fix(frontend): 优化分组表单中订阅模式的字段显示逻辑

- 订阅模式下隐藏 Exclusive 字段并默认为开启状态
- 编辑分组时禁用计费类型字段，防止修改
- 移除编辑表单中无用的 subscription_type watch

README.md

@@ -16,6 +16,14 @@ English | [中文](README_CN.md)
 
 ---
 
+## Demo
+
+Try Sub2API online: **https://v2.pincc.ai/**
+
+| Email | Password |
+|-------|----------|
+| admin@sub2api.com | admin123 |
+
 ## Overview
 
 Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions (like Claude Code $200/month). Users can access upstream AI services through platform-generated API Keys, while the platform handles authentication, billing, load balancing, and request forwarding.

README_CN.md

@@ -16,6 +16,14 @@
 
 ---
 
+## 在线体验
+
+体验地址：**https://v2.pincc.ai/**
+
+| 邮箱 | 密码 |
+|------|------|
+| admin@sub2api.com | admin123 |
+
 ## 项目概述
 
 Sub2API 是一个 AI API 网关平台，用于分发和管理 AI 产品订阅（如 Claude Code $200/月）的 API 配额。用户通过平台生成的 API Key 调用上游 AI 服务，平台负责鉴权、计费、负载均衡和请求转发。

backend/Makefile

@@ -0,0 +1,6 @@
+.PHONY: wire
+
+wire:
+	@echo "生成 Wire 代码..."
+	@cd cmd/server && go generate
+	@echo "Wire 代码生成完成"

backend/cmd/server/main.go

@@ -1,8 +1,11 @@
 package main
 
+//go:generate go run github.com/google/wire/cmd/wire
+
 import (
 	"context"
 	_ "embed"
+	"errors"
 	"flag"
 	"log"
 	"net/http"
@@ -12,21 +15,12 @@ import (
 	"syscall"
 	"time"
 
-	"sub2api/internal/config"
 	"sub2api/internal/handler"
 	"sub2api/internal/middleware"
-	"sub2api/internal/model"
-	"sub2api/internal/pkg/timezone"
-	"sub2api/internal/repository"
-	"sub2api/internal/service"
 	"sub2api/internal/setup"
 	"sub2api/internal/web"
 
 	"github.com/gin-gonic/gin"
-	"github.com/redis/go-redis/v9"
-	"gorm.io/driver/postgres"
-	"gorm.io/gorm"
-	"gorm.io/gorm/logger"
 )
 
 //go:embed VERSION
@@ -110,78 +104,25 @@ func runSetupServer() {
 }
 
 func runMainServer() {
-	// 加载配置
-	cfg, err := config.Load()
-	if err != nil {
-		log.Fatalf("Failed to load config: %v", err)
-	}
-
-	// 初始化时区（类似 PHP 的 date_default_timezone_set）
-	if err := timezone.Init(cfg.Timezone); err != nil {
-		log.Fatalf("Failed to initialize timezone: %v", err)
-	}
-
-	// 初始化数据库
-	db, err := initDB(cfg)
-	if err != nil {
-		log.Fatalf("Failed to connect to database: %v", err)
-	}
-
-	// 初始化Redis
-	rdb := initRedis(cfg)
-
-	// 初始化Repository
-	repos := repository.NewRepositories(db)
-
-	// 初始化Service
-	services := service.NewServices(repos, rdb, cfg)
-
-	// 初始化Handler
 	buildInfo := handler.BuildInfo{
 		Version:   Version,
 		BuildType: BuildType,
 	}
-	handlers := handler.NewHandlers(services, repos, rdb, buildInfo)
 
-	// 设置Gin模式
-	if cfg.Server.Mode == "release" {
-		gin.SetMode(gin.ReleaseMode)
-	}
-
-	// 创建路由
-	r := gin.New()
-	r.Use(gin.Recovery())
-	r.Use(middleware.Logger())
-	r.Use(middleware.CORS())
-
-	// 注册路由
-	registerRoutes(r, handlers, services, repos)
-
-	// Serve embedded frontend if available
-	if web.HasEmbeddedFrontend() {
-		r.Use(web.ServeEmbeddedFrontend())
+	app, err := initializeApplication(buildInfo)
+	if err != nil {
+		log.Fatalf("Failed to initialize application: %v", err)
 	}
+	defer app.Cleanup()
 
 	// 启动服务器
-	srv := &http.Server{
-		Addr:    cfg.Server.Address(),
-		Handler: r,
-		// ReadHeaderTimeout: 读取请求头的超时时间，防止慢速请求头攻击
-		ReadHeaderTimeout: time.Duration(cfg.Server.ReadHeaderTimeout) * time.Second,
-		// IdleTimeout: 空闲连接超时时间，释放不活跃的连接资源
-		IdleTimeout: time.Duration(cfg.Server.IdleTimeout) * time.Second,
-		// 注意：不设置 WriteTimeout，因为流式响应可能持续十几分钟
-		// 不设置 ReadTimeout，因为大请求体可能需要较长时间读取
-	}
-
-	// 优雅关闭
 	go func() {
-		if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
+		if err := app.Server.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) {
 			log.Fatalf("Failed to start server: %v", err)
 		}
 	}()
 
-	log.Printf("Server started on %s", cfg.Server.Address())
+	log.Printf("Server started on %s", app.Server.Addr)
 
 	// 等待中断信号
 	quit := make(chan os.Signal, 1)
@@ -193,289 +134,9 @@ func runMainServer() {
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
 
-	if err := srv.Shutdown(ctx); err != nil {
+	if err := app.Server.Shutdown(ctx); err != nil {
 		log.Fatalf("Server forced to shutdown: %v", err)
 	}
 
 	log.Println("Server exited")
 }
-
-func initDB(cfg *config.Config) (*gorm.DB, error) {
-	gormConfig := &gorm.Config{}
-	if cfg.Server.Mode == "debug" {
-		gormConfig.Logger = logger.Default.LogMode(logger.Info)
-	}
-
-	// 使用带时区的 DSN 连接数据库
-	db, err := gorm.Open(postgres.Open(cfg.Database.DSNWithTimezone(cfg.Timezone)), gormConfig)
-	if err != nil {
-		return nil, err
-	}
-
-	// 自动迁移（始终执行，确保数据库结构与代码同步）
-	// GORM 的 AutoMigrate 只会添加新字段，不会删除或修改已有字段，是安全的
-	if err := model.AutoMigrate(db); err != nil {
-		return nil, err
-	}
-
-	return db, nil
-}
-
-func initRedis(cfg *config.Config) *redis.Client {
-	return redis.NewClient(&redis.Options{
-		Addr:     cfg.Redis.Address(),
-		Password: cfg.Redis.Password,
-		DB:       cfg.Redis.DB,
-	})
-}
-
-func registerRoutes(r *gin.Engine, h *handler.Handlers, s *service.Services, repos *repository.Repositories) {
-	// 健康检查
-	r.GET("/health", func(c *gin.Context) {
-		c.JSON(http.StatusOK, gin.H{"status": "ok"})
-	})
-
-	// Setup status endpoint (always returns needs_setup: false in normal mode)
-	// This is used by the frontend to detect when the service has restarted after setup
-	r.GET("/setup/status", func(c *gin.Context) {
-		c.JSON(http.StatusOK, gin.H{
-			"code": 0,
-			"data": gin.H{
-				"needs_setup": false,
-				"step":        "completed",
-			},
-		})
-	})
-
-	// API v1
-	v1 := r.Group("/api/v1")
-	{
-		// 公开接口
-		auth := v1.Group("/auth")
-		{
-			auth.POST("/register", h.Auth.Register)
-			auth.POST("/login", h.Auth.Login)
-			auth.POST("/send-verify-code", h.Auth.SendVerifyCode)
-		}
-
-		// 公开设置（无需认证）
-		settings := v1.Group("/settings")
-		{
-			settings.GET("/public", h.Setting.GetPublicSettings)
-		}
-
-		// 需要认证的接口
-		authenticated := v1.Group("")
-		authenticated.Use(middleware.JWTAuth(s.Auth, repos.User))
-		{
-			// 当前用户信息
-			authenticated.GET("/auth/me", h.Auth.GetCurrentUser)
-
-			// 用户接口
-			user := authenticated.Group("/user")
-			{
-				user.GET("/profile", h.User.GetProfile)
-				user.PUT("/password", h.User.ChangePassword)
-			}
-
-			// API Key管理
-			keys := authenticated.Group("/keys")
-			{
-				keys.GET("", h.APIKey.List)
-				keys.GET("/:id", h.APIKey.GetByID)
-				keys.POST("", h.APIKey.Create)
-				keys.PUT("/:id", h.APIKey.Update)
-				keys.DELETE("/:id", h.APIKey.Delete)
-			}
-
-			// 用户可用分组（非管理员接口）
-			groups := authenticated.Group("/groups")
-			{
-				groups.GET("/available", h.APIKey.GetAvailableGroups)
-			}
-
-			// 使用记录
-			usage := authenticated.Group("/usage")
-			{
-				usage.GET("", h.Usage.List)
-				usage.GET("/:id", h.Usage.GetByID)
-				usage.GET("/stats", h.Usage.Stats)
-				// User dashboard endpoints
-				usage.GET("/dashboard/stats", h.Usage.DashboardStats)
-				usage.GET("/dashboard/trend", h.Usage.DashboardTrend)
-				usage.GET("/dashboard/models", h.Usage.DashboardModels)
-				usage.POST("/dashboard/api-keys-usage", h.Usage.DashboardApiKeysUsage)
-			}
-
-			// 卡密兑换
-			redeem := authenticated.Group("/redeem")
-			{
-				redeem.POST("", h.Redeem.Redeem)
-				redeem.GET("/history", h.Redeem.GetHistory)
-			}
-
-			// 用户订阅
-			subscriptions := authenticated.Group("/subscriptions")
-			{
-				subscriptions.GET("", h.Subscription.List)
-				subscriptions.GET("/active", h.Subscription.GetActive)
-				subscriptions.GET("/progress", h.Subscription.GetProgress)
-				subscriptions.GET("/summary", h.Subscription.GetSummary)
-			}
-		}
-
-		// 管理员接口
-		admin := v1.Group("/admin")
-		admin.Use(middleware.JWTAuth(s.Auth, repos.User), middleware.AdminOnly())
-		{
-			// 仪表盘
-			dashboard := admin.Group("/dashboard")
-			{
-				dashboard.GET("/stats", h.Admin.Dashboard.GetStats)
-				dashboard.GET("/realtime", h.Admin.Dashboard.GetRealtimeMetrics)
-				dashboard.GET("/trend", h.Admin.Dashboard.GetUsageTrend)
-				dashboard.GET("/models", h.Admin.Dashboard.GetModelStats)
-				dashboard.GET("/api-keys-trend", h.Admin.Dashboard.GetApiKeyUsageTrend)
-				dashboard.GET("/users-trend", h.Admin.Dashboard.GetUserUsageTrend)
-				dashboard.POST("/users-usage", h.Admin.Dashboard.GetBatchUsersUsage)
-				dashboard.POST("/api-keys-usage", h.Admin.Dashboard.GetBatchApiKeysUsage)
-			}
-
-			// 用户管理
-			users := admin.Group("/users")
-			{
-				users.GET("", h.Admin.User.List)
-				users.GET("/:id", h.Admin.User.GetByID)
-				users.POST("", h.Admin.User.Create)
-				users.PUT("/:id", h.Admin.User.Update)
-				users.DELETE("/:id", h.Admin.User.Delete)
-				users.POST("/:id/balance", h.Admin.User.UpdateBalance)
-				users.GET("/:id/api-keys", h.Admin.User.GetUserAPIKeys)
-				users.GET("/:id/usage", h.Admin.User.GetUserUsage)
-			}
-
-			// 分组管理
-			groups := admin.Group("/groups")
-			{
-				groups.GET("", h.Admin.Group.List)
-				groups.GET("/all", h.Admin.Group.GetAll)
-				groups.GET("/:id", h.Admin.Group.GetByID)
-				groups.POST("", h.Admin.Group.Create)
-				groups.PUT("/:id", h.Admin.Group.Update)
-				groups.DELETE("/:id", h.Admin.Group.Delete)
-				groups.GET("/:id/stats", h.Admin.Group.GetStats)
-				groups.GET("/:id/api-keys", h.Admin.Group.GetGroupAPIKeys)
-			}
-
-			// 账号管理
-			accounts := admin.Group("/accounts")
-			{
-				accounts.GET("", h.Admin.Account.List)
-				accounts.GET("/:id", h.Admin.Account.GetByID)
-				accounts.POST("", h.Admin.Account.Create)
-				accounts.PUT("/:id", h.Admin.Account.Update)
-				accounts.DELETE("/:id", h.Admin.Account.Delete)
-				accounts.POST("/:id/test", h.Admin.Account.Test)
-				accounts.POST("/:id/refresh", h.Admin.Account.Refresh)
-				accounts.GET("/:id/stats", h.Admin.Account.GetStats)
-				accounts.POST("/:id/clear-error", h.Admin.Account.ClearError)
-				accounts.GET("/:id/usage", h.Admin.Account.GetUsage)
-				accounts.GET("/:id/today-stats", h.Admin.Account.GetTodayStats)
-				accounts.POST("/:id/clear-rate-limit", h.Admin.Account.ClearRateLimit)
-				accounts.POST("/:id/schedulable", h.Admin.Account.SetSchedulable)
-				accounts.POST("/batch", h.Admin.Account.BatchCreate)
-
-				// OAuth routes
-				accounts.POST("/generate-auth-url", h.Admin.OAuth.GenerateAuthURL)
-				accounts.POST("/generate-setup-token-url", h.Admin.OAuth.GenerateSetupTokenURL)
-				accounts.POST("/exchange-code", h.Admin.OAuth.ExchangeCode)
-				accounts.POST("/exchange-setup-token-code", h.Admin.OAuth.ExchangeSetupTokenCode)
-				accounts.POST("/cookie-auth", h.Admin.OAuth.CookieAuth)
-				accounts.POST("/setup-token-cookie-auth", h.Admin.OAuth.SetupTokenCookieAuth)
-			}
-
-			// 代理管理
-			proxies := admin.Group("/proxies")
-			{
-				proxies.GET("", h.Admin.Proxy.List)
-				proxies.GET("/all", h.Admin.Proxy.GetAll)
-				proxies.GET("/:id", h.Admin.Proxy.GetByID)
-				proxies.POST("", h.Admin.Proxy.Create)
-				proxies.PUT("/:id", h.Admin.Proxy.Update)
-				proxies.DELETE("/:id", h.Admin.Proxy.Delete)
-				proxies.POST("/:id/test", h.Admin.Proxy.Test)
-				proxies.GET("/:id/stats", h.Admin.Proxy.GetStats)
-				proxies.GET("/:id/accounts", h.Admin.Proxy.GetProxyAccounts)
-				proxies.POST("/batch", h.Admin.Proxy.BatchCreate)
-			}
-
-			// 卡密管理
-			codes := admin.Group("/redeem-codes")
-			{
-				codes.GET("", h.Admin.Redeem.List)
-				codes.GET("/stats", h.Admin.Redeem.GetStats)
-				codes.GET("/export", h.Admin.Redeem.Export)
-				codes.GET("/:id", h.Admin.Redeem.GetByID)
-				codes.POST("/generate", h.Admin.Redeem.Generate)
-				codes.DELETE("/:id", h.Admin.Redeem.Delete)
-				codes.POST("/batch-delete", h.Admin.Redeem.BatchDelete)
-				codes.POST("/:id/expire", h.Admin.Redeem.Expire)
-			}
-
-			// 系统设置
-			adminSettings := admin.Group("/settings")
-			{
-				adminSettings.GET("", h.Admin.Setting.GetSettings)
-				adminSettings.PUT("", h.Admin.Setting.UpdateSettings)
-				adminSettings.POST("/test-smtp", h.Admin.Setting.TestSmtpConnection)
-				adminSettings.POST("/send-test-email", h.Admin.Setting.SendTestEmail)
-			}
-
-			// 系统管理
-			system := admin.Group("/system")
-			{
-				system.GET("/version", h.Admin.System.GetVersion)
-				system.GET("/check-updates", h.Admin.System.CheckUpdates)
-				system.POST("/update", h.Admin.System.PerformUpdate)
-				system.POST("/rollback", h.Admin.System.Rollback)
-				system.POST("/restart", h.Admin.System.RestartService)
-			}
-
-			// 订阅管理
-			subscriptions := admin.Group("/subscriptions")
-			{
-				subscriptions.GET("", h.Admin.Subscription.List)
-				subscriptions.GET("/:id", h.Admin.Subscription.GetByID)
-				subscriptions.GET("/:id/progress", h.Admin.Subscription.GetProgress)
-				subscriptions.POST("/assign", h.Admin.Subscription.Assign)
-				subscriptions.POST("/bulk-assign", h.Admin.Subscription.BulkAssign)
-				subscriptions.POST("/:id/extend", h.Admin.Subscription.Extend)
-				subscriptions.DELETE("/:id", h.Admin.Subscription.Revoke)
-			}
-
-			// 分组下的订阅列表
-			admin.GET("/groups/:id/subscriptions", h.Admin.Subscription.ListByGroup)
-
-			// 用户下的订阅列表
-			admin.GET("/users/:id/subscriptions", h.Admin.Subscription.ListByUser)
-
-			// 使用记录管理
-			usage := admin.Group("/usage")
-			{
-				usage.GET("", h.Admin.Usage.List)
-				usage.GET("/stats", h.Admin.Usage.Stats)
-				usage.GET("/search-users", h.Admin.Usage.SearchUsers)
-				usage.GET("/search-api-keys", h.Admin.Usage.SearchApiKeys)
-			}
-		}
-	}
-
-	// API网关（Claude API兼容）
-	gateway := r.Group("/v1")
-	gateway.Use(middleware.ApiKeyAuthWithSubscription(s.ApiKey, s.Subscription))
-	{
-		gateway.POST("/messages", h.Gateway.Messages)
-		gateway.GET("/models", h.Gateway.Models)
-		gateway.GET("/usage", h.Gateway.Usage)
-	}
-}

