Merge 664f7ba676 into fdd7bf41c0

Init computenest project.
on-behalf-of: @org aliyun-computenest@alibaba-inc.com
2026-02-14 01:54:25 +08:00 · 2024-10-09 06:25:58 +00:00 · 2024-10-09 14:25:53 +08:00 · 2024-09-29 09:57:46 +08:00 · 2024-09-29 09:56:36 +08:00 · 2024-09-29 09:54:24 +08:00
50 changed files with 1225 additions and 93 deletions
--- a/.computenest/.computenest_parameters.yaml
+++ b/.computenest/.computenest_parameters.yaml
@@ -0,0 +1 @@
+{"ServicePort":"80","SecurityPorts":[80],"RepoName":"hanans426/one-api","Arch":"EcsSingle","RunCommand":"echo \"start run command\"\necho \"${AdminPassword}\"\n","SourceCodePath":".","CommandTimeout":3600,"ServiceType":"private","AllowedRegions":["cn-hangzhou","cn-shanghai","cn-beijing"],"ArtifactSourceType":"SourceCode","ImageId":"centos_7_9_x64_20G_alibase_20230613.vhd","RegionId":"cn-hangzhou","CustomParameters":[{"NoEcho":true,"Type":"String","AssociationProperty":"ALIYUN::ECS::Instance::Password","Label":"管理员密码","Name":"AdminPassword"}]}
--- a/.computenest/README.md
+++ b/.computenest/README.md
@@ -0,0 +1,21 @@
+# 代码仓库结构
+
+## 文档目录说明：
+```
+.
+├── README.md                   - README
+├── docs                        - 服务文档相关文件
+│   └── index.md
+├── resources                   - 服务资源文件
+│   ├── icons
+│   │   └── service_logo.png    - 服务logo
+│   └── artifact_resources      - 部署物相关资源文件
+├── ros_templates               - 服务ROS模板目录，支持多模板
+│   └── template.yaml           - ROS模板，ROS模板引擎根据该模板会自动创建出所有的资源
+├── config.yaml                 - 服务配置文件，服务构建过程中会使用计算巢命令行工具computenest-cli，computenest-cli会基于该配置文件构建服务
+├── preset_parameters.yaml      - （该文件只有托管版有）服务商预设参数，如VpcId，VSwitchId等，该ros模板内容会渲染为表单方便服务商填写
+```
+
+## 其他
+关于ROS模板，请参见 [资源编排](https://help.aliyun.com/zh/ros)。
+关于computenest-cli请参见 [computenest-cli](https://pypi.org/project/computenest-cli/)。
--- a/.computenest/config.yaml
+++ b/.computenest/config.yaml
@@ -0,0 +1,28 @@
+Service:
+  RegionId: cn-hangzhou
+  DeployType: ros
+  DeployMetadata:
+    SupplierDeployMetadata:
+      FileArtifactRelation:
+        '{{ computenest::file::hanans426_one-api }}':
+          ArtifactId: ${Artifact.Artifact_1.ArtifactId}
+          ArtifactVersion: ${Artifact.Artifact_1.ArtifactVersion}
+    TemplateConfigs:
+      - Name: 单机版
+        Url: 'ros_templates/template.yaml'
+        AllowedRegions:
+          - cn-hangzhou
+          - cn-shanghai
+          - cn-beijing
+  ServiceType: private
+  ServiceInfo:
+    Locale: zh-CN
+    ShortDescription: demo
+    Image: 'resources/icons/service_logo.png'
+Artifact:
+  Artifact_1:
+    ArtifactType: File
+    ArtifactName: hanans426_one-api
+    ArtifactProperty:
+      RegionId: cn-hangzhou
+      Url: 'resources/artifact_resources/file/hanans426_one-api.tar.gz'
--- a/.computenest/docs/architecture_ecs_single.png
+++ b/.computenest/docs/architecture_ecs_single.png
--- a/.computenest/docs/index_ecs_single.md
+++ b/.computenest/docs/index_ecs_single.md
@@ -0,0 +1,70 @@
+# 服务模板说明文档
+
+## 服务说明
+
+**简单描述服务的功能和用途。**  
+例如：  
+_（服务功能描述，如“WordPress 是一款免费开源的 CMS，适用于创建和管理各种类型的网站。”）_
+
+_（服务快速上手链接或文档，如果有的话）_
+
+## 服务架构
+
+此服务模板构建出的服务的部署架构为单机ecs部署。
+
+<img src="architecture_ecs_single.png" width="600" height="400" align="bottom"/>
+
+## 计费说明
+通过此服务模板构建服务不产生费用。  
+用户部署构建出的服务时，资源费用主要涉及：
+- 所选ECS实例规格
+- 磁盘容量
+- 公网带宽
+
+计费方式包括：
+- 按量付费（小时）
+- 包年包月
+
+预估费用在部署前可实时看到。
+
+## RAM账号所需权限
+
+此服务模板构建出的服务需要对ECS、VPC等资源进行访问和创建操作，若使用RAM用户创建服务实例，需要在创建服务实例前，对使用的RAM用户的账号添加相应资源的权限。添加RAM权限的详细操作，请参见[为RAM用户授权](https://help.aliyun.com/document_detail/121945.html)。所需权限如下表所示：
+
+| 权限策略名称                              | 备注                            |
+|-------------------------------------|-------------------------------|
+| AliyunECSFullAccess                 | 管理云服务器服务（ECS）的权限              |
+| AliyunVPCFullAccess                 | 管理专有网络（VPC）的权限                |
+| AliyunROSFullAccess                 | 管理资源编排服务（ROS）的权限              |
+| AliyunComputeNestUserFullAccess     | 管理计算巢服务（ComputeNest）的用户侧权限    |
+| AliyunComputeNestSupplierFullAccess | 管理计算巢服务（ComputeNest）的服务商侧权限 ｜ |
+
+## 服务实例计费说明
+
+**详细说明服务实例的计费方式。**  
+_（描述费用构成，例如所选 vCPU 和内存规格，系统盘类型和容量等）_
+
+_（列出计费方式，例如按量付费或包年包月）_
+
+## 服务实例部署流程
+
+### 部署参数说明
+
+| 参数组                             | 参数项    | 说明                                                                      |
+|---------------------------------|--------|-------------------------------------------------------------------------|
+| 服务实例                            | 服务实例名称 | 长度不超过64个字符，必须以英文字母开头，可包含数字、英文字母、短划线（-）和下划线（_）。                          |
+|                                 | 地域     | 服务实例部署的地域。                                                              |
+|                                 | 付费类型   | 资源的计费类型：按量付费和包年包月。                                                      |
+| ECS实例配置                         | 实例类型   | ECS实例规格配置。                                                              |
+|                                 | 实例密码   | 长度8-30，必须包含三项（大写字母、小写字母、数字、 ()`~!@#$%^&*-+=&#124;{}[]:;'<>,.?/ 中的特殊符号）。 |
+| 网络配置                            | 可用区    | ECS实例所在可用区。                                                             |
+
+### 部署步骤
+
+**简述如何一步步部署服务实例。**  
+
+1. _（步骤1描述和相关链接或图片，如果有的话）_
+2. _（步骤2描述和相关链接或图片，如果有的话）_
+...
+
+[部署链接](部署链接地址)
--- a/.computenest/resources/artifact_resources/file/hanans426_one-api.tar.gz
+++ b/.computenest/resources/artifact_resources/file/hanans426_one-api.tar.gz
--- a/.computenest/resources/icons/service_logo.png
+++ b/.computenest/resources/icons/service_logo.png
--- a/.computenest/ros_templates/template.yaml
+++ b/.computenest/ros_templates/template.yaml
@@ -0,0 +1,218 @@
+ROSTemplateFormatVersion: '2015-09-01'
+Description:
+  en: Source Code Service Ros Template
+  zh-cn: 源代码服务模板
+Parameters:
+  PayType:
+    Type: String
+    Label:
+      en: ECS Instance Charge Type
+      zh-cn: 付费类型
+    Default: PostPaid
+    AllowedValues:
+      - PostPaid
+      - PrePaid
+    AssociationProperty: ChargeType
+    AssociationPropertyMetadata:
+      LocaleKey: InstanceChargeType
+  PayPeriodUnit:
+    Type: String
+    Label:
+      en: Pay Period Unit
+      zh-cn: 购买资源时长周期
+    Default: Month
+    AllowedValues:
+      - Month
+      - Year
+    AssociationProperty: PayPeriodUnit
+    AssociationPropertyMetadata:
+      Visible:
+        Condition:
+          Fn::Not:
+            Fn::Equals:
+              - ${PayType}
+              - PostPaid
+  PayPeriod:
+    Type: Number
+    Label:
+      en: Period
+      zh-cn: 购买资源时长
+    Default: 1
+    AllowedValues:
+      - 1
+      - 2
+      - 3
+      - 4
+      - 5
+      - 6
+      - 7
+      - 8
+      - 9
+    AssociationProperty: PayPeriod
+    AssociationPropertyMetadata:
+      Visible:
+        Condition:
+          Fn::Not:
+            Fn::Equals:
+              - ${PayType}
+              - PostPaid
+  EcsInstanceType:
+    Type: String
+    Label:
+      en: Instance Type
+      zh-cn: 实例类型
+    AssociationProperty: ALIYUN::ECS::Instance::InstanceType
+    AssociationPropertyMetadata:
+      InstanceChargeType: ${PayType}
+      Constraints:
+        InstanceTypeFamily:
+          - ecs.u1
+          - ecs.e
+  InstancePassword:
+    NoEcho: true
+    Type: String
+    Description:
+      en: Server login password, Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in)
+      zh-cn: 服务器登录密码,长度8-30，必须包含三项（大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号）
+    AllowedPattern: '^[a-zA-Z0-9-\(\)\`\~\!\@\#\$\%\^\&\*\_\-\+\=\|\{\}\[\]\:\;\<\>\,\.\?\/]*$'
+    Label:
+      en: Instance Password
+      zh-cn: 实例密码
+    ConstraintDescription:
+      en: Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in)
+      zh-cn: 长度8-30，必须包含三项（大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号）
+    MinLength: 8
+    MaxLength: 30
+    AssociationProperty: ALIYUN::ECS::Instance::Password
+  ZoneId:
+    Type: String
+    Label:
+      en: Zone ID
+      zh-cn: 可用区ID
+    AssociationProperty: ALIYUN::ECS::Instance::ZoneId
+  VpcId:
+    Type: String
+    Label:
+      en: VPC ID
+      zh-cn: 专有网络VPC实例ID
+    AssociationProperty: 'ALIYUN::ECS::VPC::VPCId'
+  VSwitchId:
+    Type: String
+    Label:
+      en: VSwitch ID
+      zh-cn: 交换机实例ID
+    Default: ''
+    AssociationProperty: 'ALIYUN::ECS::VSwitch::VSwitchId'
+    AssociationPropertyMetadata:
+      VpcId: VpcId
+      ZoneId: ZoneId
+  AdminPassword:
+    Type: String
+    AssociationProperty: ALIYUN::ECS::Instance::Password
+    Label: 管理员密码
+    NoEcho: True
+Resources:
+  SecurityGroup:
+    Type: ALIYUN::ECS::SecurityGroup
+    Properties:
+      SecurityGroupName:
+        Ref: ALIYUN::StackName
+      VpcId:
+        Ref: VpcId
+      SecurityGroupIngress:
+        - PortRange: 80/80
+          Priority: 1
+          SourceCidrIp: 0.0.0.0/0
+          IpProtocol: tcp
+          NicType: internet
+  InstanceGroup:
+    Type: ALIYUN::ECS::InstanceGroup
+    Properties:
+      # 付费类型
+      InstanceChargeType:
+        Ref: PayType
+      PeriodUnit:
+        Ref: PayPeriodUnit
+      Period:
+        Ref: PayPeriod
+      VpcId:
+        Ref: VpcId
+      VSwitchId:
+        Ref: VSwitchId
+      ZoneId:
+        Ref: ZoneId
+      SecurityGroupId:
+        Ref: SecurityGroup
+      ImageId: centos_7_9_x64_20G_alibase_20230613.vhd
+      Password:
+        Ref: InstancePassword
+      InstanceType:
+        Ref: EcsInstanceType
+      SystemDiskCategory: cloud_essd
+      SystemDiskSize: 200
+      InternetMaxBandwidthOut: 5
+      IoOptimized: optimized
+      MaxAmount: 1
+  RunInstallCommand:
+    Type: ALIYUN::ECS::RunCommand
+    Properties:
+      InstanceIds:
+        Fn::GetAtt:
+        - InstanceGroup
+        - InstanceIds
+      Type: RunShellScript
+      Sync: true
+      Timeout: 3600
+      CommandContent:
+        Fn::Sub:
+          - |
+            #!/bin/bash
+            # 源代码通过computenest-cli被打包为tar.gz包，并发布为部署物
+            wget '{{ computenest::file::hanans426_one-api }}' -O hanans426_one-api.tar.gz > /var/log/download.log
+            tar -zxvf hanans426_one-api.tar.gz && cd "$(tar -tzf hanans426_one-api.tar.gz | head -1 | awk -F'/' '{print $1}')"
+            echo "start run command"
+            echo "${AdminPassword}"
+
+            ARGUS_VERSION=3.5.7 /bin/bash -c "$(curl -sS https://cms-agent-${RegionId}.oss-${RegionId}-internal.aliyuncs.com/Argus/agent_install_ecs-1.7.sh)" >> /root/install_cms_agent.log 2>&1
+          - RegionId:
+              Ref: ALIYUN::Region
+Outputs:
+  ServerAddress:
+    Description:
+      en: ServerAddress.
+      zh-cn: 访问页面。
+    Value:
+      Fn::Sub:
+        - 'http://${ServerAddress}:80'
+        - ServerAddress:
+            Fn::Select:
+            - 0
+            - Fn::GetAtt:
+              - InstanceGroup
+              - PublicIps
+Metadata:
+  ALIYUN::ROS::Interface:
+    ParameterGroups:
+      - Parameters:
+          - PayType
+          - PayPeriodUnit
+          - PayPeriod
+        Label:
+          default: 付费类型配置
+      - Parameters:
+          - EcsInstanceType
+          - InstancePassword
+        Label:
+          default: 资源配置
+      - Parameters:
+          - ZoneId
+          - VpcId
+          - VSwitchId
+        Label:
+          default: 可用区配置
+      - Parameters:
+          - AdminPassword
+        Label:
+          en: Software Configuration
+          zh-cn: 软件配置
+      
--- a/README.en.md
+++ b/README.en.md
@@ -204,6 +204,17 @@ If you encounter a blank page after deployment, refer to [#97](https://github.co
 </div>
 </details>

