docs: update ByteDance Doubao model link in README

* feat: support gemini-2.0-flash

- Enhance model support by adding new entries and refining checks for system instruction compatibility.
- Update logging display behavior and adjust default quotas for better user experience.
- Revamp pricing structures in the billing system to reflect current model values and deprecate outdated entries.
- Streamline code by replacing hardcoded values with configurations for maintainability.

* feat: add new Gemini 2.0 flash models to adapter and billing ratio

* fix: update GetRequestURL to support gemini-1.5 model in versioning

.env.example

@@ -0,0 +1,3 @@
+PORT=3000
+DEBUG=false
+HTTPS_PROXY=http://localhost:7890

.github/FUNDING.yml

@@ -0,0 +1 @@
+custom: ['https://iamazing.cn/page/reward']

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,26 @@
+---
+name: 报告问题
+about: 使用简练详细的语言描述你遇到的问题
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**例行检查**
+
+[//]: # (方框内删除已有的空格，填 x 号)
++ [ ] 我已确认目前没有类似 issue
++ [ ] 我已确认我已升级到最新版本
++ [ ] 我已完整查看过项目 README，尤其是常见问题部分
++ [ ] 我理解并愿意跟进此 issue，协助测试和提供反馈 
++ [ ] 我理解并认可上述内容，并理解项目维护者精力有限，**不遵循规则的 issue 可能会被无视或直接关闭**
+
+**问题描述**
+
+**复现步骤**
+
+**预期结果**
+
+**相关截图**
+如果没有的话，请删除此节。

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: 项目群聊
+    url: https://openai.justsong.cn/
+    about: QQ 群：828520184，自动审核，备注 One API
+  - name: 赞赏支持
+    url: https://iamazing.cn/page/reward
+    about: 请作者喝杯咖啡，以激励作者持续开发

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,21 @@
+---
+name: 功能请求
+about: 使用简练详细的语言描述希望加入的新功能
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+**例行检查**
+
+[//]: # (方框内删除已有的空格，填 x 号)
++ [ ] 我已确认目前没有类似 issue
++ [ ] 我已确认我已升级到最新版本
++ [ ] 我已完整查看过项目 README，已确定现有版本无法满足需求
++ [ ] 我理解并愿意跟进此 issue，协助测试和提供反馈
++ [ ] 我理解并认可上述内容，并理解项目维护者精力有限，**不遵循规则的 issue 可能会被无视或直接关闭**
+
+**功能描述**
+
+**应用场景**

.github/workflows/ci.yml

@@ -0,0 +1,45 @@
+name: CI
+
+# This setup assumes that you run the unit tests with code coverage in the same
+# workflow that will also print the coverage report as comment to the pull request.
+# Therefore, you need to trigger this workflow when a pull request is (re)opened or
+# when new code is pushed to the branch of the pull request. In addition, you also
+# need to trigger this workflow when new code is pushed to the main branch because
+# we need to upload the code coverage results as artifact for the main branch as
+# well since it will be the baseline code coverage.
+#
+# We do not want to trigger the workflow for pushes to *any* branch because this
+# would trigger our jobs twice on pull requests (once from "push" event and once
+# from "pull_request->synchronize")
+on:
+  push:
+    branches:
+      - 'main'
+
+jobs:
+  unit_tests:
+    name: "Unit tests"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: ^1.22
+
+      # When you execute your unit tests, make sure to use the "-coverprofile" flag to write a
+      # coverage profile to a file. You will need the name of the file (e.g. "coverage.txt")
+      # in the next step as well as the next job.
+      - name: Test
+        run: go test -cover -coverprofile=coverage.txt ./...
+      - uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+  commit_lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: wagoid/commitlint-github-action@v6

.github/workflows/docker-image-amd64.yml

@@ -1,54 +0,0 @@
-name: Publish Docker image (amd64)
-
-on:
-  push:
-    tags:
-      - '*'
-  workflow_dispatch:
-    inputs:
-      name:
-        description: 'reason'
-        required: false
-jobs:
-  push_to_registries:
-    name: Push Docker image to multiple registries
-    runs-on: ubuntu-latest
-    permissions:
-      packages: write
-      contents: read
-    steps:
-      - name: Check out the repo
-        uses: actions/checkout@v3
-
-      - name: Save version info
-        run: |
-          git describe --tags > VERSION 
-
-      - name: Log in to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Log in to the Container registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: |
-            justsong/one-api
-            ghcr.io/${{ github.repository }}
-
-      - name: Build and push Docker images
-        uses: docker/build-push-action@v3
-        with:
-          context: .
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/docker-image.yml

@@ -1,9 +1,9 @@
-name: Publish Docker image (arm64)
+name: Publish Docker image
 
 on:
   push:
     tags:
-      - '*'
+      - 'v*.*.*'
   workflow_dispatch:
     inputs:
       name:
@@ -20,15 +20,22 @@ jobs:
       - name: Check out the repo
         uses: actions/checkout@v3
 
+      - name: Check repository URL
+        run: |
+          REPO_URL=$(git config --get remote.origin.url)
+          if [[ $REPO_URL == *"pro" ]]; then
+            exit 1
+          fi
+
       - name: Save version info
         run: |
           git describe --tags > VERSION 
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Log in to Docker Hub
         uses: docker/login-action@v2
@@ -48,14 +55,14 @@ jobs:
         uses: docker/metadata-action@v4
         with:
           images: |
-            justsong/one-api
-            ghcr.io/${{ github.repository }}
+            ${{ contains(github.ref, 'alpha') && 'justsong/one-api-alpha' || 'justsong/one-api' }}
+            ${{ contains(github.ref, 'alpha') && format('ghcr.io/{0}-alpha', github.repository) || format('ghcr.io/{0}', github.repository) }}
 
       - name: Build and push Docker images
         uses: docker/build-push-action@v3
         with:
           context: .
-          platforms: linux/amd64,linux/arm64
+          platforms: ${{ contains(github.ref, 'alpha') && 'linux/amd64' || 'linux/amd64' }}
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

.github/workflows/github-pages.yml

@@ -1,29 +0,0 @@
-name: Build GitHub Pages
-on:
-  workflow_dispatch:
-    inputs:
-      name:
-        description: 'Reason'
-        required: false
-jobs:
-  build-and-deploy:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout 🛎️
-        uses: actions/checkout@v2 # If you're using actions/checkout@v2 you must set persist-credentials to false in most cases for the deployment to work correctly.
-        with:
-          persist-credentials: false
-      - name: Install and Build 🔧 # This example project is built using npm and outputs the result to the 'build' folder. Replace with the commands required to build your project, or remove this step entirely if your site is pre-built.
-        env:
-          CI: ""
-        run: |
-          cd web
-          npm install
-          npm run build
-
-      - name: Deploy 🚀
-        uses: JamesIves/github-pages-deploy-action@releases/v3
-        with:
-          ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
-          BRANCH: gh-pages # The branch the action should deploy to.
-          FOLDER: web/build # The folder the action should deploy.

.github/workflows/linux-release.yml

@@ -5,7 +5,14 @@ permissions:
 on:
   push:
     tags:
-      - '*'
+      - 'v*.*.*'
+      - '!*-alpha*'
+      - '!*-preview*'
+  workflow_dispatch:
+    inputs:
+      name:
+        description: 'reason'
+        required: false
 jobs:
   release:
     runs-on: ubuntu-latest
@@ -14,6 +21,12 @@ jobs:
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
+      - name: Check repository URL
+        run: |
+          REPO_URL=$(git config --get remote.origin.url)
+          if [[ $REPO_URL == *"pro" ]]; then
+            exit 1
+          fi
       - uses: actions/setup-node@v3
         with:
           node-version: 16
@@ -22,8 +35,8 @@ jobs:
           CI: ""
         run: |
           cd web
-          npm install
-          REACT_APP_VERSION=$(git describe --tags) npm run build
+          git describe --tags > VERSION
+          REACT_APP_VERSION=$(git describe --tags) chmod u+x ./build.sh && ./build.sh
           cd ..
       - name: Set up Go
         uses: actions/setup-go@v3
@@ -32,7 +45,7 @@ jobs:
       - name: Build Backend (amd64)
         run: |
           go mod download
-          go build -ldflags "-s -w -X 'one-api/common.Version=$(git describe --tags)' -extldflags '-static'" -o one-api
+          go build -ldflags "-s -w -X 'github.com/songquanpeng/one-api/common.Version=$(git describe --tags)' -extldflags '-static'" -o one-api
 
       - name: Build Backend (arm64)
         run: |

.github/workflows/macos-release.yml

@@ -5,7 +5,14 @@ permissions:
 on:
   push:
     tags:
-      - '*'
+      - 'v*.*.*'
+      - '!*-alpha*'
+      - '!*-preview*'
+  workflow_dispatch:
+    inputs:
+      name:
+        description: 'reason'
+        required: false
 jobs:
   release:
     runs-on: macos-latest
@@ -14,6 +21,12 @@ jobs:
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
+      - name: Check repository URL
+        run: |
+          REPO_URL=$(git config --get remote.origin.url)
+          if [[ $REPO_URL == *"pro" ]]; then
+            exit 1
+          fi
       - uses: actions/setup-node@v3
         with:
           node-version: 16
@@ -22,8 +35,8 @@ jobs:
           CI: ""
         run: |
           cd web
-          npm install
-          REACT_APP_VERSION=$(git describe --tags) npm run build
+          git describe --tags > VERSION
+          REACT_APP_VERSION=$(git describe --tags) chmod u+x ./build.sh && ./build.sh
           cd ..
       - name: Set up Go
         uses: actions/setup-go@v3
@@ -32,7 +45,7 @@ jobs:
       - name: Build Backend
         run: |
           go mod download
-          go build -ldflags "-X 'one-api/common.Version=$(git describe --tags)'" -o one-api-macos
+          go build -ldflags "-X 'github.com/songquanpeng/one-api/common.Version=$(git describe --tags)'" -o one-api-macos
       - name: Release
         uses: softprops/action-gh-release@v1
         if: startsWith(github.ref, 'refs/tags/')

.github/workflows/windows-release.yml

@@ -5,7 +5,14 @@ permissions:
 on:
   push:
     tags:
-      - '*'
+      - 'v*.*.*'
+      - '!*-alpha*'
+      - '!*-preview*'
+  workflow_dispatch:
+    inputs:
+      name:
+        description: 'reason'
+        required: false
 jobs:
   release:
     runs-on: windows-latest
@@ -17,6 +24,12 @@ jobs:
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
+      - name: Check repository URL
+        run: |
+          REPO_URL=$(git config --get remote.origin.url)
+          if [[ $REPO_URL == *"pro" ]]; then
+            exit 1
+          fi
       - uses: actions/setup-node@v3
         with:
           node-version: 16
@@ -24,10 +37,10 @@ jobs:
         env:
           CI: ""
         run: |
-          cd web
+          cd web/default
           npm install
           REACT_APP_VERSION=$(git describe --tags) npm run build
-          cd ..
+          cd ../..
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
@@ -35,7 +48,7 @@ jobs:
       - name: Build Backend
         run: |
           go mod download
-          go build -ldflags "-s -w -X 'one-api/common.Version=$(git describe --tags)'" -o one-api.exe
+          go build -ldflags "-s -w -X 'github.com/songquanpeng/one-api/common.Version=$(git describe --tags)'" -o one-api.exe
       - name: Release
         uses: softprops/action-gh-release@v1
         if: startsWith(github.ref, 'refs/tags/')

.gitignore

@@ -4,3 +4,12 @@ upload
 *.exe
 *.db
 build
+*.db-journal
+logs
+data
+/web/node_modules
+cmd.md
+.env
+/one-api
+temp
+.DS_Store

Dockerfile

@@ -1,31 +1,47 @@
-FROM node:16 as builder
+FROM --platform=$BUILDPLATFORM node:16 AS builder
 
-WORKDIR /build
-COPY ./web .
+WORKDIR /web
 COPY ./VERSION .
-RUN npm install
-RUN REACT_APP_VERSION=$(cat VERSION) npm run build
+COPY ./web .
 
-FROM golang AS builder2
+RUN npm install --prefix /web/default & \
+    npm install --prefix /web/berry & \
+    npm install --prefix /web/air & \
+    wait
+
+RUN DISABLE_ESLINT_PLUGIN='true' REACT_APP_VERSION=$(cat ./VERSION) npm run build --prefix /web/default & \
+    DISABLE_ESLINT_PLUGIN='true' REACT_APP_VERSION=$(cat ./VERSION) npm run build --prefix /web/berry & \
+    DISABLE_ESLINT_PLUGIN='true' REACT_APP_VERSION=$(cat ./VERSION) npm run build --prefix /web/air & \
+    wait
+
+FROM golang:alpine AS builder2
+
+RUN apk add --no-cache \
+    gcc \
+    musl-dev \
+    sqlite-dev \
+    build-base
 
 ENV GO111MODULE=on \
     CGO_ENABLED=1 \
     GOOS=linux
 
 WORKDIR /build
-COPY . .
-COPY --from=builder /build/build ./web/build
+
+ADD go.mod go.sum ./
 RUN go mod download
-RUN go build -ldflags "-s -w -X 'one-api/common.Version=$(cat VERSION)' -extldflags '-static'" -o one-api
 
-FROM alpine
+COPY . .
+COPY --from=builder /web/build ./web/build
+
+RUN go build -trimpath -ldflags "-s -w -X 'github.com/songquanpeng/one-api/common.Version=$(cat VERSION)' -linkmode external -extldflags '-static'" -o one-api
+
+FROM alpine:latest
+
+RUN apk add --no-cache ca-certificates tzdata
 
-RUN apk update \
-    && apk upgrade \
-    && apk add --no-cache ca-certificates tzdata \
-    && update-ca-certificates 2>/dev/null || true
-ENV PORT=3000
 COPY --from=builder2 /build/one-api /
+
 EXPOSE 3000
 WORKDIR /data
 ENTRYPOINT ["/one-api"]

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022 JustSong
+Copyright (c) 2023 JustSong
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.en.md

@@ -0,0 +1,329 @@
+<p align="right">
+    <a href="./README.md">中文</a> | <strong>English</strong> | <a href="./README.ja.md">日本語</a>
+</p>
+
+<p align="center">
+  <a href="https://github.com/songquanpeng/one-api"><img src="https://raw.githubusercontent.com/songquanpeng/one-api/main/web/default/public/logo.png" width="150" height="150" alt="one-api logo"></a>
+</p>
+
+<div align="center">
+
+# One API
+
+_✨ Access all LLM through the standard OpenAI API format, easy to deploy & use ✨_
+
+</div>
+
+<p align="center">
+  <a href="https://raw.githubusercontent.com/songquanpeng/one-api/main/LICENSE">
+    <img src="https://img.shields.io/github/license/songquanpeng/one-api?color=brightgreen" alt="license">
+  </a>
+  <a href="https://github.com/songquanpeng/one-api/releases/latest">
+    <img src="https://img.shields.io/github/v/release/songquanpeng/one-api?color=brightgreen&include_prereleases" alt="release">
+  </a>
+  <a href="https://hub.docker.com/repository/docker/justsong/one-api">
+    <img src="https://img.shields.io/docker/pulls/justsong/one-api?color=brightgreen" alt="docker pull">
+  </a>
+  <a href="https://github.com/songquanpeng/one-api/releases/latest">
+    <img src="https://img.shields.io/github/downloads/songquanpeng/one-api/total?color=brightgreen&include_prereleases" alt="release">
+  </a>
+  <a href="https://goreportcard.com/report/github.com/songquanpeng/one-api">
+    <img src="https://goreportcard.com/badge/github.com/songquanpeng/one-api" alt="GoReportCard">
+  </a>
+</p>
+
+<p align="center">
+  <a href="#deployment">Deployment Tutorial</a>
+  ·
+  <a href="#usage">Usage</a>
+  ·
+  <a href="https://github.com/songquanpeng/one-api/issues">Feedback</a>
+  ·
+  <a href="#screenshots">Screenshots</a>
+  ·
+  <a href="https://openai.justsong.cn/">Live Demo</a>
+  ·
+  <a href="#faq">FAQ</a>
+  ·
+  <a href="#related-projects">Related Projects</a>
+  ·
+  <a href="https://iamazing.cn/page/reward">Donate</a>
+</p>
+
+> **Warning**: This README is translated by ChatGPT. Please feel free to submit a PR if you find any translation errors.
+
+> **Note**: The latest image pulled from Docker may be an `alpha` release. Specify the version manually if you require stability.
+
+## Features
+1. Support for multiple large models:
+   + [x] [OpenAI ChatGPT Series Models](https://platform.openai.com/docs/guides/gpt/chat-completions-api) (Supports [Azure OpenAI API](https://learn.microsoft.com/en-us/azure/ai-services/openai/reference))
+   + [x] [Anthropic Claude Series Models](https://anthropic.com)
+   + [x] [Google PaLM2 and Gemini Series Models](https://developers.generativeai.google)
+   + [x] [Baidu Wenxin Yiyuan Series Models](https://cloud.baidu.com/doc/WENXINWORKSHOP/index.html)
+   + [x] [Alibaba Tongyi Qianwen Series Models](https://help.aliyun.com/document_detail/2400395.html)
+   + [x] [Zhipu ChatGLM Series Models](https://bigmodel.cn)
+2. Supports access to multiple channels through **load balancing**.
+3. Supports **stream mode** that enables typewriter-like effect through stream transmission.
+4. Supports **multi-machine deployment**. [See here](#multi-machine-deployment) for more details.
+5. Supports **token management** that allows setting token expiration time and usage count.
+6. Supports **voucher management** that enables batch generation and export of vouchers. Vouchers can be used for account balance replenishment.
+7. Supports **channel management** that allows bulk creation of channels.
+8. Supports **user grouping** and **channel grouping** for setting different rates for different groups.
+9. Supports channel **model list configuration**.
+10. Supports **quota details checking**.
+11. Supports **user invite rewards**.
+12. Allows display of balance in USD.
+13. Supports announcement publishing, recharge link setting, and initial balance setting for new users.
+14. Offers rich **customization** options:
+    1. Supports customization of system name, logo, and footer.
+    2. Supports customization of homepage and about page using HTML & Markdown code, or embedding a standalone webpage through iframe.
+15. Supports management API access through system access tokens.
+16. Supports Cloudflare Turnstile user verification.
+17. Supports user management and multiple user login/registration methods:
+    + Email login/registration and password reset via email.
+    + [GitHub OAuth](https://github.com/settings/applications/new).
+    + WeChat Official Account authorization (requires additional deployment of [WeChat Server](https://github.com/songquanpeng/wechat-server)).
+18. Immediate support and encapsulation of other major model APIs as they become available.
+
+## Deployment
+### Docker Deployment
+
+Deployment command:
+`docker run --name one-api -d --restart always -p 3000:3000 -e TZ=Asia/Shanghai -v /home/ubuntu/data/one-api:/data justsong/one-api`
+
+Update command: `docker run --rm -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower -cR`
+
+The first `3000` in `-p 3000:3000` is the port of the host, which can be modified as needed.
+
+Data will be saved in the `/home/ubuntu/data/one-api` directory on the host. Ensure that the directory exists and has write permissions, or change it to a suitable directory.
+
+Nginx reference configuration:
+```
+server{
+   server_name openai.justsong.cn;  # Modify your domain name accordingly
+
+   location / {
+          client_max_body_size  64m;
+          proxy_http_version 1.1;
+          proxy_pass http://localhost:3000;  # Modify your port accordingly
+          proxy_set_header Host $host;
+          proxy_set_header X-Forwarded-For $remote_addr;
+          proxy_cache_bypass $http_upgrade;
+          proxy_set_header Accept-Encoding gzip;
+   }
+}
+```
+
+Next, configure HTTPS with Let's Encrypt certbot:
+```bash
+# Install certbot on Ubuntu:
+sudo snap install --classic certbot
+sudo ln -s /snap/bin/certbot /usr/bin/certbot
+# Generate certificates & modify Nginx configuration
+sudo certbot --nginx
+# Follow the prompts
+# Restart Nginx
+sudo service nginx restart
+```
+
+The initial account username is `root` and password is `123456`.
+
+### Manual Deployment
+1. Download the executable file from [GitHub Releases](https://github.com/songquanpeng/one-api/releases/latest) or compile from source:
+   ```shell
+   git clone https://github.com/songquanpeng/one-api.git
+
+   # Build the frontend
+   cd one-api/web/default
+   npm install
+   npm run build
+
+   # Build the backend
+   cd ../..
+   go mod download
+   go build -ldflags "-s -w" -o one-api
+   ```
+2. Run:
+   ```shell
+   chmod u+x one-api
+   ./one-api --port 3000 --log-dir ./logs
+   ```
+3. Access [http://localhost:3000/](http://localhost:3000/) and log in. The initial account username is `root` and password is `123456`.
+
+For more detailed deployment tutorials, please refer to [this page](https://iamazing.cn/page/how-to-deploy-a-website).
+
+### Multi-machine Deployment
+1. Set the same `SESSION_SECRET` for all servers.
+2. Set `SQL_DSN` and use MySQL instead of SQLite. All servers should connect to the same database.
+3. Set the `NODE_TYPE` for all non-master nodes to `slave`.
+4. Set `SYNC_FREQUENCY` for servers to periodically sync configurations from the database.
+5. Non-master nodes can optionally set `FRONTEND_BASE_URL` to redirect page requests to the master server.
+6. Install Redis separately on non-master nodes, and configure `REDIS_CONN_STRING` so that the database can be accessed with zero latency when the cache has not expired.
+7. If the main server also has high latency accessing the database, Redis must be enabled and `SYNC_FREQUENCY` must be set to periodically sync configurations from the database.
+
+Please refer to the [environment variables](#environment-variables) section for details on using environment variables.
+
+### Deployment on Control Panels (e.g., Baota)
+Refer to [#175](https://github.com/songquanpeng/one-api/issues/175) for detailed instructions.
+
+If you encounter a blank page after deployment, refer to [#97](https://github.com/songquanpeng/one-api/issues/97) for possible solutions.
+
+### Deployment on Third-Party Platforms
+<details>
+<summary><strong>Deploy on Sealos</strong></summary>
+<div>
+
+> Sealos supports high concurrency, dynamic scaling, and stable operations for millions of users.
+
+> Click the button below to deploy with one click.👇
+
+[![](https://raw.githubusercontent.com/labring-actions/templates/main/Deploy-on-Sealos.svg)](https://cloud.sealos.io/?openapp=system-fastdeploy?templateName=one-api)
+
+
+</div>
+</details>
+
+<details>
+<summary><strong>Deployment on Zeabur</strong></summary>
+<div>
+
+> Zeabur's servers are located overseas, automatically solving network issues, and the free quota is sufficient for personal usage.
+
+[![Deploy on Zeabur](https://zeabur.com/button.svg)](https://zeabur.com/templates/7Q0KO3)
+
+1. First, fork the code.
+2. Go to [Zeabur](https://zeabur.com?referralCode=songquanpeng), log in, and enter the console.
+3. Create a new project. In Service -> Add Service, select Marketplace, and choose MySQL. Note down the connection parameters (username, password, address, and port).
+4. Copy the connection parameters and run ```create database `one-api` ``` to create the database.
+5. Then, in Service -> Add Service, select Git (authorization is required for the first use) and choose your forked repository.
+6. Automatic deployment will start, but please cancel it for now. Go to the Variable tab, add a `PORT` with a value of `3000`, and then add a `SQL_DSN` with a value of `<username>:<password>@tcp(<addr>:<port>)/one-api`. Save the changes. Please note that if `SQL_DSN` is not set, data will not be persisted, and the data will be lost after redeployment.
+7. Select Redeploy.
+8. In the Domains tab, select a suitable domain name prefix, such as "my-one-api". The final domain name will be "my-one-api.zeabur.app". You can also CNAME your own domain name.
+9. Wait for the deployment to complete, and click on the generated domain name to access One API.
+
+</div>
+</details>
+
+## Configuration
+The system is ready to use out of the box.
+
+You can configure it by setting environment variables or command line parameters.
+
+After the system starts, log in as the `root` user to further configure the system.
+
+## Usage
+Add your API Key on the `Channels` page, and then add an access token on the `Tokens` page.
+
+You can then use your access token to access One API. The usage is consistent with the [OpenAI API](https://platform.openai.com/docs/api-reference/introduction).
+
+In places where the OpenAI API is used, remember to set the API Base to your One API deployment address, for example: `https://openai.justsong.cn`. The API Key should be the token generated in One API.
+
+Note that the specific API Base format depends on the client you are using.
+
+```mermaid
+graph LR
+    A(User)
+    A --->|Request| B(One API)
+    B -->|Relay Request| C(OpenAI)
+    B -->|Relay Request| D(Azure)
+    B -->|Relay Request| E(Other downstream channels)
+```
+
+To specify which channel to use for the current request, you can add the channel ID after the token, for example: `Authorization: Bearer ONE_API_KEY-CHANNEL_ID`.
+Note that the token needs to be created by an administrator to specify the channel ID.
+
+If the channel ID is not provided, load balancing will be used to distribute the requests to multiple channels.
+
+### Environment Variables
+1. `REDIS_CONN_STRING`: When set, Redis will be used as the storage for request rate limiting instead of memory.
+    + Example: `REDIS_CONN_STRING=redis://default:redispw@localhost:49153`
+2. `SESSION_SECRET`: When set, a fixed session key will be used to ensure that cookies of logged-in users are still valid after the system restarts.
+    + Example: `SESSION_SECRET=random_string`
+3. `SQL_DSN`: When set, the specified database will be used instead of SQLite. Please use MySQL version 8.0.
+    + Example: `SQL_DSN=root:123456@tcp(localhost:3306)/oneapi`
+4. `LOG_SQL_DSN`: When set, a separate database will be used for the `logs` table; please use MySQL or PostgreSQL.
+    + Example: `LOG_SQL_DSN=root:123456@tcp(localhost:3306)/oneapi-logs`
+5. `FRONTEND_BASE_URL`: When set, the specified frontend address will be used instead of the backend address.
+    + Example: `FRONTEND_BASE_URL=https://openai.justsong.cn`
+6. 'MEMORY_CACHE_ENABLED': Enabling memory caching can cause a certain delay in updating user quotas, with optional values of 'true' and 'false'. If not set, it defaults to 'false'.
+7. `SYNC_FREQUENCY`: When set, the system will periodically sync configurations from the database, with the unit in seconds. If not set, no sync will happen.
+    + Example: `SYNC_FREQUENCY=60`
+8. `NODE_TYPE`: When set, specifies the node type. Valid values are `master` and `slave`. If not set, it defaults to `master`.
+    + Example: `NODE_TYPE=slave`
+9. `CHANNEL_UPDATE_FREQUENCY`: When set, it periodically updates the channel balances, with the unit in minutes. If not set, no update will happen.
+    + Example: `CHANNEL_UPDATE_FREQUENCY=1440`
+10. `CHANNEL_TEST_FREQUENCY`: When set, it periodically tests the channels, with the unit in minutes. If not set, no test will happen.
+    + Example: `CHANNEL_TEST_FREQUENCY=1440`
+11. `POLLING_INTERVAL`: The time interval (in seconds) between requests when updating channel balances and testing channel availability. Default is no interval.
+    + Example: `POLLING_INTERVAL=5`
+12. `BATCH_UPDATE_ENABLED`: Enabling batch database update aggregation can cause a certain delay in updating user quotas. The optional values are 'true' and 'false', but if not set, it defaults to 'false'.
+    +Example: ` BATCH_UPDATE_ENABLED=true`
+    +If you encounter an issue with too many database connections, you can try enabling this option.
+13. `BATCH_UPDATE_INTERVAL=5`: The time interval for batch updating aggregates, measured in seconds, defaults to '5'.
+    +Example: ` BATCH_UPDATE_INTERVAL=5`
+14. Request frequency limit:
+    + `GLOBAL_API_RATE_LIMIT`: Global API rate limit (excluding relay requests), the maximum number of requests within three minutes per IP, default to 180.
+    + `GLOBAL_WEL_RATE_LIMIT`: Global web speed limit, the maximum number of requests within three minutes per IP, default to 60.
+15. Encoder cache settings:
+    +`TIKTOKEN_CACHE_DIR`: By default, when the program starts, it will download the encoding of some common word elements online, such as' gpt-3.5 turbo '. In some unstable network environments or offline situations, it may cause startup problems. This directory can be configured to cache data and can be migrated to an offline environment.
+    +`DATA_GYM_CACHE_DIR`: Currently, this configuration has the same function as' TIKTOKEN-CACHE-DIR ', but its priority is not as high as it.
+16. `RELAY_TIMEOUT`: Relay timeout setting, measured in seconds, with no default timeout time set.
+17. `RELAY_PROXY`: After setting up, use this proxy to request APIs.
+18. `USER_CONTENT_REQUEST_TIMEOUT`: The timeout period for users to upload and download content, measured in seconds.
+19. `USER_CONTENT_REQUEST_PROXY`: After setting up, use this agent to request content uploaded by users, such as images.
+20. `SQLITE_BUSY_TIMEOUT`: SQLite lock wait timeout setting, measured in milliseconds, default to '3000'.
+21. `GEMINI_SAFETY_SETTING`: Gemini's security settings are set to 'BLOCK-NONE' by default.
+22. `GEMINI_VERSION`: The Gemini version used by the One API, which defaults to 'v1'.
+23. `THE`: The system's theme setting, default to 'default', specific optional values refer to [here] (./web/README. md).
+24. `ENABLE_METRIC`: Whether to disable channels based on request success rate, default not enabled, optional values are 'true' and 'false'.
+25. `METRIC_QUEUE_SIZE`: Request success rate statistics queue size, default to '10'.
+26. `METRIC_SUCCESS_RATE_THRESHOLD`: Request success rate threshold, default to '0.8'.
+27. `INITIAL_ROOT_TOKEN`: If this value is set, a root user token with the value of the environment variable will be automatically created when the system starts for the first time.
+28. `INITIAL_ROOT_ACCESS_TOKEN`: If this value is set, a system management token will be automatically created for the root user with a value of the environment variable when the system starts for the first time.
+
+### Command Line Parameters
+1. `--port <port_number>`: Specifies the port number on which the server listens. Defaults to `3000`.
+    + Example: `--port 3000`
+2. `--log-dir <log_dir>`: Specifies the log directory. If not set, the logs will not be saved.
+    + Example: `--log-dir ./logs`
+3. `--version`: Prints the system version number and exits.
+4. `--help`: Displays the command usage help and parameter descriptions.
+
+## Screenshots
+![channel](https://user-images.githubusercontent.com/39998050/233837954-ae6683aa-5c4f-429f-a949-6645a83c9490.png)
+![token](https://user-images.githubusercontent.com/39998050/233837971-dab488b7-6d96-43af-b640-a168e8d1c9bf.png)
+
+## FAQ
+1. What is quota? How is it calculated? Does One API have quota calculation issues?
+    + Quota = Group multiplier * Model multiplier * (number of prompt tokens + number of completion tokens * completion multiplier)
+    + The completion multiplier is fixed at 1.33 for GPT3.5 and 2 for GPT4, consistent with the official definition.
+    + If it is not a stream mode, the official API will return the total number of tokens consumed. However, please note that the consumption multipliers for prompts and completions are different.
+2. Why does it prompt "insufficient quota" even though my account balance is sufficient?
+    + Please check if your token quota is sufficient. It is separate from the account balance.
+    + The token quota is used to set the maximum usage and can be freely set by the user.
+3. It says "No available channels" when trying to use a channel. What should I do?
+    + Please check the user and channel group settings.
+    + Also check the channel model settings.
+4. Channel testing reports an error: "invalid character '<' looking for beginning of value"
+    + This error occurs when the returned value is not valid JSON but an HTML page.
+    + Most likely, the IP of your deployment site or the node of the proxy has been blocked by CloudFlare.
+5. ChatGPT Next Web reports an error: "Failed to fetch"
+    + Do not set `BASE_URL` during deployment.
+    + Double-check that your interface address and API Key are correct.
+
+## Related Projects
+* [FastGPT](https://github.com/labring/FastGPT): Knowledge question answering system based on the LLM
+* [VChart](https://github.com/VisActor/VChart):  More than just a cross-platform charting library, but also an expressive data storyteller.
+* [VMind](https://github.com/VisActor/VMind):  Not just automatic, but also fantastic. Open-source solution for intelligent visualization.
+* * [CherryStudio](https://github.com/CherryHQ/cherry-studio):  A cross-platform AI client that integrates multiple service providers and supports local knowledge base management.
+
+## Note
+This project is an open-source project. Please use it in compliance with OpenAI's [Terms of Use](https://openai.com/policies/terms-of-use) and **applicable laws and regulations**. It must not be used for illegal purposes.
+
+This project is released under the MIT license. Based on this, attribution and a link to this project must be included at the bottom of the page.
+
+The same applies to derivative projects based on this project.
+
+If you do not wish to include attribution, prior authorization must be obtained.
+
+According to the MIT license, users should bear the risk and responsibility of using this project, and the developer of this open-source project is not responsible for this.

README.ja.md

@@ -0,0 +1,301 @@
+<p align="right">
+    <a href="./README.md">中文</a> | <a href="./README.en.md">English</a> | <strong>日本語</strong>
+</p>
+
+<p align="center">
+  <a href="https://github.com/songquanpeng/one-api"><img src="https://raw.githubusercontent.com/songquanpeng/one-api/main/web/default/public/logo.png" width="150" height="150" alt="one-api logo"></a>
+</p>
+
+<div align="center">
+
+# One API
+
+_✨ 標準的な OpenAI API フォーマットを通じてすべての LLM にアクセスでき、導入と利用が容易です ✨_
+
+</div>
+
+<p align="center">
+  <a href="https://raw.githubusercontent.com/songquanpeng/one-api/main/LICENSE">
+    <img src="https://img.shields.io/github/license/songquanpeng/one-api?color=brightgreen" alt="license">
+  </a>
+  <a href="https://github.com/songquanpeng/one-api/releases/latest">
+    <img src="https://img.shields.io/github/v/release/songquanpeng/one-api?color=brightgreen&include_prereleases" alt="release">
+  </a>
+  <a href="https://hub.docker.com/repository/docker/justsong/one-api">
+    <img src="https://img.shields.io/docker/pulls/justsong/one-api?color=brightgreen" alt="docker pull">
+  </a>
+  <a href="https://github.com/songquanpeng/one-api/releases/latest">
+    <img src="https://img.shields.io/github/downloads/songquanpeng/one-api/total?color=brightgreen&include_prereleases" alt="release">
+  </a>
+  <a href="https://goreportcard.com/report/github.com/songquanpeng/one-api">
+    <img src="https://goreportcard.com/badge/github.com/songquanpeng/one-api" alt="GoReportCard">
+  </a>
+</p>
+
+<p align="center">
+  <a href="#deployment">デプロイチュートリアル</a>
+  ·
+  <a href="#usage">使用方法</a>
+  ·
+  <a href="https://github.com/songquanpeng/one-api/issues">フィードバック</a>
+  ·
+  <a href="#screenshots">スクリーンショット</a>
+  ·
+  <a href="https://openai.justsong.cn/">ライブデモ</a>
+  ·
+  <a href="#faq">FAQ</a>
+  ·
+  <a href="#related-projects">関連プロジェクト</a>
+  ·
+  <a href="https://iamazing.cn/page/reward">寄付</a>
+</p>
+
+> **警告**: この README は ChatGPT によって翻訳されています。翻訳ミスを発見した場合は遠慮なく PR を投稿してください。
+
+> **注**: Docker からプルされた最新のイメージは、`alpha` リリースかもしれません。安定性が必要な場合は、手動でバージョンを指定してください。
+
+## 特徴
+1. 複数の大型モデルをサポート:
+   + [x] [OpenAI ChatGPT シリーズモデル](https://platform.openai.com/docs/guides/gpt/chat-completions-api) ([Azure OpenAI API](https://learn.microsoft.com/en-us/azure/ai-services/openai/reference) をサポート)
+   + [x] [Anthropic Claude シリーズモデル](https://anthropic.com)
+   + [x] [Google PaLM2/Gemini シリーズモデル](https://developers.generativeai.google)
+   + [x] [Baidu Wenxin Yiyuan シリーズモデル](https://cloud.baidu.com/doc/WENXINWORKSHOP/index.html)
+   + [x] [Alibaba Tongyi Qianwen シリーズモデル](https://help.aliyun.com/document_detail/2400395.html)
+   + [x] [Zhipu ChatGLM シリーズモデル](https://bigmodel.cn)
+2. **ロードバランシング**による複数チャンネルへのアクセスをサポート。
+3. ストリーム伝送によるタイプライター的効果を可能にする**ストリームモード**に対応。
+4. **マルチマシンデプロイ**に対応。[詳細はこちら](#multi-machine-deployment)を参照。
+5. トークンの有効期限や使用回数を設定できる**トークン管理**に対応しています。
+6. **バウチャー管理**に対応しており、バウチャーの一括生成やエクスポートが可能です。バウチャーは口座残高の補充に利用できます。
+7. **チャンネル管理**に対応し、チャンネルの一括作成が可能。
+8. グループごとに異なるレートを設定するための**ユーザーグループ**と**チャンネルグループ**をサポートしています。
+9. チャンネル**モデルリスト設定**に対応。
+10. **クォータ詳細チェック**をサポート。
+11. **ユーザー招待報酬**をサポートします。
+12. 米ドルでの残高表示が可能。
+13. 新規ユーザー向けのお知らせ公開、リチャージリンク設定、初期残高設定に対応。
+14. 豊富な**カスタマイズ**オプションを提供します:
+    1. システム名、ロゴ、フッターのカスタマイズが可能。
+    2. HTML と Markdown コードを使用したホームページとアバウトページのカスタマイズ、または iframe を介したスタンドアロンウェブページの埋め込みをサポートしています。
+15. システム・アクセストークンによる管理 API アクセスをサポートする。
+16. Cloudflare Turnstile によるユーザー認証に対応。
+17. ユーザー管理と複数のユーザーログイン/登録方法をサポート:
+    + 電子メールによるログイン/登録とパスワードリセット。
+    + [GitHub OAuth](https://github.com/settings/applications/new)。
+    + WeChat 公式アカウントの認証（[WeChat Server](https://github.com/songquanpeng/wechat-server)の追加導入が必要）。
+18. 他の主要なモデル API が利用可能になった場合、即座にサポートし、カプセル化する。
+
+## デプロイメント
+### Docker デプロイメント
+
+デプロイコマンド:
+`docker run --name one-api -d --restart always -p 3000:3000 -e TZ=Asia/Shanghai -v /home/ubuntu/data/one-api:/data justsong/one-api`。
+
+コマンドを更新する: `docker run --rm -v /var/run/docker.sock:/var/run/docker.sock containrr/watchtower -cR`。
+
+`-p 3000:3000` の最初の `3000` はホストのポートで、必要に応じて変更できます。
+
+データはホストの `/home/ubuntu/data/one-api` ディレクトリに保存される。このディレクトリが存在し、書き込み権限があることを確認する、もしくは適切なディレクトリに変更してください。
+
+Nginxリファレンス設定:
+```
+server{
+   server_name openai.justsong.cn;  # ドメイン名は適宜変更
+
+   location / {
+          client_max_body_size  64m;
+          proxy_http_version 1.1;
+          proxy_pass http://localhost:3000;  # それに応じてポートを変更
+          proxy_set_header Host $host;
+          proxy_set_header X-Forwarded-For $remote_addr;
+          proxy_cache_bypass $http_upgrade;
+          proxy_set_header Accept-Encoding gzip;
+          proxy_read_timeout 300s;  # GPT-4 はより長いタイムアウトが必要
+   }
+}
+```
+
+次に、Let's Encrypt certbot を使って HTTPS を設定します:
+```bash
+# Ubuntu に certbot をインストール:
+sudo snap install --classic certbot
+sudo ln -s /snap/bin/certbot /usr/bin/certbot
+# 証明書の生成と Nginx 設定の変更
+sudo certbot --nginx
+# プロンプトに従う
+# Nginx を再起動
+sudo service nginx restart
+```
+
+初期アカウントのユーザー名は `root` で、パスワードは `123456` です。
+
+### マニュアルデプロイ
+1. [GitHub Releases](https://github.com/songquanpeng/one-api/releases/latest) から実行ファイルをダウンロードする、もしくはソースからコンパイルする:
+   ```shell
+   git clone https://github.com/songquanpeng/one-api.git
+
+   # フロントエンドのビルド
+   cd one-api/web/default
+   npm install
+   npm run build
+
+   # バックエンドのビルド
+   cd ../..
+   go mod download
+   go build -ldflags "-s -w" -o one-api
+   ```
+2. 実行:
+   ```shell
+   chmod u+x one-api
+   ./one-api --port 3000 --log-dir ./logs
+   ```
+3. [http://localhost:3000/](http://localhost:3000/) にアクセスし、ログインする。初期アカウントのユーザー名は `root`、パスワードは `123456` である。
+
+より詳細なデプロイのチュートリアルについては、[このページ](https://iamazing.cn/page/how-to-deploy-a-website) を参照してください。
+
+### マルチマシンデプロイ
+1. すべてのサーバに同じ `SESSION_SECRET` を設定する。
+2. `SQL_DSN` を設定し、SQLite の代わりに MySQL を使用する。すべてのサーバは同じデータベースに接続する。
+3. マスターノード以外のノードの `NODE_TYPE` を `slave` に設定する。
+4. データベースから定期的に設定を同期するサーバーには `SYNC_FREQUENCY` を設定する。
+5. マスター以外のノードでは、オプションで `FRONTEND_BASE_URL` を設定して、ページ要求をマスターサーバーにリダイレクトすることができます。
+6. マスター以外のノードには Redis を個別にインストールし、`REDIS_CONN_STRING` を設定して、キャッシュの有効期限が切れていないときにデータベースにゼロレイテンシーでアクセスできるようにする。
+7. メインサーバーでもデータベースへのアクセスが高レイテンシになる場合は、Redis を有効にし、`SYNC_FREQUENCY` を設定してデータベースから定期的に設定を同期する必要がある。
+
+Please refer to the [environment variables](#environment-variables) section for details on using environment variables.
+
+### コントロールパネル（例: Baota）への展開
+詳しい手順は [#175](https://github.com/songquanpeng/one-api/issues/175) を参照してください。
+
+配置後に空白のページが表示される場合は、[#97](https://github.com/songquanpeng/one-api/issues/97) を参照してください。
+
+### サードパーティプラットフォームへのデプロイ
+<details>
+<summary><strong>Sealos へのデプロイ</strong></summary>
+<div>
+
+> Sealos は、高い同時実行性、ダイナミックなスケーリング、数百万人のユーザーに対する安定した運用をサポートしています。
+
+> 下のボタンをクリックすると、ワンクリックで展開できます。👇
+
+[![](https://raw.githubusercontent.com/labring-actions/templates/main/Deploy-on-Sealos.svg)](https://cloud.sealos.io/?openapp=system-fastdeploy?templateName=one-api)
+
+
+</div>
+</details>
+
+<details>
+<summary><strong>Zeabur へのデプロイ</strong></summary>
+<div>
+
+> Zeabur のサーバーは海外にあるため、ネットワークの問題は自動的に解決されます。
+
+[![Deploy on Zeabur](https://zeabur.com/button.svg)](https://zeabur.com/templates/7Q0KO3)
+
+1. まず、コードをフォークする。
+2. [Zeabur](https://zeabur.com?referralCode=songquanpeng) にアクセスしてログインし、コンソールに入る。
+3. 新しいプロジェクトを作成します。Service -> Add ServiceでMarketplace を選択し、MySQL を選択する。接続パラメータ（ユーザー名、パスワード、アドレス、ポート）をメモします。
+4. 接続パラメータをコピーし、```create database `one-api` ``` を実行してデータベースを作成する。
+5. その後、Service -> Add Service で Git を選択し（最初の使用には認証が必要です）、フォークしたリポジトリを選択します。
+6. 自動デプロイが開始されますが、一旦キャンセルしてください。Variable タブで `PORT` に `3000` を追加し、`SQL_DSN` に `<username>:<password>@tcp(<addr>:<port>)/one-api` を追加します。変更を保存する。SQL_DSN` が設定されていないと、データが永続化されず、再デプロイ後にデータが失われるので注意すること。
+7. 再デプロイを選択します。
+8. Domains タブで、"my-one-api" のような適切なドメイン名の接頭辞を選択する。最終的なドメイン名は "my-one-api.zeabur.app" となります。独自のドメイン名を CNAME することもできます。
+9. デプロイが完了するのを待ち、生成されたドメイン名をクリックして One API にアクセスします。
+
+</div>
+</details>
+
+## コンフィグ
+システムは箱から出してすぐに使えます。
+
+環境変数やコマンドラインパラメータを設定することで、システムを構成することができます。
+
+システム起動後、`root` ユーザーとしてログインし、さらにシステムを設定します。
+
+## 使用方法
+`Channels` ページで API Key を追加し、`Tokens` ページでアクセストークンを追加する。
+
+アクセストークンを使って One API にアクセスすることができる。使い方は [OpenAI API](https://platform.openai.com/docs/api-reference/introduction) と同じです。
+
+OpenAI API が使用されている場所では、API Base に One API のデプロイアドレスを設定することを忘れないでください（例: `https://openai.justsong.cn`）。API Key は One API で生成されたトークンでなければなりません。
+
+具体的な API Base のフォーマットは、使用しているクライアントに依存することに注意してください。
+
+```mermaid
+graph LR
+    A(ユーザ)
+    A --->|リクエスト| B(One API)
+    B -->|中継リクエスト| C(OpenAI)
+    B -->|中継リクエスト| D(Azure)
+    B -->|中継リクエスト| E(その他のダウンストリームチャンネル)
+```
+
+現在のリクエストにどのチャネルを使うかを指定するには、トークンの後に チャネル ID を追加します： 例えば、`Authorization: Bearer ONE_API_KEY-CHANNEL_ID` のようにします。
+チャンネル ID を指定するためには、トークンは管理者によって作成される必要があることに注意してください。
+
+もしチャネル ID が指定されない場合、ロードバランシングによってリクエストが複数のチャネルに振り分けられます。
+
+### 環境変数
+1. `REDIS_CONN_STRING`: 設定すると、リクエストレート制限のためのストレージとして、メモリの代わりに Redis が使われる。
+    + 例: `REDIS_CONN_STRING=redis://default:redispw@localhost:49153`
+2. `SESSION_SECRET`: 設定すると、固定セッションキーが使用され、システムの再起動後もログインユーザーのクッキーが有効であることが保証されます。
+    + 例: `SESSION_SECRET=random_string`
+3. `SQL_DSN`: 設定すると、SQLite の代わりに指定したデータベースが使用されます。MySQL バージョン 8.0 を使用してください。
+    + 例: `SQL_DSN=root:123456@tcp(localhost:3306)/oneapi`
+4. `LOG_SQL_DSN`: を設定すると、`logs`テーブルには独立したデータベースが使用されます。MySQLまたはPostgreSQLを使用してください。
+5. `FRONTEND_BASE_URL`: 設定されると、バックエンドアドレスではなく、指定されたフロントエンドアドレスが使われる。
+    + 例: `FRONTEND_BASE_URL=https://openai.justsong.cn`
+6. `SYNC_FREQUENCY`: 設定された場合、システムは定期的にデータベースからコンフィグを秒単位で同期する。設定されていない場合、同期は行われません。
+    + 例: `SYNC_FREQUENCY=60`
+7. `NODE_TYPE`: 設定すると、ノードのタイプを指定する。有効な値は `master` と `slave` である。設定されていない場合、デフォルトは `master`。
+    + 例: `NODE_TYPE=slave`
+8. `CHANNEL_UPDATE_FREQUENCY`: 設定すると、チャンネル残高を分単位で定期的に更新する。設定されていない場合、更新は行われません。
+    + 例: `CHANNEL_UPDATE_FREQUENCY=1440`
+9. `CHANNEL_TEST_FREQUENCY`: 設定すると、チャンネルを定期的にテストする。設定されていない場合、テストは行われません。
+    + 例: `CHANNEL_TEST_FREQUENCY=1440`
+10. `POLLING_INTERVAL`: チャネル残高の更新とチャネルの可用性をテストするときのリクエスト間の時間間隔 (秒)。デフォルトは間隔なし。
+    + 例: `POLLING_INTERVAL=5`
+
+### コマンドラインパラメータ
+1. `--port <port_number>`: サーバがリッスンするポート番号を指定。デフォルトは `3000` です。
+    + 例: `--port 3000`
+2. `--log-dir <log_dir>`: ログディレクトリを指定。設定しない場合、ログは保存されません。
+    + 例: `--log-dir ./logs`
+3. `--version`: システムのバージョン番号を表示して終了する。
+4. `--help`: コマンドの使用法ヘルプとパラメータの説明を表示。
+
+## スクリーンショット
+![channel](https://user-images.githubusercontent.com/39998050/233837954-ae6683aa-5c4f-429f-a949-6645a83c9490.png)
+![token](https://user-images.githubusercontent.com/39998050/233837971-dab488b7-6d96-43af-b640-a168e8d1c9bf.png)
+
+## FAQ
+1. ノルマとは何か？どのように計算されますか？One API にはノルマ計算の問題はありますか？
+    + ノルマ = グループ倍率 * モデル倍率 * (プロンプトトークンの数 + 完了トークンの数 * 完了倍率)
+    + 完了倍率は、公式の定義と一致するように、GPT3.5 では 1.33、GPT4 では 2 に固定されています。
+    + ストリームモードでない場合、公式 API は消費したトークンの総数を返す。ただし、プロンプトとコンプリートの消費倍率は異なるので注意してください。
+2. アカウント残高は十分なのに、"insufficient quota" と表示されるのはなぜですか？
+    + トークンのクォータが十分かどうかご確認ください。トークンクォータはアカウント残高とは別のものです。
+    + トークンクォータは最大使用量を設定するためのもので、ユーザーが自由に設定できます。
+3. チャンネルを使おうとすると "No available channels" と表示されます。どうすればいいですか？
+    + ユーザーとチャンネルグループの設定を確認してください。
+    + チャンネルモデルの設定も確認してください。
+4. チャンネルテストがエラーを報告する: "invalid character '<' looking for beginning of value"
+    + このエラーは、返された値が有効な JSON ではなく、HTML ページである場合に発生する。
+    + ほとんどの場合、デプロイサイトのIPかプロキシのノードが CloudFlare によってブロックされています。
+5. ChatGPT Next Web でエラーが発生しました: "Failed to fetch"
+    + デプロイ時に `BASE_URL` を設定しないでください。
+    + インターフェイスアドレスと API Key が正しいか再確認してください。
+
+## 関連プロジェクト
+* [FastGPT](https://github.com/labring/FastGPT): LLM に基づく知識質問応答システム
+* [CherryStudio](https://github.com/CherryHQ/cherry-studio):  マルチプラットフォーム対応のAIクライアント。複数のサービスプロバイダーを統合管理し、ローカル知識ベースをサポートします。
+## 注
+本プロジェクトはオープンソースプロジェクトです。OpenAI の[利用規約](https://openai.com/policies/terms-of-use)および**適用される法令**を遵守してご利用ください。違法な目的での利用はご遠慮ください。
+
+このプロジェクトは MIT ライセンスで公開されています。これに基づき、ページの最下部に帰属表示と本プロジェクトへのリンクを含める必要があります。
+
+このプロジェクトを基にした派生プロジェクトについても同様です。
+
+帰属表示を含めたくない場合は、事前に許可を得なければなりません。
+
+MIT ライセンスによると、このプロジェクトを利用するリスクと責任は利用者が負うべきであり、このオープンソースプロジェクトの開発者は責任を負いません。

