Hugging Face's logo

Spaces:
lin7zhi
/
2api
Paused

App Files Community
2api / src /web_routes.py
lin7zhi's picture
lin7zhi
Upload folder using huggingface_hub
69fec20 verified
raw
history blame contribute delete
74.7 kB
"""
Web路由模块 - 处理认证相关的HTTP请求和控制面板功能
用于与上级web.py集成
"""
import asyncio
import datetime
import io
import json
import os
import time
import zipfile
from collections import deque
from typing import List
from fastapi import (
 APIRouter,
 Depends,
 File,
 HTTPException,
 Request,
 UploadFile,
 WebSocket,
 WebSocketDisconnect,
)
from fastapi.responses import FileResponse, HTMLResponse, JSONResponse, Response
from starlette.websockets import WebSocketState
import config
from log import log
from src.auth import (
 asyncio_complete_auth_flow,
 complete_auth_flow_from_callback_url,
 create_auth_url,
 get_auth_status,
 verify_password,
)
from src.credential_manager import CredentialManager
from .models import (
 LoginRequest,
 AuthStartRequest,
 AuthCallbackRequest,
 AuthCallbackUrlRequest,
 CredFileActionRequest,
 CredFileBatchActionRequest,
 ConfigSaveRequest,
)
from src.storage_adapter import get_storage_adapter
from src.utils import verify_panel_token, GEMINICLI_USER_AGENT, ANTIGRAVITY_USER_AGENT
from src.api.antigravity import fetch_quota_info
from src.google_oauth_api import Credentials, fetch_project_id
from config import get_code_assist_endpoint, get_antigravity_api_url
# 创建路由器
router = APIRouter()
# 创建credential manager实例(延迟初始化,在首次使用时自动初始化)
credential_manager = CredentialManager()
# WebSocket连接管理
class ConnectionManager:
 def __init__(self, max_connections: int = 3): # 进一步降低最大连接数
 # 使用双端队列严格限制内存使用
 self.active_connections: deque = deque(maxlen=max_connections)
 self.max_connections = max_connections
 self._last_cleanup = 0
 self._cleanup_interval = 120 # 120秒清理一次死连接
async def connect(self, websocket: WebSocket):
 # 自动清理死连接
 self._auto_cleanup()
# 限制最大连接数,防止内存无限增长
 if len(self.active_connections) >= self.max_connections:
 await websocket.close(code=1008, reason="Too many connections")
 return False
await websocket.accept()
 self.active_connections.append(websocket)
 log.debug(f"WebSocket连接建立,当前连接数: {len(self.active_connections)}")
 return True
def disconnect(self, websocket: WebSocket):
 # 使用更高效的方式移除连接
 try:
 self.active_connections.remove(websocket)
 except ValueError:
 pass # 连接已不存在
 log.debug(f"WebSocket连接断开,当前连接数: {len(self.active_connections)}")
async def send_personal_message(self, message: str, websocket: WebSocket):
 try:
 await websocket.send_text(message)
 except Exception:
 self.disconnect(websocket)
async def broadcast(self, message: str):
 # 使用更高效的方式处理广播,避免索引操作
 dead_connections = []
 for conn in self.active_connections:
 try:
 await conn.send_text(message)
 except Exception:
 dead_connections.append(conn)
# 批量移除死连接
 for dead_conn in dead_connections:
 self.disconnect(dead_conn)
def _auto_cleanup(self):
 """自动清理死连接"""
 current_time = time.time()
 if current_time - self._last_cleanup > self._cleanup_interval:
 self.cleanup_dead_connections()
 self._last_cleanup = current_time
def cleanup_dead_connections(self):
 """清理已断开的连接"""
 original_count = len(self.active_connections)
 # 使用列表推导式过滤活跃连接,更高效
 alive_connections = deque(
 [
 conn
 for conn in self.active_connections
 if hasattr(conn, "client_state")
 and conn.client_state != WebSocketState.DISCONNECTED
 ],
 maxlen=self.max_connections,
 )
self.active_connections = alive_connections
 cleaned = original_count - len(self.active_connections)
 if cleaned > 0:
 log.debug(f"清理了 {cleaned} 个死连接,剩余连接数: {len(self.active_connections)}")
manager = ConnectionManager()
async def ensure_credential_manager_initialized():
 """确保credential manager已初始化"""
 if not credential_manager._initialized:
 await credential_manager.initialize()
async def get_credential_manager():
 """获取全局凭证管理器实例(已废弃,直接使用模块级的 credential_manager)"""
 global credential_manager
 # 确保已初始化(在首次使用时自动初始化)
 await credential_manager._ensure_initialized()
 return credential_manager
def is_mobile_user_agent(user_agent: str) -> bool:
 """检测是否为移动设备用户代理"""
 if not user_agent:
 return False
user_agent_lower = user_agent.lower()
 mobile_keywords = [
 "mobile",
 "android",
 "iphone",
 "ipad",
 "ipod",
 "blackberry",
 "windows phone",
 "samsung",
 "htc",
 "motorola",
 "nokia",
 "palm",
 "webos",
 "opera mini",
 "opera mobi",
 "fennec",
 "minimo",
 "symbian",
 "psp",
 "nintendo",
 "tablet",
 ]
return any(keyword in user_agent_lower for keyword in mobile_keywords)
@router.get("/", response_class=HTMLResponse)
async def serve_control_panel(request: Request):
 """提供统一控制面板"""
 try:
 user_agent = request.headers.get("user-agent", "")
 is_mobile = is_mobile_user_agent(user_agent)
if is_mobile:
 html_file_path = "front/control_panel_mobile.html"
 else:
 html_file_path = "front/control_panel.html"
with open(html_file_path, "r", encoding="utf-8") as f:
 html_content = f.read()
 return HTMLResponse(content=html_content)
except Exception as e:
 log.error(f"加载控制面板页面失败: {e}")
 raise HTTPException(status_code=500, detail="服务器内部错误")
@router.post("/auth/login")
async def login(request: LoginRequest):
 """用户登录(简化版:直接返回密码作为token)"""
 try:
 if await verify_password(request.password):
 # 直接使用密码作为token,简化认证流程
 return JSONResponse(content={"token": request.password, "message": "登录成功"})
 else:
 raise HTTPException(status_code=401, detail="密码错误")
 except HTTPException:
 raise
 except Exception as e:
 log.error(f"登录失败: {e}")
 raise HTTPException(status_code=500, detail=str(e))
@router.post("/auth/start")
async def start_auth(request: AuthStartRequest, token: str = Depends(verify_panel_token)):
 """开始认证流程,支持自动检测项目ID"""
 try:
 # 如果没有提供项目ID,尝试自动检测
 project_id = request.project_id
 if not project_id:
 log.info("用户未提供项目ID,后续将使用自动检测...")