+<details>
+<summary><strong>Deployment on Aliyun</strong></summary>
+<div>
+
+> Aliyun support one-click deployment to a dedicated VPC.。
+
+Aliyun support the fast deployment，[Deployment Link](https://computenest.console.aliyun.com/service/instance/create/default?type=user&ServiceName=One%20API%20%E7%A4%BE%E5%8C%BA%E7%89%88)
+
+</div>
+</details>
+
 ## Configuration
 The system is ready to use out of the box.

--- a/README.md
+++ b/README.md
@@ -302,6 +302,17 @@ Render 可以直接部署 docker 镜像，不需要 fork 仓库：https://dashbo
 </div>
 </details>

+<details>
+<summary><strong>部署到阿里云</strong></summary>
+<div>
+
+> 阿里云支持一键部署到专属VPC。
+
+阿里云支持快速一键部署，[部署链接](https://computenest.console.aliyun.com/service/instance/create/default?type=user&ServiceName=One%20API%20%E7%A4%BE%E5%8C%BA%E7%89%88)
+
+</div>
+</details>
+
 ## 配置
 系统本身开箱即用。

--- a/common/config/config.go
+++ b/common/config/config.go
@@ -35,6 +35,7 @@ var PasswordLoginEnabled = true
 var PasswordRegisterEnabled = true
 var EmailVerificationEnabled = false
 var GitHubOAuthEnabled = false
+var OidcEnabled = false
 var WeChatAuthEnabled = false
 var TurnstileCheckEnabled = false
 var RegisterEnabled = true
@@ -70,6 +71,13 @@ var GitHubClientSecret = ""
 var LarkClientId = ""
 var LarkClientSecret = ""

+var OidcClientId = ""
+var OidcClientSecret = ""
+var OidcWellKnown = ""
+var OidcAuthorizationEndpoint = ""
+var OidcTokenEndpoint = ""
+var OidcUserinfoEndpoint = ""
+
 var WeChatServerAddress = ""
 var WeChatServerToken = ""
 var WeChatAccountQRCodeImageURL = ""
--- a/common/gin.go
+++ b/common/gin.go
@@ -31,15 +31,15 @@ func UnmarshalBodyReusable(c *gin.Context, v any) error {
 	contentType := c.Request.Header.Get("Content-Type")
 	if strings.HasPrefix(contentType, "application/json") {
 		err = json.Unmarshal(requestBody, &v)
+		c.Request.Body = io.NopCloser(bytes.NewBuffer(requestBody))
 	} else {
-		// skip for now
-		// TODO: someday non json request have variant model, we will need to implementation this
+		c.Request.Body = io.NopCloser(bytes.NewBuffer(requestBody))
+		err = c.ShouldBind(&v)
 	}
 	if err != nil {
 		return err
 	}
 	// Reset request body
-	c.Request.Body = io.NopCloser(bytes.NewBuffer(requestBody))
 	return nil
 }

--- a/controller/auth/oidc.go
+++ b/controller/auth/oidc.go
@@ -0,0 +1,225 @@
+package auth
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-gonic/gin"
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/common/logger"
+	"github.com/songquanpeng/one-api/controller"
+	"github.com/songquanpeng/one-api/model"
+	"net/http"
+	"strconv"
+	"time"
+)
+
+type OidcResponse struct {
+	AccessToken  string `json:"access_token"`
+	IDToken      string `json:"id_token"`
+	RefreshToken string `json:"refresh_token"`
+	TokenType    string `json:"token_type"`
+	ExpiresIn    int    `json:"expires_in"`
+	Scope        string `json:"scope"`
+}
+
+type OidcUser struct {
+	OpenID            string `json:"sub"`
+	Email             string `json:"email"`
+	Name              string `json:"name"`
+	PreferredUsername string `json:"preferred_username"`
+	Picture           string `json:"picture"`
+}
+
+func getOidcUserInfoByCode(code string) (*OidcUser, error) {
+	if code == "" {
+		return nil, errors.New("无效的参数")
+	}
+	values := map[string]string{
+		"client_id":     config.OidcClientId,
+		"client_secret": config.OidcClientSecret,
+		"code":          code,
+		"grant_type":    "authorization_code",
+		"redirect_uri":  fmt.Sprintf("%s/oauth/oidc", config.ServerAddress),
+	}
+	jsonData, err := json.Marshal(values)
+	if err != nil {
+		return nil, err
+	}
+	req, err := http.NewRequest("POST", config.OidcTokenEndpoint, bytes.NewBuffer(jsonData))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "application/json")
+	client := http.Client{
+		Timeout: 5 * time.Second,
+	}
+	res, err := client.Do(req)
+	if err != nil {
+		logger.SysLog(err.Error())
+		return nil, errors.New("无法连接至 OIDC 服务器，请稍后重试！")
+	}
+	defer res.Body.Close()
+	var oidcResponse OidcResponse
+	err = json.NewDecoder(res.Body).Decode(&oidcResponse)
+	if err != nil {
+		return nil, err
+	}
+	req, err = http.NewRequest("GET", config.OidcUserinfoEndpoint, nil)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Authorization", "Bearer "+oidcResponse.AccessToken)
+	res2, err := client.Do(req)
+	if err != nil {
+		logger.SysLog(err.Error())
+		return nil, errors.New("无法连接至 OIDC 服务器，请稍后重试！")
+	}
+	var oidcUser OidcUser
+	err = json.NewDecoder(res2.Body).Decode(&oidcUser)
+	if err != nil {
+		return nil, err
+	}
+	return &oidcUser, nil
+}
+
+func OidcAuth(c *gin.Context) {
+	session := sessions.Default(c)
+	state := c.Query("state")
+	if state == "" || session.Get("oauth_state") == nil || state != session.Get("oauth_state").(string) {
+		c.JSON(http.StatusForbidden, gin.H{
+			"success": false,
+			"message": "state is empty or not same",
+		})
+		return
+	}
+	username := session.Get("username")
+	if username != nil {
+		OidcBind(c)
+		return
+	}
+	if !config.OidcEnabled {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "管理员未开启通过 OIDC 登录以及注册",
+		})
+		return
+	}
+	code := c.Query("code")
+	oidcUser, err := getOidcUserInfoByCode(code)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	user := model.User{
+		OidcId: oidcUser.OpenID,
+	}
+	if model.IsOidcIdAlreadyTaken(user.OidcId) {
+		err := user.FillUserByOidcId()
+		if err != nil {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": err.Error(),
+			})
+			return
+		}
+	} else {
+		if config.RegisterEnabled {
+			user.Email = oidcUser.Email
+			if oidcUser.PreferredUsername != "" {
+				user.Username = oidcUser.PreferredUsername
+			} else {
+				user.Username = "oidc_" + strconv.Itoa(model.GetMaxUserId()+1)
+			}
+			if oidcUser.Name != "" {
+				user.DisplayName = oidcUser.Name
+			} else {
+				user.DisplayName = "OIDC User"
+			}
+			err := user.Insert(0)
+			if err != nil {
+				c.JSON(http.StatusOK, gin.H{
+					"success": false,
+					"message": err.Error(),
+				})
+				return
+			}
+		} else {
+			c.JSON(http.StatusOK, gin.H{
+				"success": false,
+				"message": "管理员关闭了新用户注册",
+			})
+			return
+		}
+	}
+
+	if user.Status != model.UserStatusEnabled {
+		c.JSON(http.StatusOK, gin.H{
+			"message": "用户已被封禁",
+			"success": false,
+		})
+		return
+	}
+	controller.SetupLogin(&user, c)
+}
+
+func OidcBind(c *gin.Context) {
+	if !config.OidcEnabled {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "管理员未开启通过 OIDC 登录以及注册",
+		})
+		return
+	}
+	code := c.Query("code")
+	oidcUser, err := getOidcUserInfoByCode(code)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	user := model.User{
+		OidcId: oidcUser.OpenID,
+	}
+	if model.IsOidcIdAlreadyTaken(user.OidcId) {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "该 OIDC 账户已被绑定",
+		})
+		return
+	}
+	session := sessions.Default(c)
+	id := session.Get("id")
+	// id := c.GetInt("id")  // critical bug!
+	user.Id = id.(int)
+	err = user.FillUserById()
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	user.OidcId = oidcUser.OpenID
+	err = user.Update(false)
+	if err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": err.Error(),
+		})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"message": "bind",
+	})
+	return
+}
--- a/controller/billing.go
+++ b/controller/billing.go
@@ -17,9 +17,11 @@ func GetSubscription(c *gin.Context) {
 	if config.DisplayTokenStatEnabled {
 		tokenId := c.GetInt(ctxkey.TokenId)
 		token, err = model.GetTokenById(tokenId)
-		expiredTime = token.ExpiredTime
-		remainQuota = token.RemainQuota
-		usedQuota = token.UsedQuota
+		if err == nil {
+			expiredTime = token.ExpiredTime
+			remainQuota = token.RemainQuota
+			usedQuota = token.UsedQuota
+		}
 	} else {
 		userId := c.GetInt(ctxkey.Id)
 		remainQuota, err = model.GetUserQuota(userId)
--- a/controller/channel-billing.go
+++ b/controller/channel-billing.go
@@ -81,6 +81,26 @@ type APGC2DGPTUsageResponse struct {
 	TotalUsed      float64 `json:"total_used"`
 }