backend/cmd/server/wire.go

@@ -0,0 +1,103 @@
+//go:build wireinject
+// +build wireinject
+
+package main
+
+import (
+	"sub2api/internal/config"
+	"sub2api/internal/handler"
+	"sub2api/internal/infrastructure"
+	"sub2api/internal/repository"
+	"sub2api/internal/server"
+	"sub2api/internal/service"
+
+	"context"
+	"log"
+	"net/http"
+	"time"
+
+	"github.com/google/wire"
+	"github.com/redis/go-redis/v9"
+	"gorm.io/gorm"
+)
+
+type Application struct {
+	Server  *http.Server
+	Cleanup func()
+}
+
+func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
+	wire.Build(
+		// 基础设施层 ProviderSets
+		config.ProviderSet,
+		infrastructure.ProviderSet,
+
+		// 业务层 ProviderSets
+		repository.ProviderSet,
+		service.ProviderSet,
+		handler.ProviderSet,
+
+		// 服务器层 ProviderSet
+		server.ProviderSet,
+
+		// 清理函数提供者
+		provideCleanup,
+
+		// 应用程序结构体
+		wire.Struct(new(Application), "Server", "Cleanup"),
+	)
+	return nil, nil
+}
+
+func provideCleanup(
+	db *gorm.DB,
+	rdb *redis.Client,
+	services *service.Services,
+) func() {
+	return func() {
+		ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+		defer cancel()
+
+		// Cleanup steps in reverse dependency order
+		cleanupSteps := []struct {
+			name string
+			fn   func() error
+		}{
+			{"PricingService", func() error {
+				services.Pricing.Stop()
+				return nil
+			}},
+			{"EmailQueueService", func() error {
+				services.EmailQueue.Stop()
+				return nil
+			}},
+			{"Redis", func() error {
+				return rdb.Close()
+			}},
+			{"Database", func() error {
+				sqlDB, err := db.DB()
+				if err != nil {
+					return err
+				}
+				return sqlDB.Close()
+			}},
+		}
+
+		for _, step := range cleanupSteps {
+			if err := step.fn(); err != nil {
+				log.Printf("[Cleanup] %s failed: %v", step.name, err)
+				// Continue with remaining cleanup steps even if one fails
+			} else {
+				log.Printf("[Cleanup] %s succeeded", step.name)
+			}
+		}
+
+		// Check if context timed out
+		select {
+		case <-ctx.Done():
+			log.Printf("[Cleanup] Warning: cleanup timed out after 10 seconds")
+		default:
+			log.Printf("[Cleanup] All cleanup steps completed")
+		}
+	}
+}

backend/cmd/server/wire_gen.go

@@ -0,0 +1,201 @@
+// Code generated by Wire. DO NOT EDIT.
+
+//go:generate go run -mod=mod github.com/google/wire/cmd/wire
+//go:build !wireinject
+// +build !wireinject
+
+package main
+
+import (
+	"context"
+	"github.com/redis/go-redis/v9"
+	"gorm.io/gorm"
+	"log"
+	"net/http"
+	"sub2api/internal/config"
+	"sub2api/internal/handler"
+	"sub2api/internal/handler/admin"
+	"sub2api/internal/infrastructure"
+	"sub2api/internal/repository"
+	"sub2api/internal/server"
+	"sub2api/internal/service"
+	"time"
+)
+
+import (
+	_ "embed"
+)
+
+// Injectors from wire.go:
+
+func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
+	configConfig, err := config.ProvideConfig()
+	if err != nil {
+		return nil, err
+	}
+	db, err := infrastructure.ProvideDB(configConfig)
+	if err != nil {
+		return nil, err
+	}
+	userRepository := repository.NewUserRepository(db)
+	settingRepository := repository.NewSettingRepository(db)
+	settingService := service.NewSettingService(settingRepository, configConfig)
+	client := infrastructure.ProvideRedis(configConfig)
+	emailService := service.NewEmailService(settingRepository, client)
+	turnstileService := service.NewTurnstileService(settingService)
+	emailQueueService := service.ProvideEmailQueueService(emailService)
+	authService := service.NewAuthService(userRepository, configConfig, settingService, emailService, turnstileService, emailQueueService)
+	authHandler := handler.NewAuthHandler(authService)
+	userService := service.NewUserService(userRepository, configConfig)
+	userHandler := handler.NewUserHandler(userService)
+	apiKeyRepository := repository.NewApiKeyRepository(db)
+	groupRepository := repository.NewGroupRepository(db)
+	userSubscriptionRepository := repository.NewUserSubscriptionRepository(db)
+	apiKeyService := service.NewApiKeyService(apiKeyRepository, userRepository, groupRepository, userSubscriptionRepository, client, configConfig)
+	apiKeyHandler := handler.NewAPIKeyHandler(apiKeyService)
+	usageLogRepository := repository.NewUsageLogRepository(db)
+	usageService := service.NewUsageService(usageLogRepository, userRepository)
+	usageHandler := handler.NewUsageHandler(usageService, usageLogRepository, apiKeyService)
+	redeemCodeRepository := repository.NewRedeemCodeRepository(db)
+	accountRepository := repository.NewAccountRepository(db)
+	proxyRepository := repository.NewProxyRepository(db)
+	repositories := &repository.Repositories{
+		User:             userRepository,
+		ApiKey:           apiKeyRepository,
+		Group:            groupRepository,
+		Account:          accountRepository,
+		Proxy:            proxyRepository,
+		RedeemCode:       redeemCodeRepository,
+		UsageLog:         usageLogRepository,
+		Setting:          settingRepository,
+		UserSubscription: userSubscriptionRepository,
+	}
+	billingCacheService := service.NewBillingCacheService(client, userRepository, userSubscriptionRepository)
+	subscriptionService := service.NewSubscriptionService(repositories, billingCacheService)
+	redeemService := service.NewRedeemService(redeemCodeRepository, userRepository, subscriptionService, client, billingCacheService)
+	redeemHandler := handler.NewRedeemHandler(redeemService)
+	subscriptionHandler := handler.NewSubscriptionHandler(subscriptionService)
+	adminService := service.NewAdminService(repositories, billingCacheService)
+	dashboardHandler := admin.NewDashboardHandler(adminService, usageLogRepository)
+	adminUserHandler := admin.NewUserHandler(adminService)
+	groupHandler := admin.NewGroupHandler(adminService)
+	oAuthService := service.NewOAuthService(proxyRepository)
+	rateLimitService := service.NewRateLimitService(repositories, configConfig)
+	accountUsageService := service.NewAccountUsageService(repositories, oAuthService)
+	accountTestService := service.NewAccountTestService(repositories, oAuthService)
+	accountHandler := admin.NewAccountHandler(adminService, oAuthService, rateLimitService, accountUsageService, accountTestService)
+	oAuthHandler := admin.NewOAuthHandler(oAuthService, adminService)
+	proxyHandler := admin.NewProxyHandler(adminService)
+	adminRedeemHandler := admin.NewRedeemHandler(adminService)
+	settingHandler := admin.NewSettingHandler(settingService, emailService)
+	systemHandler := handler.ProvideSystemHandler(client, buildInfo)
+	adminSubscriptionHandler := admin.NewSubscriptionHandler(subscriptionService)
+	adminUsageHandler := admin.NewUsageHandler(usageLogRepository, apiKeyRepository, usageService, adminService)
+	adminHandlers := handler.ProvideAdminHandlers(dashboardHandler, adminUserHandler, groupHandler, accountHandler, oAuthHandler, proxyHandler, adminRedeemHandler, settingHandler, systemHandler, adminSubscriptionHandler, adminUsageHandler)
+	pricingService, err := service.ProvidePricingService(configConfig)
+	if err != nil {
+		return nil, err
+	}
+	billingService := service.NewBillingService(configConfig, pricingService)
+	identityService := service.NewIdentityService(client)
+	gatewayService := service.NewGatewayService(repositories, client, configConfig, oAuthService, billingService, rateLimitService, billingCacheService, identityService)
+	concurrencyService := service.NewConcurrencyService(client)
+	gatewayHandler := handler.NewGatewayHandler(gatewayService, userService, concurrencyService, billingCacheService)
+	handlerSettingHandler := handler.ProvideSettingHandler(settingService, buildInfo)
+	handlers := handler.ProvideHandlers(authHandler, userHandler, apiKeyHandler, usageHandler, redeemHandler, subscriptionHandler, adminHandlers, gatewayHandler, handlerSettingHandler)
+	groupService := service.NewGroupService(groupRepository)
+	accountService := service.NewAccountService(accountRepository, groupRepository)
+	proxyService := service.NewProxyService(proxyRepository)
+	services := &service.Services{
+		Auth:         authService,
+		User:         userService,
+		ApiKey:       apiKeyService,
+		Group:        groupService,
+		Account:      accountService,
+		Proxy:        proxyService,
+		Redeem:       redeemService,
+		Usage:        usageService,
+		Pricing:      pricingService,
+		Billing:      billingService,
+		BillingCache: billingCacheService,
+		Admin:        adminService,
+		Gateway:      gatewayService,
+		OAuth:        oAuthService,
+		RateLimit:    rateLimitService,
+		AccountUsage: accountUsageService,
+		AccountTest:  accountTestService,
+		Setting:      settingService,
+		Email:        emailService,
+		EmailQueue:   emailQueueService,
+		Turnstile:    turnstileService,
+		Subscription: subscriptionService,
+		Concurrency:  concurrencyService,
+		Identity:     identityService,
+	}
+	engine := server.ProvideRouter(configConfig, handlers, services, repositories)
+	httpServer := server.ProvideHTTPServer(configConfig, engine)
+	v := provideCleanup(db, client, services)
+	application := &Application{
+		Server:  httpServer,
+		Cleanup: v,
+	}
+	return application, nil
+}
+
+// wire.go:
+
+type Application struct {
+	Server  *http.Server
+	Cleanup func()
+}
+
+func provideCleanup(
+	db *gorm.DB,
+	rdb *redis.Client,
+	services *service.Services,
+) func() {
+	return func() {
+		ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+		defer cancel()
+
+		cleanupSteps := []struct {
+			name string
+			fn   func() error
+		}{
+			{"PricingService", func() error {
+				services.Pricing.Stop()
+				return nil
+			}},
+			{"EmailQueueService", func() error {
+				services.EmailQueue.Stop()
+				return nil
+			}},
+			{"Redis", func() error {
+				return rdb.Close()
+			}},
+			{"Database", func() error {
+				sqlDB, err := db.DB()
+				if err != nil {
+					return err
+				}
+				return sqlDB.Close()
+			}},
+		}
+
+		for _, step := range cleanupSteps {
+			if err := step.fn(); err != nil {
+				log.Printf("[Cleanup] %s failed: %v", step.name, err)
+
+			} else {
+				log.Printf("[Cleanup] %s succeeded", step.name)
+			}
+		}
+
+		select {
+		case <-ctx.Done():
+			log.Printf("[Cleanup] Warning: cleanup timed out after 10 seconds")
+		default:
+			log.Printf("[Cleanup] All cleanup steps completed")
+		}
+	}
+}

