整合sora2api

.gitignore

@@ -0,0 +1,51 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# Virtual Environment
+venv/
+ENV/
+env/
+
+# Database
+*.db
+*.sqlite
+*.sqlite3
+data/*.db
+data/*.sqlite
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Logs
+*.log
+
+# Environment
+.env
+.env.local

Dockerfile

@@ -2,12 +2,11 @@ FROM python:3.11-slim
 
 WORKDIR /app
 
-COPY ./app /app/app
 COPY requirements.txt .
-
 RUN pip install --no-cache-dir -r requirements.txt
 
-# 环境变量 (在 Hugging Face Spaces 中设置)
-# ENV GEMINI_API_KEYS=your_key_1,your_key_2,your_key_3
+COPY . .
+
+EXPOSE 8000
 
-CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "7860"]
+CMD ["python", "main.py"]

LICENSE

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2024 Sora2API Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

README.md

@@ -1,10 +1,409 @@
+# Sora2API
+
+<div align="center">
+
+[![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
+[![Python](https://img.shields.io/badge/python-3.8%2B-blue.svg)](https://www.python.org/)
+[![FastAPI](https://img.shields.io/badge/fastapi-0.119.0-green.svg)](https://fastapi.tiangolo.com/)
+[![Docker](https://img.shields.io/badge/docker-supported-blue.svg)](https://www.docker.com/)
+
+**一个功能完整的 OpenAI 兼容 API 服务，为 Sora 提供统一的接口**
+
+</div>
+
+---
+
+## 📋 目录
+
+- [功能特性](#功能特性)
+- [快速开始](#快速开始)
+- [使用指南](#使用指南)
+  - [快速参考](#快速参考)
+  - [管理后台](#管理后台)
+  - [API 调用](#api-调用)
+  - [视频角色功能](#视频角色功能)
+- [常见问题](#常见问题)
+- [许可证](#许可证)
+
 ---
-title: Google
-emoji: 📉
-colorFrom: gray
-colorTo: yellow
-sdk: docker
-pinned: false
+
+## ✨ 功能特性
+
+### 核心功能
+- 🎨 **文生图** - 根据文本描述生成图片
+- 🖼️ **图生图** - 基于上传的图片进行创意变换
+- 🎬 **文生视频** - 根据文本描述生成视频
+- 🎥 **图生视频** - 基于图片生成相关视频
+- 📊 **多尺寸支持** - 横屏、竖屏等多种规格
+- 🎭 **视频角色功能** - 创建角色，生成角色视频
+- 🎬 **Remix 功能** - 基于已有视频继续创作
+
+### 高级特性
+- 🔐 **Token 管理** - 支持多 Token 管理和轮询负载均衡
+- 🌐 **代理支持** - 支持 HTTP 和 SOCKS5 代理
+- 📝 **详细日志** - 完整的请求/响应日志记录
+- 🔄 **异步处理** - 高效的异步任务处理
+- 💾 **数据持久化** - SQLite 数据库存储
+- 🎯 **OpenAI 兼容** - 完全兼容 OpenAI API 格式
+- 🛡️ **安全认证** - API Key 验证和权限管理
+- 📱 **Web 管理界面** - 直观的管理后台
+
+---
+
+## 🚀 快速开始
+
+### 前置要求
+
+- Docker 和 Docker Compose（推荐）
+- 或 Python 3.8+
+
+### 方式一：Docker 部署（推荐）
+
+#### 标准模式（不使用代理）
+
+```bash
+# 克隆项目
+git clone https://github.com/TheSmallHanCat/sora2api.git
+cd sora2api
+
+# 启动服务
+docker-compose up -d
+
+# 查看日志
+docker-compose logs -f
+```
+
+#### WARP 模式（使用代理）
+
+```bash
+# 使用 WARP 代理启动
+docker-compose -f docker-compose.warp.yml up -d
+
+# 查看日志
+docker-compose -f docker-compose.warp.yml logs -f
+```
+
+### 方式二：本地部署
+
+```bash
+# 克隆项目
+git clone https://github.com/TheSmallHanCat/sora2api.git
+cd sora2api
+
+# 创建虚拟环境
+python -m venv venv
+
+# 激活虚拟环境
+# Windows
+venv\Scripts\activate
+# Linux/Mac
+source venv/bin/activate
+
+# 安装依赖
+pip install -r requirements.txt
+
+# 启动服务
+python main.py
+```
+
+### 首次启动
+
+服务启动后，访问管理后台进行初始化配置：
+
+- **地址**: http://localhost:8000
+- **用户名**: `admin`
+- **密码**: `admin`
+
+⚠️ **重要**: 首次登录后请立即修改密码！
+
+---
+
+### 快速参考
+
+| 功能 | 模型 | 说明 |
+|------|------|------|
+| 文生图 | `sora-image*` | 使用 `content` 为字符串 |
+| 图生图 | `sora-image*` | 使用 `content` 数组 + `image_url` |
+| 文生视频 | `sora-video*` | 使用 `content` 为字符串 |
+| 图生视频 | `sora-video*` | 使用 `content` 数组 + `image_url` |
+| 创建角色 | `sora-video*` | 使用 `content` 数组 + `input_video` |
+| 角色生成视频 | `sora-video*` | 使用 `content` 数组 + `input_video` + 文本 |
+| Remix | `sora-video*` | 在 `content` 中包含 Remix ID |
+
+---
+
+### API 调用
+
+#### 基本信息（OpenAI标准格式，需要使用流式）
+
+- **端点**: `http://localhost:8000/v1/chat/completions`
+- **认证**: 在请求头中添加 `Authorization: Bearer YOUR_API_KEY`
+- **默认 API Key**: `han1234`（建议修改）
+
+#### 支持的模型
+
+**图片模型**
+
+| 模型 | 说明 | 尺寸 |
+|------|------|------|
+| `sora-image` | 文生图（默认） | 360×360 |
+| `sora-image-landscape` | 文生图（横屏） | 540×360 |
+| `sora-image-portrait` | 文生图（竖屏） | 360×540 |
+
+**视频模型**
+
+| 模型 | 时长 | 方向 | 说明 |
+|------|------|------|------|
+| `sora-video-10s` | 10秒 | 横屏 | 文生视频/图生视频 |
+| `sora-video-15s` | 15秒 | 横屏 | 文生视频/图生视频 |
+| `sora-video-landscape-10s` | 10秒 | 横屏 | 文生视频/图生视频 |
+| `sora-video-landscape-15s` | 15秒 | 横屏 | 文生视频/图生视频 |
+| `sora-video-portrait-10s` | 10秒 | 竖屏 | 文生视频/图生视频 |
+| `sora-video-portrait-15s` | 15秒 | 竖屏 | 文生视频/图生视频 |
+
+#### 请求示例
+
+**文生图**
+
+```bash
+curl -X POST "http://localhost:8000/v1/chat/completions" \
+  -H "Authorization: Bearer han1234" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "sora-image",
+    "messages": [
+      {
+        "role": "user",
+        "content": "一只可爱的小猫咪"
+      }
+    ]
+  }'
+```
+
+**图��图**
+
+```bash
+curl -X POST "http://localhost:8000/v1/chat/completions" \
+  -H "Authorization: Bearer han1234" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "sora-image",
+    "messages": [
+      {
+        "role": "user",
+        "content": [
+          {
+            "type": "text",
+            "text": "将这张图片变成油画风格"
+          },
+          {
+            "type": "image_url",
+            "image_url": {
+              "url": "data:image/png;base64,<base64_encoded_image_data>"
+            }
+          }
+        ]
+      }
+    ],
+    "stream": true
+  }'
+```
+
+**文生视频**
+
+```bash
+curl -X POST "http://localhost:8000/v1/chat/completions" \
+  -H "Authorization: Bearer han1234" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "sora-video-landscape-10s",
+    "messages": [
+      {
+        "role": "user",
+        "content": "一只小猫在草地上奔跑"
+      }
+    ],
+    "stream": true
+  }'
+```
+
+**图生视频**
+
+```bash
+curl -X POST "http://localhost:8000/v1/chat/completions" \
+  -H "Authorization: Bearer han1234" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "sora-video-landscape-10s",
+    "messages": [
+      {
+        "role": "user",
+        "content": [
+          {
+            "type": "text",
+            "text": "这只猫在跳舞"
+          },
+          {
+            "type": "image_url",
+            "image_url": {
+              "url": "data:image/png;base64,<base64_encoded_image_data>"
+            }
+          }
+        ]
+      }
+    ],
+    "stream": true
+  }'
+```
+
+**视频Remix（基于已有视频继续创作）**
+
+```bash
+curl -X POST "http://localhost:8000/v1/chat/completions" \
+  -H "Authorization: Bearer han1234" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "sora-video-landscape-10s",
+    "messages": [
+      {
+        "role": "user",
+        "content": "https://sora.chatgpt.com/p/s_68e3a06dcd888191b150971da152c1f5改成水墨画风格"
+      }
+    ]
+  }'
+```
+
+### 视频角色功能
+
+Sora2API 支持**视频角色生成**功能。
+
+#### 功能说明
+
+- **角色创建**: 如果只有视频，无prompt，则生成角色自动提取角色信息，输出角色名
+- **角色生成**: 有视频、prompt，则上传视频创建角色，使用角色和prompt进行生成，输出视频
+
+#### API调用（OpenAI标准格式，需要使用流式）
+
+**场景 1: 仅创建角色（不生成视频）**
+
+上传视频提取角色信息，获取角色名称和头像。
+
+```bash
+curl -X POST "http://localhost:8000/v1/chat/completions" \
+  -H "Authorization: Bearer han1234" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "sora-video-landscape-10s",
+    "messages": [
+      {
+        "role": "user",
+        "content": [
+          {
+            "type": "input_video",
+            "videoUrl": {
+              "url": "data:video/mp4;base64,<base64_encoded_video_data>"
+            }
+          }
+        ]
+      }
+    ],
+    "stream": true
+  }'
+```
+
+**场景 2: 创建角色并生成视频**
+
+上传视频创建角色，然后使用该角色生成新视频。
+
+```bash
+curl -X POST "http://localhost:8000/v1/chat/completions" \
+  -H "Authorization: Bearer han1234" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "sora-video-landscape-10s",
+    "messages": [
+      {
+        "role": "user",
+        "content": [
+          {
+            "type": "input_video",
+            "videoUrl": {
+              "url": "data:video/mp4;base64,<base64_encoded_video_data>"
+            }
+          },
+          {
+            "type": "text",
+            "text": "角色做一个跳舞的动作"
+          }
+        ]
+      }
+    ],
+    "stream": true
+  }'
+```
+
+#### Python 代码示例
+
+```python
+import requests
+import base64
+
+# 读取视频文件并编码为 Base64
+with open("video.mp4", "rb") as f:
+    video_data = base64.b64encode(f.read()).decode("utf-8")
+
+# 仅创建角色
+response = requests.post(
+    "http://localhost:8000/v1/chat/completions",
+    headers={
+        "Authorization": "Bearer han1234",
+        "Content-Type": "application/json"
+    },
+    json={
+        "model": "sora-video-landscape-10s",
+        "messages": [
+            {
+                "role": "user",
+                "content": [
+                    {
+                        "type": "input_video",
+                        "videoUrl": {
+                            "url": f"data:video/mp4;base64,{video_data}"
+                        }
+                    }
+                ]
+            }
+        ],
+        "stream": True
+    },
+    stream=True
+)
+
+# 处理流式响应
+for line in response.iter_lines():
+    if line:
+        print(line.decode("utf-8"))
+```
+
+---
+
+## 📄 许可证
+
+本项目采用 MIT 许可证。详见 [LICENSE](LICENSE) 文件。
+
+---
+
+## 🙏 致谢
+
+感谢所有贡献者和使用者的支持！
+
+---
+
+## 📞 联系方式
+
+- 提交 Issue：[GitHub Issues](https://github.com/TheSmallHanCat/sora2api/issues)
+- 讨论：[GitHub Discussions](https://github.com/TheSmallHanCat/sora2api/discussions)
+
 ---
 
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
+**⭐ 如果这个项目对你有帮助，请给个 Star！**

config/setting.toml

@@ -0,0 +1,46 @@
+[global]
+api_key = "han1234"
+admin_username = "admin"
+admin_password = "admin"
+
+[sora]
+base_url = "https://sora.chatgpt.com/backend"
+timeout = 120
+max_retries = 3
+poll_interval = 2.5
+max_poll_attempts = 600
+
+[server]
+host = "0.0.0.0"
+port = 8000
+
+[debug]
+enabled = false
+log_requests = true
+log_responses = true
+mask_token = true
+
+[cache]
+enabled = false
+timeout = 600
+base_url = "http://127.0.0.1:8000"
+
+[generation]
+image_timeout = 300
+video_timeout = 1500
+
+[admin]
+error_ban_threshold = 3
+
+[proxy]
+proxy_enabled = false
+proxy_url = ""
+
+[watermark_free]
+watermark_free_enabled = false
+parse_method = "third_party"
+custom_parse_url = ""
+custom_parse_token = ""
+
+[token_refresh]
+at_auto_refresh_enabled = false

config/setting_warp.toml

@@ -0,0 +1,46 @@
+[global]
+api_key = "han1234"
+admin_username = "admin"
+admin_password = "admin"
+
+[sora]
+base_url = "https://sora.chatgpt.com/backend"
+timeout = 120
+max_retries = 3
+poll_interval = 2.5
+max_poll_attempts = 600
+
+[server]
+host = "0.0.0.0"
+port = 8000
+
+[debug]
+enabled = false
+log_requests = true
+log_responses = true
+mask_token = true
+
+[cache]
+enabled = true
+timeout = 600
+base_url = "http://127.0.0.1:8000"
+
+[generation]
+image_timeout = 300
+video_timeout = 1500
+
+[admin]
+error_ban_threshold = 3
+
+[proxy]
+proxy_enabled = true
+proxy_url = "socks5://warp:1080"
+
+[watermark_free]
+watermark_free_enabled = false
+parse_method = "third_party"
+custom_parse_url = ""
+custom_parse_token = ""
+
+[token_refresh]
+at_auto_refresh_enabled = false

docker-compose.warp.yml

@@ -0,0 +1,36 @@
+version: '3.8'
+
+services:
+  sora2api:
+    image: thesmallhancat/sora2api:latest
+    container_name: sora2api
+    ports:
+      - "8000:8000"
+    volumes:
+      - ./data:/app/data
+      - ./config/setting_warp.toml:/app/config/setting.toml
+    environment:
+      - PYTHONUNBUFFERED=1
+    restart: unless-stopped
+    depends_on:
+      - warp
+
+  warp:
+    image: caomingjun/warp
+    container_name: warp
+    restart: always
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    ports:
+      - "1080:1080"
+    environment:
+      - WARP_SLEEP=2
+    cap_add:
+      - MKNOD
+      - AUDIT_WRITE
+      - NET_ADMIN
+    sysctls:
+      - net.ipv6.conf.all.disable_ipv6=0
+      - net.ipv4.conf.all.src_valid_mark=1
+    volumes:
+      - ./data:/var/lib/cloudflare-warp

docker-compose.yml

@@ -0,0 +1,14 @@
+version: '3.8'
+
+services:
+  sora2api:
+    image: thesmallhancat/sora2api:latest
+    container_name: sora2api
+    ports:
+      - "8000:8000"
+    volumes:
+      - ./data:/app/data
+      - ./config/setting.toml:/app/config/setting.toml
+    environment:
+      - PYTHONUNBUFFERED=1
+    restart: unless-stopped

main.py

@@ -0,0 +1,12 @@
+"""Application launcher script"""
+import uvicorn
+from src.core.config import config
+
+if __name__ == "__main__":
+    uvicorn.run(
+        "src.main:app",
+        host=config.server_host,
+        port=config.server_port,
+        reload=False
+    )
+

requirements.txt

@@ -1,6 +1,15 @@
-fastapi
-uvicorn
-httpx
-python-dotenv
-requests
-apscheduler
+fastapi==0.119.0
+uvicorn[standard]==0.32.1
+curl-cffi==0.13.0
+pyjwt==2.10.1
+python-multipart==0.0.20
+aiosqlite==0.20.0
+bcrypt==4.2.1
+python-dotenv==1.0.1
+pydantic==2.10.4
+pydantic-settings==2.7.0
+tomli==2.2.1
+toml
+faker==24.0.0
+python-dateutil==2.8.2
+httpx==0.28.1

src/__init__.py

@@ -0,0 +1,4 @@
+"""Sora2API - OpenAI compatible Sora API proxy service"""
+
+__version__ = "1.0.0"
+

src/api/__init__.py

@@ -0,0 +1,7 @@
+"""API routes module"""
+
+from .routes import router as api_router
+from .admin import router as admin_router
+
+__all__ = ["api_router", "admin_router"]
+