+type SiliconFlowUsageResponse struct {
+	Code    int    `json:"code"`
+	Message string `json:"message"`
+	Status  bool   `json:"status"`
+	Data    struct {
+		ID            string `json:"id"`
+		Name          string `json:"name"`
+		Image         string `json:"image"`
+		Email         string `json:"email"`
+		IsAdmin       bool   `json:"isAdmin"`
+		Balance       string `json:"balance"`
+		Status        string `json:"status"`
+		Introduction  string `json:"introduction"`
+		Role          string `json:"role"`
+		ChargeBalance string `json:"chargeBalance"`
+		TotalBalance  string `json:"totalBalance"`
+		Category      string `json:"category"`
+	} `json:"data"`
+}
+
 // GetAuthHeader get auth header
 func GetAuthHeader(token string) http.Header {
 	h := http.Header{}
@@ -203,6 +223,28 @@ func updateChannelAIGC2DBalance(channel *model.Channel) (float64, error) {
 	return response.TotalAvailable, nil
 }

+func updateChannelSiliconFlowBalance(channel *model.Channel) (float64, error) {
+	url := "https://api.siliconflow.cn/v1/user/info"
+	body, err := GetResponseBody("GET", url, channel, GetAuthHeader(channel.Key))
+	if err != nil {
+		return 0, err
+	}
+	response := SiliconFlowUsageResponse{}
+	err = json.Unmarshal(body, &response)
+	if err != nil {
+		return 0, err
+	}
+	if response.Code != 20000 {
+		return 0, fmt.Errorf("code: %d, message: %s", response.Code, response.Message)
+	}
+	balance, err := strconv.ParseFloat(response.Data.Balance, 64)
+	if err != nil {
+		return 0, err
+	}
+	channel.UpdateBalance(balance)
+	return balance, nil
+}
+
 func updateChannelBalance(channel *model.Channel) (float64, error) {
 	baseURL := channeltype.ChannelBaseURLs[channel.Type]
 	if channel.GetBaseURL() == "" {
@@ -227,6 +269,8 @@ func updateChannelBalance(channel *model.Channel) (float64, error) {
 		return updateChannelAPI2GPTBalance(channel)
 	case channeltype.AIGC2D:
 		return updateChannelAIGC2DBalance(channel)
+	case channeltype.SiliconFlow:
+		return updateChannelSiliconFlowBalance(channel)
 	default:
 		return 0, errors.New("尚未实现")
 	}
--- a/controller/misc.go
+++ b/controller/misc.go
@@ -18,24 +18,30 @@ func GetStatus(c *gin.Context) {
 		"success": true,
 		"message": "",
 		"data": gin.H{
-			"version":             common.Version,
-			"start_time":          common.StartTime,
-			"email_verification":  config.EmailVerificationEnabled,
-			"github_oauth":        config.GitHubOAuthEnabled,
-			"github_client_id":    config.GitHubClientId,
-			"lark_client_id":      config.LarkClientId,
-			"system_name":         config.SystemName,
-			"logo":                config.Logo,
-			"footer_html":         config.Footer,
-			"wechat_qrcode":       config.WeChatAccountQRCodeImageURL,
-			"wechat_login":        config.WeChatAuthEnabled,
-			"server_address":      config.ServerAddress,
-			"turnstile_check":     config.TurnstileCheckEnabled,
-			"turnstile_site_key":  config.TurnstileSiteKey,
-			"top_up_link":         config.TopUpLink,
-			"chat_link":           config.ChatLink,
-			"quota_per_unit":      config.QuotaPerUnit,
-			"display_in_currency": config.DisplayInCurrencyEnabled,
+			"version":                     common.Version,
+			"start_time":                  common.StartTime,
+			"email_verification":          config.EmailVerificationEnabled,
+			"github_oauth":                config.GitHubOAuthEnabled,
+			"github_client_id":            config.GitHubClientId,
+			"lark_client_id":              config.LarkClientId,
+			"system_name":                 config.SystemName,
+			"logo":                        config.Logo,
+			"footer_html":                 config.Footer,
+			"wechat_qrcode":               config.WeChatAccountQRCodeImageURL,
+			"wechat_login":                config.WeChatAuthEnabled,
+			"server_address":              config.ServerAddress,
+			"turnstile_check":             config.TurnstileCheckEnabled,
+			"turnstile_site_key":          config.TurnstileSiteKey,
+			"top_up_link":                 config.TopUpLink,
+			"chat_link":                   config.ChatLink,
+			"quota_per_unit":              config.QuotaPerUnit,
+			"display_in_currency":         config.DisplayInCurrencyEnabled,
+			"oidc":                        config.OidcEnabled,
+			"oidc_client_id":              config.OidcClientId,
+			"oidc_well_known":             config.OidcWellKnown,
+			"oidc_authorization_endpoint": config.OidcAuthorizationEndpoint,
+			"oidc_token_endpoint":         config.OidcTokenEndpoint,
+			"oidc_userinfo_endpoint":      config.OidcUserinfoEndpoint,
 		},
 	})
 	return
--- a/middleware/distributor.go
+++ b/middleware/distributor.go
@@ -12,7 +12,7 @@ import (
 )

 type ModelRequest struct {
-	Model string `json:"model"`
+	Model string `json:"model" form:"model"`
 }

 func Distribute() func(c *gin.Context) {
--- a/model/log.go
+++ b/model/log.go
@@ -3,6 +3,7 @@ package model
 import (
 	"context"
 	"fmt"
+
 	"github.com/songquanpeng/one-api/common"
 	"github.com/songquanpeng/one-api/common/config"
 	"github.com/songquanpeng/one-api/common/helper"
@@ -152,7 +153,11 @@ func SearchUserLogs(userId int, keyword string) (logs []*Log, err error) {
 }

 func SumUsedQuota(logType int, startTimestamp int64, endTimestamp int64, modelName string, username string, tokenName string, channel int) (quota int64) {
-	tx := LOG_DB.Table("logs").Select("ifnull(sum(quota),0)")
+	ifnull := "ifnull"
+	if common.UsingPostgreSQL {
+		ifnull = "COALESCE"
+	}
+	tx := LOG_DB.Table("logs").Select(fmt.Sprintf("%s(sum(quota),0)", ifnull))
 	if username != "" {
 		tx = tx.Where("username = ?", username)
 	}
@@ -176,7 +181,11 @@ func SumUsedQuota(logType int, startTimestamp int64, endTimestamp int64, modelNa
 }

 func SumUsedToken(logType int, startTimestamp int64, endTimestamp int64, modelName string, username string, tokenName string) (token int) {
-	tx := LOG_DB.Table("logs").Select("ifnull(sum(prompt_tokens),0) + ifnull(sum(completion_tokens),0)")
+	ifnull := "ifnull"
+	if common.UsingPostgreSQL {
+		ifnull = "COALESCE"
+	}
+	tx := LOG_DB.Table("logs").Select(fmt.Sprintf("%s(sum(prompt_tokens),0) + %s(sum(completion_tokens),0)", ifnull, ifnull))
 	if username != "" {
 		tx = tx.Where("username = ?", username)
 	}
--- a/model/option.go
+++ b/model/option.go
@@ -28,6 +28,7 @@ func InitOptionMap() {
 	config.OptionMap["PasswordRegisterEnabled"] = strconv.FormatBool(config.PasswordRegisterEnabled)
 	config.OptionMap["EmailVerificationEnabled"] = strconv.FormatBool(config.EmailVerificationEnabled)
 	config.OptionMap["GitHubOAuthEnabled"] = strconv.FormatBool(config.GitHubOAuthEnabled)
+	config.OptionMap["OidcEnabled"] = strconv.FormatBool(config.OidcEnabled)
 	config.OptionMap["WeChatAuthEnabled"] = strconv.FormatBool(config.WeChatAuthEnabled)
 	config.OptionMap["TurnstileCheckEnabled"] = strconv.FormatBool(config.TurnstileCheckEnabled)
 	config.OptionMap["RegisterEnabled"] = strconv.FormatBool(config.RegisterEnabled)
@@ -130,6 +131,8 @@ func updateOptionMap(key string, value string) (err error) {
 			config.EmailVerificationEnabled = boolValue
 		case "GitHubOAuthEnabled":
 			config.GitHubOAuthEnabled = boolValue
+		case "OidcEnabled":
+			config.OidcEnabled = boolValue
 		case "WeChatAuthEnabled":
 			config.WeChatAuthEnabled = boolValue
 		case "TurnstileCheckEnabled":
@@ -176,6 +179,18 @@ func updateOptionMap(key string, value string) (err error) {
 		config.LarkClientId = value
 	case "LarkClientSecret":
 		config.LarkClientSecret = value
+	case "OidcClientId":
+		config.OidcClientId = value
+	case "OidcClientSecret":
+		config.OidcClientSecret = value
+	case "OidcWellKnown":
+		config.OidcWellKnown = value
+	case "OidcAuthorizationEndpoint":
+		config.OidcAuthorizationEndpoint = value
+	case "OidcTokenEndpoint":
+		config.OidcTokenEndpoint = value
+	case "OidcUserinfoEndpoint":
+		config.OidcUserinfoEndpoint = value
 	case "Footer":
 		config.Footer = value
 	case "SystemName":
--- a/model/token.go
+++ b/model/token.go
@@ -30,7 +30,7 @@ type Token struct {
 	RemainQuota    int64   `json:"remain_quota" gorm:"bigint;default:0"`
 	UnlimitedQuota bool    `json:"unlimited_quota" gorm:"default:false"`
 	UsedQuota      int64   `json:"used_quota" gorm:"bigint;default:0"` // used quota
-	Models         *string `json:"models" gorm:"default:''"`           // allowed models
+	Models         *string `json:"models" gorm:"type:text"`            // allowed models
 	Subnet         *string `json:"subnet" gorm:"default:''"`           // allowed subnet
 }

@@ -121,30 +121,40 @@ func GetTokenById(id int) (*Token, error) {
 	return &token, err
 }

-func (token *Token) Insert() error {
+func (t *Token) Insert() error {
 	var err error
-	err = DB.Create(token).Error
+	err = DB.Create(t).Error
 	return err
 }