# 使用认证令牌作为用户会话标识
 user_session = token if token else None
 result = await create_auth_url(
 project_id, user_session, mode=request.mode
 )
if result["success"]:
 return JSONResponse(
 content={
 "auth_url": result["auth_url"],
 "state": result["state"],
 "auto_project_detection": result.get("auto_project_detection", False),
 "detected_project_id": result.get("detected_project_id"),
 }
 )
 else:
 raise HTTPException(status_code=500, detail=result["error"])
except HTTPException:
 raise
 except Exception as e:
 log.error(f"开始认证流程失败: {e}")
 raise HTTPException(status_code=500, detail=str(e))
@router.post("/auth/callback")
async def auth_callback(request: AuthCallbackRequest, token: str = Depends(verify_panel_token)):
 """处理认证回调,支持自动检测项目ID"""
 try:
 # 项目ID现在是可选的,在回调处理中进行自动检测
 project_id = request.project_id
# 使用认证令牌作为用户会话标识
 user_session = token if token else None
 # 异步等待OAuth回调完成
 result = await asyncio_complete_auth_flow(
 project_id, user_session, mode=request.mode
 )
if result["success"]:
 # 单项目认证成功
 return JSONResponse(
 content={
 "credentials": result["credentials"],
 "file_path": result["file_path"],
 "message": "认证成功,凭证已保存",
 "auto_detected_project": result.get("auto_detected_project", False),
 }
 )
 else:
 # 如果需要手动项目ID或项目选择,在响应中标明
 if result.get("requires_manual_project_id"):
 # 使用JSON响应
 return JSONResponse(
 status_code=400,
 content={"error": result["error"], "requires_manual_project_id": True},
 )
 elif result.get("requires_project_selection"):
 # 返回项目列表供用户选择
 return JSONResponse(
 status_code=400,
 content={
 "error": result["error"],
 "requires_project_selection": True,
 "available_projects": result["available_projects"],
 },
 )
 else:
 raise HTTPException(status_code=400, detail=result["error"])
except HTTPException:
 raise
 except Exception as e:
 log.error(f"处理认证回调失败: {e}")
 raise HTTPException(status_code=500, detail=str(e))
@router.post("/auth/callback-url")
async def auth_callback_url(request: AuthCallbackUrlRequest, token: str = Depends(verify_panel_token)):
 """从回调URL直接完成认证"""
 try:
 # 验证URL格式
 if not request.callback_url or not request.callback_url.startswith(("http://", "https://")):
 raise HTTPException(status_code=400, detail="请提供有效的回调URL")
# 从回调URL完成认证
 result = await complete_auth_flow_from_callback_url(
 request.callback_url, request.project_id, mode=request.mode
 )
if result["success"]:
 # 单项目认证成功
 return JSONResponse(
 content={
 "credentials": result["credentials"],
 "file_path": result["file_path"],
 "message": "从回调URL认证成功,凭证已保存",
 "auto_detected_project": result.get("auto_detected_project", False),
 }
 )
 else:
 # 处理各种错误情况
 if result.get("requires_manual_project_id"):
 return JSONResponse(
 status_code=400,
 content={"error": result["error"], "requires_manual_project_id": True},
 )
 elif result.get("requires_project_selection"):
 return JSONResponse(
 status_code=400,
 content={
 "error": result["error"],
 "requires_project_selection": True,
 "available_projects": result["available_projects"],
 },
 )
 else:
 raise HTTPException(status_code=400, detail=result["error"])
except HTTPException:
 raise
 except Exception as e:
 log.error(f"从回调URL处理认证失败: {e}")
 raise HTTPException(status_code=500, detail=str(e))
@router.get("/auth/status/{project_id}")
async def check_auth_status(project_id: str, token: str = Depends(verify_panel_token)):
 """检查认证状态"""
 try:
 if not project_id:
 raise HTTPException(status_code=400, detail="Project ID 不能为空")
status = get_auth_status(project_id)
 return JSONResponse(content=status)
except Exception as e:
 log.error(f"检查认证状态失败: {e}")
 raise HTTPException(status_code=500, detail=str(e))
# =============================================================================
# 工具函数 (Helper Functions)
# =============================================================================
def validate_mode(mode: str = "geminicli") -> str:
 """
 验证 mode 参数
 Args:
 mode: 模式字符串 ("geminicli" 或 "antigravity")
 Returns:
 str: 验证后的 mode 字符串
 Raises:
 HTTPException: 如果 mode 参数无效
 """
 if mode not in ["geminicli", "antigravity"]:
 raise HTTPException(
 status_code=400,
 detail=f"无效的 mode 参数: {mode},只支持 'geminicli' 或 'antigravity'"
 )
 return mode
def get_env_locked_keys() -> set:
 """获取被环境变量锁定的配置键集合"""
 env_locked_keys = set()
# 使用 config.py 中统一维护的映射表
 for env_key, config_key in config.ENV_MAPPINGS.items():
 if os.getenv(env_key):
 env_locked_keys.add(config_key)
return env_locked_keys
async def extract_json_files_from_zip(zip_file: UploadFile) -> List[dict]:
 """从ZIP文件中提取JSON文件"""
 try:
 # 读取ZIP文件内容
 zip_content = await zip_file.read()
# 不限制ZIP文件大小,只在处理时控制文件数量
files_data = []
with zipfile.ZipFile(io.BytesIO(zip_content), "r") as zip_ref:
 # 获取ZIP中的所有文件
 file_list = zip_ref.namelist()
 json_files = [
 f for f in file_list if f.endswith(".json") and not f.startswith("__MACOSX/")
 ]
if not json_files:
 raise HTTPException(status_code=400, detail="ZIP文件中没有找到JSON文件")
log.info(f"从ZIP文件 {zip_file.filename} 中找到 {len(json_files)} 个JSON文件")
for json_filename in json_files:
 try:
 # 读取JSON文件内容
 with zip_ref.open(json_filename) as json_file:
 content = json_file.read()
try:
 content_str = content.decode("utf-8")
 except UnicodeDecodeError:
 log.warning(f"跳过编码错误的文件: {json_filename}")
 continue
# 使用原始文件名(去掉路径)
 filename = os.path.basename(json_filename)
 files_data.append({"filename": filename, "content": content_str})
except Exception as e:
 log.warning(f"处理ZIP中的文件 {json_filename} 时出错: {e}")
 continue
log.info(f"成功从ZIP文件中提取 {len(files_data)} 个有效的JSON文件")
 return files_data
except zipfile.BadZipFile:
 raise HTTPException(status_code=400, detail="无效的ZIP文件格式")
 except Exception as e:
 log.error(f"处理ZIP文件失败: {e}")
 raise HTTPException(status_code=500, detail=f"处理ZIP文件失败: {str(e)}")
async def upload_credentials_common(
 files: List[UploadFile], mode: str = "geminicli"
) -> JSONResponse:
 """批量上传凭证文件的通用函数"""
 mode = validate_mode(mode)
if not files:
 raise HTTPException(status_code=400, detail="请选择要上传的文件")
# 检查文件数量限制
 if len(files) > 100:
 raise HTTPException(
 status_code=400, detail=f"文件数量过多,最多支持100个文件,当前:{len(files)}个"
 )
files_data = []
 for file in files:
 # 检查文件类型:支持JSON和ZIP
 if file.filename.endswith(".zip"):
 zip_files_data = await extract_json_files_from_zip(file)
 files_data.extend(zip_files_data)
 log.info(f"从ZIP文件 {file.filename} 中提取了 {len(zip_files_data)} 个JSON文件")
elif file.filename.endswith(".json"):
 # 处理单个JSON文件 - 流式读取
 content_chunks = []
 while True:
 chunk = await file.read(8192)
 if not chunk:
 break
 content_chunks.append(chunk)
content = b"".join(content_chunks)
 try:
 content_str = content.decode("utf-8")
 except UnicodeDecodeError:
 raise HTTPException(
 status_code=400, detail=f"文件 {file.filename} 编码格式不支持"
 )
files_data.append({"filename": file.filename, "content": content_str})
 else:
 raise HTTPException(
 status_code=400, detail=f"文件 {file.filename} 格式不支持,只支持JSON和ZIP文件"
 )
batch_size = 1000
 all_results = []
 total_success = 0
for i in range(0, len(files_data), batch_size):
 batch_files = files_data[i : i + batch_size]
async def process_single_file(file_data):
 try:
 filename = file_data["filename"]
 # 确保文件名只保存basename,避免路径问题
 filename = os.path.basename(filename)
 content_str = file_data["content"]
 credential_data = json.loads(content_str)
# 根据凭证类型调用不同的添加方法
 if mode == "antigravity":
 await credential_manager.add_antigravity_credential(filename, credential_data)
 else:
 await credential_manager.add_credential(filename, credential_data)
log.debug(f"成功上传 {mode} 凭证文件: {filename}")
 return {"filename": filename, "status": "success", "message": "上传成功"}
except json.JSONDecodeError as e:
 return {
 "filename": file_data["filename"],
 "status": "error",
 "message": f"JSON格式错误: {str(e)}",
 }
 except Exception as e:
 return {
 "filename": file_data["filename"],
 "status": "error",
 "message": f"处理失败: {str(e)}",
 }
log.info(f"开始并发处理 {len(batch_files)}{mode} 文件...")