README.md

@@ -1,12 +1,17 @@
+<p align="right">
+   <strong>中文</strong> | <a href="./README.en.md">English</a> | <a href="./README.ja.md">日本語</a>
+</p>
+
+
 <p align="center">
-  <a href="https://github.com/songquanpeng/one-api"><img src="https://raw.githubusercontent.com/songquanpeng/one-api/main/web/public/logo.png" width="150" height="150" alt="one-api logo"></a>
+  <a href="https://github.com/songquanpeng/one-api"><img src="https://raw.githubusercontent.com/songquanpeng/one-api/main/web/default/public/logo.png" width="150" height="150" alt="one-api logo"></a>
 </p>
 
 <div align="center">
 
 # One API
 
-_✨ All in one 的 OpenAI 接口，整合各种 API 访问方式，开箱即用✨_
+_✨ 通过标准的 OpenAI API 格式访问所有的大模型，开箱即用 ✨_
 
 </div>
 
@@ -17,6 +22,9 @@ _✨ All in one 的 OpenAI 接口，整合各种 API 访问方式，开箱即用
   <a href="https://github.com/songquanpeng/one-api/releases/latest">
     <img src="https://img.shields.io/github/v/release/songquanpeng/one-api?color=brightgreen&include_prereleases" alt="release">
   </a>
+  <a href="https://hub.docker.com/repository/docker/justsong/one-api">
+    <img src="https://img.shields.io/docker/pulls/justsong/one-api?color=brightgreen" alt="docker pull">
+  </a>
   <a href="https://github.com/songquanpeng/one-api/releases/latest">
     <img src="https://img.shields.io/github/downloads/songquanpeng/one-api/total?color=brightgreen&include_prereleases" alt="release">
   </a>
@@ -26,46 +34,180 @@ _✨ All in one 的 OpenAI 接口，整合各种 API 访问方式，开箱即用
 </p>
 
 <p align="center">
-  <a href="https://github.com/songquanpeng/one-api/releases">程序下载</a>
-  ·
   <a href="https://github.com/songquanpeng/one-api#部署">部署教程</a>
   ·
+  <a href="https://github.com/songquanpeng/one-api#使用方法">使用方法</a>
+  ·
   <a href="https://github.com/songquanpeng/one-api/issues">意见反馈</a>
   ·
   <a href="https://github.com/songquanpeng/one-api#截图展示">截图展示</a>
   ·
   <a href="https://openai.justsong.cn/">在线演示</a>
+  ·
+  <a href="https://github.com/songquanpeng/one-api#常见问题">常见问题</a>
+  ·
+  <a href="https://github.com/songquanpeng/one-api#相关项目">相关项目</a>
+  ·
+  <a href="https://iamazing.cn/page/reward">赞赏支持</a>
 </p>
 
+> [!NOTE]
+> 本项目为开源项目，使用者必须在遵循 OpenAI 的[使用条款](https://openai.com/policies/terms-of-use)以及**法律法规**的情况下使用，不得用于非法用途。
+>
+> 根据[《生成式人工智能服务管理暂行办法》](http://www.cac.gov.cn/2023-07/13/c_1690898327029107.htm)的要求，请勿对中国地区公众提供一切未经备案的生成式人工智能服务。
+
+> [!NOTE]
+> 稳定版 / 预览版镜像地址：[justsong/one-api](https://hub.docker.com/repository/docker/justsong/one-api)
+> 或者 [ghcr.io/songquanpeng/one-api](https://github.com/songquanpeng/one-api/pkgs/container/one-api)
+>
+> alpha 版镜像地址：[justsong/one-api-alpha](https://hub.docker.com/repository/docker/justsong/one-api-alpha)
+> 或者 [ghcr.io/songquanpeng/one-api-alpha](https://github.com/songquanpeng/one-api/pkgs/container/one-api-alpha)
+
+> [!WARNING]
+> 使用 root 用户初次登录系统后，务必修改默认密码 `123456`！
+
 ## 功能
-1. 支持多种 API 访问渠道，欢迎 PR 或提 issue 添加更多渠道：
-   + [x] One API 服务端中继
-   + [x] [API2D](https://api2d.com/r/197971)
-   + [ ] Azure OpenAI API
-   + [x] [CloseAI](https://console.openai-asia.com)
-   + [x] [OpenAI-SB](https://openai-sb.com)
-   + [x] [OpenAI Max](https://openaimax.com)
-   + [x] [OhMyGPT](https://www.ohmygpt.com)
-   + [x] 自定义渠道
-2. 支持通过负载均衡的方式访问多个渠道。
-3. 支持单个访问渠道设置多个 API Key，利用起来你的多个 API Key。
-4. 支持 HTTP SSE。
-5. 多种用户登录注册方式：
-   + 邮箱登录注册以及通过邮箱进行密码重置。
-   + [GitHub 开放授权](https://github.com/settings/applications/new)。
-   + 微信公众号授权（需要额外部署 [WeChat Server](https://github.com/songquanpeng/wechat-server)）。
-6. 支持用户管理。
+1. 支持多种大模型：
+   + [x] [OpenAI ChatGPT 系列模型](https://platform.openai.com/docs/guides/gpt/chat-completions-api)（支持 [Azure OpenAI API](https://learn.microsoft.com/en-us/azure/ai-services/openai/reference)）
+   + [x] [Anthropic Claude 系列模型](https://anthropic.com) (支持 AWS Claude)
+   + [x] [Google PaLM2/Gemini 系列模型](https://developers.generativeai.google)
+   + [x] [Mistral 系列模型](https://mistral.ai/)
+   + [x] [字节跳动豆包大模型（火山引擎）](https://www.volcengine.com/experience/ark?utm_term=202502dsinvite&ac=DSASUQY5&rc=2QXCA1VI)
+   + [x] [百度文心一言系列模型](https://cloud.baidu.com/doc/WENXINWORKSHOP/index.html)
+   + [x] [阿里通义千问系列模型](https://help.aliyun.com/document_detail/2400395.html)
+   + [x] [讯飞星火认知大模型](https://www.xfyun.cn/doc/spark/Web.html)
+   + [x] [智谱 ChatGLM 系列模型](https://bigmodel.cn)
+   + [x] [360 智脑](https://ai.360.cn)
+   + [x] [腾讯混元大模型](https://cloud.tencent.com/document/product/1729)
+   + [x] [Moonshot AI](https://platform.moonshot.cn/)
+   + [x] [百川大模型](https://platform.baichuan-ai.com)
+   + [x] [MINIMAX](https://api.minimax.chat/)
+   + [x] [Groq](https://wow.groq.com/)
+   + [x] [Ollama](https://github.com/ollama/ollama)
+   + [x] [零一万物](https://platform.lingyiwanwu.com/)
+   + [x] [阶跃星辰](https://platform.stepfun.com/)
+   + [x] [Coze](https://www.coze.com/)
+   + [x] [Cohere](https://cohere.com/)
+   + [x] [DeepSeek](https://www.deepseek.com/)
+   + [x] [Cloudflare Workers AI](https://developers.cloudflare.com/workers-ai/)
+   + [x] [DeepL](https://www.deepl.com/)
+   + [x] [together.ai](https://www.together.ai/)
+   + [x] [novita.ai](https://www.novita.ai/)
+   + [x] [硅基流动 SiliconCloud](https://cloud.siliconflow.cn/i/rKXmRobW)
+   + [x] [xAI](https://x.ai/)
+2. 支持配置镜像以及众多[第三方代理服务](https://iamazing.cn/page/openai-api-third-party-services)。
+3. 支持通过**负载均衡**的方式访问多个渠道。
+4. 支持 **stream 模式**，可以通过流式传输实现打字机效果。
+5. 支持**多机部署**，[详见此处](#多机部署)。
+6. 支持**令牌管理**，设置令牌的过期时间、额度、允许的 IP 范围以及允许的模型访问。
+7. 支持**兑换码管理**，支持批量生成和导出兑换码，可使用兑换码为账户进行充值。
+8. 支持**渠道管理**，批量创建渠道。
+9. 支持**用户分组**以及**渠道分组**，支持为不同分组设置不同的倍率。
+10. 支持渠道**设置模型列表**。
+11. 支持**查看额度明细**。
+12. 支持**用户邀请奖励**。
+13. 支持以美元为单位显示额度。
+14. 支持发布公告，设置充值链接，设置新用户初始额度。
+15. 支持模型映射，重定向用户的请求模型，如无必要请不要设置，设置之后会导致请求体被重新构造而非直接透传，会导致部分还未正式支持的字段无法传递成功。
+16. 支持失败自动重试。
+17. 支持绘图接口。
+18. 支持 [Cloudflare AI Gateway](https://developers.cloudflare.com/ai-gateway/providers/openai/)，渠道设置的代理部分填写 `https://gateway.ai.cloudflare.com/v1/ACCOUNT_TAG/GATEWAY/openai` 即可。
+19. 支持丰富的**自定义**设置，
+    1. 支持自定义系统名称，logo 以及页脚。
+    2. 支持自定义首页和关于页面，可以选择使用 HTML & Markdown 代码进行自定义，或者使用一个单独的网页通过 iframe 嵌入。
+20. 支持通过系统访问令牌调用管理 API，进而**在无需二开的情况下扩展和自定义** One API 的功能，详情请参考此处 [API 文档](./docs/API.md)。
+21. 支持 Cloudflare Turnstile 用户校验。
+22. 支持用户管理，支持**多种用户登录注册方式**：
+    + 邮箱登录注册（支持注册邮箱白名单）以及通过邮箱进行密码重置。
+    + 支持[飞书授权登录](https://open.feishu.cn/document/uAjLw4CM/ukTMukTMukTM/reference/authen-v1/authorize/get)（[这里有 One API 的实现细节阐述供参考](https://iamazing.cn/page/feishu-oauth-login)）。
+    + 支持 [GitHub 授权登录](https://github.com/settings/applications/new)。
+    + 微信公众号授权（需要额外部署 [WeChat Server](https://github.com/songquanpeng/wechat-server)）。
+23. 支持主题切换，设置环境变量 `THEME` 即可，默认为 `default`，欢迎 PR 更多主题，具体参考[此处](./web/README.md)。
+24. 配合 [Message Pusher](https://github.com/songquanpeng/message-pusher) 可将报警信息推送到多种 App 上。
 
 ## 部署
 ### 基于 Docker 进行部署
-执行：`docker run -d --restart always -p 3000:3000 -v /home/ubuntu/data/one-api:/data -v /etc/ssl/certs:/etc/ssl/certs:ro justsong/one-api`
+```shell
+# 使用 SQLite 的部署命令：
+docker run --name one-api -d --restart always -p 3000:3000 -e TZ=Asia/Shanghai -v /home/ubuntu/data/one-api:/data justsong/one-api
+# 使用 MySQL 的部署命令，在上面的基础上添加 `-e SQL_DSN="root:123456@tcp(localhost:3306)/oneapi"`，请自行修改数据库连接参数，不清楚如何修改请参见下面环境变量一节。
+# 例如：
+docker run --name one-api -d --restart always -p 3000:3000 -e SQL_DSN="root:123456@tcp(localhost:3306)/oneapi" -e TZ=Asia/Shanghai -v /home/ubuntu/data/one-api:/data justsong/one-api
+```
 
-数据将会保存在宿主机的 `/home/ubuntu/data/one-api` 目录。
+其中，`-p 3000:3000` 中的第一个 `3000` 是宿主机的端口，可以根据需要进行修改。
+
+数据和日志将会保存在宿主机的 `/home/ubuntu/data/one-api` 目录，请确保该目录存在且具有写入权限，或者更改为合适的目录。
+
+如果启动失败，请添加 `--privileged=true`，具体参考 https://github.com/songquanpeng/one-api/issues/482 。
+
+如果上面的镜像无法拉取，可以尝试使用 GitHub 的 Docker 镜像，将上面的 `justsong/one-api` 替换为 `ghcr.io/songquanpeng/one-api` 即可。
+
+如果你的并发量较大，**务必**设置 `SQL_DSN`，详见下面[环境变量](#环境变量)一节。
+
+更新命令：`docker run --rm -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower -cR`
+
+Nginx 的参考配置：
+```
+server{
+   server_name openai.justsong.cn;  # 请根据实际情况修改你的域名
+
+   location / {
+          client_max_body_size  64m;
+          proxy_http_version 1.1;
+          proxy_pass http://localhost:3000;  # 请根据实际情况修改你的端口
+          proxy_set_header Host $host;
+          proxy_set_header X-Forwarded-For $remote_addr;
+          proxy_cache_bypass $http_upgrade;
+          proxy_set_header Accept-Encoding gzip;
+          proxy_read_timeout 300s;  # GPT-4 需要较长的超时时间，请自行调整
+   }
+}
+```
+
+之后使用 Let's Encrypt 的 certbot 配置 HTTPS：
+```bash
+# Ubuntu 安装 certbot：
+sudo snap install --classic certbot
+sudo ln -s /snap/bin/certbot /usr/bin/certbot
+# 生成证书 & 修改 Nginx 配置
+sudo certbot --nginx
+# 根据指示进行操作
+# 重启 Nginx
+sudo service nginx restart
+```
+
+初始账号用户名为 `root`，密码为 `123456`。
+
+### 通过宝塔面板进行一键部署
+1. 安装宝塔面板9.2.0及以上版本，前往 [宝塔面板](https://www.bt.cn/new/download.html?r=dk_oneapi) 官网，选择正式版的脚本下载安装；
+2. 安装后登录宝塔面板，在左侧菜单栏中点击 `Docker`，首次进入会提示安装 `Docker` 服务，点击立即安装，按提示完成安装；
+3. 安装完成后在应用商店中搜索 `One-API`，点击安装，配置域名等基本信息即可完成安装；
+
+### 基于 Docker Compose 进行部署
+
+> 仅启动方式不同，参数设置不变，请参考基于 Docker 部署部分
+
+```shell
+# 目前支持 MySQL 启动，数据存储在 ./data/mysql 文件夹内
+docker-compose up -d
+
+# 查看部署状态
+docker-compose ps
+```
 
 ### 手动部署
 1. 从 [GitHub Releases](https://github.com/songquanpeng/one-api/releases/latest) 下载可执行文件或者从源码编译：
    ```shell
    git clone https://github.com/songquanpeng/one-api.git
+
+   # 构建前端
+   cd one-api/web/default
+   npm install
+   npm run build
+
+   # 构建后端
+   cd ../..
    go mod download
    go build -ldflags "-s -w" -o one-api
    ````
@@ -78,6 +220,97 @@ _✨ All in one 的 OpenAI 接口，整合各种 API 访问方式，开箱即用
 
 更加详细的部署教程[参见此处](https://iamazing.cn/page/how-to-deploy-a-website)。
 
+### 多机部署
+1. 所有服务器 `SESSION_SECRET` 设置一样的值。
+2. 必须设置 `SQL_DSN`，使用 MySQL 数据库而非 SQLite，所有服务器连接同一个数据库。
+3. 所有从服务器必须设置 `NODE_TYPE` 为 `slave`，不设置则默认为主服务器。
+4. 设置 `SYNC_FREQUENCY` 后服务器将定期从数据库同步配置，在使用远程数据库的情况下，推荐设置该项并启用 Redis，无论主从。
+5. 从服务器可以选择设置 `FRONTEND_BASE_URL`，以重定向页面请求到主服务器。
+6. 从服务器上**分别**装好 Redis，设置好 `REDIS_CONN_STRING`，这样可以做到在缓存未过期的情况下数据库零访问，可以减少延迟（Redis 集群或者哨兵模式的支持请参考环境变量说明）。
+7. 如果主服务器访问数据库延迟也比较高，则也需要启用 Redis，并设置 `SYNC_FREQUENCY`，以定期从数据库同步配置。
+
+环境变量的具体使用方法详见[此处](#环境变量)。
+
+### 宝塔部署教程
+
+详见 [#175](https://github.com/songquanpeng/one-api/issues/175)。
+
+如果部署后访问出现空白页面，详见 [#97](https://github.com/songquanpeng/one-api/issues/97)。
+
+### 部署第三方服务配合 One API 使用
+> 欢迎 PR 添加更多示例。
+
+#### ChatGPT Next Web
+项目主页：https://github.com/Yidadaa/ChatGPT-Next-Web
+
+```bash
+docker run --name chat-next-web -d -p 3001:3000 yidadaa/chatgpt-next-web
+```
+
+注意修改端口号，之后在页面上设置接口地址（例如：https://openai.justsong.cn/ ）和 API Key 即可。
+
+#### ChatGPT Web
+项目主页：https://github.com/Chanzhaoyu/chatgpt-web
+
+```bash
+docker run --name chatgpt-web -d -p 3002:3002 -e OPENAI_API_BASE_URL=https://openai.justsong.cn -e OPENAI_API_KEY=sk-xxx chenzhaoyu94/chatgpt-web
+```
+
+注意修改端口号、`OPENAI_API_BASE_URL` 和 `OPENAI_API_KEY`。
+
+#### QChatGPT - QQ机器人
+项目主页：https://github.com/RockChinQ/QChatGPT
+
+根据[文档](https://qchatgpt.rockchin.top)完成部署后，在 `data/provider.json`设置`requester.openai-chat-completions.base-url`为 One API 实例地址，并填写 API Key 到 `keys.openai` 组中，设置 `model` 为要使用的模型名称。
+
+运行期间可以通过`!model`命令查看、切换可用模型。
+
+### 部署到第三方平台
+<details>
+<summary><strong>部署到 Sealos </strong></summary>
+<div>
+
+> Sealos 的服务器在国外，不需要额外处理网络问题，支持高并发 & 动态伸缩。
+
+点击以下按钮一键部署（部署后访问出现 404 请等待 3~5 分钟）：
+
+[![Deploy-on-Sealos.svg](https://raw.githubusercontent.com/labring-actions/templates/main/Deploy-on-Sealos.svg)](https://cloud.sealos.io/?openapp=system-fastdeploy?templateName=one-api)
+
+</div>
+</details>
+
+<details>
+<summary><strong>部署到 Zeabur</strong></summary>
+<div>
+
+> Zeabur 的服务器在国外，自动解决了网络的问题，同时免费的额度也足够个人使用
+
+[![Deploy on Zeabur](https://zeabur.com/button.svg)](https://zeabur.com/templates/7Q0KO3)
+
+1. 首先 fork 一份代码。
+2. 进入 [Zeabur](https://zeabur.com?referralCode=songquanpeng)，登录，进入控制台。
+3. 新建一个 Project，在 Service -> Add Service 选择 Marketplace，选择 MySQL，并记下连接参数（用户名、密码、地址、端口）。
+4. 复制链接参数，运行 ```create database `one-api` ``` 创建数据库。
+5. 然后在 Service -> Add Service，选择 Git（第一次使用需要先授权），选择你 fork 的仓库。
+6. Deploy 会自动开始，先取消。进入下方 Variable，添加一个 `PORT`，值为 `3000`，再添加一个 `SQL_DSN`，值为 `<username>:<password>@tcp(<addr>:<port>)/one-api` ，然后保存。 注意如果不填写 `SQL_DSN`，数据将无法持久化，重新部署后数据会丢失。
+7. 选择 Redeploy。
+8. 进入下方 Domains，选择一个合适的域名前缀，如 "my-one-api"，最终域名为 "my-one-api.zeabur.app"，也可以 CNAME 自己的域名。
+9. 等待部署完成，点击生成的域名进入 One API。
+
+</div>
+</details>
+
+<details>
+<summary><strong>部署到 Render</strong></summary>
+<div>
+
+> Render 提供免费额度，绑卡后可以进一步提升额度
+
+Render 可以直接部署 docker 镜像，不需要 fork 仓库：https://dashboard.render.com
+
+</div>
+</details>
+
 ## 配置
 系统本身开箱即用。
 
@@ -85,29 +318,111 @@ _✨ All in one 的 OpenAI 接口，整合各种 API 访问方式，开箱即用
 
 等到系统启动后，使用 `root` 用户登录系统并做进一步的配置。
 
-## 使用方式
-在`渠道`页面中添加你的 API Key，之后在`令牌`页面中新增一个访问令牌。
+**Note**：如果你不知道某个配置项的含义，可以临时删掉值以看到进一步的提示文字。
+
+## 使用方法
+在`渠道`页面中添加你的 API Key，之后在`令牌`页面中新增访问令牌。
 
 之后就可以使用你的令牌访问 One API 了，使用方式与 [OpenAI API](https://platform.openai.com/docs/api-reference/introduction) 一致。
 
+你需要在各种用到 OpenAI API 的地方设置 API Base 为你的 One API 的部署地址，例如：`https://openai.justsong.cn`，API Key 则为你在 One API 中生成的令牌。
+
+注意，具体的 API Base 的格式取决于你所使用的客户端。
+
+例如对于 OpenAI 的官方库：
+```bash
+OPENAI_API_KEY="sk-xxxxxx"
+OPENAI_API_BASE="https://<HOST>:<PORT>/v1"
+```
+
+```mermaid
+graph LR
+    A(用户)
+    A --->|使用 One API 分发的 key 进行请求| B(One API)
+    B -->|中继请求| C(OpenAI)
+    B -->|中继请求| D(Azure)
+    B -->|中继请求| E(其他 OpenAI API 格式下游渠道)
+    B -->|中继并修改请求体和返回体| F(非 OpenAI API 格式下游渠道)
+```
+
 可以通过在令牌后面添加渠道 ID 的方式指定使用哪一个渠道处理本次请求，例如：`Authorization: Bearer ONE_API_KEY-CHANNEL_ID`。
+注意，需要是管理员用户创建的令牌才能指定渠道 ID。
 
 不加的话将会使用负载均衡的方式使用多个渠道。
 
 ### 环境变量
-1. `REDIS_CONN_STRING`：设置之后将使用 Redis 作为请求频率限制的存储，而非使用内存存储。
+> One API 支持从 `.env` 文件中读取环境变量，请参照 `.env.example` 文件，使用时请将其重命名为 `.env`。
+1. `REDIS_CONN_STRING`：设置之后将使用 Redis 作为缓存使用。
    + 例子：`REDIS_CONN_STRING=redis://default:redispw@localhost:49153`
+   + 如果数据库访问延迟很低，没有必要启用 Redis，启用后反而会出现数据滞后的问题。
+   + 如果需要使用哨兵或者集群模式：
+     + 则需要把该环境变量设置为节点列表，例如：`localhost:49153,localhost:49154,localhost:49155`。
+     + 除此之外还需要设置以下环境变量：
+       + `REDIS_PASSWORD`：Redis 集群或者哨兵模式下的密码设置。
+       + `REDIS_MASTER_NAME`：Redis 哨兵模式下主节点的名称。
 2. `SESSION_SECRET`：设置之后将使用固定的会话密钥，这样系统重新启动后已登录用户的 cookie 将依旧有效。
    + 例子：`SESSION_SECRET=random_string`
-3. `SQL_DSN`：设置之后将使用指定数据库而非 SQLite。
-   + 例子：`SQL_DSN=root:123456@tcp(localhost:3306)/one-api`
+3. `SQL_DSN`：设置之后将使用指定数据库而非 SQLite，请使用 MySQL 或 PostgreSQL。
+   + 例子：
+     + MySQL：`SQL_DSN=root:123456@tcp(localhost:3306)/oneapi`
+     + PostgreSQL：`SQL_DSN=postgres://postgres:123456@localhost:5432/oneapi`（适配中，欢迎反馈）
+   + 注意需要提前建立数据库 `oneapi`，无需手动建表，程序将自动建表。
+   + 如果使用本地数据库：部署命令可添加 `--network="host"` 以使得容器内的程序可以访问到宿主机上的 MySQL。
+   + 如果使用云数据库：如果云服务器需要验证身份，需要在连接参数中添加 `?tls=skip-verify`。
+   + 请根据你的数据库配置修改下列参数（或者保持默认值）：
+     + `SQL_MAX_IDLE_CONNS`：最大空闲连接数，默认为 `100`。
+     + `SQL_MAX_OPEN_CONNS`：最大打开连接数，默认为 `1000`。
+       + 如果报错 `Error 1040: Too many connections`，请适当减小该值。
+     + `SQL_CONN_MAX_LIFETIME`：连接的最大生命周期，默认为 `60`，单位分钟。
+4. `LOG_SQL_DSN`：设置之后将为 `logs` 表使用独立的数据库，请使用 MySQL 或 PostgreSQL。
+5. `FRONTEND_BASE_URL`：设置之后将重定向页面请求到指定的地址，仅限从服务器设置。
+   + 例子：`FRONTEND_BASE_URL=https://openai.justsong.cn`
+6. `MEMORY_CACHE_ENABLED`：启用内存缓存，会导致用户额度的更新存在一定的延迟，可选值为 `true` 和 `false`，未设置则默认为 `false`。
+   + 例子：`MEMORY_CACHE_ENABLED=true`
+7. `SYNC_FREQUENCY`：在启用缓存的情况下与数据库同步配置的频率，单位为秒，默认为 `600` 秒。
+   + 例子：`SYNC_FREQUENCY=60`
+8. `NODE_TYPE`：设置之后将指定节点类型，可选值为 `master` 和 `slave`，未设置则默认为 `master`。
+   + 例子：`NODE_TYPE=slave`
+9. `CHANNEL_UPDATE_FREQUENCY`：设置之后将定期更新渠道余额，单位为分钟，未设置则不进行更新。
+   + 例子：`CHANNEL_UPDATE_FREQUENCY=1440`
+10. `CHANNEL_TEST_FREQUENCY`：设置之后将定期检查渠道，单位为分钟，未设置则不进行检查。 
+   +例子：`CHANNEL_TEST_FREQUENCY=1440`
+11. `POLLING_INTERVAL`：批量更新渠道余额以及测试可用性时的请求间隔，单位为秒，默认无间隔。
+    + 例子：`POLLING_INTERVAL=5`
+12. `BATCH_UPDATE_ENABLED`：启用数据库批量更新聚合，会导致用户额度的更新存在一定的延迟可选值为 `true` 和 `false`，未设置则默认为 `false`。
+    + 例子：`BATCH_UPDATE_ENABLED=true`
+    + 如果你遇到了数据库连接数过多的问题，可以尝试启用该选项。
+13. `BATCH_UPDATE_INTERVAL=5`：批量更新聚合的时间间隔，单位为秒，默认为 `5`。
+    + 例子：`BATCH_UPDATE_INTERVAL=5`
+14. 请求频率限制：
+    + `GLOBAL_API_RATE_LIMIT`：全局 API 速率限制（除中继请求外），单 ip 三分钟内的最大请求数，默认为 `180`。
+    + `GLOBAL_WEB_RATE_LIMIT`：全局 Web 速率限制，单 ip 三分钟内的最大请求数，默认为 `60`。
+15. 编码器缓存设置：
+    + `TIKTOKEN_CACHE_DIR`：默认程序启动时会联网下载一些通用的词元的编码，如：`gpt-3.5-turbo`，在一些网络环境不稳定，或者离线情况，可能会导致启动有问题，可以配置此目录缓存数据，可迁移到离线环境。
+    + `DATA_GYM_CACHE_DIR`：目前该配置作用与 `TIKTOKEN_CACHE_DIR` 一致，但是优先级没有它高。
+16. `RELAY_TIMEOUT`：中继超时设置，单位为秒，默认不设置超时时间。
+17. `RELAY_PROXY`：设置后使用该代理来请求 API。
+18. `USER_CONTENT_REQUEST_TIMEOUT`：用户上传内容下载超时时间，单位为秒。
+19. `USER_CONTENT_REQUEST_PROXY`：设置后使用该代理来请求用户上传的内容，例如图片。
+20. `SQLITE_BUSY_TIMEOUT`：SQLite 锁等待超时设置，单位为毫秒，默认 `3000`。
+21. `GEMINI_SAFETY_SETTING`：Gemini 的安全设置，默认 `BLOCK_NONE`。
+22. `GEMINI_VERSION`：One API 所使用的 Gemini 版本，默认为 `v1`。
+23. `THEME`：系统的主题设置，默认为 `default`，具体可选值参考[此处](./web/README.md)。
+24. `ENABLE_METRIC`：是否根据请求成功率禁用渠道，默认不开启，可选值为 `true` 和 `false`。
+25. `METRIC_QUEUE_SIZE`：请求成功率统计队列大小，默认为 `10`。
+26. `METRIC_SUCCESS_RATE_THRESHOLD`：请求成功率阈值，默认为 `0.8`。
+27. `INITIAL_ROOT_TOKEN`：如果设置了该值，则在系统首次启动时会自动创建一个值为该环境变量值的 root 用户令牌。
+28. `INITIAL_ROOT_ACCESS_TOKEN`：如果设置了该值，则在系统首次启动时会自动创建一个值为该环境变量的 root 用户创建系统管理令牌。
+29. `ENFORCE_INCLUDE_USAGE`：是否强制在 stream 模型下返回 usage，默认不开启，可选值为 `true` 和 `false`。
+30. `TEST_PROMPT`：测试模型时的用户 prompt，默认为 `Print your model name exactly and do not output without any other text.`。
 
 ### 命令行参数
 1. `--port <port_number>`: 指定服务器监听的端口号，默认为 `3000`。
    + 例子：`--port 3000`
-2. `--log-dir <log_dir>`: 指定日志文件夹，如果没有设置，日志将不会被保存。
+2. `--log-dir <log_dir>`: 指定日志文件夹，如果没有设置，默认保存至工作目录的 `logs` 文件夹下。
    + 例子：`--log-dir ./logs`
 3. `--version`: 打印系统版本号并退出。
+4. `--help`: 查看命令的使用帮助和参数说明。
 
 ## 演示
 ### 在线演示
@@ -117,3 +432,49 @@ https://openai.justsong.cn
 ### 截图展示
 ![channel](https://user-images.githubusercontent.com/39998050/233837954-ae6683aa-5c4f-429f-a949-6645a83c9490.png)
 ![token](https://user-images.githubusercontent.com/39998050/233837971-dab488b7-6d96-43af-b640-a168e8d1c9bf.png)
+
+## 常见问题
+1. 额度是什么？怎么计算的？One API 的额度计算有问题？
+   + 额度 = 分组倍率 * 模型倍率 * （提示 token 数 + 补全 token 数 * 补全倍率）
+   + 其中补全倍率对于 GPT3.5 固定为 1.33，GPT4 为 2，与官方保持一致。
+   + 如果是非流模式，官方接口会返回消耗的总 token，但是你要注意提示和补全的消耗倍率不一样。
+   + 注意，One API 的默认倍率就是官方倍率，是已经调整过的。
+2. 账户额度足够为什么提示额度不足？
+   + 请检查你的令牌额度是否足够，这个和账户额度是分开的。
+   + 令牌额度仅供用户设置最大使用量，用户可自由设置。
+3. 提示无可用渠道？
+   + 请检查的用户分组和渠道分组设置。
+   + 以及渠道的模型设置。
+4. 渠道测试报错：`invalid character '<' looking for beginning of value`
+   + 这是因为返回值不是合法的 JSON，而是一个 HTML 页面。
+   + 大概率是你的部署站的 IP 或代理的节点被 CloudFlare 封禁了。
+5. ChatGPT Next Web 报错：`Failed to fetch`
+   + 部署的时候不要设置 `BASE_URL`。
+   + 检查你的接口地址和 API Key 有没有填对。
+   + 检查是否启用了 HTTPS，浏览器会拦截 HTTPS 域名下的 HTTP 请求。
+6. 报错：`当前分组负载已饱和，请稍后再试`
+   + 上游渠道 429 了。
+7. 升级之后我的数据会丢失吗？
+   + 如果使用 MySQL，不会。
+   + 如果使用 SQLite，需要按照我所给的部署命令挂载 volume 持久化 one-api.db 数据库文件，否则容器重启后数据会丢失。
+8. 升级之前数据库需要做变更吗？
+   + 一般情况下不需要，系统将在初始化的时候自动调整。
+   + 如果需要的话，我会在更新日志中说明，并给出脚本。
+9. 手动修改数据库后报错：`数据库一致性已被破坏，请联系管理员`？
+   + 这是检测到 ability 表里有些记录的渠道 id 是不存在的，这大概率是因为你删了 channel 表里的记录但是没有同步在 ability 表里清理无效的渠道。
+   + 对于每一个渠道，其所支持的模型都需要有一个专门的 ability 表的记录，表示该渠道支持该模型。
+
+## 相关项目
+* [FastGPT](https://github.com/labring/FastGPT): 基于 LLM 大语言模型的知识库问答系统
+* [ChatGPT Next Web](https://github.com/Yidadaa/ChatGPT-Next-Web):  一键拥有你自己的跨平台 ChatGPT 应用
+* [VChart](https://github.com/VisActor/VChart):  不只是开箱即用的多端图表库，更是生动灵活的数据故事讲述者。
+* [VMind](https://github.com/VisActor/VMind):  不仅自动，还很智能。开源智能可视化解决方案。
+* [CherryStudio](https://github.com/CherryHQ/cherry-studio):  全平台支持的AI客户端, 多服务商集成管理、本地知识库支持。
+
+## 注意
+
+本项目使用 MIT 协议进行开源，**在此基础上**，必须在页面底部保留署名以及指向本项目的链接。如果不想保留署名，必须首先获得授权。
+
+同样适用于基于本项目的二开项目。
+
+依据 MIT 协议，使用者需自行承担使用本项目的风险与责任，本开源项目开发者与此无关。

bin/migration_v0.2-v0.3.sql

@@ -0,0 +1,6 @@
+UPDATE users
+SET quota = quota + (
+    SELECT SUM(remain_quota)
+    FROM tokens
+    WHERE tokens.user_id = users.id
+)

bin/migration_v0.3-v0.4.sql

@@ -0,0 +1,17 @@
+INSERT INTO abilities (`group`, model, channel_id, enabled)
+SELECT c.`group`, m.model, c.id, 1
+FROM channels c
+CROSS JOIN (
+    SELECT 'gpt-3.5-turbo' AS model UNION ALL
+    SELECT 'gpt-3.5-turbo-0301' AS model UNION ALL
+    SELECT 'gpt-4' AS model UNION ALL
+    SELECT 'gpt-4-0314' AS model
+) AS m
+WHERE c.status = 1
+  AND NOT EXISTS (
+    SELECT 1
+    FROM abilities a
+    WHERE a.`group` = c.`group`
+      AND a.model = m.model
+      AND a.channel_id = c.id
+);

bin/time_test.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+if [ $# -lt 3 ]; then
+  echo "Usage: time_test.sh <domain> <key> <count> [<model>]"
+  exit 1
+fi
+
+domain=$1
+key=$2
+count=$3
+model=${4:-"gpt-3.5-turbo"} # 设置默认模型为 gpt-3.5-turbo
+
+total_time=0
+times=()
+
+for ((i=1; i<=count; i++)); do
+  result=$(curl -o /dev/null -s -w "%{http_code} %{time_total}\\n" \
+           https://"$domain"/v1/chat/completions \
+           -H "Content-Type: application/json" \
+           -H "Authorization: Bearer $key" \
+           -d '{"messages": [{"content": "echo hi", "role": "user"}], "model": "'"$model"'", "stream": false, "max_tokens": 1}')
+  http_code=$(echo "$result" | awk '{print $1}')
+  time=$(echo "$result" | awk '{print $2}')
+  echo "HTTP status code: $http_code, Time taken: $time"
+  total_time=$(bc <<< "$total_time + $time")
+  times+=("$time")
+done
+
+average_time=$(echo "scale=4; $total_time / $count" | bc)
+
+sum_of_squares=0
+for time in "${times[@]}"; do
+  difference=$(echo "scale=4; $time - $average_time" | bc)
+  square=$(echo "scale=4; $difference * $difference" | bc)
+  sum_of_squares=$(echo "scale=4; $sum_of_squares + $square" | bc)
+done
+
+standard_deviation=$(echo "scale=4; sqrt($sum_of_squares / $count)" | bc)
+
+echo "Average time: $average_time±$standard_deviation"

common/blacklist/main.go

@@ -0,0 +1,29 @@
+package blacklist
+
+import (
+	"fmt"
+	"sync"
+)
+
+var blackList sync.Map
+
+func init() {
+	blackList = sync.Map{}
+}
+
+func userId2Key(id int) string {
+	return fmt.Sprintf("userid_%d", id)
+}
+
+func BanUser(id int) {
+	blackList.Store(userId2Key(id), true)
+}
+
+func UnbanUser(id int) {
+	blackList.Delete(userId2Key(id))
+}
+
+func IsUserBanned(id int) bool {
+	_, ok := blackList.Load(userId2Key(id))
+	return ok
+}

common/client/init.go

@@ -0,0 +1,60 @@
+package client
+
+import (
+	"fmt"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/logger"
+	"net/http"
+	"net/url"
+	"time"
+)
+
+var HTTPClient *http.Client
+var ImpatientHTTPClient *http.Client
+var UserContentRequestHTTPClient *http.Client
+
+func Init() {
+	if config.UserContentRequestProxy != "" {
+		logger.SysLog(fmt.Sprintf("using %s as proxy to fetch user content", config.UserContentRequestProxy))
+		proxyURL, err := url.Parse(config.UserContentRequestProxy)
+		if err != nil {
+			logger.FatalLog(fmt.Sprintf("USER_CONTENT_REQUEST_PROXY set but invalid: %s", config.UserContentRequestProxy))
+		}
+		transport := &http.Transport{
+			Proxy: http.ProxyURL(proxyURL),
+		}
+		UserContentRequestHTTPClient = &http.Client{
+			Transport: transport,
+			Timeout:   time.Second * time.Duration(config.UserContentRequestTimeout),
+		}
+	} else {
+		UserContentRequestHTTPClient = &http.Client{}
+	}
+	var transport http.RoundTripper
+	if config.RelayProxy != "" {
+		logger.SysLog(fmt.Sprintf("using %s as api relay proxy", config.RelayProxy))
+		proxyURL, err := url.Parse(config.RelayProxy)
+		if err != nil {
+			logger.FatalLog(fmt.Sprintf("USER_CONTENT_REQUEST_PROXY set but invalid: %s", config.UserContentRequestProxy))
+		}
+		transport = &http.Transport{
+			Proxy: http.ProxyURL(proxyURL),
+		}
+	}
+
+	if config.RelayTimeout == 0 {
+		HTTPClient = &http.Client{
+			Transport: transport,
+		}
+	} else {
+		HTTPClient = &http.Client{
+			Timeout:   time.Duration(config.RelayTimeout) * time.Second,
+			Transport: transport,
+		}
+	}
+
+	ImpatientHTTPClient = &http.Client{
+		Timeout:   5 * time.Second,
+		Transport: transport,
+	}
+}

common/config/config.go

@@ -0,0 +1,166 @@
+package config
+
+import (
+	"os"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/songquanpeng/one-api/common/env"
+
+	"github.com/google/uuid"
+)
+
+var SystemName = "One API"
+var ServerAddress = "http://localhost:3000"
+var Footer = ""
+var Logo = ""
+var TopUpLink = ""
+var ChatLink = ""
+var QuotaPerUnit = 500 * 1000.0 // $0.002 / 1K tokens
+var DisplayInCurrencyEnabled = true
+var DisplayTokenStatEnabled = true
+
+// Any options with "Secret", "Token" in its key won't be return by GetOptions
+
+var SessionSecret = uuid.New().String()
+
+var OptionMap map[string]string
+var OptionMapRWMutex sync.RWMutex
+
+var ItemsPerPage = 10
+var MaxRecentItems = 100
+
+var PasswordLoginEnabled = true
+var PasswordRegisterEnabled = true
+var EmailVerificationEnabled = false
+var GitHubOAuthEnabled = false
+var OidcEnabled = false
+var WeChatAuthEnabled = false
+var TurnstileCheckEnabled = false
+var RegisterEnabled = true
+
+var EmailDomainRestrictionEnabled = false
+var EmailDomainWhitelist = []string{
+	"gmail.com",
+	"163.com",
+	"126.com",
+	"qq.com",
+	"outlook.com",
+	"hotmail.com",
+	"icloud.com",
+	"yahoo.com",
+	"foxmail.com",
+}
+
+var DebugEnabled = strings.ToLower(os.Getenv("DEBUG")) == "true"
+var DebugSQLEnabled = strings.ToLower(os.Getenv("DEBUG_SQL")) == "true"
+var MemoryCacheEnabled = strings.ToLower(os.Getenv("MEMORY_CACHE_ENABLED")) == "true"
+
+var LogConsumeEnabled = true
+
+var SMTPServer = ""
+var SMTPPort = 587
+var SMTPAccount = ""
+var SMTPFrom = ""
+var SMTPToken = ""
+
+var GitHubClientId = ""
+var GitHubClientSecret = ""
+
+var LarkClientId = ""
+var LarkClientSecret = ""
+
+var OidcClientId = ""
+var OidcClientSecret = ""
+var OidcWellKnown = ""
+var OidcAuthorizationEndpoint = ""
+var OidcTokenEndpoint = ""
+var OidcUserinfoEndpoint = ""
+
+var WeChatServerAddress = ""
+var WeChatServerToken = ""
+var WeChatAccountQRCodeImageURL = ""
+
+var MessagePusherAddress = ""
+var MessagePusherToken = ""
+
+var TurnstileSiteKey = ""
+var TurnstileSecretKey = ""
+
+var QuotaForNewUser int64 = 0
+var QuotaForInviter int64 = 0
+var QuotaForInvitee int64 = 0
+var ChannelDisableThreshold = 5.0
+var AutomaticDisableChannelEnabled = false
+var AutomaticEnableChannelEnabled = false
+var QuotaRemindThreshold int64 = 1000
+var PreConsumedQuota int64 = 500
+var ApproximateTokenEnabled = false
+var RetryTimes = 0
+
+var RootUserEmail = ""
+
+var IsMasterNode = os.Getenv("NODE_TYPE") != "slave"
+
+var requestInterval, _ = strconv.Atoi(os.Getenv("POLLING_INTERVAL"))
+var RequestInterval = time.Duration(requestInterval) * time.Second
+
+var SyncFrequency = env.Int("SYNC_FREQUENCY", 10*60) // unit is second
+
+var BatchUpdateEnabled = false
+var BatchUpdateInterval = env.Int("BATCH_UPDATE_INTERVAL", 5)
+
+var RelayTimeout = env.Int("RELAY_TIMEOUT", 0) // unit is second
+
+var GeminiSafetySetting = env.String("GEMINI_SAFETY_SETTING", "BLOCK_NONE")
+
+var Theme = env.String("THEME", "default")
+var ValidThemes = map[string]bool{
+	"default": true,
+	"berry":   true,
+	"air":     true,
+}
+
+// All duration's unit is seconds
+// Shouldn't larger then RateLimitKeyExpirationDuration
+var (
+	GlobalApiRateLimitNum            = env.Int("GLOBAL_API_RATE_LIMIT", 480)
+	GlobalApiRateLimitDuration int64 = 3 * 60
+
+	GlobalWebRateLimitNum            = env.Int("GLOBAL_WEB_RATE_LIMIT", 240)
+	GlobalWebRateLimitDuration int64 = 3 * 60
+
+	UploadRateLimitNum            = 10
+	UploadRateLimitDuration int64 = 60
+
+	DownloadRateLimitNum            = 10
+	DownloadRateLimitDuration int64 = 60
+
+	CriticalRateLimitNum            = 20
+	CriticalRateLimitDuration int64 = 20 * 60
+)
+
+var RateLimitKeyExpirationDuration = 20 * time.Minute
+
+var EnableMetric = env.Bool("ENABLE_METRIC", false)
+var MetricQueueSize = env.Int("METRIC_QUEUE_SIZE", 10)
+var MetricSuccessRateThreshold = env.Float64("METRIC_SUCCESS_RATE_THRESHOLD", 0.8)
+var MetricSuccessChanSize = env.Int("METRIC_SUCCESS_CHAN_SIZE", 1024)
+var MetricFailChanSize = env.Int("METRIC_FAIL_CHAN_SIZE", 128)
+
+var InitialRootToken = os.Getenv("INITIAL_ROOT_TOKEN")
+
+var InitialRootAccessToken = os.Getenv("INITIAL_ROOT_ACCESS_TOKEN")
+
+var GeminiVersion = env.String("GEMINI_VERSION", "v1")
+
+var OnlyOneLogFile = env.Bool("ONLY_ONE_LOG_FILE", false)
+
+var RelayProxy = env.String("RELAY_PROXY", "")
+var UserContentRequestProxy = env.String("USER_CONTENT_REQUEST_PROXY", "")
+var UserContentRequestTimeout = env.Int("USER_CONTENT_REQUEST_TIMEOUT", 30)
+
+var EnforceIncludeUsage = env.Bool("ENFORCE_INCLUDE_USAGE", false)
+var TestPrompt = env.String("TEST_PROMPT", "Output only your specific model name with no additional text.")