 // Update Make sure your token's fields is completed, because this will update non-zero values
-func (token *Token) Update() error {
+func (t *Token) Update() error {
 	var err error
-	err = DB.Model(token).Select("name", "status", "expired_time", "remain_quota", "unlimited_quota", "models", "subnet").Updates(token).Error
+	err = DB.Model(t).Select("name", "status", "expired_time", "remain_quota", "unlimited_quota", "models", "subnet").Updates(t).Error
 	return err
 }

-func (token *Token) SelectUpdate() error {
+func (t *Token) SelectUpdate() error {
 	// This can update zero values
-	return DB.Model(token).Select("accessed_time", "status").Updates(token).Error
+	return DB.Model(t).Select("accessed_time", "status").Updates(t).Error
 }

-func (token *Token) Delete() error {
+func (t *Token) Delete() error {
 	var err error
-	err = DB.Delete(token).Error
+	err = DB.Delete(t).Error
 	return err
 }

+func (t *Token) GetModels() string {
+	if t == nil {
+		return ""
+	}
+	if t.Models == nil {
+		return ""
+	}
+	return *t.Models
+}
+
 func DeleteTokenById(id int, userId int) (err error) {
 	// Why we need userId here? In case user want to delete other's token.
 	if id == 0 || userId == 0 {
@@ -254,14 +264,14 @@ func PreConsumeTokenQuota(tokenId int, quota int64) (err error) {

 func PostConsumeTokenQuota(tokenId int, quota int64) (err error) {
 	token, err := GetTokenById(tokenId)
+	if err != nil {
+		return err
+	}
 	if quota > 0 {
 		err = DecreaseUserQuota(token.UserId, quota)
 	} else {
 		err = IncreaseUserQuota(token.UserId, -quota)
 	}
-	if err != nil {
-		return err
-	}
 	if !token.UnlimitedQuota {
 		if quota > 0 {
 			err = DecreaseTokenQuota(tokenId, quota)
--- a/model/user.go
+++ b/model/user.go
@@ -39,6 +39,7 @@ type User struct {
 	GitHubId         string `json:"github_id" gorm:"column:github_id;index"`
 	WeChatId         string `json:"wechat_id" gorm:"column:wechat_id;index"`
 	LarkId           string `json:"lark_id" gorm:"column:lark_id;index"`
+	OidcId           string `json:"oidc_id" gorm:"column:oidc_id;index"`
 	VerificationCode string `json:"verification_code" gorm:"-:all"`                                    // this field is only for Email verification, don't save it to database!
 	AccessToken      string `json:"access_token" gorm:"type:char(32);column:access_token;uniqueIndex"` // this token is for system management
 	Quota            int64  `json:"quota" gorm:"bigint;default:0"`
@@ -245,6 +246,14 @@ func (user *User) FillUserByLarkId() error {
 	return nil
 }

+func (user *User) FillUserByOidcId() error {
+	if user.OidcId == "" {
+		return errors.New("oidc id 为空！")
+	}
+	DB.Where(User{OidcId: user.OidcId}).First(user)
+	return nil
+}
+
 func (user *User) FillUserByWeChatId() error {
 	if user.WeChatId == "" {
 		return errors.New("WeChat id 为空！")
@@ -277,6 +286,10 @@ func IsLarkIdAlreadyTaken(githubId string) bool {
 	return DB.Where("lark_id = ?", githubId).Find(&User{}).RowsAffected == 1
 }

+func IsOidcIdAlreadyTaken(oidcId string) bool {
+	return DB.Where("oidc_id = ?", oidcId).Find(&User{}).RowsAffected == 1
+}
+
 func IsUsernameAlreadyTaken(username string) bool {
 	return DB.Where("username = ?", username).Find(&User{}).RowsAffected == 1
 }
--- a/monitor/manage.go
+++ b/monitor/manage.go
@@ -1,10 +1,11 @@
 package monitor

 import (
-	"github.com/songquanpeng/one-api/common/config"
-	"github.com/songquanpeng/one-api/relay/model"
 	"net/http"
 	"strings"
+
+	"github.com/songquanpeng/one-api/common/config"
+	"github.com/songquanpeng/one-api/relay/model"
 )

 func ShouldDisableChannel(err *model.Error, statusCode int) bool {
@@ -18,31 +19,23 @@ func ShouldDisableChannel(err *model.Error, statusCode int) bool {
 		return true
 	}
 	switch err.Type {
-	case "insufficient_quota":
-		return true
-	// https://docs.anthropic.com/claude/reference/errors
-	case "authentication_error":
-		return true
-	case "permission_error":
-		return true
-	case "forbidden":
+	case "insufficient_quota", "authentication_error", "permission_error", "forbidden":
 		return true
 	}
 	if err.Code == "invalid_api_key" || err.Code == "account_deactivated" {
 		return true
 	}
-	if strings.HasPrefix(err.Message, "Your credit balance is too low") { // anthropic
-		return true
-	} else if strings.HasPrefix(err.Message, "This organization has been disabled.") {
-		return true
-	}
-	//if strings.Contains(err.Message, "quota") {
-	//	return true
-	//}
-	if strings.Contains(err.Message, "credit") {
-		return true
-	}
-	if strings.Contains(err.Message, "balance") {
+
+	lowerMessage := strings.ToLower(err.Message)
+	if strings.Contains(lowerMessage, "your access was terminated") ||
+		strings.Contains(lowerMessage, "violation of our policies") ||
+		strings.Contains(lowerMessage, "your credit balance is too low") ||
+		strings.Contains(lowerMessage, "organization has been disabled") ||
+		strings.Contains(lowerMessage, "credit") ||
+		strings.Contains(lowerMessage, "balance") ||
+		strings.Contains(lowerMessage, "permission denied") ||
+  	strings.Contains(lowerMessage, "organization has been restricted") || // groq
+		strings.Contains(lowerMessage, "已欠费") {
 		return true
 	}
 	return false
--- a/relay/adaptor/ali/main.go
+++ b/relay/adaptor/ali/main.go
@@ -3,6 +3,7 @@ package ali
 import (
 	"bufio"
 	"encoding/json"
+	"github.com/songquanpeng/one-api/common/ctxkey"
 	"github.com/songquanpeng/one-api/common/render"
 	"io"
 	"net/http"
@@ -59,7 +60,7 @@ func ConvertRequest(request model.GeneralOpenAIRequest) *ChatRequest {

 func ConvertEmbeddingRequest(request model.GeneralOpenAIRequest) *EmbeddingRequest {
 	return &EmbeddingRequest{
-		Model: "text-embedding-v1",
+		Model: request.Model,
 		Input: struct {
 			Texts []string `json:"texts"`
 		}{
@@ -102,8 +103,9 @@ func EmbeddingHandler(c *gin.Context, resp *http.Response) (*model.ErrorWithStat
 			StatusCode: resp.StatusCode,
 		}, nil
 	}
-
+	requestModel := c.GetString(ctxkey.RequestModel)
 	fullTextResponse := embeddingResponseAli2OpenAI(&aliResponse)
+	fullTextResponse.Model = requestModel
 	jsonResponse, err := json.Marshal(fullTextResponse)
 	if err != nil {
 		return openai.ErrorWrapper(err, "marshal_response_body_failed", http.StatusInternalServerError), nil
--- a/relay/adaptor/openai/constants.go
+++ b/relay/adaptor/openai/constants.go
@@ -8,6 +8,8 @@ var ModelList = []string{
 	"gpt-4-32k", "gpt-4-32k-0314", "gpt-4-32k-0613",
 	"gpt-4-turbo-preview", "gpt-4-turbo", "gpt-4-turbo-2024-04-09",
 	"gpt-4o", "gpt-4o-2024-05-13",
+	"gpt-4o-2024-08-06",
+	"chatgpt-4o-latest",
 	"gpt-4o-mini", "gpt-4o-mini-2024-07-18",
 	"gpt-4-vision-preview",
 	"text-embedding-ada-002", "text-embedding-3-small", "text-embedding-3-large",
--- a/relay/adaptor/openai/main.go
+++ b/relay/adaptor/openai/main.go
@@ -55,8 +55,8 @@ func StreamHandler(c *gin.Context, resp *http.Response, relayMode int) (*model.E
 				render.StringData(c, data) // if error happened, pass the data to client
 				continue                   // just ignore the error
 			}
-			if len(streamResponse.Choices) == 0 {
-				// but for empty choice, we should not pass it to client, this is for azure
+			if len(streamResponse.Choices) == 0 && streamResponse.Usage == nil {
+				// but for empty choice and no usage, we should not pass it to client, this is for azure
 				continue // just ignore empty choice
 			}
 			render.StringData(c, data)
--- a/relay/adaptor/stepfun/constants.go
+++ b/relay/adaptor/stepfun/constants.go
@@ -1,7 +1,13 @@
 package stepfun

 var ModelList = []string{
+	"step-1-8k",
 	"step-1-32k",
+	"step-1-128k",
+	"step-1-256k",
+	"step-1-flash",
+	"step-2-16k",
+	"step-1v-8k",
 	"step-1v-32k",
-	"step-1-200k",
+	"step-1x-medium",
 }
--- a/relay/adaptor/tencent/constants.go
+++ b/relay/adaptor/tencent/constants.go
@@ -5,4 +5,5 @@ var ModelList = []string{
 	"hunyuan-standard",
 	"hunyuan-standard-256K",
 	"hunyuan-pro",
+	"hunyuan-vision",
 }
--- a/relay/adaptor/xunfei/constants.go
+++ b/relay/adaptor/xunfei/constants.go
@@ -5,6 +5,7 @@ var ModelList = []string{
 	"SparkDesk-v1.1",
 	"SparkDesk-v2.1",
 	"SparkDesk-v3.1",
+	"SparkDesk-v3.1-128K",
 	"SparkDesk-v3.5",
 	"SparkDesk-v4.0",
 }
--- a/relay/adaptor/xunfei/main.go
+++ b/relay/adaptor/xunfei/main.go
@@ -272,9 +272,9 @@ func xunfeiMakeRequest(textRequest model.GeneralOpenAIRequest, domain, authUrl,
 }

 func parseAPIVersionByModelName(modelName string) string {
-	parts := strings.Split(modelName, "-")
-	if len(parts) == 2 {
-		return parts[1]
+	index := strings.IndexAny(modelName, "-")
+	if index != -1 {
+		return modelName[index+1:]
 	}
 	return ""
 }
@@ -288,6 +288,8 @@ func apiVersion2domain(apiVersion string) string {
 		return "generalv2"
 	case "v3.1":
 		return "generalv3"
+	case "v3.1-128K":
+		return "pro-128k"
 	case "v3.5":
 		return "generalv3.5"
 	case "v4.0":
@@ -297,7 +299,14 @@ func apiVersion2domain(apiVersion string) string {
 }

 func getXunfeiAuthUrl(apiVersion string, apiKey string, apiSecret string) (string, string) {
+	var authUrl string
 	domain := apiVersion2domain(apiVersion)
-	authUrl := buildXunfeiAuthUrl(fmt.Sprintf("wss://spark-api.xf-yun.com/%s/chat", apiVersion), apiKey, apiSecret)
+	switch apiVersion {
+	case "v3.1-128K":
+		authUrl = buildXunfeiAuthUrl(fmt.Sprintf("wss://spark-api.xf-yun.com/%s/pro-128k", apiVersion), apiKey, apiSecret)
+		break
+	default:
+		authUrl = buildXunfeiAuthUrl(fmt.Sprintf("wss://spark-api.xf-yun.com/%s/chat", apiVersion), apiKey, apiSecret)
+	}
 	return domain, authUrl
 }
--- a/relay/billing/ratio/image.go
+++ b/relay/billing/ratio/image.go
@@ -30,6 +30,14 @@ var ImageSizeRatios = map[string]map[string]float64{
 		"720x1280":  1,
 		"1280x720":  1,
 	},
+	"step-1x-medium": {
+		"256x256":   1,
+		"512x512":   1,
+		"768x768":   1,
+		"1024x1024": 1,
+		"1280x800":  1,
+		"800x1280":  1,
+	},
 }