src/api/admin.py

@@ -0,0 +1,776 @@
+"""Admin routes - Management endpoints"""
+from fastapi import APIRouter, HTTPException, Depends, Header
+from typing import List, Optional
+from datetime import datetime
+import secrets
+from pydantic import BaseModel
+from ..core.auth import AuthManager
+from ..core.config import config
+from ..services.token_manager import TokenManager
+from ..services.proxy_manager import ProxyManager
+from ..core.database import Database
+from ..core.models import Token, AdminConfig, ProxyConfig
+
+router = APIRouter()
+
+# Dependency injection
+token_manager: TokenManager = None
+proxy_manager: ProxyManager = None
+db: Database = None
+generation_handler = None
+
+# Store active admin tokens (in production, use Redis or database)
+active_admin_tokens = set()
+
+def set_dependencies(tm: TokenManager, pm: ProxyManager, database: Database, gh=None):
+    """Set dependencies"""
+    global token_manager, proxy_manager, db, generation_handler
+    token_manager = tm
+    proxy_manager = pm
+    db = database
+    generation_handler = gh
+
+def verify_admin_token(authorization: str = Header(None)):
+    """Verify admin token from Authorization header"""
+    if not authorization:
+        raise HTTPException(status_code=401, detail="Missing authorization header")
+
+    # Support both "Bearer token" and "token" formats
+    token = authorization
+    if authorization.startswith("Bearer "):
+        token = authorization[7:]
+
+    if token not in active_admin_tokens:
+        raise HTTPException(status_code=401, detail="Invalid or expired token")
+
+    return token
+
+# Request/Response models
+class LoginRequest(BaseModel):
+    username: str
+    password: str
+
+class LoginResponse(BaseModel):
+    success: bool
+    token: Optional[str] = None
+    message: Optional[str] = None
+
+class AddTokenRequest(BaseModel):
+    token: str  # Access Token (AT)
+    st: Optional[str] = None  # Session Token (optional, for storage)
+    rt: Optional[str] = None  # Refresh Token (optional, for storage)
+    remark: Optional[str] = None
+    image_enabled: bool = True  # Enable image generation
+    video_enabled: bool = True  # Enable video generation
+
+class ST2ATRequest(BaseModel):
+    st: str  # Session Token
+
+class RT2ATRequest(BaseModel):
+    rt: str  # Refresh Token
+
+class UpdateTokenStatusRequest(BaseModel):
+    is_active: bool
+
+class UpdateTokenRequest(BaseModel):
+    token: Optional[str] = None  # Access Token
+    st: Optional[str] = None
+    rt: Optional[str] = None
+    remark: Optional[str] = None
+    image_enabled: Optional[bool] = None  # Enable image generation
+    video_enabled: Optional[bool] = None  # Enable video generation
+
+class UpdateAdminConfigRequest(BaseModel):
+    error_ban_threshold: int
+
+class UpdateProxyConfigRequest(BaseModel):
+    proxy_enabled: bool
+    proxy_url: Optional[str] = None
+
+class UpdateAdminPasswordRequest(BaseModel):
+    old_password: str
+    new_password: str
+    username: Optional[str] = None  # Optional: new username
+
+class UpdateAPIKeyRequest(BaseModel):
+    new_api_key: str
+
+class UpdateDebugConfigRequest(BaseModel):
+    enabled: bool
+
+class UpdateCacheTimeoutRequest(BaseModel):
+    timeout: int  # Cache timeout in seconds
+
+class UpdateCacheBaseUrlRequest(BaseModel):
+    base_url: str  # Cache base URL (e.g., https://yourdomain.com)
+
+class UpdateGenerationTimeoutRequest(BaseModel):
+    image_timeout: Optional[int] = None  # Image generation timeout in seconds
+    video_timeout: Optional[int] = None  # Video generation timeout in seconds
+
+class UpdateWatermarkFreeConfigRequest(BaseModel):
+    watermark_free_enabled: bool
+    parse_method: Optional[str] = "third_party"  # "third_party" or "custom"
+    custom_parse_url: Optional[str] = None
+    custom_parse_token: Optional[str] = None
+
+# Auth endpoints
+@router.post("/api/login", response_model=LoginResponse)
+async def login(request: LoginRequest):
+    """Admin login"""
+    if AuthManager.verify_admin(request.username, request.password):
+        # Generate simple token
+        token = f"admin-{secrets.token_urlsafe(32)}"
+        # Store token in active tokens
+        active_admin_tokens.add(token)
+        return LoginResponse(success=True, token=token, message="Login successful")
+    else:
+        return LoginResponse(success=False, message="Invalid credentials")
+
+@router.post("/api/logout")
+async def logout(token: str = Depends(verify_admin_token)):
+    """Admin logout"""
+    # Remove token from active tokens
+    active_admin_tokens.discard(token)
+    return {"success": True, "message": "Logged out successfully"}
+
+# Token management endpoints
+@router.get("/api/tokens")
+async def get_tokens(token: str = Depends(verify_admin_token)) -> List[dict]:
+    """Get all tokens with statistics"""
+    tokens = await token_manager.get_all_tokens()
+    result = []
+
+    for token in tokens:
+        stats = await db.get_token_stats(token.id)
+        result.append({
+            "id": token.id,
+            "token": token.token,  # 完整的Access Token
+            "st": token.st,  # 完整的Session Token
+            "rt": token.rt,  # 完整的Refresh Token
+            "email": token.email,
+            "name": token.name,
+            "remark": token.remark,
+            "expiry_time": token.expiry_time.isoformat() if token.expiry_time else None,
+            "is_active": token.is_active,
+            "cooled_until": token.cooled_until.isoformat() if token.cooled_until else None,
+            "created_at": token.created_at.isoformat() if token.created_at else None,
+            "last_used_at": token.last_used_at.isoformat() if token.last_used_at else None,
+            "use_count": token.use_count,
+            "image_count": stats.image_count if stats else 0,
+            "video_count": stats.video_count if stats else 0,
+            "error_count": stats.error_count if stats else 0,
+            # 订阅信息
+            "plan_type": token.plan_type,
+            "plan_title": token.plan_title,
+            "subscription_end": token.subscription_end.isoformat() if token.subscription_end else None,
+            # Sora2信息
+            "sora2_supported": token.sora2_supported,
+            "sora2_invite_code": token.sora2_invite_code,
+            "sora2_redeemed_count": token.sora2_redeemed_count,
+            "sora2_total_count": token.sora2_total_count,
+            "sora2_remaining_count": token.sora2_remaining_count,
+            "sora2_cooldown_until": token.sora2_cooldown_until.isoformat() if token.sora2_cooldown_until else None,
+            # 功能开关
+            "image_enabled": token.image_enabled,
+            "video_enabled": token.video_enabled
+        })
+
+    return result
+
+@router.post("/api/tokens")
+async def add_token(request: AddTokenRequest, token: str = Depends(verify_admin_token)):
+    """Add a new Access Token"""
+    try:
+        new_token = await token_manager.add_token(
+            token_value=request.token,
+            st=request.st,
+            rt=request.rt,
+            remark=request.remark,
+            update_if_exists=False,
+            image_enabled=request.image_enabled,
+            video_enabled=request.video_enabled
+        )
+        return {"success": True, "message": "Token 添加成功", "token_id": new_token.id}
+    except ValueError as e:
+        # Token already exists
+        raise HTTPException(status_code=409, detail=str(e))
+    except Exception as e:
+        raise HTTPException(status_code=400, detail=f"添加 Token 失败: {str(e)}")
+
+@router.post("/api/tokens/st2at")
+async def st_to_at(request: ST2ATRequest, token: str = Depends(verify_admin_token)):
+    """Convert Session Token to Access Token (only convert, not add to database)"""
+    try:
+        result = await token_manager.st_to_at(request.st)
+        return {
+            "success": True,
+            "message": "ST converted to AT successfully",
+            "access_token": result["access_token"],
+            "email": result.get("email"),
+            "expires": result.get("expires")
+        }
+    except Exception as e:
+        raise HTTPException(status_code=400, detail=str(e))
+
+@router.post("/api/tokens/rt2at")
+async def rt_to_at(request: RT2ATRequest, token: str = Depends(verify_admin_token)):
+    """Convert Refresh Token to Access Token (only convert, not add to database)"""
+    try:
+        result = await token_manager.rt_to_at(request.rt)
+        return {
+            "success": True,
+            "message": "RT converted to AT successfully",
+            "access_token": result["access_token"],
+            "refresh_token": result.get("refresh_token"),
+            "expires_in": result.get("expires_in")
+        }
+    except Exception as e:
+        raise HTTPException(status_code=400, detail=str(e))
+
+@router.put("/api/tokens/{token_id}/status")
+async def update_token_status(
+    token_id: int,
+    request: UpdateTokenStatusRequest,
+    token: str = Depends(verify_admin_token)
+):
+    """Update token status"""
+    try:
+        await token_manager.update_token_status(token_id, request.is_active)
+
+        # Reset error count when enabling token
+        if request.is_active:
+            await token_manager.record_success(token_id)
+
+        return {"success": True, "message": "Token status updated"}
+    except Exception as e:
+        raise HTTPException(status_code=400, detail=str(e))
+
+@router.post("/api/tokens/{token_id}/enable")
+async def enable_token(token_id: int, token: str = Depends(verify_admin_token)):
+    """Enable a token and reset error count"""
+    try:
+        await token_manager.enable_token(token_id)
+        return {"success": True, "message": "Token enabled", "is_active": 1, "error_count": 0}
+    except Exception as e:
+        raise HTTPException(status_code=400, detail=str(e))
+
+@router.post("/api/tokens/{token_id}/disable")
+async def disable_token(token_id: int, token: str = Depends(verify_admin_token)):
+    """Disable a token"""
+    try:
+        await token_manager.disable_token(token_id)
+        return {"success": True, "message": "Token disabled", "is_active": 0}
+    except Exception as e:
+        raise HTTPException(status_code=400, detail=str(e))
+
+@router.post("/api/tokens/{token_id}/test")
+async def test_token(token_id: int, token: str = Depends(verify_admin_token)):
+    """Test if a token is valid and refresh Sora2 info"""
+    try:
+        result = await token_manager.test_token(token_id)
+        response = {
+            "success": True,
+            "status": "success" if result["valid"] else "failed",
+            "message": result["message"],
+            "email": result.get("email"),
+            "username": result.get("username")
+        }
+
+        # Include Sora2 info if available
+        if result.get("valid"):
+            response.update({
+                "sora2_supported": result.get("sora2_supported"),
+                "sora2_invite_code": result.get("sora2_invite_code"),
+                "sora2_redeemed_count": result.get("sora2_redeemed_count"),
+                "sora2_total_count": result.get("sora2_total_count"),
+                "sora2_remaining_count": result.get("sora2_remaining_count")
+            })
+
+        return response
+    except Exception as e:
+        raise HTTPException(status_code=400, detail=str(e))
+
+@router.delete("/api/tokens/{token_id}")
+async def delete_token(token_id: int, token: str = Depends(verify_admin_token)):
+    """Delete a token"""
+    try:
+        await token_manager.delete_token(token_id)
+        return {"success": True, "message": "Token deleted"}
+    except Exception as e:
+        raise HTTPException(status_code=400, detail=str(e))
+
+@router.put("/api/tokens/{token_id}")
+async def update_token(
+    token_id: int,
+    request: UpdateTokenRequest,
+    token: str = Depends(verify_admin_token)
+):
+    """Update token (AT, ST, RT, remark, image_enabled, video_enabled)"""
+    try:
+        await token_manager.update_token(
+            token_id=token_id,
+            token=request.token,
+            st=request.st,
+            rt=request.rt,
+            remark=request.remark,
+            image_enabled=request.image_enabled,
+            video_enabled=request.video_enabled
+        )
+        return {"success": True, "message": "Token updated"}
+    except Exception as e:
+        raise HTTPException(status_code=400, detail=str(e))
+
+# Admin config endpoints
+@router.get("/api/admin/config")
+async def get_admin_config(token: str = Depends(verify_admin_token)) -> dict:
+    """Get admin configuration"""
+    admin_config = await db.get_admin_config()
+    return {
+        "error_ban_threshold": admin_config.error_ban_threshold,
+        "api_key": config.api_key,
+        "admin_username": config.admin_username,
+        "debug_enabled": config.debug_enabled
+    }
+
+@router.post("/api/admin/config")
+async def update_admin_config(
+    request: UpdateAdminConfigRequest,
+    token: str = Depends(verify_admin_token)
+):
+    """Update admin configuration"""
+    try:
+        # Get current admin config to preserve username and password
+        current_config = await db.get_admin_config()
+
+        # Update only the error_ban_threshold, preserve username and password
+        current_config.error_ban_threshold = request.error_ban_threshold
+
+        await db.update_admin_config(current_config)
+        return {"success": True, "message": "Configuration updated"}
+    except Exception as e:
+        raise HTTPException(status_code=400, detail=str(e))
+
+@router.post("/api/admin/password")
+async def update_admin_password(
+    request: UpdateAdminPasswordRequest,
+    token: str = Depends(verify_admin_token)
+):
+    """Update admin password and/or username"""
+    try:
+        # Verify old password
+        if not AuthManager.verify_admin(config.admin_username, request.old_password):
+            raise HTTPException(status_code=400, detail="Old password is incorrect")
+
+        # Get current admin config from database
+        admin_config = await db.get_admin_config()
+
+        # Update password in database
+        admin_config.admin_password = request.new_password
+
+        # Update username if provided
+        if request.username:
+            admin_config.admin_username = request.username
+
+        # Update in database
+        await db.update_admin_config(admin_config)
+
+        # Update in-memory config
+        config.set_admin_password_from_db(request.new_password)
+        if request.username:
+            config.set_admin_username_from_db(request.username)
+
+        # Invalidate all admin tokens (force re-login)
+        active_admin_tokens.clear()
+
+        return {"success": True, "message": "Password updated successfully. Please login again."}
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Failed to update password: {str(e)}")
+
+@router.post("/api/admin/apikey")
+async def update_api_key(
+    request: UpdateAPIKeyRequest,
+    token: str = Depends(verify_admin_token)
+):
+    """Update API key"""
+    try:
+        # Update in-memory config
+        config.api_key = request.new_api_key
+
+        return {"success": True, "message": "API key updated successfully"}
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Failed to update API key: {str(e)}")
+
+@router.post("/api/admin/debug")
+async def update_debug_config(
+    request: UpdateDebugConfigRequest,
+    token: str = Depends(verify_admin_token)
+):
+    """Update debug configuration"""
+    try:
+        # Update in-memory config
+        config.set_debug_enabled(request.enabled)
+
+        status = "enabled" if request.enabled else "disabled"
+        return {"success": True, "message": f"Debug mode {status}", "enabled": request.enabled}
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Failed to update debug config: {str(e)}")
+
+# Proxy config endpoints
+@router.get("/api/proxy/config")
+async def get_proxy_config(token: str = Depends(verify_admin_token)) -> dict:
+    """Get proxy configuration"""
+    config = await proxy_manager.get_proxy_config()
+    return {
+        "proxy_enabled": config.proxy_enabled,
+        "proxy_url": config.proxy_url
+    }
+
+@router.post("/api/proxy/config")
+async def update_proxy_config(
+    request: UpdateProxyConfigRequest,
+    token: str = Depends(verify_admin_token)
+):
+    """Update proxy configuration"""
+    try:
+        await proxy_manager.update_proxy_config(request.proxy_enabled, request.proxy_url)
+        return {"success": True, "message": "Proxy configuration updated"}
+    except Exception as e:
+        raise HTTPException(status_code=400, detail=str(e))
+
+# Watermark-free config endpoints
+@router.get("/api/watermark-free/config")
+async def get_watermark_free_config(token: str = Depends(verify_admin_token)) -> dict:
+    """Get watermark-free mode configuration"""
+    config_obj = await db.get_watermark_free_config()
+    return {
+        "watermark_free_enabled": config_obj.watermark_free_enabled,
+        "parse_method": config_obj.parse_method,
+        "custom_parse_url": config_obj.custom_parse_url,
+        "custom_parse_token": config_obj.custom_parse_token
+    }
+
+@router.post("/api/watermark-free/config")
+async def update_watermark_free_config(
+    request: UpdateWatermarkFreeConfigRequest,
+    token: str = Depends(verify_admin_token)
+):
+    """Update watermark-free mode configuration"""
+    try:
+        await db.update_watermark_free_config(
+            request.watermark_free_enabled,
+            request.parse_method,
+            request.custom_parse_url,
+            request.custom_parse_token
+        )
+
+        # Update in-memory config
+        from ..core.config import config
+        config.set_watermark_free_enabled(request.watermark_free_enabled)
+
+        return {"success": True, "message": "Watermark-free mode configuration updated"}
+    except Exception as e:
+        raise HTTPException(status_code=400, detail=str(e))
+
+# Statistics endpoints
+@router.get("/api/stats")
+async def get_stats(token: str = Depends(verify_admin_token)):
+    """Get system statistics"""
+    tokens = await token_manager.get_all_tokens()
+    active_tokens = await token_manager.get_active_tokens()
+    
+    total_images = 0
+    total_videos = 0
+    total_errors = 0
+    
+    for token in tokens:
+        stats = await db.get_token_stats(token.id)
+        if stats:
+            total_images += stats.image_count
+            total_videos += stats.video_count
+            total_errors += stats.error_count
+    
+    return {
+        "total_tokens": len(tokens),
+        "active_tokens": len(active_tokens),
+        "total_images": total_images,
+        "total_videos": total_videos,
+        "total_errors": total_errors
+    }
+
+# Sora2 endpoints
+@router.post("/api/tokens/{token_id}/sora2/activate")
+async def activate_sora2(
+    token_id: int,
+    invite_code: str,
+    token: str = Depends(verify_admin_token)
+):
+    """Activate Sora2 with invite code"""
+    try:
+        # Get token
+        token_obj = await db.get_token(token_id)
+        if not token_obj:
+            raise HTTPException(status_code=404, detail="Token not found")
+
+        # Activate Sora2
+        result = await token_manager.activate_sora2_invite(token_obj.token, invite_code)
+
+        if result.get("success"):
+            # Get new invite code after activation
+            sora2_info = await token_manager.get_sora2_invite_code(token_obj.token)
+
+            # Get remaining count
+            sora2_remaining_count = 0
+            try:
+                remaining_info = await token_manager.get_sora2_remaining_count(token_obj.token)
+                if remaining_info.get("success"):
+                    sora2_remaining_count = remaining_info.get("remaining_count", 0)
+            except Exception as e:
+                print(f"Failed to get Sora2 remaining count: {e}")
+
+            # Update database
+            await db.update_token_sora2(
+                token_id,
+                supported=True,
+                invite_code=sora2_info.get("invite_code"),
+                redeemed_count=sora2_info.get("redeemed_count", 0),
+                total_count=sora2_info.get("total_count", 0),
+                remaining_count=sora2_remaining_count
+            )
+
+            return {
+                "success": True,
+                "message": "Sora2 activated successfully",
+                "already_accepted": result.get("already_accepted", False),
+                "invite_code": sora2_info.get("invite_code"),
+                "redeemed_count": sora2_info.get("redeemed_count", 0),
+                "total_count": sora2_info.get("total_count", 0),
+                "sora2_remaining_count": sora2_remaining_count
+            }
+        else:
+            return {
+                "success": False,
+                "message": "Failed to activate Sora2"
+            }
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Failed to activate Sora2: {str(e)}")
+
+# Logs endpoints
+@router.get("/api/logs")
+async def get_logs(limit: int = 100, token: str = Depends(verify_admin_token)):
+    """Get recent logs with token email"""
+    logs = await db.get_recent_logs(limit)
+    return [{
+        "id": log.get("id"),
+        "token_id": log.get("token_id"),
+        "token_email": log.get("token_email"),
+        "token_username": log.get("token_username"),
+        "operation": log.get("operation"),
+        "status_code": log.get("status_code"),
+        "duration": log.get("duration"),
+        "created_at": log.get("created_at")
+    } for log in logs]
+
+# Cache config endpoints
+@router.post("/api/cache/config")
+async def update_cache_timeout(
+    request: UpdateCacheTimeoutRequest,
+    token: str = Depends(verify_admin_token)
+):
+    """Update cache timeout"""
+    try:
+        if request.timeout < 60:
+            raise HTTPException(status_code=400, detail="Cache timeout must be at least 60 seconds")
+
+        if request.timeout > 86400:
+            raise HTTPException(status_code=400, detail="Cache timeout cannot exceed 24 hours (86400 seconds)")
+
+        # Update in-memory config
+        config.set_cache_timeout(request.timeout)
+
+        # Update database
+        await db.update_cache_config(timeout=request.timeout)
+
+        # Update file cache timeout
+        if generation_handler:
+            generation_handler.file_cache.set_timeout(request.timeout)
+
+        return {
+            "success": True,
+            "message": f"Cache timeout updated to {request.timeout} seconds",
+            "timeout": request.timeout
+        }
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Failed to update cache timeout: {str(e)}")
+
+@router.post("/api/cache/base-url")
+async def update_cache_base_url(
+    request: UpdateCacheBaseUrlRequest,
+    token: str = Depends(verify_admin_token)
+):
+    """Update cache base URL"""
+    try:
+        # Validate base URL format (optional, can be empty)
+        base_url = request.base_url.strip()
+        if base_url and not (base_url.startswith("http://") or base_url.startswith("https://")):
+            raise HTTPException(
+                status_code=400,
+                detail="Base URL must start with http:// or https://"
+            )
+
+        # Remove trailing slash
+        if base_url:
+            base_url = base_url.rstrip('/')
+
+        # Update in-memory config
+        config.set_cache_base_url(base_url)
+
+        # Update database
+        await db.update_cache_config(base_url=base_url)
+
+        return {
+            "success": True,
+            "message": f"Cache base URL updated to: {base_url or 'server address'}",
+            "base_url": base_url
+        }
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Failed to update cache base URL: {str(e)}")
+
+@router.get("/api/cache/config")
+async def get_cache_config(token: str = Depends(verify_admin_token)):
+    """Get cache configuration"""
+    return {
+        "success": True,
+        "config": {
+            "enabled": config.cache_enabled,
+            "timeout": config.cache_timeout,
+            "base_url": config.cache_base_url,  # 返回实际配置的值，可能为空字符串
+            "effective_base_url": config.cache_base_url or f"http://{config.server_host}:{config.server_port}"  # 实际生效的值
+        }
+    }
+
+@router.post("/api/cache/enabled")
+async def update_cache_enabled(
+    request: dict,
+    token: str = Depends(verify_admin_token)
+):
+    """Update cache enabled status"""
+    try:
+        enabled = request.get("enabled", True)
+
+        # Update in-memory config
+        config.set_cache_enabled(enabled)
+
+        # Update database
+        await db.update_cache_config(enabled=enabled)
+
+        return {
+            "success": True,
+            "message": f"Cache {'enabled' if enabled else 'disabled'} successfully",
+            "enabled": enabled
+        }
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Failed to update cache enabled status: {str(e)}")
+
+# Generation timeout config endpoints
+@router.get("/api/generation/timeout")
+async def get_generation_timeout(token: str = Depends(verify_admin_token)):
+    """Get generation timeout configuration"""
+    return {
+        "success": True,
+        "config": {
+            "image_timeout": config.image_timeout,
+            "video_timeout": config.video_timeout
+        }
+    }
+
+@router.post("/api/generation/timeout")
+async def update_generation_timeout(
+    request: UpdateGenerationTimeoutRequest,
+    token: str = Depends(verify_admin_token)
+):
+    """Update generation timeout configuration"""
+    try:
+        # Validate timeouts
+        if request.image_timeout is not None:
+            if request.image_timeout < 60:
+                raise HTTPException(status_code=400, detail="Image timeout must be at least 60 seconds")
+            if request.image_timeout > 3600:
+                raise HTTPException(status_code=400, detail="Image timeout cannot exceed 1 hour (3600 seconds)")
+
+        if request.video_timeout is not None:
+            if request.video_timeout < 60:
+                raise HTTPException(status_code=400, detail="Video timeout must be at least 60 seconds")
+            if request.video_timeout > 7200:
+                raise HTTPException(status_code=400, detail="Video timeout cannot exceed 2 hours (7200 seconds)")
+
+        # Update in-memory config
+        if request.image_timeout is not None:
+            config.set_image_timeout(request.image_timeout)
+        if request.video_timeout is not None:
+            config.set_video_timeout(request.video_timeout)
+
+        # Update database
+        await db.update_generation_config(
+            image_timeout=request.image_timeout,
+            video_timeout=request.video_timeout
+        )
+
+        # Update TokenLock timeout if image timeout was changed
+        if request.image_timeout is not None and generation_handler:
+            generation_handler.load_balancer.token_lock.set_lock_timeout(config.image_timeout)
+
+        return {
+            "success": True,
+            "message": "Generation timeout configuration updated",
+            "config": {
+                "image_timeout": config.image_timeout,
+                "video_timeout": config.video_timeout
+            }
+        }
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Failed to update generation timeout: {str(e)}")
+
+# AT auto refresh config endpoints
+@router.get("/api/token-refresh/config")
+async def get_at_auto_refresh_config(token: str = Depends(verify_admin_token)):
+    """Get AT auto refresh configuration"""
+    return {
+        "success": True,
+        "config": {
+            "at_auto_refresh_enabled": config.at_auto_refresh_enabled
+        }
+    }
+
+@router.post("/api/token-refresh/enabled")
+async def update_at_auto_refresh_enabled(
+    request: dict,
+    token: str = Depends(verify_admin_token)
+):
+    """Update AT auto refresh enabled status"""
+    try:
+        enabled = request.get("enabled", False)
+
+        # Update in-memory config
+        config.set_at_auto_refresh_enabled(enabled)
+
+        # Update database
+        await db.update_token_refresh_config(enabled)
+
+        return {
+            "success": True,
+            "message": f"AT auto refresh {'enabled' if enabled else 'disabled'} successfully",
+            "enabled": enabled
+        }
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Failed to update AT auto refresh enabled status: {str(e)}")