common/constants.go

@@ -1,122 +1,6 @@
 package common
 
-import (
-	"github.com/google/uuid"
-	"sync"
-	"time"
-)
+import "time"
 
 var StartTime = time.Now().Unix() // unit: second
 var Version = "v0.0.0"            // this hard coding will be replaced automatically when building, no need to manually change
-var SystemName = "One API"
-var ServerAddress = "http://localhost:3000"
-var Footer = ""
-
-var UsingSQLite = false
-
-// Any options with "Secret", "Token" in its key won't be return by GetOptions
-
-var SessionSecret = uuid.New().String()
-var SQLitePath = "one-api.db"
-
-var OptionMap map[string]string
-var OptionMapRWMutex sync.RWMutex
-
-var ItemsPerPage = 10
-
-var PasswordLoginEnabled = true
-var PasswordRegisterEnabled = true
-var EmailVerificationEnabled = false
-var GitHubOAuthEnabled = false
-var WeChatAuthEnabled = false
-var TurnstileCheckEnabled = false
-var RegisterEnabled = true
-
-var SMTPServer = ""
-var SMTPAccount = ""
-var SMTPToken = ""
-
-var GitHubClientId = ""
-var GitHubClientSecret = ""
-
-var WeChatServerAddress = ""
-var WeChatServerToken = ""
-var WeChatAccountQRCodeImageURL = ""
-
-var TurnstileSiteKey = ""
-var TurnstileSecretKey = ""
-
-const (
-	RoleGuestUser  = 0
-	RoleCommonUser = 1
-	RoleAdminUser  = 10
-	RoleRootUser   = 100
-)
-
-var (
-	FileUploadPermission    = RoleGuestUser
-	FileDownloadPermission  = RoleGuestUser
-	ImageUploadPermission   = RoleGuestUser
-	ImageDownloadPermission = RoleGuestUser
-)
-
-// All duration's unit is seconds
-// Shouldn't larger then RateLimitKeyExpirationDuration
-var (
-	GlobalApiRateLimitNum            = 60
-	GlobalApiRateLimitDuration int64 = 3 * 60
-
-	GlobalWebRateLimitNum            = 60
-	GlobalWebRateLimitDuration int64 = 3 * 60
-
-	UploadRateLimitNum            = 10
-	UploadRateLimitDuration int64 = 60
-
-	DownloadRateLimitNum            = 10
-	DownloadRateLimitDuration int64 = 60
-
-	CriticalRateLimitNum            = 20
-	CriticalRateLimitDuration int64 = 20 * 60
-)
-
-var RateLimitKeyExpirationDuration = 20 * time.Minute
-
-const (
-	UserStatusEnabled  = 1 // don't use 0, 0 is the default value!
-	UserStatusDisabled = 2 // also don't use 0
-)
-
-const (
-	TokenStatusEnabled  = 1 // don't use 0, 0 is the default value!
-	TokenStatusDisabled = 2 // also don't use 0
-)
-
-const (
-	ChannelStatusUnknown  = 0
-	ChannelStatusEnabled  = 1 // don't use 0, 0 is the default value!
-	ChannelStatusDisabled = 2 // also don't use 0
-)
-
-const (
-	ChannelTypeUnknown   = 0
-	ChannelTypeOpenAI    = 1
-	ChannelTypeAPI2D     = 2
-	ChannelTypeAzure     = 3
-	ChannelTypeCloseAI   = 4
-	ChannelTypeOpenAISB  = 5
-	ChannelTypeOpenAIMax = 6
-	ChannelTypeOhMyGPT   = 7
-	ChannelTypeCustom    = 8
-)
-
-var ChannelBaseURLs = []string{
-	"",                            // 0
-	"https://api.openai.com",      // 1
-	"https://openai.api2d.net",    // 2
-	"",                            // 3
-	"https://api.openai-asia.com", // 4
-	"https://api.openai-sb.com",   // 5
-	"https://api.openaimax.com",   // 6
-	"https://api.ohmygpt.com",     // 7
-	"",                            // 8
-}

common/conv/any.go

@@ -0,0 +1,6 @@
+package conv
+
+func AsString(v any) string {
+	str, _ := v.(string)
+	return str
+}

common/ctxkey/key.go

@@ -0,0 +1,24 @@
+package ctxkey
+
+const (
+	Config            = "config"
+	Id                = "id"
+	Username          = "username"
+	Role              = "role"
+	Status            = "status"
+	Channel           = "channel"
+	ChannelId         = "channel_id"
+	SpecificChannelId = "specific_channel_id"
+	RequestModel      = "request_model"
+	ConvertedRequest  = "converted_request"
+	OriginalModel     = "original_model"
+	Group             = "group"
+	ModelMapping      = "model_mapping"
+	ChannelName       = "channel_name"
+	TokenId           = "token_id"
+	TokenName         = "token_name"
+	BaseURL           = "base_url"
+	AvailableModels   = "available_models"
+	KeyRequestBody    = "key_request_body"
+	SystemPrompt      = "system_prompt"
+)

common/custom-event.go

@@ -0,0 +1,82 @@
+// Copyright 2014 Manu Martinez-Almeida.  All rights reserved.
+// Use of this source code is governed by a MIT style
+// license that can be found in the LICENSE file.
+
+package common
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+)
+
+type stringWriter interface {
+	io.Writer
+	writeString(string) (int, error)
+}
+
+type stringWrapper struct {
+	io.Writer
+}
+
+func (w stringWrapper) writeString(str string) (int, error) {
+	return w.Writer.Write([]byte(str))
+}
+
+func checkWriter(writer io.Writer) stringWriter {
+	if w, ok := writer.(stringWriter); ok {
+		return w
+	} else {
+		return stringWrapper{writer}
+	}
+}
+
+// Server-Sent Events
+// W3C Working Draft 29 October 2009
+// http://www.w3.org/TR/2009/WD-eventsource-20091029/
+
+var contentType = []string{"text/event-stream"}
+var noCache = []string{"no-cache"}
+
+var fieldReplacer = strings.NewReplacer(
+	"\n", "\\n",
+	"\r", "\\r")
+
+var dataReplacer = strings.NewReplacer(
+	"\n", "\ndata:",
+	"\r", "\\r")
+
+type CustomEvent struct {
+	Event string
+	Id    string
+	Retry uint
+	Data  interface{}
+}
+
+func encode(writer io.Writer, event CustomEvent) error {
+	w := checkWriter(writer)
+	return writeData(w, event.Data)
+}
+
+func writeData(w stringWriter, data interface{}) error {
+	dataReplacer.WriteString(w, fmt.Sprint(data))
+	if strings.HasPrefix(data.(string), "data") {
+		w.writeString("\n\n")
+	}
+	return nil
+}
+
+func (r CustomEvent) Render(w http.ResponseWriter) error {
+	r.WriteContentType(w)
+	return encode(w, r)
+}
+
+func (r CustomEvent) WriteContentType(w http.ResponseWriter) {
+	header := w.Header()
+	header["Content-Type"] = contentType
+
+	if _, exist := header["Cache-Control"]; !exist {
+		header["Cache-Control"] = noCache
+	}
+}

common/database.go

@@ -0,0 +1,12 @@
+package common
+
+import (
+	"github.com/songquanpeng/one-api/common/env"
+)
+
+var UsingSQLite = false
+var UsingPostgreSQL = false
+var UsingMySQL = false
+
+var SQLitePath = "one-api.db"
+var SQLiteBusyTimeout = env.Int("SQLITE_BUSY_TIMEOUT", 3000)

common/email.go

@@ -1,14 +0,0 @@
-package common
-
-import "gopkg.in/gomail.v2"
-
-func SendEmail(subject string, receiver string, content string) error {
-	m := gomail.NewMessage()
-	m.SetHeader("From", SMTPAccount)
-	m.SetHeader("To", receiver)
-	m.SetHeader("Subject", subject)
-	m.SetBody("text/html", content)
-	d := gomail.NewDialer(SMTPServer, 587, SMTPAccount, SMTPToken)
-	err := d.DialAndSend(m)
-	return err
-}

common/embed-file-system.go

@@ -15,10 +15,7 @@ type embedFileSystem struct {
 
 func (e embedFileSystem) Exists(prefix string, path string) bool {
 	_, err := e.Open(path)
-	if err != nil {
-		return false
-	}
-	return true
+	return err == nil
 }
 
 func EmbedFolder(fsEmbed embed.FS, targetPath string) static.ServeFileSystem {

common/env/helper.go

@@ -0,0 +1,42 @@
+package env
+
+import (
+	"os"
+	"strconv"
+)
+
+func Bool(env string, defaultValue bool) bool {
+	if env == "" || os.Getenv(env) == "" {
+		return defaultValue
+	}
+	return os.Getenv(env) == "true"
+}
+
+func Int(env string, defaultValue int) int {
+	if env == "" || os.Getenv(env) == "" {
+		return defaultValue
+	}
+	num, err := strconv.Atoi(os.Getenv(env))
+	if err != nil {
+		return defaultValue
+	}
+	return num
+}
+
+func Float64(env string, defaultValue float64) float64 {
+	if env == "" || os.Getenv(env) == "" {
+		return defaultValue
+	}
+	num, err := strconv.ParseFloat(os.Getenv(env), 64)
+	if err != nil {
+		return defaultValue
+	}
+	return num
+}
+
+func String(env string, defaultValue string) string {
+	if env == "" || os.Getenv(env) == "" {
+		return defaultValue
+	}
+	return os.Getenv(env)
+}

common/gin.go

@@ -0,0 +1,53 @@
+package common
+
+import (
+	"bytes"
+	"encoding/json"
+	"io"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+	"github.com/songquanpeng/one-api/common/ctxkey"
+)
+
+func GetRequestBody(c *gin.Context) ([]byte, error) {
+	requestBody, _ := c.Get(ctxkey.KeyRequestBody)
+	if requestBody != nil {
+		return requestBody.([]byte), nil
+	}
+	requestBody, err := io.ReadAll(c.Request.Body)
+	if err != nil {
+		return nil, err
+	}
+	_ = c.Request.Body.Close()
+	c.Set(ctxkey.KeyRequestBody, requestBody)
+	return requestBody.([]byte), nil
+}
+
+func UnmarshalBodyReusable(c *gin.Context, v any) error {
+	requestBody, err := GetRequestBody(c)
+	if err != nil {
+		return err
+	}
+	contentType := c.Request.Header.Get("Content-Type")
+	if strings.HasPrefix(contentType, "application/json") {
+		err = json.Unmarshal(requestBody, &v)
+	} else {
+		c.Request.Body = io.NopCloser(bytes.NewBuffer(requestBody))
+		err = c.ShouldBind(&v)
+	}
+	if err != nil {
+		return err
+	}
+	// Reset request body
+	c.Request.Body = io.NopCloser(bytes.NewBuffer(requestBody))
+	return nil
+}
+
+func SetEventStreamHeaders(c *gin.Context) {
+	c.Writer.Header().Set("Content-Type", "text/event-stream")
+	c.Writer.Header().Set("Cache-Control", "no-cache")
+	c.Writer.Header().Set("Connection", "keep-alive")
+	c.Writer.Header().Set("Transfer-Encoding", "chunked")
+	c.Writer.Header().Set("X-Accel-Buffering", "no")
+}

common/helper/helper.go

@@ -0,0 +1,174 @@
+package helper
+
+import (
+	"context"
+	"fmt"
+	"html/template"
+	"log"
+	"net"
+	"os/exec"
+	"runtime"
+	"strconv"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/songquanpeng/one-api/common/random"
+)
+
+func OpenBrowser(url string) {
+	var err error
+
+	switch runtime.GOOS {
+	case "linux":
+		err = exec.Command("xdg-open", url).Start()
+	case "windows":
+		err = exec.Command("rundll32", "url.dll,FileProtocolHandler", url).Start()
+	case "darwin":
+		err = exec.Command("open", url).Start()
+	}
+	if err != nil {
+		log.Println(err)
+	}
+}
+
+func GetIp() (ip string) {
+	ips, err := net.InterfaceAddrs()
+	if err != nil {
+		log.Println(err)
+		return ip
+	}
+
+	for _, a := range ips {
+		if ipNet, ok := a.(*net.IPNet); ok && !ipNet.IP.IsLoopback() {
+			if ipNet.IP.To4() != nil {
+				ip = ipNet.IP.String()
+				if strings.HasPrefix(ip, "10") {
+					return
+				}
+				if strings.HasPrefix(ip, "172") {
+					return
+				}
+				if strings.HasPrefix(ip, "192.168") {
+					return
+				}
+				ip = ""
+			}
+		}
+	}
+	return
+}
+
+var sizeKB = 1024
+var sizeMB = sizeKB * 1024
+var sizeGB = sizeMB * 1024
+
+func Bytes2Size(num int64) string {
+	numStr := ""
+	unit := "B"
+	if num/int64(sizeGB) > 1 {
+		numStr = fmt.Sprintf("%.2f", float64(num)/float64(sizeGB))
+		unit = "GB"
+	} else if num/int64(sizeMB) > 1 {
+		numStr = fmt.Sprintf("%d", int(float64(num)/float64(sizeMB)))
+		unit = "MB"
+	} else if num/int64(sizeKB) > 1 {
+		numStr = fmt.Sprintf("%d", int(float64(num)/float64(sizeKB)))
+		unit = "KB"
+	} else {
+		numStr = fmt.Sprintf("%d", num)
+	}
+	return numStr + " " + unit
+}
+
+func Interface2String(inter interface{}) string {
+	switch inter := inter.(type) {
+	case string:
+		return inter
+	case int:
+		return fmt.Sprintf("%d", inter)
+	case float64:
+		return fmt.Sprintf("%f", inter)
+	}
+	return "Not Implemented"
+}
+
+func UnescapeHTML(x string) interface{} {
+	return template.HTML(x)
+}
+
+func IntMax(a int, b int) int {
+	if a >= b {
+		return a
+	} else {
+		return b
+	}
+}
+
+func GenRequestID() string {
+	return GetTimeString() + random.GetRandomNumberString(8)
+}
+
+func SetRequestID(ctx context.Context, id string) context.Context {
+	return context.WithValue(ctx, RequestIdKey, id)
+}
+
+func GetRequestID(ctx context.Context) string {
+	rawRequestId := ctx.Value(RequestIdKey)
+	if rawRequestId == nil {
+		return ""
+	}
+	return rawRequestId.(string)
+}
+
+func GetResponseID(c *gin.Context) string {
+	logID := c.GetString(RequestIdKey)
+	return fmt.Sprintf("chatcmpl-%s", logID)
+}
+
+func Max(a int, b int) int {
+	if a >= b {
+		return a
+	} else {
+		return b
+	}
+}
+
+func AssignOrDefault(value string, defaultValue string) string {
+	if len(value) != 0 {
+		return value
+	}
+	return defaultValue
+}
+
+func MessageWithRequestId(message string, id string) string {
+	return fmt.Sprintf("%s (request id: %s)", message, id)
+}
+
+func String2Int(str string) int {
+	num, err := strconv.Atoi(str)
+	if err != nil {
+		return 0
+	}
+	return num
+}
+
+func Float64PtrMax(p *float64, maxValue float64) *float64 {
+	if p == nil {
+		return nil
+	}
+	if *p > maxValue {
+		return &maxValue
+	}
+	return p
+}
+
+func Float64PtrMin(p *float64, minValue float64) *float64 {
+	if p == nil {
+		return nil
+	}
+	if *p < minValue {
+		return &minValue
+	}
+	return p
+}

common/helper/key.go

@@ -0,0 +1,5 @@
+package helper
+
+const (
+	RequestIdKey = "X-Oneapi-Request-Id"
+)

common/helper/time.go

@@ -0,0 +1,20 @@
+package helper
+
+import (
+	"fmt"
+	"time"
+)
+
+func GetTimestamp() int64 {
+	return time.Now().Unix()
+}
+
+func GetTimeString() string {
+	now := time.Now()
+	return fmt.Sprintf("%s%d", now.Format("20060102150405"), now.UnixNano()%1e9)
+}
+
+// CalcElapsedTime return the elapsed time in milliseconds (ms)
+func CalcElapsedTime(start time.Time) int64 {
+	return time.Now().Sub(start).Milliseconds()
+}

common/i18n/i18n.go

@@ -0,0 +1,72 @@
+package i18n
+
+import (
+	"embed"
+	"encoding/json"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+)
+
+//go:embed locales/*.json
+var localesFS embed.FS
+
+var (
+	translations = make(map[string]map[string]string)
+	defaultLang  = "en"
+	ContextKey   = "i18n"
+)
+
+// Init loads all translation files from embedded filesystem
+func Init() error {
+	entries, err := localesFS.ReadDir("locales")
+	if err != nil {
+		return err
+	}
+
+	for _, entry := range entries {
+		if entry.IsDir() || !strings.HasSuffix(entry.Name(), ".json") {
+			continue
+		}
+
+		langCode := strings.TrimSuffix(entry.Name(), ".json")
+		content, err := localesFS.ReadFile("locales/" + entry.Name())
+		if err != nil {
+			return err
+		}
+
+		var translation map[string]string
+		if err := json.Unmarshal(content, &translation); err != nil {
+			return err
+		}
+		translations[langCode] = translation
+	}
+
+	return nil
+}
+
+func GetLang(c *gin.Context) string {
+	rawLang, ok := c.Get(ContextKey)
+	if !ok {
+		return defaultLang
+	}
+	lang, _ := rawLang.(string)
+	if lang != "" {
+		return lang
+	}
+	return defaultLang
+}
+
+func Translate(c *gin.Context, message string) string {
+	lang := GetLang(c)
+	return translateHelper(lang, message)
+}
+
+func translateHelper(lang, message string) string {
+	if trans, ok := translations[lang]; ok {
+		if translated, exists := trans[message]; exists {
+			return translated
+		}
+	}
+	return message
+}

common/i18n/locales/en.json

@@ -0,0 +1,5 @@
+{
+  "invalid_input": "Invalid input, please check your input",
+  "send_email_failed": "failed to send email: ",
+  "invalid_parameter": "invalid parameter"
+}

common/i18n/locales/zh-CN.json

@@ -0,0 +1,5 @@
+{
+  "invalid_input": "无效的输入，请检查您的输入",
+  "send_email_failed": "发送邮件失败：",
+  "invalid_parameter": "无效的参数"
+}

common/image/image.go

@@ -0,0 +1,112 @@
+package image
+
+import (
+	"bytes"
+	"encoding/base64"
+	"github.com/songquanpeng/one-api/common/client"
+	"image"
+	_ "image/gif"
+	_ "image/jpeg"
+	_ "image/png"
+	"net/http"
+	"regexp"
+	"strings"
+	"sync"
+
+	_ "golang.org/x/image/webp"
+)
+
+// Regex to match data URL pattern
+var dataURLPattern = regexp.MustCompile(`data:image/([^;]+);base64,(.*)`)
+
+func IsImageUrl(url string) (bool, error) {
+	resp, err := client.UserContentRequestHTTPClient.Head(url)
+	if err != nil {
+		return false, err
+	}
+	if !strings.HasPrefix(resp.Header.Get("Content-Type"), "image/") {
+		return false, nil
+	}
+	return true, nil
+}
+
+func GetImageSizeFromUrl(url string) (width int, height int, err error) {
+	isImage, err := IsImageUrl(url)
+	if !isImage {
+		return
+	}
+	resp, err := client.UserContentRequestHTTPClient.Get(url)
+	if err != nil {
+		return
+	}
+	defer resp.Body.Close()
+	img, _, err := image.DecodeConfig(resp.Body)
+	if err != nil {
+		return
+	}
+	return img.Width, img.Height, nil
+}
+
+func GetImageFromUrl(url string) (mimeType string, data string, err error) {
+	// Check if the URL is a data URL
+	matches := dataURLPattern.FindStringSubmatch(url)
+	if len(matches) == 3 {
+		// URL is a data URL
+		mimeType = "image/" + matches[1]
+		data = matches[2]
+		return
+	}
+
+	isImage, err := IsImageUrl(url)
+	if !isImage {
+		return
+	}
+	resp, err := http.Get(url)
+	if err != nil {
+		return
+	}
+	defer resp.Body.Close()
+	buffer := bytes.NewBuffer(nil)
+	_, err = buffer.ReadFrom(resp.Body)
+	if err != nil {
+		return
+	}
+	mimeType = resp.Header.Get("Content-Type")
+	data = base64.StdEncoding.EncodeToString(buffer.Bytes())
+	return
+}
+
+var (
+	reg = regexp.MustCompile(`data:image/([^;]+);base64,`)
+)
+
+var readerPool = sync.Pool{
+	New: func() interface{} {
+		return &bytes.Reader{}
+	},
+}
+
+func GetImageSizeFromBase64(encoded string) (width int, height int, err error) {
+	decoded, err := base64.StdEncoding.DecodeString(reg.ReplaceAllString(encoded, ""))
+	if err != nil {
+		return 0, 0, err
+	}
+
+	reader := readerPool.Get().(*bytes.Reader)
+	defer readerPool.Put(reader)
+	reader.Reset(decoded)
+
+	img, _, err := image.DecodeConfig(reader)
+	if err != nil {
+		return 0, 0, err
+	}
+
+	return img.Width, img.Height, nil
+}
+
+func GetImageSize(image string) (width int, height int, err error) {
+	if strings.HasPrefix(image, "data:image/") {
+		return GetImageSizeFromBase64(image)
+	}
+	return GetImageSizeFromUrl(image)
+}

common/image/image_test.go

@@ -0,0 +1,177 @@
+package image_test
+
+import (
+	"encoding/base64"
+	"github.com/songquanpeng/one-api/common/client"
+	"image"
+	_ "image/gif"
+	_ "image/jpeg"
+	_ "image/png"
+	"io"
+	"net/http"
+	"strconv"
+	"strings"
+	"testing"
+
+	img "github.com/songquanpeng/one-api/common/image"
+
+	"github.com/stretchr/testify/assert"
+	_ "golang.org/x/image/webp"
+)
+
+type CountingReader struct {
+	reader    io.Reader
+	BytesRead int
+}
+
+func (r *CountingReader) Read(p []byte) (n int, err error) {
+	n, err = r.reader.Read(p)
+	r.BytesRead += n
+	return n, err
+}
+
+var (
+	cases = []struct {
+		url    string
+		format string
+		width  int
+		height int
+	}{
+		{"https://upload.wikimedia.org/wikipedia/commons/thumb/d/dd/Gfp-wisconsin-madison-the-nature-boardwalk.jpg/2560px-Gfp-wisconsin-madison-the-nature-boardwalk.jpg", "jpeg", 2560, 1669},
+		{"https://upload.wikimedia.org/wikipedia/commons/9/97/Basshunter_live_performances.png", "png", 4500, 2592},
+		{"https://upload.wikimedia.org/wikipedia/commons/c/c6/TO_THE_ONE_SOMETHINGNESS.webp", "webp", 984, 985},
+		{"https://upload.wikimedia.org/wikipedia/commons/d/d0/01_Das_Sandberg-Modell.gif", "gif", 1917, 1533},
+		{"https://upload.wikimedia.org/wikipedia/commons/6/62/102Cervus.jpg", "jpeg", 270, 230},
+	}
+)
+
+func TestMain(m *testing.M) {
+	client.Init()
+	m.Run()
+}
+
+func TestDecode(t *testing.T) {
+	// Bytes read: varies sometimes
+	// jpeg: 1063892
+	// png: 294462
+	// webp: 99529
+	// gif: 956153
+	// jpeg#01: 32805
+	for _, c := range cases {
+		t.Run("Decode:"+c.format, func(t *testing.T) {
+			resp, err := http.Get(c.url)
+			assert.NoError(t, err)
+			defer resp.Body.Close()
+			reader := &CountingReader{reader: resp.Body}
+			img, format, err := image.Decode(reader)
+			assert.NoError(t, err)
+			size := img.Bounds().Size()
+			assert.Equal(t, c.format, format)
+			assert.Equal(t, c.width, size.X)
+			assert.Equal(t, c.height, size.Y)
+			t.Logf("Bytes read: %d", reader.BytesRead)
+		})
+	}
+
+	// Bytes read:
+	// jpeg: 4096
+	// png: 4096
+	// webp: 4096
+	// gif: 4096
+	// jpeg#01: 4096
+	for _, c := range cases {
+		t.Run("DecodeConfig:"+c.format, func(t *testing.T) {
+			resp, err := http.Get(c.url)
+			assert.NoError(t, err)
+			defer resp.Body.Close()
+			reader := &CountingReader{reader: resp.Body}
+			config, format, err := image.DecodeConfig(reader)
+			assert.NoError(t, err)
+			assert.Equal(t, c.format, format)
+			assert.Equal(t, c.width, config.Width)
+			assert.Equal(t, c.height, config.Height)
+			t.Logf("Bytes read: %d", reader.BytesRead)
+		})
+	}
+}
+
+func TestBase64(t *testing.T) {
+	// Bytes read:
+	// jpeg: 1063892
+	// png: 294462
+	// webp: 99072
+	// gif: 953856
+	// jpeg#01: 32805
+	for _, c := range cases {
+		t.Run("Decode:"+c.format, func(t *testing.T) {
+			resp, err := http.Get(c.url)
+			assert.NoError(t, err)
+			defer resp.Body.Close()
+			data, err := io.ReadAll(resp.Body)
+			assert.NoError(t, err)
+			encoded := base64.StdEncoding.EncodeToString(data)
+			body := base64.NewDecoder(base64.StdEncoding, strings.NewReader(encoded))
+			reader := &CountingReader{reader: body}
+			img, format, err := image.Decode(reader)
+			assert.NoError(t, err)
+			size := img.Bounds().Size()
+			assert.Equal(t, c.format, format)
+			assert.Equal(t, c.width, size.X)
+			assert.Equal(t, c.height, size.Y)
+			t.Logf("Bytes read: %d", reader.BytesRead)
+		})
+	}
+
+	// Bytes read:
+	// jpeg: 1536
+	// png: 768
+	// webp: 768
+	// gif: 1536
+	// jpeg#01: 3840
+	for _, c := range cases {
+		t.Run("DecodeConfig:"+c.format, func(t *testing.T) {
+			resp, err := http.Get(c.url)
+			assert.NoError(t, err)
+			defer resp.Body.Close()
+			data, err := io.ReadAll(resp.Body)
+			assert.NoError(t, err)
+			encoded := base64.StdEncoding.EncodeToString(data)
+			body := base64.NewDecoder(base64.StdEncoding, strings.NewReader(encoded))
+			reader := &CountingReader{reader: body}
+			config, format, err := image.DecodeConfig(reader)
+			assert.NoError(t, err)
+			assert.Equal(t, c.format, format)
+			assert.Equal(t, c.width, config.Width)
+			assert.Equal(t, c.height, config.Height)
+			t.Logf("Bytes read: %d", reader.BytesRead)
+		})
+	}
+}
+
+func TestGetImageSize(t *testing.T) {
+	for i, c := range cases {
+		t.Run("Decode:"+strconv.Itoa(i), func(t *testing.T) {
+			width, height, err := img.GetImageSize(c.url)
+			assert.NoError(t, err)
+			assert.Equal(t, c.width, width)
+			assert.Equal(t, c.height, height)
+		})
+	}
+}
+
+func TestGetImageSizeFromBase64(t *testing.T) {
+	for i, c := range cases {
+		t.Run("Decode:"+strconv.Itoa(i), func(t *testing.T) {
+			resp, err := http.Get(c.url)
+			assert.NoError(t, err)
+			defer resp.Body.Close()
+			data, err := io.ReadAll(resp.Body)
+			assert.NoError(t, err)
+			encoded := base64.StdEncoding.EncodeToString(data)
+			width, height, err := img.GetImageSizeFromBase64(encoded)
+			assert.NoError(t, err)
+			assert.Equal(t, c.width, width)
+			assert.Equal(t, c.height, height)
+		})
+	}
+}

common/init.go

@@ -3,6 +3,8 @@ package common
 import (
 	"flag"
 	"fmt"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/logger"
 	"log"
 	"os"
 	"path/filepath"
@@ -12,7 +14,7 @@ var (
 	Port         = flag.Int("port", 3000, "the listening port")
 	PrintVersion = flag.Bool("version", false, "print version and exit")
 	PrintHelp    = flag.Bool("help", false, "print help and exit")
-	LogDir       = flag.String("log-dir", "", "specify the log directory")
+	LogDir       = flag.String("log-dir", "./logs", "specify the log directory")
 )
 
 func printHelp() {
@@ -22,7 +24,7 @@ func printHelp() {
 	fmt.Println("Usage: one-api [--port <port>] [--log-dir <log directory>] [--version] [--help]")
 }
 
-func init() {
+func Init() {
 	flag.Parse()
 
 	if *PrintVersion {
@@ -36,7 +38,11 @@ func init() {
 	}
 
 	if os.Getenv("SESSION_SECRET") != "" {
-		SessionSecret = os.Getenv("SESSION_SECRET")
+		if os.Getenv("SESSION_SECRET") == "random_string" {
+			logger.SysError("SESSION_SECRET is set to an example value, please change it to a random string.")
+		} else {
+			config.SessionSecret = os.Getenv("SESSION_SECRET")
+		}
 	}
 	if os.Getenv("SQLITE_PATH") != "" {
 		SQLitePath = os.Getenv("SQLITE_PATH")
@@ -53,5 +59,6 @@ func init() {
 				log.Fatal(err)
 			}
 		}
+		logger.LogDir = *LogDir
 	}
 }

common/logger.go

@@ -1,44 +0,0 @@
-package common
-
-import (
-	"fmt"
-	"github.com/gin-gonic/gin"
-	"io"
-	"log"
-	"os"
-	"path/filepath"
-	"time"
-)
-
-func SetupGinLog() {
-	if *LogDir != "" {
-		commonLogPath := filepath.Join(*LogDir, "common.log")
-		errorLogPath := filepath.Join(*LogDir, "error.log")
-		commonFd, err := os.OpenFile(commonLogPath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
-		if err != nil {
-			log.Fatal("failed to open log file")
-		}
-		errorFd, err := os.OpenFile(errorLogPath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
-		if err != nil {
-			log.Fatal("failed to open log file")
-		}
-		gin.DefaultWriter = io.MultiWriter(os.Stdout, commonFd)
-		gin.DefaultErrorWriter = io.MultiWriter(os.Stderr, errorFd)
-	}
-}
-
-func SysLog(s string) {
-	t := time.Now()
-	_, _ = fmt.Fprintf(gin.DefaultWriter, "[SYS] %v | %s \n", t.Format("2006/01/02 - 15:04:05"), s)
-}
-
-func SysError(s string) {
-	t := time.Now()
-	_, _ = fmt.Fprintf(gin.DefaultErrorWriter, "[SYS] %v | %s \n", t.Format("2006/01/02 - 15:04:05"), s)
-}
-
-func FatalLog(v ...any) {
-	t := time.Now()
-	_, _ = fmt.Fprintf(gin.DefaultErrorWriter, "[FATAL] %v | %v \n", t.Format("2006/01/02 - 15:04:05"), v)
-	os.Exit(1)
-}

common/logger/constants.go

@@ -0,0 +1,3 @@
+package logger
+
+var LogDir string

common/logger/logger.go

@@ -0,0 +1,160 @@
+package logger
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"log"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/helper"
+)
+
+type loggerLevel string
+
+const (
+	loggerDEBUG loggerLevel = "DEBUG"
+	loggerINFO  loggerLevel = "INFO"
+	loggerWarn  loggerLevel = "WARN"
+	loggerError loggerLevel = "ERROR"
+	loggerFatal loggerLevel = "FATAL"
+)
+
+var setupLogOnce sync.Once
+
+func SetupLogger() {
+	setupLogOnce.Do(func() {
+		if LogDir != "" {
+			var logPath string
+			if config.OnlyOneLogFile {
+				logPath = filepath.Join(LogDir, "oneapi.log")
+			} else {
+				logPath = filepath.Join(LogDir, fmt.Sprintf("oneapi-%s.log", time.Now().Format("20060102")))
+			}
+			fd, err := os.OpenFile(logPath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+			if err != nil {
+				log.Fatal("failed to open log file")
+			}
+			gin.DefaultWriter = io.MultiWriter(os.Stdout, fd)
+			gin.DefaultErrorWriter = io.MultiWriter(os.Stderr, fd)
+		}
+	})
+}
+
+func SysLog(s string) {
+	logHelper(nil, loggerINFO, s)
+}
+
+func SysLogf(format string, a ...any) {
+	logHelper(nil, loggerINFO, fmt.Sprintf(format, a...))
+}
+
+func SysWarn(s string) {
+	logHelper(nil, loggerWarn, s)
+}
+
+func SysWarnf(format string, a ...any) {
+	logHelper(nil, loggerWarn, fmt.Sprintf(format, a...))
+}
+
+func SysError(s string) {
+	logHelper(nil, loggerError, s)
+}
+
+func SysErrorf(format string, a ...any) {
+	logHelper(nil, loggerError, fmt.Sprintf(format, a...))
+}
+
+func Debug(ctx context.Context, msg string) {
+	if !config.DebugEnabled {
+		return
+	}
+	logHelper(ctx, loggerDEBUG, msg)
+}
+
+func Info(ctx context.Context, msg string) {
+	logHelper(ctx, loggerINFO, msg)
+}
+
+func Warn(ctx context.Context, msg string) {
+	logHelper(ctx, loggerWarn, msg)
+}
+
+func Error(ctx context.Context, msg string) {
+	logHelper(ctx, loggerError, msg)
+}
+
+func Debugf(ctx context.Context, format string, a ...any) {
+	if !config.DebugEnabled {
+		return
+	}
+	logHelper(ctx, loggerDEBUG, fmt.Sprintf(format, a...))
+}
+
+func Infof(ctx context.Context, format string, a ...any) {
+	logHelper(ctx, loggerINFO, fmt.Sprintf(format, a...))
+}
+
+func Warnf(ctx context.Context, format string, a ...any) {
+	logHelper(ctx, loggerWarn, fmt.Sprintf(format, a...))
+}
+
+func Errorf(ctx context.Context, format string, a ...any) {
+	logHelper(ctx, loggerError, fmt.Sprintf(format, a...))
+}
+
+func FatalLog(s string) {
+	logHelper(nil, loggerFatal, s)
+}
+
+func FatalLogf(format string, a ...any) {
+	logHelper(nil, loggerFatal, fmt.Sprintf(format, a...))
+}
+
+func logHelper(ctx context.Context, level loggerLevel, msg string) {
+	writer := gin.DefaultErrorWriter
+	if level == loggerINFO {
+		writer = gin.DefaultWriter
+	}
+	var requestId string
+	if ctx != nil {
+		rawRequestId := helper.GetRequestID(ctx)
+		if rawRequestId != "" {
+			requestId = fmt.Sprintf(" | %s", rawRequestId)
+		}
+	}
+	lineInfo, funcName := getLineInfo()
+	now := time.Now()
+	_, _ = fmt.Fprintf(writer, "[%s] %v%s%s %s%s \n", level, now.Format("2006/01/02 - 15:04:05"), requestId, lineInfo, funcName, msg)
+	SetupLogger()
+	if level == loggerFatal {
+		os.Exit(1)
+	}
+}
+
+func getLineInfo() (string, string) {
+	funcName := "[unknown] "
+	pc, file, line, ok := runtime.Caller(3)
+	if ok {
+		if fn := runtime.FuncForPC(pc); fn != nil {
+			parts := strings.Split(fn.Name(), ".")
+			funcName = "[" + parts[len(parts)-1] + "] "
+		}
+	} else {
+		file = "unknown"
+		line = 0
+	}
+	parts := strings.Split(file, "one-api/")
+	if len(parts) > 1 {
+		file = parts[1]
+	}
+	return fmt.Sprintf(" | %s:%d", file, line), funcName
+}

common/message/email.go

@@ -0,0 +1,111 @@
+package message
+
+import (
+	"crypto/rand"
+	"crypto/tls"
+	"encoding/base64"
+	"fmt"
+	"net"
+	"net/smtp"
+	"strings"
+	"time"
+
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/logger"
+)
+
+func shouldAuth() bool {
+	return config.SMTPAccount != "" || config.SMTPToken != ""
+}
+
+func SendEmail(subject string, receiver string, content string) error {
+	if receiver == "" {
+		return fmt.Errorf("receiver is empty")
+	}
+	if config.SMTPFrom == "" { // for compatibility
+		config.SMTPFrom = config.SMTPAccount
+	}
+	encodedSubject := fmt.Sprintf("=?UTF-8?B?%s?=", base64.StdEncoding.EncodeToString([]byte(subject)))
+
+	// Extract domain from SMTPFrom
+	parts := strings.Split(config.SMTPFrom, "@")
+	var domain string
+	if len(parts) > 1 {
+		domain = parts[1]
+	}
+	// Generate a unique Message-ID
+	buf := make([]byte, 16)
+	_, err := rand.Read(buf)
+	if err != nil {
+		return err
+	}
+	messageId := fmt.Sprintf("<%x@%s>", buf, domain)
+
+	mail := []byte(fmt.Sprintf("To: %s\r\n"+
+		"From: %s<%s>\r\n"+
+		"Subject: %s\r\n"+
+		"Message-ID: %s\r\n"+ // add Message-ID header to avoid being treated as spam, RFC 5322
+		"Date: %s\r\n"+
+		"Content-Type: text/html; charset=UTF-8\r\n\r\n%s\r\n",
+		receiver, config.SystemName, config.SMTPFrom, encodedSubject, messageId, time.Now().Format(time.RFC1123Z), content))
+
+	auth := smtp.PlainAuth("", config.SMTPAccount, config.SMTPToken, config.SMTPServer)
+	addr := fmt.Sprintf("%s:%d", config.SMTPServer, config.SMTPPort)
+	to := strings.Split(receiver, ";")
+
+	if config.SMTPPort == 465 || !shouldAuth() {
+		// need advanced client
+		var conn net.Conn
+		var err error
+		if config.SMTPPort == 465 {
+			tlsConfig := &tls.Config{
+				InsecureSkipVerify: true,
+				ServerName:         config.SMTPServer,
+			}
+			conn, err = tls.Dial("tcp", fmt.Sprintf("%s:%d", config.SMTPServer, config.SMTPPort), tlsConfig)
+		} else {
+			conn, err = net.Dial("tcp", fmt.Sprintf("%s:%d", config.SMTPServer, config.SMTPPort))
+		}
+		if err != nil {
+			return err
+		}
+		client, err := smtp.NewClient(conn, config.SMTPServer)
+		if err != nil {
+			return err
+		}
+		defer client.Close()
+		if shouldAuth() {
+			if err = client.Auth(auth); err != nil {
+				return err
+			}
+		}
+		if err = client.Mail(config.SMTPFrom); err != nil {
+			return err
+		}
+		receiverEmails := strings.Split(receiver, ";")
+		for _, receiver := range receiverEmails {
+			if err = client.Rcpt(receiver); err != nil {
+				return err
+			}
+		}
+		w, err := client.Data()
+		if err != nil {
+			return err
+		}
+		_, err = w.Write(mail)
+		if err != nil {
+			return err
+		}
+		err = w.Close()
+		if err != nil {
+			return err
+		}
+		return nil
+	}
+	err = smtp.SendMail(addr, auth, config.SMTPAccount, to, mail)
+	if err != nil && strings.Contains(err.Error(), "short response") { // 部分提供商返回该错误，但实际上邮件已经发送成功
+		logger.SysWarnf("short response from SMTP server, return nil instead of error: %s", err.Error())
+		return nil
+	}
+	return err
+}

common/message/main.go

@@ -0,0 +1,22 @@
+package message
+
+import (
+	"fmt"
+	"github.com/songquanpeng/one-api/common/config"
+)
+
+const (
+	ByAll           = "all"
+	ByEmail         = "email"
+	ByMessagePusher = "message_pusher"
+)
+
+func Notify(by string, title string, description string, content string) error {
+	if by == ByEmail {
+		return SendEmail(title, config.RootUserEmail, content)
+	}
+	if by == ByMessagePusher {
+		return SendMessage(title, description, content)
+	}
+	return fmt.Errorf("unknown notify method: %s", by)
+}

common/message/message-pusher.go

@@ -0,0 +1,53 @@
+package message
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"github.com/songquanpeng/one-api/common/config"
+	"net/http"
+)
+
+type request struct {
+	Title       string `json:"title"`
+	Description string `json:"description"`
+	Content     string `json:"content"`
+	URL         string `json:"url"`
+	Channel     string `json:"channel"`
+	Token       string `json:"token"`
+}
+
+type response struct {
+	Success bool   `json:"success"`
+	Message string `json:"message"`
+}
+
+func SendMessage(title string, description string, content string) error {
+	if config.MessagePusherAddress == "" {
+		return errors.New("message pusher address is not set")
+	}
+	req := request{
+		Title:       title,
+		Description: description,
+		Content:     content,
+		Token:       config.MessagePusherToken,
+	}
+	data, err := json.Marshal(req)
+	if err != nil {
+		return err
+	}
+	resp, err := http.Post(config.MessagePusherAddress,
+		"application/json", bytes.NewBuffer(data))
+	if err != nil {
+		return err
+	}
+	var res response
+	err = json.NewDecoder(resp.Body).Decode(&res)
+	if err != nil {
+		return err
+	}
+	if !res.Success {
+		return errors.New(res.Message)
+	}
+	return nil
+}

common/message/template.go

@@ -0,0 +1,34 @@
+package message
+
+import (
+	"fmt"
+
+	"github.com/songquanpeng/one-api/common/config"
+)
+
+// EmailTemplate 生成美观的 HTML 邮件内容
+func EmailTemplate(title, content string) string {
+	return fmt.Sprintf(`
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+</head>
+<body style="margin: 0; padding: 20px; font-family: Arial, sans-serif; line-height: 1.6; background-color: #f4f4f4;">
+    <div style="max-width: 600px; margin: 20px auto; padding: 30px; background-color: #ffffff; border-radius: 8px; box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);">
+        <div style="text-align: center; margin-bottom: 30px;">
+            <h2 style="color: #333; margin: 0; font-size: 24px;">%s</h2>
+        </div>
+        <div style="color: #555; font-size: 16px;">
+            %s
+        </div>
+        <div style="margin-top: 40px; padding-top: 20px; border-top: 1px solid #eee; color: #888; font-size: 14px; text-align: center;">
+            <p style="margin: 5px 0;">此邮件由系统自动发送，请勿直接回复</p>
+            <p style="margin: 5px 0;">%s</p>
+        </div>
+    </div>
+</body>
+</html>
+`, title, content, config.SystemName)
+}

common/network/ip.go

@@ -0,0 +1,52 @@
+package network
+
+import (
+	"context"
+	"fmt"
+	"github.com/songquanpeng/one-api/common/logger"
+	"net"
+	"strings"
+)
+
+func splitSubnets(subnets string) []string {
+	res := strings.Split(subnets, ",")
+	for i := 0; i < len(res); i++ {
+		res[i] = strings.TrimSpace(res[i])
+	}
+	return res
+}
+
+func isValidSubnet(subnet string) error {
+	_, _, err := net.ParseCIDR(subnet)
+	if err != nil {
+		return fmt.Errorf("failed to parse subnet: %w", err)
+	}
+	return nil
+}
+
+func isIpInSubnet(ctx context.Context, ip string, subnet string) bool {
+	_, ipNet, err := net.ParseCIDR(subnet)
+	if err != nil {
+		logger.Errorf(ctx, "failed to parse subnet: %s", err.Error())
+		return false
+	}
+	return ipNet.Contains(net.ParseIP(ip))
+}
+
+func IsValidSubnets(subnets string) error {
+	for _, subnet := range splitSubnets(subnets) {
+		if err := isValidSubnet(subnet); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func IsIpInSubnets(ctx context.Context, ip string, subnets string) bool {
+	for _, subnet := range splitSubnets(subnets) {
+		if isIpInSubnet(ctx, ip, subnet) {
+			return true
+		}
+	}
+	return false
+}

common/network/ip_test.go

@@ -0,0 +1,19 @@
+package network
+
+import (
+	"context"
+	"testing"
+
+	. "github.com/smartystreets/goconvey/convey"
+)
+
+func TestIsIpInSubnet(t *testing.T) {
+	ctx := context.Background()
+	ip1 := "192.168.0.5"
+	ip2 := "125.216.250.89"
+	subnet := "192.168.0.0/24"
+	Convey("TestIsIpInSubnet", t, func() {
+		So(isIpInSubnet(ctx, ip1, subnet), ShouldBeTrue)
+		So(isIpInSubnet(ctx, ip2, subnet), ShouldBeFalse)
+	})
+}

common/random/main.go

@@ -0,0 +1,61 @@
+package random
+
+import (
+	"github.com/google/uuid"
+	"math/rand"
+	"strings"
+	"time"
+)
+
+func GetUUID() string {
+	code := uuid.New().String()
+	code = strings.Replace(code, "-", "", -1)
+	return code
+}
+
+const keyChars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+const keyNumbers = "0123456789"
+
+func init() {
+	rand.Seed(time.Now().UnixNano())
+}
+
+func GenerateKey() string {
+	rand.Seed(time.Now().UnixNano())
+	key := make([]byte, 48)
+	for i := 0; i < 16; i++ {
+		key[i] = keyChars[rand.Intn(len(keyChars))]
+	}
+	uuid_ := GetUUID()
+	for i := 0; i < 32; i++ {
+		c := uuid_[i]
+		if i%2 == 0 && c >= 'a' && c <= 'z' {
+			c = c - 'a' + 'A'
+		}
+		key[i+16] = c
+	}
+	return string(key)
+}
+
+func GetRandomString(length int) string {
+	rand.Seed(time.Now().UnixNano())
+	key := make([]byte, length)
+	for i := 0; i < length; i++ {
+		key[i] = keyChars[rand.Intn(len(keyChars))]
+	}
+	return string(key)
+}
+
+func GetRandomNumberString(length int) string {
+	rand.Seed(time.Now().UnixNano())
+	key := make([]byte, length)
+	for i := 0; i < length; i++ {
+		key[i] = keyNumbers[rand.Intn(len(keyNumbers))]
+	}
+	return string(key)
+}
+
+// RandRange returns a random number between min and max (max is not included)
+func RandRange(min, max int) int {
+	return min + rand.Intn(max-min)
+}

common/redis.go

@@ -2,38 +2,80 @@ package common
 
 import (
 	"context"
-	"github.com/go-redis/redis/v8"
 	"os"
+	"strings"
 	"time"
+
+	"github.com/go-redis/redis/v8"
+	"github.com/songquanpeng/one-api/common/logger"
 )
 
-var RDB *redis.Client
+var RDB redis.Cmdable
 var RedisEnabled = true
 
 // InitRedisClient This function is called after init()
 func InitRedisClient() (err error) {
 	if os.Getenv("REDIS_CONN_STRING") == "" {
 		RedisEnabled = false
-		SysLog("REDIS_CONN_STRING not set, Redis is not enabled")
+		logger.SysLog("REDIS_CONN_STRING not set, Redis is not enabled")
 		return nil
 	}
-	opt, err := redis.ParseURL(os.Getenv("REDIS_CONN_STRING"))
-	if err != nil {
-		panic(err)
+	if os.Getenv("SYNC_FREQUENCY") == "" {
+		RedisEnabled = false
+		logger.SysLog("SYNC_FREQUENCY not set, Redis is disabled")
+		return nil
+	}
+	redisConnString := os.Getenv("REDIS_CONN_STRING")
+	if os.Getenv("REDIS_MASTER_NAME") == "" {
+		logger.SysLog("Redis is enabled")
+		opt, err := redis.ParseURL(redisConnString)
+		if err != nil {
+			logger.FatalLog("failed to parse Redis connection string: " + err.Error())
+		}
+		RDB = redis.NewClient(opt)
+	} else {
+		// cluster mode
+		logger.SysLog("Redis cluster mode enabled")
+		RDB = redis.NewUniversalClient(&redis.UniversalOptions{
+			Addrs:      strings.Split(redisConnString, ","),
+			Password:   os.Getenv("REDIS_PASSWORD"),
+			MasterName: os.Getenv("REDIS_MASTER_NAME"),
+		})
 	}
-	RDB = redis.NewClient(opt)
-
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
 
 	_, err = RDB.Ping(ctx).Result()
+	if err != nil {
+		logger.FatalLog("Redis ping test failed: " + err.Error())
+	}
 	return err
 }
 
 func ParseRedisOption() *redis.Options {
 	opt, err := redis.ParseURL(os.Getenv("REDIS_CONN_STRING"))
 	if err != nil {
-		panic(err)
+		logger.FatalLog("failed to parse Redis connection string: " + err.Error())
 	}
 	return opt
 }
+
+func RedisSet(key string, value string, expiration time.Duration) error {
+	ctx := context.Background()
+	return RDB.Set(ctx, key, value, expiration).Err()
+}
+
+func RedisGet(key string) (string, error) {
+	ctx := context.Background()
+	return RDB.Get(ctx, key).Result()
+}
+
+func RedisDel(key string) error {
+	ctx := context.Background()
+	return RDB.Del(ctx, key).Err()
+}
+
+func RedisDecrease(key string, value int64) error {
+	ctx := context.Background()
+	return RDB.DecrBy(ctx, key, value).Err()
+}

common/render/render.go

@@ -0,0 +1,30 @@
+package render
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+	"github.com/songquanpeng/one-api/common"
+)
+
+func StringData(c *gin.Context, str string) {
+	str = strings.TrimPrefix(str, "data: ")
+	str = strings.TrimSuffix(str, "\r")
+	c.Render(-1, common.CustomEvent{Data: "data: " + str})
+	c.Writer.Flush()
+}
+
+func ObjectData(c *gin.Context, object interface{}) error {
+	jsonData, err := json.Marshal(object)
+	if err != nil {
+		return fmt.Errorf("error marshalling object: %w", err)
+	}
+	StringData(c, string(jsonData))
+	return nil
+}
+
+func Done(c *gin.Context) {
+	StringData(c, "[DONE]")
+}

common/utils.go

@@ -2,145 +2,13 @@ package common
 
 import (
 	"fmt"
-	"github.com/google/uuid"
-	"html/template"
-	"log"
-	"net"
-	"os/exec"
-	"runtime"
-	"strconv"
-	"strings"
-	"time"
+	"github.com/songquanpeng/one-api/common/config"
 )
 
