 修复所有 Go 命名规范问题

- 全局替换 ApiKey → APIKey（类型、字段、方法、变量）
- 修复所有 initialism 命名（API, SMTP, HTML, URL 等）
- 添加所有缺失的包注释
- 修复导出符号的注释格式

主要修改：
- ApiKey → APIKey（所有出现的地方）
- ApiKeyID → APIKeyID
- ApiKeyIDs → APIKeyIDs
- TestSmtpConnection → TestSMTPConnection
- HtmlURL → HTMLURL
- 添加 20+ 个包注释
- 修复 10+ 个导出符号注释格式

验证结果：
- ✓ golangci-lint: 0 issues
- ✓ 单元测试: 通过
- ✓ 集成测试: 通过

											
										
										
											2026-01-04 19:27:53 +08:00
+										updates[SettingKeySMTPPassword] = settings.SMTPPassword
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									}
-												fix(lint): 修复所有 Go 命名规范问题

- 全局替换 ApiKey → APIKey（类型、字段、方法、变量）
- 修复所有 initialism 命名（API, SMTP, HTML, URL 等）
- 添加所有缺失的包注释
- 修复导出符号的注释格式

主要修改：
- ApiKey → APIKey（所有出现的地方）
- ApiKeyID → APIKeyID
- ApiKeyIDs → APIKeyIDs
- TestSmtpConnection → TestSMTPConnection
- HtmlURL → HTMLURL
- 添加 20+ 个包注释
- 修复 10+ 个导出符号注释格式

验证结果：
- ✓ golangci-lint: 0 issues
- ✓ 单元测试: 通过
- ✓ 集成测试: 通过

											
										
										
											2026-01-04 19:27:53 +08:00
+									updates[SettingKeySMTPFrom] = settings.SMTPFrom
 									updates[SettingKeySMTPFromName] = settings.SMTPFromName
 									updates[SettingKeySMTPUseTLS] = strconv.FormatBool(settings.SMTPUseTLS)
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
 									// Cloudflare Turnstile 设置（只有非空才更新密钥）
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+									updates[SettingKeyTurnstileEnabled] = strconv.FormatBool(settings.TurnstileEnabled)
 									updates[SettingKeyTurnstileSiteKey] = settings.TurnstileSiteKey
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									if settings.TurnstileSecretKey != "" {
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+										updates[SettingKeyTurnstileSecretKey] = settings.TurnstileSecretKey
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									}
-												fix: 修复PR合并后的功能回退和安全问题

											
										
										
											2026-01-12 09:14:32 +08:00
+									// LinuxDo Connect OAuth 登录
-												refactor(auth): 将 Linux DO OAuth 配置迁移到系统设置

- 将 LinuxDo Connect 配置从环境变量迁移到数据库持久化
- 在管理后台系统设置中添加 LinuxDo OAuth 配置项
- 简化部署流程，无需修改 docker-compose.override.yml

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

											
										
										
											2026-01-09 13:52:27 +08:00
+									updates[SettingKeyLinuxDoConnectEnabled] = strconv.FormatBool(settings.LinuxDoConnectEnabled)
 									updates[SettingKeyLinuxDoConnectClientID] = settings.LinuxDoConnectClientID
 									updates[SettingKeyLinuxDoConnectRedirectURL] = settings.LinuxDoConnectRedirectURL
 									if settings.LinuxDoConnectClientSecret != "" {
 										updates[SettingKeyLinuxDoConnectClientSecret] = settings.LinuxDoConnectClientSecret
 									}
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									// OEM设置
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+									updates[SettingKeySiteName] = settings.SiteName
 									updates[SettingKeySiteLogo] = settings.SiteLogo
 									updates[SettingKeySiteSubtitle] = settings.SiteSubtitle
-												fix(lint): 修复所有 Go 命名规范问题

- 全局替换 ApiKey → APIKey（类型、字段、方法、变量）
- 修复所有 initialism 命名（API, SMTP, HTML, URL 等）
- 添加所有缺失的包注释
- 修复导出符号的注释格式

主要修改：
- ApiKey → APIKey（所有出现的地方）
- ApiKeyID → APIKeyID
- ApiKeyIDs → APIKeyIDs
- TestSmtpConnection → TestSMTPConnection
- HtmlURL → HTMLURL
- 添加 20+ 个包注释
- 修复 10+ 个导出符号注释格式

验证结果：
- ✓ golangci-lint: 0 issues
- ✓ 单元测试: 通过
- ✓ 集成测试: 通过

											
										
										
											2026-01-04 19:27:53 +08:00
+									updates[SettingKeyAPIBaseURL] = settings.APIBaseURL
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+									updates[SettingKeyContactInfo] = settings.ContactInfo
-												fix(lint): 修复所有 Go 命名规范问题

- 全局替换 ApiKey → APIKey（类型、字段、方法、变量）
- 修复所有 initialism 命名（API, SMTP, HTML, URL 等）
- 添加所有缺失的包注释
- 修复导出符号的注释格式

主要修改：
- ApiKey → APIKey（所有出现的地方）
- ApiKeyID → APIKeyID
- ApiKeyIDs → APIKeyIDs
- TestSmtpConnection → TestSMTPConnection
- HtmlURL → HTMLURL
- 添加 20+ 个包注释
- 修复 10+ 个导出符号注释格式

验证结果：
- ✓ golangci-lint: 0 issues
- ✓ 单元测试: 通过
- ✓ 集成测试: 通过

											
										
										
											2026-01-04 19:27:53 +08:00
+									updates[SettingKeyDocURL] = settings.DocURL
-												feat(settings): add home content customization and config injection

- Add home_content setting for custom homepage (HTML or iframe URL)
- Inject public settings into index.html to eliminate page flash
- Support ETag caching with automatic invalidation on settings update
- Add Vite plugin for dev mode settings injection
- Refactor HomeView to use appStore instead of local API calls

											
										
										
											2026-01-10 18:37:44 +08:00
+									updates[SettingKeyHomeContent] = settings.HomeContent
-												feat: 添加隐藏CCS导入按钮的设置选项

在管理后台设置页面新增开关，允许管理员隐藏API Keys页面的"导入CCS"按钮

											
										
										
											2026-01-19 19:25:16 +08:00
+									updates[SettingKeyHideCcsImportButton] = strconv.FormatBool(settings.HideCcsImportButton)
-												feat(purchase): 增加购买订阅 iframe 页面与配置

- 新增 /purchase 页面（iframe + 新窗口兜底）

- 管理员系统设置可配置开关与URL

- 非 simple mode 才在侧边栏展示入口

											
										
										
											2026-01-28 13:54:32 +08:00
+									updates[SettingKeyPurchaseSubscriptionEnabled] = strconv.FormatBool(settings.PurchaseSubscriptionEnabled)
 									updates[SettingKeyPurchaseSubscriptionURL] = strings.TrimSpace(settings.PurchaseSubscriptionURL)
-												feat(sync): full code sync from release

											
										
										
											2026-02-28 15:01:20 +08:00
+									updates[SettingKeySoraClientEnabled] = strconv.FormatBool(settings.SoraClientEnabled)
-												feat: custom menu pages with iframe embedding and CSP injection

Add configurable custom menu items that appear in sidebar, each rendering
an iframe-embedded external page. Includes shared URL builder with
src_host/src_url tracking, CSP frame-src multi-origin deduplication,
admin settings UI, and i18n support.

chore: bump version to 0.1.87.19

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

											
										
										
											2026-03-02 19:37:40 +08:00
+									updates[SettingKeyCustomMenuItems] = settings.CustomMenuItems
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
 									// 默认配置
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+									updates[SettingKeyDefaultConcurrency] = strconv.Itoa(settings.DefaultConcurrency)
 									updates[SettingKeyDefaultBalance] = strconv.FormatFloat(settings.DefaultBalance, 'f', 8, 64)
-												feat(settings): add default subscriptions for new users

- add default subscriptions to admin settings

- auto-assign subscriptions on register and admin user creation

- add validation/tests and align settings UI with subscription selector patterns

											
										
										
											2026-03-02 03:41:50 +08:00
+									defaultSubsJSON, err := json.Marshal(settings.DefaultSubscriptions)
 									if err != nil {
 										return fmt.Errorf("marshal default subscriptions: %w", err)
 									}
 									updates[SettingKeyDefaultSubscriptions] = string(defaultSubsJSON)
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
-												chore: 更新依赖、配置和代码生成

主要更新：
- 更新 go.mod/go.sum 依赖
- 重新生成 Ent ORM 代码
- 更新 Wire 依赖注入配置
- 添加 docker-compose.override.yml 到 .gitignore
- 更新 README 文档（Simple Mode 说明和已知问题）
- 清理调试日志
- 其他代码优化和格式修复

											
										
										
											2026-01-03 06:37:08 -08:00
+									// Model fallback configuration
 									updates[SettingKeyEnableModelFallback] = strconv.FormatBool(settings.EnableModelFallback)
 									updates[SettingKeyFallbackModelAnthropic] = settings.FallbackModelAnthropic
 									updates[SettingKeyFallbackModelOpenAI] = settings.FallbackModelOpenAI
 									updates[SettingKeyFallbackModelGemini] = settings.FallbackModelGemini
 									updates[SettingKeyFallbackModelAntigravity] = settings.FallbackModelAntigravity
-												fix: 修复代码审查报告中的4个关键问题

1. 资源管理冗余（ForwardGemini双重Close）
   - 错误分支读取body后立即关闭原始body，用内存副本重新包装
   - defer添加nil guard，避免重复关闭
   - fallback成功时显式关闭旧body，确保连接释放

2. Schema校验丢失（cleanJSONSchema移除字段无感知）
   - 新增schemaCleaningWarningsEnabled()支持环境变量控制
   - 实现warnSchemaKeyRemovedOnce()在非release模式下告警
   - 移除关键验证字段时输出warning，包含key和path

3. UI响应式风险（UsersView操作菜单硬编码定位）
   - 菜单改为先粗定位、渲染后测量、再clamp到视口内
   - 添加max-height + overflow-auto，超出时可滚动
   - 增强交互：点击其它位置/滚动/resize自动关闭或重新定位

4. 身份补丁干扰（TransformClaudeToGemini默认注入）
   - 新增TransformOptions + TransformClaudeToGeminiWithOptions
   - 系统设置新增enable_identity_patch、identity_patch_prompt
   - 完整打通handler/dto/service/frontend配置链路
   - 默认保持启用，向后兼容现有行为

测试：
- 后端单测全量通过：go test ./...
- 前端类型检查通过：npm run typecheck

											
										
										
											2026-01-04 22:49:40 +08:00
+									// Identity patch configuration (Claude -> Gemini)
 									updates[SettingKeyEnableIdentityPatch] = strconv.FormatBool(settings.EnableIdentityPatch)
 									updates[SettingKeyIdentityPatchPrompt] = settings.IdentityPatchPrompt
-												feat(设置): 集成运维监控配置到系统设置

- 扩展 setting_handler 支持 ops 配置管理
- 扩展 setting_service 支持 ops 配置持久化
- 更新 settings_view 包含 ops 配置视图

											
										
										
											2026-01-09 20:57:32 +08:00
+									// Ops monitoring (vNext)
 									updates[SettingKeyOpsMonitoringEnabled] = strconv.FormatBool(settings.OpsMonitoringEnabled)
 									updates[SettingKeyOpsRealtimeMonitoringEnabled] = strconv.FormatBool(settings.OpsRealtimeMonitoringEnabled)
 									updates[SettingKeyOpsQueryModeDefault] = string(ParseOpsQueryMode(settings.OpsQueryModeDefault))
-												feat(运维监控): 增强监控功能和健康评分系统

后端改进：
- 新增健康评分计算服务（ops_health_score.go）
- 添加分布式锁支持（ops_advisory_lock.go）
- 优化指标采集和聚合逻辑
- 新增运维指标采集间隔配置（60-3600秒）
- 移除未使用的WebSocket查询token认证中间件
- 改进清理服务和告警评估逻辑

前端改进：
- 简化OpsDashboard组件结构
- 完善国际化文本（中英文）
- 新增运维监控相关API类型定义
- 添加运维指标采集间隔设置界面
- 优化错误详情模态框

测试：
- 添加健康评分单元测试
- 更新API契约测试

											
										
										
											2026-01-10 01:38:47 +08:00
+									if settings.OpsMetricsIntervalSeconds > 0 {
 										updates[SettingKeyOpsMetricsIntervalSeconds] = strconv.Itoa(settings.OpsMetricsIntervalSeconds)
 									}
-												feat(设置): 集成运维监控配置到系统设置

- 扩展 setting_handler 支持 ops 配置管理
- 扩展 setting_service 支持 ops 配置持久化
- 更新 settings_view 包含 ops 配置视图

											
										
										
											2026-01-09 20:57:32 +08:00
-												feat(gateway): 添加 Claude Code 客户端最低版本检查功能

- 通过 User-Agent 识别 Claude Code 客户端并提取版本号
- 在网关层验证客户端版本是否满足管理员配置的最低要求
- 在管理后台提供版本要求配置选项（英文/中文双语）
- 实现原子缓存 + singleflight 防止并发问题和 thundering herd
- 使用 context.WithoutCancel 隔离 DB 查询，避免客户端断连影响缓存
- 双 TTL 策略：60s 正常、5s 错误恢复，保证性能与可用性
- 仅检查 Claude Code 客户端，其他客户端不受影响
- 添加完整单元测试覆盖版本提取、比对、上下文操作

											
										