src/api/routes.py

@@ -0,0 +1,455 @@
+"""API routes - OpenAI compatible endpoints"""
+from fastapi import APIRouter, Depends, HTTPException,Request
+from fastapi.responses import StreamingResponse, JSONResponse,HTMLResponse
+from datetime import datetime
+from typing import List
+import json
+import re
+from ..core.auth import verify_api_key_header
+from ..core.models import ChatCompletionRequest
+from ..services.generation_handler import GenerationHandler, MODEL_CONFIG
+
+router = APIRouter()
+
+# Dependency injection will be set up in main.py
+generation_handler: GenerationHandler = None
+
+def set_generation_handler(handler: GenerationHandler):
+    """Set generation handler instance"""
+    global generation_handler
+    generation_handler = handler
+
+def _extract_remix_id(text: str) -> str:
+    """Extract remix ID from text
+
+    Supports two formats:
+    1. Full URL: https://sora.chatgpt.com/p/s_68e3a06dcd888191b150971da152c1f5
+    2. Short ID: s_68e3a06dcd888191b150971da152c1f5
+
+    Args:
+        text: Text to search for remix ID
+
+    Returns:
+        Remix ID (s_[a-f0-9]{32}) or empty string if not found
+    """
+    if not text:
+        return ""
+
+    # Match Sora share link format: s_[a-f0-9]{32}
+    match = re.search(r's_[a-f0-9]{32}', text)
+    if match:
+        return match.group(0)
+
+    return ""
+
+@router.get("/v1/models")
+async def list_models(api_key: str = Depends(verify_api_key_header)):
+    """List available models"""
+    models = []
+    
+    for model_id, config in MODEL_CONFIG.items():
+        description = f"{config['type'].capitalize()} generation"
+        if config['type'] == 'image':
+            description += f" - {config['width']}x{config['height']}"
+        else:
+            description += f" - {config['orientation']}"
+        
+        models.append({
+            "id": model_id,
+            "object": "model",
+            "owned_by": "sora2api",
+            "description": description
+        })
+    
+    return {
+        "object": "list",
+        "data": models
+    }
+
+@router.post("/v1/chat/completions")
+async def create_chat_completion(
+    request: ChatCompletionRequest,
+    api_key: str = Depends(verify_api_key_header)
+):
+    """Create chat completion (unified endpoint for image and video generation)"""
+    try:
+        # Extract prompt from messages
+        if not request.messages:
+            raise HTTPException(status_code=400, detail="Messages cannot be empty")
+
+        last_message = request.messages[-1]
+        content = last_message.content
+
+        # Handle both string and array format (OpenAI multimodal)
+        prompt = ""
+        image_data = request.image  # Default to request.image if provided
+        video_data = request.video  # Video parameter
+        remix_target_id = request.remix_target_id  # Remix target ID
+
+        if isinstance(content, str):
+            # Simple string format
+            prompt = content
+            # Extract remix_target_id from prompt if not already provided
+            if not remix_target_id:
+                remix_target_id = _extract_remix_id(prompt)
+        elif isinstance(content, list):
+            # Array format (OpenAI multimodal)
+            for item in content:
+                if isinstance(item, dict):
+                    if item.get("type") == "text":
+                        prompt = item.get("text", "")
+                        # Extract remix_target_id from prompt if not already provided
+                        if not remix_target_id:
+                            remix_target_id = _extract_remix_id(prompt)
+                    elif item.get("type") == "image_url":
+                        # Extract base64 image from data URI
+                        image_url = item.get("image_url", {})
+                        url = image_url.get("url", "")
+                        if url.startswith("data:image"):
+                            # Extract base64 data from data URI
+                            if "base64," in url:
+                                image_data = url.split("base64,", 1)[1]
+                            else:
+                                image_data = url
+                    elif item.get("type") == "input_video":
+                        # Extract video from input_video
+                        video_url = item.get("videoUrl", {})
+                        url = video_url.get("url", "")
+                        if url.startswith("data:video") or url.startswith("data:application"):
+                            # Extract base64 data from data URI
+                            if "base64," in url:
+                                video_data = url.split("base64,", 1)[1]
+                            else:
+                                video_data = url
+                        else:
+                            # It's a URL, pass it as-is (will be downloaded in generation_handler)
+                            video_data = url
+        else:
+            raise HTTPException(status_code=400, detail="Invalid content format")
+
+        # Validate model
+        if request.model not in MODEL_CONFIG:
+            raise HTTPException(status_code=400, detail=f"Invalid model: {request.model}")
+
+        # Check if this is a video model
+        model_config = MODEL_CONFIG[request.model]
+        is_video_model = model_config["type"] == "video"
+
+        # For video models with video parameter, we need streaming
+        if is_video_model and (video_data or remix_target_id):
+            if not request.stream:
+                # Non-streaming mode: only check availability
+                result = None
+                async for chunk in generation_handler.handle_generation(
+                    model=request.model,
+                    prompt=prompt,
+                    image=image_data,
+                    video=video_data,
+                    remix_target_id=remix_target_id,
+                    stream=False
+                ):
+                    result = chunk
+
+                if result:
+                    import json
+                    return JSONResponse(content=json.loads(result))
+                else:
+                    return JSONResponse(
+                        status_code=500,
+                        content={
+                            "error": {
+                                "message": "Availability check failed",
+                                "type": "server_error",
+                                "param": None,
+                                "code": None
+                            }
+                        }
+                    )
+
+        # Handle streaming
+        if request.stream:
+            async def generate():
+                import json as json_module  # Import inside function to avoid scope issues
+                try:
+                    async for chunk in generation_handler.handle_generation(
+                        model=request.model,
+                        prompt=prompt,
+                        image=image_data,
+                        video=video_data,
+                        remix_target_id=remix_target_id,
+                        stream=True
+                    ):
+                        yield chunk
+                except Exception as e:
+                    # Return OpenAI-compatible error format
+                    error_response = {
+                        "error": {
+                            "message": str(e),
+                            "type": "server_error",
+                            "param": None,
+                            "code": None
+                        }
+                    }
+                    error_chunk = f'data: {json_module.dumps(error_response)}\n\n'
+                    yield error_chunk
+                    yield 'data: [DONE]\n\n'
+
+            return StreamingResponse(
+                generate(),
+                media_type="text/event-stream",
+                headers={
+                    "Cache-Control": "no-cache",
+                    "Connection": "keep-alive",
+                    "X-Accel-Buffering": "no"
+                }
+            )
+        else:
+            # Non-streaming response (availability check only)
+            result = None
+            async for chunk in generation_handler.handle_generation(
+                model=request.model,
+                prompt=prompt,
+                image=image_data,
+                video=video_data,
+                remix_target_id=remix_target_id,
+                stream=False
+            ):
+                result = chunk
+
+            if result:
+                import json
+                return JSONResponse(content=json.loads(result))
+            else:
+                # Return OpenAI-compatible error format
+                return JSONResponse(
+                    status_code=500,
+                    content={
+                        "error": {
+                            "message": "Availability check failed",
+                            "type": "server_error",
+                            "param": None,
+                            "code": None
+                        }
+                    }
+                )
+
+    except Exception as e:
+        return JSONResponse(
+            status_code=500,
+            content={
+                "error": {
+                    "message": str(e),
+                    "type": "server_error",
+                    "param": None,
+                    "code": None
+                }
+            }
+        )
+
+@router.post("/v1/tasks")
+async def submit_task(
+    request: ChatCompletionRequest,
+    api_key: str = Depends(verify_api_key_header)
+):
+    """Submit an asynchronous generation task"""
+    try:
+        # Extract prompt from messages (reuse logic from create_chat_completion)
+        if not request.messages:
+            raise HTTPException(status_code=400, detail="Messages cannot be empty")
+
+        last_message = request.messages[-1]
+        content = last_message.content
+        
+        prompt = ""
+        image_data = request.image
+        video_data = request.video
+        remix_target_id = request.remix_target_id
+
+        if isinstance(content, str):
+            prompt = content
+            if not remix_target_id:
+                remix_target_id = _extract_remix_id(prompt)
+        elif isinstance(content, list):
+            for item in content:
+                if isinstance(item, dict):
+                    if item.get("type") == "text":
+                        prompt = item.get("text", "")
+                        if not remix_target_id:
+                            remix_target_id = _extract_remix_id(prompt)
+                    elif item.get("type") == "image_url":
+                        image_url = item.get("image_url", {})
+                        url = image_url.get("url", "")
+                        if url.startswith("data:image"):
+                            if "base64," in url:
+                                image_data = url.split("base64,", 1)[1]
+                            else:
+                                image_data = url
+                    elif item.get("type") == "input_video":
+                         video_url = item.get("videoUrl", {})
+                         url = video_url.get("url", "")
+                         if url.startswith("data:video") or url.startswith("data:application"):
+                             if "base64," in url:
+                                 video_data = url.split("base64,", 1)[1]
+                             else:
+                                 video_data = url
+                         else:
+                             video_data = url
+        
+        task_id = await generation_handler.submit_generation_task(
+            model=request.model,
+            prompt=prompt,
+            image=image_data,
+            video=video_data,
+            remix_target_id=remix_target_id
+        )
+
+        return {
+            "id": task_id,
+            "object": "task",
+            "created": int(datetime.now().timestamp()),
+            "status": "processing"
+        }
+
+    except Exception as e:
+        return JSONResponse(
+            status_code=500,
+            content={
+                "error": {
+                    "message": str(e),
+                    "type": "server_error",
+                    "param": None,
+                    "code": None
+                }
+            }
+        )
+
+@router.get("/v1/tasks/{task_id}")
+async def get_task_status(
+    task_id: str,
+    api_key: str = Depends(verify_api_key_header)
+):
+    """Query task status"""
+    try:
+        task = await generation_handler.db.get_task(task_id)
+        if not task:
+            raise HTTPException(status_code=404, detail=f"Task {task_id} not found")
+
+        response = {
+            "id": task.task_id,
+            "object": "task",
+            "status": task.status,
+            "created": int(task.created_at.timestamp()) if task.created_at else 0,
+            "model": task.model,
+            "progress": f"{task.progress:.0f}%"
+        }
+
+        if task.status == "completed":
+            response["result"] = {
+                "url": json.loads(task.result_urls)[0] if task.result_urls else None
+            }
+        elif task.status == "failed":
+            response["error"] = {
+                "message": task.error_message
+            }
+        
+        return response
+
+    except HTTPException:
+        raise
+    except Exception as e:
+        return JSONResponse(
+            status_code=500,
+            content={
+                "error": {
+                    "message": str(e),
+                    "type": "server_error",
+                    "param": None,
+                    "code": None
+                }
+            }
+        )
+
+
+@router.post("/v1beta/models/gemini-3-pro-image-preview:generateContent")
+async def proxy_gemini_vision(request: Request, key: str):
+    """
+    Direct proxy for gemini-3-pro-image-preview:generateContent
+    """
+    try:
+        body = await request.json()
+        target_url = f"https://generativelanguage.googleapis.com/v1beta/models/gemini-3-pro-image-preview:generateContent?key={key}"
+        
+        headers = {
+            "Content-Type": "application/json"
+        }
+        
+        # Use httpx for async request
+        import httpx
+        async with httpx.AsyncClient() as client:
+            response = await client.post(target_url, json=body, headers=headers, timeout=60)
+            
+            # Forward the status code and content
+            if response.status_code != 200:
+                return JSONResponse(status_code=response.status_code, content=response.json())
+            
+            return response.json()
+            
+    except Exception as e:
+        # logger.error(f"Proxy error: {str(e)}")
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+
+@router.get("/", response_class=HTMLResponse)
+async def root():
+    html_content = f"""
+    <!DOCTYPE html>
+    <html>
+    <head>
+        <title>Gemini API 代理服务</title>
+        <style>
+            body {{
+                font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
+                max-width: 800px;
+                margin: 0 auto;
+                padding: 20px;
+                line-height: 1.6;
+            }}
+            h1 {{
+                color: #333;
+                text-align: center;
+                margin-bottom: 30px;
+            }}
+            .info-box {{
+                background-color: #f8f9fa;
+                border: 1px solid #dee2e6;
+                border-radius: 4px;
+                padding: 20px;
+                margin-bottom: 20px;
+            }}
+            .status {{
+                color: #28a745;
+                font-weight: bold;
+            }}
+        </style>
+    </head>
+    <body>
+        <h1>🤖 Gemini API 代理服务</h1>
+        
+        <div class="info-box">
+            <h2>🟢 运行状态</h2>
+            <p class="status">服务运行中</p>
+            <p>可用API密钥数量: {len(key_manager.api_keys)}</p>
+            <p>可用模型数量: {len(GeminiClient.AVAILABLE_MODELS)}</p>
+        </div>
+
+        <div class="info-box">
+            <h2>⚙️ 环境配置</h2>
+            <p>每分钟请求限制: {MAX_REQUESTS_PER_MINUTE}</p>
+            <p>每IP每日请求限制: {MAX_REQUESTS_PER_DAY_PER_IP}</p>
+            <p>最大重试次数: {len(key_manager.api_keys)}</p>
+        </div>
+    </body>
+    </html>
+    """
+    return html_content

src/core/__init__.py

@@ -0,0 +1,14 @@
+"""Core modules"""
+
+from .config import config
+from .database import Database
+from .models import *
+from .auth import AuthManager, verify_api_key_header
+
+__all__ = [
+    "config",
+    "Database",
+    "AuthManager",
+    "verify_api_key_header",
+]
+

src/core/auth.py

@@ -0,0 +1,39 @@
+"""Authentication module"""
+import bcrypt
+from typing import Optional
+from fastapi import HTTPException, Security
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from .config import config
+
+security = HTTPBearer()
+
+class AuthManager:
+    """Authentication manager"""
+    
+    @staticmethod
+    def verify_api_key(api_key: str) -> bool:
+        """Verify API key"""
+        return api_key == config.api_key
+    
+    @staticmethod
+    def verify_admin(username: str, password: str) -> bool:
+        """Verify admin credentials"""
+        # Compare with current config (which may be from database or config file)
+        return username == config.admin_username and password == config.admin_password
+    
+    @staticmethod
+    def hash_password(password: str) -> str:
+        """Hash password"""
+        return bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
+    
+    @staticmethod
+    def verify_password(password: str, hashed: str) -> bool:
+        """Verify password"""
+        return bcrypt.checkpw(password.encode(), hashed.encode())
+
+async def verify_api_key_header(credentials: HTTPAuthorizationCredentials = Security(security)) -> str:
+    """Verify API key from Authorization header"""
+    api_key = credentials.credentials
+    if not AuthManager.verify_api_key(api_key):
+        raise HTTPException(status_code=401, detail="Invalid API key")
+    return api_key

src/core/config.py

@@ -0,0 +1,212 @@
+"""Configuration management"""
+import tomli
+from pathlib import Path
+from typing import Dict, Any, Optional
+
+class Config:
+    """Application configuration"""
+
+    def __init__(self):
+        self._config = self._load_config()
+        self._admin_username: Optional[str] = None
+        self._admin_password: Optional[str] = None
+    
+    def _load_config(self) -> Dict[str, Any]:
+        """Load configuration from setting.toml"""
+        config_path = Path(__file__).parent.parent.parent / "config" / "setting.toml"
+        with open(config_path, "rb") as f:
+            return tomli.load(f)
+
+    def reload_config(self):
+        """Reload configuration from file"""
+        self._config = self._load_config()
+
+    def get_raw_config(self) -> Dict[str, Any]:
+        """Get raw configuration dictionary"""
+        return self._config
+    
+    @property
+    def admin_username(self) -> str:
+        # If admin_username is set from database, use it; otherwise fall back to config file
+        if self._admin_username is not None:
+            return self._admin_username
+        return self._config["global"]["admin_username"]
+
+    @admin_username.setter
+    def admin_username(self, value: str):
+        self._admin_username = value
+        self._config["global"]["admin_username"] = value
+
+    def set_admin_username_from_db(self, username: str):
+        """Set admin username from database"""
+        self._admin_username = username
+
+    @property
+    def sora_base_url(self) -> str:
+        return self._config["sora"]["base_url"]
+    
+    @property
+    def sora_timeout(self) -> int:
+        return self._config["sora"]["timeout"]
+    
+    @property
+    def sora_max_retries(self) -> int:
+        return self._config["sora"]["max_retries"]
+    
+    @property
+    def poll_interval(self) -> float:
+        return self._config["sora"]["poll_interval"]
+    
+    @property
+    def max_poll_attempts(self) -> int:
+        return self._config["sora"]["max_poll_attempts"]
+    
+    @property
+    def server_host(self) -> str:
+        return self._config["server"]["host"]
+    
+    @property
+    def server_port(self) -> int:
+        return self._config["server"]["port"]
+
+    @property
+    def debug_enabled(self) -> bool:
+        return self._config.get("debug", {}).get("enabled", False)
+
+    @property
+    def debug_log_requests(self) -> bool:
+        return self._config.get("debug", {}).get("log_requests", True)
+
+    @property
+    def debug_log_responses(self) -> bool:
+        return self._config.get("debug", {}).get("log_responses", True)
+
+    @property
+    def debug_mask_token(self) -> bool:
+        return self._config.get("debug", {}).get("mask_token", True)
+
+    # Mutable properties for runtime updates
+    @property
+    def api_key(self) -> str:
+        return self._config["global"]["api_key"]
+
+    @api_key.setter
+    def api_key(self, value: str):
+        self._config["global"]["api_key"] = value
+
+    @property
+    def admin_password(self) -> str:
+        # If admin_password is set from database, use it; otherwise fall back to config file
+        if self._admin_password is not None:
+            return self._admin_password
+        return self._config["global"]["admin_password"]
+
+    @admin_password.setter
+    def admin_password(self, value: str):
+        self._admin_password = value
+        self._config["global"]["admin_password"] = value
+
+    def set_admin_password_from_db(self, password: str):
+        """Set admin password from database"""
+        self._admin_password = password
+
+    def set_debug_enabled(self, enabled: bool):
+        """Set debug mode enabled/disabled"""
+        if "debug" not in self._config:
+            self._config["debug"] = {}
+        self._config["debug"]["enabled"] = enabled
+
+    @property
+    def cache_timeout(self) -> int:
+        """Get cache timeout in seconds"""
+        return self._config.get("cache", {}).get("timeout", 7200)
+
+    def set_cache_timeout(self, timeout: int):
+        """Set cache timeout in seconds"""
+        if "cache" not in self._config:
+            self._config["cache"] = {}
+        self._config["cache"]["timeout"] = timeout
+
+    @property
+    def cache_base_url(self) -> str:
+        """Get cache base URL"""
+        return self._config.get("cache", {}).get("base_url", "")
+
+    def set_cache_base_url(self, base_url: str):
+        """Set cache base URL"""
+        if "cache" not in self._config:
+            self._config["cache"] = {}
+        self._config["cache"]["base_url"] = base_url
+
+    @property
+    def cache_enabled(self) -> bool:
+        """Get cache enabled status"""
+        return self._config.get("cache", {}).get("enabled", True)
+
+    def set_cache_enabled(self, enabled: bool):
+        """Set cache enabled status"""
+        if "cache" not in self._config:
+            self._config["cache"] = {}
+        self._config["cache"]["enabled"] = enabled
+
+    @property
+    def image_timeout(self) -> int:
+        """Get image generation timeout in seconds"""
+        return self._config.get("generation", {}).get("image_timeout", 300)
+
+    def set_image_timeout(self, timeout: int):
+        """Set image generation timeout in seconds"""
+        if "generation" not in self._config:
+            self._config["generation"] = {}
+        self._config["generation"]["image_timeout"] = timeout
+
+    @property
+    def video_timeout(self) -> int:
+        """Get video generation timeout in seconds"""
+        return self._config.get("generation", {}).get("video_timeout", 1500)
+
+    def set_video_timeout(self, timeout: int):
+        """Set video generation timeout in seconds"""
+        if "generation" not in self._config:
+            self._config["generation"] = {}
+        self._config["generation"]["video_timeout"] = timeout
+
+    @property
+    def watermark_free_enabled(self) -> bool:
+        """Get watermark-free mode enabled status"""
+        return self._config.get("watermark_free", {}).get("watermark_free_enabled", False)
+
+    def set_watermark_free_enabled(self, enabled: bool):
+        """Set watermark-free mode enabled/disabled"""
+        if "watermark_free" not in self._config:
+            self._config["watermark_free"] = {}
+        self._config["watermark_free"]["watermark_free_enabled"] = enabled
+
+    @property
+    def watermark_free_parse_method(self) -> str:
+        """Get watermark-free parse method"""
+        return self._config.get("watermark_free", {}).get("parse_method", "third_party")
+
+    @property
+    def watermark_free_custom_url(self) -> str:
+        """Get custom parse server URL"""
+        return self._config.get("watermark_free", {}).get("custom_parse_url", "")
+
+    @property
+    def watermark_free_custom_token(self) -> str:
+        """Get custom parse server access token"""
+        return self._config.get("watermark_free", {}).get("custom_parse_token", "")
+
+    @property
+    def at_auto_refresh_enabled(self) -> bool:
+        """Get AT auto refresh enabled status"""
+        return self._config.get("token_refresh", {}).get("at_auto_refresh_enabled", False)
+
+    def set_at_auto_refresh_enabled(self, enabled: bool):
+        """Set AT auto refresh enabled/disabled"""
+        if "token_refresh" not in self._config:
+            self._config["token_refresh"] = {}
+        self._config["token_refresh"]["at_auto_refresh_enabled"] = enabled
+
+# Global config instance
+config = Config()