-func OpenBrowser(url string) {
-	var err error
-
-	switch runtime.GOOS {
-	case "linux":
-		err = exec.Command("xdg-open", url).Start()
-	case "windows":
-		err = exec.Command("rundll32", "url.dll,FileProtocolHandler", url).Start()
-	case "darwin":
-		err = exec.Command("open", url).Start()
-	}
-	if err != nil {
-		log.Println(err)
-	}
-}
-
-func GetIp() (ip string) {
-	ips, err := net.InterfaceAddrs()
-	if err != nil {
-		log.Println(err)
-		return ip
-	}
-
-	for _, a := range ips {
-		if ipNet, ok := a.(*net.IPNet); ok && !ipNet.IP.IsLoopback() {
-			if ipNet.IP.To4() != nil {
-				ip = ipNet.IP.String()
-				if strings.HasPrefix(ip, "10") {
-					return
-				}
-				if strings.HasPrefix(ip, "172") {
-					return
-				}
-				if strings.HasPrefix(ip, "192.168") {
-					return
-				}
-				ip = ""
-			}
-		}
-	}
-	return
-}
-
-var sizeKB = 1024
-var sizeMB = sizeKB * 1024
-var sizeGB = sizeMB * 1024
-
-func Bytes2Size(num int64) string {
-	numStr := ""
-	unit := "B"
-	if num/int64(sizeGB) > 1 {
-		numStr = fmt.Sprintf("%.2f", float64(num)/float64(sizeGB))
-		unit = "GB"
-	} else if num/int64(sizeMB) > 1 {
-		numStr = fmt.Sprintf("%d", int(float64(num)/float64(sizeMB)))
-		unit = "MB"
-	} else if num/int64(sizeKB) > 1 {
-		numStr = fmt.Sprintf("%d", int(float64(num)/float64(sizeKB)))
-		unit = "KB"
+func LogQuota(quota int64) string {
+	if config.DisplayInCurrencyEnabled {
+		return fmt.Sprintf("＄%.6f 额度", float64(quota)/config.QuotaPerUnit)
 	} else {
-		numStr = fmt.Sprintf("%d", num)
-	}
-	return numStr + " " + unit
-}
-
-func Seconds2Time(num int) (time string) {
-	if num/31104000 > 0 {
-		time += strconv.Itoa(num/31104000) + " 年 "
-		num %= 31104000
-	}
-	if num/2592000 > 0 {
-		time += strconv.Itoa(num/2592000) + " 个月 "
-		num %= 2592000
-	}
-	if num/86400 > 0 {
-		time += strconv.Itoa(num/86400) + " 天 "
-		num %= 86400
-	}
-	if num/3600 > 0 {
-		time += strconv.Itoa(num/3600) + " 小时 "
-		num %= 3600
-	}
-	if num/60 > 0 {
-		time += strconv.Itoa(num/60) + " 分钟 "
-		num %= 60
-	}
-	time += strconv.Itoa(num) + " 秒"
-	return
-}
-
-func Interface2String(inter interface{}) string {
-	switch inter.(type) {
-	case string:
-		return inter.(string)
-	case int:
-		return fmt.Sprintf("%d", inter.(int))
-	case float64:
-		return fmt.Sprintf("%f", inter.(float64))
-	}
-	return "Not Implemented"
-}
-
-func UnescapeHTML(x string) interface{} {
-	return template.HTML(x)
-}
-
-func IntMax(a int, b int) int {
-	if a >= b {
-		return a
-	} else {
-		return b
-	}
-}
-
-func GetUUID() string {
-	code := uuid.New().String()
-	code = strings.Replace(code, "-", "", -1)
-	return code
-}
-
-func GetTimestamp() int64 {
-	return time.Now().Unix()
-}
-
-func Max(a int, b int) int {
-	if a >= b {
-		return a
-	} else {
-		return b
+		return fmt.Sprintf("%d 点额度", quota)
 	}
 }

common/utils/array.go

@@ -0,0 +1,13 @@
+package utils
+
+func DeDuplication(slice []string) []string {
+	m := make(map[string]bool)
+	for _, v := range slice {
+		m[v] = true
+	}
+	result := make([]string, 0, len(m))
+	for v := range m {
+		result = append(result, v)
+	}
+	return result
+}

controller/auth/github.go

@@ -1,17 +1,22 @@
-package controller
+package auth
 
 import (
 	"bytes"
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/gin-contrib/sessions"
-	"github.com/gin-gonic/gin"
 	"net/http"
-	"one-api/common"
-	"one-api/model"
 	"strconv"
 	"time"
+
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-gonic/gin"
+
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/logger"
+	"github.com/songquanpeng/one-api/common/random"
+	"github.com/songquanpeng/one-api/controller"
+	"github.com/songquanpeng/one-api/model"
 )
 
 type GitHubOAuthResponse struct {
@@ -30,7 +35,7 @@ func getGitHubUserInfoByCode(code string) (*GitHubUser, error) {
 	if code == "" {
 		return nil, errors.New("无效的参数")
 	}
-	values := map[string]string{"client_id": common.GitHubClientId, "client_secret": common.GitHubClientSecret, "code": code}
+	values := map[string]string{"client_id": config.GitHubClientId, "client_secret": config.GitHubClientSecret, "code": code}
 	jsonData, err := json.Marshal(values)
 	if err != nil {
 		return nil, err
@@ -46,7 +51,7 @@ func getGitHubUserInfoByCode(code string) (*GitHubUser, error) {
 	}
 	res, err := client.Do(req)
 	if err != nil {
-		common.SysLog(err.Error())
+		logger.SysLog(err.Error())
 		return nil, errors.New("无法连接至 GitHub 服务器，请稍后重试！")
 	}
 	defer res.Body.Close()
@@ -62,7 +67,7 @@ func getGitHubUserInfoByCode(code string) (*GitHubUser, error) {
 	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", oAuthResponse.AccessToken))
 	res2, err := client.Do(req)
 	if err != nil {
-		common.SysLog(err.Error())
+		logger.SysLog(err.Error())
 		return nil, errors.New("无法连接至 GitHub 服务器，请稍后重试！")
 	}
 	defer res2.Body.Close()
@@ -78,14 +83,23 @@ func getGitHubUserInfoByCode(code string) (*GitHubUser, error) {
 }
 
 func GitHubOAuth(c *gin.Context) {
+	ctx := c.Request.Context()
 	session := sessions.Default(c)
+	state := c.Query("state")
+	if state == "" || session.Get("oauth_state") == nil || state != session.Get("oauth_state").(string) {
+		c.JSON(http.StatusForbidden, gin.H{
+			"success": false,
+			"message": "state is empty or not same",
+		})
+		return
+	}
 	username := session.Get("username")
 	if username != nil {
 		GitHubBind(c)
 		return
 	}
 
-	if !common.GitHubOAuthEnabled {
+	if !config.GitHubOAuthEnabled {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
 			"message": "管理员未开启通过 GitHub 登录以及注册",
@@ -114,7 +128,7 @@ func GitHubOAuth(c *gin.Context) {
 			return
 		}
 	} else {
-		if common.RegisterEnabled {
+		if config.RegisterEnabled {
 			user.Username = "github_" + strconv.Itoa(model.GetMaxUserId()+1)
 			if githubUser.Name != "" {
 				user.DisplayName = githubUser.Name
@@ -122,10 +136,10 @@ func GitHubOAuth(c *gin.Context) {
 				user.DisplayName = "GitHub User"
 			}
 			user.Email = githubUser.Email
-			user.Role = common.RoleCommonUser
-			user.Status = common.UserStatusEnabled
+			user.Role = model.RoleCommonUser
+			user.Status = model.UserStatusEnabled
 
-			if err := user.Insert(); err != nil {
+			if err := user.Insert(ctx, 0); err != nil {
 				c.JSON(http.StatusOK, gin.H{
 					"success": false,
 					"message": err.Error(),
@@ -141,18 +155,18 @@ func GitHubOAuth(c *gin.Context) {
 		}
 	}
 
-	if user.Status != common.UserStatusEnabled {
+	if user.Status != model.UserStatusEnabled {
 		c.JSON(http.StatusOK, gin.H{
 			"message": "用户已被封禁",
 			"success": false,
 		})
 		return
 	}
-	setupLogin(&user, c)
+	controller.SetupLogin(&user, c)
 }
 
 func GitHubBind(c *gin.Context) {
-	if !common.GitHubOAuthEnabled {
+	if !config.GitHubOAuthEnabled {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
 			"message": "管理员未开启通过 GitHub 登录以及注册",
@@ -205,3 +219,22 @@ func GitHubBind(c *gin.Context) {
 	})
 	return
 }
+
+func GenerateOAuthCode(c *gin.Context) {
+	session := sessions.Default(c)
+	state := random.GetRandomString(12)
+	session.Set("oauth_state", state)
+	err := session.Save()
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    state,
+	})
+}

controller/auth/lark.go

@@ -0,0 +1,203 @@
+package auth
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-gonic/gin"
+
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/logger"
+	"github.com/songquanpeng/one-api/controller"
+	"github.com/songquanpeng/one-api/model"
+)
+
+type LarkOAuthResponse struct {
+	AccessToken string `json:"access_token"`
+}
+
+type LarkUser struct {
+	Name   string `json:"name"`
+	OpenID string `json:"open_id"`
+}
+
+func getLarkUserInfoByCode(code string) (*LarkUser, error) {
+	if code == "" {
+		return nil, errors.New("无效的参数")
+	}
+	values := map[string]string{
+		"client_id":     config.LarkClientId,
+		"client_secret": config.LarkClientSecret,
+		"code":          code,
+		"grant_type":    "authorization_code",
+		"redirect_uri":  fmt.Sprintf("%s/oauth/lark", config.ServerAddress),
+	}
+	jsonData, err := json.Marshal(values)
+	if err != nil {
+		return nil, err
+	}
+	req, err := http.NewRequest("POST", "https://open.feishu.cn/open-apis/authen/v2/oauth/token", bytes.NewBuffer(jsonData))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "application/json")
+	client := http.Client{
+		Timeout: 5 * time.Second,
+	}
+	res, err := client.Do(req)
+	if err != nil {
+		logger.SysLog(err.Error())
+		return nil, errors.New("无法连接至飞书服务器，请稍后重试！")
+	}
+	defer res.Body.Close()
+	var oAuthResponse LarkOAuthResponse
+	err = json.NewDecoder(res.Body).Decode(&oAuthResponse)
+	if err != nil {
+		return nil, err
+	}
+	req, err = http.NewRequest("GET", "https://passport.feishu.cn/suite/passport/oauth/userinfo", nil)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", oAuthResponse.AccessToken))
+	res2, err := client.Do(req)
+	if err != nil {
+		logger.SysLog(err.Error())
+		return nil, errors.New("无法连接至飞书服务器，请稍后重试！")
+	}
+	var larkUser LarkUser
+	err = json.NewDecoder(res2.Body).Decode(&larkUser)
+	if err != nil {
+		return nil, err
+	}
+	return &larkUser, nil
+}
+
+func LarkOAuth(c *gin.Context) {
+	ctx := c.Request.Context()
+	session := sessions.Default(c)
+	state := c.Query("state")
+	if state == "" || session.Get("oauth_state") == nil || state != session.Get("oauth_state").(string) {
+		c.JSON(http.StatusForbidden, gin.H{
+			"success": false,
+			"message": "state is empty or not same",
+		})
+		return
+	}
+	username := session.Get("username")
+	if username != nil {
+		LarkBind(c)
+		return
+	}
+	code := c.Query("code")
+	larkUser, err := getLarkUserInfoByCode(code)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	user := model.User{
+		LarkId: larkUser.OpenID,
+	}
+	if model.IsLarkIdAlreadyTaken(user.LarkId) {
+		err := user.FillUserByLarkId()
+		if err != nil {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": err.Error(),
+			})
+			return
+		}
+	} else {
+		if config.RegisterEnabled {
+			user.Username = "lark_" + strconv.Itoa(model.GetMaxUserId()+1)
+			if larkUser.Name != "" {
+				user.DisplayName = larkUser.Name
+			} else {
+				user.DisplayName = "Lark User"
+			}
+			user.Role = model.RoleCommonUser
+			user.Status = model.UserStatusEnabled
+
+			if err := user.Insert(ctx, 0); err != nil {
+				c.JSON(http.StatusOK, gin.H{
+					"success": false,
+					"message": err.Error(),
+				})
+				return
+			}
+		} else {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": "管理员关闭了新用户注册",
+			})
+			return
+		}
+	}
+
+	if user.Status != model.UserStatusEnabled {
+		c.JSON(http.StatusOK, gin.H{
+			"message": "用户已被封禁",
+			"success": false,
+		})
+		return
+	}
+	controller.SetupLogin(&user, c)
+}
+
+func LarkBind(c *gin.Context) {
+	code := c.Query("code")
+	larkUser, err := getLarkUserInfoByCode(code)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	user := model.User{
+		LarkId: larkUser.OpenID,
+	}
+	if model.IsLarkIdAlreadyTaken(user.LarkId) {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "该飞书账户已被绑定",
+		})
+		return
+	}
+	session := sessions.Default(c)
+	id := session.Get("id")
+	// id := c.GetInt("id")  // critical bug!
+	user.Id = id.(int)
+	err = user.FillUserById()
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	user.LarkId = larkUser.OpenID
+	err = user.Update(false)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "bind",
+	})
+	return
+}

controller/auth/oidc.go

@@ -0,0 +1,228 @@
+package auth
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-gonic/gin"
+
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/logger"
+	"github.com/songquanpeng/one-api/controller"
+	"github.com/songquanpeng/one-api/model"
+)
+
+type OidcResponse struct {
+	AccessToken  string `json:"access_token"`
+	IDToken      string `json:"id_token"`
+	RefreshToken string `json:"refresh_token"`
+	TokenType    string `json:"token_type"`
+	ExpiresIn    int    `json:"expires_in"`
+	Scope        string `json:"scope"`
+}
+
+type OidcUser struct {
+	OpenID            string `json:"sub"`
+	Email             string `json:"email"`
+	Name              string `json:"name"`
+	PreferredUsername string `json:"preferred_username"`
+	Picture           string `json:"picture"`
+}
+
+func getOidcUserInfoByCode(code string) (*OidcUser, error) {
+	if code == "" {
+		return nil, errors.New("无效的参数")
+	}
+	values := map[string]string{
+		"client_id":     config.OidcClientId,
+		"client_secret": config.OidcClientSecret,
+		"code":          code,
+		"grant_type":    "authorization_code",
+		"redirect_uri":  fmt.Sprintf("%s/oauth/oidc", config.ServerAddress),
+	}
+	jsonData, err := json.Marshal(values)
+	if err != nil {
+		return nil, err
+	}
+	req, err := http.NewRequest("POST", config.OidcTokenEndpoint, bytes.NewBuffer(jsonData))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "application/json")
+	client := http.Client{
+		Timeout: 5 * time.Second,
+	}
+	res, err := client.Do(req)
+	if err != nil {
+		logger.SysLog(err.Error())
+		return nil, errors.New("无法连接至 OIDC 服务器，请稍后重试！")
+	}
+	defer res.Body.Close()
+	var oidcResponse OidcResponse
+	err = json.NewDecoder(res.Body).Decode(&oidcResponse)
+	if err != nil {
+		return nil, err
+	}
+	req, err = http.NewRequest("GET", config.OidcUserinfoEndpoint, nil)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Authorization", "Bearer "+oidcResponse.AccessToken)
+	res2, err := client.Do(req)
+	if err != nil {
+		logger.SysLog(err.Error())
+		return nil, errors.New("无法连接至 OIDC 服务器，请稍后重试！")
+	}
+	var oidcUser OidcUser
+	err = json.NewDecoder(res2.Body).Decode(&oidcUser)
+	if err != nil {
+		return nil, err
+	}
+	return &oidcUser, nil
+}
+
+func OidcAuth(c *gin.Context) {
+	ctx := c.Request.Context()
+	session := sessions.Default(c)
+	state := c.Query("state")
+	if state == "" || session.Get("oauth_state") == nil || state != session.Get("oauth_state").(string) {
+		c.JSON(http.StatusForbidden, gin.H{
+			"success": false,
+			"message": "state is empty or not same",
+		})
+		return
+	}
+	username := session.Get("username")
+	if username != nil {
+		OidcBind(c)
+		return
+	}
+	if !config.OidcEnabled {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "管理员未开启通过 OIDC 登录以及注册",
+		})
+		return
+	}
+	code := c.Query("code")
+	oidcUser, err := getOidcUserInfoByCode(code)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	user := model.User{
+		OidcId: oidcUser.OpenID,
+	}
+	if model.IsOidcIdAlreadyTaken(user.OidcId) {
+		err := user.FillUserByOidcId()
+		if err != nil {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": err.Error(),
+			})
+			return
+		}
+	} else {
+		if config.RegisterEnabled {
+			user.Email = oidcUser.Email
+			if oidcUser.PreferredUsername != "" {
+				user.Username = oidcUser.PreferredUsername
+			} else {
+				user.Username = "oidc_" + strconv.Itoa(model.GetMaxUserId()+1)
+			}
+			if oidcUser.Name != "" {
+				user.DisplayName = oidcUser.Name
+			} else {
+				user.DisplayName = "OIDC User"
+			}
+			err := user.Insert(ctx, 0)
+			if err != nil {
+				c.JSON(http.StatusOK, gin.H{
+					"success": false,
+					"message": err.Error(),
+				})
+				return
+			}
+		} else {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": "管理员关闭了新用户注册",
+			})
+			return
+		}
+	}
+
+	if user.Status != model.UserStatusEnabled {
+		c.JSON(http.StatusOK, gin.H{
+			"message": "用户已被封禁",
+			"success": false,
+		})
+		return
+	}
+	controller.SetupLogin(&user, c)
+}
+
+func OidcBind(c *gin.Context) {
+	if !config.OidcEnabled {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "管理员未开启通过 OIDC 登录以及注册",
+		})
+		return
+	}
+	code := c.Query("code")
+	oidcUser, err := getOidcUserInfoByCode(code)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	user := model.User{
+		OidcId: oidcUser.OpenID,
+	}
+	if model.IsOidcIdAlreadyTaken(user.OidcId) {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "该 OIDC 账户已被绑定",
+		})
+		return
+	}
+	session := sessions.Default(c)
+	id := session.Get("id")
+	// id := c.GetInt("id")  // critical bug!
+	user.Id = id.(int)
+	err = user.FillUserById()
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	user.OidcId = oidcUser.OpenID
+	err = user.Update(false)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "bind",
+	})
+	return
+}

controller/auth/wechat.go

@@ -1,15 +1,19 @@
-package controller
+package auth
 
 import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/gin-gonic/gin"
 	"net/http"
-	"one-api/common"
-	"one-api/model"
 	"strconv"
 	"time"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/ctxkey"
+	"github.com/songquanpeng/one-api/controller"
+	"github.com/songquanpeng/one-api/model"
 )
 
 type wechatLoginResponse struct {
@@ -22,11 +26,11 @@ func getWeChatIdByCode(code string) (string, error) {
 	if code == "" {
 		return "", errors.New("无效的参数")
 	}
-	req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/wechat/user?code=%s", common.WeChatServerAddress, code), nil)
+	req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/wechat/user?code=%s", config.WeChatServerAddress, code), nil)
 	if err != nil {
 		return "", err
 	}
-	req.Header.Set("Authorization", common.WeChatServerToken)
+	req.Header.Set("Authorization", config.WeChatServerToken)
 	client := http.Client{
 		Timeout: 5 * time.Second,
 	}
@@ -50,7 +54,8 @@ func getWeChatIdByCode(code string) (string, error) {
 }
 
 func WeChatAuth(c *gin.Context) {
-	if !common.WeChatAuthEnabled {
+	ctx := c.Request.Context()
+	if !config.WeChatAuthEnabled {
 		c.JSON(http.StatusOK, gin.H{
 			"message": "管理员未开启通过微信登录以及注册",
 			"success": false,
@@ -79,13 +84,13 @@ func WeChatAuth(c *gin.Context) {
 			return
 		}
 	} else {
-		if common.RegisterEnabled {
+		if config.RegisterEnabled {
 			user.Username = "wechat_" + strconv.Itoa(model.GetMaxUserId()+1)
 			user.DisplayName = "WeChat User"
-			user.Role = common.RoleCommonUser
-			user.Status = common.UserStatusEnabled
+			user.Role = model.RoleCommonUser
+			user.Status = model.UserStatusEnabled
 
-			if err := user.Insert(); err != nil {
+			if err := user.Insert(ctx, 0); err != nil {
 				c.JSON(http.StatusOK, gin.H{
 					"success": false,
 					"message": err.Error(),
@@ -101,18 +106,18 @@ func WeChatAuth(c *gin.Context) {
 		}
 	}
 
-	if user.Status != common.UserStatusEnabled {
+	if user.Status != model.UserStatusEnabled {
 		c.JSON(http.StatusOK, gin.H{
 			"message": "用户已被封禁",
 			"success": false,
 		})
 		return
 	}
-	setupLogin(&user, c)
+	controller.SetupLogin(&user, c)
 }
 
 func WeChatBind(c *gin.Context) {
-	if !common.WeChatAuthEnabled {
+	if !config.WeChatAuthEnabled {
 		c.JSON(http.StatusOK, gin.H{
 			"message": "管理员未开启通过微信登录以及注册",
 			"success": false,
@@ -135,7 +140,7 @@ func WeChatBind(c *gin.Context) {
 		})
 		return
 	}
-	id := c.GetInt("id")
+	id := c.GetInt(ctxkey.Id)
 	user := model.User{
 		Id: id,
 	}

controller/billing.go

@@ -0,0 +1,97 @@
+package controller
+
+import (
+	"github.com/gin-gonic/gin"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/ctxkey"
+	"github.com/songquanpeng/one-api/model"
+	relaymodel "github.com/songquanpeng/one-api/relay/model"
+)
+
+func GetSubscription(c *gin.Context) {
+	var remainQuota int64
+	var usedQuota int64
+	var err error
+	var token *model.Token
+	var expiredTime int64
+	if config.DisplayTokenStatEnabled {
+		tokenId := c.GetInt(ctxkey.TokenId)
+		token, err = model.GetTokenById(tokenId)
+		if err == nil {
+			expiredTime = token.ExpiredTime
+			remainQuota = token.RemainQuota
+			usedQuota = token.UsedQuota
+		}
+	} else {
+		userId := c.GetInt(ctxkey.Id)
+		remainQuota, err = model.GetUserQuota(userId)
+		if err != nil {
+			usedQuota, err = model.GetUserUsedQuota(userId)
+		}
+	}
+	if expiredTime <= 0 {
+		expiredTime = 0
+	}
+	if err != nil {
+		Error := relaymodel.Error{
+			Message: err.Error(),
+			Type:    "upstream_error",
+		}
+		c.JSON(200, gin.H{
+			"error": Error,
+		})
+		return
+	}
+	quota := remainQuota + usedQuota
+	amount := float64(quota)
+	if config.DisplayInCurrencyEnabled {
+		amount /= config.QuotaPerUnit
+	}
+	if token != nil && token.UnlimitedQuota {
+		amount = 100000000
+	}
+	subscription := OpenAISubscriptionResponse{
+		Object:             "billing_subscription",
+		HasPaymentMethod:   true,
+		SoftLimitUSD:       amount,
+		HardLimitUSD:       amount,
+		SystemHardLimitUSD: amount,
+		AccessUntil:        expiredTime,
+	}
+	c.JSON(200, subscription)
+	return
+}
+
+func GetUsage(c *gin.Context) {
+	var quota int64
+	var err error
+	var token *model.Token
+	if config.DisplayTokenStatEnabled {
+		tokenId := c.GetInt(ctxkey.TokenId)
+		token, err = model.GetTokenById(tokenId)
+		quota = token.UsedQuota
+	} else {
+		userId := c.GetInt(ctxkey.Id)
+		quota, err = model.GetUserUsedQuota(userId)
+	}
+	if err != nil {
+		Error := relaymodel.Error{
+			Message: err.Error(),
+			Type:    "one_api_error",
+		}
+		c.JSON(200, gin.H{
+			"error": Error,
+		})
+		return
+	}
+	amount := float64(quota)
+	if config.DisplayInCurrencyEnabled {
+		amount /= config.QuotaPerUnit
+	}
+	usage := OpenAIUsageResponse{
+		Object:     "list",
+		TotalUsage: amount * 100,
+	}
+	c.JSON(200, usage)
+	return
+}

controller/channel-billing.go

@@ -0,0 +1,459 @@
+package controller
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/songquanpeng/one-api/common/client"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/logger"
+	"github.com/songquanpeng/one-api/model"
+	"github.com/songquanpeng/one-api/monitor"
+	"github.com/songquanpeng/one-api/relay/channeltype"
+
+	"github.com/gin-gonic/gin"
+)
+
+// https://github.com/songquanpeng/one-api/issues/79
+
+type OpenAISubscriptionResponse struct {
+	Object             string  `json:"object"`
+	HasPaymentMethod   bool    `json:"has_payment_method"`
+	SoftLimitUSD       float64 `json:"soft_limit_usd"`
+	HardLimitUSD       float64 `json:"hard_limit_usd"`
+	SystemHardLimitUSD float64 `json:"system_hard_limit_usd"`
+	AccessUntil        int64   `json:"access_until"`
+}
+
+type OpenAIUsageDailyCost struct {
+	Timestamp float64 `json:"timestamp"`
+	LineItems []struct {
+		Name string  `json:"name"`
+		Cost float64 `json:"cost"`
+	}
+}
+
+type OpenAICreditGrants struct {
+	Object         string  `json:"object"`
+	TotalGranted   float64 `json:"total_granted"`
+	TotalUsed      float64 `json:"total_used"`
+	TotalAvailable float64 `json:"total_available"`
+}
+
+type OpenAIUsageResponse struct {
+	Object string `json:"object"`
+	//DailyCosts []OpenAIUsageDailyCost `json:"daily_costs"`
+	TotalUsage float64 `json:"total_usage"` // unit: 0.01 dollar
+}
+
+type OpenAISBUsageResponse struct {
+	Msg  string `json:"msg"`
+	Data *struct {
+		Credit string `json:"credit"`
+	} `json:"data"`
+}
+
+type AIProxyUserOverviewResponse struct {
+	Success   bool   `json:"success"`
+	Message   string `json:"message"`
+	ErrorCode int    `json:"error_code"`
+	Data      struct {
+		TotalPoints float64 `json:"totalPoints"`
+	} `json:"data"`
+}
+
+type API2GPTUsageResponse struct {
+	Object         string  `json:"object"`
+	TotalGranted   float64 `json:"total_granted"`
+	TotalUsed      float64 `json:"total_used"`
+	TotalRemaining float64 `json:"total_remaining"`
+}
+
+type APGC2DGPTUsageResponse struct {
+	//Grants         interface{} `json:"grants"`
+	Object         string  `json:"object"`
+	TotalAvailable float64 `json:"total_available"`
+	TotalGranted   float64 `json:"total_granted"`
+	TotalUsed      float64 `json:"total_used"`
+}
+
+type SiliconFlowUsageResponse struct {
+	Code    int    `json:"code"`
+	Message string `json:"message"`
+	Status  bool   `json:"status"`
+	Data    struct {
+		ID            string `json:"id"`
+		Name          string `json:"name"`
+		Image         string `json:"image"`
+		Email         string `json:"email"`
+		IsAdmin       bool   `json:"isAdmin"`
+		Balance       string `json:"balance"`
+		Status        string `json:"status"`
+		Introduction  string `json:"introduction"`
+		Role          string `json:"role"`
+		ChargeBalance string `json:"chargeBalance"`
+		TotalBalance  string `json:"totalBalance"`
+		Category      string `json:"category"`
+	} `json:"data"`
+}
+
+type DeepSeekUsageResponse struct {
+	IsAvailable  bool `json:"is_available"`
+	BalanceInfos []struct {
+		Currency        string `json:"currency"`
+		TotalBalance    string `json:"total_balance"`
+		GrantedBalance  string `json:"granted_balance"`
+		ToppedUpBalance string `json:"topped_up_balance"`
+	} `json:"balance_infos"`
+}
+
+type OpenRouterResponse struct {
+	Data struct {
+		TotalCredits float64 `json:"total_credits"`
+		TotalUsage   float64 `json:"total_usage"`
+	} `json:"data"`
+}
+
+// GetAuthHeader get auth header
+func GetAuthHeader(token string) http.Header {
+	h := http.Header{}
+	h.Add("Authorization", fmt.Sprintf("Bearer %s", token))
+	return h
+}
+
+func GetResponseBody(method, url string, channel *model.Channel, headers http.Header) ([]byte, error) {
+	req, err := http.NewRequest(method, url, nil)
+	if err != nil {
+		return nil, err
+	}
+	for k := range headers {
+		req.Header.Add(k, headers.Get(k))
+	}
+	res, err := client.HTTPClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	if res.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("status code: %d", res.StatusCode)
+	}
+	body, err := io.ReadAll(res.Body)
+	if err != nil {
+		return nil, err
+	}
+	err = res.Body.Close()
+	if err != nil {
+		return nil, err
+	}
+	return body, nil
+}
+
+func updateChannelCloseAIBalance(channel *model.Channel) (float64, error) {
+	url := fmt.Sprintf("%s/dashboard/billing/credit_grants", channel.GetBaseURL())
+	body, err := GetResponseBody("GET", url, channel, GetAuthHeader(channel.Key))
+
+	if err != nil {
+		return 0, err
+	}
+	response := OpenAICreditGrants{}
+	err = json.Unmarshal(body, &response)
+	if err != nil {
+		return 0, err
+	}
+	channel.UpdateBalance(response.TotalAvailable)
+	return response.TotalAvailable, nil
+}
+
+func updateChannelOpenAISBBalance(channel *model.Channel) (float64, error) {
+	url := fmt.Sprintf("https://api.openai-sb.com/sb-api/user/status?api_key=%s", channel.Key)
+	body, err := GetResponseBody("GET", url, channel, GetAuthHeader(channel.Key))
+	if err != nil {
+		return 0, err
+	}
+	response := OpenAISBUsageResponse{}
+	err = json.Unmarshal(body, &response)
+	if err != nil {
+		return 0, err
+	}
+	if response.Data == nil {
+		return 0, errors.New(response.Msg)
+	}
+	balance, err := strconv.ParseFloat(response.Data.Credit, 64)
+	if err != nil {
+		return 0, err
+	}
+	channel.UpdateBalance(balance)
+	return balance, nil
+}
+
+func updateChannelAIProxyBalance(channel *model.Channel) (float64, error) {
+	url := "https://aiproxy.io/api/report/getUserOverview"
+	headers := http.Header{}
+	headers.Add("Api-Key", channel.Key)
+	body, err := GetResponseBody("GET", url, channel, headers)
+	if err != nil {
+		return 0, err
+	}
+	response := AIProxyUserOverviewResponse{}
+	err = json.Unmarshal(body, &response)
+	if err != nil {
+		return 0, err
+	}
+	if !response.Success {
+		return 0, fmt.Errorf("code: %d, message: %s", response.ErrorCode, response.Message)
+	}
+	channel.UpdateBalance(response.Data.TotalPoints)
+	return response.Data.TotalPoints, nil
+}
+
+func updateChannelAPI2GPTBalance(channel *model.Channel) (float64, error) {
+	url := "https://api.api2gpt.com/dashboard/billing/credit_grants"
+	body, err := GetResponseBody("GET", url, channel, GetAuthHeader(channel.Key))
+
+	if err != nil {
+		return 0, err
+	}
+	response := API2GPTUsageResponse{}
+	err = json.Unmarshal(body, &response)
+	if err != nil {
+		return 0, err
+	}
+	channel.UpdateBalance(response.TotalRemaining)
+	return response.TotalRemaining, nil
+}
+
+func updateChannelAIGC2DBalance(channel *model.Channel) (float64, error) {
+	url := "https://api.aigc2d.com/dashboard/billing/credit_grants"
+	body, err := GetResponseBody("GET", url, channel, GetAuthHeader(channel.Key))
+	if err != nil {
+		return 0, err
+	}
+	response := APGC2DGPTUsageResponse{}
+	err = json.Unmarshal(body, &response)
+	if err != nil {
+		return 0, err
+	}
+	channel.UpdateBalance(response.TotalAvailable)
+	return response.TotalAvailable, nil
+}
+
+func updateChannelSiliconFlowBalance(channel *model.Channel) (float64, error) {
+	url := "https://api.siliconflow.cn/v1/user/info"
+	body, err := GetResponseBody("GET", url, channel, GetAuthHeader(channel.Key))
+	if err != nil {
+		return 0, err
+	}
+	response := SiliconFlowUsageResponse{}
+	err = json.Unmarshal(body, &response)
+	if err != nil {
+		return 0, err
+	}
+	if response.Code != 20000 {
+		return 0, fmt.Errorf("code: %d, message: %s", response.Code, response.Message)
+	}
+	balance, err := strconv.ParseFloat(response.Data.TotalBalance, 64)
+	if err != nil {
+		return 0, err
+	}
+	channel.UpdateBalance(balance)
+	return balance, nil
+}
+
+func updateChannelDeepSeekBalance(channel *model.Channel) (float64, error) {
+	url := "https://api.deepseek.com/user/balance"
+	body, err := GetResponseBody("GET", url, channel, GetAuthHeader(channel.Key))
+	if err != nil {
+		return 0, err
+	}
+	response := DeepSeekUsageResponse{}
+	err = json.Unmarshal(body, &response)
+	if err != nil {
+		return 0, err
+	}
+	index := -1
+	for i, balanceInfo := range response.BalanceInfos {
+		if balanceInfo.Currency == "CNY" {
+			index = i
+			break
+		}
+	}
+	if index == -1 {
+		return 0, errors.New("currency CNY not found")
+	}
+	balance, err := strconv.ParseFloat(response.BalanceInfos[index].TotalBalance, 64)
+	if err != nil {
+		return 0, err
+	}
+	channel.UpdateBalance(balance)
+	return balance, nil
+}
+
+func updateChannelOpenRouterBalance(channel *model.Channel) (float64, error) {
+	url := "https://openrouter.ai/api/v1/credits"
+	body, err := GetResponseBody("GET", url, channel, GetAuthHeader(channel.Key))
+	if err != nil {
+		return 0, err
+	}
+	response := OpenRouterResponse{}
+	err = json.Unmarshal(body, &response)
+	if err != nil {
+		return 0, err
+	}
+	balance := response.Data.TotalCredits - response.Data.TotalUsage
+	channel.UpdateBalance(balance)
+	return balance, nil
+}
+
+func updateChannelBalance(channel *model.Channel) (float64, error) {
+	baseURL := channeltype.ChannelBaseURLs[channel.Type]
+	if channel.GetBaseURL() == "" {
+		channel.BaseURL = &baseURL
+	}
+	switch channel.Type {
+	case channeltype.OpenAI:
+		if channel.GetBaseURL() != "" {
+			baseURL = channel.GetBaseURL()
+		}
+	case channeltype.Azure:
+		return 0, errors.New("尚未实现")
+	case channeltype.Custom:
+		baseURL = channel.GetBaseURL()
+	case channeltype.CloseAI:
+		return updateChannelCloseAIBalance(channel)
+	case channeltype.OpenAISB:
+		return updateChannelOpenAISBBalance(channel)
+	case channeltype.AIProxy:
+		return updateChannelAIProxyBalance(channel)
+	case channeltype.API2GPT:
+		return updateChannelAPI2GPTBalance(channel)
+	case channeltype.AIGC2D:
+		return updateChannelAIGC2DBalance(channel)
+	case channeltype.SiliconFlow:
+		return updateChannelSiliconFlowBalance(channel)
+	case channeltype.DeepSeek:
+		return updateChannelDeepSeekBalance(channel)
+	case channeltype.OpenRouter:
+		return updateChannelOpenRouterBalance(channel)
+	default:
+		return 0, errors.New("尚未实现")
+	}
+	url := fmt.Sprintf("%s/v1/dashboard/billing/subscription", baseURL)
+
+	body, err := GetResponseBody("GET", url, channel, GetAuthHeader(channel.Key))
+	if err != nil {
+		return 0, err
+	}
+	subscription := OpenAISubscriptionResponse{}
+	err = json.Unmarshal(body, &subscription)
+	if err != nil {
+		return 0, err
+	}
+	now := time.Now()
+	startDate := fmt.Sprintf("%s-01", now.Format("2006-01"))
+	endDate := now.Format("2006-01-02")
+	if !subscription.HasPaymentMethod {
+		startDate = now.AddDate(0, 0, -100).Format("2006-01-02")
+	}
+	url = fmt.Sprintf("%s/v1/dashboard/billing/usage?start_date=%s&end_date=%s", baseURL, startDate, endDate)
+	body, err = GetResponseBody("GET", url, channel, GetAuthHeader(channel.Key))
+	if err != nil {
+		return 0, err
+	}
+	usage := OpenAIUsageResponse{}
+	err = json.Unmarshal(body, &usage)
+	if err != nil {
+		return 0, err
+	}
+	balance := subscription.HardLimitUSD - usage.TotalUsage/100
+	channel.UpdateBalance(balance)
+	return balance, nil
+}
+
+func UpdateChannelBalance(c *gin.Context) {
+	id, err := strconv.Atoi(c.Param("id"))
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	channel, err := model.GetChannelById(id, true)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	balance, err := updateChannelBalance(channel)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"balance": balance,
+	})
+	return
+}
+
+func updateAllChannelsBalance() error {
+	channels, err := model.GetAllChannels(0, 0, "all")
+	if err != nil {
+		return err
+	}
+	for _, channel := range channels {
+		if channel.Status != model.ChannelStatusEnabled {
+			continue
+		}
+		// TODO: support Azure
+		if channel.Type != channeltype.OpenAI && channel.Type != channeltype.Custom {
+			continue
+		}
+		balance, err := updateChannelBalance(channel)
+		if err != nil {
+			continue
+		} else {
+			// err is nil & balance <= 0 means quota is used up
+			if balance <= 0 {
+				monitor.DisableChannel(channel.Id, channel.Name, "余额不足")
+			}
+		}
+		time.Sleep(config.RequestInterval)
+	}
+	return nil
+}
+
+func UpdateAllChannelsBalance(c *gin.Context) {
+	//err := updateAllChannelsBalance()
+	//if err != nil {
+	//	c.JSON(http.StatusOK, gin.H{
+	//		"success": false,
+	//		"message": err.Error(),
+	//	})
+	//	return
+	//}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+	})
+	return
+}
+
+func AutomaticallyUpdateChannels(frequency int) {
+	for {
+		time.Sleep(time.Duration(frequency) * time.Minute)
+		logger.SysLog("updating all channels")
+		_ = updateAllChannelsBalance()
+		logger.SysLog("channels update done")
+	}
+}

controller/channel-test.go

@@ -0,0 +1,305 @@
+package controller
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/ctxkey"
+	"github.com/songquanpeng/one-api/common/helper"
+	"github.com/songquanpeng/one-api/common/logger"
+	"github.com/songquanpeng/one-api/common/message"
+	"github.com/songquanpeng/one-api/middleware"
+	"github.com/songquanpeng/one-api/model"
+	"github.com/songquanpeng/one-api/monitor"
+	"github.com/songquanpeng/one-api/relay"
+	"github.com/songquanpeng/one-api/relay/adaptor/openai"
+	"github.com/songquanpeng/one-api/relay/channeltype"
+	"github.com/songquanpeng/one-api/relay/controller"
+	"github.com/songquanpeng/one-api/relay/meta"
+	relaymodel "github.com/songquanpeng/one-api/relay/model"
+	"github.com/songquanpeng/one-api/relay/relaymode"
+)
+
+func buildTestRequest(model string) *relaymodel.GeneralOpenAIRequest {
+	if model == "" {
+		model = "gpt-3.5-turbo"
+	}
+	testRequest := &relaymodel.GeneralOpenAIRequest{
+		Model: model,
+	}
+	testMessage := relaymodel.Message{
+		Role:    "user",
+		Content: config.TestPrompt,
+	}
+	testRequest.Messages = append(testRequest.Messages, testMessage)
+	return testRequest
+}
+
+func parseTestResponse(resp string) (*openai.TextResponse, string, error) {
+	var response openai.TextResponse
+	err := json.Unmarshal([]byte(resp), &response)
+	if err != nil {
+		return nil, "", err
+	}
+	if len(response.Choices) == 0 {
+		return nil, "", errors.New("response has no choices")
+	}
+	stringContent, ok := response.Choices[0].Content.(string)
+	if !ok {
+		return nil, "", errors.New("response content is not string")
+	}
+	return &response, stringContent, nil
+}
+
+func testChannel(ctx context.Context, channel *model.Channel, request *relaymodel.GeneralOpenAIRequest) (responseMessage string, err error, openaiErr *relaymodel.Error) {
+	startTime := time.Now()
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Request = &http.Request{
+		Method: "POST",
+		URL:    &url.URL{Path: "/v1/chat/completions"},
+		Body:   nil,
+		Header: make(http.Header),
+	}
+	c.Request.Header.Set("Authorization", "Bearer "+channel.Key)
+	c.Request.Header.Set("Content-Type", "application/json")
+	c.Set(ctxkey.Channel, channel.Type)
+	c.Set(ctxkey.BaseURL, channel.GetBaseURL())
+	cfg, _ := channel.LoadConfig()
+	c.Set(ctxkey.Config, cfg)
+	middleware.SetupContextForSelectedChannel(c, channel, "")
+	meta := meta.GetByContext(c)
+	apiType := channeltype.ToAPIType(channel.Type)
+	adaptor := relay.GetAdaptor(apiType)
+	if adaptor == nil {
+		return "", fmt.Errorf("invalid api type: %d, adaptor is nil", apiType), nil
+	}
+	adaptor.Init(meta)
+	modelName := request.Model
+	modelMap := channel.GetModelMapping()
+	if modelName == "" || !strings.Contains(channel.Models, modelName) {
+		modelNames := strings.Split(channel.Models, ",")
+		if len(modelNames) > 0 {
+			modelName = modelNames[0]
+		}
+	}
+	if modelMap != nil && modelMap[modelName] != "" {
+		modelName = modelMap[modelName]
+	}
+	meta.OriginModelName, meta.ActualModelName = request.Model, modelName
+	request.Model = modelName
+	convertedRequest, err := adaptor.ConvertRequest(c, relaymode.ChatCompletions, request)
+	if err != nil {
+		return "", err, nil
+	}
+	jsonData, err := json.Marshal(convertedRequest)
+	if err != nil {
+		return "", err, nil
+	}
+	defer func() {
+		logContent := fmt.Sprintf("渠道 %s 测试成功，响应：%s", channel.Name, responseMessage)
+		if err != nil || openaiErr != nil {
+			errorMessage := ""
+			if err != nil {
+				errorMessage = err.Error()
+			} else {
+				errorMessage = openaiErr.Message
+			}
+			logContent = fmt.Sprintf("渠道 %s 测试失败，错误：%s", channel.Name, errorMessage)
+		}
+		go model.RecordTestLog(ctx, &model.Log{
+			ChannelId:   channel.Id,
+			ModelName:   modelName,
+			Content:     logContent,
+			ElapsedTime: helper.CalcElapsedTime(startTime),
+		})
+	}()
+	logger.SysLog(string(jsonData))
+	requestBody := bytes.NewBuffer(jsonData)
+	c.Request.Body = io.NopCloser(requestBody)
+	resp, err := adaptor.DoRequest(c, meta, requestBody)
+	if err != nil {
+		return "", err, nil
+	}
+	if resp != nil && resp.StatusCode != http.StatusOK {
+		err := controller.RelayErrorHandler(resp)
+		errorMessage := err.Error.Message
+		if errorMessage != "" {
+			errorMessage = ", error message: " + errorMessage
+		}
+		return "", fmt.Errorf("http status code: %d%s", resp.StatusCode, errorMessage), &err.Error
+	}
+	usage, respErr := adaptor.DoResponse(c, resp, meta)
+	if respErr != nil {
+		return "", fmt.Errorf("%s", respErr.Error.Message), &respErr.Error
+	}
+	if usage == nil {
+		return "", errors.New("usage is nil"), nil
+	}
+	rawResponse := w.Body.String()
+	_, responseMessage, err = parseTestResponse(rawResponse)
+	if err != nil {
+		logger.SysError(fmt.Sprintf("failed to parse error: %s, \nresponse: %s", err.Error(), rawResponse))
+		return "", err, nil
+	}
+	result := w.Result()
+	// print result.Body
+	respBody, err := io.ReadAll(result.Body)
+	if err != nil {
+		return "", err, nil
+	}
+	logger.SysLog(fmt.Sprintf("testing channel #%d, response: \n%s", channel.Id, string(respBody)))
+	return responseMessage, nil, nil
+}
+
+func TestChannel(c *gin.Context) {
+	ctx := c.Request.Context()
+	id, err := strconv.Atoi(c.Param("id"))
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	channel, err := model.GetChannelById(id, true)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	modelName := c.Query("model")
+	testRequest := buildTestRequest(modelName)
+	tik := time.Now()
+	responseMessage, err, _ := testChannel(ctx, channel, testRequest)
+	tok := time.Now()
+	milliseconds := tok.Sub(tik).Milliseconds()
+	if err != nil {
+		milliseconds = 0
+	}
+	go channel.UpdateResponseTime(milliseconds)
+	consumedTime := float64(milliseconds) / 1000.0
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success":   false,
+			"message":   err.Error(),
+			"time":      consumedTime,
+			"modelName": modelName,
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success":   true,
+		"message":   responseMessage,
+		"time":      consumedTime,
+		"modelName": modelName,
+	})
+	return
+}
+
+var testAllChannelsLock sync.Mutex
+var testAllChannelsRunning bool = false
+
+func testChannels(ctx context.Context, notify bool, scope string) error {
+	if config.RootUserEmail == "" {
+		config.RootUserEmail = model.GetRootUserEmail()
+	}
+	testAllChannelsLock.Lock()
+	if testAllChannelsRunning {
+		testAllChannelsLock.Unlock()
+		return errors.New("测试已在运行中")
+	}
+	testAllChannelsRunning = true
+	testAllChannelsLock.Unlock()
+	channels, err := model.GetAllChannels(0, 0, scope)
+	if err != nil {
+		return err
+	}
+	var disableThreshold = int64(config.ChannelDisableThreshold * 1000)
+	if disableThreshold == 0 {
+		disableThreshold = 10000000 // a impossible value
+	}
+	go func() {
+		for _, channel := range channels {
+			isChannelEnabled := channel.Status == model.ChannelStatusEnabled
+			tik := time.Now()
+			testRequest := buildTestRequest("")
+			_, err, openaiErr := testChannel(ctx, channel, testRequest)
+			tok := time.Now()
+			milliseconds := tok.Sub(tik).Milliseconds()
+			if isChannelEnabled && milliseconds > disableThreshold {
+				err = fmt.Errorf("响应时间 %.2fs 超过阈值 %.2fs", float64(milliseconds)/1000.0, float64(disableThreshold)/1000.0)
+				if config.AutomaticDisableChannelEnabled {
+					monitor.DisableChannel(channel.Id, channel.Name, err.Error())
+				} else {
+					_ = message.Notify(message.ByAll, fmt.Sprintf("渠道 %s （%d）测试超时", channel.Name, channel.Id), "", err.Error())
+				}
+			}
+			if isChannelEnabled && monitor.ShouldDisableChannel(openaiErr, -1) {
+				monitor.DisableChannel(channel.Id, channel.Name, err.Error())
+			}
+			if !isChannelEnabled && monitor.ShouldEnableChannel(err, openaiErr) {
+				monitor.EnableChannel(channel.Id, channel.Name)
+			}
+			channel.UpdateResponseTime(milliseconds)
+			time.Sleep(config.RequestInterval)
+		}
+		testAllChannelsLock.Lock()
+		testAllChannelsRunning = false
+		testAllChannelsLock.Unlock()
+		if notify {
+			err := message.Notify(message.ByAll, "渠道测试完成", "", "渠道测试完成，如果没有收到禁用通知，说明所有渠道都正常")
+			if err != nil {
+				logger.SysError(fmt.Sprintf("failed to send email: %s", err.Error()))
+			}
+		}
+	}()
+	return nil
+}
+
+func TestChannels(c *gin.Context) {
+	ctx := c.Request.Context()
+	scope := c.Query("scope")
+	if scope == "" {
+		scope = "all"
+	}
+	err := testChannels(ctx, true, scope)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+	})
+	return
+}
+
+func AutomaticallyTestChannels(frequency int) {
+	ctx := context.Background()
+	for {
+		time.Sleep(time.Duration(frequency) * time.Minute)
+		logger.SysLog("testing all channels")
+		_ = testChannels(ctx, false, "all")
+		logger.SysLog("channel test finished")
+	}
+}

controller/channel.go

@@ -2,10 +2,12 @@ package controller
 
 import (
 	"github.com/gin-gonic/gin"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/helper"
+	"github.com/songquanpeng/one-api/model"
 	"net/http"
-	"one-api/common"
-	"one-api/model"
 	"strconv"
+	"strings"
 )
 
 func GetAllChannels(c *gin.Context) {
@@ -13,7 +15,7 @@ func GetAllChannels(c *gin.Context) {
 	if p < 0 {
 		p = 0
 	}
-	channels, err := model.GetAllChannels(p*common.ItemsPerPage, common.ItemsPerPage)
+	channels, err := model.GetAllChannels(p*config.ItemsPerPage, config.ItemsPerPage, "limited")
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
@@ -82,9 +84,18 @@ func AddChannel(c *gin.Context) {
 		})
 		return
 	}
-	channel.CreatedTime = common.GetTimestamp()
-	channel.AccessedTime = common.GetTimestamp()
-	err = channel.Insert()
+	channel.CreatedTime = helper.GetTimestamp()
+	keys := strings.Split(channel.Key, "\n")
+	channels := make([]model.Channel, 0, len(keys))
+	for _, key := range keys {
+		if key == "" {
+			continue
+		}
+		localChannel := channel
+		localChannel.Key = key
+		channels = append(channels, localChannel)
+	}
+	err = model.BatchInsertChannels(channels)
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
@@ -117,6 +128,23 @@ func DeleteChannel(c *gin.Context) {
 	return
 }
 