 var ImageGenerationAmounts = map[string][2]int{
@@ -39,6 +47,7 @@ var ImageGenerationAmounts = map[string][2]int{
 	"ali-stable-diffusion-v1.5": {1, 4}, // Ali
 	"wanx-v1":                   {1, 4}, // Ali
 	"cogview-3":                 {1, 1},
+	"step-1x-medium":            {1, 1},
 }

 var ImagePromptLengthLimitations = map[string]int{
@@ -48,6 +57,7 @@ var ImagePromptLengthLimitations = map[string]int{
 	"ali-stable-diffusion-v1.5": 4000,
 	"wanx-v1":                   4000,
 	"cogview-3":                 833,
+	"step-1x-medium":            4000,
 }

 var ImageOriginModelName = map[string]string{
--- a/relay/billing/ratio/model.go
+++ b/relay/billing/ratio/model.go
@@ -34,7 +34,9 @@ var ModelRatio = map[string]float64{
 	"gpt-4-turbo":             5,     // $0.01 / 1K tokens
 	"gpt-4-turbo-2024-04-09":  5,     // $0.01 / 1K tokens
 	"gpt-4o":                  2.5,   // $0.005 / 1K tokens
+	"chatgpt-4o-latest":       2.5,   // $0.005 / 1K tokens
 	"gpt-4o-2024-05-13":       2.5,   // $0.005 / 1K tokens
+	"gpt-4o-2024-08-06":       1.25,  // $0.0025 / 1K tokens
 	"gpt-4o-mini":             0.075, // $0.00015 / 1K tokens
 	"gpt-4o-mini-2024-07-18":  0.075, // $0.00015 / 1K tokens
 	"gpt-4-vision-preview":    5,     // $0.01 / 1K tokens
@@ -126,6 +128,7 @@ var ModelRatio = map[string]float64{
 	"SparkDesk-v1.1":            1.2858, // ￥0.018 / 1k tokens
 	"SparkDesk-v2.1":            1.2858, // ￥0.018 / 1k tokens
 	"SparkDesk-v3.1":            1.2858, // ￥0.018 / 1k tokens
+	"SparkDesk-v3.1-128K":       1.2858, // ￥0.018 / 1k tokens
 	"SparkDesk-v3.5":            1.2858, // ￥0.018 / 1k tokens
 	"SparkDesk-v4.0":            1.2858, // ￥0.018 / 1k tokens
 	"360GPT_S2_V9":              0.8572, // ¥0.012 / 1k tokens
@@ -171,10 +174,15 @@ var ModelRatio = map[string]float64{
 	"yi-34b-chat-0205": 2.5 / 1000 * RMB,
 	"yi-34b-chat-200k": 12.0 / 1000 * RMB,
 	"yi-vl-plus":       6.0 / 1000 * RMB,
-	// stepfun todo
-	"step-1v-32k": 0.024 * RMB,
-	"step-1-32k":  0.024 * RMB,
-	"step-1-200k": 0.15 * RMB,
+	// https://platform.stepfun.com/docs/pricing/details
+	"step-1-8k":    0.005 / 1000 * RMB,
+	"step-1-32k":   0.015 / 1000 * RMB,
+	"step-1-128k":  0.040 / 1000 * RMB,
+	"step-1-256k":  0.095 / 1000 * RMB,
+	"step-1-flash": 0.001 / 1000 * RMB,
+	"step-2-16k":   0.038 / 1000 * RMB,
+	"step-1v-8k":   0.005 / 1000 * RMB,
+	"step-1v-32k":  0.015 / 1000 * RMB,
 	// aws llama3 https://aws.amazon.com/cn/bedrock/pricing/
 	"llama3-8b-8192(33)":  0.0003 / 0.002,  // $0.0003 / 1K tokens
 	"llama3-70b-8192(33)": 0.00265 / 0.002, // $0.00265 / 1K tokens
@@ -200,8 +208,10 @@ var CompletionRatio = map[string]float64{
 	"llama3-70b-8192(33)": 0.0035 / 0.00265,
 }

-var DefaultModelRatio map[string]float64
-var DefaultCompletionRatio map[string]float64
+var (
+	DefaultModelRatio      map[string]float64
+	DefaultCompletionRatio map[string]float64
+)

 func init() {
 	DefaultModelRatio = make(map[string]float64)
@@ -313,7 +323,7 @@ func GetCompletionRatio(name string, channelType int) float64 {
 		return 4.0 / 3.0
 	}
 	if strings.HasPrefix(name, "gpt-4") {
-		if strings.HasPrefix(name, "gpt-4o-mini") {
+		if strings.HasPrefix(name, "gpt-4o-mini") || name == "gpt-4o-2024-08-06" {
 			return 4
 		}
 		if strings.HasPrefix(name, "gpt-4-turbo") ||
@@ -323,6 +333,9 @@ func GetCompletionRatio(name string, channelType int) float64 {
 		}
 		return 2
 	}
+	if name == "chatgpt-4o-latest" {
+		return 3
+	}
 	if strings.HasPrefix(name, "claude-3") {
 		return 5
 	}
--- a/relay/model/general.go
+++ b/relay/model/general.go
@@ -1,7 +1,15 @@
 package model

 type ResponseFormat struct {
-	Type string `json:"type,omitempty"`
+	Type       string      `json:"type,omitempty"`
+	JsonSchema *JSONSchema `json:"json_schema,omitempty"`
+}
+
+type JSONSchema struct {
+	Description string                 `json:"description,omitempty"`
+	Name        string                 `json:"name"`
+	Schema      map[string]interface{} `json:"schema,omitempty"`
+	Strict      *bool                  `json:"strict,omitempty"`
 }

 type GeneralOpenAIRequest struct {
--- a/router/api.go
+++ b/router/api.go
@@ -23,6 +23,7 @@ func SetApiRouter(router *gin.Engine) {
 		apiRouter.GET("/reset_password", middleware.CriticalRateLimit(), middleware.TurnstileCheck(), controller.SendPasswordResetEmail)
 		apiRouter.POST("/user/reset", middleware.CriticalRateLimit(), controller.ResetPassword)
 		apiRouter.GET("/oauth/github", middleware.CriticalRateLimit(), auth.GitHubOAuth)
+		apiRouter.GET("/oauth/oidc", middleware.CriticalRateLimit(), auth.OidcAuth)
 		apiRouter.GET("/oauth/lark", middleware.CriticalRateLimit(), auth.LarkOAuth)
 		apiRouter.GET("/oauth/state", middleware.CriticalRateLimit(), auth.GenerateOAuthCode)
 		apiRouter.GET("/oauth/wechat", middleware.CriticalRateLimit(), auth.WeChatAuth)
--- a/web/air/src/components/TokensTable.js
+++ b/web/air/src/components/TokensTable.js
@@ -11,12 +11,14 @@ import EditToken from '../pages/Token/EditToken';
 const COPY_OPTIONS = [
  { key: 'next', text: 'ChatGPT Next Web', value: 'next' },
  { key: 'ama', text: 'ChatGPT Web & Midjourney', value: 'ama' },
-  { key: 'opencat', text: 'OpenCat', value: 'opencat' }
+  { key: 'opencat', text: 'OpenCat', value: 'opencat' },
+  { key: 'lobechat', text: 'LobeChat', value: 'lobechat' },
 ];

 const OPEN_LINK_OPTIONS = [
  { key: 'ama', text: 'ChatGPT Web & Midjourney', value: 'ama' },
-  { key: 'opencat', text: 'OpenCat', value: 'opencat' }
+  { key: 'opencat', text: 'OpenCat', value: 'opencat' },
+  { key: 'lobechat', text: 'LobeChat', value: 'lobechat' }
 ];

 function renderTimestamp(timestamp) {
@@ -60,7 +62,12 @@ const TokensTable = () => {
        onOpenLink('next-mj');
      }
    },
-    { node: 'item', key: 'opencat', name: 'OpenCat', value: 'opencat' }
+    { node: 'item', key: 'opencat', name: 'OpenCat', value: 'opencat' },
+    {
+      node: 'item', key: 'lobechat', name: 'LobeChat', onClick: () => {
+        onOpenLink('lobechat');
+      }
+    }
  ];

  const columns = [
@@ -177,6 +184,11 @@ const TokensTable = () => {
                  node: 'item', key: 'opencat', name: 'OpenCat', onClick: () => {
                    onOpenLink('opencat', record.key);
                  }
+                },
+                {
+                  node: 'item', key: 'lobechat', name: 'LobeChat', onClick: () => {
+                    onOpenLink('lobechat');
+                  }
                }
              ]
            }
@@ -382,6 +394,9 @@ const TokensTable = () => {
      case 'next-mj':
        url = mjLink + `/#/?settings={"key":"sk-${key}","url":"${serverAddress}"}`;
        break;
+      case 'lobechat':
+        url = chatLink + `/?settings={"keyVaults":{"openai":{"apiKey":"sk-${key}","baseURL":"${serverAddress}"/v1"}}}`;
+        break;
      default:
        if (!chatLink) {
          showError('管理员未设置聊天链接');
--- a/web/air/src/pages/Channel/EditChannel.js
+++ b/web/air/src/pages/Channel/EditChannel.js
@@ -78,7 +78,7 @@ const EditChannel = (props) => {
                    localModels = ['chatglm_pro', 'chatglm_std', 'chatglm_lite'];
                    break;
                case 18:
-                    localModels = ['SparkDesk', 'SparkDesk-v1.1', 'SparkDesk-v2.1', 'SparkDesk-v3.1', 'SparkDesk-v3.5', 'SparkDesk-v4.0'];
+                    localModels = ['SparkDesk', 'SparkDesk-v1.1', 'SparkDesk-v2.1', 'SparkDesk-v3.1', 'SparkDesk-v3.1-128K', 'SparkDesk-v3.5', 'SparkDesk-v4.0'];
                    break;
                case 19:
                    localModels = ['360GPT_S2_V9', 'embedding-bert-512-v1', 'embedding_s1_v1', 'semantic_similarity_s1_v1'];
--- a/web/berry/src/assets/images/icons/lark.svg
+++ b/web/berry/src/assets/images/icons/lark.svg
--- a/web/berry/src/assets/images/icons/oidc.svg
+++ b/web/berry/src/assets/images/icons/oidc.svg
@@ -0,0 +1,7 @@
+<svg t="1723135116886" class="icon" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg"
+     p-id="10969" width="200" height="200">
+    <path d="M512 960C265 960 64 759 64 512S265 64 512 64s448 201 448 448-201 448-448 448z m0-882.6c-239.7 0-434.6 195-434.6 434.6s195 434.6 434.6 434.6 434.6-195 434.6-434.6S751.7 77.4 512 77.4z"
+          p-id="10970" fill="#2c2c2c" stroke="#2c2c2c" stroke-width="60"></path>
+    <path d="M197.7 512c0-78.3 31.6-98.8 87.2-98.8 56.2 0 87.2 20.5 87.2 98.8s-31 98.8-87.2 98.8c-55.7 0-87.2-20.5-87.2-98.8z m130.4 0c0-46.8-7.8-64.5-43.2-64.5-35.2 0-42.9 17.7-42.9 64.5 0 47.1 7.8 63.7 42.9 63.7 35.4 0 43.2-16.6 43.2-63.7zM409.7 415.9h42.1V608h-42.1V415.9zM653.9 512c0 74.2-37.1 96.1-93.6 96.1h-65.9V415.9h65.9c56.5 0 93.6 16.1 93.6 96.1z m-43.5 0c0-49.3-17.7-60.6-52.3-60.6h-21.6v120.7h21.6c35.4 0 52.3-13.3 52.3-60.1zM686.5 512c0-74.2 36.3-98.8 92.7-98.8 18.3 0 33.2 2.2 44.8 6.4v36.3c-11.9-4.2-26-6.6-42.1-6.6-34.6 0-49.8 15.5-49.8 62.6 0 50.1 15.2 62.6 49.3 62.6 15.8 0 30.2-2.2 44.8-7.5v36c-11.3 4.7-28.5 8-46.8 8-56.1-0.2-92.9-18.7-92.9-99z"
+          p-id="10971" fill="#2c2c2c" stroke="#2c2c2c" stroke-width="20"></path>
+</svg>
--- a/web/berry/src/config.js
+++ b/web/berry/src/config.js
@@ -22,7 +22,12 @@ const config = {
    turnstile_site_key: '',
    version: '',
    wechat_login: false,
-    wechat_qrcode: ''
+    wechat_qrcode: '',
+    oidc: false,
+    oidc_client_id: '',
+    oidc_authorization_endpoint: '',
+    oidc_token_endpoint: '',
+    oidc_userinfo_endpoint: '',
  }
 };