src/core/database.py

@@ -0,0 +1,1012 @@
+"""Database storage layer"""
+import aiosqlite
+import json
+from datetime import datetime
+from typing import Optional, List
+from pathlib import Path
+from .models import Token, TokenStats, Task, RequestLog, AdminConfig, ProxyConfig, WatermarkFreeConfig, CacheConfig, GenerationConfig, TokenRefreshConfig
+
+class Database:
+    """SQLite database manager"""
+
+    def __init__(self, db_path: str = None):
+        if db_path is None:
+            # Store database in data directory
+            data_dir = Path(__file__).parent.parent.parent / "data"
+            data_dir.mkdir(exist_ok=True)
+            db_path = str(data_dir / "hancat.db")
+        self.db_path = db_path
+
+    def db_exists(self) -> bool:
+        """Check if database file exists"""
+        return Path(self.db_path).exists()
+
+    async def _table_exists(self, db, table_name: str) -> bool:
+        """Check if a table exists in the database"""
+        cursor = await db.execute(
+            "SELECT name FROM sqlite_master WHERE type='table' AND name=?",
+            (table_name,)
+        )
+        result = await cursor.fetchone()
+        return result is not None
+
+    async def _column_exists(self, db, table_name: str, column_name: str) -> bool:
+        """Check if a column exists in a table"""
+        try:
+            cursor = await db.execute(f"PRAGMA table_info({table_name})")
+            columns = await cursor.fetchall()
+            return any(col[1] == column_name for col in columns)
+        except:
+            return False
+
+    async def _ensure_config_rows(self, db, config_dict: dict = None):
+        """Ensure all config tables have their default rows
+
+        Args:
+            db: Database connection
+            config_dict: Configuration dictionary from setting.toml (optional)
+        """
+        # Ensure admin_config has a row
+        cursor = await db.execute("SELECT COUNT(*) FROM admin_config")
+        count = await cursor.fetchone()
+        if count[0] == 0:
+            # Get admin credentials from config_dict if provided, otherwise use defaults
+            admin_username = "admin"
+            admin_password = "admin"
+            error_ban_threshold = 3
+
+            if config_dict:
+                global_config = config_dict.get("global", {})
+                admin_username = global_config.get("admin_username", "admin")
+                admin_password = global_config.get("admin_password", "admin")
+
+                admin_config = config_dict.get("admin", {})
+                error_ban_threshold = admin_config.get("error_ban_threshold", 3)
+
+            await db.execute("""
+                INSERT INTO admin_config (id, admin_username, admin_password, error_ban_threshold)
+                VALUES (1, ?, ?, ?)
+            """, (admin_username, admin_password, error_ban_threshold))
+
+        # Ensure proxy_config has a row
+        cursor = await db.execute("SELECT COUNT(*) FROM proxy_config")
+        count = await cursor.fetchone()
+        if count[0] == 0:
+            # Get proxy config from config_dict if provided, otherwise use defaults
+            proxy_enabled = False
+            proxy_url = None
+
+            if config_dict:
+                proxy_config = config_dict.get("proxy", {})
+                proxy_enabled = proxy_config.get("proxy_enabled", False)
+                proxy_url = proxy_config.get("proxy_url", "")
+                # Convert empty string to None
+                proxy_url = proxy_url if proxy_url else None
+
+            await db.execute("""
+                INSERT INTO proxy_config (id, proxy_enabled, proxy_url)
+                VALUES (1, ?, ?)
+            """, (proxy_enabled, proxy_url))
+
+        # Ensure watermark_free_config has a row
+        cursor = await db.execute("SELECT COUNT(*) FROM watermark_free_config")
+        count = await cursor.fetchone()
+        if count[0] == 0:
+            # Get watermark-free config from config_dict if provided, otherwise use defaults
+            watermark_free_enabled = False
+            parse_method = "third_party"
+            custom_parse_url = None
+            custom_parse_token = None
+
+            if config_dict:
+                watermark_config = config_dict.get("watermark_free", {})
+                watermark_free_enabled = watermark_config.get("watermark_free_enabled", False)
+                parse_method = watermark_config.get("parse_method", "third_party")
+                custom_parse_url = watermark_config.get("custom_parse_url", "")
+                custom_parse_token = watermark_config.get("custom_parse_token", "")
+
+                # Convert empty strings to None
+                custom_parse_url = custom_parse_url if custom_parse_url else None
+                custom_parse_token = custom_parse_token if custom_parse_token else None
+
+            await db.execute("""
+                INSERT INTO watermark_free_config (id, watermark_free_enabled, parse_method, custom_parse_url, custom_parse_token)
+                VALUES (1, ?, ?, ?, ?)
+            """, (watermark_free_enabled, parse_method, custom_parse_url, custom_parse_token))
+
+        # Ensure cache_config has a row
+        cursor = await db.execute("SELECT COUNT(*) FROM cache_config")
+        count = await cursor.fetchone()
+        if count[0] == 0:
+            # Get cache config from config_dict if provided, otherwise use defaults
+            cache_enabled = False
+            cache_timeout = 600
+            cache_base_url = None
+
+            if config_dict:
+                cache_config = config_dict.get("cache", {})
+                cache_enabled = cache_config.get("enabled", False)
+                cache_timeout = cache_config.get("timeout", 600)
+                cache_base_url = cache_config.get("base_url", "")
+                # Convert empty string to None
+                cache_base_url = cache_base_url if cache_base_url else None
+
+            await db.execute("""
+                INSERT INTO cache_config (id, cache_enabled, cache_timeout, cache_base_url)
+                VALUES (1, ?, ?, ?)
+            """, (cache_enabled, cache_timeout, cache_base_url))
+
+        # Ensure generation_config has a row
+        cursor = await db.execute("SELECT COUNT(*) FROM generation_config")
+        count = await cursor.fetchone()
+        if count[0] == 0:
+            # Get generation config from config_dict if provided, otherwise use defaults
+            image_timeout = 300
+            video_timeout = 1500
+
+            if config_dict:
+                generation_config = config_dict.get("generation", {})
+                image_timeout = generation_config.get("image_timeout", 300)
+                video_timeout = generation_config.get("video_timeout", 1500)
+
+            await db.execute("""
+                INSERT INTO generation_config (id, image_timeout, video_timeout)
+                VALUES (1, ?, ?)
+            """, (image_timeout, video_timeout))
+
+        # Ensure token_refresh_config has a row
+        cursor = await db.execute("SELECT COUNT(*) FROM token_refresh_config")
+        count = await cursor.fetchone()
+        if count[0] == 0:
+            # Get token refresh config from config_dict if provided, otherwise use defaults
+            at_auto_refresh_enabled = False
+
+            if config_dict:
+                token_refresh_config = config_dict.get("token_refresh", {})
+                at_auto_refresh_enabled = token_refresh_config.get("at_auto_refresh_enabled", False)
+
+            await db.execute("""
+                INSERT INTO token_refresh_config (id, at_auto_refresh_enabled)
+                VALUES (1, ?)
+            """, (at_auto_refresh_enabled,))
+
+
+    async def check_and_migrate_db(self, config_dict: dict = None):
+        """Check database integrity and perform migrations if needed
+
+        Args:
+            config_dict: Configuration dictionary from setting.toml (optional)
+                        Used to initialize new tables with values from setting.toml
+        """
+        async with aiosqlite.connect(self.db_path) as db:
+            print("Checking database integrity and performing migrations...")
+
+            # Check and add missing columns to tokens table
+            if await self._table_exists(db, "tokens"):
+                columns_to_add = [
+                    ("sora2_supported", "BOOLEAN"),
+                    ("sora2_invite_code", "TEXT"),
+                    ("sora2_redeemed_count", "INTEGER DEFAULT 0"),
+                    ("sora2_total_count", "INTEGER DEFAULT 0"),
+                    ("sora2_remaining_count", "INTEGER DEFAULT 0"),
+                    ("sora2_cooldown_until", "TIMESTAMP"),
+                    ("image_enabled", "BOOLEAN DEFAULT 1"),
+                    ("video_enabled", "BOOLEAN DEFAULT 1"),
+                ]
+
+                for col_name, col_type in columns_to_add:
+                    if not await self._column_exists(db, "tokens", col_name):
+                        try:
+                            await db.execute(f"ALTER TABLE tokens ADD COLUMN {col_name} {col_type}")
+                            print(f"  ✓ Added column '{col_name}' to tokens table")
+                        except Exception as e:
+                            print(f"  ✗ Failed to add column '{col_name}': {e}")
+
+            # Check and add missing columns to admin_config table
+            if await self._table_exists(db, "admin_config"):
+                columns_to_add = [
+                    ("admin_username", "TEXT DEFAULT 'admin'"),
+                    ("admin_password", "TEXT DEFAULT 'admin'"),
+                ]
+
+                for col_name, col_type in columns_to_add:
+                    if not await self._column_exists(db, "admin_config", col_name):
+                        try:
+                            await db.execute(f"ALTER TABLE admin_config ADD COLUMN {col_name} {col_type}")
+                            print(f"  ✓ Added column '{col_name}' to admin_config table")
+                        except Exception as e:
+                            print(f"  ✗ Failed to add column '{col_name}': {e}")
+
+            # Check and add missing columns to watermark_free_config table
+            if await self._table_exists(db, "watermark_free_config"):
+                columns_to_add = [
+                    ("parse_method", "TEXT DEFAULT 'third_party'"),
+                    ("custom_parse_url", "TEXT"),
+                    ("custom_parse_token", "TEXT"),
+                ]
+
+                for col_name, col_type in columns_to_add:
+                    if not await self._column_exists(db, "watermark_free_config", col_name):
+                        try:
+                            await db.execute(f"ALTER TABLE watermark_free_config ADD COLUMN {col_name} {col_type}")
+                            print(f"  ✓ Added column '{col_name}' to watermark_free_config table")
+                        except Exception as e:
+                            print(f"  ✗ Failed to add column '{col_name}': {e}")
+
+            # Ensure all config tables have their default rows
+            # Pass config_dict if available to initialize from setting.toml
+            await self._ensure_config_rows(db, config_dict)
+
+            await db.commit()
+            print("Database migration check completed.")
+
+    async def init_db(self):
+        """Initialize database tables - creates all tables and ensures data integrity"""
+        async with aiosqlite.connect(self.db_path) as db:
+            # Tokens table
+            await db.execute("""
+                CREATE TABLE IF NOT EXISTS tokens (
+                    id INTEGER PRIMARY KEY AUTOINCREMENT,
+                    token TEXT UNIQUE NOT NULL,
+                    email TEXT NOT NULL,
+                    username TEXT NOT NULL,
+                    name TEXT NOT NULL,
+                    st TEXT,
+                    rt TEXT,
+                    remark TEXT,
+                    expiry_time TIMESTAMP,
+                    is_active BOOLEAN DEFAULT 1,
+                    cooled_until TIMESTAMP,
+                    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+                    last_used_at TIMESTAMP,
+                    use_count INTEGER DEFAULT 0,
+                    plan_type TEXT,
+                    plan_title TEXT,
+                    subscription_end TIMESTAMP,
+                    sora2_supported BOOLEAN,
+                    sora2_invite_code TEXT,
+                    sora2_redeemed_count INTEGER DEFAULT 0,
+                    sora2_total_count INTEGER DEFAULT 0,
+                    sora2_remaining_count INTEGER DEFAULT 0,
+                    sora2_cooldown_until TIMESTAMP,
+                    image_enabled BOOLEAN DEFAULT 1,
+                    video_enabled BOOLEAN DEFAULT 1
+                )
+            """)
+
+            # Token stats table
+            await db.execute("""
+                CREATE TABLE IF NOT EXISTS token_stats (
+                    id INTEGER PRIMARY KEY AUTOINCREMENT,
+                    token_id INTEGER NOT NULL,
+                    image_count INTEGER DEFAULT 0,
+                    video_count INTEGER DEFAULT 0,
+                    error_count INTEGER DEFAULT 0,
+                    last_error_at TIMESTAMP,
+                    FOREIGN KEY (token_id) REFERENCES tokens(id)
+                )
+            """)
+
+            # Tasks table
+            await db.execute("""
+                CREATE TABLE IF NOT EXISTS tasks (
+                    id INTEGER PRIMARY KEY AUTOINCREMENT,
+                    task_id TEXT UNIQUE NOT NULL,
+                    token_id INTEGER NOT NULL,
+                    model TEXT NOT NULL,
+                    prompt TEXT NOT NULL,
+                    status TEXT NOT NULL DEFAULT 'processing',
+                    progress FLOAT DEFAULT 0,
+                    result_urls TEXT,
+                    error_message TEXT,
+                    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+                    completed_at TIMESTAMP,
+                    FOREIGN KEY (token_id) REFERENCES tokens(id)
+                )
+            """)
+
+            # Request logs table
+            await db.execute("""
+                CREATE TABLE IF NOT EXISTS request_logs (
+                    id INTEGER PRIMARY KEY AUTOINCREMENT,
+                    token_id INTEGER,
+                    operation TEXT NOT NULL,
+                    request_body TEXT,
+                    response_body TEXT,
+                    status_code INTEGER NOT NULL,
+                    duration FLOAT NOT NULL,
+                    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+                    FOREIGN KEY (token_id) REFERENCES tokens(id)
+                )
+            """)
+
+            # Admin config table
+            await db.execute("""
+                CREATE TABLE IF NOT EXISTS admin_config (
+                    id INTEGER PRIMARY KEY DEFAULT 1,
+                    admin_username TEXT DEFAULT 'admin',
+                    admin_password TEXT DEFAULT 'admin',
+                    error_ban_threshold INTEGER DEFAULT 3,
+                    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+                )
+            """)
+
+            # Proxy config table
+            await db.execute("""
+                CREATE TABLE IF NOT EXISTS proxy_config (
+                    id INTEGER PRIMARY KEY DEFAULT 1,
+                    proxy_enabled BOOLEAN DEFAULT 0,
+                    proxy_url TEXT,
+                    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+                    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+                )
+            """)
+
+            # Watermark-free config table
+            await db.execute("""
+                CREATE TABLE IF NOT EXISTS watermark_free_config (
+                    id INTEGER PRIMARY KEY DEFAULT 1,
+                    watermark_free_enabled BOOLEAN DEFAULT 0,
+                    parse_method TEXT DEFAULT 'third_party',
+                    custom_parse_url TEXT,
+                    custom_parse_token TEXT,
+                    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+                    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+                )
+            """)
+
+            # Cache config table
+            await db.execute("""
+                CREATE TABLE IF NOT EXISTS cache_config (
+                    id INTEGER PRIMARY KEY DEFAULT 1,
+                    cache_enabled BOOLEAN DEFAULT 0,
+                    cache_timeout INTEGER DEFAULT 600,
+                    cache_base_url TEXT,
+                    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+                    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+                )
+            """)
+
+            # Generation config table
+            await db.execute("""
+                CREATE TABLE IF NOT EXISTS generation_config (
+                    id INTEGER PRIMARY KEY DEFAULT 1,
+                    image_timeout INTEGER DEFAULT 300,
+                    video_timeout INTEGER DEFAULT 1500,
+                    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+                    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+                )
+            """)
+
+            # Token refresh config table
+            await db.execute("""
+                CREATE TABLE IF NOT EXISTS token_refresh_config (
+                    id INTEGER PRIMARY KEY DEFAULT 1,
+                    at_auto_refresh_enabled BOOLEAN DEFAULT 0,
+                    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+                    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+                )
+            """)
+
+            # Create indexes
+            await db.execute("CREATE INDEX IF NOT EXISTS idx_task_id ON tasks(task_id)")
+            await db.execute("CREATE INDEX IF NOT EXISTS idx_task_status ON tasks(status)")
+            await db.execute("CREATE INDEX IF NOT EXISTS idx_token_active ON tokens(is_active)")
+
+            await db.commit()
+
+    async def init_config_from_toml(self, config_dict: dict, is_first_startup: bool = True):
+        """
+        Initialize database configuration from setting.toml
+
+        Args:
+            config_dict: Configuration dictionary from setting.toml
+            is_first_startup: If True, only update if row doesn't exist. If False, always update.
+        """
+        async with aiosqlite.connect(self.db_path) as db:
+            # On first startup, ensure all config rows exist with values from setting.toml
+            if is_first_startup:
+                await self._ensure_config_rows(db, config_dict)
+
+            # Initialize admin config
+            admin_config = config_dict.get("admin", {})
+            error_ban_threshold = admin_config.get("error_ban_threshold", 3)
+
+            # Get admin credentials from global config
+            global_config = config_dict.get("global", {})
+            admin_username = global_config.get("admin_username", "admin")
+            admin_password = global_config.get("admin_password", "admin")
+
+            if not is_first_startup:
+                # On upgrade, update the configuration
+                await db.execute("""
+                    UPDATE admin_config
+                    SET admin_username = ?, admin_password = ?, error_ban_threshold = ?, updated_at = CURRENT_TIMESTAMP
+                    WHERE id = 1
+                """, (admin_username, admin_password, error_ban_threshold))
+
+            # Initialize proxy config
+            proxy_config = config_dict.get("proxy", {})
+            proxy_enabled = proxy_config.get("proxy_enabled", False)
+            proxy_url = proxy_config.get("proxy_url", "")
+            # Convert empty string to None
+            proxy_url = proxy_url if proxy_url else None
+
+            if is_first_startup:
+                await db.execute("""
+                    INSERT OR IGNORE INTO proxy_config (id, proxy_enabled, proxy_url)
+                    VALUES (1, ?, ?)
+                """, (proxy_enabled, proxy_url))
+            else:
+                await db.execute("""
+                    UPDATE proxy_config
+                    SET proxy_enabled = ?, proxy_url = ?, updated_at = CURRENT_TIMESTAMP
+                    WHERE id = 1
+                """, (proxy_enabled, proxy_url))
+
+            # Initialize watermark-free config
+            watermark_config = config_dict.get("watermark_free", {})
+            watermark_free_enabled = watermark_config.get("watermark_free_enabled", False)
+            parse_method = watermark_config.get("parse_method", "third_party")
+            custom_parse_url = watermark_config.get("custom_parse_url", "")
+            custom_parse_token = watermark_config.get("custom_parse_token", "")
+
+            # Convert empty strings to None
+            custom_parse_url = custom_parse_url if custom_parse_url else None
+            custom_parse_token = custom_parse_token if custom_parse_token else None
+
+            if is_first_startup:
+                await db.execute("""
+                    INSERT OR IGNORE INTO watermark_free_config (id, watermark_free_enabled, parse_method, custom_parse_url, custom_parse_token)
+                    VALUES (1, ?, ?, ?, ?)
+                """, (watermark_free_enabled, parse_method, custom_parse_url, custom_parse_token))
+            else:
+                await db.execute("""
+                    UPDATE watermark_free_config
+                    SET watermark_free_enabled = ?, parse_method = ?, custom_parse_url = ?,
+                        custom_parse_token = ?, updated_at = CURRENT_TIMESTAMP
+                    WHERE id = 1
+                """, (watermark_free_enabled, parse_method, custom_parse_url, custom_parse_token))
+
+            # Initialize cache config
+            cache_config = config_dict.get("cache", {})
+            cache_enabled = cache_config.get("enabled", False)
+            cache_timeout = cache_config.get("timeout", 600)
+            cache_base_url = cache_config.get("base_url", "")
+            # Convert empty string to None
+            cache_base_url = cache_base_url if cache_base_url else None
+
+            if is_first_startup:
+                await db.execute("""
+                    INSERT OR IGNORE INTO cache_config (id, cache_enabled, cache_timeout, cache_base_url)
+                    VALUES (1, ?, ?, ?)
+                """, (cache_enabled, cache_timeout, cache_base_url))
+            else:
+                await db.execute("""
+                    UPDATE cache_config
+                    SET cache_enabled = ?, cache_timeout = ?, cache_base_url = ?, updated_at = CURRENT_TIMESTAMP
+                    WHERE id = 1
+                """, (cache_enabled, cache_timeout, cache_base_url))
+
+            # Initialize generation config
+            generation_config = config_dict.get("generation", {})
+            image_timeout = generation_config.get("image_timeout", 300)
+            video_timeout = generation_config.get("video_timeout", 1500)
+
+            if is_first_startup:
+                await db.execute("""
+                    INSERT OR IGNORE INTO generation_config (id, image_timeout, video_timeout)
+                    VALUES (1, ?, ?)
+                """, (image_timeout, video_timeout))
+            else:
+                await db.execute("""
+                    UPDATE generation_config
+                    SET image_timeout = ?, video_timeout = ?, updated_at = CURRENT_TIMESTAMP
+                    WHERE id = 1
+                """, (image_timeout, video_timeout))
+
+            # Initialize token refresh config
+            token_refresh_config = config_dict.get("token_refresh", {})