backend/go.mod

@@ -13,6 +13,7 @@ require (
 	github.com/redis/go-redis/v9 v9.3.0
 	github.com/spf13/viper v1.18.2
 	golang.org/x/crypto v0.44.0
+	golang.org/x/net v0.47.0
 	golang.org/x/term v0.37.0
 	gopkg.in/yaml.v3 v3.0.1
 	gorm.io/driver/postgres v1.5.4
@@ -33,6 +34,8 @@ require (
 	github.com/go-playground/validator/v10 v10.14.0 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
+	github.com/google/subcommands v1.2.0 // indirect
+	github.com/google/wire v0.7.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/icholy/digest v1.1.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
@@ -50,6 +53,7 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/quic-go/qpack v0.5.1 // indirect
 	github.com/quic-go/quic-go v0.56.0 // indirect
 	github.com/refraction-networking/utls v1.8.1 // indirect
@@ -66,9 +70,11 @@ require (
 	go.uber.org/multierr v1.9.0 // indirect
 	golang.org/x/arch v0.3.0 // indirect
 	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
-	golang.org/x/net v0.47.0 // indirect
+	golang.org/x/mod v0.29.0 // indirect
+	golang.org/x/sync v0.18.0 // indirect
 	golang.org/x/sys v0.38.0 // indirect
 	golang.org/x/text v0.31.0 // indirect
+	golang.org/x/tools v0.38.0 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 )

backend/go.sum

@@ -48,8 +48,12 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE=
+github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/wire v0.7.0 h1:JxUKI6+CVBgCO2WToKy/nQk0sS+amI9z9EjVmdaocj4=
+github.com/google/wire v0.7.0/go.mod h1:n6YbUQD9cPKTnHXEBN2DXlOp/mVADhVErcMFb0v3J18=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/icholy/digest v1.1.0 h1:HfGg9Irj7i+IX1o1QAmPfIBNu/Q5A5Tu3n/MED9k9H4=
@@ -154,8 +158,12 @@ golang.org/x/crypto v0.44.0 h1:A97SsFvM3AIwEEmTBiaxPPTYpDC47w720rdiiUvgoAU=
 golang.org/x/crypto v0.44.0/go.mod h1:013i+Nw79BMiQiMsOPcVCB5ZIJbYkerPrGnOa00tvmc=
 golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
 golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
+golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=
+golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
 golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
 golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
+golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
@@ -166,6 +174,8 @@ golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
 golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
 golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
 golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
+golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
+golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=

backend/internal/config/wire.go

@@ -0,0 +1,13 @@
+package config
+
+import "github.com/google/wire"
+
+// ProviderSet 提供配置层的依赖
+var ProviderSet = wire.NewSet(
+	ProvideConfig,
+)
+
+// ProvideConfig 提供应用配置
+func ProvideConfig() (*Config, error) {
+	return Load()
+}

backend/internal/handler/handler.go

@@ -2,10 +2,6 @@ package handler
 
 import (
 	"sub2api/internal/handler/admin"
-	"sub2api/internal/repository"
-	"sub2api/internal/service"
-
-	"github.com/redis/go-redis/v9"
 )
 
 // AdminHandlers contains all admin-related HTTP handlers
@@ -41,30 +37,3 @@ type BuildInfo struct {
 	Version   string
 	BuildType string // "source" for manual builds, "release" for CI builds
 }
-
-// NewHandlers creates a new Handlers instance with all handlers initialized
-func NewHandlers(services *service.Services, repos *repository.Repositories, rdb *redis.Client, buildInfo BuildInfo) *Handlers {
-	return &Handlers{
-		Auth:         NewAuthHandler(services.Auth),
-		User:         NewUserHandler(services.User),
-		APIKey:       NewAPIKeyHandler(services.ApiKey),
-		Usage:        NewUsageHandler(services.Usage, repos.UsageLog, services.ApiKey),
-		Redeem:       NewRedeemHandler(services.Redeem),
-		Subscription: NewSubscriptionHandler(services.Subscription),
-		Admin: &AdminHandlers{
-			Dashboard:    admin.NewDashboardHandler(services.Admin, repos.UsageLog),
-			User:         admin.NewUserHandler(services.Admin),
-			Group:        admin.NewGroupHandler(services.Admin),
-			Account:      admin.NewAccountHandler(services.Admin, services.OAuth, services.RateLimit, services.AccountUsage, services.AccountTest),
-			OAuth:        admin.NewOAuthHandler(services.OAuth, services.Admin),
-			Proxy:        admin.NewProxyHandler(services.Admin),
-			Redeem:       admin.NewRedeemHandler(services.Admin),
-			Setting:      admin.NewSettingHandler(services.Setting, services.Email),
-			System:       admin.NewSystemHandler(rdb, buildInfo.Version, buildInfo.BuildType),
-			Subscription: admin.NewSubscriptionHandler(services.Subscription),
-			Usage:        admin.NewUsageHandler(repos.UsageLog, repos.ApiKey, services.Usage, services.Admin),
-		},
-		Gateway: NewGatewayHandler(services.Gateway, services.User, services.Concurrency, services.BillingCache),
-		Setting: NewSettingHandler(services.Setting, buildInfo.Version),
-	}
-}

backend/internal/handler/wire.go

@@ -0,0 +1,103 @@
+package handler
+
+import (
+	"sub2api/internal/handler/admin"
+	"sub2api/internal/service"
+
+	"github.com/google/wire"
+	"github.com/redis/go-redis/v9"
+)
+
+// ProvideAdminHandlers creates the AdminHandlers struct
+func ProvideAdminHandlers(
+	dashboardHandler *admin.DashboardHandler,
+	userHandler *admin.UserHandler,
+	groupHandler *admin.GroupHandler,
+	accountHandler *admin.AccountHandler,
+	oauthHandler *admin.OAuthHandler,
+	proxyHandler *admin.ProxyHandler,
+	redeemHandler *admin.RedeemHandler,
+	settingHandler *admin.SettingHandler,
+	systemHandler *admin.SystemHandler,
+	subscriptionHandler *admin.SubscriptionHandler,
+	usageHandler *admin.UsageHandler,
+) *AdminHandlers {
+	return &AdminHandlers{
+		Dashboard:    dashboardHandler,
+		User:         userHandler,
+		Group:        groupHandler,
+		Account:      accountHandler,
+		OAuth:        oauthHandler,
+		Proxy:        proxyHandler,
+		Redeem:       redeemHandler,
+		Setting:      settingHandler,
+		System:       systemHandler,
+		Subscription: subscriptionHandler,
+		Usage:        usageHandler,
+	}
+}
+
+// ProvideSystemHandler creates admin.SystemHandler with BuildInfo parameters
+func ProvideSystemHandler(rdb *redis.Client, buildInfo BuildInfo) *admin.SystemHandler {
+	return admin.NewSystemHandler(rdb, buildInfo.Version, buildInfo.BuildType)
+}
+
+// ProvideSettingHandler creates SettingHandler with version from BuildInfo
+func ProvideSettingHandler(settingService *service.SettingService, buildInfo BuildInfo) *SettingHandler {
+	return NewSettingHandler(settingService, buildInfo.Version)
+}
+
+// ProvideHandlers creates the Handlers struct
+func ProvideHandlers(
+	authHandler *AuthHandler,
+	userHandler *UserHandler,
+	apiKeyHandler *APIKeyHandler,
+	usageHandler *UsageHandler,
+	redeemHandler *RedeemHandler,
+	subscriptionHandler *SubscriptionHandler,
+	adminHandlers *AdminHandlers,
+	gatewayHandler *GatewayHandler,
+	settingHandler *SettingHandler,
+) *Handlers {
+	return &Handlers{
+		Auth:         authHandler,
+		User:         userHandler,
+		APIKey:       apiKeyHandler,
+		Usage:        usageHandler,
+		Redeem:       redeemHandler,
+		Subscription: subscriptionHandler,
+		Admin:        adminHandlers,
+		Gateway:      gatewayHandler,
+		Setting:      settingHandler,
+	}
+}
+
+// ProviderSet is the Wire provider set for all handlers
+var ProviderSet = wire.NewSet(
+	// Top-level handlers
+	NewAuthHandler,
+	NewUserHandler,
+	NewAPIKeyHandler,
+	NewUsageHandler,
+	NewRedeemHandler,
+	NewSubscriptionHandler,
+	NewGatewayHandler,
+	ProvideSettingHandler,
+
+	// Admin handlers
+	admin.NewDashboardHandler,
+	admin.NewUserHandler,
+	admin.NewGroupHandler,
+	admin.NewAccountHandler,
+	admin.NewOAuthHandler,
+	admin.NewProxyHandler,
+	admin.NewRedeemHandler,
+	admin.NewSettingHandler,
+	ProvideSystemHandler,
+	admin.NewSubscriptionHandler,
+	admin.NewUsageHandler,
+
+	// AdminHandlers and Handlers constructors
+	ProvideAdminHandlers,
+	ProvideHandlers,
+)

backend/internal/infrastructure/database.go

@@ -0,0 +1,38 @@
+package infrastructure
+
+import (
+	"sub2api/internal/config"
+	"sub2api/internal/model"
+	"sub2api/internal/pkg/timezone"
+
+	"gorm.io/driver/postgres"
+	"gorm.io/gorm"
+	"gorm.io/gorm/logger"
+)
+
+// InitDB 初始化数据库连接
+func InitDB(cfg *config.Config) (*gorm.DB, error) {
+	// 初始化时区（在数据库连接之前，确保时区设置正确）
+	if err := timezone.Init(cfg.Timezone); err != nil {
+		return nil, err
+	}
+
+	gormConfig := &gorm.Config{}
+	if cfg.Server.Mode == "debug" {
+		gormConfig.Logger = logger.Default.LogMode(logger.Info)
+	}
+
+	// 使用带时区的 DSN 连接数据库
+	db, err := gorm.Open(postgres.Open(cfg.Database.DSNWithTimezone(cfg.Timezone)), gormConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	// 自动迁移（始终执行，确保数据库结构与代码同步）
+	// GORM 的 AutoMigrate 只会添加新字段，不会删除或修改已有字段，是安全的
+	if err := model.AutoMigrate(db); err != nil {
+		return nil, err
+	}
+
+	return db, nil
+}

backend/internal/infrastructure/redis.go

@@ -0,0 +1,16 @@
+package infrastructure
+
+import (
+	"sub2api/internal/config"
+
+	"github.com/redis/go-redis/v9"
+)
+
+// InitRedis 初始化 Redis 客户端
+func InitRedis(cfg *config.Config) *redis.Client {
+	return redis.NewClient(&redis.Options{
+		Addr:     cfg.Redis.Address(),
+		Password: cfg.Redis.Password,
+		DB:       cfg.Redis.DB,
+	})
+}

backend/internal/infrastructure/wire.go

@@ -0,0 +1,25 @@
+package infrastructure
+
+import (
+	"sub2api/internal/config"
+
+	"github.com/google/wire"
+	"github.com/redis/go-redis/v9"
+	"gorm.io/gorm"
+)
+
+// ProviderSet 提供基础设施层的依赖
+var ProviderSet = wire.NewSet(
+	ProvideDB,
+	ProvideRedis,
+)
+
+// ProvideDB 提供数据库连接
+func ProvideDB(cfg *config.Config) (*gorm.DB, error) {
+	return InitDB(cfg)
+}
+
+// ProvideRedis 提供 Redis 客户端
+func ProvideRedis(cfg *config.Config) *redis.Client {
+	return InitRedis(cfg)
+}

backend/internal/repository/repository.go

@@ -1,9 +1,5 @@
 package repository
 
-import (
-	"gorm.io/gorm"
-)
-
 // Repositories 所有仓库的集合
 type Repositories struct {
 	User             *UserRepository
@@ -17,21 +13,6 @@ type Repositories struct {
 	UserSubscription *UserSubscriptionRepository
 }
 
-// NewRepositories 创建所有仓库
-func NewRepositories(db *gorm.DB) *Repositories {
-	return &Repositories{
-		User:             NewUserRepository(db),
-		ApiKey:           NewApiKeyRepository(db),
-		Group:            NewGroupRepository(db),
-		Account:          NewAccountRepository(db),
-		Proxy:            NewProxyRepository(db),
-		RedeemCode:       NewRedeemCodeRepository(db),
-		UsageLog:         NewUsageLogRepository(db),
-		Setting:          NewSettingRepository(db),
-		UserSubscription: NewUserSubscriptionRepository(db),
-	}
-}
-
 // PaginationParams 分页参数
 type PaginationParams struct {
 	Page     int

backend/internal/repository/wire.go

@@ -0,0 +1,19 @@
+package repository
+
+import (
+	"github.com/google/wire"
+)
+
+// ProviderSet is the Wire provider set for all repositories
+var ProviderSet = wire.NewSet(
+	NewUserRepository,
+	NewApiKeyRepository,
+	NewGroupRepository,
+	NewAccountRepository,
+	NewProxyRepository,
+	NewRedeemCodeRepository,
+	NewUsageLogRepository,
+	NewSettingRepository,
+	NewUserSubscriptionRepository,
+	wire.Struct(new(Repositories), "*"),
+)

backend/internal/server/http.go

@@ -0,0 +1,45 @@
+package server
+
+import (
+	"net/http"
+	"sub2api/internal/config"
+	"sub2api/internal/handler"
+	"sub2api/internal/repository"
+	"sub2api/internal/service"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/google/wire"
+)
+
+// ProviderSet 提供服务器层的依赖
+var ProviderSet = wire.NewSet(
+	ProvideRouter,
+	ProvideHTTPServer,
+)
+
+// ProvideRouter 提供路由器
+func ProvideRouter(cfg *config.Config, handlers *handler.Handlers, services *service.Services, repos *repository.Repositories) *gin.Engine {
+	if cfg.Server.Mode == "release" {
+		gin.SetMode(gin.ReleaseMode)
+	}
+
+	r := gin.New()
+	r.Use(gin.Recovery())
+
+	return SetupRouter(r, cfg, handlers, services, repos)
+}
+
+// ProvideHTTPServer 提供 HTTP 服务器
+func ProvideHTTPServer(cfg *config.Config, router *gin.Engine) *http.Server {
+	return &http.Server{
+		Addr:    cfg.Server.Address(),
+		Handler: router,
+		// ReadHeaderTimeout: 读取请求头的超时时间，防止慢速请求头攻击
+		ReadHeaderTimeout: time.Duration(cfg.Server.ReadHeaderTimeout) * time.Second,
+		// IdleTimeout: 空闲连接超时时间，释放不活跃的连接资源
+		IdleTimeout: time.Duration(cfg.Server.IdleTimeout) * time.Second,
+		// 注意：不设置 WriteTimeout，因为流式响应可能持续十几分钟
+		// 不设置 ReadTimeout，因为大请求体可能需要较长时间读取
+	}
+}