--- a/web/berry/src/hooks/useLogin.js
+++ b/web/berry/src/hooks/useLogin.js
@@ -70,6 +70,28 @@ const useLogin = () => {
    }
  };

+  const oidcLogin = async (code, state) => {
+    try {
+      const res = await API.get(`/api/oauth/oidc?code=${code}&state=${state}`);
+      const { success, message, data } = res.data;
+      if (success) {
+        if (message === 'bind') {
+          showSuccess('绑定成功！');
+          navigate('/panel');
+        } else {
+          dispatch({ type: LOGIN, payload: data });
+          localStorage.setItem('user', JSON.stringify(data));
+          showSuccess('登录成功！');
+          navigate('/panel');
+        }
+      }
+      return { success, message };
+    } catch (err) {
+      // 请求失败，设置错误信息
+      return { success: false, message: '' };
+    }
+  }
+
  const wechatLogin = async (code) => {
    try {
      const res = await API.get(`/api/oauth/wechat?code=${code}`);
@@ -94,7 +116,7 @@ const useLogin = () => {
    navigate('/');
  };

-  return { login, logout, githubLogin, wechatLogin, larkLogin };
+  return { login, logout, githubLogin, wechatLogin, larkLogin,oidcLogin };
 };

 export default useLogin;
--- a/web/berry/src/routes/OtherRoutes.js
+++ b/web/berry/src/routes/OtherRoutes.js
@@ -9,6 +9,7 @@ const AuthLogin = Loadable(lazy(() => import('views/Authentication/Auth/Login'))
 const AuthRegister = Loadable(lazy(() => import('views/Authentication/Auth/Register')));
 const GitHubOAuth = Loadable(lazy(() => import('views/Authentication/Auth/GitHubOAuth')));
 const LarkOAuth = Loadable(lazy(() => import('views/Authentication/Auth/LarkOAuth')));
+const OidcOAuth = Loadable(lazy(() => import('views/Authentication/Auth/OidcOAuth')));
 const ForgetPassword = Loadable(lazy(() => import('views/Authentication/Auth/ForgetPassword')));
 const ResetPassword = Loadable(lazy(() => import('views/Authentication/Auth/ResetPassword')));
 const Home = Loadable(lazy(() => import('views/Home')));
@@ -53,6 +54,10 @@ const OtherRoutes = {
      path: '/oauth/lark',
      element: <LarkOAuth />
    },
+    {
+      path: 'oauth/oidc',
+      element: <OidcOAuth />
+    },
    {
      path: '/404',
      element: <NotFoundView />
--- a/web/berry/src/utils/common.js
+++ b/web/berry/src/utils/common.js
@@ -98,6 +98,21 @@ export async function onLarkOAuthClicked(lark_client_id) {
  window.open(`https://open.feishu.cn/open-apis/authen/v1/index?redirect_uri=${redirect_uri}&app_id=${lark_client_id}&state=${state}`);
 }

+export async function onOidcClicked(auth_url, client_id, openInNewTab = false) {
+  const state = await getOAuthState();
+  if (!state) return;
+  const redirect_uri = `${window.location.origin}/oauth/oidc`;
+  const response_type = "code";
+  const scope = "openid profile email";
+  const url = `${auth_url}?client_id=${client_id}&redirect_uri=${redirect_uri}&response_type=${response_type}&scope=${scope}&state=${state}`;
+  if (openInNewTab) {
+    window.open(url);
+  } else
+  {
+    window.location.href = url;
+  }
+}
+
 export function isAdmin() {
  let user = localStorage.getItem('user');
  if (!user) return false;
--- a/web/berry/src/views/Authentication/Auth/OidcOAuth.js
+++ b/web/berry/src/views/Authentication/Auth/OidcOAuth.js
@@ -0,0 +1,94 @@
+import { Link, useNavigate, useSearchParams } from 'react-router-dom';
+import React, { useEffect, useState } from 'react';
+import { showError } from 'utils/common';
+import useLogin from 'hooks/useLogin';
+
+// material-ui
+import { useTheme } from '@mui/material/styles';
+import { Grid, Stack, Typography, useMediaQuery, CircularProgress } from '@mui/material';
+
+// project imports
+import AuthWrapper from '../AuthWrapper';
+import AuthCardWrapper from '../AuthCardWrapper';
+import Logo from 'ui-component/Logo';
+
+// assets
+
+// ================================|| AUTH3 - LOGIN ||================================ //
+
+const OidcOAuth = () => {
+  const theme = useTheme();
+  const matchDownSM = useMediaQuery(theme.breakpoints.down('md'));
+
+  const [searchParams] = useSearchParams();
+  const [prompt, setPrompt] = useState('处理中...');
+  const { oidcLogin } = useLogin();
+
+  let navigate = useNavigate();
+
+  const sendCode = async (code, state, count) => {
+    const { success, message } = await oidcLogin(code, state);
+    if (!success) {
+      if (message) {
+        showError(message);
+      }
+      if (count === 0) {
+        setPrompt(`操作失败，重定向至登录界面中...`);
+        await new Promise((resolve) => setTimeout(resolve, 2000));
+        navigate('/login');
+        return;
+      }
+      count++;
+      setPrompt(`出现错误，第 ${count} 次重试中...`);
+      await new Promise((resolve) => setTimeout(resolve, 2000));
+      await sendCode(code, state, count);
+    }
+  };
+
+  useEffect(() => {
+    let code = searchParams.get('code');
+    let state = searchParams.get('state');
+    sendCode(code, state, 0).then();
+  }, []);
+
+  return (
+    <AuthWrapper>
+      <Grid container direction="column" justifyContent="flex-end">
+        <Grid item xs={12}>
+          <Grid container justifyContent="center" alignItems="center" sx={{ minHeight: 'calc(100vh - 136px)' }}>
+            <Grid item sx={{ m: { xs: 1, sm: 3 }, mb: 0 }}>
+              <AuthCardWrapper>
+                <Grid container spacing={2} alignItems="center" justifyContent="center">
+                  <Grid item sx={{ mb: 3 }}>
+                    <Link to="#">
+                      <Logo />
+                    </Link>
+                  </Grid>
+                  <Grid item xs={12}>
+                    <Grid container direction={matchDownSM ? 'column-reverse' : 'row'} alignItems="center" justifyContent="center">
+                      <Grid item>
+                        <Stack alignItems="center" justifyContent="center" spacing={1}>
+                          <Typography color={theme.palette.primary.main} gutterBottom variant={matchDownSM ? 'h3' : 'h2'}>
+                            OIDC 登录
+                          </Typography>
+                        </Stack>
+                      </Grid>
+                    </Grid>
+                  </Grid>
+                  <Grid item xs={12} container direction="column" justifyContent="center" alignItems="center" style={{ height: '200px' }}>
+                    <CircularProgress />
+                    <Typography variant="h3" paddingTop={'20px'}>
+                      {prompt}
+                    </Typography>
+                  </Grid>
+                </Grid>
+              </AuthCardWrapper>
+            </Grid>
+          </Grid>
+        </Grid>
+      </Grid>
+    </AuthWrapper>
+  );
+};
+
+export default OidcOAuth;
--- a/web/berry/src/views/Authentication/AuthForms/AuthLogin.js
+++ b/web/berry/src/views/Authentication/AuthForms/AuthLogin.js
@@ -36,7 +36,8 @@ import VisibilityOff from '@mui/icons-material/VisibilityOff';
 import Github from 'assets/images/icons/github.svg';
 import Wechat from 'assets/images/icons/wechat.svg';
 import Lark from 'assets/images/icons/lark.svg';
-import { onGitHubOAuthClicked, onLarkOAuthClicked } from 'utils/common';
+import OIDC from 'assets/images/icons/oidc.svg';
+import { onGitHubOAuthClicked, onLarkOAuthClicked, onOidcClicked } from 'utils/common';

 // ============================|| FIREBASE - LOGIN ||============================ //

@@ -50,7 +51,7 @@ const LoginForm = ({ ...others }) => {
  // const [checked, setChecked] = useState(true);

  let tripartiteLogin = false;
-  if (siteInfo.github_oauth || siteInfo.wechat_login || siteInfo.lark_client_id) {
+  if (siteInfo.github_oauth || siteInfo.wechat_login || siteInfo.lark_client_id || siteInfo.oidc) {
    tripartiteLogin = true;
  }