+            at_auto_refresh_enabled = token_refresh_config.get("at_auto_refresh_enabled", False)
+
+            if is_first_startup:
+                await db.execute("""
+                    INSERT OR IGNORE INTO token_refresh_config (id, at_auto_refresh_enabled)
+                    VALUES (1, ?)
+                """, (at_auto_refresh_enabled,))
+            else:
+                await db.execute("""
+                    UPDATE token_refresh_config
+                    SET at_auto_refresh_enabled = ?, updated_at = CURRENT_TIMESTAMP
+                    WHERE id = 1
+                """, (at_auto_refresh_enabled,))
+
+            await db.commit()
+
+    # Token operations
+    async def add_token(self, token: Token) -> int:
+        """Add a new token"""
+        async with aiosqlite.connect(self.db_path) as db:
+            cursor = await db.execute("""
+                INSERT INTO tokens (token, email, username, name, st, rt, remark, expiry_time, is_active,
+                                   plan_type, plan_title, subscription_end, sora2_supported, sora2_invite_code,
+                                   sora2_redeemed_count, sora2_total_count, sora2_remaining_count, sora2_cooldown_until,
+                                   image_enabled, video_enabled)
+                VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+            """, (token.token, token.email, "", token.name, token.st, token.rt,
+                  token.remark, token.expiry_time, token.is_active,
+                  token.plan_type, token.plan_title, token.subscription_end,
+                  token.sora2_supported, token.sora2_invite_code,
+                  token.sora2_redeemed_count, token.sora2_total_count,
+                  token.sora2_remaining_count, token.sora2_cooldown_until,
+                  token.image_enabled, token.video_enabled))
+            await db.commit()
+            token_id = cursor.lastrowid
+
+            # Create stats entry
+            await db.execute("""
+                INSERT INTO token_stats (token_id) VALUES (?)
+            """, (token_id,))
+            await db.commit()
+
+            return token_id
+    
+    async def get_token(self, token_id: int) -> Optional[Token]:
+        """Get token by ID"""
+        async with aiosqlite.connect(self.db_path) as db:
+            db.row_factory = aiosqlite.Row
+            cursor = await db.execute("SELECT * FROM tokens WHERE id = ?", (token_id,))
+            row = await cursor.fetchone()
+            if row:
+                return Token(**dict(row))
+            return None
+    
+    async def get_token_by_value(self, token: str) -> Optional[Token]:
+        """Get token by value"""
+        async with aiosqlite.connect(self.db_path) as db:
+            db.row_factory = aiosqlite.Row
+            cursor = await db.execute("SELECT * FROM tokens WHERE token = ?", (token,))
+            row = await cursor.fetchone()
+            if row:
+                return Token(**dict(row))
+            return None
+    
+    async def get_active_tokens(self) -> List[Token]:
+        """Get all active tokens (enabled, not cooled down, not expired)"""
+        async with aiosqlite.connect(self.db_path) as db:
+            db.row_factory = aiosqlite.Row
+            cursor = await db.execute("""
+                SELECT * FROM tokens
+                WHERE is_active = 1
+                AND (cooled_until IS NULL OR cooled_until < CURRENT_TIMESTAMP)
+                AND expiry_time > CURRENT_TIMESTAMP
+                ORDER BY last_used_at ASC NULLS FIRST
+            """)
+            rows = await cursor.fetchall()
+            return [Token(**dict(row)) for row in rows]
+    
+    async def get_all_tokens(self) -> List[Token]:
+        """Get all tokens"""
+        async with aiosqlite.connect(self.db_path) as db:
+            db.row_factory = aiosqlite.Row
+            cursor = await db.execute("SELECT * FROM tokens ORDER BY created_at DESC")
+            rows = await cursor.fetchall()
+            return [Token(**dict(row)) for row in rows]
+    
+    async def update_token_usage(self, token_id: int):
+        """Update token usage"""
+        async with aiosqlite.connect(self.db_path) as db:
+            await db.execute("""
+                UPDATE tokens 
+                SET last_used_at = CURRENT_TIMESTAMP, use_count = use_count + 1
+                WHERE id = ?
+            """, (token_id,))
+            await db.commit()
+    
+    async def update_token_status(self, token_id: int, is_active: bool):
+        """Update token status"""
+        async with aiosqlite.connect(self.db_path) as db:
+            await db.execute("""
+                UPDATE tokens SET is_active = ? WHERE id = ?
+            """, (is_active, token_id))
+            await db.commit()
+    
+    async def update_token_sora2(self, token_id: int, supported: bool, invite_code: Optional[str] = None,
+                                redeemed_count: int = 0, total_count: int = 0, remaining_count: int = 0):
+        """Update token Sora2 support info"""
+        async with aiosqlite.connect(self.db_path) as db:
+            await db.execute("""
+                UPDATE tokens
+                SET sora2_supported = ?, sora2_invite_code = ?, sora2_redeemed_count = ?, sora2_total_count = ?, sora2_remaining_count = ?
+                WHERE id = ?
+            """, (supported, invite_code, redeemed_count, total_count, remaining_count, token_id))
+            await db.commit()
+
+    async def update_token_sora2_remaining(self, token_id: int, remaining_count: int):
+        """Update token Sora2 remaining count"""
+        async with aiosqlite.connect(self.db_path) as db:
+            await db.execute("""
+                UPDATE tokens SET sora2_remaining_count = ? WHERE id = ?
+            """, (remaining_count, token_id))
+            await db.commit()
+
+    async def update_token_sora2_cooldown(self, token_id: int, cooldown_until: Optional[datetime]):
+        """Update token Sora2 cooldown time"""
+        async with aiosqlite.connect(self.db_path) as db:
+            await db.execute("""
+                UPDATE tokens SET sora2_cooldown_until = ? WHERE id = ?
+            """, (cooldown_until, token_id))
+            await db.commit()
+
+    async def update_token_cooldown(self, token_id: int, cooled_until: datetime):
+        """Update token cooldown"""
+        async with aiosqlite.connect(self.db_path) as db:
+            await db.execute("""
+                UPDATE tokens SET cooled_until = ? WHERE id = ?
+            """, (cooled_until, token_id))
+            await db.commit()
+    
+    async def delete_token(self, token_id: int):
+        """Delete token"""
+        async with aiosqlite.connect(self.db_path) as db:
+            await db.execute("DELETE FROM token_stats WHERE token_id = ?", (token_id,))
+            await db.execute("DELETE FROM tokens WHERE id = ?", (token_id,))
+            await db.commit()
+
+    async def update_token(self, token_id: int,
+                          token: Optional[str] = None,
+                          st: Optional[str] = None,
+                          rt: Optional[str] = None,
+                          remark: Optional[str] = None,
+                          expiry_time: Optional[datetime] = None,
+                          plan_type: Optional[str] = None,
+                          plan_title: Optional[str] = None,
+                          subscription_end: Optional[datetime] = None,
+                          image_enabled: Optional[bool] = None,
+                          video_enabled: Optional[bool] = None):
+        """Update token (AT, ST, RT, remark, expiry_time, subscription info, image_enabled, video_enabled)"""
+        async with aiosqlite.connect(self.db_path) as db:
+            # Build dynamic update query
+            updates = []
+            params = []
+
+            if token is not None:
+                updates.append("token = ?")
+                params.append(token)
+
+            if st is not None:
+                updates.append("st = ?")
+                params.append(st)
+
+            if rt is not None:
+                updates.append("rt = ?")
+                params.append(rt)
+
+            if remark is not None:
+                updates.append("remark = ?")
+                params.append(remark)
+
+            if expiry_time is not None:
+                updates.append("expiry_time = ?")
+                params.append(expiry_time)
+
+            if plan_type is not None:
+                updates.append("plan_type = ?")
+                params.append(plan_type)
+
+            if plan_title is not None:
+                updates.append("plan_title = ?")
+                params.append(plan_title)
+
+            if subscription_end is not None:
+                updates.append("subscription_end = ?")
+                params.append(subscription_end)
+
+            if image_enabled is not None:
+                updates.append("image_enabled = ?")
+                params.append(image_enabled)
+
+            if video_enabled is not None:
+                updates.append("video_enabled = ?")
+                params.append(video_enabled)
+
+            if updates:
+                params.append(token_id)
+                query = f"UPDATE tokens SET {', '.join(updates)} WHERE id = ?"
+                await db.execute(query, params)
+                await db.commit()
+
+    # Token stats operations
+    async def get_token_stats(self, token_id: int) -> Optional[TokenStats]:
+        """Get token statistics"""
+        async with aiosqlite.connect(self.db_path) as db:
+            db.row_factory = aiosqlite.Row
+            cursor = await db.execute("SELECT * FROM token_stats WHERE token_id = ?", (token_id,))
+            row = await cursor.fetchone()
+            if row:
+                return TokenStats(**dict(row))
+            return None
+    
+    async def increment_image_count(self, token_id: int):
+        """Increment image generation count"""
+        async with aiosqlite.connect(self.db_path) as db:
+            await db.execute("""
+                UPDATE token_stats SET image_count = image_count + 1 WHERE token_id = ?
+            """, (token_id,))
+            await db.commit()
+    
+    async def increment_video_count(self, token_id: int):
+        """Increment video generation count"""
+        async with aiosqlite.connect(self.db_path) as db:
+            await db.execute("""
+                UPDATE token_stats SET video_count = video_count + 1 WHERE token_id = ?
+            """, (token_id,))
+            await db.commit()
+    
+    async def increment_error_count(self, token_id: int):
+        """Increment error count"""
+        async with aiosqlite.connect(self.db_path) as db:
+            await db.execute("""
+                UPDATE token_stats 
+                SET error_count = error_count + 1, last_error_at = CURRENT_TIMESTAMP
+                WHERE token_id = ?
+            """, (token_id,))
+            await db.commit()
+    
+    async def reset_error_count(self, token_id: int):
+        """Reset error count"""
+        async with aiosqlite.connect(self.db_path) as db:
+            await db.execute("""
+                UPDATE token_stats SET error_count = 0 WHERE token_id = ?
+            """, (token_id,))
+            await db.commit()
+    
+    # Task operations
+    async def create_task(self, task: Task) -> int:
+        """Create a new task"""
+        async with aiosqlite.connect(self.db_path) as db:
+            cursor = await db.execute("""
+                INSERT INTO tasks (task_id, token_id, model, prompt, status, progress)
+                VALUES (?, ?, ?, ?, ?, ?)
+            """, (task.task_id, task.token_id, task.model, task.prompt, task.status, task.progress))
+            await db.commit()
+            return cursor.lastrowid
+    
+    async def update_task(self, task_id: str, status: str, progress: float, 
+                         result_urls: Optional[str] = None, error_message: Optional[str] = None):
+        """Update task status"""
+        async with aiosqlite.connect(self.db_path) as db:
+            completed_at = datetime.now() if status in ["completed", "failed"] else None
+            await db.execute("""
+                UPDATE tasks 
+                SET status = ?, progress = ?, result_urls = ?, error_message = ?, completed_at = ?
+                WHERE task_id = ?
+            """, (status, progress, result_urls, error_message, completed_at, task_id))
+            await db.commit()
+    
+    async def get_task(self, task_id: str) -> Optional[Task]:
+        """Get task by ID"""
+        async with aiosqlite.connect(self.db_path) as db:
+            db.row_factory = aiosqlite.Row
+            cursor = await db.execute("SELECT * FROM tasks WHERE task_id = ?", (task_id,))
+            row = await cursor.fetchone()
+            if row:
+                return Task(**dict(row))
+            return None
+    
+    # Request log operations
+    async def log_request(self, log: RequestLog):
+        """Log a request"""
+        async with aiosqlite.connect(self.db_path) as db:
+            await db.execute("""
+                INSERT INTO request_logs (token_id, operation, request_body, response_body, status_code, duration)
+                VALUES (?, ?, ?, ?, ?, ?)
+            """, (log.token_id, log.operation, log.request_body, log.response_body, 
+                  log.status_code, log.duration))
+            await db.commit()
+    
+    async def get_recent_logs(self, limit: int = 100) -> List[dict]:
+        """Get recent logs with token email"""
+        async with aiosqlite.connect(self.db_path) as db:
+            db.row_factory = aiosqlite.Row
+            cursor = await db.execute("""
+                SELECT
+                    rl.id,
+                    rl.token_id,
+                    rl.operation,
+                    rl.request_body,
+                    rl.response_body,
+                    rl.status_code,
+                    rl.duration,
+                    rl.created_at,
+                    t.email as token_email
+                FROM request_logs rl
+                LEFT JOIN tokens t ON rl.token_id = t.id
+                ORDER BY rl.created_at DESC
+                LIMIT ?
+            """, (limit,))
+            rows = await cursor.fetchall()
+            return [dict(row) for row in rows]
+    
+    # Admin config operations
+    async def get_admin_config(self) -> AdminConfig:
+        """Get admin configuration"""
+        async with aiosqlite.connect(self.db_path) as db:
+            db.row_factory = aiosqlite.Row
+            cursor = await db.execute("SELECT * FROM admin_config WHERE id = 1")
+            row = await cursor.fetchone()
+            if row:
+                return AdminConfig(**dict(row))
+            # If no row exists, return a default config with placeholder values
+            # This should not happen in normal operation as _ensure_config_rows should create it
+            return AdminConfig(admin_username="admin", admin_password="admin")
+    
+    async def update_admin_config(self, config: AdminConfig):
+        """Update admin configuration"""
+        async with aiosqlite.connect(self.db_path) as db:
+            await db.execute("""
+                UPDATE admin_config
+                SET admin_username = ?, admin_password = ?, error_ban_threshold = ?, updated_at = CURRENT_TIMESTAMP
+                WHERE id = 1
+            """, (config.admin_username, config.admin_password, config.error_ban_threshold))
+            await db.commit()
+    
+    # Proxy config operations
+    async def get_proxy_config(self) -> ProxyConfig:
+        """Get proxy configuration"""
+        async with aiosqlite.connect(self.db_path) as db:
+            db.row_factory = aiosqlite.Row
+            cursor = await db.execute("SELECT * FROM proxy_config WHERE id = 1")
+            row = await cursor.fetchone()
+            if row:
+                return ProxyConfig(**dict(row))
+            # If no row exists, return a default config
+            # This should not happen in normal operation as _ensure_config_rows should create it
+            return ProxyConfig(proxy_enabled=False)
+    
+    async def update_proxy_config(self, enabled: bool, proxy_url: Optional[str]):
+        """Update proxy configuration"""
+        async with aiosqlite.connect(self.db_path) as db:
+            await db.execute("""
+                UPDATE proxy_config
+                SET proxy_enabled = ?, proxy_url = ?, updated_at = CURRENT_TIMESTAMP
+                WHERE id = 1
+            """, (enabled, proxy_url))
+            await db.commit()
+
+    # Watermark-free config operations
+    async def get_watermark_free_config(self) -> WatermarkFreeConfig:
+        """Get watermark-free configuration"""
+        async with aiosqlite.connect(self.db_path) as db:
+            db.row_factory = aiosqlite.Row
+            cursor = await db.execute("SELECT * FROM watermark_free_config WHERE id = 1")
+            row = await cursor.fetchone()
+            if row:
+                return WatermarkFreeConfig(**dict(row))
+            # If no row exists, return a default config
+            # This should not happen in normal operation as _ensure_config_rows should create it
+            return WatermarkFreeConfig(watermark_free_enabled=False, parse_method="third_party")
+
+    async def update_watermark_free_config(self, enabled: bool, parse_method: str = None,
+                                          custom_parse_url: str = None, custom_parse_token: str = None):
+        """Update watermark-free configuration"""
+        async with aiosqlite.connect(self.db_path) as db:
+            if parse_method is None and custom_parse_url is None and custom_parse_token is None:
+                # Only update enabled status
+                await db.execute("""
+                    UPDATE watermark_free_config
+                    SET watermark_free_enabled = ?, updated_at = CURRENT_TIMESTAMP
+                    WHERE id = 1
+                """, (enabled,))
+            else:
+                # Update all fields
+                await db.execute("""
+                    UPDATE watermark_free_config
+                    SET watermark_free_enabled = ?, parse_method = ?, custom_parse_url = ?,
+                        custom_parse_token = ?, updated_at = CURRENT_TIMESTAMP
+                    WHERE id = 1
+                """, (enabled, parse_method or "third_party", custom_parse_url, custom_parse_token))
+            await db.commit()
+
+    # Cache config operations
+    async def get_cache_config(self) -> CacheConfig:
+        """Get cache configuration"""
+        async with aiosqlite.connect(self.db_path) as db:
+            db.row_factory = aiosqlite.Row
+            cursor = await db.execute("SELECT * FROM cache_config WHERE id = 1")
+            row = await cursor.fetchone()
+            if row:
+                return CacheConfig(**dict(row))
+            # If no row exists, return a default config
+            # This should not happen in normal operation as _ensure_config_rows should create it
+            return CacheConfig(cache_enabled=False, cache_timeout=600)
+
+    async def update_cache_config(self, enabled: bool = None, timeout: int = None, base_url: Optional[str] = None):
+        """Update cache configuration"""
+        async with aiosqlite.connect(self.db_path) as db:
+            # Get current config first
+            db.row_factory = aiosqlite.Row
+            cursor = await db.execute("SELECT * FROM cache_config WHERE id = 1")
+            row = await cursor.fetchone()
+
+            if row:
+                current = dict(row)
+                # Update only provided fields
+                new_enabled = enabled if enabled is not None else current.get("cache_enabled", False)
+                new_timeout = timeout if timeout is not None else current.get("cache_timeout", 600)
+                new_base_url = base_url if base_url is not None else current.get("cache_base_url")
+            else:
+                new_enabled = enabled if enabled is not None else False
+                new_timeout = timeout if timeout is not None else 600
+                new_base_url = base_url
+
+            # Convert empty string to None
+            new_base_url = new_base_url if new_base_url else None
+
+            await db.execute("""
+                UPDATE cache_config
+                SET cache_enabled = ?, cache_timeout = ?, cache_base_url = ?, updated_at = CURRENT_TIMESTAMP
+                WHERE id = 1
+            """, (new_enabled, new_timeout, new_base_url))
+            await db.commit()
+
+    # Generation config operations
+    async def get_generation_config(self) -> GenerationConfig:
+        """Get generation configuration"""
+        async with aiosqlite.connect(self.db_path) as db:
+            db.row_factory = aiosqlite.Row
+            cursor = await db.execute("SELECT * FROM generation_config WHERE id = 1")
+            row = await cursor.fetchone()
+            if row:
+                return GenerationConfig(**dict(row))
+            # If no row exists, return a default config
+            # This should not happen in normal operation as _ensure_config_rows should create it
+            return GenerationConfig(image_timeout=300, video_timeout=1500)
+
+    async def update_generation_config(self, image_timeout: int = None, video_timeout: int = None):
+        """Update generation configuration"""
+        async with aiosqlite.connect(self.db_path) as db:
+            # Get current config first
+            db.row_factory = aiosqlite.Row
+            cursor = await db.execute("SELECT * FROM generation_config WHERE id = 1")
+            row = await cursor.fetchone()
+
+            if row:
+                current = dict(row)
+                # Update only provided fields
+                new_image_timeout = image_timeout if image_timeout is not None else current.get("image_timeout", 300)
+                new_video_timeout = video_timeout if video_timeout is not None else current.get("video_timeout", 1500)
+            else:
+                new_image_timeout = image_timeout if image_timeout is not None else 300
+                new_video_timeout = video_timeout if video_timeout is not None else 1500
+
+            await db.execute("""
+                UPDATE generation_config
+                SET image_timeout = ?, video_timeout = ?, updated_at = CURRENT_TIMESTAMP
+                WHERE id = 1
+            """, (new_image_timeout, new_video_timeout))
+            await db.commit()
+
+    # Token refresh config operations
+    async def get_token_refresh_config(self) -> TokenRefreshConfig:
+        """Get token refresh configuration"""
+        async with aiosqlite.connect(self.db_path) as db:
+            db.row_factory = aiosqlite.Row
+            cursor = await db.execute("SELECT * FROM token_refresh_config WHERE id = 1")
+            row = await cursor.fetchone()
+            if row:
+                return TokenRefreshConfig(**dict(row))
+            # If no row exists, return a default config
+            # This should not happen in normal operation as _ensure_config_rows should create it
+            return TokenRefreshConfig(at_auto_refresh_enabled=False)
+
+    async def update_token_refresh_config(self, at_auto_refresh_enabled: bool):
+        """Update token refresh configuration"""
+        async with aiosqlite.connect(self.db_path) as db:
+            await db.execute("""
+                UPDATE token_refresh_config
+                SET at_auto_refresh_enabled = ?, updated_at = CURRENT_TIMESTAMP
+                WHERE id = 1
+            """, (at_auto_refresh_enabled,))
+            await db.commit()
+