 concurrent_tasks = [process_single_file(file_data) for file_data in batch_files]
 batch_results = await asyncio.gather(*concurrent_tasks, return_exceptions=True)
processed_results = []
 batch_uploaded_count = 0
 for result in batch_results:
 if isinstance(result, Exception):
 processed_results.append(
 {
 "filename": "unknown",
 "status": "error",
 "message": f"处理异常: {str(result)}",
 }
 )
 else:
 processed_results.append(result)
 if result["status"] == "success":
 batch_uploaded_count += 1
all_results.extend(processed_results)
 total_success += batch_uploaded_count
batch_num = (i // batch_size) + 1
 total_batches = (len(files_data) + batch_size - 1) // batch_size
 log.info(
 f"批次 {batch_num}/{total_batches} 完成: 成功 "
 f"{batch_uploaded_count}/{len(batch_files)}{mode} 文件"
 )
if total_success > 0:
 return JSONResponse(
 content={
 "uploaded_count": total_success,
 "total_count": len(files_data),
 "results": all_results,
 "message": f"批量上传完成: 成功 {total_success}/{len(files_data)}{mode} 文件",
 }
 )
 else:
 raise HTTPException(status_code=400, detail=f"没有 {mode} 文件上传成功")
async def get_creds_status_common(
 offset: int, limit: int, status_filter: str, mode: str = "geminicli",
 error_code_filter: str = None, cooldown_filter: str = None
) -> JSONResponse:
 """获取凭证文件状态的通用函数"""
 mode = validate_mode(mode)
 # 验证分页参数
 if offset < 0:
 raise HTTPException(status_code=400, detail="offset 必须大于等于 0")
 if limit not in [20, 50, 100, 200, 500, 1000]:
 raise HTTPException(status_code=400, detail="limit 只能是 20、50、100、200、500 或 1000")
 if status_filter not in ["all", "enabled", "disabled"]:
 raise HTTPException(status_code=400, detail="status_filter 只能是 all、enabled 或 disabled")
 if cooldown_filter and cooldown_filter not in ["all", "in_cooldown", "no_cooldown"]:
 raise HTTPException(status_code=400, detail="cooldown_filter 只能是 all、in_cooldown 或 no_cooldown")
storage_adapter = await get_storage_adapter()
 backend_info = await storage_adapter.get_backend_info()
 backend_type = backend_info.get("backend_type", "unknown")
# 优先使用高性能的分页摘要查询
 if hasattr(storage_adapter._backend, 'get_credentials_summary'):
 result = await storage_adapter._backend.get_credentials_summary(
 offset=offset,
 limit=limit,
 status_filter=status_filter,
 mode=mode,
 error_code_filter=error_code_filter if error_code_filter and error_code_filter != "all" else None,
 cooldown_filter=cooldown_filter if cooldown_filter and cooldown_filter != "all" else None
 )
creds_list = []
 for summary in result["items"]:
 cred_info = {
 "filename": os.path.basename(summary["filename"]),
 "user_email": summary["user_email"],
 "disabled": summary["disabled"],
 "error_codes": summary["error_codes"],
 "last_success": summary["last_success"],
 "backend_type": backend_type,
 "model_cooldowns": summary.get("model_cooldowns", {}),
 }
creds_list.append(cred_info)
return JSONResponse(content={
 "items": creds_list,
 "total": result["total"],
 "offset": offset,
 "limit": limit,
 "has_more": (offset + limit) < result["total"],
 "stats": result.get("stats", {"total": 0, "normal": 0, "disabled": 0}),
 })
# 回退到传统方式(MongoDB/其他后端)
 all_credentials = await storage_adapter.list_credentials(mode=mode)
 all_states = await storage_adapter.get_all_credential_states(mode=mode)
# 应用状态筛选
 filtered_credentials = []
 for filename in all_credentials:
 file_status = all_states.get(filename, {"disabled": False})
 is_disabled = file_status.get("disabled", False)
if status_filter == "all":
 filtered_credentials.append(filename)
 elif status_filter == "enabled" and not is_disabled:
 filtered_credentials.append(filename)
 elif status_filter == "disabled" and is_disabled:
 filtered_credentials.append(filename)
total_count = len(filtered_credentials)
 paginated_credentials = filtered_credentials[offset:offset + limit]
creds_list = []
 for filename in paginated_credentials:
 file_status = all_states.get(filename, {
 "error_codes": [],
 "disabled": False,
 "last_success": time.time(),
 "user_email": None,
 })
cred_info = {
 "filename": os.path.basename(filename),
 "user_email": file_status.get("user_email"),
 "disabled": file_status.get("disabled", False),
 "error_codes": file_status.get("error_codes", []),
 "last_success": file_status.get("last_success", time.time()),
 "backend_type": backend_type,
 "model_cooldowns": file_status.get("model_cooldowns", {}),
 }
creds_list.append(cred_info)
return JSONResponse(content={
 "items": creds_list,
 "total": total_count,
 "offset": offset,
 "limit": limit,
 "has_more": (offset + limit) < total_count,
 })
async def download_all_creds_common(mode: str = "geminicli") -> Response:
 """打包下载所有凭证文件的通用函数"""
 mode = validate_mode(mode)
 zip_filename = "antigravity_credentials.zip" if mode == "antigravity" else "credentials.zip"
storage_adapter = await get_storage_adapter()
 credential_filenames = await storage_adapter.list_credentials(mode=mode)
if not credential_filenames:
 raise HTTPException(status_code=404, detail=f"没有找到 {mode} 凭证文件")
log.info(f"开始打包 {len(credential_filenames)}{mode} 凭证文件...")