										
											2026-03-01 15:35:46 +08:00
+									// Claude Code version check
 									updates[SettingKeyMinClaudeCodeVersion] = settings.MinClaudeCodeVersion
-												feat(gateway): 系统设置控制未分组 Key 调度 — Handler 层中间件拦截

新增系统设置 allow_ungrouped_key_scheduling（默认关闭），
未分组的 API Key 在网关请求时直接返回 403，
由 RequireGroupAssignment 中间件统一拦截，
支持 Anthropic / Google 两种错误格式响应。

全栈实现：常量 → 结构体 → 解析/更新/初始化 → DTO → 管理接口 →
中间件 → 路由注册 → 前端设置界面 + i18n。

											
										
										
											2026-03-03 19:56:27 +08:00
+									// 分组隔离
 									updates[SettingKeyAllowUngroupedKeyScheduling] = strconv.FormatBool(settings.AllowUngroupedKeyScheduling)
-												feat(settings): add default subscriptions for new users

- add default subscriptions to admin settings

- auto-assign subscriptions on register and admin user creation

- add validation/tests and align settings UI with subscription selector patterns

											
										
										
											2026-03-02 03:41:50 +08:00
+									err = s.settingRepo.SetMultiple(ctx, updates)
-												feat(gateway): 添加 Claude Code 客户端最低版本检查功能

- 通过 User-Agent 识别 Claude Code 客户端并提取版本号
- 在网关层验证客户端版本是否满足管理员配置的最低要求
- 在管理后台提供版本要求配置选项（英文/中文双语）
- 实现原子缓存 + singleflight 防止并发问题和 thundering herd
- 使用 context.WithoutCancel 隔离 DB 查询，避免客户端断连影响缓存
- 双 TTL 策略：60s 正常、5s 错误恢复，保证性能与可用性
- 仅检查 Claude Code 客户端，其他客户端不受影响
- 添加完整单元测试覆盖版本提取、比对、上下文操作

											
										
										
											2026-03-01 15:35:46 +08:00
+									if err == nil {
 										// 先使 inflight singleflight 失效，再刷新缓存，缩小旧值覆盖新值的竞态窗口
 										minVersionSF.Forget("min_version")
 										minVersionCache.Store(&cachedMinVersion{
 											value:     settings.MinClaudeCodeVersion,
 											expiresAt: time.Now().Add(minVersionCacheTTL).UnixNano(),
 										})
 										if s.onUpdate != nil {
 											s.onUpdate() // Invalidate cache after settings update
 										}
-												feat(settings): add home content customization and config injection

- Add home_content setting for custom homepage (HTML or iframe URL)
- Inject public settings into index.html to eliminate page flash
- Support ETag caching with automatic invalidation on settings update
- Add Vite plugin for dev mode settings injection
- Refactor HomeView to use appStore instead of local API calls

											
										
										
											2026-01-10 18:37:44 +08:00
+									}
 									return err
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+								}
-												feat(settings): add default subscriptions for new users

- add default subscriptions to admin settings

- auto-assign subscriptions on register and admin user creation

- add validation/tests and align settings UI with subscription selector patterns

											
										
										
											2026-03-02 03:41:50 +08:00
+								func (s *SettingService) validateDefaultSubscriptionGroups(ctx context.Context, items []DefaultSubscriptionSetting) error {
 									if len(items) == 0 {
 										return nil
 									}
 									checked := make(map[int64]struct{}, len(items))
 									for _, item := range items {
 										if item.GroupID <= 0 {
 											continue
 										}
 										if _, ok := checked[item.GroupID]; ok {
 											return ErrDefaultSubGroupDuplicate.WithMetadata(map[string]string{
 												"group_id": strconv.FormatInt(item.GroupID, 10),
 											})
 										}
 										checked[item.GroupID] = struct{}{}
 										if s.defaultSubGroupReader == nil {
 											continue
 										}
 										group, err := s.defaultSubGroupReader.GetByID(ctx, item.GroupID)
 										if err != nil {
 											if errors.Is(err, ErrGroupNotFound) {
 												return ErrDefaultSubGroupInvalid.WithMetadata(map[string]string{
 													"group_id": strconv.FormatInt(item.GroupID, 10),
 												})
 											}
 											return fmt.Errorf("get default subscription group %d: %w", item.GroupID, err)
 										}
 										if !group.IsSubscriptionType() {
 											return ErrDefaultSubGroupInvalid.WithMetadata(map[string]string{
 												"group_id": strconv.FormatInt(item.GroupID, 10),
 											})
 										}
 									}
 									return nil
 								}
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+								// IsRegistrationEnabled 检查是否开放注册
 								func (s *SettingService) IsRegistrationEnabled(ctx context.Context) bool {
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+									value, err := s.settingRepo.GetValue(ctx, SettingKeyRegistrationEnabled)
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									if err != nil {
-												fix: 修复PR合并后的功能回退和安全问题

											
										
										
											2026-01-12 09:14:32 +08:00
+										// 安全默认：如果设置不存在或查询出错，默认关闭注册
 										return false
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									}
 									return value == "true"
 								}
 								// IsEmailVerifyEnabled 检查是否开启邮件验证
 								func (s *SettingService) IsEmailVerifyEnabled(ctx context.Context) bool {
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+									value, err := s.settingRepo.GetValue(ctx, SettingKeyEmailVerifyEnabled)
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									if err != nil {
 										return false
 									}
 									return value == "true"
 								}
-												feat(registration): add email domain whitelist policy

											
										
										
											2026-03-02 23:13:39 +08:00
+								// GetRegistrationEmailSuffixWhitelist returns normalized registration email suffix whitelist.
 								func (s *SettingService) GetRegistrationEmailSuffixWhitelist(ctx context.Context) []string {
 									value, err := s.settingRepo.GetValue(ctx, SettingKeyRegistrationEmailSuffixWhitelist)
 									if err != nil {
 										return []string{}
 									}
 									return ParseRegistrationEmailSuffixWhitelist(value)
 								}
-												feat(promo-code): complete promo code feature implementation

- Add promo_code_enabled field to SystemSettings and PublicSettings DTOs
- Add promo code validation in registration flow
- Add admin settings UI for promo code configuration
- Add i18n translations for promo code feature

											
										
										
											2026-01-20 15:56:26 +08:00
+								// IsPromoCodeEnabled 检查是否启用优惠码功能
 								func (s *SettingService) IsPromoCodeEnabled(ctx context.Context) bool {
 									value, err := s.settingRepo.GetValue(ctx, SettingKeyPromoCodeEnabled)
 									if err != nil {
 										return true // 默认启用
 									}
 									return value != "false"
 								}
-												feat: 增加邀请码注册功能

											
										
										
											2026-01-29 16:29:59 +08:00
+								// IsInvitationCodeEnabled 检查是否启用邀请码注册功能
 								func (s *SettingService) IsInvitationCodeEnabled(ctx context.Context) bool {
 									value, err := s.settingRepo.GetValue(ctx, SettingKeyInvitationCodeEnabled)
 									if err != nil {
 										return false // 默认关闭
 									}
 									return value == "true"
 								}
-												feat(auth): 密码重置邮件队列化与限流优化

- 邮件发送改为异步队列处理，避免并发导致发送失败
- 新增 Email 维度限流（30秒冷却期），防止邮件轰炸
- Token 验证使用常量时间比较，防止时序攻击
- 重构代码消除冗余，提取公共验证逻辑

											
										
										
											2026-01-24 22:33:45 +08:00
+								// IsPasswordResetEnabled 检查是否启用密码重置功能
 								// 要求：必须同时开启邮件验证
 								func (s *SettingService) IsPasswordResetEnabled(ctx context.Context) bool {
 									// Password reset requires email verification to be enabled
 									if !s.IsEmailVerifyEnabled(ctx) {
 										return false
 									}
 									value, err := s.settingRepo.GetValue(ctx, SettingKeyPasswordResetEnabled)
 									if err != nil {
 										return false // 默认关闭
 									}
 									return value == "true"
 								}
-												feat(auth): 实现 TOTP 双因素认证功能

新增功能：
- 支持 Google Authenticator 等应用进行 TOTP 二次验证
- 用户可在个人设置中启用/禁用 2FA
- 登录时支持 TOTP 验证流程
- 管理后台可全局开关 TOTP 功能

安全增强：
- TOTP 密钥使用 AES-256-GCM 加密存储
- 添加 TOTP_ENCRYPTION_KEY 配置项，必须手动配置才能启用功能
- 防止服务重启导致加密密钥变更使用户无法登录
- 验证失败次数限制，防止暴力破解

配置说明：
- Docker 部署：在 .env 中设置 TOTP_ENCRYPTION_KEY
- 非 Docker 部署：在 config.yaml 中设置 totp.encryption_key
- 生成密钥命令：openssl rand -hex 32

											
										
										
											2026-01-26 08:45:43 +08:00
+								// IsTotpEnabled 检查是否启用 TOTP 双因素认证功能
 								func (s *SettingService) IsTotpEnabled(ctx context.Context) bool {
 									value, err := s.settingRepo.GetValue(ctx, SettingKeyTotpEnabled)
 									if err != nil {
 										return false // 默认关闭
 									}
 									return value == "true"
 								}
 								// IsTotpEncryptionKeyConfigured 检查 TOTP 加密密钥是否已手动配置
 								// 只有手动配置了密钥才允许在管理后台启用 TOTP 功能
 								func (s *SettingService) IsTotpEncryptionKeyConfigured() bool {
 									return s.cfg.Totp.EncryptionKeyConfigured
 								}
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+								// GetSiteName 获取网站名称
 								func (s *SettingService) GetSiteName(ctx context.Context) string {
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+									value, err := s.settingRepo.GetValue(ctx, SettingKeySiteName)
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									if err != nil || value == "" {
 										return "Sub2API"
 									}
 									return value
 								}
 								// GetDefaultConcurrency 获取默认并发量
 								func (s *SettingService) GetDefaultConcurrency(ctx context.Context) int {
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+									value, err := s.settingRepo.GetValue(ctx, SettingKeyDefaultConcurrency)
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									if err != nil {
 										return s.cfg.Default.UserConcurrency
 									}
 									if v, err := strconv.Atoi(value); err == nil && v > 0 {
 										return v
 									}
 									return s.cfg.Default.UserConcurrency
 								}
 								// GetDefaultBalance 获取默认余额
 								func (s *SettingService) GetDefaultBalance(ctx context.Context) float64 {
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+									value, err := s.settingRepo.GetValue(ctx, SettingKeyDefaultBalance)
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									if err != nil {
 										return s.cfg.Default.UserBalance
 									}
 									if v, err := strconv.ParseFloat(value, 64); err == nil && v >= 0 {
 										return v
 									}
 									return s.cfg.Default.UserBalance
 								}
-												feat(settings): add default subscriptions for new users

- add default subscriptions to admin settings

- auto-assign subscriptions on register and admin user creation

- add validation/tests and align settings UI with subscription selector patterns

											
										
										
											2026-03-02 03:41:50 +08:00
+								// GetDefaultSubscriptions 获取新用户默认订阅配置列表。
 								func (s *SettingService) GetDefaultSubscriptions(ctx context.Context) []DefaultSubscriptionSetting {
 									value, err := s.settingRepo.GetValue(ctx, SettingKeyDefaultSubscriptions)
 									if err != nil {
 										return nil
 									}
 									return parseDefaultSubscriptions(value)
 								}
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+								// InitializeDefaultSettings 初始化默认设置
 								func (s *SettingService) InitializeDefaultSettings(ctx context.Context) error {
 									// 检查是否已有设置
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+									_, err := s.settingRepo.GetValue(ctx, SettingKeyRegistrationEnabled)
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									if err == nil {
 										// 已有设置，不需要初始化
 										return nil
 									}
-												refactor: 自定义业务错误

											
										
										
											2025-12-25 20:52:47 +08:00
+									if !errors.Is(err, ErrSettingNotFound) {
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+										return fmt.Errorf("check existing settings: %w", err)
 									}
 									// 初始化默认设置
 									defaults := map[string]string{
-												feat(registration): add email domain whitelist policy

											
										
										
											2026-03-02 23:13:39 +08:00
+										SettingKeyRegistrationEnabled:              "true",
 										SettingKeyEmailVerifyEnabled:               "false",
 										SettingKeyRegistrationEmailSuffixWhitelist: "[]",
 										SettingKeyPromoCodeEnabled:                 "true", // 默认启用优惠码功能
 										SettingKeySiteName:                         "Sub2API",
 										SettingKeySiteLogo:                         "",
 										SettingKeyPurchaseSubscriptionEnabled:      "false",
 										SettingKeyPurchaseSubscriptionURL:          "",
 										SettingKeySoraClientEnabled:                "false",
 										SettingKeyCustomMenuItems:                  "[]",
 										SettingKeyDefaultConcurrency:               strconv.Itoa(s.cfg.Default.UserConcurrency),
 										SettingKeyDefaultBalance:                   strconv.FormatFloat(s.cfg.Default.UserBalance, 'f', 8, 64),
 										SettingKeyDefaultSubscriptions:             "[]",
 										SettingKeySMTPPort:                         "587",
 										SettingKeySMTPUseTLS:                       "false",
-												chore: 更新依赖、配置和代码生成

主要更新：
- 更新 go.mod/go.sum 依赖
- 重新生成 Ent ORM 代码
- 更新 Wire 依赖注入配置
- 添加 docker-compose.override.yml 到 .gitignore
- 更新 README 文档（Simple Mode 说明和已知问题）
- 清理调试日志
- 其他代码优化和格式修复

											
										