+func DeleteDisabledChannel(c *gin.Context) {
+	rows, err := model.DeleteDisabledChannel()
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    rows,
+	})
+	return
+}
+
 func UpdateChannel(c *gin.Context) {
 	channel := model.Channel{}
 	err := c.ShouldBindJSON(&channel)

controller/group.go

@@ -0,0 +1,19 @@
+package controller
+
+import (
+	"github.com/gin-gonic/gin"
+	billingratio "github.com/songquanpeng/one-api/relay/billing/ratio"
+	"net/http"
+)
+
+func GetGroups(c *gin.Context) {
+	groupNames := make([]string, 0)
+	for groupName := range billingratio.GroupRatio {
+		groupNames = append(groupNames, groupName)
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    groupNames,
+	})
+}

controller/log.go

@@ -0,0 +1,169 @@
+package controller
+
+import (
+	"github.com/gin-gonic/gin"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/ctxkey"
+	"github.com/songquanpeng/one-api/model"
+	"net/http"
+	"strconv"
+)
+
+func GetAllLogs(c *gin.Context) {
+	p, _ := strconv.Atoi(c.Query("p"))
+	if p < 0 {
+		p = 0
+	}
+	logType, _ := strconv.Atoi(c.Query("type"))
+	startTimestamp, _ := strconv.ParseInt(c.Query("start_timestamp"), 10, 64)
+	endTimestamp, _ := strconv.ParseInt(c.Query("end_timestamp"), 10, 64)
+	username := c.Query("username")
+	tokenName := c.Query("token_name")
+	modelName := c.Query("model_name")
+	channel, _ := strconv.Atoi(c.Query("channel"))
+	logs, err := model.GetAllLogs(logType, startTimestamp, endTimestamp, modelName, username, tokenName, p*config.ItemsPerPage, config.ItemsPerPage, channel)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    logs,
+	})
+	return
+}
+
+func GetUserLogs(c *gin.Context) {
+	p, _ := strconv.Atoi(c.Query("p"))
+	if p < 0 {
+		p = 0
+	}
+	userId := c.GetInt(ctxkey.Id)
+	logType, _ := strconv.Atoi(c.Query("type"))
+	startTimestamp, _ := strconv.ParseInt(c.Query("start_timestamp"), 10, 64)
+	endTimestamp, _ := strconv.ParseInt(c.Query("end_timestamp"), 10, 64)
+	tokenName := c.Query("token_name")
+	modelName := c.Query("model_name")
+	logs, err := model.GetUserLogs(userId, logType, startTimestamp, endTimestamp, modelName, tokenName, p*config.ItemsPerPage, config.ItemsPerPage)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    logs,
+	})
+	return
+}
+
+func SearchAllLogs(c *gin.Context) {
+	keyword := c.Query("keyword")
+	logs, err := model.SearchAllLogs(keyword)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    logs,
+	})
+	return
+}
+
+func SearchUserLogs(c *gin.Context) {
+	keyword := c.Query("keyword")
+	userId := c.GetInt(ctxkey.Id)
+	logs, err := model.SearchUserLogs(userId, keyword)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    logs,
+	})
+	return
+}
+
+func GetLogsStat(c *gin.Context) {
+	logType, _ := strconv.Atoi(c.Query("type"))
+	startTimestamp, _ := strconv.ParseInt(c.Query("start_timestamp"), 10, 64)
+	endTimestamp, _ := strconv.ParseInt(c.Query("end_timestamp"), 10, 64)
+	tokenName := c.Query("token_name")
+	username := c.Query("username")
+	modelName := c.Query("model_name")
+	channel, _ := strconv.Atoi(c.Query("channel"))
+	quotaNum := model.SumUsedQuota(logType, startTimestamp, endTimestamp, modelName, username, tokenName, channel)
+	//tokenNum := model.SumUsedToken(logType, startTimestamp, endTimestamp, modelName, username, "")
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data": gin.H{
+			"quota": quotaNum,
+			//"token": tokenNum,
+		},
+	})
+	return
+}
+
+func GetLogsSelfStat(c *gin.Context) {
+	username := c.GetString(ctxkey.Username)
+	logType, _ := strconv.Atoi(c.Query("type"))
+	startTimestamp, _ := strconv.ParseInt(c.Query("start_timestamp"), 10, 64)
+	endTimestamp, _ := strconv.ParseInt(c.Query("end_timestamp"), 10, 64)
+	tokenName := c.Query("token_name")
+	modelName := c.Query("model_name")
+	channel, _ := strconv.Atoi(c.Query("channel"))
+	quotaNum := model.SumUsedQuota(logType, startTimestamp, endTimestamp, modelName, username, tokenName, channel)
+	//tokenNum := model.SumUsedToken(logType, startTimestamp, endTimestamp, modelName, username, tokenName)
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data": gin.H{
+			"quota": quotaNum,
+			//"token": tokenNum,
+		},
+	})
+	return
+}
+
+func DeleteHistoryLogs(c *gin.Context) {
+	targetTimestamp, _ := strconv.ParseInt(c.Query("target_timestamp"), 10, 64)
+	if targetTimestamp == 0 {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "target timestamp is required",
+		})
+		return
+	}
+	count, err := model.DeleteOldLog(targetTimestamp)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    count,
+	})
+	return
+}

controller/misc.go

@@ -3,10 +3,16 @@ package controller
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/gin-gonic/gin"
 	"net/http"
-	"one-api/common"
-	"one-api/model"
+	"strings"
+
+	"github.com/songquanpeng/one-api/common"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/i18n"
+	"github.com/songquanpeng/one-api/common/message"
+	"github.com/songquanpeng/one-api/model"
+
+	"github.com/gin-gonic/gin"
 )
 
 func GetStatus(c *gin.Context) {
@@ -14,41 +20,64 @@ func GetStatus(c *gin.Context) {
 		"success": true,
 		"message": "",
 		"data": gin.H{
-			"version":            common.Version,
-			"start_time":         common.StartTime,
-			"email_verification": common.EmailVerificationEnabled,
-			"github_oauth":       common.GitHubOAuthEnabled,
-			"github_client_id":   common.GitHubClientId,
-			"system_name":        common.SystemName,
-			"footer_html":        common.Footer,
-			"wechat_qrcode":      common.WeChatAccountQRCodeImageURL,
-			"wechat_login":       common.WeChatAuthEnabled,
-			"server_address":     common.ServerAddress,
-			"turnstile_check":    common.TurnstileCheckEnabled,
-			"turnstile_site_key": common.TurnstileSiteKey,
+			"version":                     common.Version,
+			"start_time":                  common.StartTime,
+			"email_verification":          config.EmailVerificationEnabled,
+			"github_oauth":                config.GitHubOAuthEnabled,
+			"github_client_id":            config.GitHubClientId,
+			"lark_client_id":              config.LarkClientId,
+			"system_name":                 config.SystemName,
+			"logo":                        config.Logo,
+			"footer_html":                 config.Footer,
+			"wechat_qrcode":               config.WeChatAccountQRCodeImageURL,
+			"wechat_login":                config.WeChatAuthEnabled,
+			"server_address":              config.ServerAddress,
+			"turnstile_check":             config.TurnstileCheckEnabled,
+			"turnstile_site_key":          config.TurnstileSiteKey,
+			"top_up_link":                 config.TopUpLink,
+			"chat_link":                   config.ChatLink,
+			"quota_per_unit":              config.QuotaPerUnit,
+			"display_in_currency":         config.DisplayInCurrencyEnabled,
+			"oidc":                        config.OidcEnabled,
+			"oidc_client_id":              config.OidcClientId,
+			"oidc_well_known":             config.OidcWellKnown,
+			"oidc_authorization_endpoint": config.OidcAuthorizationEndpoint,
+			"oidc_token_endpoint":         config.OidcTokenEndpoint,
+			"oidc_userinfo_endpoint":      config.OidcUserinfoEndpoint,
 		},
 	})
 	return
 }
 
 func GetNotice(c *gin.Context) {
-	common.OptionMapRWMutex.RLock()
-	defer common.OptionMapRWMutex.RUnlock()
+	config.OptionMapRWMutex.RLock()
+	defer config.OptionMapRWMutex.RUnlock()
 	c.JSON(http.StatusOK, gin.H{
 		"success": true,
 		"message": "",
-		"data":    common.OptionMap["Notice"],
+		"data":    config.OptionMap["Notice"],
 	})
 	return
 }
 
 func GetAbout(c *gin.Context) {
-	common.OptionMapRWMutex.RLock()
-	defer common.OptionMapRWMutex.RUnlock()
+	config.OptionMapRWMutex.RLock()
+	defer config.OptionMapRWMutex.RUnlock()
 	c.JSON(http.StatusOK, gin.H{
 		"success": true,
 		"message": "",
-		"data":    common.OptionMap["About"],
+		"data":    config.OptionMap["About"],
+	})
+	return
+}
+
+func GetHomePageContent(c *gin.Context) {
+	config.OptionMapRWMutex.RLock()
+	defer config.OptionMapRWMutex.RUnlock()
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    config.OptionMap["HomePageContent"],
 	})
 	return
 }
@@ -58,10 +87,26 @@ func SendEmailVerification(c *gin.Context) {
 	if err := common.Validate.Var(email, "required,email"); err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
-			"message": "无效的参数",
+			"message": i18n.Translate(c, "invalid_parameter"),
 		})
 		return
 	}
+	if config.EmailDomainRestrictionEnabled {
+		allowed := false
+		for _, domain := range config.EmailDomainWhitelist {
+			if strings.HasSuffix(email, "@"+domain) {
+				allowed = true
+				break
+			}
+		}
+		if !allowed {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": "管理员启用了邮箱域名白名单，您的邮箱地址的域名不在白名单中",
+			})
+			return
+		}
+	}
 	if model.IsEmailAlreadyTaken(email) {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
@@ -71,11 +116,18 @@ func SendEmailVerification(c *gin.Context) {
 	}
 	code := common.GenerateVerificationCode(6)
 	common.RegisterVerificationCodeWithKey(email, code, common.EmailVerificationPurpose)
-	subject := fmt.Sprintf("%s邮箱验证邮件", common.SystemName)
-	content := fmt.Sprintf("<p>您好，你正在进行%s邮箱验证。</p>"+
-		"<p>您的验证码为: <strong>%s</strong></p>"+
-		"<p>验证码 %d 分钟内有效，如果不是本人操作，请忽略。</p>", common.SystemName, code, common.VerificationValidMinutes)
-	err := common.SendEmail(subject, email, content)
+	subject := fmt.Sprintf("%s 邮箱验证邮件", config.SystemName)
+	content := message.EmailTemplate(
+		subject,
+		fmt.Sprintf(`
+			<p>您好！</p>
+			<p>您正在进行 %s 邮箱验证。</p>
+			<p>您的验证码为：</p>
+			<p style="font-size: 24px; font-weight: bold; color: #333; background-color: #f8f8f8; padding: 10px; text-align: center; border-radius: 4px;">%s</p>
+			<p style="color: #666;">验证码 %d 分钟内有效，如果不是本人操作，请忽略。</p>
+		`, config.SystemName, code, common.VerificationValidMinutes),
+	)
+	err := message.SendEmail(subject, email, content)
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
@@ -95,7 +147,7 @@ func SendPasswordResetEmail(c *gin.Context) {
 	if err := common.Validate.Var(email, "required,email"); err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
-			"message": "无效的参数",
+			"message": i18n.Translate(c, "invalid_parameter"),
 		})
 		return
 	}
@@ -108,16 +160,27 @@ func SendPasswordResetEmail(c *gin.Context) {
 	}
 	code := common.GenerateVerificationCode(0)
 	common.RegisterVerificationCodeWithKey(email, code, common.PasswordResetPurpose)
-	link := fmt.Sprintf("%s/user/reset?email=%s&token=%s", common.ServerAddress, email, code)
-	subject := fmt.Sprintf("%s密码重置", common.SystemName)
-	content := fmt.Sprintf("<p>您好，你正在进行%s密码重置。</p>"+
-		"<p>点击<a href='%s'>此处</a>进行密码重置。</p>"+
-		"<p>重置链接 %d 分钟内有效，如果不是本人操作，请忽略。</p>", common.SystemName, link, common.VerificationValidMinutes)
-	err := common.SendEmail(subject, email, content)
+	link := fmt.Sprintf("%s/user/reset?email=%s&token=%s", config.ServerAddress, email, code)
+	subject := fmt.Sprintf("%s 密码重置", config.SystemName)
+	content := message.EmailTemplate(
+		subject,
+		fmt.Sprintf(`
+			<p>您好！</p>
+			<p>您正在进行 %s 密码重置。</p>
+			<p>请点击下面的按钮进行密码重置：</p>
+			<p style="text-align: center; margin: 30px 0;">
+				<a href="%s" style="background-color: #007bff; color: white; padding: 12px 24px; text-decoration: none; border-radius: 4px; display: inline-block;">重置密码</a>
+			</p>
+			<p style="color: #666;">如果按钮无法点击，请复制以下链接到浏览器中打开：</p>
+			<p style="background-color: #f8f8f8; padding: 10px; border-radius: 4px; word-break: break-all;">%s</p>
+			<p style="color: #666;">重置链接 %d 分钟内有效，如果不是本人操作，请忽略。</p>
+		`, config.SystemName, link, link, common.VerificationValidMinutes),
+	)
+	err := message.SendEmail(subject, email, content)
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
-			"message": err.Error(),
+			"message": fmt.Sprintf("%s%s", i18n.Translate(c, "send_email_failed"), err.Error()),
 		})
 		return
 	}
@@ -139,7 +202,7 @@ func ResetPassword(c *gin.Context) {
 	if req.Email == "" || req.Token == "" {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
-			"message": "无效的参数",
+			"message": i18n.Translate(c, "invalid_parameter"),
 		})
 		return
 	}

controller/model.go

@@ -0,0 +1,213 @@
+package controller
+
+import (
+	"fmt"
+	"github.com/gin-gonic/gin"
+	"github.com/songquanpeng/one-api/common/ctxkey"
+	"github.com/songquanpeng/one-api/model"
+	relay "github.com/songquanpeng/one-api/relay"
+	"github.com/songquanpeng/one-api/relay/adaptor/openai"
+	"github.com/songquanpeng/one-api/relay/apitype"
+	"github.com/songquanpeng/one-api/relay/channeltype"
+	"github.com/songquanpeng/one-api/relay/meta"
+	relaymodel "github.com/songquanpeng/one-api/relay/model"
+	"net/http"
+	"strings"
+)
+
+// https://platform.openai.com/docs/api-reference/models/list
+
+type OpenAIModelPermission struct {
+	Id                 string  `json:"id"`
+	Object             string  `json:"object"`
+	Created            int     `json:"created"`
+	AllowCreateEngine  bool    `json:"allow_create_engine"`
+	AllowSampling      bool    `json:"allow_sampling"`
+	AllowLogprobs      bool    `json:"allow_logprobs"`
+	AllowSearchIndices bool    `json:"allow_search_indices"`
+	AllowView          bool    `json:"allow_view"`
+	AllowFineTuning    bool    `json:"allow_fine_tuning"`
+	Organization       string  `json:"organization"`
+	Group              *string `json:"group"`
+	IsBlocking         bool    `json:"is_blocking"`
+}
+
+type OpenAIModels struct {
+	Id         string                  `json:"id"`
+	Object     string                  `json:"object"`
+	Created    int                     `json:"created"`
+	OwnedBy    string                  `json:"owned_by"`
+	Permission []OpenAIModelPermission `json:"permission"`
+	Root       string                  `json:"root"`
+	Parent     *string                 `json:"parent"`
+}
+
+var models []OpenAIModels
+var modelsMap map[string]OpenAIModels
+var channelId2Models map[int][]string
+
+func init() {
+	var permission []OpenAIModelPermission
+	permission = append(permission, OpenAIModelPermission{
+		Id:                 "modelperm-LwHkVFn8AcMItP432fKKDIKJ",
+		Object:             "model_permission",
+		Created:            1626777600,
+		AllowCreateEngine:  true,
+		AllowSampling:      true,
+		AllowLogprobs:      true,
+		AllowSearchIndices: false,
+		AllowView:          true,
+		AllowFineTuning:    false,
+		Organization:       "*",
+		Group:              nil,
+		IsBlocking:         false,
+	})
+	// https://platform.openai.com/docs/models/model-endpoint-compatibility
+	for i := 0; i < apitype.Dummy; i++ {
+		if i == apitype.AIProxyLibrary {
+			continue
+		}
+		adaptor := relay.GetAdaptor(i)
+		channelName := adaptor.GetChannelName()
+		modelNames := adaptor.GetModelList()
+		for _, modelName := range modelNames {
+			models = append(models, OpenAIModels{
+				Id:         modelName,
+				Object:     "model",
+				Created:    1626777600,
+				OwnedBy:    channelName,
+				Permission: permission,
+				Root:       modelName,
+				Parent:     nil,
+			})
+		}
+	}
+	for _, channelType := range openai.CompatibleChannels {
+		if channelType == channeltype.Azure {
+			continue
+		}
+		channelName, channelModelList := openai.GetCompatibleChannelMeta(channelType)
+		for _, modelName := range channelModelList {
+			models = append(models, OpenAIModels{
+				Id:         modelName,
+				Object:     "model",
+				Created:    1626777600,
+				OwnedBy:    channelName,
+				Permission: permission,
+				Root:       modelName,
+				Parent:     nil,
+			})
+		}
+	}
+	modelsMap = make(map[string]OpenAIModels)
+	for _, model := range models {
+		modelsMap[model.Id] = model
+	}
+	channelId2Models = make(map[int][]string)
+	for i := 1; i < channeltype.Dummy; i++ {
+		adaptor := relay.GetAdaptor(channeltype.ToAPIType(i))
+		meta := &meta.Meta{
+			ChannelType: i,
+		}
+		adaptor.Init(meta)
+		channelId2Models[i] = adaptor.GetModelList()
+	}
+}
+
+func DashboardListModels(c *gin.Context) {
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    channelId2Models,
+	})
+}
+
+func ListAllModels(c *gin.Context) {
+	c.JSON(200, gin.H{
+		"object": "list",
+		"data":   models,
+	})
+}
+
+func ListModels(c *gin.Context) {
+	ctx := c.Request.Context()
+	var availableModels []string
+	if c.GetString(ctxkey.AvailableModels) != "" {
+		availableModels = strings.Split(c.GetString(ctxkey.AvailableModels), ",")
+	} else {
+		userId := c.GetInt(ctxkey.Id)
+		userGroup, _ := model.CacheGetUserGroup(userId)
+		availableModels, _ = model.CacheGetGroupModels(ctx, userGroup)
+	}
+	modelSet := make(map[string]bool)
+	for _, availableModel := range availableModels {
+		modelSet[availableModel] = true
+	}
+	availableOpenAIModels := make([]OpenAIModels, 0)
+	for _, model := range models {
+		if _, ok := modelSet[model.Id]; ok {
+			modelSet[model.Id] = false
+			availableOpenAIModels = append(availableOpenAIModels, model)
+		}
+	}
+	for modelName, ok := range modelSet {
+		if ok {
+			availableOpenAIModels = append(availableOpenAIModels, OpenAIModels{
+				Id:      modelName,
+				Object:  "model",
+				Created: 1626777600,
+				OwnedBy: "custom",
+				Root:    modelName,
+				Parent:  nil,
+			})
+		}
+	}
+	c.JSON(200, gin.H{
+		"object": "list",
+		"data":   availableOpenAIModels,
+	})
+}
+
+func RetrieveModel(c *gin.Context) {
+	modelId := c.Param("model")
+	if model, ok := modelsMap[modelId]; ok {
+		c.JSON(200, model)
+	} else {
+		Error := relaymodel.Error{
+			Message: fmt.Sprintf("The model '%s' does not exist", modelId),
+			Type:    "invalid_request_error",
+			Param:   "model",
+			Code:    "model_not_found",
+		}
+		c.JSON(200, gin.H{
+			"error": Error,
+		})
+	}
+}
+
+func GetUserAvailableModels(c *gin.Context) {
+	ctx := c.Request.Context()
+	id := c.GetInt(ctxkey.Id)
+	userGroup, err := model.CacheGetUserGroup(id)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	models, err := model.CacheGetGroupModels(ctx, userGroup)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    models,
+	})
+	return
+}

controller/option.go

@@ -2,26 +2,30 @@ package controller
 
 import (
 	"encoding/json"
-	"github.com/gin-gonic/gin"
 	"net/http"
-	"one-api/common"
-	"one-api/model"
 	"strings"
+
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/helper"
+	"github.com/songquanpeng/one-api/common/i18n"
+	"github.com/songquanpeng/one-api/model"
+
+	"github.com/gin-gonic/gin"
 )
 
 func GetOptions(c *gin.Context) {
 	var options []*model.Option
-	common.OptionMapRWMutex.Lock()
-	for k, v := range common.OptionMap {
-		if strings.Contains(k, "Token") || strings.Contains(k, "Secret") {
+	config.OptionMapRWMutex.Lock()
+	for k, v := range config.OptionMap {
+		if strings.HasSuffix(k, "Token") || strings.HasSuffix(k, "Secret") {
 			continue
 		}
 		options = append(options, &model.Option{
 			Key:   k,
-			Value: common.Interface2String(v),
+			Value: helper.Interface2String(v),
 		})
 	}
-	common.OptionMapRWMutex.Unlock()
+	config.OptionMapRWMutex.Unlock()
 	c.JSON(http.StatusOK, gin.H{
 		"success": true,
 		"message": "",
@@ -36,21 +40,37 @@ func UpdateOption(c *gin.Context) {
 	if err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{
 			"success": false,
-			"message": "无效的参数",
+			"message": i18n.Translate(c, "invalid_parameter"),
 		})
 		return
 	}
 	switch option.Key {
-	case "GitHubOAuthEnabled":
-		if option.Value == "true" && common.GitHubClientId == "" {
+	case "Theme":
+		if !config.ValidThemes[option.Value] {
 			c.JSON(http.StatusOK, gin.H{
 				"success": false,
-				"message": "无法启用 GitHub OAuth，请先填入 GitHub Client ID 以及 GitHub Client Secret！",
+				"message": "无效的主题",
+			})
+			return
+		}
+	case "GitHubOAuthEnabled":
+		if option.Value == "true" && config.GitHubClientId == "" {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": "无法启用 GitHub OAuth，请先填入 GitHub Client Id 以及 GitHub Client Secret！",
+			})
+			return
+		}
+	case "EmailDomainRestrictionEnabled":
+		if option.Value == "true" && len(config.EmailDomainWhitelist) == 0 {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": "无法启用邮箱域名限制，请先填入限制的邮箱域名！",
 			})
 			return
 		}
 	case "WeChatAuthEnabled":
-		if option.Value == "true" && common.WeChatServerAddress == "" {
+		if option.Value == "true" && config.WeChatServerAddress == "" {
 			c.JSON(http.StatusOK, gin.H{
 				"success": false,
 				"message": "无法启用微信登录，请先填入微信登录相关配置信息！",
@@ -58,7 +78,7 @@ func UpdateOption(c *gin.Context) {
 			return
 		}
 	case "TurnstileCheckEnabled":
-		if option.Value == "true" && common.TurnstileSiteKey == "" {
+		if option.Value == "true" && config.TurnstileSiteKey == "" {
 			c.JSON(http.StatusOK, gin.H{
 				"success": false,
 				"message": "无法启用 Turnstile 校验，请先填入 Turnstile 校验相关配置信息！",

controller/redemption.go

@@ -0,0 +1,195 @@
+package controller
+
+import (
+	"github.com/gin-gonic/gin"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/ctxkey"
+	"github.com/songquanpeng/one-api/common/helper"
+	"github.com/songquanpeng/one-api/common/random"
+	"github.com/songquanpeng/one-api/model"
+	"net/http"
+	"strconv"
+)
+
+func GetAllRedemptions(c *gin.Context) {
+	p, _ := strconv.Atoi(c.Query("p"))
+	if p < 0 {
+		p = 0
+	}
+	redemptions, err := model.GetAllRedemptions(p*config.ItemsPerPage, config.ItemsPerPage)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    redemptions,
+	})
+	return
+}
+
+func SearchRedemptions(c *gin.Context) {
+	keyword := c.Query("keyword")
+	redemptions, err := model.SearchRedemptions(keyword)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    redemptions,
+	})
+	return
+}
+
+func GetRedemption(c *gin.Context) {
+	id, err := strconv.Atoi(c.Param("id"))
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	redemption, err := model.GetRedemptionById(id)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    redemption,
+	})
+	return
+}
+
+func AddRedemption(c *gin.Context) {
+	redemption := model.Redemption{}
+	err := c.ShouldBindJSON(&redemption)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	if len(redemption.Name) == 0 || len(redemption.Name) > 20 {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "兑换码名称长度必须在1-20之间",
+		})
+		return
+	}
+	if redemption.Count <= 0 {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "兑换码个数必须大于0",
+		})
+		return
+	}
+	if redemption.Count > 100 {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "一次兑换码批量生成的个数不能大于 100",
+		})
+		return
+	}
+	var keys []string
+	for i := 0; i < redemption.Count; i++ {
+		key := random.GetUUID()
+		cleanRedemption := model.Redemption{
+			UserId:      c.GetInt(ctxkey.Id),
+			Name:        redemption.Name,
+			Key:         key,
+			CreatedTime: helper.GetTimestamp(),
+			Quota:       redemption.Quota,
+		}
+		err = cleanRedemption.Insert()
+		if err != nil {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": err.Error(),
+				"data":    keys,
+			})
+			return
+		}
+		keys = append(keys, key)
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    keys,
+	})
+	return
+}
+
+func DeleteRedemption(c *gin.Context) {
+	id, _ := strconv.Atoi(c.Param("id"))
+	err := model.DeleteRedemptionById(id)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+	})
+	return
+}
+
+func UpdateRedemption(c *gin.Context) {
+	statusOnly := c.Query("status_only")
+	redemption := model.Redemption{}
+	err := c.ShouldBindJSON(&redemption)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	cleanRedemption, err := model.GetRedemptionById(redemption.Id)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	if statusOnly != "" {
+		cleanRedemption.Status = redemption.Status
+	} else {
+		// If you add more fields, please also update redemption.Update()
+		cleanRedemption.Name = redemption.Name
+		cleanRedemption.Quota = redemption.Quota
+	}
+	err = cleanRedemption.Update()
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    cleanRedemption,
+	})
+	return
+}

controller/relay.go

@@ -1,56 +1,156 @@
 package controller
 
 import (
+	"bytes"
+	"context"
 	"fmt"
-	"github.com/gin-gonic/gin"
 	"io"
 	"net/http"
-	"one-api/common"
+
+	"github.com/gin-gonic/gin"
+	"github.com/songquanpeng/one-api/common"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/ctxkey"
+	"github.com/songquanpeng/one-api/common/helper"
+	"github.com/songquanpeng/one-api/common/logger"
+	"github.com/songquanpeng/one-api/middleware"
+	dbmodel "github.com/songquanpeng/one-api/model"
+	"github.com/songquanpeng/one-api/monitor"
+	"github.com/songquanpeng/one-api/relay/controller"
+	"github.com/songquanpeng/one-api/relay/model"
+	"github.com/songquanpeng/one-api/relay/relaymode"
 )
 
-func Relay(c *gin.Context) {
-	channelType := c.GetInt("channel")
-	baseURL := common.ChannelBaseURLs[channelType]
-	if channelType == common.ChannelTypeCustom {
-		baseURL = c.GetString("base_url")
-	}
-	req, err := http.NewRequest(c.Request.Method, fmt.Sprintf("%s%s", baseURL, c.Request.URL.String()), c.Request.Body)
-	if err != nil {
-		c.JSON(http.StatusOK, gin.H{
-			"error": gin.H{
-				"message": err.Error(),
-				"type":    "one_api_error",
-			},
-		})
-		return
-	}
-	req.Header = c.Request.Header.Clone()
-	// Fix HTTP Decompression failed
-	// https://github.com/stoplightio/prism/issues/1064#issuecomment-824682360
-	req.Header.Del("Accept-Encoding")
-	client := &http.Client{}
+// https://platform.openai.com/docs/api-reference/chat
 
-	resp, err := client.Do(req)
-	if err != nil {
-		c.JSON(http.StatusOK, gin.H{
-			"error": gin.H{
-				"message": err.Error(),
-				"type":    "one_api_error",
-			},
-		})
+func relayHelper(c *gin.Context, relayMode int) *model.ErrorWithStatusCode {
+	var err *model.ErrorWithStatusCode
+	switch relayMode {
+	case relaymode.ImagesGenerations:
+		err = controller.RelayImageHelper(c, relayMode)
+	case relaymode.AudioSpeech:
+		fallthrough
+	case relaymode.AudioTranslation:
+		fallthrough
+	case relaymode.AudioTranscription:
+		err = controller.RelayAudioHelper(c, relayMode)
+	case relaymode.Proxy:
+		err = controller.RelayProxyHelper(c, relayMode)
+	default:
+		err = controller.RelayTextHelper(c)
+	}
+	return err
+}
+
+func Relay(c *gin.Context) {
+	ctx := c.Request.Context()
+	relayMode := relaymode.GetByPath(c.Request.URL.Path)
+	if config.DebugEnabled {
+		requestBody, _ := common.GetRequestBody(c)
+		logger.Debugf(ctx, "request body: %s", string(requestBody))
+	}
+	channelId := c.GetInt(ctxkey.ChannelId)
+	userId := c.GetInt(ctxkey.Id)
+	bizErr := relayHelper(c, relayMode)
+	if bizErr == nil {
+		monitor.Emit(channelId, true)
 		return
 	}
-	for k, v := range resp.Header {
-		c.Writer.Header().Set(k, v[0])
+	lastFailedChannelId := channelId
+	channelName := c.GetString(ctxkey.ChannelName)
+	group := c.GetString(ctxkey.Group)
+	originalModel := c.GetString(ctxkey.OriginalModel)
+	go processChannelRelayError(ctx, userId, channelId, channelName, *bizErr)
+	requestId := c.GetString(helper.RequestIdKey)
+	retryTimes := config.RetryTimes
+	if !shouldRetry(c, bizErr.StatusCode) {
+		logger.Errorf(ctx, "relay error happen, status code is %d, won't retry in this case", bizErr.StatusCode)
+		retryTimes = 0
 	}
-	_, err = io.Copy(c.Writer, resp.Body)
-	if err != nil {
-		c.JSON(http.StatusOK, gin.H{
-			"error": gin.H{
-				"message": err.Error(),
-				"type":    "one_api_error",
-			},
+	for i := retryTimes; i > 0; i-- {
+		channel, err := dbmodel.CacheGetRandomSatisfiedChannel(group, originalModel, i != retryTimes)
+		if err != nil {
+			logger.Errorf(ctx, "CacheGetRandomSatisfiedChannel failed: %+v", err)
+			break
+		}
+		logger.Infof(ctx, "using channel #%d to retry (remain times %d)", channel.Id, i)
+		if channel.Id == lastFailedChannelId {
+			continue
+		}
+		middleware.SetupContextForSelectedChannel(c, channel, originalModel)
+		requestBody, err := common.GetRequestBody(c)
+		c.Request.Body = io.NopCloser(bytes.NewBuffer(requestBody))
+		bizErr = relayHelper(c, relayMode)
+		if bizErr == nil {
+			return
+		}
+		channelId := c.GetInt(ctxkey.ChannelId)
+		lastFailedChannelId = channelId
+		channelName := c.GetString(ctxkey.ChannelName)
+		go processChannelRelayError(ctx, userId, channelId, channelName, *bizErr)
+	}
+	if bizErr != nil {
+		if bizErr.StatusCode == http.StatusTooManyRequests {
+			bizErr.Error.Message = "当前分组上游负载已饱和，请稍后再试"
+		}
+
+		// BUG: bizErr is in race condition
+		bizErr.Error.Message = helper.MessageWithRequestId(bizErr.Error.Message, requestId)
+		c.JSON(bizErr.StatusCode, gin.H{
+			"error": bizErr.Error,
 		})
-		return
 	}
 }
+
+func shouldRetry(c *gin.Context, statusCode int) bool {
+	if _, ok := c.Get(ctxkey.SpecificChannelId); ok {
+		return false
+	}
+	if statusCode == http.StatusTooManyRequests {
+		return true
+	}
+	if statusCode/100 == 5 {
+		return true
+	}
+	if statusCode == http.StatusBadRequest {
+		return false
+	}
+	if statusCode/100 == 2 {
+		return false
+	}
+	return true
+}
+
+func processChannelRelayError(ctx context.Context, userId int, channelId int, channelName string, err model.ErrorWithStatusCode) {
+	logger.Errorf(ctx, "relay error (channel id %d, user id: %d): %s", channelId, userId, err.Message)
+	// https://platform.openai.com/docs/guides/error-codes/api-errors
+	if monitor.ShouldDisableChannel(&err.Error, err.StatusCode) {
+		monitor.DisableChannel(channelId, channelName, err.Message)
+	} else {
+		monitor.Emit(channelId, false)
+	}
+}
+
+func RelayNotImplemented(c *gin.Context) {
+	err := model.Error{
+		Message: "API not implemented",
+		Type:    "one_api_error",
+		Param:   "",
+		Code:    "api_not_implemented",
+	}
+	c.JSON(http.StatusNotImplemented, gin.H{
+		"error": err,
+	})
+}
+
+func RelayNotFound(c *gin.Context) {
+	err := model.Error{
+		Message: fmt.Sprintf("Invalid URL (%s %s)", c.Request.Method, c.Request.URL.Path),
+		Type:    "invalid_request_error",
+		Param:   "",
+		Code:    "",
+	}
+	c.JSON(http.StatusNotFound, gin.H{
+		"error": err,
+	})
+}

controller/token.go

@@ -1,20 +1,28 @@
 package controller
 
 import (
+	"fmt"
 	"github.com/gin-gonic/gin"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/ctxkey"
+	"github.com/songquanpeng/one-api/common/helper"
+	"github.com/songquanpeng/one-api/common/network"
+	"github.com/songquanpeng/one-api/common/random"
+	"github.com/songquanpeng/one-api/model"
 	"net/http"
-	"one-api/common"
-	"one-api/model"
 	"strconv"
 )
 
 func GetAllTokens(c *gin.Context) {
-	userId := c.GetInt("id")
+	userId := c.GetInt(ctxkey.Id)
 	p, _ := strconv.Atoi(c.Query("p"))
 	if p < 0 {
 		p = 0
 	}
-	tokens, err := model.GetAllUserTokens(userId, p*common.ItemsPerPage, common.ItemsPerPage)
+
+	order := c.Query("order")
+	tokens, err := model.GetAllUserTokens(userId, p*config.ItemsPerPage, config.ItemsPerPage, order)
+
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
@@ -31,7 +39,7 @@ func GetAllTokens(c *gin.Context) {
 }
 
 func SearchTokens(c *gin.Context) {
-	userId := c.GetInt("id")
+	userId := c.GetInt(ctxkey.Id)
 	keyword := c.Query("keyword")
 	tokens, err := model.SearchUserTokens(userId, keyword)
 	if err != nil {
@@ -51,7 +59,7 @@ func SearchTokens(c *gin.Context) {
 
 func GetToken(c *gin.Context) {
 	id, err := strconv.Atoi(c.Param("id"))
-	userId := c.GetInt("id")
+	userId := c.GetInt(ctxkey.Id)
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
@@ -75,6 +83,43 @@ func GetToken(c *gin.Context) {
 	return
 }
 
+func GetTokenStatus(c *gin.Context) {
+	tokenId := c.GetInt(ctxkey.TokenId)
+	userId := c.GetInt(ctxkey.Id)
+	token, err := model.GetTokenByIds(tokenId, userId)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	expiredAt := token.ExpiredTime
+	if expiredAt == -1 {
+		expiredAt = 0
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"object":          "credit_summary",
+		"total_granted":   token.RemainQuota,
+		"total_used":      0, // not supported currently
+		"total_available": token.RemainQuota,
+		"expires_at":      expiredAt * 1000,
+	})
+}
+
+func validateToken(c *gin.Context, token model.Token) error {
+	if len(token.Name) > 30 {
+		return fmt.Errorf("令牌名称过长")
+	}
+	if token.Subnet != nil && *token.Subnet != "" {
+		err := network.IsValidSubnets(*token.Subnet)
+		if err != nil {
+			return fmt.Errorf("无效的网段：%s", err.Error())
+		}
+	}
+	return nil
+}
+
 func AddToken(c *gin.Context) {
 	token := model.Token{}
 	err := c.ShouldBindJSON(&token)
@@ -85,19 +130,26 @@ func AddToken(c *gin.Context) {
 		})
 		return
 	}
-	if len(token.Name) == 0 || len(token.Name) > 20 {
+	err = validateToken(c, token)
+	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
-			"message": "令牌名称长度必须在1-20之间",
+			"message": fmt.Sprintf("参数错误：%s", err.Error()),
 		})
 		return
 	}
+
 	cleanToken := model.Token{
-		UserId:       c.GetInt("id"),
-		Name:         token.Name,
-		Key:          common.GetUUID(),
-		CreatedTime:  common.GetTimestamp(),
-		AccessedTime: common.GetTimestamp(),
+		UserId:         c.GetInt(ctxkey.Id),
+		Name:           token.Name,
+		Key:            random.GenerateKey(),
+		CreatedTime:    helper.GetTimestamp(),
+		AccessedTime:   helper.GetTimestamp(),
+		ExpiredTime:    token.ExpiredTime,
+		RemainQuota:    token.RemainQuota,
+		UnlimitedQuota: token.UnlimitedQuota,
+		Models:         token.Models,
+		Subnet:         token.Subnet,
 	}
 	err = cleanToken.Insert()
 	if err != nil {
@@ -110,13 +162,14 @@ func AddToken(c *gin.Context) {
 	c.JSON(http.StatusOK, gin.H{
 		"success": true,
 		"message": "",
+		"data":    cleanToken,
 	})
 	return
 }
 
 func DeleteToken(c *gin.Context) {
 	id, _ := strconv.Atoi(c.Param("id"))
-	userId := c.GetInt("id")
+	userId := c.GetInt(ctxkey.Id)
 	err := model.DeleteTokenById(id, userId)
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
@@ -133,7 +186,8 @@ func DeleteToken(c *gin.Context) {
 }
 
 func UpdateToken(c *gin.Context) {
-	userId := c.GetInt("id")
+	userId := c.GetInt(ctxkey.Id)
+	statusOnly := c.Query("status_only")
 	token := model.Token{}
 	err := c.ShouldBindJSON(&token)
 	if err != nil {
@@ -143,6 +197,14 @@ func UpdateToken(c *gin.Context) {
 		})
 		return
 	}
+	err = validateToken(c, token)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": fmt.Sprintf("参数错误：%s", err.Error()),
+		})
+		return
+	}
 	cleanToken, err := model.GetTokenByIds(token.Id, userId)
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
@@ -151,8 +213,33 @@ func UpdateToken(c *gin.Context) {
 		})
 		return
 	}
-	cleanToken.Name = token.Name
-	cleanToken.Status = token.Status
+	if token.Status == model.TokenStatusEnabled {
+		if cleanToken.Status == model.TokenStatusExpired && cleanToken.ExpiredTime <= helper.GetTimestamp() && cleanToken.ExpiredTime != -1 {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": "令牌已过期，无法启用，请先修改令牌过期时间，或者设置为永不过期",
+			})
+			return
+		}
+		if cleanToken.Status == model.TokenStatusExhausted && cleanToken.RemainQuota <= 0 && !cleanToken.UnlimitedQuota {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": "令牌可用额度已用尽，无法启用，请先修改令牌剩余额度，或者设置为无限额度",
+			})
+			return
+		}
+	}
+	if statusOnly != "" {
+		cleanToken.Status = token.Status
+	} else {
+		// If you add more fields, please also update token.Update()
+		cleanToken.Name = token.Name
+		cleanToken.ExpiredTime = token.ExpiredTime
+		cleanToken.RemainQuota = token.RemainQuota
+		cleanToken.UnlimitedQuota = token.UnlimitedQuota
+		cleanToken.Models = token.Models
+		cleanToken.Subnet = token.Subnet
+	}
 	err = cleanToken.Update()
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{

controller/user.go

@@ -2,12 +2,20 @@ package controller
 
 import (
 	"encoding/json"
+	"fmt"
+	"net/http"
+	"strconv"
+	"time"
+
 	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
-	"net/http"
-	"one-api/common"
-	"one-api/model"
-	"strconv"
+
+	"github.com/songquanpeng/one-api/common"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/ctxkey"
+	"github.com/songquanpeng/one-api/common/i18n"
+	"github.com/songquanpeng/one-api/common/random"
+	"github.com/songquanpeng/one-api/model"
 )
 
 type LoginRequest struct {
@@ -16,7 +24,7 @@ type LoginRequest struct {
 }
 
 func Login(c *gin.Context) {
-	if !common.PasswordLoginEnabled {
+	if !config.PasswordLoginEnabled {
 		c.JSON(http.StatusOK, gin.H{
 			"message": "管理员关闭了密码登录",
 			"success": false,
@@ -27,7 +35,7 @@ func Login(c *gin.Context) {
 	err := json.NewDecoder(c.Request.Body).Decode(&loginRequest)
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
-			"message": "无效的参数",
+			"message": i18n.Translate(c, "invalid_parameter"),
 			"success": false,
 		})
 		return
@@ -36,7 +44,7 @@ func Login(c *gin.Context) {
 	password := loginRequest.Password
 	if username == "" || password == "" {
 		c.JSON(http.StatusOK, gin.H{
-			"message": "无效的参数",
+			"message": i18n.Translate(c, "invalid_parameter"),
 			"success": false,
 		})
 		return
@@ -53,11 +61,11 @@ func Login(c *gin.Context) {
 		})
 		return
 	}
-	setupLogin(&user, c)
+	SetupLogin(&user, c)
 }
 
 // setup session & cookies and then return user info
-func setupLogin(user *model.User, c *gin.Context) {
+func SetupLogin(user *model.User, c *gin.Context) {
 	session := sessions.Default(c)
 	session.Set("id", user.Id)
 	session.Set("username", user.Username)
@@ -103,14 +111,15 @@ func Logout(c *gin.Context) {
 }
 
 func Register(c *gin.Context) {
-	if !common.RegisterEnabled {
+	ctx := c.Request.Context()
+	if !config.RegisterEnabled {
 		c.JSON(http.StatusOK, gin.H{
 			"message": "管理员关闭了新用户注册",
 			"success": false,
 		})
 		return
 	}
-	if !common.PasswordRegisterEnabled {
+	if !config.PasswordRegisterEnabled {
 		c.JSON(http.StatusOK, gin.H{
 			"message": "管理员关闭了通过密码进行注册，请使用第三方账户验证的形式进行注册",
 			"success": false,
@@ -122,18 +131,18 @@ func Register(c *gin.Context) {
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
-			"message": "无效的参数",
+			"message": i18n.Translate(c, "invalid_parameter"),
 		})
 		return
 	}
 	if err := common.Validate.Struct(&user); err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
-			"message": "输入不合法 " + err.Error(),
+			"message": i18n.Translate(c, "invalid_input"),
 		})
 		return
 	}
-	if common.EmailVerificationEnabled {
+	if config.EmailVerificationEnabled {
 		if user.Email == "" || user.VerificationCode == "" {
 			c.JSON(http.StatusOK, gin.H{
 				"success": false,
@@ -149,21 +158,25 @@ func Register(c *gin.Context) {
 			return
 		}
 	}
+	affCode := user.AffCode // this code is the inviter's code, not the user's own code
+	inviterId, _ := model.GetUserIdByAffCode(affCode)
 	cleanUser := model.User{
 		Username:    user.Username,
 		Password:    user.Password,
 		DisplayName: user.Username,
+		InviterId:   inviterId,
 	}
-	if common.EmailVerificationEnabled {
+	if config.EmailVerificationEnabled {
 		cleanUser.Email = user.Email
 	}
-	if err := cleanUser.Insert(); err != nil {
+	if err := cleanUser.Insert(ctx, inviterId); err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
 			"message": err.Error(),
 		})
 		return
 	}
+
 	c.JSON(http.StatusOK, gin.H{
 		"success": true,
 		"message": "",
@@ -176,7 +189,10 @@ func GetAllUsers(c *gin.Context) {
 	if p < 0 {
 		p = 0
 	}
-	users, err := model.GetAllUsers(p*common.ItemsPerPage, common.ItemsPerPage)
+
+	order := c.DefaultQuery("order", "")
+	users, err := model.GetAllUsers(p*config.ItemsPerPage, config.ItemsPerPage, order)
+
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
@@ -184,12 +200,12 @@ func GetAllUsers(c *gin.Context) {
 		})
 		return
 	}
+
 	c.JSON(http.StatusOK, gin.H{
 		"success": true,
 		"message": "",
 		"data":    users,
 	})
-	return
 }
 
 func SearchUsers(c *gin.Context) {
@@ -227,8 +243,8 @@ func GetUser(c *gin.Context) {
 		})
 		return
 	}
-	myRole := c.GetInt("role")
-	if myRole <= user.Role {
+	myRole := c.GetInt(ctxkey.Role)
+	if myRole <= user.Role && myRole != model.RoleRootUser {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
 			"message": "无权获取同级或更高等级用户的信息",
@@ -243,8 +259,95 @@ func GetUser(c *gin.Context) {
 	return
 }
 