zip_buffer = io.BytesIO()
with zipfile.ZipFile(zip_buffer, "w", zipfile.ZIP_DEFLATED) as zip_file:
 success_count = 0
 for idx, filename in enumerate(credential_filenames, 1):
 try:
 credential_data = await storage_adapter.get_credential(filename, mode=mode)
 if credential_data:
 content = json.dumps(credential_data, ensure_ascii=False, indent=2)
 zip_file.writestr(os.path.basename(filename), content)
 success_count += 1
if idx % 10 == 0:
 log.debug(f"打包进度: {idx}/{len(credential_filenames)}")
except Exception as e:
 log.warning(f"处理 {mode} 凭证文件 {filename} 时出错: {e}")
 continue
log.info(f"打包完成: 成功 {success_count}/{len(credential_filenames)} 个文件")
zip_buffer.seek(0)
 return Response(
 content=zip_buffer.getvalue(),
 media_type="application/zip",
 headers={"Content-Disposition": f"attachment; filename={zip_filename}"},
 )
async def fetch_user_email_common(filename: str, mode: str = "geminicli") -> JSONResponse:
 """获取指定凭证文件用户邮箱的通用函数"""
 mode = validate_mode(mode)
filename_only = os.path.basename(filename)
 if not filename_only.endswith(".json"):
 raise HTTPException(status_code=404, detail="无效的文件名")
storage_adapter = await get_storage_adapter()
 credential_data = await storage_adapter.get_credential(filename_only, mode=mode)
 if not credential_data:
 raise HTTPException(status_code=404, detail="凭证文件不存在")
email = await credential_manager.get_or_fetch_user_email(filename_only, mode=mode)
if email:
 return JSONResponse(
 content={
 "filename": filename_only,
 "user_email": email,
 "message": "成功获取用户邮箱",
 }
 )
 else:
 return JSONResponse(
 content={
 "filename": filename_only,
 "user_email": None,
 "message": "无法获取用户邮箱,可能凭证已过期或权限不足",
 },
 status_code=400,
 )
async def refresh_all_user_emails_common(mode: str = "geminicli") -> JSONResponse:
 """刷新所有凭证文件用户邮箱的通用函数 - 只为没有邮箱的凭证获取
利用 get_all_credential_states 批量获取状态
 """
 mode = validate_mode(mode)
storage_adapter = await get_storage_adapter()
# 一次性批量获取所有凭证的状态
 all_states = await storage_adapter.get_all_credential_states(mode=mode)
results = []
 success_count = 0
 skipped_count = 0
# 在内存中筛选出需要获取邮箱的凭证
 for filename, state in all_states.items():
 try:
 cached_email = state.get("user_email")
if cached_email:
 # 已有邮箱,跳过获取
 skipped_count += 1
 results.append({
 "filename": os.path.basename(filename),
 "user_email": cached_email,
 "success": True,
 "skipped": True,
 })
 continue
# 没有邮箱,尝试获取
 email = await credential_manager.get_or_fetch_user_email(filename, mode=mode)
 if email:
 success_count += 1
 results.append({
 "filename": os.path.basename(filename),
 "user_email": email,
 "success": True,
 })
 else:
 results.append({
 "filename": os.path.basename(filename),
 "user_email": None,
 "success": False,
 "error": "无法获取邮箱",
 })
 except Exception as e:
 results.append({
 "filename": os.path.basename(filename),
 "user_email": None,
 "success": False,
 "error": str(e),
 })
total_count = len(all_states)
 return JSONResponse(
 content={
 "success_count": success_count,
 "total_count": total_count,
 "skipped_count": skipped_count,
 "results": results,
 "message": f"成功获取 {success_count}/{total_count} 个邮箱地址,跳过 {skipped_count} 个已有邮箱的凭证",
 }
 )
async def deduplicate_credentials_by_email_common(mode: str = "geminicli") -> JSONResponse:
 """批量去重凭证文件的通用函数 - 删除邮箱相同的凭证(只保留一个)"""
 mode = validate_mode(mode)
 storage_adapter = await get_storage_adapter()
try:
 duplicate_info = await storage_adapter._backend.get_duplicate_credentials_by_email(
 mode=mode
 )
duplicate_groups = duplicate_info.get("duplicate_groups", [])
 no_email_files = duplicate_info.get("no_email_files", [])
 total_count = duplicate_info.get("total_count", 0)
if not duplicate_groups:
 return JSONResponse(
 content={
 "deleted_count": 0,
 "kept_count": total_count,
 "total_count": total_count,
 "unique_emails_count": duplicate_info.get("unique_email_count", 0),
 "no_email_count": len(no_email_files),
 "duplicate_groups": [],
 "delete_errors": [],
 "message": "没有发现重复的凭证(相同邮箱)",
 }
 )
# 执行删除操作
 deleted_count = 0
 delete_errors = []
 result_duplicate_groups = []
for group in duplicate_groups:
 email = group["email"]
 kept_file = group["kept_file"]
 duplicate_files = group["duplicate_files"]
deleted_files_in_group = []
 for filename in duplicate_files:
 try:
 success = await credential_manager.remove_credential(filename, mode=mode)
 if success:
 deleted_count += 1
 deleted_files_in_group.append(os.path.basename(filename))
 log.info(f"去重删除凭证: {filename} (邮箱: {email}) (mode={mode})")
 else:
 delete_errors.append(f"{os.path.basename(filename)}: 删除失败")
 except Exception as e:
 delete_errors.append(f"{os.path.basename(filename)}: {str(e)}")
 log.error(f"去重删除凭证 {filename} 时出错: {e}")
result_duplicate_groups.append({
 "email": email,
 "kept_file": os.path.basename(kept_file),
 "deleted_files": deleted_files_in_group,
 "duplicate_count": len(deleted_files_in_group),
 })
kept_count = total_count - deleted_count
return JSONResponse(
 content={
 "deleted_count": deleted_count,
 "kept_count": kept_count,
 "total_count": total_count,
 "unique_emails_count": duplicate_info.get("unique_email_count", 0),
 "no_email_count": len(no_email_files),
 "duplicate_groups": result_duplicate_groups,
 "delete_errors": delete_errors,
 "message": f"去重完成:删除 {deleted_count} 个重复凭证,保留 {kept_count} 个凭证({duplicate_info.get('unique_email_count', 0)} 个唯一邮箱)",
 }
 )
except Exception as e:
 log.error(f"批量去重凭证时出错: {e}")
 return JSONResponse(
 status_code=500,
 content={
 "deleted_count": 0,
 "kept_count": 0,
 "total_count": 0,
 "message": f"去重操作失败: {str(e)}",
 }
 )
# =============================================================================
# 路由处理函数 (Route Handlers)
# =============================================================================
@router.post("/auth/upload")
async def upload_credentials(
 files: List[UploadFile] = File(...),
 token: str = Depends(verify_panel_token),
 mode: str = "geminicli"
):
 """批量上传认证文件"""
 try:
 mode = validate_mode(mode)
 return await upload_credentials_common(files, mode=mode)
 except HTTPException:
 raise
 except Exception as e:
 log.error(f"批量上传失败: {e}")
 raise HTTPException(status_code=500, detail=str(e))
@router.get("/creds/status")
async def get_creds_status(
 token: str = Depends(verify_panel_token),
 offset: int = 0,
 limit: int = 50,
 status_filter: str = "all",
 error_code_filter: str = "all",
 cooldown_filter: str = "all",
 mode: str = "geminicli"
):
 """
 获取凭证文件的状态(轻量级摘要,不包含完整凭证数据,支持分页和状态筛选)
 Args:
 offset: 跳过的记录数(默认0)
 limit: 每页返回的记录数(默认50,可选:20, 50, 100, 200, 500, 1000)
 status_filter: 状态筛选(all=全部, enabled=仅启用, disabled=仅禁用)
 error_code_filter: 错误码筛选(all=全部, 或具体错误码如"400", "403")
 cooldown_filter: 冷却状态筛选(all=全部, in_cooldown=冷却中, no_cooldown=未冷却)
 mode: 凭证模式(geminicli 或 antigravity)
 Returns:
 包含凭证列表、总数、分页信息的响应
 """
 try:
 mode = validate_mode(mode)
 return await get_creds_status_common(
 offset, limit, status_filter, mode=mode,
 error_code_filter=error_code_filter,
 cooldown_filter=cooldown_filter
 )
 except HTTPException:
 raise
 except Exception as e:
 log.error(f"获取凭证状态失败: {e}")
 raise HTTPException(status_code=500, detail=str(e))