										
											2026-01-03 06:37:08 -08:00
+										// Model fallback defaults
 										SettingKeyEnableModelFallback:      "false",
 										SettingKeyFallbackModelAnthropic:   "claude-3-5-sonnet-20241022",
 										SettingKeyFallbackModelOpenAI:      "gpt-4o",
 										SettingKeyFallbackModelGemini:      "gemini-2.5-pro",
 										SettingKeyFallbackModelAntigravity: "gemini-2.5-pro",
-												fix: 修复代码审查报告中的4个关键问题

1. 资源管理冗余（ForwardGemini双重Close）
   - 错误分支读取body后立即关闭原始body，用内存副本重新包装
   - defer添加nil guard，避免重复关闭
   - fallback成功时显式关闭旧body，确保连接释放

2. Schema校验丢失（cleanJSONSchema移除字段无感知）
   - 新增schemaCleaningWarningsEnabled()支持环境变量控制
   - 实现warnSchemaKeyRemovedOnce()在非release模式下告警
   - 移除关键验证字段时输出warning，包含key和path

3. UI响应式风险（UsersView操作菜单硬编码定位）
   - 菜单改为先粗定位、渲染后测量、再clamp到视口内
   - 添加max-height + overflow-auto，超出时可滚动
   - 增强交互：点击其它位置/滚动/resize自动关闭或重新定位

4. 身份补丁干扰（TransformClaudeToGemini默认注入）
   - 新增TransformOptions + TransformClaudeToGeminiWithOptions
   - 系统设置新增enable_identity_patch、identity_patch_prompt
   - 完整打通handler/dto/service/frontend配置链路
   - 默认保持启用，向后兼容现有行为

测试：
- 后端单测全量通过：go test ./...
- 前端类型检查通过：npm run typecheck

											
										
										
											2026-01-04 22:49:40 +08:00
+										// Identity patch defaults
 										SettingKeyEnableIdentityPatch: "true",
 										SettingKeyIdentityPatchPrompt: "",
-												feat(设置): 集成运维监控配置到系统设置

- 扩展 setting_handler 支持 ops 配置管理
- 扩展 setting_service 支持 ops 配置持久化
- 更新 settings_view 包含 ops 配置视图

											
										
										
											2026-01-09 20:57:32 +08:00
 										// Ops monitoring defaults (vNext)
 										SettingKeyOpsMonitoringEnabled:         "true",
 										SettingKeyOpsRealtimeMonitoringEnabled: "true",
 										SettingKeyOpsQueryModeDefault:          "auto",
-												feat(运维监控): 增强监控功能和健康评分系统

后端改进：
- 新增健康评分计算服务（ops_health_score.go）
- 添加分布式锁支持（ops_advisory_lock.go）
- 优化指标采集和聚合逻辑
- 新增运维指标采集间隔配置（60-3600秒）
- 移除未使用的WebSocket查询token认证中间件
- 改进清理服务和告警评估逻辑

前端改进：
- 简化OpsDashboard组件结构
- 完善国际化文本（中英文）
- 新增运维监控相关API类型定义
- 添加运维指标采集间隔设置界面
- 优化错误详情模态框

测试：
- 添加健康评分单元测试
- 更新API契约测试

											
										
										
											2026-01-10 01:38:47 +08:00
+										SettingKeyOpsMetricsIntervalSeconds:    "60",
-												feat(gateway): 添加 Claude Code 客户端最低版本检查功能

- 通过 User-Agent 识别 Claude Code 客户端并提取版本号
- 在网关层验证客户端版本是否满足管理员配置的最低要求
- 在管理后台提供版本要求配置选项（英文/中文双语）
- 实现原子缓存 + singleflight 防止并发问题和 thundering herd
- 使用 context.WithoutCancel 隔离 DB 查询，避免客户端断连影响缓存
- 双 TTL 策略：60s 正常、5s 错误恢复，保证性能与可用性
- 仅检查 Claude Code 客户端，其他客户端不受影响
- 添加完整单元测试覆盖版本提取、比对、上下文操作

											
										
										
											2026-03-01 15:35:46 +08:00
 										// Claude Code version check (default: empty = disabled)
 										SettingKeyMinClaudeCodeVersion: "",
-												feat(gateway): 系统设置控制未分组 Key 调度 — Handler 层中间件拦截

新增系统设置 allow_ungrouped_key_scheduling（默认关闭），
未分组的 API Key 在网关请求时直接返回 403，
由 RequireGroupAssignment 中间件统一拦截，
支持 Anthropic / Google 两种错误格式响应。

全栈实现：常量 → 结构体 → 解析/更新/初始化 → DTO → 管理接口 →
中间件 → 路由注册 → 前端设置界面 + i18n。

											
										
										
											2026-03-03 19:56:27 +08:00
 										// 分组隔离（默认不允许未分组 Key 调度）
 										SettingKeyAllowUngroupedKeyScheduling: "false",
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									}
 									return s.settingRepo.SetMultiple(ctx, defaults)
 								}
 								// parseSettings 解析设置到结构体
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+								func (s *SettingService) parseSettings(settings map[string]string) *SystemSettings {
-												feat(auth): 密码重置邮件队列化与限流优化

- 邮件发送改为异步队列处理，避免并发导致发送失败
- 新增 Email 维度限流（30秒冷却期），防止邮件轰炸
- Token 验证使用常量时间比较，防止时序攻击
- 重构代码消除冗余，提取公共验证逻辑

											
										
										
											2026-01-24 22:33:45 +08:00
+									emailVerifyEnabled := settings[SettingKeyEmailVerifyEnabled] == "true"
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+									result := &SystemSettings{
-												feat(registration): add email domain whitelist policy

											
										
										
											2026-03-02 23:13:39 +08:00
+										RegistrationEnabled:              settings[SettingKeyRegistrationEnabled] == "true",
 										EmailVerifyEnabled:               emailVerifyEnabled,
 										RegistrationEmailSuffixWhitelist: ParseRegistrationEmailSuffixWhitelist(settings[SettingKeyRegistrationEmailSuffixWhitelist]),
 										PromoCodeEnabled:                 settings[SettingKeyPromoCodeEnabled] != "false", // 默认启用
 										PasswordResetEnabled:             emailVerifyEnabled && settings[SettingKeyPasswordResetEnabled] == "true",
 										InvitationCodeEnabled:            settings[SettingKeyInvitationCodeEnabled] == "true",
 										TotpEnabled:                      settings[SettingKeyTotpEnabled] == "true",
 										SMTPHost:                         settings[SettingKeySMTPHost],
 										SMTPUsername:                     settings[SettingKeySMTPUsername],
 										SMTPFrom:                         settings[SettingKeySMTPFrom],
 										SMTPFromName:                     settings[SettingKeySMTPFromName],
 										SMTPUseTLS:                       settings[SettingKeySMTPUseTLS] == "true",
 										SMTPPasswordConfigured:           settings[SettingKeySMTPPassword] != "",
 										TurnstileEnabled:                 settings[SettingKeyTurnstileEnabled] == "true",
 										TurnstileSiteKey:                 settings[SettingKeyTurnstileSiteKey],
 										TurnstileSecretKeyConfigured:     settings[SettingKeyTurnstileSecretKey] != "",
 										SiteName:                         s.getStringOrDefault(settings, SettingKeySiteName, "Sub2API"),
 										SiteLogo:                         settings[SettingKeySiteLogo],
 										SiteSubtitle:                     s.getStringOrDefault(settings, SettingKeySiteSubtitle, "Subscription to API Conversion Platform"),
 										APIBaseURL:                       settings[SettingKeyAPIBaseURL],
 										ContactInfo:                      settings[SettingKeyContactInfo],
 										DocURL:                           settings[SettingKeyDocURL],
 										HomeContent:                      settings[SettingKeyHomeContent],
 										HideCcsImportButton:              settings[SettingKeyHideCcsImportButton] == "true",
 										PurchaseSubscriptionEnabled:      settings[SettingKeyPurchaseSubscriptionEnabled] == "true",
 										PurchaseSubscriptionURL:          strings.TrimSpace(settings[SettingKeyPurchaseSubscriptionURL]),
 										SoraClientEnabled:                settings[SettingKeySoraClientEnabled] == "true",
 										CustomMenuItems:                  settings[SettingKeyCustomMenuItems],
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									}
 									// 解析整数类型
-												fix(lint): 修复所有 Go 命名规范问题

- 全局替换 ApiKey → APIKey（类型、字段、方法、变量）
- 修复所有 initialism 命名（API, SMTP, HTML, URL 等）
- 添加所有缺失的包注释
- 修复导出符号的注释格式

主要修改：
- ApiKey → APIKey（所有出现的地方）
- ApiKeyID → APIKeyID
- ApiKeyIDs → APIKeyIDs
- TestSmtpConnection → TestSMTPConnection
- HtmlURL → HTMLURL
- 添加 20+ 个包注释
- 修复 10+ 个导出符号注释格式

验证结果：
- ✓ golangci-lint: 0 issues
- ✓ 单元测试: 通过
- ✓ 集成测试: 通过

											
										
										
											2026-01-04 19:27:53 +08:00
+									if port, err := strconv.Atoi(settings[SettingKeySMTPPort]); err == nil {
-												refactor(settings): 规范化缩写词命名并优化前端帮助界面

- 后端：将 Smtp/Api/Doc 字段改为 SMTP/API/Doc（遵循 Go 命名规范）
- 前端：添加 Gemini 帮助按钮，简化配额说明展示

											
										
										
											2026-01-04 17:02:38 +08:00
+										result.SMTPPort = port
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									} else {
-												refactor(settings): 规范化缩写词命名并优化前端帮助界面

- 后端：将 Smtp/Api/Doc 字段改为 SMTP/API/Doc（遵循 Go 命名规范）
- 前端：添加 Gemini 帮助按钮，简化配额说明展示

											
										
										
											2026-01-04 17:02:38 +08:00
+										result.SMTPPort = 587
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									}
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+									if concurrency, err := strconv.Atoi(settings[SettingKeyDefaultConcurrency]); err == nil {
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+										result.DefaultConcurrency = concurrency
 									} else {
 										result.DefaultConcurrency = s.cfg.Default.UserConcurrency
 									}
 									// 解析浮点数类型
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+									if balance, err := strconv.ParseFloat(settings[SettingKeyDefaultBalance], 64); err == nil {
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+										result.DefaultBalance = balance
 									} else {
 										result.DefaultBalance = s.cfg.Default.UserBalance
 									}
-												feat(settings): add default subscriptions for new users

- add default subscriptions to admin settings

- auto-assign subscriptions on register and admin user creation

- add validation/tests and align settings UI with subscription selector patterns

											
										
										
											2026-03-02 03:41:50 +08:00
+									result.DefaultSubscriptions = parseDefaultSubscriptions(settings[SettingKeyDefaultSubscriptions])
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
-												chore: 更新依赖、配置和代码生成

主要更新：
- 更新 go.mod/go.sum 依赖
- 重新生成 Ent ORM 代码
- 更新 Wire 依赖注入配置
- 添加 docker-compose.override.yml 到 .gitignore
- 更新 README 文档（Simple Mode 说明和已知问题）
- 清理调试日志
- 其他代码优化和格式修复

											
										
										
											2026-01-03 06:37:08 -08:00
+									// 敏感信息直接返回，方便测试连接时使用
-												fix(lint): 修复所有 Go 命名规范问题

- 全局替换 ApiKey → APIKey（类型、字段、方法、变量）
- 修复所有 initialism 命名（API, SMTP, HTML, URL 等）
- 添加所有缺失的包注释
- 修复导出符号的注释格式

主要修改：
- ApiKey → APIKey（所有出现的地方）
- ApiKeyID → APIKeyID
- ApiKeyIDs → APIKeyIDs
- TestSmtpConnection → TestSMTPConnection
- HtmlURL → HTMLURL
- 添加 20+ 个包注释
- 修复 10+ 个导出符号注释格式

验证结果：
- ✓ golangci-lint: 0 issues
- ✓ 单元测试: 通过
- ✓ 集成测试: 通过

											
										
										
											2026-01-04 19:27:53 +08:00
+									result.SMTPPassword = settings[SettingKeySMTPPassword]
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+									result.TurnstileSecretKey = settings[SettingKeyTurnstileSecretKey]
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
-												fix: 加固 LinuxDo OAuth 登录安全与配置校验

											
										
										
											2026-01-09 19:32:06 +08:00
+									// LinuxDo Connect 设置：
 									// - 兼容 config.yaml/env（避免老部署因为未迁移到数据库设置而被意外关闭）
 									// - 支持在后台“系统设置”中覆盖并持久化（存储于 DB）
-												refactor(auth): 将 Linux DO OAuth 配置迁移到系统设置

- 将 LinuxDo Connect 配置从环境变量迁移到数据库持久化
- 在管理后台系统设置中添加 LinuxDo OAuth 配置项
- 简化部署流程，无需修改 docker-compose.override.yml

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

											
										
										
											2026-01-09 13:52:27 +08:00
+									linuxDoBase := config.LinuxDoConnectConfig{}
 									if s.cfg != nil {
 										linuxDoBase = s.cfg.LinuxDo
 									}
 									if raw, ok := settings[SettingKeyLinuxDoConnectEnabled]; ok {
 										result.LinuxDoConnectEnabled = raw == "true"
 									} else {
 										result.LinuxDoConnectEnabled = linuxDoBase.Enabled
 									}
 									if v, ok := settings[SettingKeyLinuxDoConnectClientID]; ok && strings.TrimSpace(v) != "" {
 										result.LinuxDoConnectClientID = strings.TrimSpace(v)
 									} else {
 										result.LinuxDoConnectClientID = linuxDoBase.ClientID
 									}
 									if v, ok := settings[SettingKeyLinuxDoConnectRedirectURL]; ok && strings.TrimSpace(v) != "" {
 										result.LinuxDoConnectRedirectURL = strings.TrimSpace(v)
 									} else {
 										result.LinuxDoConnectRedirectURL = linuxDoBase.RedirectURL
 									}
 									result.LinuxDoConnectClientSecret = strings.TrimSpace(settings[SettingKeyLinuxDoConnectClientSecret])
 									if result.LinuxDoConnectClientSecret == "" {
 										result.LinuxDoConnectClientSecret = strings.TrimSpace(linuxDoBase.ClientSecret)
 									}
 									result.LinuxDoConnectClientSecretConfigured = result.LinuxDoConnectClientSecret != ""
-												chore: 更新依赖、配置和代码生成