src/core/logger.py

@@ -0,0 +1,226 @@
+"""Debug logger module for detailed API request/response logging"""
+import json
+import logging
+from datetime import datetime
+from pathlib import Path
+from typing import Dict, Any, Optional
+from .config import config
+
+class DebugLogger:
+    """Debug logger for API requests and responses"""
+    
+    def __init__(self):
+        self.log_file = Path("logs.txt")
+        self._setup_logger()
+    
+    def _setup_logger(self):
+        """Setup file logger"""
+        # Create logger
+        self.logger = logging.getLogger("debug_logger")
+        self.logger.setLevel(logging.DEBUG)
+        
+        # Remove existing handlers
+        self.logger.handlers.clear()
+        
+        # Create file handler
+        file_handler = logging.FileHandler(
+            self.log_file, 
+            mode='a', 
+            encoding='utf-8'
+        )
+        file_handler.setLevel(logging.DEBUG)
+        
+        # Create formatter
+        formatter = logging.Formatter(
+            '%(message)s',
+            datefmt='%Y-%m-%d %H:%M:%S'
+        )
+        file_handler.setFormatter(formatter)
+        
+        # Add handler
+        self.logger.addHandler(file_handler)
+        
+        # Prevent propagation to root logger
+        self.logger.propagate = False
+    
+    def _mask_token(self, token: str) -> str:
+        """Mask token for logging (show first 6 and last 6 characters)"""
+        if not config.debug_mask_token or len(token) <= 12:
+            return token
+        return f"{token[:6]}...{token[-6:]}"
+    
+    def _format_timestamp(self) -> str:
+        """Format current timestamp"""
+        return datetime.now().strftime('%Y-%m-%d %H:%M:%S.%f')[:-3]
+    
+    def _write_separator(self, char: str = "=", length: int = 100):
+        """Write separator line"""
+        self.logger.info(char * length)
+    
+    def log_request(
+        self,
+        method: str,
+        url: str,
+        headers: Dict[str, str],
+        body: Optional[Any] = None,
+        files: Optional[Dict] = None,
+        proxy: Optional[str] = None
+    ):
+        """Log API request details to log.txt"""
+        
+        try:
+            self._write_separator()
+            self.logger.info(f"🔵 [REQUEST] {self._format_timestamp()}")
+            self._write_separator("-")
+            
+            # Basic info
+            self.logger.info(f"Method: {method}")
+            self.logger.info(f"URL: {url}")
+            
+            # Headers
+            self.logger.info("\n📋 Headers:")
+            masked_headers = dict(headers)
+            if "Authorization" in masked_headers:
+                auth_value = masked_headers["Authorization"]
+                if auth_value.startswith("Bearer "):
+                    token = auth_value[7:]
+                    masked_headers["Authorization"] = f"Bearer {self._mask_token(token)}"
+            
+            for key, value in masked_headers.items():
+                self.logger.info(f"  {key}: {value}")
+            
+            # Body
+            if body is not None:
+                self.logger.info("\n📦 Request Body:")
+                if isinstance(body, (dict, list)):
+                    body_str = json.dumps(body, indent=2, ensure_ascii=False)
+                    self.logger.info(body_str)
+                else:
+                    self.logger.info(str(body))
+            
+            # Files
+            if files:
+                self.logger.info("\n📎 Files:")
+                try:
+                    # Handle both dict and CurlMime objects
+                    if hasattr(files, 'keys') and callable(getattr(files, 'keys', None)):
+                        for key in files.keys():
+                            self.logger.info(f"  {key}: <file data>")
+                    else:
+                        # CurlMime or other non-dict objects
+                        self.logger.info("  <multipart form data>")
+                except (AttributeError, TypeError):
+                    # Fallback for objects that don't support iteration
+                    self.logger.info("  <binary file data>")
+            
+            # Proxy
+            if proxy:
+                self.logger.info(f"\n🌐 Proxy: {proxy}")
+            
+            self._write_separator()
+            self.logger.info("")  # Empty line
+            
+        except Exception as e:
+            self.logger.error(f"Error logging request: {e}")
+    
+    def log_response(
+        self,
+        status_code: int,
+        headers: Dict[str, str],
+        body: Any,
+        duration_ms: Optional[float] = None
+    ):
+        """Log API response details to log.txt"""
+        
+        try:
+            self._write_separator()
+            self.logger.info(f"🟢 [RESPONSE] {self._format_timestamp()}")
+            self._write_separator("-")
+            
+            # Status
+            status_emoji = "✅" if 200 <= status_code < 300 else "❌"
+            self.logger.info(f"Status: {status_code} {status_emoji}")
+            
+            # Duration
+            if duration_ms is not None:
+                self.logger.info(f"Duration: {duration_ms:.2f}ms")
+            
+            # Headers
+            self.logger.info("\n📋 Response Headers:")
+            for key, value in headers.items():
+                self.logger.info(f"  {key}: {value}")
+            
+            # Body
+            self.logger.info("\n📦 Response Body:")
+            if isinstance(body, (dict, list)):
+                body_str = json.dumps(body, indent=2, ensure_ascii=False)
+                self.logger.info(body_str)
+            elif isinstance(body, str):
+                # Try to parse as JSON
+                try:
+                    parsed = json.loads(body)
+                    body_str = json.dumps(parsed, indent=2, ensure_ascii=False)
+                    self.logger.info(body_str)
+                except:
+                    # Not JSON, log as text (limit length)
+                    if len(body) > 2000:
+                        self.logger.info(f"{body[:2000]}... (truncated)")
+                    else:
+                        self.logger.info(body)
+            else:
+                self.logger.info(str(body))
+            
+            self._write_separator()
+            self.logger.info("")  # Empty line
+            
+        except Exception as e:
+            self.logger.error(f"Error logging response: {e}")
+    
+    def log_error(
+        self,
+        error_message: str,
+        status_code: Optional[int] = None,
+        response_text: Optional[str] = None
+    ):
+        """Log API error details to log.txt"""
+        
+        try:
+            self._write_separator()
+            self.logger.info(f"🔴 [ERROR] {self._format_timestamp()}")
+            self._write_separator("-")
+            
+            if status_code:
+                self.logger.info(f"Status Code: {status_code}")
+            
+            self.logger.info(f"Error Message: {error_message}")
+            
+            if response_text:
+                self.logger.info("\n📦 Error Response:")
+                # Try to parse as JSON
+                try:
+                    parsed = json.loads(response_text)
+                    body_str = json.dumps(parsed, indent=2, ensure_ascii=False)
+                    self.logger.info(body_str)
+                except:
+                    # Not JSON, log as text
+                    if len(response_text) > 2000:
+                        self.logger.info(f"{response_text[:2000]}... (truncated)")
+                    else:
+                        self.logger.info(response_text)
+            
+            self._write_separator()
+            self.logger.info("")  # Empty line
+            
+        except Exception as e:
+            self.logger.error(f"Error logging error: {e}")
+    
+    def log_info(self, message: str):
+        """Log general info message to log.txt"""
+        try:
+            self.logger.info(f"ℹ️  [{self._format_timestamp()}] {message}")
+        except Exception as e:
+            self.logger.error(f"Error logging info: {e}")
+
+# Global debug logger instance
+debug_logger = DebugLogger()
+

src/core/models.py

@@ -0,0 +1,146 @@
+"""Data models"""
+from datetime import datetime
+from typing import Optional, List, Union
+from pydantic import BaseModel
+
+class Token(BaseModel):
+    """Token model"""
+    id: Optional[int] = None
+    token: str
+    email: str
+    name: Optional[str] = ""
+    st: Optional[str] = None
+    rt: Optional[str] = None
+    remark: Optional[str] = None
+    expiry_time: Optional[datetime] = None
+    is_active: bool = True
+    cooled_until: Optional[datetime] = None
+    created_at: Optional[datetime] = None
+    last_used_at: Optional[datetime] = None
+    use_count: int = 0
+    # 订阅信息
+    plan_type: Optional[str] = None  # 账户类型，如 chatgpt_team
+    plan_title: Optional[str] = None  # 套餐名称，如 ChatGPT Business
+    subscription_end: Optional[datetime] = None  # 套餐到期时间
+    # Sora2 支持信息
+    sora2_supported: Optional[bool] = None  # 是否支持Sora2
+    sora2_invite_code: Optional[str] = None  # Sora2邀请码
+    sora2_redeemed_count: int = 0  # Sora2已用次数
+    sora2_total_count: int = 0  # Sora2总次数
+    # Sora2 剩余次数
+    sora2_remaining_count: int = 0  # Sora2剩余可用次数
+    sora2_cooldown_until: Optional[datetime] = None  # Sora2冷却时间
+    # 功能开关
+    image_enabled: bool = True  # 是否启用图片生成
+    video_enabled: bool = True  # 是否启用视频生成
+
+class TokenStats(BaseModel):
+    """Token statistics"""
+    id: Optional[int] = None
+    token_id: int
+    image_count: int = 0
+    video_count: int = 0
+    error_count: int = 0
+    last_error_at: Optional[datetime] = None
+
+class Task(BaseModel):
+    """Task model"""
+    id: Optional[int] = None
+    task_id: str
+    token_id: int
+    model: str
+    prompt: str
+    status: str = "processing"  # processing/completed/failed
+    progress: float = 0.0
+    result_urls: Optional[str] = None  # JSON array
+    error_message: Optional[str] = None
+    created_at: Optional[datetime] = None
+    completed_at: Optional[datetime] = None
+
+class RequestLog(BaseModel):
+    """Request log model"""
+    id: Optional[int] = None
+    token_id: Optional[int] = None
+    operation: str
+    request_body: Optional[str] = None
+    response_body: Optional[str] = None
+    status_code: int
+    duration: float
+    created_at: Optional[datetime] = None
+
+class AdminConfig(BaseModel):
+    """Admin configuration"""
+    id: int = 1
+    admin_username: str  # Read from database, initialized from setting.toml on first startup
+    admin_password: str  # Read from database, initialized from setting.toml on first startup
+    error_ban_threshold: int = 3
+    updated_at: Optional[datetime] = None
+
+class ProxyConfig(BaseModel):
+    """Proxy configuration"""
+    id: int = 1
+    proxy_enabled: bool  # Read from database, initialized from setting.toml on first startup
+    proxy_url: Optional[str] = None  # Read from database, initialized from setting.toml on first startup
+    created_at: Optional[datetime] = None
+    updated_at: Optional[datetime] = None
+
+class WatermarkFreeConfig(BaseModel):
+    """Watermark-free mode configuration"""
+    id: int = 1
+    watermark_free_enabled: bool  # Read from database, initialized from setting.toml on first startup
+    parse_method: str  # Read from database, initialized from setting.toml on first startup
+    custom_parse_url: Optional[str] = None  # Read from database, initialized from setting.toml on first startup
+    custom_parse_token: Optional[str] = None  # Read from database, initialized from setting.toml on first startup
+    created_at: Optional[datetime] = None
+    updated_at: Optional[datetime] = None
+
+class CacheConfig(BaseModel):
+    """Cache configuration"""
+    id: int = 1
+    cache_enabled: bool  # Read from database, initialized from setting.toml on first startup
+    cache_timeout: int  # Read from database, initialized from setting.toml on first startup
+    cache_base_url: Optional[str] = None  # Read from database, initialized from setting.toml on first startup
+    created_at: Optional[datetime] = None
+    updated_at: Optional[datetime] = None
+
+class GenerationConfig(BaseModel):
+    """Generation timeout configuration"""
+    id: int = 1
+    image_timeout: int  # Read from database, initialized from setting.toml on first startup
+    video_timeout: int  # Read from database, initialized from setting.toml on first startup
+    created_at: Optional[datetime] = None
+    updated_at: Optional[datetime] = None
+
+class TokenRefreshConfig(BaseModel):
+    """Token refresh configuration"""
+    id: int = 1
+    at_auto_refresh_enabled: bool  # Read from database, initialized from setting.toml on first startup
+    created_at: Optional[datetime] = None
+    updated_at: Optional[datetime] = None
+
+# API Request/Response models
+class ChatMessage(BaseModel):
+    role: str
+    content: Union[str, List[dict]]  # Support both string and array format (OpenAI multimodal)
+
+class ChatCompletionRequest(BaseModel):
+    model: str
+    messages: List[ChatMessage]
+    image: Optional[str] = None
+    video: Optional[str] = None  # Base64 encoded video file
+    remix_target_id: Optional[str] = None  # Sora share link video ID for remix
+    stream: bool = False
+    max_tokens: Optional[int] = None
+
+class ChatCompletionChoice(BaseModel):
+    index: int
+    message: Optional[dict] = None
+    delta: Optional[dict] = None
+    finish_reason: Optional[str] = None
+
+class ChatCompletionResponse(BaseModel):
+    id: str
+    object: str = "chat.completion"
+    created: int
+    model: str
+    choices: List[ChatCompletionChoice]

src/main.py

@@ -0,0 +1,144 @@
+"""Main application entry point"""
+import uvicorn
+from fastapi import FastAPI
+from fastapi.responses import FileResponse, HTMLResponse
+from fastapi.staticfiles import StaticFiles
+from fastapi.middleware.cors import CORSMiddleware
+from pathlib import Path
+
+# Import modules
+from .core.config import config
+from .core.database import Database
+from .services.token_manager import TokenManager
+from .services.proxy_manager import ProxyManager
+from .services.load_balancer import LoadBalancer
+from .services.sora_client import SoraClient
+from .services.generation_handler import GenerationHandler
+from .api import routes as api_routes
+from .api import admin as admin_routes
+
+# Initialize FastAPI app
+app = FastAPI(
+    title="Sora2API",
+    description="OpenAI compatible API for Sora",
+    version="1.0.0"
+)
+
+# CORS middleware
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["*"],
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+# Initialize components
+db = Database()
+token_manager = TokenManager(db)
+proxy_manager = ProxyManager(db)
+load_balancer = LoadBalancer(token_manager)
+sora_client = SoraClient(proxy_manager)
+generation_handler = GenerationHandler(sora_client, token_manager, load_balancer, db, proxy_manager)
+
+# Set dependencies for route modules
+api_routes.set_generation_handler(generation_handler)
+admin_routes.set_dependencies(token_manager, proxy_manager, db, generation_handler)
+
+# Include routers
+app.include_router(api_routes.router)
+app.include_router(admin_routes.router)
+
+# Static files
+static_dir = Path(__file__).parent.parent / "static"
+static_dir.mkdir(exist_ok=True)
+app.mount("/static", StaticFiles(directory=str(static_dir)), name="static")
+
+# Cache files (tmp directory)
+tmp_dir = Path(__file__).parent.parent / "tmp"
+tmp_dir.mkdir(exist_ok=True)
+app.mount("/tmp", StaticFiles(directory=str(tmp_dir)), name="tmp")
+
+# Frontend routes
+@app.get("/", response_class=HTMLResponse)
+async def root():
+    """Redirect to login page"""
+    return """
+    <!DOCTYPE html>
+    <html>
+    <head>
+        <meta http-equiv="refresh" content="0; url=/login">
+    </head>
+    <body>
+        <p>Redirecting to login...</p>
+    </body>
+    </html>
+    """
+
+@app.get("/login", response_class=FileResponse)
+async def login_page():
+    """Serve login page"""
+    return FileResponse(str(static_dir / "login.html"))
+
+@app.get("/manage", response_class=FileResponse)
+async def manage_page():
+    """Serve management page"""
+    return FileResponse(str(static_dir / "manage.html"))
+
+@app.on_event("startup")
+async def startup_event():
+    """Initialize database on startup"""
+    # Get config from setting.toml
+    config_dict = config.get_raw_config()
+
+    # Check if database exists
+    is_first_startup = not db.db_exists()
+
+    # Initialize database tables
+    await db.init_db()
+
+    # Handle database initialization based on startup type
+    if is_first_startup:
+        print("🎉 First startup detected. Initializing database and configuration from setting.toml...")
+        await db.init_config_from_toml(config_dict, is_first_startup=True)
+        print("✓ Database and configuration initialized successfully.")
+    else:
+        print("🔄 Existing database detected. Checking for missing tables and columns...")
+        await db.check_and_migrate_db(config_dict)
+        print("✓ Database migration check completed.")
+
+    # Load admin credentials from database
+    admin_config = await db.get_admin_config()
+    config.set_admin_username_from_db(admin_config.admin_username)
+    config.set_admin_password_from_db(admin_config.admin_password)
+
+    # Load cache configuration from database
+    cache_config = await db.get_cache_config()
+    config.set_cache_enabled(cache_config.cache_enabled)
+    config.set_cache_timeout(cache_config.cache_timeout)
+    config.set_cache_base_url(cache_config.cache_base_url or "")
+
+    # Load generation configuration from database
+    generation_config = await db.get_generation_config()
+    config.set_image_timeout(generation_config.image_timeout)
+    config.set_video_timeout(generation_config.video_timeout)
+
+    # Load token refresh configuration from database
+    token_refresh_config = await db.get_token_refresh_config()
+    config.set_at_auto_refresh_enabled(token_refresh_config.at_auto_refresh_enabled)
+
+    # Start file cache cleanup task
+    await generation_handler.file_cache.start_cleanup_task()
+
+@app.on_event("shutdown")
+async def shutdown_event():
+    """Cleanup on shutdown"""
+    await generation_handler.file_cache.stop_cleanup_task()
+
+if __name__ == "__main__":
+    uvicorn.run(
+        "src.main:app",
+        host=config.server_host,
+        port=config.server_port,
+        reload=False
+    )

src/services/__init__.py

@@ -0,0 +1,17 @@
+"""Business services module"""
+
+from .token_manager import TokenManager
+from .proxy_manager import ProxyManager
+from .load_balancer import LoadBalancer
+from .sora_client import SoraClient
+from .generation_handler import GenerationHandler, MODEL_CONFIG
+
+__all__ = [
+    "TokenManager",
+    "ProxyManager",
+    "LoadBalancer",
+    "SoraClient",
+    "GenerationHandler",
+    "MODEL_CONFIG",
+]
+