backend/internal/server/router.go

@@ -0,0 +1,282 @@
+package server
+
+import (
+	"net/http"
+	"sub2api/internal/config"
+	"sub2api/internal/handler"
+	"sub2api/internal/middleware"
+	"sub2api/internal/repository"
+	"sub2api/internal/service"
+	"sub2api/internal/web"
+
+	"github.com/gin-gonic/gin"
+)
+
+// SetupRouter 配置路由器中间件和路由
+func SetupRouter(r *gin.Engine, cfg *config.Config, handlers *handler.Handlers, services *service.Services, repos *repository.Repositories) *gin.Engine {
+	// 应用中间件
+	r.Use(middleware.Logger())
+	r.Use(middleware.CORS())
+
+	// 注册路由
+	registerRoutes(r, handlers, services, repos)
+
+	// Serve embedded frontend if available
+	if web.HasEmbeddedFrontend() {
+		r.Use(web.ServeEmbeddedFrontend())
+	}
+
+	return r
+}
+
+// registerRoutes 注册所有 HTTP 路由
+func registerRoutes(r *gin.Engine, h *handler.Handlers, s *service.Services, repos *repository.Repositories) {
+	// 健康检查
+	r.GET("/health", func(c *gin.Context) {
+		c.JSON(http.StatusOK, gin.H{"status": "ok"})
+	})
+
+	// Setup status endpoint (always returns needs_setup: false in normal mode)
+	// This is used by the frontend to detect when the service has restarted after setup
+	r.GET("/setup/status", func(c *gin.Context) {
+		c.JSON(http.StatusOK, gin.H{
+			"code": 0,
+			"data": gin.H{
+				"needs_setup": false,
+				"step":        "completed",
+			},
+		})
+	})
+
+	// API v1
+	v1 := r.Group("/api/v1")
+	{
+		// 公开接口
+		auth := v1.Group("/auth")
+		{
+			auth.POST("/register", h.Auth.Register)
+			auth.POST("/login", h.Auth.Login)
+			auth.POST("/send-verify-code", h.Auth.SendVerifyCode)
+		}
+
+		// 公开设置（无需认证）
+		settings := v1.Group("/settings")
+		{
+			settings.GET("/public", h.Setting.GetPublicSettings)
+		}
+
+		// 需要认证的接口
+		authenticated := v1.Group("")
+		authenticated.Use(middleware.JWTAuth(s.Auth, repos.User))
+		{
+			// 当前用户信息
+			authenticated.GET("/auth/me", h.Auth.GetCurrentUser)
+
+			// 用户接口
+			user := authenticated.Group("/user")
+			{
+				user.GET("/profile", h.User.GetProfile)
+				user.PUT("/password", h.User.ChangePassword)
+			}
+
+			// API Key管理
+			keys := authenticated.Group("/keys")
+			{
+				keys.GET("", h.APIKey.List)
+				keys.GET("/:id", h.APIKey.GetByID)
+				keys.POST("", h.APIKey.Create)
+				keys.PUT("/:id", h.APIKey.Update)
+				keys.DELETE("/:id", h.APIKey.Delete)
+			}
+
+			// 用户可用分组（非管理员接口）
+			groups := authenticated.Group("/groups")
+			{
+				groups.GET("/available", h.APIKey.GetAvailableGroups)
+			}
+
+			// 使用记录
+			usage := authenticated.Group("/usage")
+			{
+				usage.GET("", h.Usage.List)
+				usage.GET("/:id", h.Usage.GetByID)
+				usage.GET("/stats", h.Usage.Stats)
+				// User dashboard endpoints
+				usage.GET("/dashboard/stats", h.Usage.DashboardStats)
+				usage.GET("/dashboard/trend", h.Usage.DashboardTrend)
+				usage.GET("/dashboard/models", h.Usage.DashboardModels)
+				usage.POST("/dashboard/api-keys-usage", h.Usage.DashboardApiKeysUsage)
+			}
+
+			// 卡密兑换
+			redeem := authenticated.Group("/redeem")
+			{
+				redeem.POST("", h.Redeem.Redeem)
+				redeem.GET("/history", h.Redeem.GetHistory)
+			}
+
+			// 用户订阅
+			subscriptions := authenticated.Group("/subscriptions")
+			{
+				subscriptions.GET("", h.Subscription.List)
+				subscriptions.GET("/active", h.Subscription.GetActive)
+				subscriptions.GET("/progress", h.Subscription.GetProgress)
+				subscriptions.GET("/summary", h.Subscription.GetSummary)
+			}
+		}
+
+		// 管理员接口
+		admin := v1.Group("/admin")
+		admin.Use(middleware.JWTAuth(s.Auth, repos.User), middleware.AdminOnly())
+		{
+			// 仪表盘
+			dashboard := admin.Group("/dashboard")
+			{
+				dashboard.GET("/stats", h.Admin.Dashboard.GetStats)
+				dashboard.GET("/realtime", h.Admin.Dashboard.GetRealtimeMetrics)
+				dashboard.GET("/trend", h.Admin.Dashboard.GetUsageTrend)
+				dashboard.GET("/models", h.Admin.Dashboard.GetModelStats)
+				dashboard.GET("/api-keys-trend", h.Admin.Dashboard.GetApiKeyUsageTrend)
+				dashboard.GET("/users-trend", h.Admin.Dashboard.GetUserUsageTrend)
+				dashboard.POST("/users-usage", h.Admin.Dashboard.GetBatchUsersUsage)
+				dashboard.POST("/api-keys-usage", h.Admin.Dashboard.GetBatchApiKeysUsage)
+			}
+
+			// 用户管理
+			users := admin.Group("/users")
+			{
+				users.GET("", h.Admin.User.List)
+				users.GET("/:id", h.Admin.User.GetByID)
+				users.POST("", h.Admin.User.Create)
+				users.PUT("/:id", h.Admin.User.Update)
+				users.DELETE("/:id", h.Admin.User.Delete)
+				users.POST("/:id/balance", h.Admin.User.UpdateBalance)
+				users.GET("/:id/api-keys", h.Admin.User.GetUserAPIKeys)
+				users.GET("/:id/usage", h.Admin.User.GetUserUsage)
+			}
+
+			// 分组管理
+			groups := admin.Group("/groups")
+			{
+				groups.GET("", h.Admin.Group.List)
+				groups.GET("/all", h.Admin.Group.GetAll)
+				groups.GET("/:id", h.Admin.Group.GetByID)
+				groups.POST("", h.Admin.Group.Create)
+				groups.PUT("/:id", h.Admin.Group.Update)
+				groups.DELETE("/:id", h.Admin.Group.Delete)
+				groups.GET("/:id/stats", h.Admin.Group.GetStats)
+				groups.GET("/:id/api-keys", h.Admin.Group.GetGroupAPIKeys)
+			}
+
+			// 账号管理
+			accounts := admin.Group("/accounts")
+			{
+				accounts.GET("", h.Admin.Account.List)
+				accounts.GET("/:id", h.Admin.Account.GetByID)
+				accounts.POST("", h.Admin.Account.Create)
+				accounts.PUT("/:id", h.Admin.Account.Update)
+				accounts.DELETE("/:id", h.Admin.Account.Delete)
+				accounts.POST("/:id/test", h.Admin.Account.Test)
+				accounts.POST("/:id/refresh", h.Admin.Account.Refresh)
+				accounts.GET("/:id/stats", h.Admin.Account.GetStats)
+				accounts.POST("/:id/clear-error", h.Admin.Account.ClearError)
+				accounts.GET("/:id/usage", h.Admin.Account.GetUsage)
+				accounts.GET("/:id/today-stats", h.Admin.Account.GetTodayStats)
+				accounts.POST("/:id/clear-rate-limit", h.Admin.Account.ClearRateLimit)
+				accounts.POST("/:id/schedulable", h.Admin.Account.SetSchedulable)
+				accounts.POST("/batch", h.Admin.Account.BatchCreate)
+
+				// OAuth routes
+				accounts.POST("/generate-auth-url", h.Admin.OAuth.GenerateAuthURL)
+				accounts.POST("/generate-setup-token-url", h.Admin.OAuth.GenerateSetupTokenURL)
+				accounts.POST("/exchange-code", h.Admin.OAuth.ExchangeCode)
+				accounts.POST("/exchange-setup-token-code", h.Admin.OAuth.ExchangeSetupTokenCode)
+				accounts.POST("/cookie-auth", h.Admin.OAuth.CookieAuth)
+				accounts.POST("/setup-token-cookie-auth", h.Admin.OAuth.SetupTokenCookieAuth)
+			}
+
+			// 代理管理
+			proxies := admin.Group("/proxies")
+			{
+				proxies.GET("", h.Admin.Proxy.List)
+				proxies.GET("/all", h.Admin.Proxy.GetAll)
+				proxies.GET("/:id", h.Admin.Proxy.GetByID)
+				proxies.POST("", h.Admin.Proxy.Create)
+				proxies.PUT("/:id", h.Admin.Proxy.Update)
+				proxies.DELETE("/:id", h.Admin.Proxy.Delete)
+				proxies.POST("/:id/test", h.Admin.Proxy.Test)
+				proxies.GET("/:id/stats", h.Admin.Proxy.GetStats)
+				proxies.GET("/:id/accounts", h.Admin.Proxy.GetProxyAccounts)
+				proxies.POST("/batch", h.Admin.Proxy.BatchCreate)
+			}
+
+			// 卡密管理
+			codes := admin.Group("/redeem-codes")
+			{
+				codes.GET("", h.Admin.Redeem.List)
+				codes.GET("/stats", h.Admin.Redeem.GetStats)
+				codes.GET("/export", h.Admin.Redeem.Export)
+				codes.GET("/:id", h.Admin.Redeem.GetByID)
+				codes.POST("/generate", h.Admin.Redeem.Generate)
+				codes.DELETE("/:id", h.Admin.Redeem.Delete)
+				codes.POST("/batch-delete", h.Admin.Redeem.BatchDelete)
+				codes.POST("/:id/expire", h.Admin.Redeem.Expire)
+			}
+
+			// 系统设置
+			adminSettings := admin.Group("/settings")
+			{
+				adminSettings.GET("", h.Admin.Setting.GetSettings)
+				adminSettings.PUT("", h.Admin.Setting.UpdateSettings)
+				adminSettings.POST("/test-smtp", h.Admin.Setting.TestSmtpConnection)
+				adminSettings.POST("/send-test-email", h.Admin.Setting.SendTestEmail)
+			}
+
+			// 系统管理
+			system := admin.Group("/system")
+			{
+				system.GET("/version", h.Admin.System.GetVersion)
+				system.GET("/check-updates", h.Admin.System.CheckUpdates)
+				system.POST("/update", h.Admin.System.PerformUpdate)
+				system.POST("/rollback", h.Admin.System.Rollback)
+				system.POST("/restart", h.Admin.System.RestartService)
+			}
+
+			// 订阅管理
+			subscriptions := admin.Group("/subscriptions")
+			{
+				subscriptions.GET("", h.Admin.Subscription.List)
+				subscriptions.GET("/:id", h.Admin.Subscription.GetByID)
+				subscriptions.GET("/:id/progress", h.Admin.Subscription.GetProgress)
+				subscriptions.POST("/assign", h.Admin.Subscription.Assign)
+				subscriptions.POST("/bulk-assign", h.Admin.Subscription.BulkAssign)
+				subscriptions.POST("/:id/extend", h.Admin.Subscription.Extend)
+				subscriptions.DELETE("/:id", h.Admin.Subscription.Revoke)
+			}
+
+			// 分组下的订阅列表
+			admin.GET("/groups/:id/subscriptions", h.Admin.Subscription.ListByGroup)
+
+			// 用户下的订阅列表
+			admin.GET("/users/:id/subscriptions", h.Admin.Subscription.ListByUser)
+
+			// 使用记录管理
+			usage := admin.Group("/usage")
+			{
+				usage.GET("", h.Admin.Usage.List)
+				usage.GET("/stats", h.Admin.Usage.Stats)
+				usage.GET("/search-users", h.Admin.Usage.SearchUsers)
+				usage.GET("/search-api-keys", h.Admin.Usage.SearchApiKeys)
+			}
+		}
+	}
+
+	// API网关（Claude API兼容）
+	gateway := r.Group("/v1")
+	gateway.Use(middleware.ApiKeyAuthWithSubscription(s.ApiKey, s.Subscription))
+	{
+		gateway.POST("/messages", h.Gateway.Messages)
+		gateway.GET("/models", h.Gateway.Models)
+		gateway.GET("/usage", h.Gateway.Usage)
+	}
+}

backend/internal/service/account_test_service.go

@@ -92,9 +92,9 @@ func createTestPayload() map[string]interface{} {
 		"metadata": map[string]string{
 			"user_id": generateSessionString(),
 		},
-		"max_tokens": 1024,
+		"max_tokens":  1024,
 		"temperature": 1,
-		"stream":     true,
+		"stream":      true,
 	}
 }
 