主要更新：
- 更新 go.mod/go.sum 依赖
- 重新生成 Ent ORM 代码
- 更新 Wire 依赖注入配置
- 添加 docker-compose.override.yml 到 .gitignore
- 更新 README 文档（Simple Mode 说明和已知问题）
- 清理调试日志
- 其他代码优化和格式修复

											
										
										
											2026-01-03 06:37:08 -08:00
+									// Model fallback settings
 									result.EnableModelFallback = settings[SettingKeyEnableModelFallback] == "true"
 									result.FallbackModelAnthropic = s.getStringOrDefault(settings, SettingKeyFallbackModelAnthropic, "claude-3-5-sonnet-20241022")
 									result.FallbackModelOpenAI = s.getStringOrDefault(settings, SettingKeyFallbackModelOpenAI, "gpt-4o")
 									result.FallbackModelGemini = s.getStringOrDefault(settings, SettingKeyFallbackModelGemini, "gemini-2.5-pro")
 									result.FallbackModelAntigravity = s.getStringOrDefault(settings, SettingKeyFallbackModelAntigravity, "gemini-2.5-pro")
-												fix: 修复代码审查报告中的4个关键问题

1. 资源管理冗余（ForwardGemini双重Close）
   - 错误分支读取body后立即关闭原始body，用内存副本重新包装
   - defer添加nil guard，避免重复关闭
   - fallback成功时显式关闭旧body，确保连接释放

2. Schema校验丢失（cleanJSONSchema移除字段无感知）
   - 新增schemaCleaningWarningsEnabled()支持环境变量控制
   - 实现warnSchemaKeyRemovedOnce()在非release模式下告警
   - 移除关键验证字段时输出warning，包含key和path

3. UI响应式风险（UsersView操作菜单硬编码定位）
   - 菜单改为先粗定位、渲染后测量、再clamp到视口内
   - 添加max-height + overflow-auto，超出时可滚动
   - 增强交互：点击其它位置/滚动/resize自动关闭或重新定位

4. 身份补丁干扰（TransformClaudeToGemini默认注入）
   - 新增TransformOptions + TransformClaudeToGeminiWithOptions
   - 系统设置新增enable_identity_patch、identity_patch_prompt
   - 完整打通handler/dto/service/frontend配置链路
   - 默认保持启用，向后兼容现有行为

测试：
- 后端单测全量通过：go test ./...
- 前端类型检查通过：npm run typecheck

											
										
										
											2026-01-04 22:49:40 +08:00
+									// Identity patch settings (default: enabled, to preserve existing behavior)
 									if v, ok := settings[SettingKeyEnableIdentityPatch]; ok && v != "" {
 										result.EnableIdentityPatch = v == "true"
 									} else {
 										result.EnableIdentityPatch = true
 									}
 									result.IdentityPatchPrompt = settings[SettingKeyIdentityPatchPrompt]
-												feat(设置): 集成运维监控配置到系统设置

- 扩展 setting_handler 支持 ops 配置管理
- 扩展 setting_service 支持 ops 配置持久化
- 更新 settings_view 包含 ops 配置视图

											
										
										
											2026-01-09 20:57:32 +08:00
+									// Ops monitoring settings (default: enabled, fail-open)
 									result.OpsMonitoringEnabled = !isFalseSettingValue(settings[SettingKeyOpsMonitoringEnabled])
 									result.OpsRealtimeMonitoringEnabled = !isFalseSettingValue(settings[SettingKeyOpsRealtimeMonitoringEnabled])
 									result.OpsQueryModeDefault = string(ParseOpsQueryMode(settings[SettingKeyOpsQueryModeDefault]))
-												feat(运维监控): 增强监控功能和健康评分系统

后端改进：
- 新增健康评分计算服务（ops_health_score.go）
- 添加分布式锁支持（ops_advisory_lock.go）
- 优化指标采集和聚合逻辑
- 新增运维指标采集间隔配置（60-3600秒）
- 移除未使用的WebSocket查询token认证中间件
- 改进清理服务和告警评估逻辑

前端改进：
- 简化OpsDashboard组件结构
- 完善国际化文本（中英文）
- 新增运维监控相关API类型定义
- 添加运维指标采集间隔设置界面
- 优化错误详情模态框

测试：
- 添加健康评分单元测试
- 更新API契约测试

											
										
										
											2026-01-10 01:38:47 +08:00
+									result.OpsMetricsIntervalSeconds = 60
 									if raw := strings.TrimSpace(settings[SettingKeyOpsMetricsIntervalSeconds]); raw != "" {
 										if v, err := strconv.Atoi(raw); err == nil {
 											if v < 60 {
 												v = 60
 											}
 											if v > 3600 {
 												v = 3600
 											}
 											result.OpsMetricsIntervalSeconds = v
 										}
 									}
-												feat(设置): 集成运维监控配置到系统设置

- 扩展 setting_handler 支持 ops 配置管理
- 扩展 setting_service 支持 ops 配置持久化
- 更新 settings_view 包含 ops 配置视图

											
										
										
											2026-01-09 20:57:32 +08:00
-												feat(gateway): 添加 Claude Code 客户端最低版本检查功能

- 通过 User-Agent 识别 Claude Code 客户端并提取版本号
- 在网关层验证客户端版本是否满足管理员配置的最低要求
- 在管理后台提供版本要求配置选项（英文/中文双语）
- 实现原子缓存 + singleflight 防止并发问题和 thundering herd
- 使用 context.WithoutCancel 隔离 DB 查询，避免客户端断连影响缓存
- 双 TTL 策略：60s 正常、5s 错误恢复，保证性能与可用性
- 仅检查 Claude Code 客户端，其他客户端不受影响
- 添加完整单元测试覆盖版本提取、比对、上下文操作

											
										
										
											2026-03-01 15:35:46 +08:00
+									// Claude Code version check
 									result.MinClaudeCodeVersion = settings[SettingKeyMinClaudeCodeVersion]
-												feat(gateway): 系统设置控制未分组 Key 调度 — Handler 层中间件拦截

新增系统设置 allow_ungrouped_key_scheduling（默认关闭），
未分组的 API Key 在网关请求时直接返回 403，
由 RequireGroupAssignment 中间件统一拦截，
支持 Anthropic / Google 两种错误格式响应。

全栈实现：常量 → 结构体 → 解析/更新/初始化 → DTO → 管理接口 →
中间件 → 路由注册 → 前端设置界面 + i18n。

											
										
										
											2026-03-03 19:56:27 +08:00
+									// 分组隔离
 									result.AllowUngroupedKeyScheduling = settings[SettingKeyAllowUngroupedKeyScheduling] == "true"
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									return result
 								}
-												feat(设置): 集成运维监控配置到系统设置

- 扩展 setting_handler 支持 ops 配置管理
- 扩展 setting_service 支持 ops 配置持久化
- 更新 settings_view 包含 ops 配置视图

											
										
										
											2026-01-09 20:57:32 +08:00
+								func isFalseSettingValue(value string) bool {
 									switch strings.ToLower(strings.TrimSpace(value)) {
 									case "false", "0", "off", "disabled":
 										return true
 									default:
 										return false
 									}
 								}
-												feat(settings): add default subscriptions for new users

- add default subscriptions to admin settings

- auto-assign subscriptions on register and admin user creation

- add validation/tests and align settings UI with subscription selector patterns

											
										
										
											2026-03-02 03:41:50 +08:00
+								func parseDefaultSubscriptions(raw string) []DefaultSubscriptionSetting {
 									raw = strings.TrimSpace(raw)
 									if raw == "" {
 										return nil
 									}
 									var items []DefaultSubscriptionSetting
 									if err := json.Unmarshal([]byte(raw), &items); err != nil {
 										return nil
 									}
 									normalized := make([]DefaultSubscriptionSetting, 0, len(items))
 									for _, item := range items {
 										if item.GroupID <= 0 || item.ValidityDays <= 0 {
 											continue
 										}
 										if item.ValidityDays > MaxValidityDays {
 											item.ValidityDays = MaxValidityDays
 										}
 										normalized = append(normalized, item)
 									}
 									return normalized
 								}
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+								// getStringOrDefault 获取字符串值或默认值
 								func (s *SettingService) getStringOrDefault(settings map[string]string, key, defaultValue string) string {
 									if value, ok := settings[key]; ok && value != "" {
 										return value
 									}
 									return defaultValue
 								}
 								// IsTurnstileEnabled 检查是否启用 Turnstile 验证
 								func (s *SettingService) IsTurnstileEnabled(ctx context.Context) bool {
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+									value, err := s.settingRepo.GetValue(ctx, SettingKeyTurnstileEnabled)
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									if err != nil {
 										return false
 									}
 									return value == "true"
 								}
 								// GetTurnstileSecretKey 获取 Turnstile Secret Key
 								func (s *SettingService) GetTurnstileSecretKey(ctx context.Context) string {
-												refactor: 调整项目结构为单向依赖

											
										
										
											2025-12-26 15:40:24 +08:00
+									value, err := s.settingRepo.GetValue(ctx, SettingKeyTurnstileSecretKey)
-												First commit

											
										
										
											2025-12-18 13:50:39 +08:00
+									if err != nil {
 										return ""
 									}
 									return value
 								}
-												feat: 支持创建管理员APIKEY

											
										
										
											2025-12-20 15:11:43 +08:00
-												fix: 修复代码审查报告中的4个关键问题

1. 资源管理冗余（ForwardGemini双重Close）
   - 错误分支读取body后立即关闭原始body，用内存副本重新包装
   - defer添加nil guard，避免重复关闭
   - fallback成功时显式关闭旧body，确保连接释放

2. Schema校验丢失（cleanJSONSchema移除字段无感知）
   - 新增schemaCleaningWarningsEnabled()支持环境变量控制
   - 实现warnSchemaKeyRemovedOnce()在非release模式下告警
   - 移除关键验证字段时输出warning，包含key和path

3. UI响应式风险（UsersView操作菜单硬编码定位）
   - 菜单改为先粗定位、渲染后测量、再clamp到视口内
   - 添加max-height + overflow-auto，超出时可滚动
   - 增强交互：点击其它位置/滚动/resize自动关闭或重新定位

4. 身份补丁干扰（TransformClaudeToGemini默认注入）
   - 新增TransformOptions + TransformClaudeToGeminiWithOptions
   - 系统设置新增enable_identity_patch、identity_patch_prompt
   - 完整打通handler/dto/service/frontend配置链路
   - 默认保持启用，向后兼容现有行为

测试：
- 后端单测全量通过：go test ./...
- 前端类型检查通过：npm run typecheck

											
										
										
											2026-01-04 22:49:40 +08:00
+								// IsIdentityPatchEnabled 检查是否启用身份补丁（Claude -> Gemini systemInstruction 注入）
 								func (s *SettingService) IsIdentityPatchEnabled(ctx context.Context) bool {
 									value, err := s.settingRepo.GetValue(ctx, SettingKeyEnableIdentityPatch)
 									if err != nil {
 										// 默认开启，保持兼容
 										return true
 									}
 									return value == "true"
 								}
 								// GetIdentityPatchPrompt 获取自定义身份补丁提示词（为空表示使用内置默认模板）
 								func (s *SettingService) GetIdentityPatchPrompt(ctx context.Context) string {
 									value, err := s.settingRepo.GetValue(ctx, SettingKeyIdentityPatchPrompt)
 									if err != nil {
 										return ""
 									}
 									return value
 								}
-												fix(lint): 修复所有 Go 命名规范问题

- 全局替换 ApiKey → APIKey（类型、字段、方法、变量）
- 修复所有 initialism 命名（API, SMTP, HTML, URL 等）
- 添加所有缺失的包注释
- 修复导出符号的注释格式

主要修改：
- ApiKey → APIKey（所有出现的地方）
- ApiKeyID → APIKeyID
- ApiKeyIDs → APIKeyIDs
- TestSmtpConnection → TestSMTPConnection
- HtmlURL → HTMLURL
- 添加 20+ 个包注释
- 修复 10+ 个导出符号注释格式

验证结果：
- ✓ golangci-lint: 0 issues
- ✓ 单元测试: 通过
- ✓ 集成测试: 通过

											
										
										
											2026-01-04 19:27:53 +08:00
+								// GenerateAdminAPIKey 生成新的管理员 API Key
 								func (s *SettingService) GenerateAdminAPIKey(ctx context.Context) (string, error) {
-												feat: 支持创建管理员APIKEY

											
										
										
											2025-12-20 15:11:43 +08:00
+									// 生成 32 字节随机数 = 64 位十六进制字符
 									bytes := make([]byte, 32)
 									if _, err := rand.Read(bytes); err != nil {
 										return "", fmt.Errorf("generate random bytes: %w", err)
 									}
-												fix(lint): 修复所有 Go 命名规范问题

- 全局替换 ApiKey → APIKey（类型、字段、方法、变量）
- 修复所有 initialism 命名（API, SMTP, HTML, URL 等）
- 添加所有缺失的包注释
- 修复导出符号的注释格式