src/services/file_cache.py

@@ -0,0 +1,212 @@
+"""File caching service"""
+import os
+import asyncio
+import hashlib
+import time
+from pathlib import Path
+from typing import Optional
+from datetime import datetime, timedelta
+from curl_cffi.requests import AsyncSession
+from ..core.config import config
+from ..core.logger import debug_logger
+
+
+class FileCache:
+    """File caching service for images and videos"""
+
+    def __init__(self, cache_dir: str = "tmp", default_timeout: int = 7200, proxy_manager=None):
+        """
+        Initialize file cache
+
+        Args:
+            cache_dir: Cache directory path
+            default_timeout: Default cache timeout in seconds (default: 2 hours)
+            proxy_manager: ProxyManager instance for downloading files
+        """
+        self.cache_dir = Path(cache_dir)
+        self.cache_dir.mkdir(exist_ok=True)
+        self.default_timeout = default_timeout
+        self.proxy_manager = proxy_manager
+        self._cleanup_task = None
+        
+    async def start_cleanup_task(self):
+        """Start background cleanup task"""
+        if self._cleanup_task is None:
+            self._cleanup_task = asyncio.create_task(self._cleanup_loop())
+    
+    async def stop_cleanup_task(self):
+        """Stop background cleanup task"""
+        if self._cleanup_task:
+            self._cleanup_task.cancel()
+            try:
+                await self._cleanup_task
+            except asyncio.CancelledError:
+                pass
+            self._cleanup_task = None
+    
+    async def _cleanup_loop(self):
+        """Background task to clean up expired files"""
+        while True:
+            try:
+                await asyncio.sleep(300)  # Check every 5 minutes
+                await self._cleanup_expired_files()
+            except asyncio.CancelledError:
+                break
+            except Exception as e:
+                debug_logger.log_error(
+                    error_message=f"Cleanup task error: {str(e)}",
+                    status_code=0,
+                    response_text=""
+                )
+    
+    async def _cleanup_expired_files(self):
+        """Remove expired cache files"""
+        try:
+            current_time = time.time()
+            removed_count = 0
+            
+            for file_path in self.cache_dir.iterdir():
+                if file_path.is_file():
+                    # Check file age
+                    file_age = current_time - file_path.stat().st_mtime
+                    if file_age > self.default_timeout:
+                        try:
+                            file_path.unlink()
+                            removed_count += 1
+                            debug_logger.log_info(f"Removed expired cache file: {file_path.name}")
+                        except Exception as e:
+                            debug_logger.log_error(
+                                error_message=f"Failed to remove file {file_path.name}: {str(e)}",
+                                status_code=0,
+                                response_text=""
+                            )
+            
+            if removed_count > 0:
+                debug_logger.log_info(f"Cleanup completed: removed {removed_count} expired files")
+                
+        except Exception as e:
+            debug_logger.log_error(
+                error_message=f"Cleanup error: {str(e)}",
+                status_code=0,
+                response_text=""
+            )
+    
+    def _generate_cache_filename(self, url: str, media_type: str) -> str:
+        """
+        Generate cache filename from URL
+        
+        Args:
+            url: Original URL
+            media_type: 'image' or 'video'
+            
+        Returns:
+            Cache filename
+        """
+        # Use URL hash as filename
+        url_hash = hashlib.md5(url.encode()).hexdigest()
+        
+        # Determine extension
+        if media_type == "video":
+            ext = ".mp4"
+        else:
+            ext = ".png"
+        
+        return f"{url_hash}{ext}"
+    
+    async def download_and_cache(self, url: str, media_type: str) -> str:
+        """
+        Download file from URL and cache it locally
+        
+        Args:
+            url: File URL to download
+            media_type: 'image' or 'video'
+            
+        Returns:
+            Local cache filename
+        """
+        filename = self._generate_cache_filename(url, media_type)
+        file_path = self.cache_dir / filename
+        
+        # Check if already cached and not expired
+        if file_path.exists():
+            file_age = time.time() - file_path.stat().st_mtime
+            if file_age < self.default_timeout:
+                debug_logger.log_info(f"Cache hit: {filename}")
+                return filename
+            else:
+                # Remove expired file
+                try:
+                    file_path.unlink()
+                except Exception:
+                    pass
+        
+        # Download file
+        debug_logger.log_info(f"Downloading file from: {url}")
+
+        try:
+            # Get proxy if available
+            proxy_url = None
+            if self.proxy_manager:
+                proxy_config = await self.proxy_manager.get_proxy_config()
+                if proxy_config.proxy_enabled and proxy_config.proxy_url:
+                    proxy_url = proxy_config.proxy_url
+
+            # Download with proxy support
+            async with AsyncSession() as session:
+                proxies = {"http": proxy_url, "https": proxy_url} if proxy_url else None
+                response = await session.get(url, timeout=60, proxies=proxies)
+
+                if response.status_code != 200:
+                    raise Exception(f"Download failed: HTTP {response.status_code}")
+                
+                # Save to cache
+                with open(file_path, 'wb') as f:
+                    f.write(response.content)
+                
+                debug_logger.log_info(f"File cached: {filename} ({len(response.content)} bytes)")
+                return filename
+                
+        except Exception as e:
+            debug_logger.log_error(
+                error_message=f"Failed to download file: {str(e)}",
+                status_code=0,
+                response_text=str(e)
+            )
+            raise Exception(f"Failed to cache file: {str(e)}")
+    
+    def get_cache_path(self, filename: str) -> Path:
+        """Get full path to cached file"""
+        return self.cache_dir / filename
+    
+    def set_timeout(self, timeout: int):
+        """Set cache timeout in seconds"""
+        self.default_timeout = timeout
+        debug_logger.log_info(f"Cache timeout updated to {timeout} seconds")
+    
+    def get_timeout(self) -> int:
+        """Get current cache timeout"""
+        return self.default_timeout
+    
+    async def clear_all(self):
+        """Clear all cached files"""
+        try:
+            removed_count = 0
+            for file_path in self.cache_dir.iterdir():
+                if file_path.is_file():
+                    try:
+                        file_path.unlink()
+                        removed_count += 1
+                    except Exception:
+                        pass
+            
+            debug_logger.log_info(f"Cache cleared: removed {removed_count} files")
+            return removed_count
+            
+        except Exception as e:
+            debug_logger.log_error(
+                error_message=f"Failed to clear cache: {str(e)}",
+                status_code=0,
+                response_text=""
+            )
+            raise
+