+func GetUserDashboard(c *gin.Context) {
+	id := c.GetInt(ctxkey.Id)
+	now := time.Now()
+	startOfDay := now.Truncate(24*time.Hour).AddDate(0, 0, -6).Unix()
+	endOfDay := now.Truncate(24 * time.Hour).Add(24*time.Hour - time.Second).Unix()
+
+	dashboards, err := model.SearchLogsByDayAndModel(id, int(startOfDay), int(endOfDay))
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "无法获取统计信息",
+			"data":    nil,
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    dashboards,
+	})
+	return
+}
+
+func GenerateAccessToken(c *gin.Context) {
+	id := c.GetInt(ctxkey.Id)
+	user, err := model.GetUserById(id, true)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	user.AccessToken = random.GetUUID()
+
+	if model.DB.Where("access_token = ?", user.AccessToken).First(user).RowsAffected != 0 {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "请重试，系统生成的 UUID 竟然重复了！",
+		})
+		return
+	}
+
+	if err := user.Update(false); err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    user.AccessToken,
+	})
+	return
+}
+
+func GetAffCode(c *gin.Context) {
+	id := c.GetInt(ctxkey.Id)
+	user, err := model.GetUserById(id, true)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	if user.AffCode == "" {
+		user.AffCode = random.GetRandomString(4)
+		if err := user.Update(false); err != nil {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": err.Error(),
+			})
+			return
+		}
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    user.AffCode,
+	})
+	return
+}
+
 func GetSelf(c *gin.Context) {
-	id := c.GetInt("id")
+	id := c.GetInt(ctxkey.Id)
 	user, err := model.GetUserById(id, false)
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
@@ -262,12 +365,13 @@ func GetSelf(c *gin.Context) {
 }
 
 func UpdateUser(c *gin.Context) {
+	ctx := c.Request.Context()
 	var updatedUser model.User
 	err := json.NewDecoder(c.Request.Body).Decode(&updatedUser)
 	if err != nil || updatedUser.Id == 0 {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
-			"message": "无效的参数",
+			"message": i18n.Translate(c, "invalid_parameter"),
 		})
 		return
 	}
@@ -277,7 +381,7 @@ func UpdateUser(c *gin.Context) {
 	if err := common.Validate.Struct(&updatedUser); err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
-			"message": "输入不合法 " + err.Error(),
+			"message": i18n.Translate(c, "invalid_input"),
 		})
 		return
 	}
@@ -289,15 +393,15 @@ func UpdateUser(c *gin.Context) {
 		})
 		return
 	}
-	myRole := c.GetInt("role")
-	if myRole <= originUser.Role {
+	myRole := c.GetInt(ctxkey.Role)
+	if myRole <= originUser.Role && myRole != model.RoleRootUser {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
 			"message": "无权更新同权限等级或更高权限等级的用户信息",
 		})
 		return
 	}
-	if myRole <= updatedUser.Role {
+	if myRole <= updatedUser.Role && myRole != model.RoleRootUser {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
 			"message": "无权将其他用户权限等级提升到大于等于自己的权限等级",
@@ -315,6 +419,9 @@ func UpdateUser(c *gin.Context) {
 		})
 		return
 	}
+	if originUser.Quota != updatedUser.Quota {
+		model.RecordLog(ctx, originUser.Id, model.LogTypeManage, fmt.Sprintf("管理员将用户额度从 %s修改为 %s", common.LogQuota(originUser.Quota), common.LogQuota(updatedUser.Quota)))
+	}
 	c.JSON(http.StatusOK, gin.H{
 		"success": true,
 		"message": "",
@@ -328,7 +435,7 @@ func UpdateSelf(c *gin.Context) {
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
-			"message": "无效的参数",
+			"message": i18n.Translate(c, "invalid_parameter"),
 		})
 		return
 	}
@@ -344,7 +451,7 @@ func UpdateSelf(c *gin.Context) {
 	}
 
 	cleanUser := model.User{
-		Id:          c.GetInt("id"),
+		Id:          c.GetInt(ctxkey.Id),
 		Username:    user.Username,
 		Password:    user.Password,
 		DisplayName: user.DisplayName,
@@ -406,6 +513,16 @@ func DeleteUser(c *gin.Context) {
 
 func DeleteSelf(c *gin.Context) {
 	id := c.GetInt("id")
+	user, _ := model.GetUserById(id, false)
+
+	if user.Role == model.RoleRootUser {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "不能删除超级管理员账户",
+		})
+		return
+	}
+
 	err := model.DeleteUserById(id)
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
@@ -422,12 +539,20 @@ func DeleteSelf(c *gin.Context) {
 }
 
 func CreateUser(c *gin.Context) {
+	ctx := c.Request.Context()
 	var user model.User
 	err := json.NewDecoder(c.Request.Body).Decode(&user)
 	if err != nil || user.Username == "" || user.Password == "" {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
-			"message": "无效的参数",
+			"message": i18n.Translate(c, "invalid_parameter"),
+		})
+		return
+	}
+	if err := common.Validate.Struct(&user); err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": i18n.Translate(c, "invalid_input"),
 		})
 		return
 	}
@@ -448,7 +573,7 @@ func CreateUser(c *gin.Context) {
 		Password:    user.Password,
 		DisplayName: user.DisplayName,
 	}
-	if err := cleanUser.Insert(); err != nil {
+	if err := cleanUser.Insert(ctx, 0); err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
 			"message": err.Error(),
@@ -476,7 +601,7 @@ func ManageUser(c *gin.Context) {
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
-			"message": "无效的参数",
+			"message": i18n.Translate(c, "invalid_parameter"),
 		})
 		return
 	}
@@ -493,7 +618,7 @@ func ManageUser(c *gin.Context) {
 		return
 	}
 	myRole := c.GetInt("role")
-	if myRole <= user.Role && myRole != common.RoleRootUser {
+	if myRole <= user.Role && myRole != model.RoleRootUser {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
 			"message": "无权更新同权限等级或更高权限等级的用户信息",
@@ -502,10 +627,24 @@ func ManageUser(c *gin.Context) {
 	}
 	switch req.Action {
 	case "disable":
-		user.Status = common.UserStatusDisabled
+		user.Status = model.UserStatusDisabled
+		if user.Role == model.RoleRootUser {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": "无法禁用超级管理员用户",
+			})
+			return
+		}
 	case "enable":
-		user.Status = common.UserStatusEnabled
+		user.Status = model.UserStatusEnabled
 	case "delete":
+		if user.Role == model.RoleRootUser {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": "无法删除超级管理员用户",
+			})
+			return
+		}
 		if err := user.Delete(); err != nil {
 			c.JSON(http.StatusOK, gin.H{
 				"success": false,
@@ -514,16 +653,37 @@ func ManageUser(c *gin.Context) {
 			return
 		}
 	case "promote":
-		if myRole != common.RoleRootUser {
+		if myRole != model.RoleRootUser {
 			c.JSON(http.StatusOK, gin.H{
 				"success": false,
 				"message": "普通管理员用户无法提升其他用户为管理员",
 			})
 			return
 		}
-		user.Role = common.RoleAdminUser
+		if user.Role >= model.RoleAdminUser {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": "该用户已经是管理员",
+			})
+			return
+		}
+		user.Role = model.RoleAdminUser
 	case "demote":
-		user.Role = common.RoleCommonUser
+		if user.Role == model.RoleRootUser {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": "无法降级超级管理员用户",
+			})
+			return
+		}
+		if user.Role == model.RoleCommonUser {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": "该用户已经是普通用户",
+			})
+			return
+		}
+		user.Role = model.RoleCommonUser
 	}
 
 	if err := user.Update(false); err != nil {
@@ -577,6 +737,77 @@ func EmailBind(c *gin.Context) {
 		})
 		return
 	}
+	if user.Role == model.RoleRootUser {
+		config.RootUserEmail = email
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+	})
+	return
+}
+
+type topUpRequest struct {
+	Key string `json:"key"`
+}
+
+func TopUp(c *gin.Context) {
+	ctx := c.Request.Context()
+	req := topUpRequest{}
+	err := c.ShouldBindJSON(&req)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	id := c.GetInt("id")
+	quota, err := model.Redeem(ctx, req.Key, id)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "",
+		"data":    quota,
+	})
+	return
+}
+
+type adminTopUpRequest struct {
+	UserId int    `json:"user_id"`
+	Quota  int    `json:"quota"`
+	Remark string `json:"remark"`
+}
+
+func AdminTopUp(c *gin.Context) {
+	ctx := c.Request.Context()
+	req := adminTopUpRequest{}
+	err := c.ShouldBindJSON(&req)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	err = model.IncreaseUserQuota(req.UserId, int64(req.Quota))
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	if req.Remark == "" {
+		req.Remark = fmt.Sprintf("通过 API 充值 %s", common.LogQuota(int64(req.Quota)))
+	}
+	model.RecordTopupLog(ctx, req.UserId, req.Remark, req.Quota)
 	c.JSON(http.StatusOK, gin.H{
 		"success": true,
 		"message": "",

docker-compose.yml

@@ -0,0 +1,49 @@
+version: '3.4'
+
+services:
+  one-api:
+    image: "${REGISTRY:-docker.io}/justsong/one-api:latest"
+    container_name: one-api
+    restart: always
+    command: --log-dir /app/logs
+    ports:
+      - "3000:3000"
+    volumes:
+      - ./data/oneapi:/data
+      - ./logs:/app/logs
+    environment:
+      - SQL_DSN=oneapi:123456@tcp(db:3306)/one-api  # 修改此行，或注释掉以使用 SQLite 作为数据库
+      - REDIS_CONN_STRING=redis://redis
+      - SESSION_SECRET=random_string  # 修改为随机字符串
+      - TZ=Asia/Shanghai
+#      - NODE_TYPE=slave  # 多机部署时从节点取消注释该行
+#      - SYNC_FREQUENCY=60  # 需要定期从数据库加载数据时取消注释该行
+#      - FRONTEND_BASE_URL=https://openai.justsong.cn  # 多机部署时从节点取消注释该行
+    depends_on:
+      - redis
+      - db
+    healthcheck:
+      test: [ "CMD-SHELL", "wget -q -O - http://localhost:3000/api/status | grep -o '\"success\":\\s*true' | awk -F: '{print $2}'" ]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+  redis:
+    image: "${REGISTRY:-docker.io}/redis:latest"
+    container_name: redis
+    restart: always
+
+  db:
+    image: "${REGISTRY:-docker.io}/mysql:8.2.0"
+    restart: always
+    container_name: mysql
+    volumes:
+      - ./data/mysql:/var/lib/mysql  # 挂载目录，持久化存储
+    ports:
+      - '3306:3306'
+    environment:
+      TZ: Asia/Shanghai   # 设置时区
+      MYSQL_ROOT_PASSWORD: 'OneAPI@justsong' # 设置 root 用户的密码
+      MYSQL_USER: oneapi   # 创建专用用户
+      MYSQL_PASSWORD: '123456'    # 设置专用用户密码
+      MYSQL_DATABASE: one-api   # 自动创建数据库

docs/API.md

@@ -0,0 +1,53 @@
+# 使用 API 操控 & 扩展 One API
+> 欢迎提交 PR 在此放上你的拓展项目。
+
+例如，虽然 One API 本身没有直接支持支付，但是你可以通过系统扩展的 API 来实现支付功能。
+
+又或者你想自定义渠道管理策略，也可以通过 API 来实现渠道的禁用与启用。
+
+## 鉴权
+One API 支持两种鉴权方式：Cookie 和 Token，对于 Token，参照下图获取：
+
+![image](https://github.com/songquanpeng/songquanpeng.github.io/assets/39998050/c15281a7-83ed-47cb-a1f6-913cb6bf4a7c)
+
+之后，将 Token 作为请求头的 Authorization 字段的值即可，例如下面使用 Token 调用测试渠道的 API：
+![image](https://github.com/songquanpeng/songquanpeng.github.io/assets/39998050/1273b7ae-cb60-4c0d-93a6-b1cbc039c4f8)
+
+## 请求格式与响应格式
+One API 使用 JSON 格式进行请求和响应。
+
+对于响应体，一般格式如下：
+```json
+{
+  "message": "请求信息",
+  "success": true,
+  "data": {}
+}
+```
+
+## API 列表
+> 当前 API 列表不全，请自行通过浏览器抓取前端请求
+
+如果现有的 API 没有办法满足你的需求，欢迎提交 issue 讨论。
+
+### 获取当前登录用户信息
+**GET** `/api/user/self`
+
+### 为给定用户充值额度
+**POST** `/api/topup`
+```json
+{
+  "user_id": 1,
+  "quota": 100000,
+  "remark": "充值 100000 额度"
+}
+```
+
+## 其他
+### 充值链接上的附加参数
+One API 会在用户点击充值按钮的时候，将用户的信息和充值信息附加在链接上，例如：
+`https://example.com?username=root&user_id=1&transaction_id=4b3eed80-55d5-443f-bd44-fb18c648c837`
+
+你可以通过解析链接上的参数来获取用户信息和充值信息，然后调用 API 来为用户充值。
+
+注意，不是所有主题都支持该功能，欢迎 PR 补齐。

go.mod

@@ -1,51 +1,110 @@
-module one-api
+module github.com/songquanpeng/one-api
 
-// +heroku goVersion go1.18
-go 1.18
+go 1.20
 
 require (
-	github.com/gin-contrib/cors v1.4.0
-	github.com/gin-contrib/gzip v0.0.6
-	github.com/gin-contrib/sessions v0.0.5
-	github.com/gin-contrib/static v0.0.1
-	github.com/gin-gonic/gin v1.8.1
-	github.com/go-playground/validator/v10 v10.11.1
+	cloud.google.com/go/iam v1.1.10
+	github.com/aws/aws-sdk-go-v2 v1.27.0
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.15
+	github.com/aws/aws-sdk-go-v2/service/bedrockruntime v1.8.3
+	github.com/gin-contrib/cors v1.7.2
+	github.com/gin-contrib/gzip v1.0.1
+	github.com/gin-contrib/sessions v1.0.1
+	github.com/gin-contrib/static v1.1.2
+	github.com/gin-gonic/gin v1.10.0
+	github.com/go-playground/validator/v10 v10.20.0
 	github.com/go-redis/redis/v8 v8.11.5
-	github.com/google/uuid v1.3.0
-	golang.org/x/crypto v0.1.0
-	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
-	gorm.io/driver/mysql v1.4.3
-	gorm.io/driver/sqlite v1.4.3
-	gorm.io/gorm v1.24.0
+	github.com/golang-jwt/jwt v3.2.2+incompatible
+	github.com/google/uuid v1.6.0
+	github.com/gorilla/websocket v1.5.1
+	github.com/jinzhu/copier v0.4.0
+	github.com/joho/godotenv v1.5.1
+	github.com/patrickmn/go-cache v2.1.0+incompatible
+	github.com/pkg/errors v0.9.1
+	github.com/pkoukk/tiktoken-go v0.1.7
+	github.com/smartystreets/goconvey v1.8.1
+	github.com/stretchr/testify v1.9.0
+	golang.org/x/crypto v0.31.0
+	golang.org/x/image v0.18.0
+	golang.org/x/sync v0.10.0
+	google.golang.org/api v0.187.0
+	gorm.io/driver/mysql v1.5.6
+	gorm.io/driver/postgres v1.5.7
+	gorm.io/driver/sqlite v1.5.1
+	gorm.io/gorm v1.25.10
 )
 
 require (
-	github.com/boj/redistore v0.0.0-20180917114910-cd5dcc76aeff // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	cloud.google.com/go/auth v0.6.1 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
+	cloud.google.com/go/compute/metadata v0.3.0 // indirect
+	filippo.io/edwards25519 v1.1.0 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7 // indirect
+	github.com/aws/smithy-go v1.20.2 // indirect
+	github.com/bytedance/sonic v1.11.6 // indirect
+	github.com/bytedance/sonic/loader v0.1.1 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/cloudwego/base64x v0.1.4 // indirect
+	github.com/cloudwego/iasm v0.2.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
+	github.com/dlclark/regexp2 v1.11.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
-	github.com/go-playground/locales v0.14.0 // indirect
-	github.com/go-playground/universal-translator v0.18.0 // indirect
-	github.com/go-sql-driver/mysql v1.6.0 // indirect
-	github.com/goccy/go-json v0.9.7 // indirect
-	github.com/gomodule/redigo v2.0.0+incompatible // indirect
-	github.com/gorilla/context v1.1.1 // indirect
-	github.com/gorilla/securecookie v1.1.1 // indirect
-	github.com/gorilla/sessions v1.2.1 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-sql-driver/mysql v1.8.1 // indirect
+	github.com/goccy/go-json v0.10.3 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.5 // indirect
+	github.com/gopherjs/gopherjs v1.17.2 // indirect
+	github.com/gorilla/context v1.1.2 // indirect
+	github.com/gorilla/securecookie v1.1.2 // indirect
+	github.com/gorilla/sessions v1.2.2 // indirect
+	github.com/jackc/pgpassfile v1.0.0 // indirect
+	github.com/jackc/pgservicefile v0.0.0-20231201235250-de7065d80cb9 // indirect
+	github.com/jackc/pgx/v5 v5.5.5 // indirect
+	github.com/jackc/puddle/v2 v2.2.1 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/leodido/go-urn v1.2.1 // indirect
-	github.com/mattn/go-isatty v0.0.14 // indirect
-	github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
-	github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 // indirect
+	github.com/jtolds/gls v4.20.0+incompatible // indirect
+	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
+	github.com/kr/text v0.2.0 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-sqlite3 v1.14.24 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.1 // indirect
-	github.com/ugorji/go/codec v1.2.7 // indirect
-	golang.org/x/net v0.7.0 // indirect
-	golang.org/x/sys v0.5.0 // indirect
-	golang.org/x/text v0.7.0 // indirect
-	google.golang.org/protobuf v1.28.0 // indirect
-	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/smarty/assertions v1.15.0 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/ugorji/go/codec v1.2.12 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
+	go.opentelemetry.io/otel v1.24.0 // indirect
+	go.opentelemetry.io/otel/metric v1.24.0 // indirect
+	go.opentelemetry.io/otel/trace v1.24.0 // indirect
+	golang.org/x/arch v0.8.0 // indirect
+	golang.org/x/net v0.26.0 // indirect
+	golang.org/x/oauth2 v0.21.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d // indirect
+	google.golang.org/grpc v1.64.1 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -1,167 +1,317 @@
-github.com/boj/redistore v0.0.0-20180917114910-cd5dcc76aeff h1:RmdPFa+slIr4SCBg4st/l/vZWVe9QJKMXGO60Bxbe04=
-github.com/boj/redistore v0.0.0-20180917114910-cd5dcc76aeff/go.mod h1:+RTT1BOk5P97fT2CiHkbFQwkK3mjsFAP6zCYV2aXtjw=
-github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
-github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go/auth v0.6.1 h1:T0Zw1XM5c1GlpN2HYr2s+m3vr1p2wy+8VN+Z1FKxW38=
+cloud.google.com/go/auth v0.6.1/go.mod h1:eFHG7zDzbXHKmjJddFG/rBlcGp6t25SwRUiEQSlO4x4=
+cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4=
+cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q=
+cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
+cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
+cloud.google.com/go/iam v1.1.10 h1:ZSAr64oEhQSClwBL670MsJAW5/RLiC6kfw3Bqmd5ZDI=
+cloud.google.com/go/iam v1.1.10/go.mod h1:iEgMq62sg8zx446GCaijmA2Miwg5o3UbO+nI47WHJps=
+filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
+filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/aws/aws-sdk-go-v2 v1.27.0 h1:7bZWKoXhzI+mMR/HjdMx8ZCC5+6fY0lS5tr0bbgiLlo=
+github.com/aws/aws-sdk-go-v2 v1.27.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 h1:x6xsQXGSmW6frevwDA+vi/wqhp1ct18mVXYN08/93to=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2/go.mod h1:lPprDr1e6cJdyYeGXnRaJoP4Md+cDBvi2eOj00BlGmg=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.15 h1:YDexlvDRCA8ems2T5IP1xkMtOZ1uLJOCJdTr0igs5zo=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.15/go.mod h1:vxHggqW6hFNaeNC0WyXS3VdyjcV0a4KMUY4dKJ96buU=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7 h1:lf/8VTF2cM+N4SLzaYJERKEWAXq8MOMpZfU6wEPWsPk=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7/go.mod h1:4SjkU7QiqK2M9oozyMzfZ/23LmUY+h3oFqhdeP5OMiI=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7 h1:4OYVp0705xu8yjdyoWix0r9wPIRXnIzzOoUpQVHIJ/g=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7/go.mod h1:vd7ESTEvI76T2Na050gODNmNU7+OyKrIKroYTu4ABiI=
+github.com/aws/aws-sdk-go-v2/service/bedrockruntime v1.8.3 h1:Fihjyd6DeNjcawBEGLH9dkIEUi6AdhucDKPE9nJ4QiY=
+github.com/aws/aws-sdk-go-v2/service/bedrockruntime v1.8.3/go.mod h1:opvUj3ismqSCxYc+m4WIjPL0ewZGtvp0ess7cKvBPOQ=
+github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
+github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
+github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0=
+github.com/bytedance/sonic v1.11.6/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4=
+github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM=
+github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
+github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
+github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
+github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
-github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
-github.com/gin-contrib/cors v1.4.0 h1:oJ6gwtUl3lqV0WEIwM/LxPF1QZ5qe2lGWdY2+bz7y0g=
-github.com/gin-contrib/cors v1.4.0/go.mod h1:bs9pNM0x/UsmHPBWT2xZz9ROh8xYjYkiURUfmBoMlcs=
-github.com/gin-contrib/gzip v0.0.6 h1:NjcunTcGAj5CO1gn4N8jHOSIeRFHIbn51z6K+xaN4d4=
-github.com/gin-contrib/gzip v0.0.6/go.mod h1:QOJlmV2xmayAjkNS2Y8NQsMneuRShOU/kjovCXNuzzk=
-github.com/gin-contrib/sessions v0.0.5 h1:CATtfHmLMQrMNpJRgzjWXD7worTh7g7ritsQfmF+0jE=
-github.com/gin-contrib/sessions v0.0.5/go.mod h1:vYAuaUPqie3WUSsft6HUlCjlwwoJQs97miaG2+7neKY=
+github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI=
+github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
+github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
+github.com/gin-contrib/cors v1.7.2 h1:oLDHxdg8W/XDoN/8zamqk/Drgt4oVZDvaV0YmvVICQw=
+github.com/gin-contrib/cors v1.7.2/go.mod h1:SUJVARKgQ40dmrzgXEVxj2m7Ig1v1qIboQkPDTQ9t2E=
+github.com/gin-contrib/gzip v1.0.1 h1:HQ8ENHODeLY7a4g1Au/46Z92bdGFl74OhxcZble9WJE=
+github.com/gin-contrib/gzip v1.0.1/go.mod h1:njt428fdUNRvjuJf16tZMYZ2Yl+WQB53X5wmhDwXvC4=
+github.com/gin-contrib/sessions v1.0.1 h1:3hsJyNs7v7N8OtelFmYXFrulAf6zSR7nW/putcPEHxI=
+github.com/gin-contrib/sessions v1.0.1/go.mod h1:ouxSFM24/OgIud5MJYQJLpy6AwxQ5EYO9yLhbtObGkM=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-contrib/static v0.0.1 h1:JVxuvHPuUfkoul12N7dtQw7KRn/pSMq7Ue1Va9Swm1U=
-github.com/gin-contrib/static v0.0.1/go.mod h1:CSxeF+wep05e0kCOsqWdAWbSszmc31zTIbD8TvWl7Hs=
-github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
-github.com/gin-gonic/gin v1.8.1 h1:4+fr/el88TOO3ewCmQr8cx/CtZ/umlIRIs5M4NTNjf8=
-github.com/gin-gonic/gin v1.8.1/go.mod h1:ji8BvRH1azfM+SYow9zQ6SZMvR8qOMZHmsCuWR9tTTk=
-github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
-github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
-github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
-github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
-github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
-github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
-github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
-github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
-github.com/go-playground/validator/v10 v10.10.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos=
-github.com/go-playground/validator/v10 v10.11.1 h1:prmOlTVv+YjZjmRmNSF3VmspqJIxJWXmqUsHwfTRRkQ=
-github.com/go-playground/validator/v10 v10.11.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
+github.com/gin-contrib/static v1.1.2 h1:c3kT4bFkUJn2aoRU3s6XnMjJT8J6nNWJkR0NglqmlZ4=
+github.com/gin-contrib/static v1.1.2/go.mod h1:Fw90ozjHCmZBWbgrsqrDvO28YbhKEKzKp8GixhR4yLw=
+github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
+github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
+github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8=
+github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
 github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI=
 github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo=
-github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
-github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
-github.com/goccy/go-json v0.9.7 h1:IcB+Aqpx/iMHu5Yooh7jEzJk1JZ7Pjtmys2ukPr7EeM=
-github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
-github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
-github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
+github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
+github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
+github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
+github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
+github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
-github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
-github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
-github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
-github.com/gorilla/sessions v1.1.1/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w=
-github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=
-github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
+github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
+github.com/googleapis/gax-go/v2 v2.12.5 h1:8gw9KZK8TiVKB6q3zHY3SBzLnrGp6HQjyfYBYGmXdxA=
+github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E=
+github.com/gopherjs/gopherjs v1.17.2 h1:fQnZVsXk8uxXIStYb0N4bGk7jeyTalG/wsZjQ25dO0g=
+github.com/gopherjs/gopherjs v1.17.2/go.mod h1:pRRIvn/QzFLrKfvEz3qUuEhtE/zLCWfreZ6J5gM2i+k=
+github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=
+github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
+github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY=
+github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
+github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
+github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
+github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
+github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
+github.com/jackc/pgservicefile v0.0.0-20231201235250-de7065d80cb9 h1:L0QtFUgDarD7Fpv9jeVMgy/+Ec0mtnmYuImjTz6dtDA=
+github.com/jackc/pgservicefile v0.0.0-20231201235250-de7065d80cb9/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
+github.com/jackc/pgx/v5 v5.5.5 h1:amBjrZVmksIdNjxGW/IiIMzxMKZFelXbUoPNb+8sjQw=
+github.com/jackc/pgx/v5 v5.5.5/go.mod h1:ez9gk+OAat140fv9ErkZDYFWmXLfV+++K0uAOiwgm1A=
+github.com/jackc/puddle/v2 v2.2.1 h1:RhxXJtFG022u4ibrCSMSiu5aOq1i77R3OHKNJj77OAk=
+github.com/jackc/puddle/v2 v2.2.1/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
+github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
+github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
-github.com/jinzhu/now v1.1.4/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
-github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
+github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
+github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
+github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
-github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
-github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
-github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
-github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
-github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
-github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
-github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 h1:ZqeYNhU3OHLH3mGKHDcjJRFFRrJa6eAM5H+CtDdOsPc=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM=
+github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/gomega v1.18.1 h1:M1GfJqGRrBrrGGsbxzV5dqM2U2ApXefZCQpkukxYRLE=
-github.com/pelletier/go-toml/v2 v2.0.1 h1:8e3L2cCQzLFi2CR4g7vGFuFxX7Jl1kKX8gW+iV0GUKU=
-github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
-github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
+github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
+github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
+github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
+github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkoukk/tiktoken-go v0.1.7 h1:qOBHXX4PHtvIvmOtyg1EeKlwFRiMKAcoMp4Q+bLQDmw=
+github.com/pkoukk/tiktoken-go v0.1.7/go.mod h1:9NiV+i9mJKGj1rYOT+njbv+ZwA/zJxYdewGl6qVatpg=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
-github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
+github.com/smarty/assertions v1.15.0 h1:cR//PqUBUiQRakZWqBiFFQ9wb8emQGDb0HeGdqGByCY=
+github.com/smarty/assertions v1.15.0/go.mod h1:yABtdzeQs6l1brC900WlRNwj6ZR55d7B+E8C6HtKdec=
+github.com/smartystreets/goconvey v1.8.1 h1:qGjIddxOk4grTu9JPOU31tVfq3cNdBlNa5sSznIX1xY=
+github.com/smartystreets/goconvey v1.8.1/go.mod h1:+/u4qLyY6x1jReYOp7GOM2FSt8aP9CzCZL03bI28W60=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
-github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6M=
-github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
-github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0=
-github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY=
-golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
-golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
+github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
+github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
+go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
+go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
+go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo=
+go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo=
+go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=
+go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
+go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=
+go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
+golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
+golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/image v0.18.0 h1:jGzIakQa/ZXI1I0Fxvaa9W7yP25TqT6cHIHn+6CqvSQ=
+golang.org/x/image v0.18.0/go.mod h1:4yyo5vMFQjVjUcVk4jEQcU9MGy/rulF5WvUILseCM2E=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
+golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
+golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
-google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk=
-gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=
+google.golang.org/api v0.187.0 h1:Mxs7VATVC2v7CY+7Xwm4ndkX71hpElcvx0D1Ji/p1eo=
+google.golang.org/api v0.187.0/go.mod h1:KIHlTc4x7N7gKKuVsdmfBXN13yEEWXWFURWY6SBp2gk=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 h1:MuYw1wJzT+ZkybKfaOXKp5hJiZDn2iHaXRw0mRYdHSc=
+google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4/go.mod h1:px9SlOOZBg1wM1zdnr8jEL4CNGUBZ+ZKYtNPApNQc4c=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d h1:k3zyW3BYYR30e8v3x0bTDdE9vpYFjZHK+HcyqkrppWk=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA=
+google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df h1:n7WqCuqOuCbNr617RXOY0AWRXxgwEyPp2z+p0+hgMuE=
-gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df/go.mod h1:LRQQ+SO6ZHR7tOkpBDuZnXENFzX8qRjMDMyPD6BRkCw=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gorm.io/driver/mysql v1.4.3 h1:/JhWJhO2v17d8hjApTltKNADm7K7YI2ogkR7avJUL3k=
-gorm.io/driver/mysql v1.4.3/go.mod h1:sSIebwZAVPiT+27jK9HIwvsqOGKx3YMPmrA3mBJR10c=
-gorm.io/driver/sqlite v1.4.3 h1:HBBcZSDnWi5BW3B3rwvVTc510KGkBkexlOg0QrmLUuU=
-gorm.io/driver/sqlite v1.4.3/go.mod h1:0Aq3iPO+v9ZKbcdiz8gLWRw5VOPcBOPUQJFLq5e2ecI=
-gorm.io/gorm v1.23.8/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk=
-gorm.io/gorm v1.24.0 h1:j/CoiSm6xpRpmzbFJsQHYj+I8bGYWLXVHeYEyyKlF74=
-gorm.io/gorm v1.24.0/go.mod h1:DVrVomtaYTbqs7gB/x2uVvqnXzv0nqjB396B8cG4dBA=
+gorm.io/driver/mysql v1.5.6 h1:Ld4mkIickM+EliaQZQx3uOJDJHtrd70MxAUqWqlx3Y8=
+gorm.io/driver/mysql v1.5.6/go.mod h1:sEtPWMiqiN1N1cMXoXmBbd8C6/l+TESwriotuRRpkDM=
+gorm.io/driver/postgres v1.5.7 h1:8ptbNJTDbEmhdr62uReG5BGkdQyeasu/FZHxI0IMGnM=
+gorm.io/driver/postgres v1.5.7/go.mod h1:3e019WlBaYI5o5LIdNV+LyxCMNtLOQETBXL2h4chKpA=
+gorm.io/driver/sqlite v1.5.1 h1:hYyrLkAWE71bcarJDPdZNTLWtr8XrSjOWyjUYI6xdL4=
+gorm.io/driver/sqlite v1.5.1/go.mod h1:7MZZ2Z8bqyfSQA1gYEV6MagQWj3cpUkJj9Z+d1HEMEQ=
+gorm.io/gorm v1.25.7/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
+gorm.io/gorm v1.25.10 h1:dQpO+33KalOA+aFYGlK+EfxcI5MbO7EP2yYygwh9h+s=
+gorm.io/gorm v1.25.10/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=

main.go

@@ -2,75 +2,123 @@ package main
 
 import (
 	"embed"
-	"github.com/gin-contrib/gzip"
-	"github.com/gin-contrib/sessions"
-	"github.com/gin-contrib/sessions/cookie"
-	"github.com/gin-contrib/sessions/redis"
-	"github.com/gin-gonic/gin"
-	"log"
-	"one-api/common"
-	"one-api/middleware"
-	"one-api/model"
-	"one-api/router"
+	"fmt"
 	"os"
 	"strconv"
+
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-contrib/sessions/cookie"
+	"github.com/gin-gonic/gin"
+	_ "github.com/joho/godotenv/autoload"
+
+	"github.com/songquanpeng/one-api/common"
+	"github.com/songquanpeng/one-api/common/client"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/i18n"
+	"github.com/songquanpeng/one-api/common/logger"
+	"github.com/songquanpeng/one-api/controller"
+	"github.com/songquanpeng/one-api/middleware"
+	"github.com/songquanpeng/one-api/model"
+	"github.com/songquanpeng/one-api/relay/adaptor/openai"
+	"github.com/songquanpeng/one-api/router"
 )
 
-//go:embed web/build
+//go:embed web/build/*
 var buildFS embed.FS
 
-//go:embed web/build/index.html
-var indexPage []byte
-
 func main() {
-	common.SetupGinLog()
-	common.SysLog("One API " + common.Version + " started")
-	if os.Getenv("GIN_MODE") != "debug" {
+	common.Init()
+	logger.SetupLogger()
+	logger.SysLogf("One API %s started", common.Version)
+
+	if os.Getenv("GIN_MODE") != gin.DebugMode {
 		gin.SetMode(gin.ReleaseMode)
 	}
+	if config.DebugEnabled {
+		logger.SysLog("running in debug mode")
+	}
+
 	// Initialize SQL Database
-	err := model.InitDB()
+	model.InitDB()
+	model.InitLogDB()
+
+	var err error
+	err = model.CreateRootAccountIfNeed()
 	if err != nil {
-		common.FatalLog(err)
+		logger.FatalLog("database init error: " + err.Error())
 	}
 	defer func() {
 		err := model.CloseDB()
 		if err != nil {
-			common.FatalLog(err)
+			logger.FatalLog("failed to close database: " + err.Error())
 		}
 	}()
 
 	// Initialize Redis
 	err = common.InitRedisClient()
 	if err != nil {
-		common.FatalLog(err)
+		logger.FatalLog("failed to initialize Redis: " + err.Error())
 	}
 
 	// Initialize options
 	model.InitOptionMap()
-
-	// Initialize HTTP server
-	server := gin.Default()
-	server.Use(gzip.Gzip(gzip.DefaultCompression))
-	server.Use(middleware.CORS())
-
-	// Initialize session store
+	logger.SysLog(fmt.Sprintf("using theme %s", config.Theme))
 	if common.RedisEnabled {
-		opt := common.ParseRedisOption()
-		store, _ := redis.NewStore(opt.MinIdleConns, opt.Network, opt.Addr, opt.Password, []byte(common.SessionSecret))
-		server.Use(sessions.Sessions("session", store))
-	} else {
-		store := cookie.NewStore([]byte(common.SessionSecret))
-		server.Use(sessions.Sessions("session", store))
+		// for compatibility with old versions
+		config.MemoryCacheEnabled = true
+	}
+	if config.MemoryCacheEnabled {
+		logger.SysLog("memory cache enabled")
+		logger.SysLog(fmt.Sprintf("sync frequency: %d seconds", config.SyncFrequency))
+		model.InitChannelCache()
+	}
+	if config.MemoryCacheEnabled {
+		go model.SyncOptions(config.SyncFrequency)
+		go model.SyncChannelCache(config.SyncFrequency)
+	}
+	if os.Getenv("CHANNEL_TEST_FREQUENCY") != "" {
+		frequency, err := strconv.Atoi(os.Getenv("CHANNEL_TEST_FREQUENCY"))
+		if err != nil {
+			logger.FatalLog("failed to parse CHANNEL_TEST_FREQUENCY: " + err.Error())
+		}
+		go controller.AutomaticallyTestChannels(frequency)
+	}
+	if os.Getenv("BATCH_UPDATE_ENABLED") == "true" {
+		config.BatchUpdateEnabled = true
+		logger.SysLog("batch update enabled with interval " + strconv.Itoa(config.BatchUpdateInterval) + "s")
+		model.InitBatchUpdater()
+	}
+	if config.EnableMetric {
+		logger.SysLog("metric enabled, will disable channel if too much request failed")
+	}
+	openai.InitTokenEncoders()
+	client.Init()
+
+	// Initialize i18n
+	if err := i18n.Init(); err != nil {
+		logger.FatalLog("failed to initialize i18n: " + err.Error())
 	}
 
-	router.SetRouter(server, buildFS, indexPage)
+	// Initialize HTTP server
+	server := gin.New()
+	server.Use(gin.Recovery())
+	// This will cause SSE not to work!!!
+	//server.Use(gzip.Gzip(gzip.DefaultCompression))
+	server.Use(middleware.RequestId())
+	server.Use(middleware.Language())
+	middleware.SetUpLogger(server)
+	// Initialize session store
+	store := cookie.NewStore([]byte(config.SessionSecret))
+	server.Use(sessions.Sessions("session", store))
+
+	router.SetRouter(server, buildFS)
 	var port = os.Getenv("PORT")
 	if port == "" {
 		port = strconv.Itoa(*common.Port)
 	}
+	logger.SysLogf("server started on http://localhost:%s", port)
 	err = server.Run(":" + port)
 	if err != nil {
-		log.Println(err)
+		logger.FatalLog("failed to start HTTP server: " + err.Error())
 	}
 }

middleware/auth.go

@@ -1,11 +1,14 @@
 package middleware
 
 import (
+	"fmt"
 	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
+	"github.com/songquanpeng/one-api/common/blacklist"
+	"github.com/songquanpeng/one-api/common/ctxkey"
+	"github.com/songquanpeng/one-api/common/network"
+	"github.com/songquanpeng/one-api/model"
 	"net/http"
-	"one-api/common"
-	"one-api/model"
 	"strings"
 )
 
@@ -16,18 +19,40 @@ func authHelper(c *gin.Context, minRole int) {
 	id := session.Get("id")
 	status := session.Get("status")
 	if username == nil {
-		c.JSON(http.StatusOK, gin.H{
-			"success": false,
-			"message": "无权进行此操作，未登录",
-		})
-		c.Abort()
-		return
+		// Check access token
+		accessToken := c.Request.Header.Get("Authorization")
+		if accessToken == "" {
+			c.JSON(http.StatusUnauthorized, gin.H{
+				"success": false,
+				"message": "无权进行此操作，未登录且未提供 access token",
+			})
+			c.Abort()
+			return
+		}
+		user := model.ValidateAccessToken(accessToken)
+		if user != nil && user.Username != "" {
+			// Token is valid
+			username = user.Username
+			role = user.Role
+			id = user.Id
+			status = user.Status
+		} else {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": "无权进行此操作，access token 无效",
+			})
+			c.Abort()
+			return
+		}
 	}
-	if status.(int) == common.UserStatusDisabled {
+	if status.(int) == model.UserStatusDisabled || blacklist.IsUserBanned(id.(int)) {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
 			"message": "用户已被封禁",
 		})
+		session := sessions.Default(c)
+		session.Clear()
+		_ = session.Save()
 		c.Abort()
 		return
 	}
@@ -47,42 +72,96 @@ func authHelper(c *gin.Context, minRole int) {
 
 func UserAuth() func(c *gin.Context) {
 	return func(c *gin.Context) {
-		authHelper(c, common.RoleCommonUser)
+		authHelper(c, model.RoleCommonUser)
 	}
 }
 
 func AdminAuth() func(c *gin.Context) {
 	return func(c *gin.Context) {
-		authHelper(c, common.RoleAdminUser)
+		authHelper(c, model.RoleAdminUser)
 	}
 }
 
 func RootAuth() func(c *gin.Context) {
 	return func(c *gin.Context) {
-		authHelper(c, common.RoleRootUser)
+		authHelper(c, model.RoleRootUser)
 	}
 }
 
 func TokenAuth() func(c *gin.Context) {
 	return func(c *gin.Context) {
+		ctx := c.Request.Context()
 		key := c.Request.Header.Get("Authorization")
+		key = strings.TrimPrefix(key, "Bearer ")
+		key = strings.TrimPrefix(key, "sk-")
 		parts := strings.Split(key, "-")
 		key = parts[0]
 		token, err := model.ValidateUserToken(key)
 		if err != nil {
-			c.JSON(http.StatusOK, gin.H{
-				"error": gin.H{
-					"message": err.Error(),
-					"type":    "one_api_error",
-				},
-			})
-			c.Abort()
+			abortWithMessage(c, http.StatusUnauthorized, err.Error())
 			return
 		}
-		c.Set("id", token.UserId)
-		if len(parts) > 1 {
-			c.Set("channelId", parts[1])
+		if token.Subnet != nil && *token.Subnet != "" {
+			if !network.IsIpInSubnets(ctx, c.ClientIP(), *token.Subnet) {
+				abortWithMessage(c, http.StatusForbidden, fmt.Sprintf("该令牌只能在指定网段使用：%s，当前 ip：%s", *token.Subnet, c.ClientIP()))
+				return
+			}
 		}
+		userEnabled, err := model.CacheIsUserEnabled(token.UserId)
+		if err != nil {
+			abortWithMessage(c, http.StatusInternalServerError, err.Error())
+			return
+		}
+		if !userEnabled || blacklist.IsUserBanned(token.UserId) {
+			abortWithMessage(c, http.StatusForbidden, "用户已被封禁")
+			return
+		}
+		requestModel, err := getRequestModel(c)
+		if err != nil && shouldCheckModel(c) {
+			abortWithMessage(c, http.StatusBadRequest, err.Error())
+			return
+		}
+		c.Set(ctxkey.RequestModel, requestModel)
+		if token.Models != nil && *token.Models != "" {
+			c.Set(ctxkey.AvailableModels, *token.Models)
+			if requestModel != "" && !isModelInList(requestModel, *token.Models) {
+				abortWithMessage(c, http.StatusForbidden, fmt.Sprintf("该令牌无权使用模型：%s", requestModel))
+				return
+			}
+		}
+		c.Set(ctxkey.Id, token.UserId)
+		c.Set(ctxkey.TokenId, token.Id)
+		c.Set(ctxkey.TokenName, token.Name)
+		if len(parts) > 1 {
+			if model.IsAdmin(token.UserId) {
+				c.Set(ctxkey.SpecificChannelId, parts[1])
+			} else {
+				abortWithMessage(c, http.StatusForbidden, "普通用户不支持指定渠道")
+				return
+			}
+		}
+
+		// set channel id for proxy relay
+		if channelId := c.Param("channelid"); channelId != "" {
+			c.Set(ctxkey.SpecificChannelId, channelId)
+		}
+
 		c.Next()
 	}
 }
+
+func shouldCheckModel(c *gin.Context) bool {
+	if strings.HasPrefix(c.Request.URL.Path, "/v1/completions") {
+		return true
+	}
+	if strings.HasPrefix(c.Request.URL.Path, "/v1/chat/completions") {
+		return true
+	}
+	if strings.HasPrefix(c.Request.URL.Path, "/v1/images") {
+		return true
+	}
+	if strings.HasPrefix(c.Request.URL.Path, "/v1/audio") {
+		return true
+	}
+	return false
+}

middleware/cache.go

@@ -6,7 +6,11 @@ import (
 
 func Cache() func(c *gin.Context) {
 	return func(c *gin.Context) {
-		c.Header("Cache-Control", "max-age=604800") // one week
+		if c.Request.RequestURI == "/" {
+			c.Header("Cache-Control", "no-cache")
+		} else {
+			c.Header("Cache-Control", "max-age=604800") // one week
+		}
 		c.Next()
 	}
 }

middleware/cors.go

@@ -7,6 +7,9 @@ import (
 
 func CORS() gin.HandlerFunc {
 	config := cors.DefaultConfig()
-	config.AllowOrigins = []string{"https://one-api.vercel.app", "http://localhost:3000/"}
+	config.AllowAllOrigins = true
+	config.AllowCredentials = true
+	config.AllowMethods = []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"}
+	config.AllowHeaders = []string{"*"}
 	return cors.New(config)
 }

middleware/distributor.go

@@ -2,70 +2,101 @@ package middleware
 
 import (
 	"fmt"
-	"github.com/gin-gonic/gin"
 	"net/http"
-	"one-api/common"
-	"one-api/model"
 	"strconv"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/songquanpeng/one-api/common/ctxkey"
+	"github.com/songquanpeng/one-api/common/logger"
+	"github.com/songquanpeng/one-api/model"
+	"github.com/songquanpeng/one-api/relay/channeltype"
 )
 