主要修改：
- ApiKey → APIKey（所有出现的地方）
- ApiKeyID → APIKeyID
- ApiKeyIDs → APIKeyIDs
- TestSmtpConnection → TestSMTPConnection
- HtmlURL → HTMLURL
- 添加 20+ 个包注释
- 修复 10+ 个导出符号注释格式

验证结果：
- ✓ golangci-lint: 0 issues
- ✓ 单元测试: 通过
- ✓ 集成测试: 通过

											
										
										
											2026-01-04 19:27:53 +08:00
+									key := AdminAPIKeyPrefix + hex.EncodeToString(bytes)
-												feat: 支持创建管理员APIKEY

											
										
										
											2025-12-20 15:11:43 +08:00
 									// 存储到 settings 表
-												fix(lint): 修复所有 Go 命名规范问题

- 全局替换 ApiKey → APIKey（类型、字段、方法、变量）
- 修复所有 initialism 命名（API, SMTP, HTML, URL 等）
- 添加所有缺失的包注释
- 修复导出符号的注释格式

主要修改：
- ApiKey → APIKey（所有出现的地方）
- ApiKeyID → APIKeyID
- ApiKeyIDs → APIKeyIDs
- TestSmtpConnection → TestSMTPConnection
- HtmlURL → HTMLURL
- 添加 20+ 个包注释
- 修复 10+ 个导出符号注释格式

验证结果：
- ✓ golangci-lint: 0 issues
- ✓ 单元测试: 通过
- ✓ 集成测试: 通过

											
										
										
											2026-01-04 19:27:53 +08:00
+									if err := s.settingRepo.Set(ctx, SettingKeyAdminAPIKey, key); err != nil {
-												feat: 支持创建管理员APIKEY

											
										
										
											2025-12-20 15:11:43 +08:00
+										return "", fmt.Errorf("save admin api key: %w", err)
 									}
 									return key, nil
 								}
-												fix(lint): 修复所有 Go 命名规范问题

- 全局替换 ApiKey → APIKey（类型、字段、方法、变量）
- 修复所有 initialism 命名（API, SMTP, HTML, URL 等）
- 添加所有缺失的包注释
- 修复导出符号的注释格式

主要修改：
- ApiKey → APIKey（所有出现的地方）
- ApiKeyID → APIKeyID
- ApiKeyIDs → APIKeyIDs
- TestSmtpConnection → TestSMTPConnection
- HtmlURL → HTMLURL
- 添加 20+ 个包注释
- 修复 10+ 个导出符号注释格式

验证结果：
- ✓ golangci-lint: 0 issues
- ✓ 单元测试: 通过
- ✓ 集成测试: 通过

											
										
										
											2026-01-04 19:27:53 +08:00
+								// GetAdminAPIKeyStatus 获取管理员 API Key 状态
-												feat: 支持创建管理员APIKEY

											
										
										
											2025-12-20 15:11:43 +08:00
+								// 返回脱敏的 key、是否存在、错误
-												fix(lint): 修复所有 Go 命名规范问题

- 全局替换 ApiKey → APIKey（类型、字段、方法、变量）
- 修复所有 initialism 命名（API, SMTP, HTML, URL 等）
- 添加所有缺失的包注释
- 修复导出符号的注释格式

主要修改：
- ApiKey → APIKey（所有出现的地方）
- ApiKeyID → APIKeyID
- ApiKeyIDs → APIKeyIDs
- TestSmtpConnection → TestSMTPConnection
- HtmlURL → HTMLURL
- 添加 20+ 个包注释
- 修复 10+ 个导出符号注释格式

验证结果：
- ✓ golangci-lint: 0 issues
- ✓ 单元测试: 通过
- ✓ 集成测试: 通过

											
										
										
											2026-01-04 19:27:53 +08:00
+								func (s *SettingService) GetAdminAPIKeyStatus(ctx context.Context) (maskedKey string, exists bool, err error) {
 									key, err := s.settingRepo.GetValue(ctx, SettingKeyAdminAPIKey)
-												feat: 支持创建管理员APIKEY

											
										
										
											2025-12-20 15:11:43 +08:00
+									if err != nil {
-												refactor: 自定义业务错误

											
										
										
											2025-12-25 20:52:47 +08:00
+										if errors.Is(err, ErrSettingNotFound) {
-												feat: 支持创建管理员APIKEY

											
										
										
											2025-12-20 15:11:43 +08:00
+											return "", false, nil
 										}
 										return "", false, err
 									}
 									if key == "" {
 										return "", false, nil
 									}
 									// 脱敏：显示前 10 位和后 4 位
 									if len(key) > 14 {
 										maskedKey = key[:10] + "..." + key[len(key)-4:]
 									} else {
 										maskedKey = key
 									}
 									return maskedKey, true, nil
 								}
-												fix(lint): 修复所有 Go 命名规范问题

- 全局替换 ApiKey → APIKey（类型、字段、方法、变量）
- 修复所有 initialism 命名（API, SMTP, HTML, URL 等）
- 添加所有缺失的包注释
- 修复导出符号的注释格式

主要修改：
- ApiKey → APIKey（所有出现的地方）
- ApiKeyID → APIKeyID
- ApiKeyIDs → APIKeyIDs
- TestSmtpConnection → TestSMTPConnection
- HtmlURL → HTMLURL
- 添加 20+ 个包注释
- 修复 10+ 个导出符号注释格式

验证结果：
- ✓ golangci-lint: 0 issues
- ✓ 单元测试: 通过
- ✓ 集成测试: 通过

											
										
										
											2026-01-04 19:27:53 +08:00
+								// GetAdminAPIKey 获取完整的管理员 API Key（仅供内部验证使用）
-												feat: 支持创建管理员APIKEY

											
										
										
											2025-12-20 15:11:43 +08:00
+								// 如果未配置返回空字符串和 nil 错误，只有数据库错误时才返回 error
-												fix(lint): 修复所有 Go 命名规范问题

- 全局替换 ApiKey → APIKey（类型、字段、方法、变量）
- 修复所有 initialism 命名（API, SMTP, HTML, URL 等）
- 添加所有缺失的包注释
- 修复导出符号的注释格式

主要修改：
- ApiKey → APIKey（所有出现的地方）
- ApiKeyID → APIKeyID
- ApiKeyIDs → APIKeyIDs
- TestSmtpConnection → TestSMTPConnection
- HtmlURL → HTMLURL
- 添加 20+ 个包注释
- 修复 10+ 个导出符号注释格式

验证结果：
- ✓ golangci-lint: 0 issues
- ✓ 单元测试: 通过
- ✓ 集成测试: 通过

											
										
										
											2026-01-04 19:27:53 +08:00
+								func (s *SettingService) GetAdminAPIKey(ctx context.Context) (string, error) {
 									key, err := s.settingRepo.GetValue(ctx, SettingKeyAdminAPIKey)
-												feat: 支持创建管理员APIKEY

											
										
										
											2025-12-20 15:11:43 +08:00
+									if err != nil {
-												refactor: 自定义业务错误

											
										
										
											2025-12-25 20:52:47 +08:00
+										if errors.Is(err, ErrSettingNotFound) {
-												feat: 支持创建管理员APIKEY

											
										
										
											2025-12-20 15:11:43 +08:00
+											return "", nil // 未配置，返回空字符串
 										}
 										return "", err // 数据库错误
 									}
 									return key, nil
 								}
-												fix(lint): 修复所有 Go 命名规范问题

- 全局替换 ApiKey → APIKey（类型、字段、方法、变量）
- 修复所有 initialism 命名（API, SMTP, HTML, URL 等）
- 添加所有缺失的包注释
- 修复导出符号的注释格式

主要修改：
- ApiKey → APIKey（所有出现的地方）
- ApiKeyID → APIKeyID
- ApiKeyIDs → APIKeyIDs
- TestSmtpConnection → TestSMTPConnection
- HtmlURL → HTMLURL
- 添加 20+ 个包注释
- 修复 10+ 个导出符号注释格式

验证结果：
- ✓ golangci-lint: 0 issues
- ✓ 单元测试: 通过
- ✓ 集成测试: 通过

											
										
										
											2026-01-04 19:27:53 +08:00
+								// DeleteAdminAPIKey 删除管理员 API Key
 								func (s *SettingService) DeleteAdminAPIKey(ctx context.Context) error {
 									return s.settingRepo.Delete(ctx, SettingKeyAdminAPIKey)
-												chore: 更新依赖、配置和代码生成

主要更新：
- 更新 go.mod/go.sum 依赖
- 重新生成 Ent ORM 代码
- 更新 Wire 依赖注入配置
- 添加 docker-compose.override.yml 到 .gitignore
- 更新 README 文档（Simple Mode 说明和已知问题）
- 清理调试日志
- 其他代码优化和格式修复

											
										
										
											2026-01-03 06:37:08 -08:00
+								}
 								// IsModelFallbackEnabled 检查是否启用模型兜底机制
 								func (s *SettingService) IsModelFallbackEnabled(ctx context.Context) bool {
 									value, err := s.settingRepo.GetValue(ctx, SettingKeyEnableModelFallback)
 									if err != nil {
 										return false // Default: disabled
 									}
 									return value == "true"
 								}
 								// GetFallbackModel 获取指定平台的兜底模型
 								func (s *SettingService) GetFallbackModel(ctx context.Context, platform string) string {
 									var key string
 									var defaultModel string
 									switch platform {
 									case PlatformAnthropic:
 										key = SettingKeyFallbackModelAnthropic
 										defaultModel = "claude-3-5-sonnet-20241022"
 									case PlatformOpenAI:
 										key = SettingKeyFallbackModelOpenAI
 										defaultModel = "gpt-4o"
 									case PlatformGemini:
 										key = SettingKeyFallbackModelGemini
 										defaultModel = "gemini-2.5-pro"
 									case PlatformAntigravity:
 										key = SettingKeyFallbackModelAntigravity
 										defaultModel = "gemini-2.5-pro"
 									default:
 										return ""
 									}
 									value, err := s.settingRepo.GetValue(ctx, key)
 									if err != nil || value == "" {
 										return defaultModel
 									}
 									return value
-												feat: 支持创建管理员APIKEY

											
										
										
											2025-12-20 15:11:43 +08:00
+								}
-												fix: 临时保存编译错误修复

- 添加 LinuxDo 和 Update 配置（从 main 分支缺失）
- 添加 LinuxDoConnectSyntheticEmailDomain 常量
- 添加 IsClaudeCodeClient context key
- 添加 GetLinuxDoConnectOAuthConfig 方法
- 修复 BindStickySession 调用签名
- 修复前端 i18n 重复属性
- 重新生成 wire 依赖注入代码

这个提交准备被合并替换，先保存以防丢失。

											
										
										
											2026-01-11 10:59:01 +08:00
 								// GetLinuxDoConnectOAuthConfig 返回用于登录的"最终生效" LinuxDo Connect 配置。
 								//
 								// 优先级：
 								// - 若对应系统设置键存在，则覆盖 config.yaml/env 的值
 								// - 否则回退到 config.yaml/env 的值
 								func (s *SettingService) GetLinuxDoConnectOAuthConfig(ctx context.Context) (config.LinuxDoConnectConfig, error) {
 									if s == nil || s.cfg == nil {
 										return config.LinuxDoConnectConfig{}, infraerrors.ServiceUnavailable("CONFIG_NOT_READY", "config not loaded")
 									}
 									effective := s.cfg.LinuxDo
 									keys := []string{
 										SettingKeyLinuxDoConnectEnabled,
 										SettingKeyLinuxDoConnectClientID,
 										SettingKeyLinuxDoConnectClientSecret,
 										SettingKeyLinuxDoConnectRedirectURL,
 									}
 									settings, err := s.settingRepo.GetMultiple(ctx, keys)
 									if err != nil {
 										return config.LinuxDoConnectConfig{}, fmt.Errorf("get linuxdo connect settings: %w", err)
 									}
 									if raw, ok := settings[SettingKeyLinuxDoConnectEnabled]; ok {
 										effective.Enabled = raw == "true"
 									}
 									if v, ok := settings[SettingKeyLinuxDoConnectClientID]; ok && strings.TrimSpace(v) != "" {
 										effective.ClientID = strings.TrimSpace(v)
 									}
 									if v, ok := settings[SettingKeyLinuxDoConnectClientSecret]; ok && strings.TrimSpace(v) != "" {
 										effective.ClientSecret = strings.TrimSpace(v)
 									}
 									if v, ok := settings[SettingKeyLinuxDoConnectRedirectURL]; ok && strings.TrimSpace(v) != "" {
 										effective.RedirectURL = strings.TrimSpace(v)
 									}
 									if !effective.Enabled {
 										return config.LinuxDoConnectConfig{}, infraerrors.NotFound("OAUTH_DISABLED", "oauth login is disabled")
 									}
 									// 基础健壮性校验（避免把用户重定向到一个必然失败或不安全的 OAuth 流程里）。
 									if strings.TrimSpace(effective.ClientID) == "" {
 										return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth client id not configured")
 									}
 									if strings.TrimSpace(effective.AuthorizeURL) == "" {
 										return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth authorize url not configured")
 									}
 									if strings.TrimSpace(effective.TokenURL) == "" {
 										return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth token url not configured")
 									}
 									if strings.TrimSpace(effective.UserInfoURL) == "" {
 										return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth userinfo url not configured")
 									}
 									if strings.TrimSpace(effective.RedirectURL) == "" {
 										return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth redirect url not configured")
 									}
 									if strings.TrimSpace(effective.FrontendRedirectURL) == "" {
 										return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth frontend redirect url not configured")
 									}
 									if err := config.ValidateAbsoluteHTTPURL(effective.AuthorizeURL); err != nil {
 										return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth authorize url invalid")
 									}
 									if err := config.ValidateAbsoluteHTTPURL(effective.TokenURL); err != nil {
 										return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth token url invalid")
 									}
 									if err := config.ValidateAbsoluteHTTPURL(effective.UserInfoURL); err != nil {
 										return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth userinfo url invalid")
 									}
 									if err := config.ValidateAbsoluteHTTPURL(effective.RedirectURL); err != nil {
 										return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth redirect url invalid")
 									}
 									if err := config.ValidateFrontendRedirectURL(effective.FrontendRedirectURL); err != nil {
 										return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth frontend redirect url invalid")
 									}
 									method := strings.ToLower(strings.TrimSpace(effective.TokenAuthMethod))
 									switch method {
 									case "", "client_secret_post", "client_secret_basic":
 										if strings.TrimSpace(effective.ClientSecret) == "" {
 											return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth client secret not configured")
 										}
 									case "none":
 										if !effective.UsePKCE {
 											return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth pkce must be enabled when token_auth_method=none")
 										}
 									default:
 										return config.LinuxDoConnectConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "oauth token_auth_method invalid")
 									}
 									return effective, nil
 								}
-												feat(gateway): 添加流超时处理机制