@router.get("/creds/detail/{filename}")
async def get_cred_detail(
 filename: str,
 token: str = Depends(verify_panel_token),
 mode: str = "geminicli"
):
 """
 按需获取单个凭证的详细数据(包含完整凭证内容)
 用于用户查看/编辑凭证详情
 """
 try:
 mode = validate_mode(mode)
 # 验证文件名
 if not filename.endswith(".json"):
 raise HTTPException(status_code=400, detail="无效的文件名")
storage_adapter = await get_storage_adapter()
 backend_info = await storage_adapter.get_backend_info()
 backend_type = backend_info.get("backend_type", "unknown")
# 获取凭证数据
 credential_data = await storage_adapter.get_credential(filename, mode=mode)
 if not credential_data:
 raise HTTPException(status_code=404, detail="凭证不存在")
# 获取状态信息
 file_status = await storage_adapter.get_credential_state(filename, mode=mode)
 if not file_status:
 file_status = {
 "error_codes": [],
 "disabled": False,
 "last_success": time.time(),
 "user_email": None,
 }
result = {
 "status": file_status,
 "content": credential_data,
 "filename": os.path.basename(filename),
 "backend_type": backend_type,
 "user_email": file_status.get("user_email"),
 "model_cooldowns": file_status.get("model_cooldowns", {}),
 }
if backend_type == "file" and os.path.exists(filename):
 result.update({
 "size": os.path.getsize(filename),
 "modified_time": os.path.getmtime(filename),
 })
return JSONResponse(content=result)
except HTTPException:
 raise
 except Exception as e:
 log.error(f"获取凭证详情失败 {filename}: {e}")
 raise HTTPException(status_code=500, detail=str(e))
@router.post("/creds/action")
async def creds_action(
 request: CredFileActionRequest,
 token: str = Depends(verify_panel_token),
 mode: str = "geminicli"
):
 """对凭证文件执行操作(启用/禁用/删除)"""
 try:
 mode = validate_mode(mode)
log.info(f"Received request: {request}")
filename = request.filename
 action = request.action
log.info(f"Performing action '{action}' on file: {filename} (mode={mode})")
# 验证文件名
 if not filename.endswith(".json"):
 log.error(f"无效的文件名: {filename}(不是.json文件)")
 raise HTTPException(status_code=400, detail=f"无效的文件名: {filename}")
# 获取存储适配器
 storage_adapter = await get_storage_adapter()
# 对于删除操作,不需要检查凭证数据是否完整,只需检查条目是否存在
 # 对于其他操作,需要确保凭证数据存在且完整
 if action != "delete":
 # 检查凭证数据是否存在
 credential_data = await storage_adapter.get_credential(filename, mode=mode)
 if not credential_data:
 log.error(f"凭证未找到: {filename} (mode={mode})")
 raise HTTPException(status_code=404, detail="凭证文件不存在")
if action == "enable":
 log.info(f"Web请求: 启用文件 {filename} (mode={mode})")
 result = await credential_manager.set_cred_disabled(filename, False, mode=mode)
 log.info(f"[WebRoute] set_cred_disabled 返回结果: {result}")
 if result:
 log.info(f"Web请求: 文件 {filename} 已成功启用 (mode={mode})")
 return JSONResponse(content={"message": f"已启用凭证文件 {os.path.basename(filename)}"})
 else:
 log.error(f"Web请求: 文件 {filename} 启用失败 (mode={mode})")
 raise HTTPException(status_code=500, detail="启用凭证失败,可能凭证不存在")
elif action == "disable":
 log.info(f"Web请求: 禁用文件 {filename} (mode={mode})")
 result = await credential_manager.set_cred_disabled(filename, True, mode=mode)
 log.info(f"[WebRoute] set_cred_disabled 返回结果: {result}")
 if result:
 log.info(f"Web请求: 文件 {filename} 已成功禁用 (mode={mode})")
 return JSONResponse(content={"message": f"已禁用凭证文件 {os.path.basename(filename)}"})
 else:
 log.error(f"Web请求: 文件 {filename} 禁用失败 (mode={mode})")
 raise HTTPException(status_code=500, detail="禁用凭证失败,可能凭证不存在")
elif action == "delete":
 try:
 # 使用 CredentialManager 删除凭证(包含队列/状态同步)
 success = await credential_manager.remove_credential(filename, mode=mode)
 if success:
 log.info(f"通过管理器成功删除凭证: {filename} (mode={mode})")
 return JSONResponse(
 content={"message": f"已删除凭证文件 {os.path.basename(filename)}"}
 )
 else:
 raise HTTPException(status_code=500, detail="删除凭证失败")
 except Exception as e:
 log.error(f"删除凭证 {filename} 时出错: {e}")
 raise HTTPException(status_code=500, detail=f"删除文件失败: {str(e)}")
else:
 raise HTTPException(status_code=400, detail="无效的操作类型")
except HTTPException:
 raise
 except Exception as e:
 log.error(f"凭证文件操作失败: {e}")
 raise HTTPException(status_code=500, detail=str(e))
@router.post("/creds/batch-action")
async def creds_batch_action(
 request: CredFileBatchActionRequest,
 token: str = Depends(verify_panel_token),
 mode: str = "geminicli"
):
 """批量对凭证文件执行操作(启用/禁用/删除)"""
 try:
 mode = validate_mode(mode)
action = request.action
 filenames = request.filenames
if not filenames:
 raise HTTPException(status_code=400, detail="文件名列表不能为空")
log.info(f"对 {len(filenames)} 个文件执行批量操作 '{action}'")
success_count = 0
 errors = []
storage_adapter = await get_storage_adapter()
for filename in filenames:
 try:
 # 验证文件名安全性
 if not filename.endswith(".json"):
 errors.append(f"{filename}: 无效的文件类型")
 continue
# 对于删除操作,不需要检查凭证数据完整性
 # 对于其他操作,需要确保凭证数据存在
 if action != "delete":
 credential_data = await storage_adapter.get_credential(filename, mode=mode)
 if not credential_data:
 errors.append(f"{filename}: 凭证不存在")
 continue
# 执行相应操作
 if action == "enable":
 await credential_manager.set_cred_disabled(filename, False, mode=mode)
 success_count += 1
elif action == "disable":
 await credential_manager.set_cred_disabled(filename, True, mode=mode)
 success_count += 1
elif action == "delete":
 try:
 delete_success = await credential_manager.remove_credential(filename, mode=mode)
 if delete_success:
 success_count += 1
 log.info(f"成功删除批量中的凭证: {filename}")
 else:
 errors.append(f"{filename}: 删除失败")
 continue
 except Exception as e:
 errors.append(f"{filename}: 删除文件失败 - {str(e)}")
 continue
 else:
 errors.append(f"{filename}: 无效的操作类型")
 continue
except Exception as e:
 log.error(f"处理 {filename} 时出错: {e}")
 errors.append(f"{filename}: 处理失败 - {str(e)}")
 continue
# 构建返回消息
 result_message = f"批量操作完成:成功处理 {success_count}/{len(filenames)} 个文件"
 if errors:
 result_message += "\n错误详情:\n" + "\n".join(errors)
response_data = {
 "success_count": success_count,
 "total_count": len(filenames),
 "errors": errors,
 "message": result_message,
 }
return JSONResponse(content=response_data)
except HTTPException:
 raise
 except Exception as e:
 log.error(f"批量凭证文件操作失败: {e}")
 raise HTTPException(status_code=500, detail=str(e))
@router.get("/creds/download/{filename}")
async def download_cred_file(
 filename: str,
 token: str = Depends(verify_panel_token),
 mode: str = "geminicli"
):
 """下载单个凭证文件"""
 try:
 mode = validate_mode(mode)
 # 验证文件名安全性
 if not filename.endswith(".json"):
 raise HTTPException(status_code=404, detail="无效的文件名")
# 获取存储适配器
 storage_adapter = await get_storage_adapter()
# 从存储系统获取凭证数据
 credential_data = await storage_adapter.get_credential(filename, mode=mode)
 if not credential_data:
 raise HTTPException(status_code=404, detail="文件不存在")
# 转换为JSON字符串
 content = json.dumps(credential_data, ensure_ascii=False, indent=2)
from fastapi.responses import Response
return Response(
 content=content,
 media_type="application/json",
 headers={"Content-Disposition": f"attachment; filename={filename}"},
 )
except HTTPException:
 raise
 except Exception as e:
 log.error(f"下载凭证文件失败: {e}")
 raise HTTPException(status_code=500, detail=str(e))