@@ -310,5 +310,5 @@ func (s *AccountTestService) sendEvent(c *gin.Context, event TestEvent) {
 func (s *AccountTestService) sendErrorAndEnd(c *gin.Context, errorMsg string) error {
 	log.Printf("Account test error: %s", errorMsg)
 	s.sendEvent(c, TestEvent{Type: "error", Error: errorMsg})
-	return fmt.Errorf(errorMsg)
+	return fmt.Errorf("%s", errorMsg)
 }

backend/internal/service/admin_service.go

@@ -191,24 +191,17 @@ type adminServiceImpl struct {
 }
 
 // NewAdminService creates a new AdminService
-func NewAdminService(repos *repository.Repositories) AdminService {
+func NewAdminService(repos *repository.Repositories, billingCacheService *BillingCacheService) AdminService {
 	return &adminServiceImpl{
-		userRepo:       repos.User,
-		groupRepo:      repos.Group,
-		accountRepo:    repos.Account,
-		proxyRepo:      repos.Proxy,
-		apiKeyRepo:     repos.ApiKey,
-		redeemCodeRepo: repos.RedeemCode,
-		usageLogRepo:   repos.UsageLog,
-		userSubRepo:    repos.UserSubscription,
-	}
-}
-
-// SetBillingCacheService 设置计费缓存服务（用于缓存失效）
-// 注意：AdminService是接口，需要类型断言
-func SetAdminServiceBillingCache(adminService AdminService, billingCacheService *BillingCacheService) {
-	if impl, ok := adminService.(*adminServiceImpl); ok {
-		impl.billingCacheService = billingCacheService
+		userRepo:            repos.User,
+		groupRepo:           repos.Group,
+		accountRepo:         repos.Account,
+		proxyRepo:           repos.Proxy,
+		apiKeyRepo:          repos.ApiKey,
+		redeemCodeRepo:      repos.RedeemCode,
+		usageLogRepo:        repos.UsageLog,
+		userSubRepo:         repos.UserSubscription,
+		billingCacheService: billingCacheService,
 	}
 }
 

backend/internal/service/auth_service.go

@@ -16,13 +16,13 @@ import (
 )
 
 var (
-	ErrInvalidCredentials   = errors.New("invalid email or password")
-	ErrUserNotActive        = errors.New("user is not active")
-	ErrEmailExists          = errors.New("email already exists")
-	ErrInvalidToken         = errors.New("invalid token")
-	ErrTokenExpired         = errors.New("token has expired")
-	ErrEmailVerifyRequired  = errors.New("email verification is required")
-	ErrRegDisabled          = errors.New("registration is currently disabled")
+	ErrInvalidCredentials  = errors.New("invalid email or password")
+	ErrUserNotActive       = errors.New("user is not active")
+	ErrEmailExists         = errors.New("email already exists")
+	ErrInvalidToken        = errors.New("invalid token")
+	ErrTokenExpired        = errors.New("token has expired")
+	ErrEmailVerifyRequired = errors.New("email verification is required")
+	ErrRegDisabled         = errors.New("registration is currently disabled")
 )
 
 // JWTClaims JWT载荷数据
@@ -44,33 +44,24 @@ type AuthService struct {
 }
 
 // NewAuthService 创建认证服务实例
-func NewAuthService(userRepo *repository.UserRepository, cfg *config.Config) *AuthService {
+func NewAuthService(
+	userRepo *repository.UserRepository,
+	cfg *config.Config,
+	settingService *SettingService,
+	emailService *EmailService,
+	turnstileService *TurnstileService,
+	emailQueueService *EmailQueueService,
+) *AuthService {
 	return &AuthService{
-		userRepo: userRepo,
-		cfg:      cfg,
+		userRepo:          userRepo,
+		cfg:               cfg,
+		settingService:    settingService,
+		emailService:      emailService,
+		turnstileService:  turnstileService,
+		emailQueueService: emailQueueService,
 	}
 }
 
-// SetSettingService 设置系统设置服务（用于检查注册开关和邮件验证）
-func (s *AuthService) SetSettingService(settingService *SettingService) {
-	s.settingService = settingService
-}
-
-// SetEmailService 设置邮件服务（用于邮件验证）
-func (s *AuthService) SetEmailService(emailService *EmailService) {
-	s.emailService = emailService
-}
-
-// SetTurnstileService 设置Turnstile服务（用于验证码校验）
-func (s *AuthService) SetTurnstileService(turnstileService *TurnstileService) {
-	s.turnstileService = turnstileService
-}
-
-// SetEmailQueueService 设置邮件队列服务（用于异步发送邮件）
-func (s *AuthService) SetEmailQueueService(emailQueueService *EmailQueueService) {
-	s.emailQueueService = emailQueueService
-}
-
 // Register 用户注册，返回token和用户
 func (s *AuthService) Register(ctx context.Context, email, password string) (string, *model.User, error) {
 	return s.RegisterWithVerification(ctx, email, password, "")

backend/internal/service/redeem_service.go

@@ -57,20 +57,22 @@ type RedeemService struct {
 }
 
 // NewRedeemService 创建兑换码服务实例
-func NewRedeemService(redeemRepo *repository.RedeemCodeRepository, userRepo *repository.UserRepository, subscriptionService *SubscriptionService, rdb *redis.Client) *RedeemService {
+func NewRedeemService(
+	redeemRepo *repository.RedeemCodeRepository,
+	userRepo *repository.UserRepository,
+	subscriptionService *SubscriptionService,
+	rdb *redis.Client,
+	billingCacheService *BillingCacheService,
+) *RedeemService {
 	return &RedeemService{
 		redeemRepo:          redeemRepo,
 		userRepo:            userRepo,
 		subscriptionService: subscriptionService,
 		rdb:                 rdb,
+		billingCacheService: billingCacheService,
 	}
 }
 
-// SetBillingCacheService 设置计费缓存服务（用于缓存失效）
-func (s *RedeemService) SetBillingCacheService(billingCacheService *BillingCacheService) {
-	s.billingCacheService = billingCacheService
-}
-
 // GenerateRandomCode 生成随机兑换码
 func (s *RedeemService) GenerateRandomCode() (string, error) {
 	// 生成16字节随机数据

backend/internal/service/service.go

@@ -1,12 +1,5 @@
 package service
 
-import (
-	"sub2api/internal/config"
-	"sub2api/internal/repository"
-
-	"github.com/redis/go-redis/v9"
-)
-
 // Services 服务集合容器
 type Services struct {
 	Auth         *AuthService
@@ -34,106 +27,3 @@ type Services struct {
 	Concurrency  *ConcurrencyService
 	Identity     *IdentityService
 }
-
-// NewServices 创建所有服务实例
-func NewServices(repos *repository.Repositories, rdb *redis.Client, cfg *config.Config) *Services {
-	// 初始化价格服务
-	pricingService := NewPricingService(cfg)
-	if err := pricingService.Initialize(); err != nil {
-		// 价格服务初始化失败不应阻止启动，使用回退价格
-		println("[Service] Warning: Pricing service initialization failed:", err.Error())
-	}
-
-	// 初始化计费服务（依赖价格服务）
-	billingService := NewBillingService(cfg, pricingService)
-
-	// 初始化其他服务
-	authService := NewAuthService(repos.User, cfg)
-	userService := NewUserService(repos.User, cfg)
-	apiKeyService := NewApiKeyService(repos.ApiKey, repos.User, repos.Group, repos.UserSubscription, rdb, cfg)
-	groupService := NewGroupService(repos.Group)
-	accountService := NewAccountService(repos.Account, repos.Group)
-	proxyService := NewProxyService(repos.Proxy)
-	usageService := NewUsageService(repos.UsageLog, repos.User)
-
-	// 初始化订阅服务 (RedeemService 依赖)
-	subscriptionService := NewSubscriptionService(repos)
-
-	// 初始化兑换服务 (依赖订阅服务)
-	redeemService := NewRedeemService(repos.RedeemCode, repos.User, subscriptionService, rdb)
-
-	// 初始化Admin服务
-	adminService := NewAdminService(repos)
-
-	// 初始化OAuth服务（GatewayService依赖）
-	oauthService := NewOAuthService(repos.Proxy)
-
-	// 初始化限流服务
-	rateLimitService := NewRateLimitService(repos, cfg)
-
-	// 初始化计费缓存服务
-	billingCacheService := NewBillingCacheService(rdb, repos.User, repos.UserSubscription)
-
-	// 初始化账号使用量服务
-	accountUsageService := NewAccountUsageService(repos, oauthService)
-
-	// 初始化账号测试服务
-	accountTestService := NewAccountTestService(repos, oauthService)
-
-	// 初始化身份指纹服务
-	identityService := NewIdentityService(rdb)
-
-	// 初始化Gateway服务
-	gatewayService := NewGatewayService(repos, rdb, cfg, oauthService, billingService, rateLimitService, billingCacheService, identityService)
-
-	// 初始化设置服务
-	settingService := NewSettingService(repos.Setting, cfg)
-	emailService := NewEmailService(repos.Setting, rdb)
-
-	// 初始化邮件队列服务
-	emailQueueService := NewEmailQueueService(emailService, 3)
-
-	// 初始化Turnstile服务
-	turnstileService := NewTurnstileService(settingService)
-
-	// 设置Auth服务的依赖（用于注册开关和邮件验证）
-	authService.SetSettingService(settingService)
-	authService.SetEmailService(emailService)
-	authService.SetTurnstileService(turnstileService)
-	authService.SetEmailQueueService(emailQueueService)
-
-	// 初始化并发控制服务
-	concurrencyService := NewConcurrencyService(rdb)
-
-	// 注入计费缓存服务到需要失效缓存的服务
-	redeemService.SetBillingCacheService(billingCacheService)
-	subscriptionService.SetBillingCacheService(billingCacheService)
-	SetAdminServiceBillingCache(adminService, billingCacheService)
-
-	return &Services{
-		Auth:         authService,
-		User:         userService,
-		ApiKey:       apiKeyService,
-		Group:        groupService,
-		Account:      accountService,
-		Proxy:        proxyService,
-		Redeem:       redeemService,
-		Usage:        usageService,
-		Pricing:      pricingService,
-		Billing:      billingService,
-		BillingCache: billingCacheService,
-		Admin:        adminService,
-		Gateway:      gatewayService,
-		OAuth:        oauthService,
-		RateLimit:    rateLimitService,
-		AccountUsage: accountUsageService,
-		AccountTest:  accountTestService,
-		Setting:      settingService,
-		Email:        emailService,
-		EmailQueue:   emailQueueService,
-		Turnstile:    turnstileService,
-		Subscription: subscriptionService,
-		Concurrency:  concurrencyService,
-		Identity:     identityService,
-	}
-}

backend/internal/service/subscription_service.go

@@ -28,13 +28,11 @@ type SubscriptionService struct {
 }
 
 // NewSubscriptionService 创建订阅服务
-func NewSubscriptionService(repos *repository.Repositories) *SubscriptionService {
-	return &SubscriptionService{repos: repos}
-}
-
-// SetBillingCacheService 设置计费缓存服务（用于缓存失效）
-func (s *SubscriptionService) SetBillingCacheService(billingCacheService *BillingCacheService) {
-	s.billingCacheService = billingCacheService
+func NewSubscriptionService(repos *repository.Repositories, billingCacheService *BillingCacheService) *SubscriptionService {
+	return &SubscriptionService{
+		repos:               repos,
+		billingCacheService: billingCacheService,
+	}
 }
 
 // AssignSubscriptionInput 分配订阅输入
@@ -88,6 +86,7 @@ func (s *SubscriptionService) AssignSubscription(ctx context.Context, input *Ass
 // 如果用户已有同分组的订阅：
 //   - 未过期：从当前过期时间累加天数
 //   - 已过期：从当前时间开始计算新的过期时间，并激活订阅
+//
 // 如果没有订阅：创建新订阅
 func (s *SubscriptionService) AssignOrExtendSubscription(ctx context.Context, input *AssignSubscriptionInput) (*model.UserSubscription, bool, error) {
 	// 检查分组是否存在且为订阅类型
@@ -191,15 +190,15 @@ func (s *SubscriptionService) createSubscription(ctx context.Context, input *Ass
 
 	now := time.Now()
 	sub := &model.UserSubscription{
-		UserID:    input.UserID,
-		GroupID:   input.GroupID,
-		StartsAt:  now,
-		ExpiresAt: now.AddDate(0, 0, validityDays),
-		Status:    model.SubscriptionStatusActive,
+		UserID:     input.UserID,
+		GroupID:    input.GroupID,
+		StartsAt:   now,
+		ExpiresAt:  now.AddDate(0, 0, validityDays),
+		Status:     model.SubscriptionStatusActive,
 		AssignedAt: now,
-		Notes:     input.Notes,
-		CreatedAt: now,
-		UpdatedAt: now,
+		Notes:      input.Notes,
+		CreatedAt:  now,
+		UpdatedAt:  now,
 	}
 	// 只有当 AssignedBy > 0 时才设置（0 表示系统分配，如兑换码）
 	if input.AssignedBy > 0 {
@@ -225,17 +224,17 @@ type BulkAssignSubscriptionInput struct {
 
 // BulkAssignResult 批量分配结果
 type BulkAssignResult struct {
-	SuccessCount int
-	FailedCount  int
+	SuccessCount  int
+	FailedCount   int
 	Subscriptions []model.UserSubscription
-	Errors       []string
+	Errors        []string
 }
 
 // BulkAssignSubscription 批量分配订阅
 func (s *SubscriptionService) BulkAssignSubscription(ctx context.Context, input *BulkAssignSubscriptionInput) (*BulkAssignResult, error) {
 	result := &BulkAssignResult{
 		Subscriptions: make([]model.UserSubscription, 0),
-		Errors:       make([]string, 0),
+		Errors:        make([]string, 0),
 	}
 
 	for _, userID := range input.UserIDs {
@@ -417,10 +416,10 @@ func (s *SubscriptionService) RecordUsage(ctx context.Context, subscriptionID in
 
 // SubscriptionProgress 订阅进度
 type SubscriptionProgress struct {
-	ID            int64              `json:"id"`
-	GroupName     string             `json:"group_name"`
-	ExpiresAt     time.Time          `json:"expires_at"`
-	ExpiresInDays int                `json:"expires_in_days"`
+	ID            int64                `json:"id"`
+	GroupName     string               `json:"group_name"`
+	ExpiresAt     time.Time            `json:"expires_at"`
+	ExpiresInDays int                  `json:"expires_in_days"`
 	Daily         *UsageWindowProgress `json:"daily,omitempty"`
 	Weekly        *UsageWindowProgress `json:"weekly,omitempty"`
 	Monthly       *UsageWindowProgress `json:"monthly,omitempty"`
@@ -428,13 +427,13 @@ type SubscriptionProgress struct {
 