- 添加 StreamTimeoutSettings 配置结构体和系统设置
- 实现 TimeoutCounterCache Redis 计数器用于累计超时次数
- 在 RateLimitService 添加 HandleStreamTimeout 方法
- 在 gateway_service、openai_gateway_service、antigravity_gateway_service 中调用超时处理
- 添加后端 API 端点 GET/PUT /admin/settings/stream-timeout
- 添加前端配置界面到系统设置页面
- 支持配置：启用开关、超时阈值、处理方式、暂停时长、触发阈值、阈值窗口

默认配置：
- 启用：true
- 超时阈值：60秒
- 处理方式：临时不可调度
- 暂停时长：5分钟
- 触发阈值：3次
- 阈值窗口：10分钟

											
										
										
											2026-01-11 21:54:52 -08:00
 								// GetStreamTimeoutSettings 获取流超时处理配置
 								func (s *SettingService) GetStreamTimeoutSettings(ctx context.Context) (*StreamTimeoutSettings, error) {
 									value, err := s.settingRepo.GetValue(ctx, SettingKeyStreamTimeoutSettings)
 									if err != nil {
 										if errors.Is(err, ErrSettingNotFound) {
 											return DefaultStreamTimeoutSettings(), nil
 										}
 										return nil, fmt.Errorf("get stream timeout settings: %w", err)
 									}
 									if value == "" {
 										return DefaultStreamTimeoutSettings(), nil
 									}
 									var settings StreamTimeoutSettings
 									if err := json.Unmarshal([]byte(value), &settings); err != nil {
 										return DefaultStreamTimeoutSettings(), nil
 									}
 									// 验证并修正配置值
 									if settings.TempUnschedMinutes < 1 {
 										settings.TempUnschedMinutes = 1
 									}
 									if settings.TempUnschedMinutes > 60 {
 										settings.TempUnschedMinutes = 60
 									}
 									if settings.ThresholdCount < 1 {
 										settings.ThresholdCount = 1
 									}
 									if settings.ThresholdCount > 10 {
 										settings.ThresholdCount = 10
 									}
 									if settings.ThresholdWindowMinutes < 1 {
 										settings.ThresholdWindowMinutes = 1
 									}
 									if settings.ThresholdWindowMinutes > 60 {
 										settings.ThresholdWindowMinutes = 60
 									}
 									// 验证 action
 									switch settings.Action {
 									case StreamTimeoutActionTempUnsched, StreamTimeoutActionError, StreamTimeoutActionNone:
 										// valid
 									default:
 										settings.Action = StreamTimeoutActionTempUnsched
 									}
 									return &settings, nil
 								}
-												feat(gateway): 系统设置控制未分组 Key 调度 — Handler 层中间件拦截

新增系统设置 allow_ungrouped_key_scheduling（默认关闭），
未分组的 API Key 在网关请求时直接返回 403，
由 RequireGroupAssignment 中间件统一拦截，
支持 Anthropic / Google 两种错误格式响应。

全栈实现：常量 → 结构体 → 解析/更新/初始化 → DTO → 管理接口 →
中间件 → 路由注册 → 前端设置界面 + i18n。

											
										
										
											2026-03-03 19:56:27 +08:00
+								// IsUngroupedKeySchedulingAllowed 查询是否允许未分组 Key 调度
 								func (s *SettingService) IsUngroupedKeySchedulingAllowed(ctx context.Context) bool {
 									value, err := s.settingRepo.GetValue(ctx, SettingKeyAllowUngroupedKeyScheduling)
 									if err != nil {
 										return false // fail-closed: 查询失败时默认不允许
 									}
 									return value == "true"
 								}
-												feat(gateway): 添加 Claude Code 客户端最低版本检查功能

- 通过 User-Agent 识别 Claude Code 客户端并提取版本号
- 在网关层验证客户端版本是否满足管理员配置的最低要求
- 在管理后台提供版本要求配置选项（英文/中文双语）
- 实现原子缓存 + singleflight 防止并发问题和 thundering herd
- 使用 context.WithoutCancel 隔离 DB 查询，避免客户端断连影响缓存
- 双 TTL 策略：60s 正常、5s 错误恢复，保证性能与可用性
- 仅检查 Claude Code 客户端，其他客户端不受影响
- 添加完整单元测试覆盖版本提取、比对、上下文操作

											
										
										
											2026-03-01 15:35:46 +08:00
+								// GetMinClaudeCodeVersion 获取最低 Claude Code 版本号要求
 								// 使用进程内 atomic.Value 缓存，60 秒 TTL，热路径零锁开销
 								// singleflight 防止缓存过期时 thundering herd
 								// 返回空字符串表示不做版本检查
 								func (s *SettingService) GetMinClaudeCodeVersion(ctx context.Context) string {
 									if cached, ok := minVersionCache.Load().(*cachedMinVersion); ok {
 										if time.Now().UnixNano() < cached.expiresAt {
 											return cached.value
 										}
 									}
 									// singleflight: 同一时刻只有一个 goroutine 查询 DB，其余复用结果
-												feat(gateway): 双模式用户消息队列 — 串行队列 + 软性限速

新增 UMQ (User Message Queue) 双模式支持:
- serialize: 账号级分布式串行锁 + RPM 自适应延迟（严格限流）
- throttle: 仅 RPM 自适应前置延迟，不阻塞并发（软性限速）

后端:
- config: 新增 Mode 字段，保留 Enabled 向后兼容
- service: 新增 UserMessageQueueService（Lua 锁/延迟算法/清理 worker）
- repository: 新增 UserMsgQueueCache（Redis Lua acquire/release/force-release）
- handler: 新增 UserMsgQueueHelper（SSE ping + 等待循环 + throttle）
- gateway: 按 mode 分支集成 serialize/throttle 逻辑
- lint: 修复 gofmt rewrite rules、errcheck 类型断言、staticcheck QF1012

前端:
- 三态选择器 UI（关闭/软性限速/串行队列）替代 toggle 开关
- BulkEdit 支持 null 语义（不修改）
- i18n 中英文文案

通过 6 轮专家评审（42 次 review）、golangci-lint、单元测试、集成测试。

											
										
										
											2026-03-03 01:02:39 +08:00
+									result, err, _ := minVersionSF.Do("min_version", func() (any, error) {
-												feat(gateway): 添加 Claude Code 客户端最低版本检查功能

- 通过 User-Agent 识别 Claude Code 客户端并提取版本号
- 在网关层验证客户端版本是否满足管理员配置的最低要求
- 在管理后台提供版本要求配置选项（英文/中文双语）
- 实现原子缓存 + singleflight 防止并发问题和 thundering herd
- 使用 context.WithoutCancel 隔离 DB 查询，避免客户端断连影响缓存
- 双 TTL 策略：60s 正常、5s 错误恢复，保证性能与可用性
- 仅检查 Claude Code 客户端，其他客户端不受影响
- 添加完整单元测试覆盖版本提取、比对、上下文操作

											
										
										
											2026-03-01 15:35:46 +08:00
+										// 二次检查，避免排队的 goroutine 重复查询
 										if cached, ok := minVersionCache.Load().(*cachedMinVersion); ok {
 											if time.Now().UnixNano() < cached.expiresAt {
 												return cached.value, nil
 											}
 										}
 										// 使用独立 context：断开请求取消链，避免客户端断连导致空值被长期缓存
 										dbCtx, cancel := context.WithTimeout(context.WithoutCancel(ctx), minVersionDBTimeout)
 										defer cancel()
 										value, err := s.settingRepo.GetValue(dbCtx, SettingKeyMinClaudeCodeVersion)
 										if err != nil {
 											// fail-open: DB 错误时不阻塞请求，但记录日志并使用短 TTL 快速重试
 											slog.Warn("failed to get min claude code version setting, skipping version check", "error", err)
 											minVersionCache.Store(&cachedMinVersion{
 												value:     "",
 												expiresAt: time.Now().Add(minVersionErrorTTL).UnixNano(),
 											})
 											return "", nil
 										}
 										minVersionCache.Store(&cachedMinVersion{
 											value:     value,
 											expiresAt: time.Now().Add(minVersionCacheTTL).UnixNano(),
 										})
 										return value, nil
 									})
-												feat(gateway): 双模式用户消息队列 — 串行队列 + 软性限速

新增 UMQ (User Message Queue) 双模式支持:
- serialize: 账号级分布式串行锁 + RPM 自适应延迟（严格限流）
- throttle: 仅 RPM 自适应前置延迟，不阻塞并发（软性限速）

后端:
- config: 新增 Mode 字段，保留 Enabled 向后兼容
- service: 新增 UserMessageQueueService（Lua 锁/延迟算法/清理 worker）
- repository: 新增 UserMsgQueueCache（Redis Lua acquire/release/force-release）
- handler: 新增 UserMsgQueueHelper（SSE ping + 等待循环 + throttle）
- gateway: 按 mode 分支集成 serialize/throttle 逻辑
- lint: 修复 gofmt rewrite rules、errcheck 类型断言、staticcheck QF1012

前端:
- 三态选择器 UI（关闭/软性限速/串行队列）替代 toggle 开关
- BulkEdit 支持 null 语义（不修改）
- i18n 中英文文案

通过 6 轮专家评审（42 次 review）、golangci-lint、单元测试、集成测试。

											
										
										
											2026-03-03 01:02:39 +08:00
+									if err != nil {
 										return ""
 									}
 									ver, ok := result.(string)
 									if !ok {
 										return ""
-												fix(ci): 修复 golangci-lint 和 API 合约测试失败

- 修复 errcheck: singleflight 返回值类型断言添加 ok 检查
- 修复 gofmt: 格式化 setting_service.go 和 claude_code_validator_test.go
- 修复 TestAPIContracts: 在 GET /admin/settings 期望中添加 min_claude_code_version 字段

											
										
										
											2026-03-01 16:39:21 +08:00
+									}
-												feat(gateway): 双模式用户消息队列 — 串行队列 + 软性限速

新增 UMQ (User Message Queue) 双模式支持:
- serialize: 账号级分布式串行锁 + RPM 自适应延迟（严格限流）
- throttle: 仅 RPM 自适应前置延迟，不阻塞并发（软性限速）

后端:
- config: 新增 Mode 字段，保留 Enabled 向后兼容
- service: 新增 UserMessageQueueService（Lua 锁/延迟算法/清理 worker）
- repository: 新增 UserMsgQueueCache（Redis Lua acquire/release/force-release）
- handler: 新增 UserMsgQueueHelper（SSE ping + 等待循环 + throttle）
- gateway: 按 mode 分支集成 serialize/throttle 逻辑
- lint: 修复 gofmt rewrite rules、errcheck 类型断言、staticcheck QF1012

前端:
- 三态选择器 UI（关闭/软性限速/串行队列）替代 toggle 开关
- BulkEdit 支持 null 语义（不修改）
- i18n 中英文文案

通过 6 轮专家评审（42 次 review）、golangci-lint、单元测试、集成测试。

											
										
										
											2026-03-03 01:02:39 +08:00
+									return ver
-												feat(gateway): 添加 Claude Code 客户端最低版本检查功能

- 通过 User-Agent 识别 Claude Code 客户端并提取版本号
- 在网关层验证客户端版本是否满足管理员配置的最低要求
- 在管理后台提供版本要求配置选项（英文/中文双语）
- 实现原子缓存 + singleflight 防止并发问题和 thundering herd
- 使用 context.WithoutCancel 隔离 DB 查询，避免客户端断连影响缓存
- 双 TTL 策略：60s 正常、5s 错误恢复，保证性能与可用性
- 仅检查 Claude Code 客户端，其他客户端不受影响
- 添加完整单元测试覆盖版本提取、比对、上下文操作

											
										
										
											2026-03-01 15:35:46 +08:00
+								}
-												feat(gateway): 添加流超时处理机制

- 添加 StreamTimeoutSettings 配置结构体和系统设置
- 实现 TimeoutCounterCache Redis 计数器用于累计超时次数
- 在 RateLimitService 添加 HandleStreamTimeout 方法
- 在 gateway_service、openai_gateway_service、antigravity_gateway_service 中调用超时处理
- 添加后端 API 端点 GET/PUT /admin/settings/stream-timeout
- 添加前端配置界面到系统设置页面
- 支持配置：启用开关、超时阈值、处理方式、暂停时长、触发阈值、阈值窗口