@router.post("/creds/fetch-email/{filename}")
async def fetch_user_email(
 filename: str,
 token: str = Depends(verify_panel_token),
 mode: str = "geminicli"
):
 """获取指定凭证文件的用户邮箱地址"""
 try:
 mode = validate_mode(mode)
 return await fetch_user_email_common(filename, mode=mode)
 except HTTPException:
 raise
 except Exception as e:
 log.error(f"获取用户邮箱失败: {e}")
 raise HTTPException(status_code=500, detail=str(e))
@router.post("/creds/refresh-all-emails")
async def refresh_all_user_emails(
 token: str = Depends(verify_panel_token),
 mode: str = "geminicli"
):
 """刷新所有凭证文件的用户邮箱地址"""
 try:
 mode = validate_mode(mode)
 return await refresh_all_user_emails_common(mode=mode)
 except Exception as e:
 log.error(f"批量获取用户邮箱失败: {e}")
 raise HTTPException(status_code=500, detail=str(e))
@router.post("/creds/deduplicate-by-email")
async def deduplicate_credentials_by_email(
 token: str = Depends(verify_panel_token),
 mode: str = "geminicli"
):
 """批量去重凭证文件 - 删除邮箱相同的凭证(只保留一个)"""
 try:
 mode = validate_mode(mode)
 return await deduplicate_credentials_by_email_common(mode=mode)
 except Exception as e:
 log.error(f"批量去重凭证失败: {e}")
 raise HTTPException(status_code=500, detail=str(e))
@router.get("/creds/download-all")
async def download_all_creds(
 token: str = Depends(verify_panel_token),
 mode: str = "geminicli"
):
 """
 打包下载所有凭证文件(流式处理,按需加载每个凭证数据)
 只在实际下载时才加载完整凭证内容,最大化性能
 """
 try:
 mode = validate_mode(mode)
 return await download_all_creds_common(mode=mode)
 except HTTPException:
 raise
 except Exception as e:
 log.error(f"打包下载失败: {e}")
 raise HTTPException(status_code=500, detail=str(e))
@router.get("/config/get")
async def get_config(token: str = Depends(verify_panel_token)):
 """获取当前配置"""
 try:
# 读取当前配置(包括环境变量和TOML文件中的配置)
 current_config = {}
# 基础配置
 current_config["code_assist_endpoint"] = await config.get_code_assist_endpoint()
 current_config["credentials_dir"] = await config.get_credentials_dir()
 current_config["proxy"] = await config.get_proxy_config() or ""
# 代理端点配置
 current_config["oauth_proxy_url"] = await config.get_oauth_proxy_url()
 current_config["googleapis_proxy_url"] = await config.get_googleapis_proxy_url()
 current_config["resource_manager_api_url"] = await config.get_resource_manager_api_url()
 current_config["service_usage_api_url"] = await config.get_service_usage_api_url()
 current_config["antigravity_api_url"] = await config.get_antigravity_api_url()
# 自动封禁配置
 current_config["auto_ban_enabled"] = await config.get_auto_ban_enabled()
 current_config["auto_ban_error_codes"] = await config.get_auto_ban_error_codes()
# 429重试配置
 current_config["retry_429_max_retries"] = await config.get_retry_429_max_retries()
 current_config["retry_429_enabled"] = await config.get_retry_429_enabled()
 current_config["retry_429_interval"] = await config.get_retry_429_interval()
# 抗截断配置
 current_config["anti_truncation_max_attempts"] = await config.get_anti_truncation_max_attempts()
# 兼容性配置
 current_config["compatibility_mode_enabled"] = await config.get_compatibility_mode_enabled()
# 思维链返回配置
 current_config["return_thoughts_to_frontend"] = await config.get_return_thoughts_to_frontend()
# Antigravity流式转非流式配置
 current_config["antigravity_stream2nostream"] = await config.get_antigravity_stream2nostream()
# 服务器配置
 current_config["host"] = await config.get_server_host()
 current_config["port"] = await config.get_server_port()
 current_config["api_password"] = await config.get_api_password()
 current_config["panel_password"] = await config.get_panel_password()
 current_config["password"] = await config.get_server_password()
# 从存储系统读取配置
 storage_adapter = await get_storage_adapter()
 storage_config = await storage_adapter.get_all_config()
# 获取环境变量锁定的配置键
 env_locked_keys = get_env_locked_keys()
# 合并存储系统配置(不覆盖环境变量)
 for key, value in storage_config.items():
 if key not in env_locked_keys:
 current_config[key] = value
return JSONResponse(content={"config": current_config, "env_locked": list(env_locked_keys)})
except Exception as e:
 log.error(f"获取配置失败: {e}")
 raise HTTPException(status_code=500, detail=str(e))
@router.post("/config/save")
async def save_config(request: ConfigSaveRequest, token: str = Depends(verify_panel_token)):
 """保存配置"""
 try:
new_config = request.config
log.debug(f"收到的配置数据: {list(new_config.keys())}")
 log.debug(f"收到的password值: {new_config.get('password', 'NOT_FOUND')}")
# 验证配置项
 if "retry_429_max_retries" in new_config:
 if (
 not isinstance(new_config["retry_429_max_retries"], int)
 or new_config["retry_429_max_retries"] < 0
 ):
 raise HTTPException(status_code=400, detail="最大429重试次数必须是大于等于0的整数")
if "retry_429_enabled" in new_config:
 if not isinstance(new_config["retry_429_enabled"], bool):
 raise HTTPException(status_code=400, detail="429重试开关必须是布尔值")
# 验证新的配置项
 if "retry_429_interval" in new_config:
 try:
 interval = float(new_config["retry_429_interval"])
 if interval < 0.01 or interval > 10:
 raise HTTPException(status_code=400, detail="429重试间隔必须在0.01-10秒之间")
 except (ValueError, TypeError):
 raise HTTPException(status_code=400, detail="429重试间隔必须是有效的数字")
if "anti_truncation_max_attempts" in new_config:
 if (
 not isinstance(new_config["anti_truncation_max_attempts"], int)
 or new_config["anti_truncation_max_attempts"] < 1
 or new_config["anti_truncation_max_attempts"] > 10
 ):
 raise HTTPException(
 status_code=400, detail="抗截断最大重试次数必须是1-10之间的整数"
 )
if "compatibility_mode_enabled" in new_config:
 if not isinstance(new_config["compatibility_mode_enabled"], bool):
 raise HTTPException(status_code=400, detail="兼容性模式开关必须是布尔值")
if "return_thoughts_to_frontend" in new_config:
 if not isinstance(new_config["return_thoughts_to_frontend"], bool):
 raise HTTPException(status_code=400, detail="思维链返回开关必须是布尔值")
if "antigravity_stream2nostream" in new_config:
 if not isinstance(new_config["antigravity_stream2nostream"], bool):
 raise HTTPException(status_code=400, detail="Antigravity流式转非流式开关必须是布尔值")
# 验证服务器配置
 if "host" in new_config:
 if not isinstance(new_config["host"], str) or not new_config["host"].strip():
 raise HTTPException(status_code=400, detail="服务器主机地址不能为空")
if "port" in new_config:
 if (
 not isinstance(new_config["port"], int)
 or new_config["port"] < 1
 or new_config["port"] > 65535
 ):
 raise HTTPException(status_code=400, detail="端口号必须是1-65535之间的整数")
if "api_password" in new_config:
 if not isinstance(new_config["api_password"], str):
 raise HTTPException(status_code=400, detail="API访问密码必须是字符串")
if "panel_password" in new_config:
 if not isinstance(new_config["panel_password"], str):
 raise HTTPException(status_code=400, detail="控制面板密码必须是字符串")
if "password" in new_config:
 if not isinstance(new_config["password"], str):
 raise HTTPException(status_code=400, detail="访问密码必须是字符串")
# 获取环境变量锁定的配置键
 env_locked_keys = get_env_locked_keys()
# 直接使用存储适配器保存配置
 storage_adapter = await get_storage_adapter()
 for key, value in new_config.items():
 if key not in env_locked_keys:
 await storage_adapter.set_config(key, value)
 if key in ("password", "api_password", "panel_password"):
 log.debug(f"设置{key}字段为: {value}")