 // UsageWindowProgress 使用窗口进度
 type UsageWindowProgress struct {
-	LimitUSD       float64   `json:"limit_usd"`
-	UsedUSD        float64   `json:"used_usd"`
-	RemainingUSD   float64   `json:"remaining_usd"`
-	Percentage     float64   `json:"percentage"`
-	WindowStart    time.Time `json:"window_start"`
-	ResetsAt       time.Time `json:"resets_at"`
-	ResetsInSeconds int64    `json:"resets_in_seconds"`
+	LimitUSD        float64   `json:"limit_usd"`
+	UsedUSD         float64   `json:"used_usd"`
+	RemainingUSD    float64   `json:"remaining_usd"`
+	Percentage      float64   `json:"percentage"`
+	WindowStart     time.Time `json:"window_start"`
+	ResetsAt        time.Time `json:"resets_at"`
+	ResetsInSeconds int64     `json:"resets_in_seconds"`
 }
 
 // GetSubscriptionProgress 获取订阅使用进度
@@ -464,12 +463,12 @@ func (s *SubscriptionService) GetSubscriptionProgress(ctx context.Context, subsc
 		limit := *group.DailyLimitUSD
 		resetsAt := sub.DailyWindowStart.Add(24 * time.Hour)
 		progress.Daily = &UsageWindowProgress{
-			LimitUSD:       limit,
-			UsedUSD:        sub.DailyUsageUSD,
-			RemainingUSD:   limit - sub.DailyUsageUSD,
-			Percentage:     (sub.DailyUsageUSD / limit) * 100,
-			WindowStart:    *sub.DailyWindowStart,
-			ResetsAt:       resetsAt,
+			LimitUSD:        limit,
+			UsedUSD:         sub.DailyUsageUSD,
+			RemainingUSD:    limit - sub.DailyUsageUSD,
+			Percentage:      (sub.DailyUsageUSD / limit) * 100,
+			WindowStart:     *sub.DailyWindowStart,
+			ResetsAt:        resetsAt,
 			ResetsInSeconds: int64(time.Until(resetsAt).Seconds()),
 		}
 		if progress.Daily.RemainingUSD < 0 {
@@ -488,12 +487,12 @@ func (s *SubscriptionService) GetSubscriptionProgress(ctx context.Context, subsc
 		limit := *group.WeeklyLimitUSD
 		resetsAt := sub.WeeklyWindowStart.Add(7 * 24 * time.Hour)
 		progress.Weekly = &UsageWindowProgress{
-			LimitUSD:       limit,
-			UsedUSD:        sub.WeeklyUsageUSD,
-			RemainingUSD:   limit - sub.WeeklyUsageUSD,
-			Percentage:     (sub.WeeklyUsageUSD / limit) * 100,
-			WindowStart:    *sub.WeeklyWindowStart,
-			ResetsAt:       resetsAt,
+			LimitUSD:        limit,
+			UsedUSD:         sub.WeeklyUsageUSD,
+			RemainingUSD:    limit - sub.WeeklyUsageUSD,
+			Percentage:      (sub.WeeklyUsageUSD / limit) * 100,
+			WindowStart:     *sub.WeeklyWindowStart,
+			ResetsAt:        resetsAt,
 			ResetsInSeconds: int64(time.Until(resetsAt).Seconds()),
 		}
 		if progress.Weekly.RemainingUSD < 0 {
@@ -512,12 +511,12 @@ func (s *SubscriptionService) GetSubscriptionProgress(ctx context.Context, subsc
 		limit := *group.MonthlyLimitUSD
 		resetsAt := sub.MonthlyWindowStart.Add(30 * 24 * time.Hour)
 		progress.Monthly = &UsageWindowProgress{
-			LimitUSD:       limit,
-			UsedUSD:        sub.MonthlyUsageUSD,
-			RemainingUSD:   limit - sub.MonthlyUsageUSD,
-			Percentage:     (sub.MonthlyUsageUSD / limit) * 100,
-			WindowStart:    *sub.MonthlyWindowStart,
-			ResetsAt:       resetsAt,
+			LimitUSD:        limit,
+			UsedUSD:         sub.MonthlyUsageUSD,
+			RemainingUSD:    limit - sub.MonthlyUsageUSD,
+			Percentage:      (sub.MonthlyUsageUSD / limit) * 100,
+			WindowStart:     *sub.MonthlyWindowStart,
+			ResetsAt:        resetsAt,
 			ResetsInSeconds: int64(time.Until(resetsAt).Seconds()),
 		}
 		if progress.Monthly.RemainingUSD < 0 {

backend/internal/service/update_service.go

@@ -125,6 +125,7 @@ func (s *UpdateService) CheckUpdate(ctx context.Context, force bool) (*UpdateInf
 }
 
 // PerformUpdate downloads and applies the update
+// Uses atomic file replacement pattern for safe in-place updates
 func (s *UpdateService) PerformUpdate(ctx context.Context) error {
 	info, err := s.CheckUpdate(ctx, true)
 	if err != nil {
@@ -173,8 +174,11 @@ func (s *UpdateService) PerformUpdate(ctx context.Context) error {
 		return fmt.Errorf("failed to resolve symlinks: %w", err)
 	}
 
-	// Create temp directory for extraction
-	tempDir, err := os.MkdirTemp("", "sub2api-update-*")
+	exeDir := filepath.Dir(exePath)
+
+	// Create temp directory in the SAME directory as executable
+	// This ensures os.Rename is atomic (same filesystem)
+	tempDir, err := os.MkdirTemp(exeDir, ".sub2api-update-*")
 	if err != nil {
 		return fmt.Errorf("failed to create temp dir: %w", err)
 	}
@@ -199,23 +203,36 @@ func (s *UpdateService) PerformUpdate(ctx context.Context) error {
 		return fmt.Errorf("extraction failed: %w", err)
 	}
 
-	// Backup current binary
-	backupFile := exePath + ".backup"
-	if err := os.Rename(exePath, backupFile); err != nil {
-		return fmt.Errorf("backup failed: %w", err)
-	}
-
-	// Replace with new binary
-	if err := copyFile(newBinaryPath, exePath); err != nil {
-		os.Rename(backupFile, exePath)
-		return fmt.Errorf("replace failed: %w", err)
-	}
-
-	// Make executable
-	if err := os.Chmod(exePath, 0755); err != nil {
+	// Set executable permission before replacement
+	if err := os.Chmod(newBinaryPath, 0755); err != nil {
 		return fmt.Errorf("chmod failed: %w", err)
 	}
 
+	// Atomic replacement using rename pattern:
+	// 1. Rename current -> backup (atomic on Unix)
+	// 2. Rename new -> current (atomic on Unix, same filesystem)
+	// If step 2 fails, restore backup
+	backupPath := exePath + ".backup"
+
+	// Remove old backup if exists
+	os.Remove(backupPath)
+
+	// Step 1: Move current binary to backup
+	if err := os.Rename(exePath, backupPath); err != nil {
+		return fmt.Errorf("backup failed: %w", err)
+	}
+
+	// Step 2: Move new binary to target location (atomic, same filesystem)
+	if err := os.Rename(newBinaryPath, exePath); err != nil {
+		// Restore backup on failure
+		if restoreErr := os.Rename(backupPath, exePath); restoreErr != nil {
+			return fmt.Errorf("replace failed and restore failed: %w (restore error: %v)", err, restoreErr)
+		}
+		return fmt.Errorf("replace failed (restored backup): %w", err)
+	}
+
+	// Success - backup file is kept for rollback capability
+	// It will be cleaned up on next successful update
 	return nil
 }
 
@@ -515,23 +532,6 @@ func (s *UpdateService) extractBinary(archivePath, destPath string) error {
 	return err
 }
 
-func copyFile(src, dst string) error {
-	in, err := os.Open(src)
-	if err != nil {
-		return err
-	}
-	defer in.Close()
-
-	out, err := os.Create(dst)
-	if err != nil {
-		return err
-	}
-	defer out.Close()
-
-	_, err = io.Copy(out, in)
-	return err
-}
-
 func (s *UpdateService) getFromCache(ctx context.Context) (*UpdateInfo, error) {
 	data, err := s.rdb.Get(ctx, updateCacheKey).Result()
 	if err != nil {

backend/internal/service/wire.go

@@ -0,0 +1,54 @@
+package service
+
+import (
+	"sub2api/internal/config"
+
+	"github.com/google/wire"
+)
+
+// ProvidePricingService creates and initializes PricingService
+func ProvidePricingService(cfg *config.Config) (*PricingService, error) {
+	svc := NewPricingService(cfg)
+	if err := svc.Initialize(); err != nil {
+		// 价格服务初始化失败不应阻止启动,使用回退价格
+		println("[Service] Warning: Pricing service initialization failed:", err.Error())
+	}
+	return svc, nil
+}
+
+// ProvideEmailQueueService creates EmailQueueService with default worker count
+func ProvideEmailQueueService(emailService *EmailService) *EmailQueueService {
+	return NewEmailQueueService(emailService, 3)
+}
+
+// ProviderSet is the Wire provider set for all services
+var ProviderSet = wire.NewSet(
+	// Core services
+	NewAuthService,
+	NewUserService,
+	NewApiKeyService,
+	NewGroupService,
+	NewAccountService,
+	NewProxyService,
+	NewRedeemService,
+	NewUsageService,
+	ProvidePricingService,
+	NewBillingService,
+	NewBillingCacheService,
+	NewAdminService,
+	NewGatewayService,
+	NewOAuthService,
+	NewRateLimitService,
+	NewAccountUsageService,
+	NewAccountTestService,
+	NewSettingService,
+	NewEmailService,
+	ProvideEmailQueueService,
+	NewTurnstileService,
+	NewSubscriptionService,
+	NewConcurrencyService,
+	NewIdentityService,
+
+	// Provide the Services container struct
+	wire.Struct(new(Services), "*"),
+)

backend/tools.go

@@ -0,0 +1,8 @@
+//go:build tools
+// +build tools
+
+package tools
+
+import (
+	_ "github.com/google/wire/cmd/wire"
+)

deploy/install.sh

@@ -128,6 +128,15 @@ declare -A MSG_ZH=(
     ["server_port_hint"]="建议使用 1024-65535 之间的端口"
     ["server_config_summary"]="服务器配置"
     ["invalid_port"]="无效端口号，请输入 1-65535 之间的数字"
+
+    # Service management
+    ["starting_service"]="正在启动服务..."
+    ["service_started"]="服务已启动"
+    ["service_start_failed"]="服务启动失败，请检查日志"
+    ["enabling_autostart"]="正在设置开机自启..."
+    ["autostart_enabled"]="开机自启已启用"
+    ["getting_public_ip"]="正在获取公网 IP..."
+    ["public_ip_failed"]="无法获取公网 IP，使用本地 IP"
 )
 
 # English strings
@@ -225,6 +234,15 @@ declare -A MSG_EN=(
     ["server_port_hint"]="Recommended range: 1024-65535"
     ["server_config_summary"]="Server configuration"
     ["invalid_port"]="Invalid port number, please enter a number between 1-65535"
+
+    # Service management
+    ["starting_service"]="Starting service..."
+    ["service_started"]="Service started"
+    ["service_start_failed"]="Service failed to start, please check logs"
+    ["enabling_autostart"]="Enabling auto-start on boot..."
+    ["autostart_enabled"]="Auto-start enabled"
+    ["getting_public_ip"]="Getting public IP..."
+    ["public_ip_failed"]="Failed to get public IP, using local IP"
 )
 
 # Get message based on current language
@@ -254,9 +272,11 @@ print_error() {
     echo -e "${RED}[$(msg 'error')]${NC} $1"
 }
 
-# Check if running interactively (stdin is a terminal)
+# Check if running interactively (can access terminal)
+# When piped (curl | bash), stdin is not a terminal, but /dev/tty may still be available
 is_interactive() {
-    [ -t 0 ]
+    # Check if /dev/tty is available (works even when piped)
+    [ -e /dev/tty ] && [ -r /dev/tty ] && [ -w /dev/tty ]
 }
 
 # Select language
@@ -276,7 +296,7 @@ select_language() {
     echo "  2) $(msg 'lang_en')"
     echo ""
 
-    read -p "$(msg 'enter_choice'): " lang_input
+    read -p "$(msg 'enter_choice'): " lang_input < /dev/tty
 
     case "$lang_input" in
         2|en|EN|english|English)
@@ -317,7 +337,7 @@ configure_server() {
 
     # Server host
     echo -e "${YELLOW}$(msg 'server_host_hint')${NC}"
-    read -p "$(msg 'server_host_prompt') [${SERVER_HOST}]: " input_host
+    read -p "$(msg 'server_host_prompt') [${SERVER_HOST}]: " input_host < /dev/tty
     if [ -n "$input_host" ]; then
         SERVER_HOST="$input_host"
     fi
@@ -327,7 +347,7 @@ configure_server() {
     # Server port
     echo -e "${YELLOW}$(msg 'server_port_hint')${NC}"
     while true; do
-        read -p "$(msg 'server_port_prompt') [${SERVER_PORT}]: " input_port
+        read -p "$(msg 'server_port_prompt') [${SERVER_PORT}]: " input_port < /dev/tty
         if [ -z "$input_port" ]; then
             # Use default
             break
@@ -566,13 +586,61 @@ prepare_for_setup() {
     print_success "$(msg 'ready_for_setup')"
 }
 