+type ModelRequest struct {
+	Model string `json:"model" form:"model"`
+}
+
 func Distribute() func(c *gin.Context) {
 	return func(c *gin.Context) {
+		ctx := c.Request.Context()
+		userId := c.GetInt(ctxkey.Id)
+		userGroup, _ := model.CacheGetUserGroup(userId)
+		c.Set(ctxkey.Group, userGroup)
+		var requestModel string
 		var channel *model.Channel
-		channelId, ok := c.Get("channelId")
+		channelId, ok := c.Get(ctxkey.SpecificChannelId)
 		if ok {
 			id, err := strconv.Atoi(channelId.(string))
 			if err != nil {
-				c.JSON(http.StatusOK, gin.H{
-					"error": gin.H{
-						"message": "无效的渠道 ID",
-						"type":    "one_api_error",
-					},
-				})
-				c.Abort()
+				abortWithMessage(c, http.StatusBadRequest, "无效的渠道 Id")
 				return
 			}
 			channel, err = model.GetChannelById(id, true)
 			if err != nil {
-				c.JSON(200, gin.H{
-					"error": gin.H{
-						"message": "无效的渠道 ID",
-						"type":    "one_api_error",
-					},
-				})
-				c.Abort()
+				abortWithMessage(c, http.StatusBadRequest, "无效的渠道 Id")
 				return
 			}
-			if channel.Status != common.ChannelStatusEnabled {
-				c.JSON(200, gin.H{
-					"error": gin.H{
-						"message": "该渠道已被禁用",
-						"type":    "one_api_error",
-					},
-				})
-				c.Abort()
+			if channel.Status != model.ChannelStatusEnabled {
+				abortWithMessage(c, http.StatusForbidden, "该渠道已被禁用")
 				return
 			}
 		} else {
-			// Select a channel for the user
+			requestModel = c.GetString(ctxkey.RequestModel)
 			var err error
-			channel, err = model.GetRandomChannel()
+			channel, err = model.CacheGetRandomSatisfiedChannel(userGroup, requestModel, false)
 			if err != nil {
-				c.JSON(200, gin.H{
-					"error": gin.H{
-						"message": "无可用渠道",
-						"type":    "one_api_error",
-					},
-				})
-				c.Abort()
+				message := fmt.Sprintf("当前分组 %s 下对于模型 %s 无可用渠道", userGroup, requestModel)
+				if channel != nil {
+					logger.SysError(fmt.Sprintf("渠道不存在：%d", channel.Id))
+					message = "数据库一致性已被破坏，请联系管理员"
+				}
+				abortWithMessage(c, http.StatusServiceUnavailable, message)
 				return
 			}
 		}
-		c.Set("channel", channel.Type)
-		c.Request.Header.Set("Authorization", fmt.Sprintf("Bearer %s", channel.Key))
-		if channel.Type == common.ChannelTypeCustom {
-			c.Set("base_url", channel.BaseURL)
-		}
+		logger.Debugf(ctx, "user id %d, user group: %s, request model: %s, using channel #%d", userId, userGroup, requestModel, channel.Id)
+		SetupContextForSelectedChannel(c, channel, requestModel)
 		c.Next()
 	}
 }
+
+func SetupContextForSelectedChannel(c *gin.Context, channel *model.Channel, modelName string) {
+	c.Set(ctxkey.Channel, channel.Type)
+	c.Set(ctxkey.ChannelId, channel.Id)
+	c.Set(ctxkey.ChannelName, channel.Name)
+	if channel.SystemPrompt != nil && *channel.SystemPrompt != "" {
+		c.Set(ctxkey.SystemPrompt, *channel.SystemPrompt)
+	}
+	c.Set(ctxkey.ModelMapping, channel.GetModelMapping())
+	c.Set(ctxkey.OriginalModel, modelName) // for retry
+	c.Request.Header.Set("Authorization", fmt.Sprintf("Bearer %s", channel.Key))
+	c.Set(ctxkey.BaseURL, channel.GetBaseURL())
+	cfg, _ := channel.LoadConfig()
+	// this is for backward compatibility
+	if channel.Other != nil {
+		switch channel.Type {
+		case channeltype.Azure:
+			if cfg.APIVersion == "" {
+				cfg.APIVersion = *channel.Other
+			}
+		case channeltype.Xunfei:
+			if cfg.APIVersion == "" {
+				cfg.APIVersion = *channel.Other
+			}
+		case channeltype.Gemini:
+			if cfg.APIVersion == "" {
+				cfg.APIVersion = *channel.Other
+			}
+		case channeltype.AIProxyLibrary:
+			if cfg.LibraryID == "" {
+				cfg.LibraryID = *channel.Other
+			}
+		case channeltype.Ali:
+			if cfg.Plugin == "" {
+				cfg.Plugin = *channel.Other
+			}
+		}
+	}
+	c.Set(ctxkey.Config, cfg)
+}

middleware/gzip.go

@@ -0,0 +1,27 @@
+package middleware
+
+import (
+	"compress/gzip"
+	"github.com/gin-gonic/gin"
+	"io"
+	"net/http"
+)
+
+func GzipDecodeMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if c.GetHeader("Content-Encoding") == "gzip" {
+			gzipReader, err := gzip.NewReader(c.Request.Body)
+			if err != nil {
+				c.AbortWithStatus(http.StatusBadRequest)
+				return
+			}
+			defer gzipReader.Close()
+
+			// Replace the request body with the decompressed data
+			c.Request.Body = io.NopCloser(gzipReader)
+		}
+
+		// Continue processing the request
+		c.Next()
+	}
+}

middleware/language.go

@@ -0,0 +1,25 @@
+package middleware
+
+import (
+	"strings"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/songquanpeng/one-api/common/i18n"
+)
+
+func Language() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		lang := c.GetHeader("Accept-Language")
+		if lang == "" {
+			lang = "en"
+		}
+		if strings.HasPrefix(strings.ToLower(lang), "zh") {
+			lang = "zh-CN"
+		} else {
+			lang = "en"
+		}
+		c.Set(i18n.ContextKey, lang)
+		c.Next()
+	}
+}

middleware/logger.go

@@ -0,0 +1,25 @@
+package middleware
+
+import (
+	"fmt"
+	"github.com/gin-gonic/gin"
+	"github.com/songquanpeng/one-api/common/helper"
+)
+
+func SetUpLogger(server *gin.Engine) {
+	server.Use(gin.LoggerWithFormatter(func(param gin.LogFormatterParams) string {
+		var requestID string
+		if param.Keys != nil {
+			requestID = param.Keys[helper.RequestIdKey].(string)
+		}
+		return fmt.Sprintf("[GIN] %s | %s | %3d | %13v | %15s | %7s %s\n",
+			param.TimeStamp.Format("2006/01/02 - 15:04:05"),
+			requestID,
+			param.StatusCode,
+			param.Latency,
+			param.ClientIP,
+			param.Method,
+			param.Path,
+		)
+	}))
+}

middleware/rate-limit.go

@@ -3,10 +3,13 @@ package middleware
 import (
 	"context"
 	"fmt"
-	"github.com/gin-gonic/gin"
 	"net/http"
-	"one-api/common"
 	"time"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/songquanpeng/one-api/common"
+	"github.com/songquanpeng/one-api/common/config"
 )
 
 var timeFormat = "2006-01-02T15:04:05.000Z"
@@ -26,7 +29,7 @@ func redisRateLimiter(c *gin.Context, maxRequestNum int, duration int64, mark st
 	}
 	if listLength < int64(maxRequestNum) {
 		rdb.LPush(ctx, key, time.Now().Format(timeFormat))
-		rdb.Expire(ctx, key, common.RateLimitKeyExpirationDuration)
+		rdb.Expire(ctx, key, config.RateLimitKeyExpirationDuration)
 	} else {
 		oldTimeStr, _ := rdb.LIndex(ctx, key, -1).Result()
 		oldTime, err := time.Parse(timeFormat, oldTimeStr)
@@ -47,14 +50,14 @@ func redisRateLimiter(c *gin.Context, maxRequestNum int, duration int64, mark st
 		// time.Since will return negative number!
 		// See: https://stackoverflow.com/questions/50970900/why-is-time-since-returning-negative-durations-on-windows
 		if int64(nowTime.Sub(oldTime).Seconds()) < duration {
-			rdb.Expire(ctx, key, common.RateLimitKeyExpirationDuration)
+			rdb.Expire(ctx, key, config.RateLimitKeyExpirationDuration)
 			c.Status(http.StatusTooManyRequests)
 			c.Abort()
 			return
 		} else {
 			rdb.LPush(ctx, key, time.Now().Format(timeFormat))
 			rdb.LTrim(ctx, key, 0, int64(maxRequestNum-1))
-			rdb.Expire(ctx, key, common.RateLimitKeyExpirationDuration)
+			rdb.Expire(ctx, key, config.RateLimitKeyExpirationDuration)
 		}
 	}
 }
@@ -69,13 +72,18 @@ func memoryRateLimiter(c *gin.Context, maxRequestNum int, duration int64, mark s
 }
 
 func rateLimitFactory(maxRequestNum int, duration int64, mark string) func(c *gin.Context) {
+	if maxRequestNum == 0 || config.DebugEnabled {
+		return func(c *gin.Context) {
+			c.Next()
+		}
+	}
 	if common.RedisEnabled {
 		return func(c *gin.Context) {
 			redisRateLimiter(c, maxRequestNum, duration, mark)
 		}
 	} else {
 		// It's safe to call multi times.
-		inMemoryRateLimiter.Init(common.RateLimitKeyExpirationDuration)
+		inMemoryRateLimiter.Init(config.RateLimitKeyExpirationDuration)
 		return func(c *gin.Context) {
 			memoryRateLimiter(c, maxRequestNum, duration, mark)
 		}
@@ -83,21 +91,21 @@ func rateLimitFactory(maxRequestNum int, duration int64, mark string) func(c *gi
 }
 
 func GlobalWebRateLimit() func(c *gin.Context) {
-	return rateLimitFactory(common.GlobalWebRateLimitNum, common.GlobalWebRateLimitDuration, "GW")
+	return rateLimitFactory(config.GlobalWebRateLimitNum, config.GlobalWebRateLimitDuration, "GW")
 }
 
 func GlobalAPIRateLimit() func(c *gin.Context) {
-	return rateLimitFactory(common.GlobalApiRateLimitNum, common.GlobalApiRateLimitDuration, "GA")
+	return rateLimitFactory(config.GlobalApiRateLimitNum, config.GlobalApiRateLimitDuration, "GA")
 }
 
 func CriticalRateLimit() func(c *gin.Context) {
-	return rateLimitFactory(common.CriticalRateLimitNum, common.CriticalRateLimitDuration, "CT")
+	return rateLimitFactory(config.CriticalRateLimitNum, config.CriticalRateLimitDuration, "CT")
 }
 
 func DownloadRateLimit() func(c *gin.Context) {
-	return rateLimitFactory(common.DownloadRateLimitNum, common.DownloadRateLimitDuration, "DW")
+	return rateLimitFactory(config.DownloadRateLimitNum, config.DownloadRateLimitDuration, "DW")
 }
 
 func UploadRateLimit() func(c *gin.Context) {
-	return rateLimitFactory(common.UploadRateLimitNum, common.UploadRateLimitDuration, "UP")
+	return rateLimitFactory(config.UploadRateLimitNum, config.UploadRateLimitDuration, "UP")
 }

middleware/recover.go

@@ -0,0 +1,33 @@
+package middleware
+
+import (
+	"fmt"
+	"github.com/gin-gonic/gin"
+	"github.com/songquanpeng/one-api/common"
+	"github.com/songquanpeng/one-api/common/logger"
+	"net/http"
+	"runtime/debug"
+)
+
+func RelayPanicRecover() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		defer func() {
+			if err := recover(); err != nil {
+				ctx := c.Request.Context()
+				logger.Errorf(ctx, fmt.Sprintf("panic detected: %v", err))
+				logger.Errorf(ctx, fmt.Sprintf("stacktrace from panic: %s", string(debug.Stack())))
+				logger.Errorf(ctx, fmt.Sprintf("request: %s %s", c.Request.Method, c.Request.URL.Path))
+				body, _ := common.GetRequestBody(c)
+				logger.Errorf(ctx, fmt.Sprintf("request body: %s", string(body)))
+				c.JSON(http.StatusInternalServerError, gin.H{
+					"error": gin.H{
+						"message": fmt.Sprintf("Panic detected, error: %v. Please submit an issue with the related log here: https://github.com/songquanpeng/one-api", err),
+						"type":    "one_api_panic",
+					},
+				})
+				c.Abort()
+			}
+		}()
+		c.Next()
+	}
+}

middleware/request-id.go

@@ -0,0 +1,18 @@
+package middleware
+
+import (
+	"github.com/gin-gonic/gin"
+
+	"github.com/songquanpeng/one-api/common/helper"
+)
+
+func RequestId() func(c *gin.Context) {
+	return func(c *gin.Context) {
+		id := helper.GenRequestID()
+		c.Set(helper.RequestIdKey, id)
+		ctx := helper.SetRequestID(c.Request.Context(), id)
+		c.Request = c.Request.WithContext(ctx)
+		c.Header(helper.RequestIdKey, id)
+		c.Next()
+	}
+}

middleware/turnstile-check.go

@@ -4,9 +4,10 @@ import (
 	"encoding/json"
 	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/logger"
 	"net/http"
 	"net/url"
-	"one-api/common"
 )
 
 type turnstileCheckResponse struct {
@@ -15,7 +16,7 @@ type turnstileCheckResponse struct {
 
 func TurnstileCheck() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		if common.TurnstileCheckEnabled {
+		if config.TurnstileCheckEnabled {
 			session := sessions.Default(c)
 			turnstileChecked := session.Get("turnstile")
 			if turnstileChecked != nil {
@@ -32,12 +33,12 @@ func TurnstileCheck() gin.HandlerFunc {
 				return
 			}
 			rawRes, err := http.PostForm("https://challenges.cloudflare.com/turnstile/v0/siteverify", url.Values{
-				"secret":   {common.TurnstileSecretKey},
+				"secret":   {config.TurnstileSecretKey},
 				"response": {response},
 				"remoteip": {c.ClientIP()},
 			})
 			if err != nil {
-				common.SysError(err.Error())
+				logger.SysError(err.Error())
 				c.JSON(http.StatusOK, gin.H{
 					"success": false,
 					"message": err.Error(),
@@ -49,7 +50,7 @@ func TurnstileCheck() gin.HandlerFunc {
 			var res turnstileCheckResponse
 			err = json.NewDecoder(rawRes.Body).Decode(&res)
 			if err != nil {
-				common.SysError(err.Error())
+				logger.SysError(err.Error())
 				c.JSON(http.StatusOK, gin.H{
 					"success": false,
 					"message": err.Error(),

middleware/utils.go

@@ -0,0 +1,60 @@
+package middleware
+
+import (
+	"fmt"
+	"github.com/gin-gonic/gin"
+	"github.com/songquanpeng/one-api/common"
+	"github.com/songquanpeng/one-api/common/helper"
+	"github.com/songquanpeng/one-api/common/logger"
+	"strings"
+)
+
+func abortWithMessage(c *gin.Context, statusCode int, message string) {
+	c.JSON(statusCode, gin.H{
+		"error": gin.H{
+			"message": helper.MessageWithRequestId(message, c.GetString(helper.RequestIdKey)),
+			"type":    "one_api_error",
+		},
+	})
+	c.Abort()
+	logger.Error(c.Request.Context(), message)
+}
+
+func getRequestModel(c *gin.Context) (string, error) {
+	var modelRequest ModelRequest
+	err := common.UnmarshalBodyReusable(c, &modelRequest)
+	if err != nil {
+		return "", fmt.Errorf("common.UnmarshalBodyReusable failed: %w", err)
+	}
+	if strings.HasPrefix(c.Request.URL.Path, "/v1/moderations") {
+		if modelRequest.Model == "" {
+			modelRequest.Model = "text-moderation-stable"
+		}
+	}
+	if strings.HasSuffix(c.Request.URL.Path, "embeddings") {
+		if modelRequest.Model == "" {
+			modelRequest.Model = c.Param("model")
+		}
+	}
+	if strings.HasPrefix(c.Request.URL.Path, "/v1/images/generations") {
+		if modelRequest.Model == "" {
+			modelRequest.Model = "dall-e-2"
+		}
+	}
+	if strings.HasPrefix(c.Request.URL.Path, "/v1/audio/transcriptions") || strings.HasPrefix(c.Request.URL.Path, "/v1/audio/translations") {
+		if modelRequest.Model == "" {
+			modelRequest.Model = "whisper-1"
+		}
+	}
+	return modelRequest.Model, nil
+}
+
+func isModelInList(modelName string, models string) bool {
+	modelList := strings.Split(models, ",")
+	for _, model := range modelList {
+		if modelName == model {
+			return true
+		}
+	}
+	return false
+}

model/ability.go

@@ -0,0 +1,112 @@
+package model
+
+import (
+	"context"
+	"sort"
+	"strings"
+
+	"gorm.io/gorm"
+
+	"github.com/songquanpeng/one-api/common"
+	"github.com/songquanpeng/one-api/common/utils"
+)
+
+type Ability struct {
+	Group     string `json:"group" gorm:"type:varchar(32);primaryKey;autoIncrement:false"`
+	Model     string `json:"model" gorm:"primaryKey;autoIncrement:false"`
+	ChannelId int    `json:"channel_id" gorm:"primaryKey;autoIncrement:false;index"`
+	Enabled   bool   `json:"enabled"`
+	Priority  *int64 `json:"priority" gorm:"bigint;default:0;index"`
+}
+
+func GetRandomSatisfiedChannel(group string, model string, ignoreFirstPriority bool) (*Channel, error) {
+	ability := Ability{}
+	groupCol := "`group`"
+	trueVal := "1"
+	if common.UsingPostgreSQL {
+		groupCol = `"group"`
+		trueVal = "true"
+	}
+
+	var err error = nil
+	var channelQuery *gorm.DB
+	if ignoreFirstPriority {
+		channelQuery = DB.Where(groupCol+" = ? and model = ? and enabled = "+trueVal, group, model)
+	} else {
+		maxPrioritySubQuery := DB.Model(&Ability{}).Select("MAX(priority)").Where(groupCol+" = ? and model = ? and enabled = "+trueVal, group, model)
+		channelQuery = DB.Where(groupCol+" = ? and model = ? and enabled = "+trueVal+" and priority = (?)", group, model, maxPrioritySubQuery)
+	}
+	if common.UsingSQLite || common.UsingPostgreSQL {
+		err = channelQuery.Order("RANDOM()").First(&ability).Error
+	} else {
+		err = channelQuery.Order("RAND()").First(&ability).Error
+	}
+	if err != nil {
+		return nil, err
+	}
+	channel := Channel{}
+	channel.Id = ability.ChannelId
+	err = DB.First(&channel, "id = ?", ability.ChannelId).Error
+	return &channel, err
+}
+
+func (channel *Channel) AddAbilities() error {
+	models_ := strings.Split(channel.Models, ",")
+	models_ = utils.DeDuplication(models_)
+	groups_ := strings.Split(channel.Group, ",")
+	abilities := make([]Ability, 0, len(models_))
+	for _, model := range models_ {
+		for _, group := range groups_ {
+			ability := Ability{
+				Group:     group,
+				Model:     model,
+				ChannelId: channel.Id,
+				Enabled:   channel.Status == ChannelStatusEnabled,
+				Priority:  channel.Priority,
+			}
+			abilities = append(abilities, ability)
+		}
+	}
+	return DB.Create(&abilities).Error
+}
+
+func (channel *Channel) DeleteAbilities() error {
+	return DB.Where("channel_id = ?", channel.Id).Delete(&Ability{}).Error
+}
+
+// UpdateAbilities updates abilities of this channel.
+// Make sure the channel is completed before calling this function.
+func (channel *Channel) UpdateAbilities() error {
+	// A quick and dirty way to update abilities
+	// First delete all abilities of this channel
+	err := channel.DeleteAbilities()
+	if err != nil {
+		return err
+	}
+	// Then add new abilities
+	err = channel.AddAbilities()
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func UpdateAbilityStatus(channelId int, status bool) error {
+	return DB.Model(&Ability{}).Where("channel_id = ?", channelId).Select("enabled").Update("enabled", status).Error
+}
+
+func GetGroupModels(ctx context.Context, group string) ([]string, error) {
+	groupCol := "`group`"
+	trueVal := "1"
+	if common.UsingPostgreSQL {
+		groupCol = `"group"`
+		trueVal = "true"
+	}
+	var models []string
+	err := DB.Model(&Ability{}).Distinct("model").Where(groupCol+" = ? and enabled = "+trueVal, group).Pluck("model", &models).Error
+	if err != nil {
+		return nil, err
+	}
+	sort.Strings(models)
+	return models, err
+}

model/cache.go

@@ -0,0 +1,255 @@
+package model
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"github.com/songquanpeng/one-api/common"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/logger"
+	"github.com/songquanpeng/one-api/common/random"
+	"math/rand"
+	"sort"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+)
+
+var (
+	TokenCacheSeconds         = config.SyncFrequency
+	UserId2GroupCacheSeconds  = config.SyncFrequency
+	UserId2QuotaCacheSeconds  = config.SyncFrequency
+	UserId2StatusCacheSeconds = config.SyncFrequency
+	GroupModelsCacheSeconds   = config.SyncFrequency
+)
+
+func CacheGetTokenByKey(key string) (*Token, error) {
+	keyCol := "`key`"
+	if common.UsingPostgreSQL {
+		keyCol = `"key"`
+	}
+	var token Token
+	if !common.RedisEnabled {
+		err := DB.Where(keyCol+" = ?", key).First(&token).Error
+		return &token, err
+	}
+	tokenObjectString, err := common.RedisGet(fmt.Sprintf("token:%s", key))
+	if err != nil {
+		err := DB.Where(keyCol+" = ?", key).First(&token).Error
+		if err != nil {
+			return nil, err
+		}
+		jsonBytes, err := json.Marshal(token)
+		if err != nil {
+			return nil, err
+		}
+		err = common.RedisSet(fmt.Sprintf("token:%s", key), string(jsonBytes), time.Duration(TokenCacheSeconds)*time.Second)
+		if err != nil {
+			logger.SysError("Redis set token error: " + err.Error())
+		}
+		return &token, nil
+	}
+	err = json.Unmarshal([]byte(tokenObjectString), &token)
+	return &token, err
+}
+
+func CacheGetUserGroup(id int) (group string, err error) {
+	if !common.RedisEnabled {
+		return GetUserGroup(id)
+	}
+	group, err = common.RedisGet(fmt.Sprintf("user_group:%d", id))
+	if err != nil {
+		group, err = GetUserGroup(id)
+		if err != nil {
+			return "", err
+		}
+		err = common.RedisSet(fmt.Sprintf("user_group:%d", id), group, time.Duration(UserId2GroupCacheSeconds)*time.Second)
+		if err != nil {
+			logger.SysError("Redis set user group error: " + err.Error())
+		}
+	}
+	return group, err
+}
+
+func fetchAndUpdateUserQuota(ctx context.Context, id int) (quota int64, err error) {
+	quota, err = GetUserQuota(id)
+	if err != nil {
+		return 0, err
+	}
+	err = common.RedisSet(fmt.Sprintf("user_quota:%d", id), fmt.Sprintf("%d", quota), time.Duration(UserId2QuotaCacheSeconds)*time.Second)
+	if err != nil {
+		logger.Error(ctx, "Redis set user quota error: "+err.Error())
+	}
+	return
+}
+
+func CacheGetUserQuota(ctx context.Context, id int) (quota int64, err error) {
+	if !common.RedisEnabled {
+		return GetUserQuota(id)
+	}
+	quotaString, err := common.RedisGet(fmt.Sprintf("user_quota:%d", id))
+	if err != nil {
+		return fetchAndUpdateUserQuota(ctx, id)
+	}
+	quota, err = strconv.ParseInt(quotaString, 10, 64)
+	if err != nil {
+		return 0, nil
+	}
+	if quota <= config.PreConsumedQuota { // when user's quota is less than pre-consumed quota, we need to fetch from db
+		logger.Infof(ctx, "user %d's cached quota is too low: %d, refreshing from db", quota, id)
+		return fetchAndUpdateUserQuota(ctx, id)
+	}
+	return quota, nil
+}
+
+func CacheUpdateUserQuota(ctx context.Context, id int) error {
+	if !common.RedisEnabled {
+		return nil
+	}
+	quota, err := CacheGetUserQuota(ctx, id)
+	if err != nil {
+		return err
+	}
+	err = common.RedisSet(fmt.Sprintf("user_quota:%d", id), fmt.Sprintf("%d", quota), time.Duration(UserId2QuotaCacheSeconds)*time.Second)
+	return err
+}
+
+func CacheDecreaseUserQuota(id int, quota int64) error {
+	if !common.RedisEnabled {
+		return nil
+	}
+	err := common.RedisDecrease(fmt.Sprintf("user_quota:%d", id), int64(quota))
+	return err
+}
+
+func CacheIsUserEnabled(userId int) (bool, error) {
+	if !common.RedisEnabled {
+		return IsUserEnabled(userId)
+	}
+	enabled, err := common.RedisGet(fmt.Sprintf("user_enabled:%d", userId))
+	if err == nil {
+		return enabled == "1", nil
+	}
+
+	userEnabled, err := IsUserEnabled(userId)
+	if err != nil {
+		return false, err
+	}
+	enabled = "0"
+	if userEnabled {
+		enabled = "1"
+	}
+	err = common.RedisSet(fmt.Sprintf("user_enabled:%d", userId), enabled, time.Duration(UserId2StatusCacheSeconds)*time.Second)
+	if err != nil {
+		logger.SysError("Redis set user enabled error: " + err.Error())
+	}
+	return userEnabled, err
+}
+
+func CacheGetGroupModels(ctx context.Context, group string) ([]string, error) {
+	if !common.RedisEnabled {
+		return GetGroupModels(ctx, group)
+	}
+	modelsStr, err := common.RedisGet(fmt.Sprintf("group_models:%s", group))
+	if err == nil {
+		return strings.Split(modelsStr, ","), nil
+	}
+	models, err := GetGroupModels(ctx, group)
+	if err != nil {
+		return nil, err
+	}
+	err = common.RedisSet(fmt.Sprintf("group_models:%s", group), strings.Join(models, ","), time.Duration(GroupModelsCacheSeconds)*time.Second)
+	if err != nil {
+		logger.SysError("Redis set group models error: " + err.Error())
+	}
+	return models, nil
+}
+
+var group2model2channels map[string]map[string][]*Channel
+var channelSyncLock sync.RWMutex
+
+func InitChannelCache() {
+	newChannelId2channel := make(map[int]*Channel)
+	var channels []*Channel
+	DB.Where("status = ?", ChannelStatusEnabled).Find(&channels)
+	for _, channel := range channels {
+		newChannelId2channel[channel.Id] = channel
+	}
+	var abilities []*Ability
+	DB.Find(&abilities)
+	groups := make(map[string]bool)
+	for _, ability := range abilities {
+		groups[ability.Group] = true
+	}
+	newGroup2model2channels := make(map[string]map[string][]*Channel)
+	for group := range groups {
+		newGroup2model2channels[group] = make(map[string][]*Channel)
+	}
+	for _, channel := range channels {
+		groups := strings.Split(channel.Group, ",")
+		for _, group := range groups {
+			models := strings.Split(channel.Models, ",")
+			for _, model := range models {
+				if _, ok := newGroup2model2channels[group][model]; !ok {
+					newGroup2model2channels[group][model] = make([]*Channel, 0)
+				}
+				newGroup2model2channels[group][model] = append(newGroup2model2channels[group][model], channel)
+			}
+		}
+	}
+
+	// sort by priority
+	for group, model2channels := range newGroup2model2channels {
+		for model, channels := range model2channels {
+			sort.Slice(channels, func(i, j int) bool {
+				return channels[i].GetPriority() > channels[j].GetPriority()
+			})
+			newGroup2model2channels[group][model] = channels
+		}
+	}
+
+	channelSyncLock.Lock()
+	group2model2channels = newGroup2model2channels
+	channelSyncLock.Unlock()
+	logger.SysLog("channels synced from database")
+}
+
+func SyncChannelCache(frequency int) {
+	for {
+		time.Sleep(time.Duration(frequency) * time.Second)
+		logger.SysLog("syncing channels from database")
+		InitChannelCache()
+	}
+}
+
+func CacheGetRandomSatisfiedChannel(group string, model string, ignoreFirstPriority bool) (*Channel, error) {
+	if !config.MemoryCacheEnabled {
+		return GetRandomSatisfiedChannel(group, model, ignoreFirstPriority)
+	}
+	channelSyncLock.RLock()
+	defer channelSyncLock.RUnlock()
+	channels := group2model2channels[group][model]
+	if len(channels) == 0 {
+		return nil, errors.New("channel not found")
+	}
+	endIdx := len(channels)
+	// choose by priority
+	firstChannel := channels[0]
+	if firstChannel.GetPriority() > 0 {
+		for i := range channels {
+			if channels[i].GetPriority() != firstChannel.GetPriority() {
+				endIdx = i
+				break
+			}
+		}
+	}
+	idx := rand.Intn(endIdx)
+	if ignoreFirstPriority {
+		if endIdx < len(channels) { // which means there are more than one priority
+			idx = random.RandRange(endIdx, len(channels))
+		}
+	}
+	return channels[idx], nil
+}

model/channel.go

@@ -1,31 +1,73 @@
 package model
 
 import (
-	_ "gorm.io/driver/sqlite"
-	"one-api/common"
+	"encoding/json"
+	"fmt"
+
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/helper"
+	"github.com/songquanpeng/one-api/common/logger"
+	"gorm.io/gorm"
+)
+
+const (
+	ChannelStatusUnknown          = 0
+	ChannelStatusEnabled          = 1 // don't use 0, 0 is the default value!
+	ChannelStatusManuallyDisabled = 2 // also don't use 0
+	ChannelStatusAutoDisabled     = 3
 )
 
 type Channel struct {
-	Id           int    `json:"id"`
-	Type         int    `json:"type" gorm:"default:0"`
-	Key          string `json:"key" gorm:"not null"`
-	Status       int    `json:"status" gorm:"default:1"`
-	Name         string `json:"name" gorm:"index"`
-	Weight       int    `json:"weight"`
-	CreatedTime  int64  `json:"created_time" gorm:"bigint"`
-	AccessedTime int64  `json:"accessed_time" gorm:"bigint"`
-	BaseURL      string `json:"base_url" gorm:"column:base_url"`
+	Id                 int     `json:"id"`
+	Type               int     `json:"type" gorm:"default:0"`
+	Key                string  `json:"key" gorm:"type:text"`
+	Status             int     `json:"status" gorm:"default:1"`
+	Name               string  `json:"name" gorm:"index"`
+	Weight             *uint   `json:"weight" gorm:"default:0"`
+	CreatedTime        int64   `json:"created_time" gorm:"bigint"`
+	TestTime           int64   `json:"test_time" gorm:"bigint"`
+	ResponseTime       int     `json:"response_time"` // in milliseconds
+	BaseURL            *string `json:"base_url" gorm:"column:base_url;default:''"`
+	Other              *string `json:"other"`   // DEPRECATED: please save config to field Config
+	Balance            float64 `json:"balance"` // in USD
+	BalanceUpdatedTime int64   `json:"balance_updated_time" gorm:"bigint"`
+	Models             string  `json:"models"`
+	Group              string  `json:"group" gorm:"type:varchar(32);default:'default'"`
+	UsedQuota          int64   `json:"used_quota" gorm:"bigint;default:0"`
+	ModelMapping       *string `json:"model_mapping" gorm:"type:varchar(1024);default:''"`
+	Priority           *int64  `json:"priority" gorm:"bigint;default:0"`
+	Config             string  `json:"config"`
+	SystemPrompt       *string `json:"system_prompt" gorm:"type:text"`
 }
 
-func GetAllChannels(startIdx int, num int) ([]*Channel, error) {
+type ChannelConfig struct {
+	Region            string `json:"region,omitempty"`
+	SK                string `json:"sk,omitempty"`
+	AK                string `json:"ak,omitempty"`
+	UserID            string `json:"user_id,omitempty"`
+	APIVersion        string `json:"api_version,omitempty"`
+	LibraryID         string `json:"library_id,omitempty"`
+	Plugin            string `json:"plugin,omitempty"`
+	VertexAIProjectID string `json:"vertex_ai_project_id,omitempty"`
+	VertexAIADC       string `json:"vertex_ai_adc,omitempty"`
+}
+
+func GetAllChannels(startIdx int, num int, scope string) ([]*Channel, error) {
 	var channels []*Channel
 	var err error
-	err = DB.Order("id desc").Limit(num).Offset(startIdx).Omit("key").Find(&channels).Error
+	switch scope {
+	case "all":
+		err = DB.Order("id desc").Find(&channels).Error
+	case "disabled":
+		err = DB.Order("id desc").Where("status = ? or status = ?", ChannelStatusAutoDisabled, ChannelStatusManuallyDisabled).Find(&channels).Error
+	default:
+		err = DB.Order("id desc").Limit(num).Offset(startIdx).Omit("key").Find(&channels).Error
+	}
 	return channels, err
 }
 
 func SearchChannels(keyword string) (channels []*Channel, err error) {
-	err = DB.Omit("key").Where("id = ? or name LIKE ?", keyword, keyword+"%").Find(&channels).Error
+	err = DB.Omit("key").Where("id = ? or name LIKE ?", helper.String2Int(keyword), keyword+"%").Find(&channels).Error
 	return channels, err
 }
 
@@ -40,32 +82,143 @@ func GetChannelById(id int, selectAll bool) (*Channel, error) {
 	return &channel, err
 }
 
-func GetRandomChannel() (*Channel, error) {
-	// TODO: consider weight
-	channel := Channel{}
-	var err error = nil
-	if common.UsingSQLite {
-		err = DB.Where("status = ?", common.ChannelStatusEnabled).Order("RANDOM()").Limit(1).First(&channel).Error
-	} else {
-		err = DB.Where("status = ?", common.ChannelStatusEnabled).Order("RAND()").Limit(1).First(&channel).Error
+func BatchInsertChannels(channels []Channel) error {
+	var err error
+	err = DB.Create(&channels).Error
+	if err != nil {
+		return err
 	}
-	return &channel, err
+	for _, channel_ := range channels {
+		err = channel_.AddAbilities()
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (channel *Channel) GetPriority() int64 {
+	if channel.Priority == nil {
+		return 0
+	}
+	return *channel.Priority
+}
+
+func (channel *Channel) GetBaseURL() string {
+	if channel.BaseURL == nil {
+		return ""
+	}
+	return *channel.BaseURL
+}
+
+func (channel *Channel) GetModelMapping() map[string]string {
+	if channel.ModelMapping == nil || *channel.ModelMapping == "" || *channel.ModelMapping == "{}" {
+		return nil
+	}
+	modelMapping := make(map[string]string)
+	err := json.Unmarshal([]byte(*channel.ModelMapping), &modelMapping)
+	if err != nil {
+		logger.SysError(fmt.Sprintf("failed to unmarshal model mapping for channel %d, error: %s", channel.Id, err.Error()))
+		return nil
+	}
+	return modelMapping
 }
 
 func (channel *Channel) Insert() error {
 	var err error
 	err = DB.Create(channel).Error
+	if err != nil {
+		return err
+	}
+	err = channel.AddAbilities()
 	return err
 }
 
 func (channel *Channel) Update() error {
 	var err error
 	err = DB.Model(channel).Updates(channel).Error
+	if err != nil {
+		return err
+	}
+	DB.Model(channel).First(channel, "id = ?", channel.Id)
+	err = channel.UpdateAbilities()
 	return err
 }
 
+func (channel *Channel) UpdateResponseTime(responseTime int64) {
+	err := DB.Model(channel).Select("response_time", "test_time").Updates(Channel{
+		TestTime:     helper.GetTimestamp(),
+		ResponseTime: int(responseTime),
+	}).Error
+	if err != nil {
+		logger.SysError("failed to update response time: " + err.Error())
+	}
+}
+
+func (channel *Channel) UpdateBalance(balance float64) {
+	err := DB.Model(channel).Select("balance_updated_time", "balance").Updates(Channel{
+		BalanceUpdatedTime: helper.GetTimestamp(),
+		Balance:            balance,
+	}).Error
+	if err != nil {
+		logger.SysError("failed to update balance: " + err.Error())
+	}
+}
+
 func (channel *Channel) Delete() error {
 	var err error
 	err = DB.Delete(channel).Error
+	if err != nil {
+		return err
+	}
+	err = channel.DeleteAbilities()
 	return err
 }
+
+func (channel *Channel) LoadConfig() (ChannelConfig, error) {
+	var cfg ChannelConfig
+	if channel.Config == "" {
+		return cfg, nil
+	}
+	err := json.Unmarshal([]byte(channel.Config), &cfg)
+	if err != nil {
+		return cfg, err
+	}
+	return cfg, nil
+}
+
+func UpdateChannelStatusById(id int, status int) {
+	err := UpdateAbilityStatus(id, status == ChannelStatusEnabled)
+	if err != nil {
+		logger.SysError("failed to update ability status: " + err.Error())
+	}
+	err = DB.Model(&Channel{}).Where("id = ?", id).Update("status", status).Error
+	if err != nil {
+		logger.SysError("failed to update channel status: " + err.Error())
+	}
+}
+
+func UpdateChannelUsedQuota(id int, quota int64) {
+	if config.BatchUpdateEnabled {
+		addNewRecord(BatchUpdateTypeChannelUsedQuota, id, quota)
+		return
+	}
+	updateChannelUsedQuota(id, quota)
+}
+
+func updateChannelUsedQuota(id int, quota int64) {
+	err := DB.Model(&Channel{}).Where("id = ?", id).Update("used_quota", gorm.Expr("used_quota + ?", quota)).Error
+	if err != nil {
+		logger.SysError("failed to update channel used quota: " + err.Error())
+	}
+}
+
+func DeleteChannelByStatus(status int64) (int64, error) {
+	result := DB.Where("status = ?", status).Delete(&Channel{})
+	return result.RowsAffected, result.Error
+}
+
+func DeleteDisabledChannel() (int64, error) {
+	result := DB.Where("status = ? or status = ?", ChannelStatusAutoDisabled, ChannelStatusManuallyDisabled).Delete(&Channel{})
+	return result.RowsAffected, result.Error
+}

model/log.go

@@ -0,0 +1,251 @@
+package model
+
+import (
+	"context"
+	"fmt"
+
+	"gorm.io/gorm"
+
+	"github.com/songquanpeng/one-api/common"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/helper"
+	"github.com/songquanpeng/one-api/common/logger"
+)
+
+type Log struct {
+	Id                int    `json:"id"`
+	UserId            int    `json:"user_id" gorm:"index"`
+	CreatedAt         int64  `json:"created_at" gorm:"bigint;index:idx_created_at_type"`
+	Type              int    `json:"type" gorm:"index:idx_created_at_type"`
+	Content           string `json:"content"`
+	Username          string `json:"username" gorm:"index:index_username_model_name,priority:2;default:''"`
+	TokenName         string `json:"token_name" gorm:"index;default:''"`
+	ModelName         string `json:"model_name" gorm:"index;index:index_username_model_name,priority:1;default:''"`
+	Quota             int    `json:"quota" gorm:"default:0"`
+	PromptTokens      int    `json:"prompt_tokens" gorm:"default:0"`
+	CompletionTokens  int    `json:"completion_tokens" gorm:"default:0"`
+	ChannelId         int    `json:"channel" gorm:"index"`
+	RequestId         string `json:"request_id" gorm:"default:''"`
+	ElapsedTime       int64  `json:"elapsed_time" gorm:"default:0"` // unit is ms
+	IsStream          bool   `json:"is_stream" gorm:"default:false"`
+	SystemPromptReset bool   `json:"system_prompt_reset" gorm:"default:false"`
+}
+
+const (
+	LogTypeUnknown = iota
+	LogTypeTopup
+	LogTypeConsume
+	LogTypeManage
+	LogTypeSystem
+	LogTypeTest
+)
+
+func recordLogHelper(ctx context.Context, log *Log) {
+	requestId := helper.GetRequestID(ctx)
+	log.RequestId = requestId
+	err := LOG_DB.Create(log).Error
+	if err != nil {
+		logger.Error(ctx, "failed to record log: "+err.Error())
+		return
+	}
+	logger.Infof(ctx, "record log: %+v", log)
+}
+
+func RecordLog(ctx context.Context, userId int, logType int, content string) {
+	if logType == LogTypeConsume && !config.LogConsumeEnabled {
+		return
+	}
+	log := &Log{
+		UserId:    userId,
+		Username:  GetUsernameById(userId),
+		CreatedAt: helper.GetTimestamp(),
+		Type:      logType,
+		Content:   content,
+	}
+	recordLogHelper(ctx, log)
+}
+
+func RecordTopupLog(ctx context.Context, userId int, content string, quota int) {
+	log := &Log{
+		UserId:    userId,
+		Username:  GetUsernameById(userId),
+		CreatedAt: helper.GetTimestamp(),
+		Type:      LogTypeTopup,
+		Content:   content,
+		Quota:     quota,
+	}
+	recordLogHelper(ctx, log)
+}
+
+func RecordConsumeLog(ctx context.Context, log *Log) {
+	if !config.LogConsumeEnabled {
+		return
+	}
+	log.Username = GetUsernameById(log.UserId)
+	log.CreatedAt = helper.GetTimestamp()
+	log.Type = LogTypeConsume
+	recordLogHelper(ctx, log)
+}
+
+func RecordTestLog(ctx context.Context, log *Log) {
+	log.CreatedAt = helper.GetTimestamp()
+	log.Type = LogTypeTest
+	recordLogHelper(ctx, log)
+}
+
+func GetAllLogs(logType int, startTimestamp int64, endTimestamp int64, modelName string, username string, tokenName string, startIdx int, num int, channel int) (logs []*Log, err error) {
+	var tx *gorm.DB
+	if logType == LogTypeUnknown {
+		tx = LOG_DB
+	} else {
+		tx = LOG_DB.Where("type = ?", logType)
+	}
+	if modelName != "" {
+		tx = tx.Where("model_name = ?", modelName)
+	}
+	if username != "" {
+		tx = tx.Where("username = ?", username)
+	}
+	if tokenName != "" {
+		tx = tx.Where("token_name = ?", tokenName)
+	}
+	if startTimestamp != 0 {
+		tx = tx.Where("created_at >= ?", startTimestamp)
+	}
+	if endTimestamp != 0 {
+		tx = tx.Where("created_at <= ?", endTimestamp)
+	}
+	if channel != 0 {
+		tx = tx.Where("channel_id = ?", channel)
+	}
+	err = tx.Order("id desc").Limit(num).Offset(startIdx).Find(&logs).Error
+	return logs, err
+}
+
+func GetUserLogs(userId int, logType int, startTimestamp int64, endTimestamp int64, modelName string, tokenName string, startIdx int, num int) (logs []*Log, err error) {
+	var tx *gorm.DB
+	if logType == LogTypeUnknown {
+		tx = LOG_DB.Where("user_id = ?", userId)
+	} else {
+		tx = LOG_DB.Where("user_id = ? and type = ?", userId, logType)
+	}
+	if modelName != "" {
+		tx = tx.Where("model_name = ?", modelName)
+	}
+	if tokenName != "" {
+		tx = tx.Where("token_name = ?", tokenName)
+	}
+	if startTimestamp != 0 {
+		tx = tx.Where("created_at >= ?", startTimestamp)
+	}
+	if endTimestamp != 0 {
+		tx = tx.Where("created_at <= ?", endTimestamp)
+	}
+	err = tx.Order("id desc").Limit(num).Offset(startIdx).Omit("id").Find(&logs).Error
+	return logs, err
+}
+
+func SearchAllLogs(keyword string) (logs []*Log, err error) {
+	err = LOG_DB.Where("type = ? or content LIKE ?", keyword, keyword+"%").Order("id desc").Limit(config.MaxRecentItems).Find(&logs).Error
+	return logs, err
+}
+
+func SearchUserLogs(userId int, keyword string) (logs []*Log, err error) {
+	err = LOG_DB.Where("user_id = ? and type = ?", userId, keyword).Order("id desc").Limit(config.MaxRecentItems).Omit("id").Find(&logs).Error
+	return logs, err
+}
+
+func SumUsedQuota(logType int, startTimestamp int64, endTimestamp int64, modelName string, username string, tokenName string, channel int) (quota int64) {
+	ifnull := "ifnull"
+	if common.UsingPostgreSQL {
+		ifnull = "COALESCE"
+	}
+	tx := LOG_DB.Table("logs").Select(fmt.Sprintf("%s(sum(quota),0)", ifnull))
+	if username != "" {
+		tx = tx.Where("username = ?", username)
+	}
+	if tokenName != "" {
+		tx = tx.Where("token_name = ?", tokenName)
+	}
+	if startTimestamp != 0 {
+		tx = tx.Where("created_at >= ?", startTimestamp)
+	}
+	if endTimestamp != 0 {
+		tx = tx.Where("created_at <= ?", endTimestamp)
+	}
+	if modelName != "" {
+		tx = tx.Where("model_name = ?", modelName)
+	}
+	if channel != 0 {
+		tx = tx.Where("channel_id = ?", channel)
+	}
+	tx.Where("type = ?", LogTypeConsume).Scan(&quota)
+	return quota
+}
+
+func SumUsedToken(logType int, startTimestamp int64, endTimestamp int64, modelName string, username string, tokenName string) (token int) {
+	ifnull := "ifnull"
+	if common.UsingPostgreSQL {
+		ifnull = "COALESCE"
+	}
+	tx := LOG_DB.Table("logs").Select(fmt.Sprintf("%s(sum(prompt_tokens),0) + %s(sum(completion_tokens),0)", ifnull, ifnull))
+	if username != "" {
+		tx = tx.Where("username = ?", username)
+	}
+	if tokenName != "" {
+		tx = tx.Where("token_name = ?", tokenName)
+	}
+	if startTimestamp != 0 {
+		tx = tx.Where("created_at >= ?", startTimestamp)
+	}
+	if endTimestamp != 0 {
+		tx = tx.Where("created_at <= ?", endTimestamp)
+	}
+	if modelName != "" {
+		tx = tx.Where("model_name = ?", modelName)
+	}
+	tx.Where("type = ?", LogTypeConsume).Scan(&token)
+	return token
+}
+
+func DeleteOldLog(targetTimestamp int64) (int64, error) {
+	result := LOG_DB.Where("created_at < ?", targetTimestamp).Delete(&Log{})
+	return result.RowsAffected, result.Error
+}
+
+type LogStatistic struct {
+	Day              string `gorm:"column:day"`
+	ModelName        string `gorm:"column:model_name"`
+	RequestCount     int    `gorm:"column:request_count"`
+	Quota            int    `gorm:"column:quota"`
+	PromptTokens     int    `gorm:"column:prompt_tokens"`
+	CompletionTokens int    `gorm:"column:completion_tokens"`
+}
+
+func SearchLogsByDayAndModel(userId, start, end int) (LogStatistics []*LogStatistic, err error) {
+	groupSelect := "DATE_FORMAT(FROM_UNIXTIME(created_at), '%Y-%m-%d') as day"
+
+	if common.UsingPostgreSQL {
+		groupSelect = "TO_CHAR(date_trunc('day', to_timestamp(created_at)), 'YYYY-MM-DD') as day"
+	}
+
+	if common.UsingSQLite {
+		groupSelect = "strftime('%Y-%m-%d', datetime(created_at, 'unixepoch')) as day"
+	}
+
+	err = LOG_DB.Raw(`
+		SELECT `+groupSelect+`,
+		model_name, count(1) as request_count,
+		sum(quota) as quota,
+		sum(prompt_tokens) as prompt_tokens,
+		sum(completion_tokens) as completion_tokens
+		FROM logs
+		WHERE type=2
+		AND user_id= ?
+		AND created_at BETWEEN ? AND ?
+		GROUP BY day, model_name
+		ORDER BY day, model_name
+	`, userId, start, end).Scan(&LogStatistics).Error
+
+	return LogStatistics, err
+}

model/main.go

@@ -1,87 +1,237 @@
 package model
 
 import (
+	"database/sql"
+	"fmt"
+	"github.com/songquanpeng/one-api/common"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/env"
+	"github.com/songquanpeng/one-api/common/helper"
+	"github.com/songquanpeng/one-api/common/logger"
+	"github.com/songquanpeng/one-api/common/random"
 	"gorm.io/driver/mysql"
+	"gorm.io/driver/postgres"
 	"gorm.io/driver/sqlite"
 	"gorm.io/gorm"
-	"one-api/common"
 	"os"
+	"strings"
+	"time"
 )
 
 var DB *gorm.DB
+var LOG_DB *gorm.DB
 
-func createRootAccountIfNeed() error {
+func CreateRootAccountIfNeed() error {
 	var user User
-	//if user.Status != common.UserStatusEnabled {
+	//if user.Status != util.UserStatusEnabled {
 	if err := DB.First(&user).Error; err != nil {
-		common.SysLog("no user exists, create a root user for you: username is root, password is 123456")
+		logger.SysLog("no user exists, creating a root user for you: username is root, password is 123456")
 		hashedPassword, err := common.Password2Hash("123456")
 		if err != nil {
 			return err
 		}
+		accessToken := random.GetUUID()
+		if config.InitialRootAccessToken != "" {
+			accessToken = config.InitialRootAccessToken
+		}
 		rootUser := User{
 			Username:    "root",
 			Password:    hashedPassword,
-			Role:        common.RoleRootUser,
-			Status:      common.UserStatusEnabled,
+			Role:        RoleRootUser,
+			Status:      UserStatusEnabled,
 			DisplayName: "Root User",
+			AccessToken: accessToken,
+			Quota:       500000000000000,
 		}
 		DB.Create(&rootUser)
+		if config.InitialRootToken != "" {
+			logger.SysLog("creating initial root token as requested")
+			token := Token{
+				Id:             1,
+				UserId:         rootUser.Id,
+				Key:            config.InitialRootToken,
+				Status:         TokenStatusEnabled,
+				Name:           "Initial Root Token",
+				CreatedTime:    helper.GetTimestamp(),
+				AccessedTime:   helper.GetTimestamp(),
+				ExpiredTime:    -1,
+				RemainQuota:    500000000000000,
+				UnlimitedQuota: true,
+			}
+			DB.Create(&token)
+		}
 	}
 	return nil
 }
 
-func CountTable(tableName string) (num int64) {
-	DB.Table(tableName).Count(&num)
-	return
-}
+func chooseDB(envName string) (*gorm.DB, error) {
+	dsn := os.Getenv(envName)
 
-func InitDB() (err error) {
-	var db *gorm.DB
-	if os.Getenv("SQL_DSN") != "" {
+	switch {
+	case strings.HasPrefix(dsn, "postgres://"):
+		// Use PostgreSQL
+		return openPostgreSQL(dsn)
+	case dsn != "":
 		// Use MySQL
-		db, err = gorm.Open(mysql.Open(os.Getenv("SQL_DSN")), &gorm.Config{
-			PrepareStmt: true, // precompile SQL
-		})
-	} else {
+		return openMySQL(dsn)
+	default:
 		// Use SQLite
-		common.UsingSQLite = true
-		db, err = gorm.Open(sqlite.Open(common.SQLitePath), &gorm.Config{
-			PrepareStmt: true, // precompile SQL
-		})
-		common.SysLog("SQL_DSN not set, using SQLite as database")
+		return openSQLite()
 	}
-	if err == nil {
-		DB = db
-		err := db.AutoMigrate(&Channel{})
-		if err != nil {
-			return err
-		}
-		err = db.AutoMigrate(&Token{})
-		if err != nil {
-			return err
-		}
-		err = db.AutoMigrate(&User{})
-		if err != nil {
-			return err
-		}
-		err = db.AutoMigrate(&Option{})
-		if err != nil {
-			return err
-		}
-		err = createRootAccountIfNeed()
-		return err
-	} else {
-		common.FatalLog(err)
-	}
-	return err
 }
 