默认配置：
- 启用：true
- 超时阈值：60秒
- 处理方式：临时不可调度
- 暂停时长：5分钟
- 触发阈值：3次
- 阈值窗口：10分钟

											
										
										
											2026-01-11 21:54:52 -08:00
+								// SetStreamTimeoutSettings 设置流超时处理配置
 								func (s *SettingService) SetStreamTimeoutSettings(ctx context.Context, settings *StreamTimeoutSettings) error {
 									if settings == nil {
 										return fmt.Errorf("settings cannot be nil")
 									}
 									// 验证配置值
 									if settings.TempUnschedMinutes < 1 || settings.TempUnschedMinutes > 60 {
 										return fmt.Errorf("temp_unsched_minutes must be between 1-60")
 									}
 									if settings.ThresholdCount < 1 || settings.ThresholdCount > 10 {
 										return fmt.Errorf("threshold_count must be between 1-10")
 									}
 									if settings.ThresholdWindowMinutes < 1 || settings.ThresholdWindowMinutes > 60 {
 										return fmt.Errorf("threshold_window_minutes must be between 1-60")
 									}
 									switch settings.Action {
 									case StreamTimeoutActionTempUnsched, StreamTimeoutActionError, StreamTimeoutActionNone:
 										// valid
 									default:
 										return fmt.Errorf("invalid action: %s", settings.Action)
 									}
 									data, err := json.Marshal(settings)
 									if err != nil {
 										return fmt.Errorf("marshal stream timeout settings: %w", err)
 									}
 									return s.settingRepo.Set(ctx, SettingKeyStreamTimeoutSettings, string(data))
 								}
-												feat(sync): full code sync from release

											
										