+# Get public IP address
+get_public_ip() {
+    print_info "$(msg 'getting_public_ip')"
+
+    # Try to get public IP from ipinfo.io
+    local response
+    response=$(curl -s --connect-timeout 5 --max-time 10 "https://ipinfo.io/json" 2>/dev/null)
+
+    if [ -n "$response" ]; then
+        # Extract IP from JSON response using grep and sed (no jq dependency)
+        PUBLIC_IP=$(echo "$response" | grep -o '"ip": *"[^"]*"' | sed 's/"ip": *"\([^"]*\)"/\1/')
+        if [ -n "$PUBLIC_IP" ]; then
+            print_success "Public IP: $PUBLIC_IP"
+            return 0
+        fi
+    fi
+
+    # Fallback to local IP
+    print_warning "$(msg 'public_ip_failed')"
+    PUBLIC_IP=$(hostname -I 2>/dev/null | awk '{print $1}' || echo "YOUR_SERVER_IP")
+    return 1
+}
+
+# Start service
+start_service() {
+    print_info "$(msg 'starting_service')"
+
+    if systemctl start sub2api; then
+        print_success "$(msg 'service_started')"
+        return 0
+    else
+        print_error "$(msg 'service_start_failed')"
+        print_info "sudo journalctl -u sub2api -n 50"
+        return 1
+    fi
+}
+
+# Enable service auto-start
+enable_autostart() {
+    print_info "$(msg 'enabling_autostart')"
+
+    if systemctl enable sub2api 2>/dev/null; then
+        print_success "$(msg 'autostart_enabled')"
+        return 0
+    else
+        print_warning "Failed to enable auto-start"
+        return 1
+    fi
+}
+
 # Print completion message
 print_completion() {
-    local ip_addr
-    ip_addr=$(hostname -I 2>/dev/null | awk '{print $1}' || echo "YOUR_SERVER_IP")
-
+    # Use PUBLIC_IP which was set by get_public_ip()
     # Determine display address
-    local display_host="$ip_addr"
+    local display_host="${PUBLIC_IP:-YOUR_SERVER_IP}"
     if [ "$SERVER_HOST" = "127.0.0.1" ]; then
         display_host="127.0.0.1"
     fi
@@ -586,21 +654,9 @@ print_completion() {
     echo "$(msg 'server_config_summary'): ${SERVER_HOST}:${SERVER_PORT}"
     echo ""
     echo "=============================================="
-    echo "  $(msg 'next_steps')"
+    echo "  $(msg 'step4_open_wizard')"
     echo "=============================================="
     echo ""
-    echo "  1. $(msg 'step1_check_services')"
-    echo "     sudo systemctl status postgresql"
-    echo "     sudo systemctl status redis"
-    echo ""
-    echo "  2. $(msg 'step2_start_service')"
-    echo "     sudo systemctl start sub2api"
-    echo ""
-    echo "  3. $(msg 'step3_enable_autostart')"
-    echo "     sudo systemctl enable sub2api"
-    echo ""
-    echo "  4. $(msg 'step4_open_wizard')"
-    echo ""
     print_info "     http://${display_host}:${SERVER_PORT}"
     echo ""
     echo "     $(msg 'wizard_guide')"
@@ -667,7 +723,7 @@ uninstall() {
             exit 1
         fi
     else
-        read -p "$(msg 'are_you_sure') " -n 1 -r
+        read -p "$(msg 'are_you_sure') " -n 1 -r < /dev/tty
         echo
         if [[ ! $REPLY =~ ^[Yy]$ ]]; then
             print_info "$(msg 'uninstall_cancelled')"
@@ -752,6 +808,9 @@ main() {
     setup_directories
     install_service
     prepare_for_setup
+    get_public_ip
+    start_service
+    enable_autostart
     print_completion
 }
 

frontend/src/api/admin/system.ts

@@ -40,9 +40,42 @@ export async function checkUpdates(force = false): Promise<VersionInfo> {
   return data;
 }
 
+export interface UpdateResult {
+  message: string;
+  need_restart: boolean;
+}
+
+/**
+ * Perform system update
+ * Downloads and applies the latest version
+ */
+export async function performUpdate(): Promise<UpdateResult> {
+  const { data } = await apiClient.post<UpdateResult>('/admin/system/update');
+  return data;
+}
+
+/**
+ * Rollback to previous version
+ */
+export async function rollback(): Promise<UpdateResult> {
+  const { data } = await apiClient.post<UpdateResult>('/admin/system/rollback');
+  return data;
+}
+
+/**
+ * Restart the service
+ */
+export async function restartService(): Promise<{ message: string }> {
+  const { data } = await apiClient.post<{ message: string }>('/admin/system/restart');
+  return data;
+}
+
 export const systemAPI = {
   getVersion,
   checkUpdates,
+  performUpdate,
+  rollback,
+  restartService,
 };
 
 export default systemAPI;

frontend/src/components/common/VersionBadge.vue

@@ -12,7 +12,8 @@
         ]"
         :title="hasUpdate ? 'New version available' : 'Up to date'"
       >
-        <span class="font-medium">v{{ currentVersion }}</span>
+        <span v-if="currentVersion" class="font-medium">v{{ currentVersion }}</span>
+        <span v-else class="font-medium w-12 h-3 bg-gray-200 dark:bg-dark-600 rounded animate-pulse"></span>
         <!-- Update indicator -->
         <span v-if="hasUpdate" class="relative flex h-2 w-2">
           <span class="animate-ping absolute inline-flex h-full w-full rounded-full bg-amber-400 opacity-75"></span>
@@ -56,7 +57,8 @@
               <!-- Version display - centered and prominent -->
               <div class="text-center mb-4">
                 <div class="inline-flex items-center gap-2">
-                  <span class="text-2xl font-bold text-gray-900 dark:text-white">v{{ currentVersion }}</span>
+                  <span v-if="currentVersion" class="text-2xl font-bold text-gray-900 dark:text-white">v{{ currentVersion }}</span>
+                  <span v-else class="text-2xl font-bold text-gray-400 dark:text-dark-500">--</span>
                   <!-- Show check mark when up to date -->
                   <span v-if="!hasUpdate" class="flex items-center justify-center w-5 h-5 rounded-full bg-green-100 dark:bg-green-900/30">
                     <svg class="w-3 h-3 text-green-600 dark:text-green-400" fill="currentColor" viewBox="0 0 20 20">
@@ -69,8 +71,63 @@
                 </p>
               </div>
 
-              <!-- Update available for source build - show git pull hint -->
-              <div v-if="hasUpdate && !isReleaseBuild" class="space-y-2">
+              <!-- Priority 1: Update error (must check before hasUpdate) -->
+              <div v-if="updateError" class="space-y-2">
+                <div class="flex items-center gap-3 p-3 rounded-lg bg-red-50 dark:bg-red-900/20 border border-red-200 dark:border-red-800/50">
+                  <div class="flex-shrink-0 w-8 h-8 rounded-full bg-red-100 dark:bg-red-900/50 flex items-center justify-center">
+                    <svg class="w-4 h-4 text-red-600 dark:text-red-400" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2">
+                      <path stroke-linecap="round" stroke-linejoin="round" d="M6 18L18 6M6 6l12 12" />
+                    </svg>
+                  </div>
+                  <div class="flex-1 min-w-0">
+                    <p class="text-sm font-medium text-red-700 dark:text-red-300">{{ t('version.updateFailed') }}</p>
+                    <p class="text-xs text-red-600/70 dark:text-red-400/70 truncate">{{ updateError }}</p>
+                  </div>
+                </div>
+
+                <!-- Retry button -->
+                <button
+                  @click="handleUpdate"
+                  :disabled="updating"
+                  class="w-full flex items-center justify-center gap-2 px-4 py-2 rounded-lg text-sm font-medium text-white bg-red-500 hover:bg-red-600 disabled:opacity-50 disabled:cursor-not-allowed transition-colors"
+                >
+                  {{ t('version.retry') }}
+                </button>
+              </div>
+
+              <!-- Priority 2: Update success - need restart -->
+              <div v-else-if="updateSuccess && needRestart" class="space-y-2">
+                <div class="flex items-center gap-3 p-3 rounded-lg bg-green-50 dark:bg-green-900/20 border border-green-200 dark:border-green-800/50">
+                  <div class="flex-shrink-0 w-8 h-8 rounded-full bg-green-100 dark:bg-green-900/50 flex items-center justify-center">
+                    <svg class="w-4 h-4 text-green-600 dark:text-green-400" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2">
+                      <path stroke-linecap="round" stroke-linejoin="round" d="M5 13l4 4L19 7" />
+                    </svg>
+                  </div>
+                  <div class="flex-1 min-w-0">
+                    <p class="text-sm font-medium text-green-700 dark:text-green-300">{{ t('version.updateComplete') }}</p>
+                    <p class="text-xs text-green-600/70 dark:text-green-400/70">{{ t('version.restartRequired') }}</p>
+                  </div>
+                </div>
+
+                <!-- Restart button -->
+                <button
+                  @click="handleRestart"
+                  :disabled="restarting"
+                  class="w-full flex items-center justify-center gap-2 px-4 py-2 rounded-lg text-sm font-medium text-white bg-green-500 hover:bg-green-600 disabled:opacity-50 disabled:cursor-not-allowed transition-colors"
+                >
+                  <svg v-if="restarting" class="animate-spin h-4 w-4" fill="none" viewBox="0 0 24 24">
+                    <circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle>
+                    <path class="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"></path>
+                  </svg>
+                  <svg v-else class="w-4 h-4" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2">
+                    <path stroke-linecap="round" stroke-linejoin="round" d="M4 4v5h.582m15.356 2A8.001 8.001 0 004.582 9m0 0H9m11 11v-5h-.581m0 0a8.003 8.003 0 01-15.357-2m15.357 2H15" />
+                  </svg>
+                  {{ restarting ? t('version.restarting') : t('version.restartNow') }}
+                </button>
+              </div>
+
+              <!-- Priority 3: Update available for source build - show git pull hint -->
+              <div v-else-if="hasUpdate && !isReleaseBuild" class="space-y-2">
                 <a
                   v-if="releaseInfo?.html_url && releaseInfo.html_url !== '#'"
                   :href="releaseInfo.html_url"
@@ -100,29 +157,53 @@
                 </div>
               </div>
 
-              <!-- Update available for release build - show download link -->
-              <a
-                v-else-if="hasUpdate && isReleaseBuild && releaseInfo?.html_url && releaseInfo.html_url !== '#'"
-                :href="releaseInfo.html_url"
-                target="_blank"
-                rel="noopener noreferrer"
-                class="flex items-center gap-3 p-3 rounded-lg bg-amber-50 dark:bg-amber-900/20 border border-amber-200 dark:border-amber-800/50 hover:bg-amber-100 dark:hover:bg-amber-900/30 transition-colors group"
-              >
-                <div class="flex-shrink-0 w-8 h-8 rounded-full bg-amber-100 dark:bg-amber-900/50 flex items-center justify-center">
-                  <svg class="w-4 h-4 text-amber-600 dark:text-amber-400" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2">
+              <!-- Priority 4: Update available for release build - show update button -->
+              <div v-else-if="hasUpdate && isReleaseBuild" class="space-y-2">
+                <!-- Update info card -->
+                <div class="flex items-center gap-3 p-3 rounded-lg bg-amber-50 dark:bg-amber-900/20 border border-amber-200 dark:border-amber-800/50">
+                  <div class="flex-shrink-0 w-8 h-8 rounded-full bg-amber-100 dark:bg-amber-900/50 flex items-center justify-center">
+                    <svg class="w-4 h-4 text-amber-600 dark:text-amber-400" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2">
+                      <path stroke-linecap="round" stroke-linejoin="round" d="M4 16v1a3 3 0 003 3h10a3 3 0 003-3v-1m-4-4l-4 4m0 0l-4-4m4 4V4" />
+                    </svg>
+                  </div>
+                  <div class="flex-1 min-w-0">
+                    <p class="text-sm font-medium text-amber-700 dark:text-amber-300">{{ t('version.updateAvailable') }}</p>
+                    <p class="text-xs text-amber-600/70 dark:text-amber-400/70">v{{ latestVersion }}</p>
+                  </div>
+                </div>
+
+                <!-- Update button -->
+                <button
+                  @click="handleUpdate"
+                  :disabled="updating"
+                  class="w-full flex items-center justify-center gap-2 px-4 py-2 rounded-lg text-sm font-medium text-white bg-primary-500 hover:bg-primary-600 disabled:opacity-50 disabled:cursor-not-allowed transition-colors"
+                >
+                  <svg v-if="updating" class="animate-spin h-4 w-4" fill="none" viewBox="0 0 24 24">
+                    <circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle>
+                    <path class="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"></path>
+                  </svg>
+                  <svg v-else class="w-4 h-4" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2">
                     <path stroke-linecap="round" stroke-linejoin="round" d="M4 16v1a3 3 0 003 3h10a3 3 0 003-3v-1m-4-4l-4 4m0 0l-4-4m4 4V4" />
                   </svg>
-                </div>
-                <div class="flex-1 min-w-0">
-                  <p class="text-sm font-medium text-amber-700 dark:text-amber-300">{{ t('version.updateAvailable') }}</p>
-                  <p class="text-xs text-amber-600/70 dark:text-amber-400/70">v{{ latestVersion }}</p>
-                </div>
-                <svg class="w-4 h-4 text-amber-500 dark:text-amber-400 group-hover:translate-x-0.5 transition-transform" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2">
-                  <path stroke-linecap="round" stroke-linejoin="round" d="M9 5l7 7-7 7" />
-                </svg>
-              </a>
+                  {{ updating ? t('version.updating') : t('version.updateNow') }}
+                </button>
 
-              <!-- GitHub link when up to date -->
+                <!-- View release link -->
+                <a
+                  v-if="releaseInfo?.html_url && releaseInfo.html_url !== '#'"
+                  :href="releaseInfo.html_url"
+                  target="_blank"
+                  rel="noopener noreferrer"
+                  class="flex items-center justify-center gap-1 text-xs text-gray-500 dark:text-dark-400 hover:text-gray-700 dark:hover:text-dark-200 transition-colors"
+                >
+                  {{ t('version.viewChangelog') }}
+                  <svg class="w-3 h-3" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2">
+                    <path stroke-linecap="round" stroke-linejoin="round" d="M10 6H6a2 2 0 00-2 2v10a2 2 0 002 2h10a2 2 0 002-2v-4M14 4h6m0 0v6m0-6L10 14" />
+                  </svg>
+                </a>
+              </div>
+
+              <!-- Priority 5: Up to date - show GitHub link -->
               <a
                 v-else-if="releaseInfo?.html_url && releaseInfo.html_url !== '#'"
                 :href="releaseInfo.html_url"
@@ -154,8 +235,8 @@
 <script setup lang="ts">
 import { ref, computed, onMounted, onBeforeUnmount } from 'vue';
 import { useI18n } from 'vue-i18n';
-import { useAuthStore } from '@/stores';
-import { checkUpdates, type VersionInfo, type ReleaseInfo } from '@/api/admin/system';
+import { useAuthStore, useAppStore } from '@/stores';
+import { performUpdate, restartService } from '@/api/admin/system';
 
 const { t } = useI18n();
 
@@ -164,18 +245,27 @@ const props = defineProps<{
 }>();
 
 const authStore = useAuthStore();
+const appStore = useAppStore();
 
 const isAdmin = computed(() => authStore.isAdmin);
 
-const loading = ref(false);
 const dropdownOpen = ref(false);
 const dropdownRef = ref<HTMLElement | null>(null);
 