@@ -145,6 +146,29 @@ const LoginForm = ({ ...others }) => {
              </AnimateButton>
            </Grid>
          )}
+          {siteInfo.oidc && (
+            <Grid item xs={12}>
+              <AnimateButton>
+                <Button
+                  disableElevation
+                  fullWidth
+                  onClick={() => onOidcClicked(siteInfo.oidc_authorization_endpoint,siteInfo.oidc_client_id)}
+                  size="large"
+                  variant="outlined"
+                  sx={{
+                    color: 'grey.700',
+                    backgroundColor: theme.palette.grey[50],
+                    borderColor: theme.palette.grey[100]
+                  }}
+                >
+                  <Box sx={{ mr: { xs: 1, sm: 2, width: 20 }, display: 'flex', alignItems: 'center' }}>
+                    <img src={OIDC} alt="Lark" width={25} height={25} style={{ marginRight: matchDownSM ? 8 : 16 }} />
+                  </Box>
+                  使用 OIDC 登录
+                </Button>
+              </AnimateButton>
+            </Grid>
+          )}
          <Grid item xs={12}>
            <Box
              sx={{
--- a/web/berry/src/views/Channel/component/TableRow.js
+++ b/web/berry/src/views/Channel/component/TableRow.js
@@ -268,6 +268,8 @@ function renderBalance(type, balance) {
      return <span>¥{balance.toFixed(2)}</span>;
    case 13: // AIGC2D
      return <span>{renderNumber(balance)}</span>;
+    case 44: // SiliconFlow
+      return <span>¥{balance.toFixed(2)}</span>;
    default:
      return <span>不支持</span>;
  }
--- a/web/berry/src/views/Channel/type/Config.js
+++ b/web/berry/src/views/Channel/type/Config.js
@@ -91,7 +91,7 @@ const typeConfig = {
      other: '版本号'
    },
    input: {
-      models: ['SparkDesk', 'SparkDesk-v1.1', 'SparkDesk-v2.1', 'SparkDesk-v3.1', 'SparkDesk-v3.5', 'SparkDesk-v4.0']
+      models: ['SparkDesk', 'SparkDesk-v1.1', 'SparkDesk-v2.1', 'SparkDesk-v3.1', 'SparkDesk-v3.1-128K', 'SparkDesk-v3.5', 'SparkDesk-v4.0']
    },
    prompt: {
      key: '按照如下格式输入：APPID|APISecret|APIKey',
--- a/web/berry/src/views/Profile/index.js
+++ b/web/berry/src/views/Profile/index.js
@@ -20,7 +20,7 @@ import SubCard from 'ui-component/cards/SubCard';
 import { IconBrandWechat, IconBrandGithub, IconMail } from '@tabler/icons-react';
 import Label from 'ui-component/Label';
 import { API } from 'utils/api';
-import { showError, showSuccess } from 'utils/common';
+import { onOidcClicked, showError, showSuccess } from 'utils/common';
 import { onGitHubOAuthClicked, onLarkOAuthClicked, copy } from 'utils/common';
 import * as Yup from 'yup';
 import WechatModal from 'views/Authentication/AuthForms/WechatModal';
@@ -28,6 +28,7 @@ import { useSelector } from 'react-redux';
 import EmailModal from './component/EmailModal';
 import Turnstile from 'react-turnstile';
 import { ReactComponent as Lark } from 'assets/images/icons/lark.svg';
+import { ReactComponent as OIDC } from 'assets/images/icons/oidc.svg';

 const validationSchema = Yup.object().shape({
  username: Yup.string().required('用户名 不能为空').min(3, '用户名 不能小于 3 个字符'),
@@ -123,6 +124,15 @@ export default function Profile() {
    loadUser().then();
  }, [status]);

+  function getOidcId(){
+    if (!inputs.oidc_id) return '';
+    let oidc_id = inputs.oidc_id;
+    if (inputs.oidc_id.length > 8) {
+      oidc_id = inputs.oidc_id.slice(0, 6) + '...' + inputs.oidc_id.slice(-6);
+    }
+    return oidc_id;
+  }
+
  return (
    <>
      <UserCard>
@@ -141,6 +151,9 @@ export default function Profile() {
              <Label variant="ghost" color={inputs.lark_id ? 'primary' : 'default'}>
                <SvgIcon component={Lark} inheritViewBox="0 0 24 24" /> {inputs.lark_id || '未绑定'}
              </Label>
+              <Label variant="ghost" color={inputs.oidc_id ? 'primary' : 'default'}>
+                <SvgIcon component={OIDC} inheritViewBox="0 0 24 24" /> {getOidcId() || '未绑定'}
+              </Label>
            </Stack>
            <SubCard title="个人信息">
              <Grid container spacing={2}>
@@ -216,6 +229,13 @@ export default function Profile() {
                    </Button>
                  </Grid>
                )}
+                {status.oidc && !inputs.oidc_id && (
+                  <Grid xs={12} md={4}>
+                    <Button variant="contained" onClick={() => onOidcClicked(status.oidc_authorization_endpoint,status.oidc_client_id,true)}>
+                      绑定 OIDC 账号
+                    </Button>
+                  </Grid>
+                )}
                <Grid xs={12} md={4}>
                  <Button
                    variant="contained"
--- a/web/berry/src/views/Setting/component/SystemSetting.js
+++ b/web/berry/src/views/Setting/component/SystemSetting.js
@@ -33,6 +33,13 @@ const SystemSetting = () => {
    GitHubClientSecret: '',
    LarkClientId: '',
    LarkClientSecret: '',
+    OidcEnabled: '',
+    OidcWellKnown: '',
+    OidcClientId: '',
+    OidcClientSecret: '',
+    OidcAuthorizationEndpoint: '',
+    OidcTokenEndpoint: '',
+    OidcUserinfoEndpoint: '',
    Notice: '',
    SMTPServer: '',
    SMTPPort: '',
@@ -94,6 +101,7 @@ const SystemSetting = () => {
      case 'TurnstileCheckEnabled':
      case 'EmailDomainRestrictionEnabled':
      case 'RegisterEnabled':
+      case 'OidcEnabled':
        value = inputs[key] === 'true' ? 'false' : 'true';
        break;
      default:
@@ -142,8 +150,15 @@ const SystemSetting = () => {
      name === 'MessagePusherAddress' ||
      name === 'MessagePusherToken' ||
      name === 'LarkClientId' ||
-      name === 'LarkClientSecret'
-    ) {
+      name === 'LarkClientSecret' ||
+      name === 'OidcClientId' ||
+      name === 'OidcClientSecret' ||
+      name === 'OidcWellKnown' ||
+      name === 'OidcAuthorizationEndpoint' ||
+      name === 'OidcTokenEndpoint' ||
+      name === 'OidcUserinfoEndpoint'
+    )
+    {
      setInputs((inputs) => ({ ...inputs, [name]: value }));
    } else {
      await updateOption(name, value);
@@ -225,6 +240,43 @@ const SystemSetting = () => {
    }
  };

+  const submitOidc = async () => {
+    if (inputs.OidcWellKnown !== '') {
+      if (!inputs.OidcWellKnown.startsWith('http://') && !inputs.OidcWellKnown.startsWith('https://')) {
+        showError('Well-Known URL 必须以 http:// 或 https:// 开头');
+        return;
+      }
+      try {
+        const res = await API.get(inputs.OidcWellKnown);
+        inputs.OidcAuthorizationEndpoint = res.data['authorization_endpoint'];
+        inputs.OidcTokenEndpoint = res.data['token_endpoint'];
+        inputs.OidcUserinfoEndpoint = res.data['userinfo_endpoint'];
+        showSuccess('获取 OIDC 配置成功！');
+      } catch (err) {
+        showError("获取 OIDC 配置失败，请检查网络状况和 Well-Known URL 是否正确");
+      }
+    }
+
+    if (originInputs['OidcWellKnown'] !== inputs.OidcWellKnown) {
+      await updateOption('OidcWellKnown', inputs.OidcWellKnown);
+    }
+    if (originInputs['OidcClientId'] !== inputs.OidcClientId) {
+      await updateOption('OidcClientId', inputs.OidcClientId);
+    }
+    if (originInputs['OidcClientSecret'] !== inputs.OidcClientSecret && inputs.OidcClientSecret !== '') {
+      await updateOption('OidcClientSecret', inputs.OidcClientSecret);
+    }
+    if (originInputs['OidcAuthorizationEndpoint'] !== inputs.OidcAuthorizationEndpoint) {
+      await updateOption('OidcAuthorizationEndpoint', inputs.OidcAuthorizationEndpoint);
+    }
+    if (originInputs['OidcTokenEndpoint'] !== inputs.OidcTokenEndpoint) {
+      await updateOption('OidcTokenEndpoint', inputs.OidcTokenEndpoint);
+    }
+    if (originInputs['OidcUserinfoEndpoint'] !== inputs.OidcUserinfoEndpoint) {
+      await updateOption('OidcUserinfoEndpoint', inputs.OidcUserinfoEndpoint);
+    }
+  };
+
  return (
    <>
      <Stack spacing={2}>
@@ -291,6 +343,12 @@ const SystemSetting = () => {
                control={<Checkbox checked={inputs.GitHubOAuthEnabled === 'true'} onChange={handleInputChange} name="GitHubOAuthEnabled" />}
              />
            </Grid>
+            <Grid xs={12} md={3}>
+              <FormControlLabel
+                label="允许通过 OIDC 登录 & 注册"
+                control={<Checkbox checked={inputs.OidcEnabled === 'true'} onChange={handleInputChange} name="OidcEnabled" />}
+              />
+            </Grid>
            <Grid xs={12} md={3}>
              <FormControlLabel
                label="允许通过微信登录 & 注册"
@@ -616,6 +674,117 @@ const SystemSetting = () => {
            </Grid>
          </Grid>
        </SubCard>
+
+        <SubCard
+          title="配置 OIDC"
+          subTitle={
+            <span>
+              用以支持通过 OIDC 登录，例如 Okta、Auth0 等兼容 OIDC 协议的 IdP
+            </span>
+          }
+        >
+          <Grid container spacing={ { xs: 3, sm: 2, md: 4 } }>
+            <Grid xs={ 12 } md={ 12 }>
+              <Alert severity="info" sx={ { wordWrap: 'break-word' } }>
+                主页链接填 <code>{ inputs.ServerAddress }</code>
+                ，重定向 URL 填 <code>{ `${ inputs.ServerAddress }/oauth/oidc` }</code>
+              </Alert> <br />
+              <Alert severity="info" sx={ { wordWrap: 'break-word' } }>
+                若你的 OIDC Provider 支持 Discovery Endpoint，你可以仅填写 OIDC Well-Known URL，系统会自动获取 OIDC 配置
+              </Alert>
+            </Grid>
+            <Grid xs={ 12 } md={ 6 }>
+              <FormControl fullWidth>
+                <InputLabel htmlFor="OidcClientId">Client ID</InputLabel>
+                <OutlinedInput
+                  id="OidcClientId"
+                  name="OidcClientId"
+                  value={ inputs.OidcClientId || '' }
+                  onChange={ handleInputChange }
+                  label="Client ID"
+                  placeholder="输入 OIDC 的 Client ID"
+                  disabled={ loading }
+                />
+              </FormControl>
+            </Grid>
+            <Grid xs={ 12 } md={ 6 }>
+              <FormControl fullWidth>
+                <InputLabel htmlFor="OidcClientSecret">Client Secret</InputLabel>
+                <OutlinedInput
+                  id="OidcClientSecret"
+                  name="OidcClientSecret"
+                  value={ inputs.OidcClientSecret || '' }
+                  onChange={ handleInputChange }
+                  label="Client Secret"
+                  placeholder="敏感信息不会发送到前端显示"
+                  disabled={ loading }
+                />
+              </FormControl>
+            </Grid>
+            <Grid xs={ 12 } md={ 6 }>
+              <FormControl fullWidth>
+                <InputLabel htmlFor="OidcWellKnown">Well-Known URL</InputLabel>
+                <OutlinedInput
+                  id="OidcWellKnown"
+                  name="OidcWellKnown"
+                  value={ inputs.OidcWellKnown || '' }
+                  onChange={ handleInputChange }
+                  label="Well-Known URL"
+                  placeholder="请输入 OIDC 的 Well-Known URL"
+                  disabled={ loading }
+                />
+              </FormControl>
+            </Grid>
+            <Grid xs={ 12 } md={ 6 }>
+              <FormControl fullWidth>
+                <InputLabel htmlFor="OidcAuthorizationEndpoint">Authorization Endpoint</InputLabel>
+                <OutlinedInput
+                  id="OidcAuthorizationEndpoint"
+                  name="OidcAuthorizationEndpoint"
+                  value={ inputs.OidcAuthorizationEndpoint || '' }
+                  onChange={ handleInputChange }
+                  label="Authorization Endpoint"
+                  placeholder="输入 OIDC 的 Authorization Endpoint"
+                  disabled={ loading }
+                />
+              </FormControl>
+            </Grid>
+            <Grid xs={ 12 } md={ 6 }>
+              <FormControl fullWidth>
+                <InputLabel htmlFor="OidcTokenEndpoint">Token Endpoint</InputLabel>
+                <OutlinedInput
+                  id="OidcTokenEndpoint"
+                  name="OidcTokenEndpoint"
+                  value={ inputs.OidcTokenEndpoint || '' }
+                  onChange={ handleInputChange }
+                  label="Token Endpoint"
+                  placeholder="输入 OIDC 的 Token Endpoint"
+                  disabled={ loading }
+                />
+              </FormControl>
+            </Grid>
+            <Grid xs={ 12 } md={ 6 }>
+              <FormControl fullWidth>
+                <InputLabel htmlFor="OidcUserinfoEndpoint">Userinfo Endpoint</InputLabel>
+                <OutlinedInput
+                  id="OidcUserinfoEndpoint"
+                  name="OidcUserinfoEndpoint"
+                  value={ inputs.OidcUserinfoEndpoint || '' }
+                  onChange={ handleInputChange }
+                  label="Userinfo Endpoint"
+                  placeholder="输入 OIDC 的 Userinfo Endpoint"
+                  disabled={ loading }
+                />
+              </FormControl>
+            </Grid>
+            <Grid xs={ 12 }>
+              <Button variant="contained" onClick={ submitOidc }>
+                保存 OIDC 设置
+              </Button>
+            </Grid>
+          </Grid>
+        </SubCard>
+
        <SubCard
          title="配置 Message Pusher"
          subTitle={
--- a/web/berry/src/views/Token/component/TableRow.js
+++ b/web/berry/src/views/Token/component/TableRow.js
@@ -32,7 +32,8 @@ const COPY_OPTIONS = [
    encode: false
  },
  { key: 'ama', text: 'BotGem', url: 'ama://set-api-key?server={serverAddress}&key=sk-{key}', encode: true },
-  { key: 'opencat', text: 'OpenCat', url: 'opencat://team/join?domain={serverAddress}&token=sk-{key}', encode: true }
+  { key: 'opencat', text: 'OpenCat', url: 'opencat://team/join?domain={serverAddress}&token=sk-{key}', encode: true },
+  { key: 'lobechat', text: 'LobeChat', url: 'https://lobehub.com/?settings={"keyVaults":{"openai":{"apiKey":"user-key","baseURL":"https://your-proxy.com/v1"}}}', encode: true }
 ];