										
											2026-02-28 15:01:20 +08:00
 								type soraS3ProfilesStore struct {
 									ActiveProfileID string                   `json:"active_profile_id"`
 									Items           []soraS3ProfileStoreItem `json:"items"`
 								}
 								type soraS3ProfileStoreItem struct {
 									ProfileID                string `json:"profile_id"`
 									Name                     string `json:"name"`
 									Enabled                  bool   `json:"enabled"`
 									Endpoint                 string `json:"endpoint"`
 									Region                   string `json:"region"`
 									Bucket                   string `json:"bucket"`
 									AccessKeyID              string `json:"access_key_id"`
 									SecretAccessKey          string `json:"secret_access_key"`
 									Prefix                   string `json:"prefix"`
 									ForcePathStyle           bool   `json:"force_path_style"`
 									CDNURL                   string `json:"cdn_url"`
 									DefaultStorageQuotaBytes int64  `json:"default_storage_quota_bytes"`
 									UpdatedAt                string `json:"updated_at"`
 								}
 								// GetSoraS3Settings 获取 Sora S3 存储配置（兼容旧单配置语义：返回当前激活配置）
 								func (s *SettingService) GetSoraS3Settings(ctx context.Context) (*SoraS3Settings, error) {
 									profiles, err := s.ListSoraS3Profiles(ctx)
 									if err != nil {
 										return nil, err
 									}
 									activeProfile := pickActiveSoraS3Profile(profiles.Items, profiles.ActiveProfileID)
 									if activeProfile == nil {
 										return &SoraS3Settings{}, nil
 									}
 									return &SoraS3Settings{
 										Enabled:                   activeProfile.Enabled,
 										Endpoint:                  activeProfile.Endpoint,
 										Region:                    activeProfile.Region,
 										Bucket:                    activeProfile.Bucket,
 										AccessKeyID:               activeProfile.AccessKeyID,
 										SecretAccessKey:           activeProfile.SecretAccessKey,
 										SecretAccessKeyConfigured: activeProfile.SecretAccessKeyConfigured,
 										Prefix:                    activeProfile.Prefix,
 										ForcePathStyle:            activeProfile.ForcePathStyle,
 										CDNURL:                    activeProfile.CDNURL,
 										DefaultStorageQuotaBytes:  activeProfile.DefaultStorageQuotaBytes,
 									}, nil
 								}
 								// SetSoraS3Settings 更新 Sora S3 存储配置（兼容旧单配置语义：写入当前激活配置）
 								func (s *SettingService) SetSoraS3Settings(ctx context.Context, settings *SoraS3Settings) error {
 									if settings == nil {
 										return fmt.Errorf("settings cannot be nil")
 									}
 									store, err := s.loadSoraS3ProfilesStore(ctx)
 									if err != nil {
 										return err
 									}
 									now := time.Now().UTC().Format(time.RFC3339)
 									activeIndex := findSoraS3ProfileIndex(store.Items, store.ActiveProfileID)
 									if activeIndex < 0 {
 										activeID := "default"
 										if hasSoraS3ProfileID(store.Items, activeID) {
 											activeID = fmt.Sprintf("default-%d", time.Now().Unix())
 										}
 										store.Items = append(store.Items, soraS3ProfileStoreItem{
 											ProfileID: activeID,
 											Name:      "Default",
 											UpdatedAt: now,
 										})
 										store.ActiveProfileID = activeID
 										activeIndex = len(store.Items) - 1
 									}
 									active := store.Items[activeIndex]
 									active.Enabled = settings.Enabled
 									active.Endpoint = strings.TrimSpace(settings.Endpoint)
 									active.Region = strings.TrimSpace(settings.Region)
 									active.Bucket = strings.TrimSpace(settings.Bucket)
 									active.AccessKeyID = strings.TrimSpace(settings.AccessKeyID)
 									active.Prefix = strings.TrimSpace(settings.Prefix)
 									active.ForcePathStyle = settings.ForcePathStyle
 									active.CDNURL = strings.TrimSpace(settings.CDNURL)
 									active.DefaultStorageQuotaBytes = maxInt64(settings.DefaultStorageQuotaBytes, 0)
 									if settings.SecretAccessKey != "" {
 										active.SecretAccessKey = settings.SecretAccessKey
 									}
 									active.UpdatedAt = now
 									store.Items[activeIndex] = active
 									return s.persistSoraS3ProfilesStore(ctx, store)
 								}
 								// ListSoraS3Profiles 获取 Sora S3 多配置列表
 								func (s *SettingService) ListSoraS3Profiles(ctx context.Context) (*SoraS3ProfileList, error) {
 									store, err := s.loadSoraS3ProfilesStore(ctx)
 									if err != nil {
 										return nil, err
 									}
 									return convertSoraS3ProfilesStore(store), nil
 								}
 								// CreateSoraS3Profile 创建 Sora S3 配置
 								func (s *SettingService) CreateSoraS3Profile(ctx context.Context, profile *SoraS3Profile, setActive bool) (*SoraS3Profile, error) {
 									if profile == nil {
 										return nil, fmt.Errorf("profile cannot be nil")
 									}
 									profileID := strings.TrimSpace(profile.ProfileID)
 									if profileID == "" {
 										return nil, infraerrors.BadRequest("SORA_S3_PROFILE_ID_REQUIRED", "profile_id is required")
 									}
 									name := strings.TrimSpace(profile.Name)
 									if name == "" {
 										return nil, infraerrors.BadRequest("SORA_S3_PROFILE_NAME_REQUIRED", "name is required")
 									}
 									store, err := s.loadSoraS3ProfilesStore(ctx)
 									if err != nil {
 										return nil, err
 									}
 									if hasSoraS3ProfileID(store.Items, profileID) {
 										return nil, ErrSoraS3ProfileExists
 									}
 									now := time.Now().UTC().Format(time.RFC3339)
 									store.Items = append(store.Items, soraS3ProfileStoreItem{
 										ProfileID:                profileID,
 										Name:                     name,
 										Enabled:                  profile.Enabled,
 										Endpoint:                 strings.TrimSpace(profile.Endpoint),
 										Region:                   strings.TrimSpace(profile.Region),
 										Bucket:                   strings.TrimSpace(profile.Bucket),
 										AccessKeyID:              strings.TrimSpace(profile.AccessKeyID),
 										SecretAccessKey:          profile.SecretAccessKey,
 										Prefix:                   strings.TrimSpace(profile.Prefix),
 										ForcePathStyle:           profile.ForcePathStyle,
 										CDNURL:                   strings.TrimSpace(profile.CDNURL),
 										DefaultStorageQuotaBytes: maxInt64(profile.DefaultStorageQuotaBytes, 0),
 										UpdatedAt:                now,
 									})
 									if setActive || store.ActiveProfileID == "" {
 										store.ActiveProfileID = profileID
 									}
 									if err := s.persistSoraS3ProfilesStore(ctx, store); err != nil {
 										return nil, err
 									}
 									profiles := convertSoraS3ProfilesStore(store)
 									created := findSoraS3ProfileByID(profiles.Items, profileID)
 									if created == nil {
 										return nil, ErrSoraS3ProfileNotFound
 									}
 									return created, nil
 								}
 								// UpdateSoraS3Profile 更新 Sora S3 配置
 								func (s *SettingService) UpdateSoraS3Profile(ctx context.Context, profileID string, profile *SoraS3Profile) (*SoraS3Profile, error) {
 									if profile == nil {
 										return nil, fmt.Errorf("profile cannot be nil")
 									}
 									targetID := strings.TrimSpace(profileID)
 									if targetID == "" {
 										return nil, infraerrors.BadRequest("SORA_S3_PROFILE_ID_REQUIRED", "profile_id is required")
 									}
 									store, err := s.loadSoraS3ProfilesStore(ctx)
 									if err != nil {
 										return nil, err
 									}
 									targetIndex := findSoraS3ProfileIndex(store.Items, targetID)
 									if targetIndex < 0 {
 										return nil, ErrSoraS3ProfileNotFound
 									}
 									target := store.Items[targetIndex]
 									name := strings.TrimSpace(profile.Name)
 									if name == "" {
 										return nil, infraerrors.BadRequest("SORA_S3_PROFILE_NAME_REQUIRED", "name is required")
 									}
 									target.Name = name
 									target.Enabled = profile.Enabled
 									target.Endpoint = strings.TrimSpace(profile.Endpoint)
 									target.Region = strings.TrimSpace(profile.Region)
 									target.Bucket = strings.TrimSpace(profile.Bucket)
 									target.AccessKeyID = strings.TrimSpace(profile.AccessKeyID)
 									target.Prefix = strings.TrimSpace(profile.Prefix)
 									target.ForcePathStyle = profile.ForcePathStyle
 									target.CDNURL = strings.TrimSpace(profile.CDNURL)
 									target.DefaultStorageQuotaBytes = maxInt64(profile.DefaultStorageQuotaBytes, 0)
 									if profile.SecretAccessKey != "" {
 										target.SecretAccessKey = profile.SecretAccessKey
 									}
 									target.UpdatedAt = time.Now().UTC().Format(time.RFC3339)
 									store.Items[targetIndex] = target
 									if err := s.persistSoraS3ProfilesStore(ctx, store); err != nil {
 										return nil, err
 									}
 									profiles := convertSoraS3ProfilesStore(store)
 									updated := findSoraS3ProfileByID(profiles.Items, targetID)
 									if updated == nil {
 										return nil, ErrSoraS3ProfileNotFound
 									}
 									return updated, nil
 								}
 								// DeleteSoraS3Profile 删除 Sora S3 配置
 								func (s *SettingService) DeleteSoraS3Profile(ctx context.Context, profileID string) error {
 									targetID := strings.TrimSpace(profileID)
 									if targetID == "" {
 										return infraerrors.BadRequest("SORA_S3_PROFILE_ID_REQUIRED", "profile_id is required")
 									}
 									store, err := s.loadSoraS3ProfilesStore(ctx)
 									if err != nil {
 										return err
 									}
 									targetIndex := findSoraS3ProfileIndex(store.Items, targetID)
 									if targetIndex < 0 {
 										return ErrSoraS3ProfileNotFound
 									}
 									store.Items = append(store.Items[:targetIndex], store.Items[targetIndex+1:]...)
 									if store.ActiveProfileID == targetID {
 										store.ActiveProfileID = ""
 										if len(store.Items) > 0 {
 											store.ActiveProfileID = store.Items[0].ProfileID
 										}
 									}
 									return s.persistSoraS3ProfilesStore(ctx, store)
 								}
 								// SetActiveSoraS3Profile 设置激活的 Sora S3 配置
 								func (s *SettingService) SetActiveSoraS3Profile(ctx context.Context, profileID string) (*SoraS3Profile, error) {
 									targetID := strings.TrimSpace(profileID)
 									if targetID == "" {
 										return nil, infraerrors.BadRequest("SORA_S3_PROFILE_ID_REQUIRED", "profile_id is required")
 									}
 									store, err := s.loadSoraS3ProfilesStore(ctx)
 									if err != nil {
 										return nil, err
 									}
 									targetIndex := findSoraS3ProfileIndex(store.Items, targetID)
 									if targetIndex < 0 {
 										return nil, ErrSoraS3ProfileNotFound
 									}
 									store.ActiveProfileID = targetID
 									store.Items[targetIndex].UpdatedAt = time.Now().UTC().Format(time.RFC3339)
 									if err := s.persistSoraS3ProfilesStore(ctx, store); err != nil {
 										return nil, err
 									}
 									profiles := convertSoraS3ProfilesStore(store)
 									active := pickActiveSoraS3Profile(profiles.Items, profiles.ActiveProfileID)
 									if active == nil {
 										return nil, ErrSoraS3ProfileNotFound
 									}
 									return active, nil
 								}
 								func (s *SettingService) loadSoraS3ProfilesStore(ctx context.Context) (*soraS3ProfilesStore, error) {
 									raw, err := s.settingRepo.GetValue(ctx, SettingKeySoraS3Profiles)
 									if err == nil {
 										trimmed := strings.TrimSpace(raw)
 										if trimmed == "" {
 											return &soraS3ProfilesStore{}, nil
 										}
 										var store soraS3ProfilesStore
 										if unmarshalErr := json.Unmarshal([]byte(trimmed), &store); unmarshalErr != nil {
 											legacy, legacyErr := s.getLegacySoraS3Settings(ctx)
 											if legacyErr != nil {
 												return nil, fmt.Errorf("unmarshal sora s3 profiles: %w", unmarshalErr)
 											}
 											if isEmptyLegacySoraS3Settings(legacy) {
 												return &soraS3ProfilesStore{}, nil
 											}
 											now := time.Now().UTC().Format(time.RFC3339)
 											return &soraS3ProfilesStore{
 												ActiveProfileID: "default",
 												Items: []soraS3ProfileStoreItem{
 													{
 														ProfileID:                "default",
 														Name:                     "Default",
 														Enabled:                  legacy.Enabled,
 														Endpoint:                 strings.TrimSpace(legacy.Endpoint),
 														Region:                   strings.TrimSpace(legacy.Region),
 														Bucket:                   strings.TrimSpace(legacy.Bucket),
 														AccessKeyID:              strings.TrimSpace(legacy.AccessKeyID),
 														SecretAccessKey:          legacy.SecretAccessKey,
 														Prefix:                   strings.TrimSpace(legacy.Prefix),
 														ForcePathStyle:           legacy.ForcePathStyle,
 														CDNURL:                   strings.TrimSpace(legacy.CDNURL),
 														DefaultStorageQuotaBytes: maxInt64(legacy.DefaultStorageQuotaBytes, 0),
 														UpdatedAt:                now,
 													},
 												},
 											}, nil
 										}
 										normalized := normalizeSoraS3ProfilesStore(store)
 										return &normalized, nil
 									}
 									if !errors.Is(err, ErrSettingNotFound) {
 										return nil, fmt.Errorf("get sora s3 profiles: %w", err)
 									}
 									legacy, legacyErr := s.getLegacySoraS3Settings(ctx)
 									if legacyErr != nil {
 										return nil, legacyErr
 									}
 									if isEmptyLegacySoraS3Settings(legacy) {
 										return &soraS3ProfilesStore{}, nil
 									}
 									now := time.Now().UTC().Format(time.RFC3339)
 									return &soraS3ProfilesStore{
 										ActiveProfileID: "default",
 										Items: []soraS3ProfileStoreItem{
 											{
 												ProfileID:                "default",
 												Name:                     "Default",
 												Enabled:                  legacy.Enabled,
 												Endpoint:                 strings.TrimSpace(legacy.Endpoint),
 												Region:                   strings.TrimSpace(legacy.Region),
 												Bucket:                   strings.TrimSpace(legacy.Bucket),
 												AccessKeyID:              strings.TrimSpace(legacy.AccessKeyID),
 												SecretAccessKey:          legacy.SecretAccessKey,
 												Prefix:                   strings.TrimSpace(legacy.Prefix),
 												ForcePathStyle:           legacy.ForcePathStyle,
 												CDNURL:                   strings.TrimSpace(legacy.CDNURL),
 												DefaultStorageQuotaBytes: maxInt64(legacy.DefaultStorageQuotaBytes, 0),
 												UpdatedAt:                now,
 											},
 										},
 									}, nil
 								}
 								func (s *SettingService) persistSoraS3ProfilesStore(ctx context.Context, store *soraS3ProfilesStore) error {
 									if store == nil {
 										return fmt.Errorf("sora s3 profiles store cannot be nil")
 									}
 									normalized := normalizeSoraS3ProfilesStore(*store)
 									data, err := json.Marshal(normalized)
 									if err != nil {
 										return fmt.Errorf("marshal sora s3 profiles: %w", err)
 									}
 									updates := map[string]string{
 										SettingKeySoraS3Profiles: string(data),
 									}
 									active := pickActiveSoraS3ProfileFromStore(normalized.Items, normalized.ActiveProfileID)
 									if active == nil {
 										updates[SettingKeySoraS3Enabled] = "false"
 										updates[SettingKeySoraS3Endpoint] = ""
 										updates[SettingKeySoraS3Region] = ""
 										updates[SettingKeySoraS3Bucket] = ""
 										updates[SettingKeySoraS3AccessKeyID] = ""
 										updates[SettingKeySoraS3Prefix] = ""
 										updates[SettingKeySoraS3ForcePathStyle] = "false"
 										updates[SettingKeySoraS3CDNURL] = ""
 										updates[SettingKeySoraDefaultStorageQuotaBytes] = "0"
 										updates[SettingKeySoraS3SecretAccessKey] = ""
 									} else {
 										updates[SettingKeySoraS3Enabled] = strconv.FormatBool(active.Enabled)
 										updates[SettingKeySoraS3Endpoint] = strings.TrimSpace(active.Endpoint)
 										updates[SettingKeySoraS3Region] = strings.TrimSpace(active.Region)
 										updates[SettingKeySoraS3Bucket] = strings.TrimSpace(active.Bucket)
 										updates[SettingKeySoraS3AccessKeyID] = strings.TrimSpace(active.AccessKeyID)
 										updates[SettingKeySoraS3Prefix] = strings.TrimSpace(active.Prefix)
 										updates[SettingKeySoraS3ForcePathStyle] = strconv.FormatBool(active.ForcePathStyle)
 										updates[SettingKeySoraS3CDNURL] = strings.TrimSpace(active.CDNURL)
 										updates[SettingKeySoraDefaultStorageQuotaBytes] = strconv.FormatInt(maxInt64(active.DefaultStorageQuotaBytes, 0), 10)
 										updates[SettingKeySoraS3SecretAccessKey] = active.SecretAccessKey
 									}
 									if err := s.settingRepo.SetMultiple(ctx, updates); err != nil {
 										return err
 									}
 									if s.onUpdate != nil {
 										s.onUpdate()
 									}
 									if s.onS3Update != nil {
 										s.onS3Update()
 									}
 									return nil
 								}
 								func (s *SettingService) getLegacySoraS3Settings(ctx context.Context) (*SoraS3Settings, error) {
 									keys := []string{
 										SettingKeySoraS3Enabled,
 										SettingKeySoraS3Endpoint,
 										SettingKeySoraS3Region,
 										SettingKeySoraS3Bucket,
 										SettingKeySoraS3AccessKeyID,
 										SettingKeySoraS3SecretAccessKey,
 										SettingKeySoraS3Prefix,
 										SettingKeySoraS3ForcePathStyle,
 										SettingKeySoraS3CDNURL,
 										SettingKeySoraDefaultStorageQuotaBytes,
 									}
 									values, err := s.settingRepo.GetMultiple(ctx, keys)
 									if err != nil {
 										return nil, fmt.Errorf("get legacy sora s3 settings: %w", err)
 									}
 									result := &SoraS3Settings{
 										Enabled:                   values[SettingKeySoraS3Enabled] == "true",
 										Endpoint:                  values[SettingKeySoraS3Endpoint],
 										Region:                    values[SettingKeySoraS3Region],
 										Bucket:                    values[SettingKeySoraS3Bucket],
 										AccessKeyID:               values[SettingKeySoraS3AccessKeyID],
 										SecretAccessKey:           values[SettingKeySoraS3SecretAccessKey],
 										SecretAccessKeyConfigured: values[SettingKeySoraS3SecretAccessKey] != "",
 										Prefix:                    values[SettingKeySoraS3Prefix],
 										ForcePathStyle:            values[SettingKeySoraS3ForcePathStyle] == "true",
 										CDNURL:                    values[SettingKeySoraS3CDNURL],
 									}
 									if v, parseErr := strconv.ParseInt(values[SettingKeySoraDefaultStorageQuotaBytes], 10, 64); parseErr == nil {
 										result.DefaultStorageQuotaBytes = v
 									}
 									return result, nil
 								}
 								func normalizeSoraS3ProfilesStore(store soraS3ProfilesStore) soraS3ProfilesStore {
 									seen := make(map[string]struct{}, len(store.Items))
 									normalized := soraS3ProfilesStore{
 										ActiveProfileID: strings.TrimSpace(store.ActiveProfileID),
 										Items:           make([]soraS3ProfileStoreItem, 0, len(store.Items)),
 									}
 									now := time.Now().UTC().Format(time.RFC3339)
 									for idx := range store.Items {
 										item := store.Items[idx]
 										item.ProfileID = strings.TrimSpace(item.ProfileID)
 										if item.ProfileID == "" {
 											item.ProfileID = fmt.Sprintf("profile-%d", idx+1)
 										}
 										if _, exists := seen[item.ProfileID]; exists {
 											continue
 										}
 										seen[item.ProfileID] = struct{}{}
 										item.Name = strings.TrimSpace(item.Name)
 										if item.Name == "" {
 											item.Name = item.ProfileID
 										}
 										item.Endpoint = strings.TrimSpace(item.Endpoint)
 										item.Region = strings.TrimSpace(item.Region)
 										item.Bucket = strings.TrimSpace(item.Bucket)
 										item.AccessKeyID = strings.TrimSpace(item.AccessKeyID)
 										item.Prefix = strings.TrimSpace(item.Prefix)
 										item.CDNURL = strings.TrimSpace(item.CDNURL)
 										item.DefaultStorageQuotaBytes = maxInt64(item.DefaultStorageQuotaBytes, 0)
 										item.UpdatedAt = strings.TrimSpace(item.UpdatedAt)
 										if item.UpdatedAt == "" {
 											item.UpdatedAt = now
 										}
 										normalized.Items = append(normalized.Items, item)
 									}
 									if len(normalized.Items) == 0 {
 										normalized.ActiveProfileID = ""
 										return normalized
 									}
 									if findSoraS3ProfileIndex(normalized.Items, normalized.ActiveProfileID) >= 0 {
 										return normalized
 									}
 									normalized.ActiveProfileID = normalized.Items[0].ProfileID
 									return normalized
 								}
 								func convertSoraS3ProfilesStore(store *soraS3ProfilesStore) *SoraS3ProfileList {
 									if store == nil {
 										return &SoraS3ProfileList{}
 									}
 									items := make([]SoraS3Profile, 0, len(store.Items))
 									for idx := range store.Items {
 										item := store.Items[idx]
 										items = append(items, SoraS3Profile{
 											ProfileID:                 item.ProfileID,
 											Name:                      item.Name,
 											IsActive:                  item.ProfileID == store.ActiveProfileID,
 											Enabled:                   item.Enabled,
 											Endpoint:                  item.Endpoint,
 											Region:                    item.Region,
 											Bucket:                    item.Bucket,
 											AccessKeyID:               item.AccessKeyID,
 											SecretAccessKey:           item.SecretAccessKey,
 											SecretAccessKeyConfigured: item.SecretAccessKey != "",
 											Prefix:                    item.Prefix,
 											ForcePathStyle:            item.ForcePathStyle,
 											CDNURL:                    item.CDNURL,
 											DefaultStorageQuotaBytes:  item.DefaultStorageQuotaBytes,
 											UpdatedAt:                 item.UpdatedAt,
 										})
 									}
 									return &SoraS3ProfileList{
 										ActiveProfileID: store.ActiveProfileID,
 										Items:           items,
 									}
 								}
 								func pickActiveSoraS3Profile(items []SoraS3Profile, activeProfileID string) *SoraS3Profile {
 									for idx := range items {
 										if items[idx].ProfileID == activeProfileID {
 											return &items[idx]
 										}
 									}
 									if len(items) == 0 {
 										return nil
 									}
 									return &items[0]
 								}
 								func findSoraS3ProfileByID(items []SoraS3Profile, profileID string) *SoraS3Profile {
 									for idx := range items {
 										if items[idx].ProfileID == profileID {
 											return &items[idx]
 										}
 									}
 									return nil
 								}
 								func pickActiveSoraS3ProfileFromStore(items []soraS3ProfileStoreItem, activeProfileID string) *soraS3ProfileStoreItem {
 									for idx := range items {
 										if items[idx].ProfileID == activeProfileID {
 											return &items[idx]
 										}
 									}
 									if len(items) == 0 {
 										return nil
 									}
 									return &items[0]
 								}
 								func findSoraS3ProfileIndex(items []soraS3ProfileStoreItem, profileID string) int {
 									for idx := range items {
 										if items[idx].ProfileID == profileID {
 											return idx
 										}
 									}
 									return -1
 								}
 								func hasSoraS3ProfileID(items []soraS3ProfileStoreItem, profileID string) bool {
 									return findSoraS3ProfileIndex(items, profileID) >= 0
 								}
 								func isEmptyLegacySoraS3Settings(settings *SoraS3Settings) bool {
 									if settings == nil {
 										return true
 									}
 									if settings.Enabled {
 										return false
 									}
 									if strings.TrimSpace(settings.Endpoint) != "" {
 										return false
 									}
 									if strings.TrimSpace(settings.Region) != "" {
 										return false
 									}
 									if strings.TrimSpace(settings.Bucket) != "" {
 										return false
 									}
 									if strings.TrimSpace(settings.AccessKeyID) != "" {
 										return false
 									}
 									if settings.SecretAccessKey != "" {
 										return false
 									}
 									if strings.TrimSpace(settings.Prefix) != "" {
 										return false
 									}
 									if strings.TrimSpace(settings.CDNURL) != "" {
 										return false
 									}
 									return settings.DefaultStorageQuotaBytes == 0
 								}
 								func maxInt64(value int64, min int64) int64 {
 									if value < min {
 										return min
 									}
 									return value
 								}