# 重新加载配置缓存(关键!)
 await config.reload_config()
# 验证保存后的结果
 test_api_password = await config.get_api_password()
 test_panel_password = await config.get_panel_password()
 test_password = await config.get_server_password()
 log.debug(f"保存后立即读取的API密码: {test_api_password}")
 log.debug(f"保存后立即读取的面板密码: {test_panel_password}")
 log.debug(f"保存后立即读取的通用密码: {test_password}")
# 构建响应消息
 response_data = {
 "message": "配置保存成功",
 "saved_config": {k: v for k, v in new_config.items() if k not in env_locked_keys},
 }
return JSONResponse(content=response_data)
except HTTPException:
 raise
 except Exception as e:
 log.error(f"保存配置失败: {e}")
 raise HTTPException(status_code=500, detail=str(e))
# =============================================================================
# 实时日志WebSocket (Real-time Logs WebSocket)
# =============================================================================
@router.post("/auth/logs/clear")
async def clear_logs(token: str = Depends(verify_panel_token)):
 """清空日志文件"""
 try:
 # 直接使用环境变量获取日志文件路径
 log_file_path = os.getenv("LOG_FILE", "log.txt")
# 检查日志文件是否存在
 if os.path.exists(log_file_path):
 try:
 # 清空文件内容(保留文件),确保以UTF-8编码写入
 with open(log_file_path, "w", encoding="utf-8", newline="") as f:
 f.write("")
 f.flush() # 强制刷新到磁盘
 log.info(f"日志文件已清空: {log_file_path}")
# 通知所有WebSocket连接日志已清空
 await manager.broadcast("--- 日志文件已清空 ---")
return JSONResponse(
 content={"message": f"日志文件已清空: {os.path.basename(log_file_path)}"}
 )
 except Exception as e:
 log.error(f"清空日志文件失败: {e}")
 raise HTTPException(status_code=500, detail=f"清空日志文件失败: {str(e)}")
 else:
 return JSONResponse(content={"message": "日志文件不存在"})
except Exception as e:
 log.error(f"清空日志文件失败: {e}")
 raise HTTPException(status_code=500, detail=f"清空日志文件失败: {str(e)}")
@router.get("/auth/logs/download")
async def download_logs(token: str = Depends(verify_panel_token)):
 """下载日志文件"""
 try:
 # 直接使用环境变量获取日志文件路径
 log_file_path = os.getenv("LOG_FILE", "log.txt")
# 检查日志文件是否存在
 if not os.path.exists(log_file_path):
 raise HTTPException(status_code=404, detail="日志文件不存在")
# 检查文件是否为空
 file_size = os.path.getsize(log_file_path)
 if file_size == 0:
 raise HTTPException(status_code=404, detail="日志文件为空")
# 生成文件名(包含时间戳)
 timestamp = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
 filename = f"gcli2api_logs_{timestamp}.txt"
log.info(f"下载日志文件: {log_file_path}")
return FileResponse(
 path=log_file_path,
 filename=filename,
 media_type="text/plain",
 headers={"Content-Disposition": f"attachment; filename={filename}"},
 )
except HTTPException:
 raise
 except Exception as e:
 log.error(f"下载日志文件失败: {e}")
 raise HTTPException(status_code=500, detail=f"下载日志文件失败: {str(e)}")
@router.websocket("/auth/logs/stream")
async def websocket_logs(websocket: WebSocket):
 """WebSocket端点,用于实时日志流"""
 # 检查连接数限制
 if not await manager.connect(websocket):
 return
try:
 # 直接使用环境变量获取日志文件路径
 log_file_path = os.getenv("LOG_FILE", "log.txt")
# 发送初始日志(限制为最后50行,减少内存占用)
 if os.path.exists(log_file_path):
 try:
 with open(log_file_path, "r", encoding="utf-8") as f:
 lines = f.readlines()
 # 只发送最后50行,减少初始内存消耗
 for line in lines[-50:]:
 if line.strip():
 await websocket.send_text(line.strip())
 except Exception as e:
 await websocket.send_text(f"Error reading log file: {e}")
# 监控日志文件变化
 last_size = os.path.getsize(log_file_path) if os.path.exists(log_file_path) else 0
 max_read_size = 8192 # 限制单次读取大小为8KB,防止大量日志造成内存激增
 check_interval = 2 # 增加检查间隔,减少CPU和I/O开销
# 创建后台任务监听客户端断开
 # 即使没有日志更新,receive_text() 也能即时感知断开
 async def listen_for_disconnect():
 try:
 while True:
 await websocket.receive_text()
 except Exception:
 pass
listener_task = asyncio.create_task(listen_for_disconnect())
try:
 while websocket.client_state == WebSocketState.CONNECTED:
 # 使用 asyncio.wait 同时等待定时器和断开信号
 # timeout=check_interval 替代了 asyncio.sleep
 done, pending = await asyncio.wait(
 [listener_task],
 timeout=check_interval,
 return_when=asyncio.FIRST_COMPLETED
 )
# 如果监听任务结束(通常是因为连接断开),则退出循环
 if listener_task in done:
 break
if os.path.exists(log_file_path):
 current_size = os.path.getsize(log_file_path)
 if current_size > last_size:
 # 限制读取大小,防止单次读取过多内容
 read_size = min(current_size - last_size, max_read_size)
try:
 with open(log_file_path, "r", encoding="utf-8", errors="replace") as f:
 f.seek(last_size)
 new_content = f.read(read_size)
# 处理编码错误的情况
 if not new_content:
 last_size = current_size
 continue
# 分行发送,避免发送不完整的行
 lines = new_content.splitlines(keepends=True)
 if lines:
 # 如果最后一行没有换行符,保留到下次处理
 if not lines[-1].endswith("\n") and len(lines) > 1:
 # 除了最后一行,其他都发送
 for line in lines[:-1]:
 if line.strip():
 await websocket.send_text(line.rstrip())
 # 更新位置,但要退回最后一行的字节数
 last_size += len(new_content.encode("utf-8")) - len(
 lines[-1].encode("utf-8")
 )
 else:
 # 所有行都发送
 for line in lines:
 if line.strip():
 await websocket.send_text(line.rstrip())
 last_size += len(new_content.encode("utf-8"))
 except UnicodeDecodeError as e:
 # 遇到编码错误时,跳过这部分内容
 log.warning(f"WebSocket日志读取编码错误: {e}, 跳过部分内容")
 last_size = current_size
 except Exception as e:
 await websocket.send_text(f"Error reading new content: {e}")
 # 发生其他错误时,重置文件位置
 last_size = current_size
# 如果文件被截断(如清空日志),重置位置
 elif current_size < last_size:
 last_size = 0
 await websocket.send_text("--- 日志已清空 ---")
finally:
 # 确保清理监听任务
 if not listener_task.done():
 listener_task.cancel()
 try:
 await listener_task
 except asyncio.CancelledError:
 pass
except WebSocketDisconnect:
 pass
 except Exception as e:
 log.error(f"WebSocket logs error: {e}")
 finally:
 manager.disconnect(websocket)
async def verify_credential_project_common(filename: str, mode: str = "geminicli") -> JSONResponse:
 """验证并重新获取凭证的project id的通用函数"""
 mode = validate_mode(mode)
# 验证文件名
 if not filename.endswith(".json"):
 raise HTTPException(status_code=400, detail="无效的文件名")
storage_adapter = await get_storage_adapter()
# 获取凭证数据
 credential_data = await storage_adapter.get_credential(filename, mode=mode)
 if not credential_data:
 raise HTTPException(status_code=404, detail="凭证不存在")