 function replacePlaceholders(text, key, serverAddress) {
--- a/web/default/src/components/ChannelsTable.js
+++ b/web/default/src/components/ChannelsTable.js
@@ -52,6 +52,8 @@ function renderBalance(type, balance) {
      return <span>¥{balance.toFixed(2)}</span>;
    case 13: // AIGC2D
      return <span>{renderNumber(balance)}</span>;
+    case 44: // SiliconFlow
+      return <span>¥{balance.toFixed(2)}</span>;
    default:
      return <span>不支持</span>;
  }
--- a/web/default/src/components/TokensTable.js
+++ b/web/default/src/components/TokensTable.js
@@ -10,12 +10,14 @@ const COPY_OPTIONS = [
  { key: 'next', text: 'ChatGPT Next Web', value: 'next' },
  { key: 'ama', text: 'BotGem', value: 'ama' },
  { key: 'opencat', text: 'OpenCat', value: 'opencat' },
+  { key: 'lobechat', text: 'LobeChat', value: 'lobechat' },
 ];

 const OPEN_LINK_OPTIONS = [
  { key: 'next', text: 'ChatGPT Next Web', value: 'next' },
  { key: 'ama', text: 'BotGem', value: 'ama' },
  { key: 'opencat', text: 'OpenCat', value: 'opencat' },
+  { key: 'lobechat', text: 'LobeChat', value: 'lobechat' },
 ];

 function renderTimestamp(timestamp) {
@@ -114,6 +116,9 @@ const TokensTable = () => {
      case 'next':
        url = nextUrl;
        break;
+      case 'lobechat':
+        url = nextLink + `/?settings={"keyVaults":{"openai":{"apiKey":"sk-${key}","baseURL":"${serverAddress}"/v1"}}}`;
+        break;
      default:
        url = `sk-${key}`;
    }
@@ -153,7 +158,11 @@ const TokensTable = () => {
      case 'opencat':
        url = `opencat://team/join?domain=${encodedServerAddress}&token=sk-${key}`;
        break;
-        
+
+      case 'lobechat':
+        url = chatLink + `/?settings={"keyVaults":{"openai":{"apiKey":"sk-${key}","baseURL":"${serverAddress}"/v1"}}}`;
+        break;
+
      default:
        url = defaultUrl;
    }
Author	SHA1	Message	Date
hanans426	2df135a118	Merge `664f7ba676` into `fdd7bf41c0`	2024-10-09 06:25:58 +00:00
aliyun-computenest	664f7ba676	Init computenest project. on-behalf-of: @org aliyun-computenest@alibaba-inc.com	2024-10-09 14:25:53 +08:00
hanans426	a4c6ac8cf2	Update README.en.md	2024-09-29 09:57:46 +08:00
hanans426	9fab3d00b4	Update README.md	2024-09-29 09:56:36 +08:00
hanans426	0a49508f0f	Update README.md	2024-09-29 09:54:24 +08:00
herui.gh	dc2cf8297a	add Deployment on Aliyun in readme	2024-09-27 14:12:44 +08:00
抒情熊	fdd7bf41c0	feat: support multipart/form-data format request (#1690 ) Some checks failed CI / Unit tests (push) Has been cancelled Details CI / commit_lint (push) Has been cancelled Details * "add parser multipart/form-data" * chore: fix impl * chore: update impl --------- Co-authored-by: JustSong <songquanpeng@foxmail.com>	2024-09-22 17:32:47 +08:00
徐瑞东	29389ed44f	fix: modify the type of token models to be text (#1761 ) * fix: modify the type of token models to be text * chore: update receiver name --------- Co-authored-by: JustSong <songquanpeng@foxmail.com>	2024-09-22 16:51:16 +08:00
byte911	88acc5a614	fix: return the usage info if not null (#1792 ) Usage is missing.	2024-09-22 16:41:10 +08:00
TimeTrapzz	a21681096a	feat: add siliconflow usage (#1798 )	2024-09-22 16:31:26 +08:00
lihangfu	32f90a79a8	feat: support SparkDesk-v3.1-128K (#1732 ) * feat: 支持SparkDesk-v3.1-128K以及hunyuan-vision * feat: 支持SparkDesk-v3.1-128K以及hunyuan-vision --------- Co-authored-by: lihangfu <hfli8@iflytek.com>	2024-09-22 16:29:09 +08:00
OnEvent	99c8c77504	feat: add oidc support (#1725 ) Some checks are pending CI / Unit tests (push) Waiting to run Details CI / commit_lint (push) Waiting to run Details * feat: add the ui for configuring the third-party standard OAuth2.0/OIDC. - update SystemSetting.js - add setup ui - add configuration * feat: add the ui for "allow the OAuth 2.0 to login" - update SystemSetting.js * feat: add OAuth 2.0 web ui and its process functions - update common.js - update AuthLogin.js - update config.js * fix: missing "Userinfo" endpoint configuration entry, used by OAuth clients to request user information from the IdP. - update config.js - update SystemSetting.js * feat: updated the icons for Lark and OIDC to match the style of the icons for WeChat, EMail, GitHub. - update lark.svg - new oidc.svg * refactor: Changing OAuth 2.0 to OIDC * feat: add OIDC login method * feat: Add support for OIDC login to the backend * fix: Change the AppId and AppSecret on the Web UI to the standard usage: ClientId, ClientSecret. * feat: Support quick configuration of OIDC through Well-Known Discovery Endpoint * feat: Standardize terminology, add well-known configuration - Change the AppId and AppSecret on the Server End to the standard usage: ClientId, ClientSecret. - add Well-Known configuration to store in database, no actual use in server end but store and display in web ui only	2024-09-21 23:03:20 +08:00
TAKO	649ecbf29c	feat: support new openai models (4o 0806, chatgpt-4o-latest) (#1721 ) * feat: support new model gpt-4o-2024-08-06 * feat: support new model chatgpt-4o-latest	2024-09-21 23:01:19 +08:00
qinguoyi	3a27c90910	fix: getTokenById return token nil, make panic (#1728 ) * fix:getTokenById return token nil, make panic * chore: remove useless err check --------- Co-authored-by: JustSong <songquanpeng@foxmail.com>	2024-09-21 23:00:29 +08:00
千寻简	cba82404ae	feat: add lobechat open link options (#1741 ) Co-authored-by: Star <iii9777@163.com>	2024-09-21 22:49:31 +08:00
forrestlinfeng	c9ac670ba1	feat: update stepfun models (#1740 ) Co-authored-by: chenlinfeng <chenlinfeng@step.ai>	2024-09-21 22:48:46 +08:00
leavegee	15f815c23c	fix: fix ali embedding model always use v1 (#1747 ) * fix:ali embedding model: v2 and v3 * chore: use ctxkey.RequestModel to eliminate hardcoding --------- Co-authored-by: xuejia <gexuejia@djbx.com> Co-authored-by: JustSong <songquanpeng@foxmail.com>	2024-09-21 22:40:06 +08:00
majian	89b63ca96f	feat: ResponseFormat support json_schema (#1759 ) * feat: responseFormat support json_schema * chore: rename struct name --------- Co-authored-by: JustSong <songquanpeng@foxmail.com>	2024-09-21 22:35:24 +08:00
Ghostz	8cc54489b9	feat: update disabled channel (#1780 ) * Update disabled channel * Update manage.go * Update manage.go * chore: add missing space --------- Co-authored-by: JustSong <songquanpeng@foxmail.com> Co-authored-by: JustSong <39998050+songquanpeng@users.noreply.github.com>	2024-09-21 22:31:53 +08:00
guogeer	58bf60805e	fix: postgres use COALESCE replace null (#1793 ) Co-authored-by: jinqi.guo <jinqi.guo@ubtrobot.com>	2024-09-21 22:13:31 +08:00
AJ's Life Journey	6714cf96d6	fix: Groq organization not auto-disabled when blocked (#1822 )	2024-09-21 22:12:09 +08:00
				`@@ -0,0 +1 @@`
				{"ServicePort":"80","SecurityPorts":[80],"RepoName":"hanans426/one-api","Arch":"EcsSingle","RunCommand":"echo \"start run command\"\necho \"${AdminPassword}\"\n","SourceCodePath":".","CommandTimeout":3600,"ServiceType":"private","AllowedRegions":["cn-hangzhou","cn-shanghai","cn-beijing"],"ArtifactSourceType":"SourceCode","ImageId":"centos_7_9_x64_20G_alibase_20230613.vhd","RegionId":"cn-hangzhou","CustomParameters":[{"NoEcho":true,"Type":"String","AssociationProperty":"ALIYUN::ECS::Instance::Password","Label":"管理员密码","Name":"AdminPassword"}]}