-const currentVersion = ref('0.1.0');
-const latestVersion = ref('0.1.0');
-const hasUpdate = ref(false);
-const releaseInfo = ref<ReleaseInfo | null>(null);
-const buildType = ref('source'); // "source" or "release"
+// Use store's cached version state
+const loading = computed(() => appStore.versionLoading);
+const currentVersion = computed(() => appStore.currentVersion || props.version || '');
+const latestVersion = computed(() => appStore.latestVersion);
+const hasUpdate = computed(() => appStore.hasUpdate);
+const releaseInfo = computed(() => appStore.releaseInfo);
+const buildType = computed(() => appStore.buildType);
+
+// Update process states (local to this component)
+const updating = ref(false);
+const restarting = ref(false);
+const needRestart = ref(false);
+const updateError = ref('');
+const updateSuccess = ref(false);
 
 // Only show update check for release builds (binary/docker deployment)
 const isReleaseBuild = computed(() => buildType.value === 'release');
@@ -191,22 +281,54 @@ function closeDropdown() {
 async function refreshVersion(force = true) {
   if (!isAdmin.value) return;
 
-  loading.value = true;
+  // Reset update states when refreshing
+  updateError.value = '';
+  updateSuccess.value = false;
+  needRestart.value = false;
+
+  await appStore.fetchVersion(force);
+}
+
+async function handleUpdate() {
+  if (updating.value) return;
+
+  updating.value = true;
+  updateError.value = '';
+  updateSuccess.value = false;
+
   try {
-    const data: VersionInfo = await checkUpdates(force);
-    currentVersion.value = data.current_version;
-    latestVersion.value = data.latest_version;
-    buildType.value = data.build_type || 'source';
-    // Show update indicator for all build types
-    hasUpdate.value = data.has_update;
-    releaseInfo.value = data.release_info || null;
-  } catch (error) {
-    console.error('Failed to check updates:', error);
+    const result = await performUpdate();
+    updateSuccess.value = true;
+    needRestart.value = result.need_restart;
+    // Clear version cache to reflect update completed
+    appStore.clearVersionCache();
+  } catch (error: unknown) {
+    const err = error as { response?: { data?: { message?: string } }; message?: string };
+    updateError.value = err.response?.data?.message || err.message || t('version.updateFailed');
   } finally {
-    loading.value = false;
+    updating.value = false;
   }
 }
 
+async function handleRestart() {
+  if (restarting.value) return;
+
+  restarting.value = true;
+
+  try {
+    await restartService();
+    // Service will restart, page will reload automatically or show disconnected
+  } catch (error) {
+    // Expected - connection will be lost during restart
+    console.log('Service restarting...');
+  }
+
+  // Show restarting state for a while, then reload
+  setTimeout(() => {
+    window.location.reload();
+  }, 3000);
+}
+
 function handleClickOutside(event: MouseEvent) {
   const target = event.target as Node;
   const button = (event.target as Element).closest('button');
@@ -217,9 +339,8 @@ function handleClickOutside(event: MouseEvent) {
 
 onMounted(() => {
   if (isAdmin.value) {
-    refreshVersion(false);
-  } else if (props.version) {
-    currentVersion.value = props.version;
+    // Use cached version if available, otherwise fetch
+    appStore.fetchVersion(false);
   }
   document.addEventListener('click', handleClickOutside);
 });

frontend/src/components/layout/AppHeader.vue

@@ -108,7 +108,7 @@
                 </router-link>
 
                 <a
-                  href="https://github.com/fangyuan99/sub2api"
+                  href="https://github.com/Wei-Shaw/sub2api"
                   target="_blank"
                   rel="noopener noreferrer"
                   @click="closeDropdown"

frontend/src/i18n/locales/en.ts

@@ -543,6 +543,7 @@ export default {
         title: 'Subscription Settings',
         type: 'Billing Type',
         typeHint: 'Standard billing deducts from user balance. Subscription mode uses quota limits instead.',
+        typeNotEditable: 'Billing type cannot be changed after group creation.',
         standard: 'Standard (Balance)',
         subscription: 'Subscription (Quota)',
         dailyLimit: 'Daily Limit (USD)',
@@ -1023,9 +1024,18 @@ export default {
     noReleaseNotes: 'No release notes',
     viewUpdate: 'View Update',
     viewRelease: 'View Release',
+    viewChangelog: 'View Changelog',
     refresh: 'Refresh',
     sourceMode: 'Source Build',
-    sourceModeHint: 'Update detection is disabled for source builds. Use git pull to update.',
+    sourceModeHint: 'Source build, use git pull to update',
+    updateNow: 'Update Now',
+    updating: 'Updating...',
+    updateComplete: 'Update Complete',
+    updateFailed: 'Update Failed',
+    restartRequired: 'Please restart the service to apply the update',
+    restartNow: 'Restart Now',
+    restarting: 'Restarting...',
+    retry: 'Retry',
   },
 
   // User Subscriptions Page

frontend/src/i18n/locales/zh.ts

@@ -598,6 +598,7 @@ export default {
         title: '订阅设置',
         type: '计费类型',
         typeHint: '标准计费从用户余额扣除。订阅模式使用配额限制。',
+        typeNotEditable: '分组创建后无法修改计费类型。',
         standard: '标准（余额）',
         subscription: '订阅（配额）',
         dailyLimit: '每日限额（USD）',
@@ -1202,9 +1203,18 @@ export default {
     noReleaseNotes: '暂无更新日志',
     viewUpdate: '查看更新',
     viewRelease: '查看发布',
+    viewChangelog: '查看更新日志',
     refresh: '刷新',
     sourceMode: '源码构建',
-    sourceModeHint: '源码构建模式不支持更新检测，请使用 git pull 更新代码。',
+    sourceModeHint: '源码构建请使用 git pull 更新',
+    updateNow: '立即更新',
+    updating: '正在更新...',
+    updateComplete: '更新完成',
+    updateFailed: '更新失败',
+    restartRequired: '请重启服务以应用更新',
+    restartNow: '立即重启',
+    restarting: '正在重启...',
+    retry: '重试',
   },
 
   // User Subscriptions Page

frontend/src/main.ts

@@ -9,4 +9,8 @@ const app = createApp(App)
 app.use(createPinia())
 app.use(router)
 app.use(i18n)
-app.mount('#app')
+
+// 等待路由器完成初始导航后再挂载，避免竞态条件导致的空白渲染
+router.isReady().then(() => {
+  app.mount('#app')
+})

frontend/src/router/index.ts

@@ -305,9 +305,10 @@ router.beforeEach((to, _from, next) => {
 
   // If route doesn't require auth, allow access
   if (!requiresAuth) {
-    // If already authenticated and trying to access login/register, redirect to dashboard
+    // If already authenticated and trying to access login/register, redirect to appropriate dashboard
     if (authStore.isAuthenticated && (to.path === '/login' || to.path === '/register')) {
-      next('/dashboard');
+      // Admin users go to admin dashboard, regular users go to user dashboard
+      next(authStore.isAdmin ? '/admin/dashboard' : '/dashboard');
       return;
     }
     next();

frontend/src/stores/app.ts

@@ -6,14 +6,24 @@
 import { defineStore } from 'pinia';
 import { ref, computed } from 'vue';
 import type { Toast, ToastType } from '@/types';
+import { checkUpdates as checkUpdatesAPI, type VersionInfo, type ReleaseInfo } from '@/api/admin/system';
 
 export const useAppStore = defineStore('app', () => {
   // ==================== State ====================
-  
+
   const sidebarCollapsed = ref<boolean>(false);
   const loading = ref<boolean>(false);
   const toasts = ref<Toast[]>([]);
 
+  // Version cache state
+  const versionLoaded = ref<boolean>(false);
+  const versionLoading = ref<boolean>(false);
+  const currentVersion = ref<string>('');
+  const latestVersion = ref<string>('');
+  const hasUpdate = ref<boolean>(false);
+  const buildType = ref<string>('source');
+  const releaseInfo = ref<ReleaseInfo | null>(null);
+
   // Auto-incrementing ID for toasts
   let toastIdCounter = 0;
 
@@ -192,6 +202,56 @@ export const useAppStore = defineStore('app', () => {
     toasts.value = [];
   }
 
+  // ==================== Version Management ====================
+
+  /**
+   * Fetch version info (uses cache unless force=true)
+   * @param force - Force refresh from API
+   */
+  async function fetchVersion(force = false): Promise<VersionInfo | null> {
+    // Return cached data if available and not forcing refresh
+    if (versionLoaded.value && !force) {
+      return {
+        current_version: currentVersion.value,
+        latest_version: latestVersion.value,
+        has_update: hasUpdate.value,
+        build_type: buildType.value,
+        release_info: releaseInfo.value || undefined,
+        cached: true,
+      };
+    }
+
+    // Prevent duplicate requests
+    if (versionLoading.value) {
+      return null;
+    }
+
+    versionLoading.value = true;
+    try {
+      const data = await checkUpdatesAPI(force);
+      currentVersion.value = data.current_version;
+      latestVersion.value = data.latest_version;
+      hasUpdate.value = data.has_update;
+      buildType.value = data.build_type || 'source';
+      releaseInfo.value = data.release_info || null;
+      versionLoaded.value = true;
+      return data;
+    } catch (error) {
+      console.error('Failed to fetch version:', error);
+      return null;
+    } finally {
+      versionLoading.value = false;
+    }
+  }
+
+  /**
+   * Clear version cache (e.g., after update)
+   */
+  function clearVersionCache(): void {
+    versionLoaded.value = false;
+    hasUpdate.value = false;
+  }
+
   // ==================== Return Store API ====================
 
   return {
@@ -199,10 +259,19 @@ export const useAppStore = defineStore('app', () => {
     sidebarCollapsed,
     loading,
     toasts,
-    
+
+    // Version state
+    versionLoaded,
+    versionLoading,
+    currentVersion,
+    latestVersion,
+    hasUpdate,
+    buildType,
+    releaseInfo,
+
     // Computed
     hasActiveToasts,
-    
+
     // Actions
     toggleSidebar,
     setSidebarCollapsed,
@@ -217,5 +286,9 @@ export const useAppStore = defineStore('app', () => {
     withLoading,
     withLoadingAndError,
     reset,
+
+    // Version actions
+    fetchVersion,
+    clearVersionCache,
   };
 });

frontend/src/views/HomeView.vue

@@ -282,7 +282,7 @@ const siteSubtitle = ref('AI API Gateway Platform');
 const isDark = ref(document.documentElement.classList.contains('dark'));
 
 // GitHub URL
-const githubUrl = 'https://github.com/fangyuan99/sub2api';
+const githubUrl = 'https://github.com/Wei-Shaw/sub2api';
 
 // Auth state
 const isAuthenticated = computed(() => authStore.isAuthenticated);

frontend/src/views/admin/DashboardView.vue

@@ -406,7 +406,7 @@ const lineOptions = computed(() => ({
 
 // Model chart data
 const modelChartData = computed(() => {
-  if (!modelStats.value.length) return null
+  if (!modelStats.value?.length) return null
 
   const colors = [
     '#3b82f6', '#10b981', '#f59e0b', '#ef4444', '#8b5cf6',
@@ -425,7 +425,7 @@ const modelChartData = computed(() => {
 
 // Trend chart data
 const trendChartData = computed(() => {
-  if (!trendData.value.length) return null
+  if (!trendData.value?.length) return null
 
   return {
     labels: trendData.value.map(d => d.date),
@@ -460,7 +460,7 @@ const trendChartData = computed(() => {
 
 // User trend chart data
 const userTrendChartData = computed(() => {
-  if (!userTrend.value.length) return null
+  if (!userTrend.value?.length) return null
 
   // Group by user
   const userGroups = new Map<string, { name: string; data: Map<string, number> }>()

frontend/src/views/admin/GroupsView.vue

@@ -180,7 +180,7 @@
           />
           <p class="input-hint">{{ t('admin.groups.rateMultiplierHint') }}</p>
         </div>
-        <div class="flex items-center gap-3">
+        <div v-if="createForm.subscription_type !== 'subscription'" class="flex items-center gap-3">
           <button
             type="button"
             @click="createForm.is_exclusive = !createForm.is_exclusive"
@@ -323,7 +323,7 @@
             class="input"
           />
         </div>
-        <div class="flex items-center gap-3">
+        <div v-if="editForm.subscription_type !== 'subscription'" class="flex items-center gap-3">
           <button
             type="button"
             @click="editForm.is_exclusive = !editForm.is_exclusive"
@@ -360,8 +360,9 @@
             <Select
               v-model="editForm.subscription_type"
               :options="subscriptionTypeOptions"
+              :disabled="true"
             />
-            <p class="input-hint">{{ t('admin.groups.subscription.typeHint') }}</p>
+            <p class="input-hint">{{ t('admin.groups.subscription.typeNotEditable') }}</p>
           </div>
 
           <!-- Subscription limits (only show when subscription type is selected) -->
@@ -676,16 +677,11 @@ const confirmDelete = async () => {
   }
 }
 
-// 监听 subscription_type 变化，配额模式时重置 rate_multiplier 为 1
+// 监听 subscription_type 变化，订阅模式时重置 rate_multiplier 为 1，is_exclusive 为 true
 watch(() => createForm.subscription_type, (newVal) => {
   if (newVal === 'subscription') {
     createForm.rate_multiplier = 1.0
-  }
-})
-
-watch(() => editForm.subscription_type, (newVal) => {
-  if (newVal === 'subscription') {
-    editForm.rate_multiplier = 1.0
+    createForm.is_exclusive = true
   }
 })
 

frontend/src/views/user/DashboardView.vue

@@ -531,7 +531,7 @@ const lineOptions = computed(() => ({
 
 // Model chart data
 const modelChartData = computed(() => {
-  if (!modelStats.value.length) return null
+  if (!modelStats.value?.length) return null
 
   const colors = [
     '#3b82f6', '#10b981', '#f59e0b', '#ef4444', '#8b5cf6',
@@ -550,7 +550,7 @@ const modelChartData = computed(() => {
 
 // Trend chart data
 const trendChartData = computed(() => {
-  if (!trendData.value.length) return null
+  if (!trendData.value?.length) return null
 
   return {
     labels: trendData.value.map(d => d.date),
@@ -688,8 +688,9 @@ const loadChartData = async () => {
       usageAPI.getDashboardModels({ start_date: startDate.value, end_date: endDate.value }),
     ])
 
-    trendData.value = trendResponse.trend
-    modelStats.value = modelResponse.models
+    // Ensure we always have arrays, even if API returns null
+    trendData.value = trendResponse.trend || []
+    modelStats.value = modelResponse.models || []
   } catch (error) {
     console.error('Error loading chart data:', error)
   }