# 创建凭证对象
 credentials = Credentials.from_dict(credential_data)
# 确保token有效(自动刷新)
 token_refreshed = await credentials.refresh_if_needed()
# 如果token被刷新了,更新存储
 if token_refreshed:
 log.info(f"Token已自动刷新: {filename} (mode={mode})")
 credential_data = credentials.to_dict()
 await storage_adapter.store_credential(filename, credential_data, mode=mode)
# 获取API端点和对应的User-Agent
 if mode == "antigravity":
 api_base_url = await get_antigravity_api_url()
 user_agent = ANTIGRAVITY_USER_AGENT
 else:
 api_base_url = await get_code_assist_endpoint()
 user_agent = GEMINICLI_USER_AGENT
# 重新获取project id
 project_id = await fetch_project_id(
 access_token=credentials.access_token,
 user_agent=user_agent,
 api_base_url=api_base_url
 )
if project_id:
 # 更新凭证数据中的project_id
 credential_data["project_id"] = project_id
 await storage_adapter.store_credential(filename, credential_data, mode=mode)
# 检验成功后自动解除禁用状态并清除错误码
 await storage_adapter.update_credential_state(filename, {
 "disabled": False,
 "error_codes": []
 }, mode=mode)
log.info(f"检验 {mode} 凭证成功: {filename} - Project ID: {project_id} - 已解除禁用并清除错误码")
return JSONResponse(content={
 "success": True,
 "filename": filename,
 "project_id": project_id,
 "message": "检验成功!Project ID已更新,已解除禁用状态并清除错误码,403错误应该已恢复"
 })
 else:
 return JSONResponse(
 status_code=400,
 content={
 "success": False,
 "filename": filename,
 "message": "检验失败:无法获取Project ID,请检查凭证是否有效"
 }
 )
@router.post("/creds/verify-project/{filename}")
async def verify_credential_project(
 filename: str,
 token: str = Depends(verify_panel_token),
 mode: str = "geminicli"
):
 """
 检验凭证的project id,重新获取project id
 检验成功可以使403错误恢复
 """
 try:
 mode = validate_mode(mode)
 return await verify_credential_project_common(filename, mode=mode)
 except HTTPException:
 raise
 except Exception as e:
 log.error(f"检验凭证Project ID失败 {filename}: {e}")
 raise HTTPException(status_code=500, detail=f"检验失败: {str(e)}")
@router.get("/creds/quota/{filename}")
async def get_credential_quota(
 filename: str,
 token: str = Depends(verify_panel_token),
 mode: str = "antigravity"
):
 """
 获取指定凭证的额度信息(仅支持 antigravity 模式)
 """
 try:
 mode = validate_mode(mode)
 # 验证文件名
 if not filename.endswith(".json"):
 raise HTTPException(status_code=400, detail="无效的文件名")
storage_adapter = await get_storage_adapter()
# 获取凭证数据
 credential_data = await storage_adapter.get_credential(filename, mode=mode)
 if not credential_data:
 raise HTTPException(status_code=404, detail="凭证不存在")
# 使用 Credentials 对象自动处理 token 刷新
 from .google_oauth_api import Credentials
creds = Credentials.from_dict(credential_data)
# 自动刷新 token(如果需要)
 await creds.refresh_if_needed()
# 如果 token 被刷新了,更新存储
 updated_data = creds.to_dict()
 if updated_data != credential_data:
 log.info(f"Token已自动刷新: {filename}")
 await storage_adapter.store_credential(filename, updated_data, mode=mode)
 credential_data = updated_data
# 获取访问令牌
 access_token = credential_data.get("access_token") or credential_data.get("token")
 if not access_token:
 raise HTTPException(status_code=400, detail="凭证中没有访问令牌")
# 获取额度信息
 quota_info = await fetch_quota_info(access_token)
if quota_info.get("success"):
 return JSONResponse(content={
 "success": True,
 "filename": filename,
 "models": quota_info.get("models", {})
 })
 else:
 return JSONResponse(
 status_code=400,
 content={
 "success": False,
 "filename": filename,
 "error": quota_info.get("error", "未知错误")
 }
 )
except HTTPException:
 raise
 except Exception as e:
 log.error(f"获取凭证额度失败 {filename}: {e}")
 raise HTTPException(status_code=500, detail=f"获取额度失败: {str(e)}")
@router.get("/version/info")
async def get_version_info(check_update: bool = False):
 """
 获取当前版本信息 - 从version.txt读取
 可选参数 check_update: 是否检查GitHub上的最新版本
 """
 try:
 # 获取项目根目录
 project_root = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 version_file = os.path.join(project_root, "version.txt")
# 读取version.txt
 if not os.path.exists(version_file):
 return JSONResponse({
 "success": False,
 "error": "version.txt文件不存在"
 })
version_data = {}
 with open(version_file, 'r', encoding='utf-8') as f:
 for line in f:
 line = line.strip()
 if '=' in line:
 key, value = line.split('=', 1)
 version_data[key] = value
# 检查必要字段
 if 'short_hash' not in version_data:
 return JSONResponse({
 "success": False,
 "error": "version.txt格式错误"
 })
response_data = {
 "success": True,
 "version": version_data.get('short_hash', 'unknown'),
 "full_hash": version_data.get('full_hash', ''),
 "message": version_data.get('message', ''),
 "date": version_data.get('date', '')
 }
# 如果需要检查更新
 if check_update:
 try:
 from src.httpx_client import get_async
# 直接获取GitHub上的version.txt文件
 github_version_url = "https://raw.githubusercontent.com/su-kaka/gcli2api/refs/heads/master/version.txt"
# 使用统一的httpx客户端
 resp = await get_async(github_version_url, timeout=10.0)
if resp.status_code == 200:
 # 解析远程version.txt
 remote_version_data = {}
 for line in resp.text.strip().split('\n'):
 line = line.strip()
 if '=' in line:
 key, value = line.split('=', 1)
 remote_version_data[key] = value
latest_hash = remote_version_data.get('full_hash', '')
 latest_short_hash = remote_version_data.get('short_hash', '')
 current_hash = version_data.get('full_hash', '')
has_update = (current_hash != latest_hash) if current_hash and latest_hash else None
response_data['check_update'] = True
 response_data['has_update'] = has_update
 response_data['latest_version'] = latest_short_hash
 response_data['latest_hash'] = latest_hash
 response_data['latest_message'] = remote_version_data.get('message', '')
 response_data['latest_date'] = remote_version_data.get('date', '')
 else:
 # GitHub获取失败,但不影响基本版本信息
 response_data['check_update'] = False
 response_data['update_error'] = f"GitHub返回错误: {resp.status_code}"
except Exception as e:
 log.debug(f"检查更新失败: {e}")
 response_data['check_update'] = False
 response_data['update_error'] = str(e)
return JSONResponse(response_data)
except Exception as e:
 log.error(f"获取版本信息失败: {e}")
 return JSONResponse({
 "success": False,
 "error": str(e)
 })