-func CloseDB() error {
-	sqlDB, err := DB.DB()
+func openPostgreSQL(dsn string) (*gorm.DB, error) {
+	logger.SysLog("using PostgreSQL as database")
+	common.UsingPostgreSQL = true
+	return gorm.Open(postgres.New(postgres.Config{
+		DSN:                  dsn,
+		PreferSimpleProtocol: true, // disables implicit prepared statement usage
+	}), &gorm.Config{
+		PrepareStmt: true, // precompile SQL
+	})
+}
+
+func openMySQL(dsn string) (*gorm.DB, error) {
+	logger.SysLog("using MySQL as database")
+	common.UsingMySQL = true
+	return gorm.Open(mysql.Open(dsn), &gorm.Config{
+		PrepareStmt: true, // precompile SQL
+	})
+}
+
+func openSQLite() (*gorm.DB, error) {
+	logger.SysLog("SQL_DSN not set, using SQLite as database")
+	common.UsingSQLite = true
+	dsn := fmt.Sprintf("%s?_busy_timeout=%d", common.SQLitePath, common.SQLiteBusyTimeout)
+	return gorm.Open(sqlite.Open(dsn), &gorm.Config{
+		PrepareStmt: true, // precompile SQL
+	})
+}
+
+func InitDB() {
+	var err error
+	DB, err = chooseDB("SQL_DSN")
+	if err != nil {
+		logger.FatalLog("failed to initialize database: " + err.Error())
+		return
+	}
+
+	sqlDB := setDBConns(DB)
+
+	if !config.IsMasterNode {
+		return
+	}
+
+	if common.UsingMySQL {
+		_, _ = sqlDB.Exec("DROP INDEX idx_channels_key ON channels;") // TODO: delete this line when most users have upgraded
+	}
+
+	logger.SysLog("database migration started")
+	if err = migrateDB(); err != nil {
+		logger.FatalLog("failed to migrate database: " + err.Error())
+		return
+	}
+	logger.SysLog("database migrated")
+}
+
+func migrateDB() error {
+	var err error
+	if err = DB.AutoMigrate(&Channel{}); err != nil {
+		return err
+	}
+	if err = DB.AutoMigrate(&Token{}); err != nil {
+		return err
+	}
+	if err = DB.AutoMigrate(&User{}); err != nil {
+		return err
+	}
+	if err = DB.AutoMigrate(&Option{}); err != nil {
+		return err
+	}
+	if err = DB.AutoMigrate(&Redemption{}); err != nil {
+		return err
+	}
+	if err = DB.AutoMigrate(&Ability{}); err != nil {
+		return err
+	}
+	if err = DB.AutoMigrate(&Log{}); err != nil {
+		return err
+	}
+	if err = DB.AutoMigrate(&Channel{}); err != nil {
+		return err
+	}
+	return nil
+}
+
+func InitLogDB() {
+	if os.Getenv("LOG_SQL_DSN") == "" {
+		LOG_DB = DB
+		return
+	}
+
+	logger.SysLog("using secondary database for table logs")
+	var err error
+	LOG_DB, err = chooseDB("LOG_SQL_DSN")
+	if err != nil {
+		logger.FatalLog("failed to initialize secondary database: " + err.Error())
+		return
+	}
+
+	setDBConns(LOG_DB)
+
+	if !config.IsMasterNode {
+		return
+	}
+
+	logger.SysLog("secondary database migration started")
+	err = migrateLOGDB()
+	if err != nil {
+		logger.FatalLog("failed to migrate secondary database: " + err.Error())
+		return
+	}
+	logger.SysLog("secondary database migrated")
+}
+
+func migrateLOGDB() error {
+	var err error
+	if err = LOG_DB.AutoMigrate(&Log{}); err != nil {
+		return err
+	}
+	return nil
+}
+
+func setDBConns(db *gorm.DB) *sql.DB {
+	if config.DebugSQLEnabled {
+		db = db.Debug()
+	}
+
+	sqlDB, err := db.DB()
+	if err != nil {
+		logger.FatalLog("failed to connect database: " + err.Error())
+		return nil
+	}
+
+	sqlDB.SetMaxIdleConns(env.Int("SQL_MAX_IDLE_CONNS", 100))
+	sqlDB.SetMaxOpenConns(env.Int("SQL_MAX_OPEN_CONNS", 1000))
+	sqlDB.SetConnMaxLifetime(time.Second * time.Duration(env.Int("SQL_MAX_LIFETIME", 60)))
+	return sqlDB
+}
+
+func closeDB(db *gorm.DB) error {
+	sqlDB, err := db.DB()
 	if err != nil {
 		return err
 	}
 	err = sqlDB.Close()
 	return err
 }
+
+func CloseDB() error {
+	if LOG_DB != DB {
+		err := closeDB(LOG_DB)
+		if err != nil {
+			return err
+		}
+	}
+	return closeDB(DB)
+}

model/option.go

@@ -1,9 +1,12 @@
 package model
 
 import (
-	"one-api/common"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/logger"
+	billingratio "github.com/songquanpeng/one-api/relay/billing/ratio"
 	"strconv"
 	"strings"
+	"time"
 )
 
 type Option struct {
@@ -19,37 +22,81 @@ func AllOption() ([]*Option, error) {
 }
 
 func InitOptionMap() {
-	common.OptionMapRWMutex.Lock()
-	common.OptionMap = make(map[string]string)
-	common.OptionMap["FileUploadPermission"] = strconv.Itoa(common.FileUploadPermission)
-	common.OptionMap["FileDownloadPermission"] = strconv.Itoa(common.FileDownloadPermission)
-	common.OptionMap["ImageUploadPermission"] = strconv.Itoa(common.ImageUploadPermission)
-	common.OptionMap["ImageDownloadPermission"] = strconv.Itoa(common.ImageDownloadPermission)
-	common.OptionMap["PasswordLoginEnabled"] = strconv.FormatBool(common.PasswordLoginEnabled)
-	common.OptionMap["PasswordRegisterEnabled"] = strconv.FormatBool(common.PasswordRegisterEnabled)
-	common.OptionMap["EmailVerificationEnabled"] = strconv.FormatBool(common.EmailVerificationEnabled)
-	common.OptionMap["GitHubOAuthEnabled"] = strconv.FormatBool(common.GitHubOAuthEnabled)
-	common.OptionMap["WeChatAuthEnabled"] = strconv.FormatBool(common.WeChatAuthEnabled)
-	common.OptionMap["TurnstileCheckEnabled"] = strconv.FormatBool(common.TurnstileCheckEnabled)
-	common.OptionMap["RegisterEnabled"] = strconv.FormatBool(common.RegisterEnabled)
-	common.OptionMap["SMTPServer"] = ""
-	common.OptionMap["SMTPAccount"] = ""
-	common.OptionMap["SMTPToken"] = ""
-	common.OptionMap["Notice"] = ""
-	common.OptionMap["About"] = ""
-	common.OptionMap["Footer"] = common.Footer
-	common.OptionMap["ServerAddress"] = ""
-	common.OptionMap["GitHubClientId"] = ""
-	common.OptionMap["GitHubClientSecret"] = ""
-	common.OptionMap["WeChatServerAddress"] = ""
-	common.OptionMap["WeChatServerToken"] = ""
-	common.OptionMap["WeChatAccountQRCodeImageURL"] = ""
-	common.OptionMap["TurnstileSiteKey"] = ""
-	common.OptionMap["TurnstileSecretKey"] = ""
-	common.OptionMapRWMutex.Unlock()
+	config.OptionMapRWMutex.Lock()
+	config.OptionMap = make(map[string]string)
+	config.OptionMap["PasswordLoginEnabled"] = strconv.FormatBool(config.PasswordLoginEnabled)
+	config.OptionMap["PasswordRegisterEnabled"] = strconv.FormatBool(config.PasswordRegisterEnabled)
+	config.OptionMap["EmailVerificationEnabled"] = strconv.FormatBool(config.EmailVerificationEnabled)
+	config.OptionMap["GitHubOAuthEnabled"] = strconv.FormatBool(config.GitHubOAuthEnabled)
+	config.OptionMap["OidcEnabled"] = strconv.FormatBool(config.OidcEnabled)
+	config.OptionMap["WeChatAuthEnabled"] = strconv.FormatBool(config.WeChatAuthEnabled)
+	config.OptionMap["TurnstileCheckEnabled"] = strconv.FormatBool(config.TurnstileCheckEnabled)
+	config.OptionMap["RegisterEnabled"] = strconv.FormatBool(config.RegisterEnabled)
+	config.OptionMap["AutomaticDisableChannelEnabled"] = strconv.FormatBool(config.AutomaticDisableChannelEnabled)
+	config.OptionMap["AutomaticEnableChannelEnabled"] = strconv.FormatBool(config.AutomaticEnableChannelEnabled)
+	config.OptionMap["ApproximateTokenEnabled"] = strconv.FormatBool(config.ApproximateTokenEnabled)
+	config.OptionMap["LogConsumeEnabled"] = strconv.FormatBool(config.LogConsumeEnabled)
+	config.OptionMap["DisplayInCurrencyEnabled"] = strconv.FormatBool(config.DisplayInCurrencyEnabled)
+	config.OptionMap["DisplayTokenStatEnabled"] = strconv.FormatBool(config.DisplayTokenStatEnabled)
+	config.OptionMap["ChannelDisableThreshold"] = strconv.FormatFloat(config.ChannelDisableThreshold, 'f', -1, 64)
+	config.OptionMap["EmailDomainRestrictionEnabled"] = strconv.FormatBool(config.EmailDomainRestrictionEnabled)
+	config.OptionMap["EmailDomainWhitelist"] = strings.Join(config.EmailDomainWhitelist, ",")
+	config.OptionMap["SMTPServer"] = ""
+	config.OptionMap["SMTPFrom"] = ""
+	config.OptionMap["SMTPPort"] = strconv.Itoa(config.SMTPPort)
+	config.OptionMap["SMTPAccount"] = ""
+	config.OptionMap["SMTPToken"] = ""
+	config.OptionMap["Notice"] = ""
+	config.OptionMap["About"] = ""
+	config.OptionMap["HomePageContent"] = ""
+	config.OptionMap["Footer"] = config.Footer
+	config.OptionMap["SystemName"] = config.SystemName
+	config.OptionMap["Logo"] = config.Logo
+	config.OptionMap["ServerAddress"] = ""
+	config.OptionMap["GitHubClientId"] = ""
+	config.OptionMap["GitHubClientSecret"] = ""
+	config.OptionMap["WeChatServerAddress"] = ""
+	config.OptionMap["WeChatServerToken"] = ""
+	config.OptionMap["WeChatAccountQRCodeImageURL"] = ""
+	config.OptionMap["MessagePusherAddress"] = ""
+	config.OptionMap["MessagePusherToken"] = ""
+	config.OptionMap["TurnstileSiteKey"] = ""
+	config.OptionMap["TurnstileSecretKey"] = ""
+	config.OptionMap["QuotaForNewUser"] = strconv.FormatInt(config.QuotaForNewUser, 10)
+	config.OptionMap["QuotaForInviter"] = strconv.FormatInt(config.QuotaForInviter, 10)
+	config.OptionMap["QuotaForInvitee"] = strconv.FormatInt(config.QuotaForInvitee, 10)
+	config.OptionMap["QuotaRemindThreshold"] = strconv.FormatInt(config.QuotaRemindThreshold, 10)
+	config.OptionMap["PreConsumedQuota"] = strconv.FormatInt(config.PreConsumedQuota, 10)
+	config.OptionMap["ModelRatio"] = billingratio.ModelRatio2JSONString()
+	config.OptionMap["GroupRatio"] = billingratio.GroupRatio2JSONString()
+	config.OptionMap["CompletionRatio"] = billingratio.CompletionRatio2JSONString()
+	config.OptionMap["TopUpLink"] = config.TopUpLink
+	config.OptionMap["ChatLink"] = config.ChatLink
+	config.OptionMap["QuotaPerUnit"] = strconv.FormatFloat(config.QuotaPerUnit, 'f', -1, 64)
+	config.OptionMap["RetryTimes"] = strconv.Itoa(config.RetryTimes)
+	config.OptionMap["Theme"] = config.Theme
+	config.OptionMapRWMutex.Unlock()
+	loadOptionsFromDatabase()
+}
+
+func loadOptionsFromDatabase() {
 	options, _ := AllOption()
 	for _, option := range options {
-		updateOptionMap(option.Key, option.Value)
+		if option.Key == "ModelRatio" {
+			option.Value = billingratio.AddNewMissingRatio(option.Value)
+		}
+		err := updateOptionMap(option.Key, option.Value)
+		if err != nil {
+			logger.SysError("failed to update option map: " + err.Error())
+		}
+	}
+}
+
+func SyncOptions(frequency int) {
+	for {
+		time.Sleep(time.Duration(frequency) * time.Second)
+		logger.SysLog("syncing options from database")
+		loadOptionsFromDatabase()
 	}
 }
 
@@ -66,70 +113,132 @@ func UpdateOption(key string, value string) error {
 	// otherwise it will execute Update (with all fields).
 	DB.Save(&option)
 	// Update OptionMap
-	updateOptionMap(key, value)
-	return nil
+	return updateOptionMap(key, value)
 }
 
-func updateOptionMap(key string, value string) {
-	common.OptionMapRWMutex.Lock()
-	defer common.OptionMapRWMutex.Unlock()
-	common.OptionMap[key] = value
-	if strings.HasSuffix(key, "Permission") {
-		intValue, _ := strconv.Atoi(value)
-		switch key {
-		case "FileUploadPermission":
-			common.FileUploadPermission = intValue
-		case "FileDownloadPermission":
-			common.FileDownloadPermission = intValue
-		case "ImageUploadPermission":
-			common.ImageUploadPermission = intValue
-		case "ImageDownloadPermission":
-			common.ImageDownloadPermission = intValue
-		}
-	}
+func updateOptionMap(key string, value string) (err error) {
+	config.OptionMapRWMutex.Lock()
+	defer config.OptionMapRWMutex.Unlock()
+	config.OptionMap[key] = value
 	if strings.HasSuffix(key, "Enabled") {
 		boolValue := value == "true"
 		switch key {
 		case "PasswordRegisterEnabled":
-			common.PasswordRegisterEnabled = boolValue
+			config.PasswordRegisterEnabled = boolValue
 		case "PasswordLoginEnabled":
-			common.PasswordLoginEnabled = boolValue
+			config.PasswordLoginEnabled = boolValue
 		case "EmailVerificationEnabled":
-			common.EmailVerificationEnabled = boolValue
+			config.EmailVerificationEnabled = boolValue
 		case "GitHubOAuthEnabled":
-			common.GitHubOAuthEnabled = boolValue
+			config.GitHubOAuthEnabled = boolValue
+		case "OidcEnabled":
+			config.OidcEnabled = boolValue
 		case "WeChatAuthEnabled":
-			common.WeChatAuthEnabled = boolValue
+			config.WeChatAuthEnabled = boolValue
 		case "TurnstileCheckEnabled":
-			common.TurnstileCheckEnabled = boolValue
+			config.TurnstileCheckEnabled = boolValue
 		case "RegisterEnabled":
-			common.RegisterEnabled = boolValue
+			config.RegisterEnabled = boolValue
+		case "EmailDomainRestrictionEnabled":
+			config.EmailDomainRestrictionEnabled = boolValue
+		case "AutomaticDisableChannelEnabled":
+			config.AutomaticDisableChannelEnabled = boolValue
+		case "AutomaticEnableChannelEnabled":
+			config.AutomaticEnableChannelEnabled = boolValue
+		case "ApproximateTokenEnabled":
+			config.ApproximateTokenEnabled = boolValue
+		case "LogConsumeEnabled":
+			config.LogConsumeEnabled = boolValue
+		case "DisplayInCurrencyEnabled":
+			config.DisplayInCurrencyEnabled = boolValue
+		case "DisplayTokenStatEnabled":
+			config.DisplayTokenStatEnabled = boolValue
 		}
 	}
 	switch key {
+	case "EmailDomainWhitelist":
+		config.EmailDomainWhitelist = strings.Split(value, ",")
 	case "SMTPServer":
-		common.SMTPServer = value
+		config.SMTPServer = value
+	case "SMTPPort":
+		intValue, _ := strconv.Atoi(value)
+		config.SMTPPort = intValue
 	case "SMTPAccount":
-		common.SMTPAccount = value
+		config.SMTPAccount = value
+	case "SMTPFrom":
+		config.SMTPFrom = value
 	case "SMTPToken":
-		common.SMTPToken = value
+		config.SMTPToken = value
 	case "ServerAddress":
-		common.ServerAddress = value
+		config.ServerAddress = value
 	case "GitHubClientId":
-		common.GitHubClientId = value
+		config.GitHubClientId = value
 	case "GitHubClientSecret":
-		common.GitHubClientSecret = value
+		config.GitHubClientSecret = value
+	case "LarkClientId":
+		config.LarkClientId = value
+	case "LarkClientSecret":
+		config.LarkClientSecret = value
+	case "OidcClientId":
+		config.OidcClientId = value
+	case "OidcClientSecret":
+		config.OidcClientSecret = value
+	case "OidcWellKnown":
+		config.OidcWellKnown = value
+	case "OidcAuthorizationEndpoint":
+		config.OidcAuthorizationEndpoint = value
+	case "OidcTokenEndpoint":
+		config.OidcTokenEndpoint = value
+	case "OidcUserinfoEndpoint":
+		config.OidcUserinfoEndpoint = value
 	case "Footer":
-		common.Footer = value
+		config.Footer = value
+	case "SystemName":
+		config.SystemName = value
+	case "Logo":
+		config.Logo = value
 	case "WeChatServerAddress":
-		common.WeChatServerAddress = value
+		config.WeChatServerAddress = value
 	case "WeChatServerToken":
-		common.WeChatServerToken = value
+		config.WeChatServerToken = value
 	case "WeChatAccountQRCodeImageURL":
-		common.WeChatAccountQRCodeImageURL = value
+		config.WeChatAccountQRCodeImageURL = value
+	case "MessagePusherAddress":
+		config.MessagePusherAddress = value
+	case "MessagePusherToken":
+		config.MessagePusherToken = value
 	case "TurnstileSiteKey":
-		common.TurnstileSiteKey = value
+		config.TurnstileSiteKey = value
 	case "TurnstileSecretKey":
-		common.TurnstileSecretKey = value
+		config.TurnstileSecretKey = value
+	case "QuotaForNewUser":
+		config.QuotaForNewUser, _ = strconv.ParseInt(value, 10, 64)
+	case "QuotaForInviter":
+		config.QuotaForInviter, _ = strconv.ParseInt(value, 10, 64)
+	case "QuotaForInvitee":
+		config.QuotaForInvitee, _ = strconv.ParseInt(value, 10, 64)
+	case "QuotaRemindThreshold":
+		config.QuotaRemindThreshold, _ = strconv.ParseInt(value, 10, 64)
+	case "PreConsumedQuota":
+		config.PreConsumedQuota, _ = strconv.ParseInt(value, 10, 64)
+	case "RetryTimes":
+		config.RetryTimes, _ = strconv.Atoi(value)
+	case "ModelRatio":
+		err = billingratio.UpdateModelRatioByJSONString(value)
+	case "GroupRatio":
+		err = billingratio.UpdateGroupRatioByJSONString(value)
+	case "CompletionRatio":
+		err = billingratio.UpdateCompletionRatioByJSONString(value)
+	case "TopUpLink":
+		config.TopUpLink = value
+	case "ChatLink":
+		config.ChatLink = value
+	case "ChannelDisableThreshold":
+		config.ChannelDisableThreshold, _ = strconv.ParseFloat(value, 64)
+	case "QuotaPerUnit":
+		config.QuotaPerUnit, _ = strconv.ParseFloat(value, 64)
+	case "Theme":
+		config.Theme = value
 	}
+	return err
 }

model/redemption.go

@@ -0,0 +1,126 @@
+package model
+
+import (
+	"context"
+	"errors"
+	"fmt"
+
+	"gorm.io/gorm"
+
+	"github.com/songquanpeng/one-api/common"
+	"github.com/songquanpeng/one-api/common/helper"
+)
+
+const (
+	RedemptionCodeStatusEnabled  = 1 // don't use 0, 0 is the default value!
+	RedemptionCodeStatusDisabled = 2 // also don't use 0
+	RedemptionCodeStatusUsed     = 3 // also don't use 0
+)
+
+type Redemption struct {
+	Id           int    `json:"id"`
+	UserId       int    `json:"user_id"`
+	Key          string `json:"key" gorm:"type:char(32);uniqueIndex"`
+	Status       int    `json:"status" gorm:"default:1"`
+	Name         string `json:"name" gorm:"index"`
+	Quota        int64  `json:"quota" gorm:"bigint;default:100"`
+	CreatedTime  int64  `json:"created_time" gorm:"bigint"`
+	RedeemedTime int64  `json:"redeemed_time" gorm:"bigint"`
+	Count        int    `json:"count" gorm:"-:all"` // only for api request
+}
+
+func GetAllRedemptions(startIdx int, num int) ([]*Redemption, error) {
+	var redemptions []*Redemption
+	var err error
+	err = DB.Order("id desc").Limit(num).Offset(startIdx).Find(&redemptions).Error
+	return redemptions, err
+}
+
+func SearchRedemptions(keyword string) (redemptions []*Redemption, err error) {
+	err = DB.Where("id = ? or name LIKE ?", keyword, keyword+"%").Find(&redemptions).Error
+	return redemptions, err
+}
+
+func GetRedemptionById(id int) (*Redemption, error) {
+	if id == 0 {
+		return nil, errors.New("id 为空！")
+	}
+	redemption := Redemption{Id: id}
+	var err error = nil
+	err = DB.First(&redemption, "id = ?", id).Error
+	return &redemption, err
+}
+
+func Redeem(ctx context.Context, key string, userId int) (quota int64, err error) {
+	if key == "" {
+		return 0, errors.New("未提供兑换码")
+	}
+	if userId == 0 {
+		return 0, errors.New("无效的 user id")
+	}
+	redemption := &Redemption{}
+
+	keyCol := "`key`"
+	if common.UsingPostgreSQL {
+		keyCol = `"key"`
+	}
+
+	err = DB.Transaction(func(tx *gorm.DB) error {
+		err := tx.Set("gorm:query_option", "FOR UPDATE").Where(keyCol+" = ?", key).First(redemption).Error
+		if err != nil {
+			return errors.New("无效的兑换码")
+		}
+		if redemption.Status != RedemptionCodeStatusEnabled {
+			return errors.New("该兑换码已被使用")
+		}
+		err = tx.Model(&User{}).Where("id = ?", userId).Update("quota", gorm.Expr("quota + ?", redemption.Quota)).Error
+		if err != nil {
+			return err
+		}
+		redemption.RedeemedTime = helper.GetTimestamp()
+		redemption.Status = RedemptionCodeStatusUsed
+		err = tx.Save(redemption).Error
+		return err
+	})
+	if err != nil {
+		return 0, errors.New("兑换失败，" + err.Error())
+	}
+	RecordLog(ctx, userId, LogTypeTopup, fmt.Sprintf("通过兑换码充值 %s", common.LogQuota(redemption.Quota)))
+	return redemption.Quota, nil
+}
+
+func (redemption *Redemption) Insert() error {
+	var err error
+	err = DB.Create(redemption).Error
+	return err
+}
+
+func (redemption *Redemption) SelectUpdate() error {
+	// This can update zero values
+	return DB.Model(redemption).Select("redeemed_time", "status").Updates(redemption).Error
+}
+
+// Update Make sure your token's fields is completed, because this will update non-zero values
+func (redemption *Redemption) Update() error {
+	var err error
+	err = DB.Model(redemption).Select("name", "status", "quota", "redeemed_time").Updates(redemption).Error
+	return err
+}
+
+func (redemption *Redemption) Delete() error {
+	var err error
+	err = DB.Delete(redemption).Error
+	return err
+}
+
+func DeleteRedemptionById(id int) (err error) {
+	if id == 0 {
+		return errors.New("id 为空！")
+	}
+	redemption := Redemption{Id: id}
+	err = DB.Where(redemption).First(&redemption).Error
+	if err != nil {
+		return err
+	}
+	return redemption.Delete()
+}

model/token.go

@@ -2,54 +2,105 @@ package model
 
 import (
 	"errors"
-	_ "gorm.io/driver/sqlite"
-	"one-api/common"
-	"strings"
+	"fmt"
+
+	"gorm.io/gorm"
+
+	"github.com/songquanpeng/one-api/common"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/helper"
+	"github.com/songquanpeng/one-api/common/logger"
+	"github.com/songquanpeng/one-api/common/message"
+)
+
+const (
+	TokenStatusEnabled   = 1 // don't use 0, 0 is the default value!
+	TokenStatusDisabled  = 2 // also don't use 0
+	TokenStatusExpired   = 3
+	TokenStatusExhausted = 4
 )
 
 type Token struct {
-	Id           int    `json:"id"`
-	UserId       int    `json:"user_id"`
-	Key          string `json:"key" gorm:"uniqueIndex"`
-	Status       int    `json:"status" gorm:"default:1"`
-	Name         string `json:"name" gorm:"index" `
-	CreatedTime  int64  `json:"created_time" gorm:"bigint"`
-	AccessedTime int64  `json:"accessed_time" gorm:"bigint"`
+	Id             int     `json:"id"`
+	UserId         int     `json:"user_id"`
+	Key            string  `json:"key" gorm:"type:char(48);uniqueIndex"`
+	Status         int     `json:"status" gorm:"default:1"`
+	Name           string  `json:"name" gorm:"index" `
+	CreatedTime    int64   `json:"created_time" gorm:"bigint"`
+	AccessedTime   int64   `json:"accessed_time" gorm:"bigint"`
+	ExpiredTime    int64   `json:"expired_time" gorm:"bigint;default:-1"` // -1 means never expired
+	RemainQuota    int64   `json:"remain_quota" gorm:"bigint;default:0"`
+	UnlimitedQuota bool    `json:"unlimited_quota" gorm:"default:false"`
+	UsedQuota      int64   `json:"used_quota" gorm:"bigint;default:0"` // used quota
+	Models         *string `json:"models" gorm:"type:text"`            // allowed models
+	Subnet         *string `json:"subnet" gorm:"default:''"`           // allowed subnet
 }
 
-func GetAllUserTokens(userId int, startIdx int, num int) ([]*Token, error) {
+func GetAllUserTokens(userId int, startIdx int, num int, order string) ([]*Token, error) {
 	var tokens []*Token
 	var err error
-	err = DB.Where("user_id = ?", userId).Order("id desc").Limit(num).Offset(startIdx).Find(&tokens).Error
+	query := DB.Where("user_id = ?", userId)
+
+	switch order {
+	case "remain_quota":
+		query = query.Order("unlimited_quota desc, remain_quota desc")
+	case "used_quota":
+		query = query.Order("used_quota desc")
+	default:
+		query = query.Order("id desc")
+	}
+
+	err = query.Limit(num).Offset(startIdx).Find(&tokens).Error
 	return tokens, err
 }
 
 func SearchUserTokens(userId int, keyword string) (tokens []*Token, err error) {
-	err = DB.Where("user_id = ?", userId).Where("id = ? or name LIKE ?", keyword, keyword+"%").Find(&tokens).Error
+	err = DB.Where("user_id = ?", userId).Where("name LIKE ?", keyword+"%").Find(&tokens).Error
 	return tokens, err
 }
 
 func ValidateUserToken(key string) (token *Token, err error) {
 	if key == "" {
-		return nil, errors.New("未提供 token")
+		return nil, errors.New("未提供令牌")
 	}
-	key = strings.Replace(key, "Bearer ", "", 1)
-	token = &Token{}
-	err = DB.Where("key = ?", key).First(token).Error
-	if err == nil {
-		if token.Status != common.TokenStatusEnabled {
-			return nil, errors.New("该 token 已被禁用")
+	token, err = CacheGetTokenByKey(key)
+	if err != nil {
+		logger.SysError("CacheGetTokenByKey failed: " + err.Error())
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return nil, errors.New("无效的令牌")
 		}
-		go func() {
-			token.AccessedTime = common.GetTimestamp()
-			err := token.Update()
-			if err != nil {
-				common.SysError("更新 token 访问时间失败：" + err.Error())
-			}
-		}()
-		return token, nil
+		return nil, errors.New("令牌验证失败")
 	}
-	return nil, err
+	if token.Status == TokenStatusExhausted {
+		return nil, fmt.Errorf("令牌 %s（#%d）额度已用尽", token.Name, token.Id)
+	} else if token.Status == TokenStatusExpired {
+		return nil, errors.New("该令牌已过期")
+	}
+	if token.Status != TokenStatusEnabled {
+		return nil, errors.New("该令牌状态不可用")
+	}
+	if token.ExpiredTime != -1 && token.ExpiredTime < helper.GetTimestamp() {
+		if !common.RedisEnabled {
+			token.Status = TokenStatusExpired
+			err := token.SelectUpdate()
+			if err != nil {
+				logger.SysError("failed to update token status" + err.Error())
+			}
+		}
+		return nil, errors.New("该令牌已过期")
+	}
+	if !token.UnlimitedQuota && token.RemainQuota <= 0 {
+		if !common.RedisEnabled {
+			// in this case, we can make sure the token is exhausted
+			token.Status = TokenStatusExhausted
+			err := token.SelectUpdate()
+			if err != nil {
+				logger.SysError("failed to update token status" + err.Error())
+			}
+		}
+		return nil, errors.New("该令牌额度已用尽")
+	}
+	return token, nil
 }
 
 func GetTokenByIds(id int, userId int) (*Token, error) {
@@ -62,24 +113,50 @@ func GetTokenByIds(id int, userId int) (*Token, error) {
 	return &token, err
 }
 
-func (token *Token) Insert() error {
+func GetTokenById(id int) (*Token, error) {
+	if id == 0 {
+		return nil, errors.New("id 为空！")
+	}
+	token := Token{Id: id}
+	var err error = nil
+	err = DB.First(&token, "id = ?", id).Error
+	return &token, err
+}
+
+func (t *Token) Insert() error {
 	var err error
-	err = DB.Create(token).Error
+	err = DB.Create(t).Error
 	return err
 }
 
-func (token *Token) Update() error {
+// Update Make sure your token's fields is completed, because this will update non-zero values
+func (t *Token) Update() error {
 	var err error
-	err = DB.Model(token).Updates(token).Error
+	err = DB.Model(t).Select("name", "status", "expired_time", "remain_quota", "unlimited_quota", "models", "subnet").Updates(t).Error
 	return err
 }
 
-func (token *Token) Delete() error {
+func (t *Token) SelectUpdate() error {
+	// This can update zero values
+	return DB.Model(t).Select("accessed_time", "status").Updates(t).Error
+}
+
+func (t *Token) Delete() error {
 	var err error
-	err = DB.Delete(token).Error
+	err = DB.Delete(t).Error
 	return err
 }
 
+func (t *Token) GetModels() string {
+	if t == nil {
+		return ""
+	}
+	if t.Models == nil {
+		return ""
+	}
+	return *t.Models
+}
+
 func DeleteTokenById(id int, userId int) (err error) {
 	// Why we need userId here? In case user want to delete other's token.
 	if id == 0 || userId == 0 {
@@ -92,3 +169,135 @@ func DeleteTokenById(id int, userId int) (err error) {
 	}
 	return token.Delete()
 }
+
+func IncreaseTokenQuota(id int, quota int64) (err error) {
+	if quota < 0 {
+		return errors.New("quota 不能为负数！")
+	}
+	if config.BatchUpdateEnabled {
+		addNewRecord(BatchUpdateTypeTokenQuota, id, quota)
+		return nil
+	}
+	return increaseTokenQuota(id, quota)
+}
+
+func increaseTokenQuota(id int, quota int64) (err error) {
+	err = DB.Model(&Token{}).Where("id = ?", id).Updates(
+		map[string]interface{}{
+			"remain_quota":  gorm.Expr("remain_quota + ?", quota),
+			"used_quota":    gorm.Expr("used_quota - ?", quota),
+			"accessed_time": helper.GetTimestamp(),
+		},
+	).Error
+	return err
+}
+
+func DecreaseTokenQuota(id int, quota int64) (err error) {
+	if quota < 0 {
+		return errors.New("quota 不能为负数！")
+	}
+	if config.BatchUpdateEnabled {
+		addNewRecord(BatchUpdateTypeTokenQuota, id, -quota)
+		return nil
+	}
+	return decreaseTokenQuota(id, quota)
+}
+
+func decreaseTokenQuota(id int, quota int64) (err error) {
+	err = DB.Model(&Token{}).Where("id = ?", id).Updates(
+		map[string]interface{}{
+			"remain_quota":  gorm.Expr("remain_quota - ?", quota),
+			"used_quota":    gorm.Expr("used_quota + ?", quota),
+			"accessed_time": helper.GetTimestamp(),
+		},
+	).Error
+	return err
+}
+
+func PreConsumeTokenQuota(tokenId int, quota int64) (err error) {
+	if quota < 0 {
+		return errors.New("quota 不能为负数！")
+	}
+	token, err := GetTokenById(tokenId)
+	if err != nil {
+		return err
+	}
+	if !token.UnlimitedQuota && token.RemainQuota < quota {
+		return errors.New("令牌额度不足")
+	}
+	userQuota, err := GetUserQuota(token.UserId)
+	if err != nil {
+		return err
+	}
+	if userQuota < quota {
+		return errors.New("用户额度不足")
+	}
+	quotaTooLow := userQuota >= config.QuotaRemindThreshold && userQuota-quota < config.QuotaRemindThreshold
+	noMoreQuota := userQuota-quota <= 0
+	if quotaTooLow || noMoreQuota {
+		go func() {
+			email, err := GetUserEmail(token.UserId)
+			if err != nil {
+				logger.SysError("failed to fetch user email: " + err.Error())
+			}
+			prompt := "额度提醒"
+			var contentText string
+			if noMoreQuota {
+				contentText = "您的额度已用尽"
+			} else {
+				contentText = "您的额度即将用尽"
+			}
+			if email != "" {
+				topUpLink := fmt.Sprintf("%s/topup", config.ServerAddress)
+				content := message.EmailTemplate(
+					prompt,
+					fmt.Sprintf(`
+						<p>您好！</p>
+						<p>%s，当前剩余额度为 <strong>%d</strong>。</p>
+						<p>为了不影响您的使用，请及时充值。</p>
+						<p style="text-align: center; margin: 30px 0;">
+							<a href="%s" style="background-color: #007bff; color: white; padding: 12px 24px; text-decoration: none; border-radius: 4px; display: inline-block;">立即充值</a>
+						</p>
+						<p style="color: #666;">如果按钮无法点击，请复制以下链接到浏览器中打开：</p>
+						<p style="background-color: #f8f8f8; padding: 10px; border-radius: 4px; word-break: break-all;">%s</p>
+					`, contentText, userQuota, topUpLink, topUpLink),
+				)
+				err = message.SendEmail(prompt, email, content)
+				if err != nil {
+					logger.SysError("failed to send email: " + err.Error())
+				}
+			}
+		}()
+	}
+	if !token.UnlimitedQuota {
+		err = DecreaseTokenQuota(tokenId, quota)
+		if err != nil {
+			return err
+		}
+	}
+	err = DecreaseUserQuota(token.UserId, quota)
+	return err
+}
+
+func PostConsumeTokenQuota(tokenId int, quota int64) (err error) {
+	token, err := GetTokenById(tokenId)
+	if err != nil {
+		return err
+	}
+	if quota > 0 {
+		err = DecreaseUserQuota(token.UserId, quota)
+	} else {
+		err = IncreaseUserQuota(token.UserId, -quota)
+	}
+	if !token.UnlimitedQuota {
+		if quota > 0 {
+			err = DecreaseTokenQuota(tokenId, quota)
+		} else {
+			err = IncreaseTokenQuota(tokenId, -quota)
+		}
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}

model/user.go

@@ -1,8 +1,32 @@
 package model
 
 import (
+	"context"
 	"errors"
-	"one-api/common"
+	"fmt"
+	"strings"
+
+	"gorm.io/gorm"
+
+	"github.com/songquanpeng/one-api/common"
+	"github.com/songquanpeng/one-api/common/blacklist"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/helper"
+	"github.com/songquanpeng/one-api/common/logger"
+	"github.com/songquanpeng/one-api/common/random"
+)
+
+const (
+	RoleGuestUser  = 0
+	RoleCommonUser = 1
+	RoleAdminUser  = 10
+	RoleRootUser   = 100
+)
+
+const (
+	UserStatusEnabled  = 1 // don't use 0, 0 is the default value!
+	UserStatusDisabled = 2 // also don't use 0
+	UserStatusDeleted  = 3
 )
 
 // User if you add sensitive fields, don't forget to clean them in setupLogin function.
@@ -12,13 +36,21 @@ type User struct {
 	Username         string `json:"username" gorm:"unique;index" validate:"max=12"`
 	Password         string `json:"password" gorm:"not null;" validate:"min=8,max=20"`
 	DisplayName      string `json:"display_name" gorm:"index" validate:"max=20"`
-	Role             int    `json:"role" gorm:"type:int;default:1"`   // admin, common
+	Role             int    `json:"role" gorm:"type:int;default:1"`   // admin, util
 	Status           int    `json:"status" gorm:"type:int;default:1"` // enabled, disabled
 	Email            string `json:"email" gorm:"index" validate:"max=50"`
 	GitHubId         string `json:"github_id" gorm:"column:github_id;index"`
 	WeChatId         string `json:"wechat_id" gorm:"column:wechat_id;index"`
-	VerificationCode string `json:"verification_code" gorm:"-:all"` // this field is only for Email verification, don't save it to database!
-	Balance          int    `json:"balance" gorm:"type:int;default:0"`
+	LarkId           string `json:"lark_id" gorm:"column:lark_id;index"`
+	OidcId           string `json:"oidc_id" gorm:"column:oidc_id;index"`
+	VerificationCode string `json:"verification_code" gorm:"-:all"`                                    // this field is only for Email verification, don't save it to database!
+	AccessToken      string `json:"access_token" gorm:"type:char(32);column:access_token;uniqueIndex"` // this token is for system management
+	Quota            int64  `json:"quota" gorm:"bigint;default:0"`
+	UsedQuota        int64  `json:"used_quota" gorm:"bigint;default:0;column:used_quota"` // used quota
+	RequestCount     int    `json:"request_count" gorm:"type:int;default:0;"`             // request number
+	Group            string `json:"group" gorm:"type:varchar(32);default:'default'"`
+	AffCode          string `json:"aff_code" gorm:"type:varchar(32);column:aff_code;uniqueIndex"`
+	InviterId        int    `json:"inviter_id" gorm:"type:int;column:inviter_id;index"`
 }
 
 func GetMaxUserId() int {
@@ -27,13 +59,30 @@ func GetMaxUserId() int {
 	return user.Id
 }
 
-func GetAllUsers(startIdx int, num int) (users []*User, err error) {
-	err = DB.Order("id desc").Limit(num).Offset(startIdx).Omit("password").Find(&users).Error
+func GetAllUsers(startIdx int, num int, order string) (users []*User, err error) {
+	query := DB.Limit(num).Offset(startIdx).Omit("password").Where("status != ?", UserStatusDeleted)
+
+	switch order {
+	case "quota":
+		query = query.Order("quota desc")
+	case "used_quota":
+		query = query.Order("used_quota desc")
+	case "request_count":
+		query = query.Order("request_count desc")
+	default:
+		query = query.Order("id desc")
+	}
+
+	err = query.Find(&users).Error
 	return users, err
 }
 
 func SearchUsers(keyword string) (users []*User, err error) {
-	err = DB.Omit("password").Where("id = ? or username LIKE ? or email LIKE ? or display_name LIKE ?", keyword, keyword+"%", keyword+"%", keyword+"%").Find(&users).Error
+	if !common.UsingPostgreSQL {
+		err = DB.Omit("password").Where("id = ? or username LIKE ? or email LIKE ? or display_name LIKE ?", keyword, keyword+"%", keyword+"%", keyword+"%").Find(&users).Error
+	} else {
+		err = DB.Omit("password").Where("username LIKE ? or email LIKE ? or display_name LIKE ?", keyword+"%", keyword+"%", keyword+"%").Find(&users).Error
+	}
 	return users, err
 }
 
@@ -46,11 +95,20 @@ func GetUserById(id int, selectAll bool) (*User, error) {
 	if selectAll {
 		err = DB.First(&user, "id = ?", id).Error
 	} else {
-		err = DB.Omit("password").First(&user, "id = ?", id).Error
+		err = DB.Omit("password", "access_token").First(&user, "id = ?", id).Error
 	}
 	return &user, err
 }
 
+func GetUserIdByAffCode(affCode string) (int, error) {
+	if affCode == "" {
+		return 0, errors.New("affCode 为空！")
+	}
+	var user User
+	err := DB.Select("id").First(&user, "aff_code = ?", affCode).Error
+	return user.Id, err
+}
+
 func DeleteUserById(id int) (err error) {
 	if id == 0 {
 		return errors.New("id 为空！")
@@ -59,7 +117,7 @@ func DeleteUserById(id int) (err error) {
 	return user.Delete()
 }
 
-func (user *User) Insert() error {
+func (user *User) Insert(ctx context.Context, inviterId int) error {
 	var err error
 	if user.Password != "" {
 		user.Password, err = common.Password2Hash(user.Password)
@@ -67,8 +125,43 @@ func (user *User) Insert() error {
 			return err
 		}
 	}
-	err = DB.Create(user).Error
-	return err
+	user.Quota = config.QuotaForNewUser
+	user.AccessToken = random.GetUUID()
+	user.AffCode = random.GetRandomString(4)
+	result := DB.Create(user)
+	if result.Error != nil {
+		return result.Error
+	}
+	if config.QuotaForNewUser > 0 {
+		RecordLog(ctx, user.Id, LogTypeSystem, fmt.Sprintf("新用户注册赠送 %s", common.LogQuota(config.QuotaForNewUser)))
+	}
+	if inviterId != 0 {
+		if config.QuotaForInvitee > 0 {
+			_ = IncreaseUserQuota(user.Id, config.QuotaForInvitee)
+			RecordLog(ctx, user.Id, LogTypeSystem, fmt.Sprintf("使用邀请码赠送 %s", common.LogQuota(config.QuotaForInvitee)))
+		}
+		if config.QuotaForInviter > 0 {
+			_ = IncreaseUserQuota(inviterId, config.QuotaForInviter)
+			RecordLog(ctx, inviterId, LogTypeSystem, fmt.Sprintf("邀请用户赠送 %s", common.LogQuota(config.QuotaForInviter)))
+		}
+	}
+	// create default token
+	cleanToken := Token{
+		UserId:         user.Id,
+		Name:           "default",
+		Key:            random.GenerateKey(),
+		CreatedTime:    helper.GetTimestamp(),
+		AccessedTime:   helper.GetTimestamp(),
+		ExpiredTime:    -1,
+		RemainQuota:    -1,
+		UnlimitedQuota: true,
+	}
+	result.Error = cleanToken.Insert()
+	if result.Error != nil {
+		// do not block
+		logger.SysError(fmt.Sprintf("create default token for user %d failed: %s", user.Id, result.Error.Error()))
+	}
+	return nil
 }
 
 func (user *User) Update(updatePassword bool) error {
@@ -79,6 +172,11 @@ func (user *User) Update(updatePassword bool) error {
 			return err
 		}
 	}
+	if user.Status == UserStatusDisabled {
+		blacklist.BanUser(user.Id)
+	} else if user.Status == UserStatusEnabled {
+		blacklist.UnbanUser(user.Id)
+	}
 	err = DB.Model(user).Updates(user).Error
 	return err
 }
@@ -87,7 +185,10 @@ func (user *User) Delete() error {
 	if user.Id == 0 {
 		return errors.New("id 为空！")
 	}
-	err := DB.Delete(user).Error
+	blacklist.BanUser(user.Id)
+	user.Username = fmt.Sprintf("deleted_%s", random.GetUUID())
+	user.Status = UserStatusDeleted
+	err := DB.Model(user).Updates(user).Error
 	return err
 }
 
@@ -100,9 +201,17 @@ func (user *User) ValidateAndFill() (err error) {
 	if user.Username == "" || password == "" {
 		return errors.New("用户名或密码为空")
 	}
-	DB.Where(User{Username: user.Username}).First(user)
+	err = DB.Where("username = ?", user.Username).First(user).Error
+	if err != nil {
+		// we must make sure check username firstly
+		// consider this case: a malicious user set his username as other's email
+		err := DB.Where("email = ?", user.Username).First(user).Error
+		if err != nil {
+			return errors.New("用户名或密码错误，或用户已被封禁")
+		}
+	}
 	okay := common.ValidatePasswordAndHash(password, user.Password)
-	if !okay || user.Status != common.UserStatusEnabled {
+	if !okay || user.Status != UserStatusEnabled {
 		return errors.New("用户名或密码错误，或用户已被封禁")
 	}
 	return nil
@@ -132,6 +241,22 @@ func (user *User) FillUserByGitHubId() error {
 	return nil
 }
 
+func (user *User) FillUserByLarkId() error {
+	if user.LarkId == "" {
+		return errors.New("lark id 为空！")
+	}
+	DB.Where(User{LarkId: user.LarkId}).First(user)
+	return nil
+}
+
+func (user *User) FillUserByOidcId() error {
+	if user.OidcId == "" {
+		return errors.New("oidc id 为空！")
+	}
+	DB.Where(User{OidcId: user.OidcId}).First(user)
+	return nil
+}
+
 func (user *User) FillUserByWeChatId() error {
 	if user.WeChatId == "" {
 		return errors.New("WeChat id 为空！")
@@ -160,6 +285,14 @@ func IsGitHubIdAlreadyTaken(githubId string) bool {
 	return DB.Where("github_id = ?", githubId).Find(&User{}).RowsAffected == 1
 }
 
+func IsLarkIdAlreadyTaken(githubId string) bool {
+	return DB.Where("lark_id = ?", githubId).Find(&User{}).RowsAffected == 1
+}
+
+func IsOidcIdAlreadyTaken(oidcId string) bool {
+	return DB.Where("oidc_id = ?", oidcId).Find(&User{}).RowsAffected == 1
+}
+
 func IsUsernameAlreadyTaken(username string) bool {
 	return DB.Where("username = ?", username).Find(&User{}).RowsAffected == 1
 }
@@ -175,3 +308,146 @@ func ResetUserPasswordByEmail(email string, password string) error {
 	err = DB.Model(&User{}).Where("email = ?", email).Update("password", hashedPassword).Error
 	return err
 }
+
+func IsAdmin(userId int) bool {
+	if userId == 0 {
+		return false
+	}
+	var user User
+	err := DB.Where("id = ?", userId).Select("role").Find(&user).Error
+	if err != nil {
+		logger.SysError("no such user " + err.Error())
+		return false
+	}
+	return user.Role >= RoleAdminUser
+}
+
+func IsUserEnabled(userId int) (bool, error) {
+	if userId == 0 {
+		return false, errors.New("user id is empty")
+	}
+	var user User
+	err := DB.Where("id = ?", userId).Select("status").Find(&user).Error
+	if err != nil {
+		return false, err
+	}
+	return user.Status == UserStatusEnabled, nil
+}
+
+func ValidateAccessToken(token string) (user *User) {
+	if token == "" {
+		return nil
+	}
+	token = strings.Replace(token, "Bearer ", "", 1)
+	user = &User{}
+	if DB.Where("access_token = ?", token).First(user).RowsAffected == 1 {
+		return user
+	}
+	return nil
+}
+
+func GetUserQuota(id int) (quota int64, err error) {
+	err = DB.Model(&User{}).Where("id = ?", id).Select("quota").Find(&quota).Error
+	return quota, err
+}
+
+func GetUserUsedQuota(id int) (quota int64, err error) {
+	err = DB.Model(&User{}).Where("id = ?", id).Select("used_quota").Find(&quota).Error
+	return quota, err
+}
+
+func GetUserEmail(id int) (email string, err error) {
+	err = DB.Model(&User{}).Where("id = ?", id).Select("email").Find(&email).Error
+	return email, err
+}
+
+func GetUserGroup(id int) (group string, err error) {
+	groupCol := "`group`"
+	if common.UsingPostgreSQL {
+		groupCol = `"group"`
+	}
+
+	err = DB.Model(&User{}).Where("id = ?", id).Select(groupCol).Find(&group).Error
+	return group, err
+}
+
+func IncreaseUserQuota(id int, quota int64) (err error) {
+	if quota < 0 {
+		return errors.New("quota 不能为负数！")
+	}
+	if config.BatchUpdateEnabled {
+		addNewRecord(BatchUpdateTypeUserQuota, id, quota)
+		return nil
+	}
+	return increaseUserQuota(id, quota)
+}
+
+func increaseUserQuota(id int, quota int64) (err error) {
+	err = DB.Model(&User{}).Where("id = ?", id).Update("quota", gorm.Expr("quota + ?", quota)).Error
+	return err
+}
+
+func DecreaseUserQuota(id int, quota int64) (err error) {
+	if quota < 0 {
+		return errors.New("quota 不能为负数！")
+	}
+	if config.BatchUpdateEnabled {
+		addNewRecord(BatchUpdateTypeUserQuota, id, -quota)
+		return nil
+	}
+	return decreaseUserQuota(id, quota)
+}
+
+func decreaseUserQuota(id int, quota int64) (err error) {
+	err = DB.Model(&User{}).Where("id = ?", id).Update("quota", gorm.Expr("quota - ?", quota)).Error
+	return err
+}
+
+func GetRootUserEmail() (email string) {
+	DB.Model(&User{}).Where("role = ?", RoleRootUser).Select("email").Find(&email)
+	return email
+}
+
+func UpdateUserUsedQuotaAndRequestCount(id int, quota int64) {
+	if config.BatchUpdateEnabled {
+		addNewRecord(BatchUpdateTypeUsedQuota, id, quota)
+		addNewRecord(BatchUpdateTypeRequestCount, id, 1)
+		return
+	}
+	updateUserUsedQuotaAndRequestCount(id, quota, 1)
+}
+
+func updateUserUsedQuotaAndRequestCount(id int, quota int64, count int) {
+	err := DB.Model(&User{}).Where("id = ?", id).Updates(
+		map[string]interface{}{
+			"used_quota":    gorm.Expr("used_quota + ?", quota),
+			"request_count": gorm.Expr("request_count + ?", count),
+		},
+	).Error
+	if err != nil {
+		logger.SysError("failed to update user used quota and request count: " + err.Error())
+	}
+}
+
+func updateUserUsedQuota(id int, quota int64) {
+	err := DB.Model(&User{}).Where("id = ?", id).Updates(
+		map[string]interface{}{
+			"used_quota": gorm.Expr("used_quota + ?", quota),
+		},
+	).Error
+	if err != nil {
+		logger.SysError("failed to update user used quota: " + err.Error())
+	}
+}
+
+func updateUserRequestCount(id int, count int) {
+	err := DB.Model(&User{}).Where("id = ?", id).Update("request_count", gorm.Expr("request_count + ?", count)).Error
+	if err != nil {
+		logger.SysError("failed to update user request count: " + err.Error())
+	}
+}
+
+func GetUsernameById(id int) (username string) {
+	DB.Model(&User{}).Where("id = ?", id).Select("username").Find(&username)
+	return username
+}