src/services/generation_handler.py

@@ -0,0 +1,1475 @@
+"""Generation handling module"""
+import json
+import asyncio
+import base64
+import time
+import random
+import re
+from typing import Optional, AsyncGenerator, Dict, Any
+from datetime import datetime
+from .sora_client import SoraClient
+from .token_manager import TokenManager
+from .load_balancer import LoadBalancer
+from .file_cache import FileCache
+from ..core.database import Database
+from ..core.models import Task, RequestLog
+from ..core.config import config
+from ..core.logger import debug_logger
+
+# Model configuration
+MODEL_CONFIG = {
+    "sora-image": {
+        "type": "image",
+        "width": 360,
+        "height": 360
+    },
+    "sora-image-landscape": {
+        "type": "image",
+        "width": 540,
+        "height": 360
+    },
+    "sora-image-portrait": {
+        "type": "image",
+        "width": 360,
+        "height": 540
+    },
+    # Video models with 10s duration (300 frames)
+    "sora-video-10s": {
+        "type": "video",
+        "orientation": "landscape",
+        "n_frames": 300
+    },
+    "sora-video-landscape-10s": {
+        "type": "video",
+        "orientation": "landscape",
+        "n_frames": 300
+    },
+    "sora-video-portrait-10s": {
+        "type": "video",
+        "orientation": "portrait",
+        "n_frames": 300
+    },
+    # Video models with 15s duration (450 frames)
+    "sora-video-15s": {
+        "type": "video",
+        "orientation": "landscape",
+        "n_frames": 450
+    },
+    "sora-video-landscape-15s": {
+        "type": "video",
+        "orientation": "landscape",
+        "n_frames": 450
+    },
+    "sora-video-portrait-15s": {
+        "type": "video",
+        "orientation": "portrait",
+        "n_frames": 450
+    }
+}
+
+class GenerationHandler:
+    """Handle generation requests"""
+
+    def __init__(self, sora_client: SoraClient, token_manager: TokenManager,
+                 load_balancer: LoadBalancer, db: Database, proxy_manager=None):
+        self.sora_client = sora_client
+        self.token_manager = token_manager
+        self.load_balancer = load_balancer
+        self.db = db
+        self.file_cache = FileCache(
+            cache_dir="tmp",
+            default_timeout=config.cache_timeout,
+            proxy_manager=proxy_manager
+        )
+
+    def _get_base_url(self) -> str:
+        """Get base URL for cache files"""
+        # Reload config to get latest values
+        config.reload_config()
+
+        # Use configured cache base URL if available
+        if config.cache_base_url:
+            return config.cache_base_url.rstrip('/')
+        # Otherwise use server address
+        return f"http://{config.server_host}:{config.server_port}"
+    
+    def _decode_base64_image(self, image_str: str) -> bytes:
+        """Decode base64 image"""
+        # Remove data URI prefix if present
+        if "," in image_str:
+            image_str = image_str.split(",", 1)[1]
+        return base64.b64decode(image_str)
+
+    def _decode_base64_video(self, video_str: str) -> bytes:
+        """Decode base64 video"""
+        # Remove data URI prefix if present
+        if "," in video_str:
+            video_str = video_str.split(",", 1)[1]
+        return base64.b64decode(video_str)
+
+    def _process_character_username(self, username_hint: str) -> str:
+        """Process character username from API response
+
+        Logic:
+        1. Remove prefix (e.g., "blackwill." from "blackwill.meowliusma68")
+        2. Keep the remaining part (e.g., "meowliusma68")
+        3. Append 3 random digits
+        4. Return final username (e.g., "meowliusma68123")
+
+        Args:
+            username_hint: Original username from API (e.g., "blackwill.meowliusma68")
+
+        Returns:
+            Processed username with 3 random digits appended
+        """
+        # Split by dot and take the last part
+        if "." in username_hint:
+            base_username = username_hint.split(".")[-1]
+        else:
+            base_username = username_hint
+
+        # Generate 3 random digits
+        random_digits = str(random.randint(100, 999))
+
+        # Return final username
+        final_username = f"{base_username}{random_digits}"
+        debug_logger.log_info(f"Processed username: {username_hint} -> {final_username}")
+
+        return final_username
+
+    def _clean_remix_link_from_prompt(self, prompt: str) -> str:
+        """Remove remix link from prompt
+
+        Removes both formats:
+        1. Full URL: https://sora.chatgpt.com/p/s_68e3a06dcd888191b150971da152c1f5
+        2. Short ID: s_68e3a06dcd888191b150971da152c1f5
+
+        Args:
+            prompt: Original prompt that may contain remix link
+
+        Returns:
+            Cleaned prompt without remix link
+        """
+        if not prompt:
+            return prompt
+
+        # Remove full URL format: https://sora.chatgpt.com/p/s_[a-f0-9]{32}
+        cleaned = re.sub(r'https://sora\.chatgpt\.com/p/s_[a-f0-9]{32}', '', prompt)
+
+        # Remove short ID format: s_[a-f0-9]{32}
+        cleaned = re.sub(r's_[a-f0-9]{32}', '', cleaned)
+
+        # Clean up extra whitespace
+        cleaned = ' '.join(cleaned.split())
+
+        debug_logger.log_info(f"Cleaned prompt: '{prompt}' -> '{cleaned}'")
+
+        return cleaned
+
+    async def _download_file(self, url: str) -> bytes:
+        """Download file from URL
+
+        Args:
+            url: File URL
+
+        Returns:
+            File bytes
+        """
+        from curl_cffi.requests import AsyncSession
+
+        proxy_url = await self.load_balancer.proxy_manager.get_proxy_url()
+
+        kwargs = {
+            "timeout": 30,
+            "impersonate": "chrome"
+        }
+
+        if proxy_url:
+            kwargs["proxy"] = proxy_url
+
+        async with AsyncSession() as session:
+            response = await session.get(url, **kwargs)
+            if response.status_code != 200:
+                raise Exception(f"Failed to download file: {response.status_code}")
+            return response.content
+    
+    async def check_token_availability(self, is_image: bool, is_video: bool) -> bool:
+        """Check if tokens are available for the given model type
+
+        Args:
+            is_image: Whether checking for image generation
+            is_video: Whether checking for video generation
+
+        Returns:
+            True if available tokens exist, False otherwise
+        """
+        token_obj = await self.load_balancer.select_token(for_image_generation=is_image, for_video_generation=is_video)
+        return token_obj is not None
+
+    async def _run_background_poll(self, polling_generator):
+        """Run polling generator in background until completion"""
+        try:
+            async for _ in polling_generator:
+                pass
+        except Exception as e:
+            debug_logger.log_error(f"Background polling failed: {str(e)}")
+
+    async def submit_generation_task(self, model: str, prompt: str,
+                                   image: Optional[str] = None,
+                                   video: Optional[str] = None,
+                                   remix_target_id: Optional[str] = None) -> str:
+        """Submit generation task and return task ID immediately
+        
+        Args:
+            model: Model name
+            prompt: Generation prompt
+            image: Base64 encoded image
+            video: Base64 encoded video or video URL
+            remix_target_id: Sora share link video ID for remix
+            
+        Returns:
+            Task ID
+        """
+        # Validate model
+        if model not in MODEL_CONFIG:
+            raise ValueError(f"Invalid model: {model}")
+
+        model_config = MODEL_CONFIG[model]
+        is_video = model_config["type"] == "video"
+        is_image = model_config["type"] == "image"
+
+        # Handle remix flow
+        if is_video and remix_target_id:
+            return await self._submit_remix_task(remix_target_id, prompt, model_config)
+
+        # Helper to check tokens
+        token_obj = await self.load_balancer.select_token(for_image_generation=is_image, for_video_generation=is_video)
+        if not token_obj:
+            if is_image:
+                raise Exception("No available tokens for image generation")
+            else:
+                raise Exception("No available tokens for video generation")
+                
+        # Handle video character flows (not fully supported in async yet, treating as standard generation if possible)
+        # For now, if video is provided for character creation, we might need a separate flow.
+        # But for standard video generation (text-to-video), let's proceed.
+        # If video is provided, it might be image-to-video or character flow.
+        pass_video_to_poll = False
+        media_id = None
+        
+        # Acquire lock for image generation
+        if is_image:
+            lock_acquired = await self.load_balancer.token_lock.acquire_lock(token_obj.id)
+            if not lock_acquired:
+                raise Exception(f"Failed to acquire lock for token {token_obj.id}")
+
+        try:
+            # Upload image if provided
+            if image:
+                image_data = self._decode_base64_image(image)
+                media_id = await self.sora_client.upload_image(image_data, token_obj.token)
+
+            # Generate
+            task_id = None
+            if is_video:
+                n_frames = model_config.get("n_frames", 300)
+                # Note: Character flows with video input are complex to unify here.
+                # If prompt is present, we assume standard generation.
+                task_id = await self.sora_client.generate_video(
+                    prompt, token_obj.token,
+                    orientation=model_config["orientation"],
+                    media_id=media_id,
+                    n_frames=n_frames
+                )
+            else:
+                task_id = await self.sora_client.generate_image(
+                    prompt, token_obj.token,
+                    width=model_config["width"],
+                    height=model_config["height"],
+                    media_id=media_id
+                )
+            
+            # Save task to database
+            task = Task(
+                task_id=task_id,
+                token_id=token_obj.id,
+                model=model,
+                prompt=prompt,
+                status="processing",
+                progress=0.0
+            )
+            await self.db.create_task(task)
+            
+            # Record usage
+            await self.token_manager.record_usage(token_obj.id, is_video=is_video)
+            
+            # Start background polling
+            polling_gen = self._poll_task_result(
+                task_id, token_obj.token, is_video, stream=False, prompt=prompt, token_id=token_obj.id
+            )
+            asyncio.create_task(self._run_background_poll(polling_gen))
+            
+            return task_id
+
+        except Exception as e:
+            if is_image and token_obj:
+                await self.load_balancer.token_lock.release_lock(token_obj.id)
+            raise e
+
+    async def _submit_remix_task(self, remix_target_id: str, prompt: str, model_config: Dict) -> str:
+        """Submit remix task"""
+        token_obj = await self.load_balancer.select_token(for_video_generation=True)
+        if not token_obj:
+            raise Exception("No available tokens for remix generation")
+
+        try:
+            clean_prompt = self._clean_remix_link_from_prompt(prompt)
+            n_frames = model_config.get("n_frames", 300)
+
+            # Call remix API
+            task_id = await self.sora_client.remix_video(
+                remix_target_id=remix_target_id,
+                prompt=clean_prompt,
+                token=token_obj.token,
+                orientation=model_config["orientation"],
+                n_frames=n_frames
+            )
+
+            # Save task via DB
+            task = Task(
+                task_id=task_id,
+                token_id=token_obj.id,
+                model=f"sora-video-{model_config['orientation']}",
+                prompt=f"remix:{remix_target_id} {clean_prompt}",
+                status="processing",
+                progress=0.0
+            )
+            await self.db.create_task(task)
+
+            # Record usage
+            await self.token_manager.record_usage(token_obj.id, is_video=True)
+
+            # Start background polling
+            polling_gen = self._poll_task_result(
+                task_id, token_obj.token, True, False, clean_prompt, token_obj.id
+            )
+            asyncio.create_task(self._run_background_poll(polling_gen))
+
+            return task_id
+            
+        except Exception as e:
+            if token_obj:
+                await self.token_manager.record_error(token_obj.id)
+            raise e
+
+
+    async def handle_generation(self, model: str, prompt: str,
+                               image: Optional[str] = None,
+                               video: Optional[str] = None,
+                               remix_target_id: Optional[str] = None,
+                               stream: bool = True) -> AsyncGenerator[str, None]:
+        """Handle generation request
+
+        Args:
+            model: Model name
+            prompt: Generation prompt
+            image: Base64 encoded image
+            video: Base64 encoded video or video URL
+            remix_target_id: Sora share link video ID for remix
+            stream: Whether to stream response
+        """
+        start_time = time.time()
+
+        # Validate model
+        if model not in MODEL_CONFIG:
+            raise ValueError(f"Invalid model: {model}")
+
+        model_config = MODEL_CONFIG[model]
+        is_video = model_config["type"] == "video"
+        is_image = model_config["type"] == "image"
+
+        # Non-streaming mode: only check availability
+        if not stream:
+            available = await self.check_token_availability(is_image, is_video)
+            if available:
+                if is_image:
+                    message = "All tokens available for image generation. Please enable streaming to use the generation feature."
+                else:
+                    message = "All tokens available for video generation. Please enable streaming to use the generation feature."
+            else:
+                if is_image:
+                    message = "No available models for image generation"
+                else:
+                    message = "No available models for video generation"
+
+            yield self._format_non_stream_response(message, is_availability_check=True)
+            return
+
+        # Handle character creation and remix flows for video models
+        if is_video:
+            # Remix flow: remix_target_id provided
+            if remix_target_id:
+                async for chunk in self._handle_remix(remix_target_id, prompt, model_config):
+                    yield chunk
+                return
+
+            # Character creation flow: video provided
+            if video:
+                # Decode video if it's base64
+                video_data = self._decode_base64_video(video) if video.startswith("data:") or not video.startswith("http") else video
+
+                # If no prompt, just create character and return
+                if not prompt:
+                    async for chunk in self._handle_character_creation_only(video_data, model_config):
+                        yield chunk
+                    return
+                else:
+                    # If prompt provided, create character and generate video
+                    async for chunk in self._handle_character_and_video_generation(video_data, prompt, model_config):
+                        yield chunk
+                    return
+
+        # Streaming mode: proceed with actual generation
+        # Select token (with lock for image generation, Sora2 quota check for video generation)
+        token_obj = await self.load_balancer.select_token(for_image_generation=is_image, for_video_generation=is_video)
+        if not token_obj:
+            if is_image:
+                raise Exception("No available tokens for image generation. All tokens are either disabled, cooling down, locked, or expired.")
+            else:
+                raise Exception("No available tokens for video generation. All tokens are either disabled, cooling down, Sora2 quota exhausted, don't support Sora2, or expired.")
+
+        # Acquire lock for image generation
+        if is_image:
+            lock_acquired = await self.load_balancer.token_lock.acquire_lock(token_obj.id)
+            if not lock_acquired:
+                raise Exception(f"Failed to acquire lock for token {token_obj.id}")
+
+        task_id = None
+        is_first_chunk = True  # Track if this is the first chunk
+
+        try:
+            # Upload image if provided
+            media_id = None
+            if image:
+                if stream:
+                    yield self._format_stream_chunk(
+                        reasoning_content="**Image Upload Begins**\n\nUploading image to server...\n",
+                        is_first=is_first_chunk
+                    )
+                    is_first_chunk = False
+
+                image_data = self._decode_base64_image(image)
+                media_id = await self.sora_client.upload_image(image_data, token_obj.token)
+
+                if stream:
+                    yield self._format_stream_chunk(
+                        reasoning_content="Image uploaded successfully. Proceeding to generation...\n"
+                    )
+
+            # Generate
+            if stream:
+                if is_first_chunk:
+                    yield self._format_stream_chunk(
+                        reasoning_content="**Generation Process Begins**\n\nInitializing generation request...\n",
+                        is_first=True
+                    )
+                    is_first_chunk = False
+                else:
+                    yield self._format_stream_chunk(
+                        reasoning_content="**Generation Process Begins**\n\nInitializing generation request...\n"
+                    )
+            
+            if is_video:
+                # Get n_frames from model configuration
+                n_frames = model_config.get("n_frames", 300)  # Default to 300 frames (10s)
+
+                task_id = await self.sora_client.generate_video(
+                    prompt, token_obj.token,
+                    orientation=model_config["orientation"],
+                    media_id=media_id,
+                    n_frames=n_frames
+                )
+            else:
+                task_id = await self.sora_client.generate_image(
+                    prompt, token_obj.token,
+                    width=model_config["width"],
+                    height=model_config["height"],
+                    media_id=media_id
+                )
+            
+            # Save task to database
+            task = Task(
+                task_id=task_id,
+                token_id=token_obj.id,
+                model=model,
+                prompt=prompt,
+                status="processing",
+                progress=0.0
+            )
+            await self.db.create_task(task)
+            
+            # Record usage
+            await self.token_manager.record_usage(token_obj.id, is_video=is_video)
+            
+            # Poll for results with timeout
+            async for chunk in self._poll_task_result(task_id, token_obj.token, is_video, stream, prompt, token_obj.id):
+                yield chunk
+            
+            # Record success
+            await self.token_manager.record_success(token_obj.id, is_video=is_video)
+
+            # Release lock for image generation
+            if is_image:
+                await self.load_balancer.token_lock.release_lock(token_obj.id)
+
+            # Log successful request
+            duration = time.time() - start_time
+            await self._log_request(
+                token_obj.id,
+                f"generate_{model_config['type']}",
+                {"model": model, "prompt": prompt, "has_image": image is not None},
+                {"task_id": task_id, "status": "success"},
+                200,
+                duration
+            )
+
+        except Exception as e:
+            # Release lock for image generation on error
+            if is_image and token_obj:
+                await self.load_balancer.token_lock.release_lock(token_obj.id)
+
+            # Record error
+            if token_obj:
+                await self.token_manager.record_error(token_obj.id)
+
+            # Log failed request
+            duration = time.time() - start_time
+            await self._log_request(
+                token_obj.id if token_obj else None,
+                f"generate_{model_config['type'] if model_config else 'unknown'}",
+                {"model": model, "prompt": prompt, "has_image": image is not None},
+                {"error": str(e)},
+                500,
+                duration
+            )
+            raise e
+    
+    async def _poll_task_result(self, task_id: str, token: str, is_video: bool,
+                                stream: bool, prompt: str, token_id: int = None) -> AsyncGenerator[str, None]:
+        """Poll for task result with timeout"""
+        # Get timeout from config
+        timeout = config.video_timeout if is_video else config.image_timeout
+        poll_interval = config.poll_interval
+        max_attempts = int(timeout / poll_interval)  # Calculate max attempts based on timeout
+        last_progress = 0
+        start_time = time.time()
+        last_heartbeat_time = start_time  # Track last heartbeat for image generation
+        heartbeat_interval = 10  # Send heartbeat every 10 seconds for image generation
+        last_status_output_time = start_time  # Track last status output time for video generation
+        video_status_interval = 30  # Output status every 30 seconds for video generation
+
+        debug_logger.log_info(f"Starting task polling: task_id={task_id}, is_video={is_video}, timeout={timeout}s, max_attempts={max_attempts}")
+
+        # Check and log watermark-free mode status at the beginning
+        if is_video:
+            watermark_free_config = await self.db.get_watermark_free_config()
+            debug_logger.log_info(f"Watermark-free mode: {'ENABLED' if watermark_free_config.watermark_free_enabled else 'DISABLED'}")
+
+        for attempt in range(max_attempts):
+            # Check if timeout exceeded
+            elapsed_time = time.time() - start_time
+            if elapsed_time > timeout:
+                debug_logger.log_error(
+                    error_message=f"Task timeout: {elapsed_time:.1f}s > {timeout}s",
+                    status_code=408,
+                    response_text=f"Task {task_id} timed out after {elapsed_time:.1f} seconds"
+                )
+                # Release lock if this is an image generation task
+                if not is_video and token_id:
+                    await self.load_balancer.token_lock.release_lock(token_id)
+                    debug_logger.log_info(f"Released lock for token {token_id} due to timeout")
+
+                await self.db.update_task(task_id, "failed", 0, error_message=f"Generation timeout after {elapsed_time:.1f} seconds")
+                raise Exception(f"Upstream API timeout: Generation exceeded {timeout} seconds limit")
+
+
+            await asyncio.sleep(poll_interval)
+
+            try:
+                if is_video:
+                    # Get pending tasks to check progress
+                    pending_tasks = await self.sora_client.get_pending_tasks(token)
+
+                    # Find matching task in pending tasks
+                    task_found = False
+                    for task in pending_tasks:
+                        if task.get("id") == task_id:
+                            task_found = True
+                            # Update progress
+                            progress_pct = task.get("progress_pct")
+                            # Handle null progress at the beginning
+                            if progress_pct is None:
+                                progress_pct = 0
+                            else:
+                                progress_pct = int(progress_pct * 100)
+
+                            # Update last_progress for tracking
+                            last_progress = progress_pct
+                            status = task.get("status", "processing")
+
+                            # Output status every 30 seconds (not just when progress changes)
+                            current_time = time.time()
+                            if stream and (current_time - last_status_output_time >= video_status_interval):
+                                last_status_output_time = current_time
+                                debug_logger.log_info(f"Task {task_id} progress: {progress_pct}% (status: {status})")
+                                yield self._format_stream_chunk(
+                                    reasoning_content=f"**Video Generation Progress**: {progress_pct}% ({status})\n"
+                                )
+                            break
+
+                    # If task not found in pending tasks, it's completed - fetch from drafts
+                    if not task_found:
+                        debug_logger.log_info(f"Task {task_id} not found in pending tasks, fetching from drafts...")
+                        result = await self.sora_client.get_video_drafts(token)
+                        items = result.get("items", [])
+
+                        # Find matching task in drafts
+                        for item in items:
+                            if item.get("task_id") == task_id:
+                                # Check if watermark-free mode is enabled
+                                watermark_free_config = await self.db.get_watermark_free_config()
+                                watermark_free_enabled = watermark_free_config.watermark_free_enabled
+
+                                if watermark_free_enabled:
+                                    # Watermark-free mode: post video and get watermark-free URL
+                                    debug_logger.log_info(f"Entering watermark-free mode for task {task_id}")
+                                    generation_id = item.get("id")
+                                    debug_logger.log_info(f"Generation ID: {generation_id}")
+                                    if not generation_id:
+                                        raise Exception("Generation ID not found in video draft")
+
+                                    if stream:
+                                        yield self._format_stream_chunk(
+                                            reasoning_content="**Video Generation Completed**\n\nWatermark-free mode enabled. Publishing video to get watermark-free version...\n"
+                                        )
+
+                                    # Get watermark-free config to determine parse method
+                                    watermark_config = await self.db.get_watermark_free_config()
+                                    parse_method = watermark_config.parse_method or "third_party"
+
+                                    # Post video to get watermark-free version
+                                    try:
+                                        debug_logger.log_info(f"Calling post_video_for_watermark_free with generation_id={generation_id}, prompt={prompt[:50]}...")
+                                        post_id = await self.sora_client.post_video_for_watermark_free(
+                                            generation_id=generation_id,
+                                            prompt=prompt,
+                                            token=token
+                                        )
+                                        debug_logger.log_info(f"Received post_id: {post_id}")
+
+                                        if not post_id:
+                                            raise Exception("Failed to get post ID from publish API")
+
+                                        # Get watermark-free video URL based on parse method
+                                        if parse_method == "custom":
+                                            # Use custom parse server
+                                            if not watermark_config.custom_parse_url or not watermark_config.custom_parse_token:
+                                                raise Exception("Custom parse server URL or token not configured")
+
+                                            if stream:
+                                                yield self._format_stream_chunk(
+                                                    reasoning_content=f"Video published successfully. Post ID: {post_id}\nUsing custom parse server to get watermark-free URL...\n"
+                                                )
+
+                                            debug_logger.log_info(f"Using custom parse server: {watermark_config.custom_parse_url}")
+                                            watermark_free_url = await self.sora_client.get_watermark_free_url_custom(
+                                                parse_url=watermark_config.custom_parse_url,
+                                                parse_token=watermark_config.custom_parse_token,
+                                                post_id=post_id
+                                            )
+                                        else:
+                                            # Use third-party parse (default)
+                                            watermark_free_url = f"https://oscdn2.dyysy.com/MP4/{post_id}.mp4"
+                                            debug_logger.log_info(f"Using third-party parse server")
+
+                                        debug_logger.log_info(f"Watermark-free URL: {watermark_free_url}")
+
+                                        if stream:
+                                            yield self._format_stream_chunk(
+                                                reasoning_content=f"Video published successfully. Post ID: {post_id}\nNow {'caching' if config.cache_enabled else 'preparing'} watermark-free video...\n"
+                                            )
+
+                                        # Cache watermark-free video (if cache enabled)
+                                        if config.cache_enabled:
+                                            try:
+                                                cached_filename = await self.file_cache.download_and_cache(watermark_free_url, "video")
+                                                local_url = f"{self._get_base_url()}/tmp/{cached_filename}"
+                                                if stream:
+                                                    yield self._format_stream_chunk(
+                                                        reasoning_content="Watermark-free video cached successfully. Preparing final response...\n"
+                                                    )
+
+                                                # Delete the published post after caching
+                                                try:
+                                                    debug_logger.log_info(f"Deleting published post: {post_id}")
+                                                    await self.sora_client.delete_post(post_id, token)
+                                                    debug_logger.log_info(f"Published post deleted successfully: {post_id}")
+                                                    if stream:
+                                                        yield self._format_stream_chunk(
+                                                            reasoning_content="Published post deleted successfully.\n"
+                                                        )
+                                                except Exception as delete_error:
+                                                    debug_logger.log_error(
+                                                        error_message=f"Failed to delete published post {post_id}: {str(delete_error)}",
+                                                        status_code=500,
+                                                        response_text=str(delete_error)
+                                                    )
+                                                    if stream:
+                                                        yield self._format_stream_chunk(
+                                                            reasoning_content=f"Warning: Failed to delete published post - {str(delete_error)}\n"
+                                                        )
+                                            except Exception as cache_error:
+                                                # Fallback to watermark-free URL if caching fails
+                                                local_url = watermark_free_url
+                                                if stream:
+                                                    yield self._format_stream_chunk(
+                                                        reasoning_content=f"Warning: Failed to cache file - {str(cache_error)}\nUsing original watermark-free URL instead...\n"
+                                                    )
+                                        else:
+                                            # Cache disabled: use watermark-free URL directly
+                                            local_url = watermark_free_url
+                                            if stream:
+                                                yield self._format_stream_chunk(
+                                                    reasoning_content="Cache is disabled. Using watermark-free URL directly...\n"
+                                                )
+
+                                    except Exception as publish_error:
+                                        # Fallback to normal mode if publish fails
+                                        debug_logger.log_error(
+                                            error_message=f"Watermark-free mode failed: {str(publish_error)}",
+                                            status_code=500,
+                                            response_text=str(publish_error)
+                                        )
+                                        if stream:
+                                            yield self._format_stream_chunk(
+                                                reasoning_content=f"Warning: Failed to get watermark-free version - {str(publish_error)}\nFalling back to normal video...\n"
+                                            )
+                                        # Use downloadable_url instead of url
+                                        url = item.get("downloadable_url") or item.get("url")
+                                        if not url:
+                                            raise Exception("Video URL not found")
+                                        if config.cache_enabled:
+                                            try:
+                                                cached_filename = await self.file_cache.download_and_cache(url, "video")
+                                                local_url = f"{self._get_base_url()}/tmp/{cached_filename}"
+                                            except Exception as cache_error:
+                                                local_url = url
+                                        else:
+                                            local_url = url
+                                else:
+                                    # Normal mode: use downloadable_url instead of url
+                                    url = item.get("downloadable_url") or item.get("url")
+                                    if url:
+                                        # Cache video file (if cache enabled)
+                                        if config.cache_enabled:
+                                            if stream:
+                                                yield self._format_stream_chunk(
+                                                    reasoning_content="**Video Generation Completed**\n\nVideo generation successful. Now caching the video file...\n"
+                                                )
+
+                                            try:
+                                                cached_filename = await self.file_cache.download_and_cache(url, "video")
+                                                local_url = f"{self._get_base_url()}/tmp/{cached_filename}"
+                                                if stream:
+                                                    yield self._format_stream_chunk(
+                                                        reasoning_content="Video file cached successfully. Preparing final response...\n"
+                                                    )
+                                            except Exception as cache_error:
+                                                # Fallback to original URL if caching fails
+                                                local_url = url
+                                                if stream:
+                                                    yield self._format_stream_chunk(
+                                                        reasoning_content=f"Warning: Failed to cache file - {str(cache_error)}\nUsing original URL instead...\n"
+                                                    )
+                                        else:
+                                            # Cache disabled: use original URL directly
+                                            local_url = url
+                                            if stream:
+                                                yield self._format_stream_chunk(
+                                                    reasoning_content="**Video Generation Completed**\n\nCache is disabled. Using original URL directly...\n"
+                                                )
+
+                                # Task completed
+                                await self.db.update_task(
+                                    task_id, "completed", 100.0,
+                                    result_urls=json.dumps([local_url])
+                                )
+
+                                if stream:
+                                    # Final response with content
+                                    yield self._format_stream_chunk(
+                                        content=f"```html\n<video src='{local_url}' controls></video>\n```",
+                                        finish_reason="STOP"
+                                    )
+                                    yield "data: [DONE]\n\n"
+                                return
+                else:
+                    result = await self.sora_client.get_image_tasks(token)
+                    task_responses = result.get("task_responses", [])
+
+                    # Find matching task
+                    task_found = False
+                    for task_resp in task_responses:
+                        if task_resp.get("id") == task_id:
+                            task_found = True
+                            status = task_resp.get("status")
+                            print("status:"+status+",progress_pct:"+task_resp.get("progress_pct", 0))
+                            progress = task_resp.get("progress_pct", 0) * 100
+
+                            if status == "succeeded":
+                                # Extract URLs
+                                generations = task_resp.get("generations", [])
+                                urls = [gen.get("url") for gen in generations if gen.get("url")]
+
+                                if urls:
+                                    # Cache image files
+                                    if stream:
+                                        yield self._format_stream_chunk(
+                                            reasoning_content=f"**Image Generation Completed**\n\nImage generation successful. Now caching {len(urls)} image(s)...\n"
+                                        )
+
+                                    base_url = self._get_base_url()
+                                    local_urls = []
+
+                                    # Check if cache is enabled
+                                    if config.cache_enabled:
+                                        for idx, url in enumerate(urls):
+                                            try:
+                                                cached_filename = await self.file_cache.download_and_cache(url, "image")
+                                                local_url = f"{base_url}/tmp/{cached_filename}"
+                                                local_urls.append(local_url)
+                                                if stream and len(urls) > 1:
+                                                    yield self._format_stream_chunk(
+                                                        reasoning_content=f"Cached image {idx + 1}/{len(urls)}...\n"
+                                                    )
+                                            except Exception as cache_error:
+                                                # Fallback to original URL if caching fails
+                                                local_urls.append(url)
+                                                if stream:
+                                                    yield self._format_stream_chunk(
+                                                        reasoning_content=f"Warning: Failed to cache image {idx + 1} - {str(cache_error)}\nUsing original URL instead...\n"
+                                                    )
+
+                                        if stream and all(u.startswith(base_url) for u in local_urls):
+                                            yield self._format_stream_chunk(
+                                                reasoning_content="All images cached successfully. Preparing final response...\n"
+                                            )
+                                    else:
+                                        # Cache disabled: use original URLs directly
+                                        local_urls = urls
+                                        if stream:
+                                            yield self._format_stream_chunk(
+                                                reasoning_content="Cache is disabled. Using original URLs directly...\n"
+                                            )
+
+                                    await self.db.update_task(
+                                        task_id, "completed", 100.0,
+                                        result_urls=json.dumps(local_urls)
+                                    )
+
+                                    if stream:
+                                        # Final response with content (Markdown format)
+                                        content_markdown = "\n".join([f"![Generated Image]({url})" for url in local_urls])
+                                        yield self._format_stream_chunk(
+                                            content=content_markdown,
+                                            finish_reason="STOP"
+                                        )
+                                        yield "data: [DONE]\n\n"
+                                    return
+
+                            elif status == "failed":
+                                error_msg = task_resp.get("error_message", "Generation failed")
+                                await self.db.update_task(task_id, "failed", progress, error_message=error_msg)
+                                raise Exception(error_msg)
+
+                            elif status == "processing":
+                                # Update progress only if changed significantly
+                                if progress > last_progress + 20:  # Update every 20%
+                                    last_progress = progress
+                                    await self.db.update_task(task_id, "processing", progress)
+
+                                    if stream:
+                                        yield self._format_stream_chunk(
+                                            reasoning_content=f"**Processing**\n\nGeneration in progress: {progress:.0f}% completed...\n"
+                                        )
+
+                    # For image generation, send heartbeat every 10 seconds if no progress update
+                    if not is_video and stream:
+                        current_time = time.time()
+                        if current_time - last_heartbeat_time >= heartbeat_interval:
+                            last_heartbeat_time = current_time
+                            elapsed = int(current_time - start_time)
+                            yield self._format_stream_chunk(
+                                reasoning_content=f"Image generation in progress... ({elapsed}s elapsed)\n"
+                            )
+
+                    # If task not found in response, send heartbeat for image generation
+                    if not task_found and not is_video and stream:
+                        current_time = time.time()
+                        if current_time - last_heartbeat_time >= heartbeat_interval:
+                            last_heartbeat_time = current_time
+                            elapsed = int(current_time - start_time)
+                            yield self._format_stream_chunk(
+                                reasoning_content=f"Image generation in progress... ({elapsed}s elapsed)\n"
+                            )
+
+                # Progress update for stream mode (fallback if no status from API)
+                if stream and attempt % 10 == 0:  # Update every 10 attempts (roughly 20% intervals)
+                    estimated_progress = min(90, (attempt / max_attempts) * 100)
+                    if estimated_progress > last_progress + 20:  # Update every 20%
+                        last_progress = estimated_progress
+                        yield self._format_stream_chunk(
+                            reasoning_content=f"**Processing**\n\nGeneration in progress: {estimated_progress:.0f}% completed (estimated)...\n"
+                        )
+            
+            except Exception as e:
+                if attempt >= max_attempts - 1:
+                    raise e
+                continue
+
+        # Timeout - release lock if image generation
+        if not is_video and token_id:
+            await self.load_balancer.token_lock.release_lock(token_id)
+            debug_logger.log_info(f"Released lock for token {token_id} due to max attempts reached")
+
+        await self.db.update_task(task_id, "failed", 0, error_message=f"Generation timeout after {timeout} seconds")
+        raise Exception(f"Upstream API timeout: Generation exceeded {timeout} seconds limit")
+    
+    def _format_stream_chunk(self, content: str = None, reasoning_content: str = None,
+                            finish_reason: str = None, is_first: bool = False) -> str:
+        """Format streaming response chunk
+
+        Args:
+            content: Final response content (for user-facing output)
+            reasoning_content: Thinking/reasoning process content
+            finish_reason: Finish reason (e.g., "STOP")
+            is_first: Whether this is the first chunk (includes role)
+        """
+        chunk_id = f"chatcmpl-{int(datetime.now().timestamp() * 1000)}"
+
+        delta = {}
+
+        # Add role for first chunk
+        if is_first:
+            delta["role"] = "assistant"
+
+        # Add content fields
+        if content is not None:
+            delta["content"] = content
+        else:
+            delta["content"] = None
+
+        if reasoning_content is not None:
+            delta["reasoning_content"] = reasoning_content
+        else:
+            delta["reasoning_content"] = None
+
+        delta["tool_calls"] = None
+
+        response = {
+            "id": chunk_id,
+            "object": "chat.completion.chunk",
+            "created": int(datetime.now().timestamp()),
+            "model": "sora",
+            "choices": [{
+                "index": 0,
+                "delta": delta,
+                "finish_reason": finish_reason,
+                "native_finish_reason": finish_reason
+            }],
+            "usage": {
+                "prompt_tokens": 0
+            }
+        }
+
+        # Add completion tokens for final chunk
+        if finish_reason:
+            response["usage"]["completion_tokens"] = 1
+            response["usage"]["total_tokens"] = 1
+
+        return f'data: {json.dumps(response)}\n\n'
+    
+    def _format_non_stream_response(self, content: str, media_type: str = None, is_availability_check: bool = False) -> str:
+        """Format non-streaming response
+
+        Args:
+            content: Response content (either URL for generation or message for availability check)
+            media_type: Type of media ("video", "image") - only used for generation responses
+            is_availability_check: Whether this is an availability check response
+        """
+        if not is_availability_check:
+            # Generation response with media
+            if media_type == "video":
+                content = f"```html\n<video src='{content}' controls></video>\n```"
+            else:
+                content = f"![Generated Image]({content})"
+
+        response = {
+            "id": f"chatcmpl-{datetime.now().timestamp()}",
+            "object": "chat.completion",
+            "created": int(datetime.now().timestamp()),
+            "model": "sora",
+            "choices": [{
+                "index": 0,
+                "message": {
+                    "role": "assistant",
+                    "content": content
+                },
+                "finish_reason": "stop"
+            }]
+        }
+        return json.dumps(response)
+
+    async def _log_request(self, token_id: Optional[int], operation: str,
+                          request_data: Dict[str, Any], response_data: Dict[str, Any],
+                          status_code: int, duration: float):
+        """Log request to database"""
+        try:
+            log = RequestLog(
+                token_id=token_id,
+                operation=operation,
+                request_body=json.dumps(request_data),
+                response_body=json.dumps(response_data),
+                status_code=status_code,
+                duration=duration
+            )
+            await self.db.log_request(log)
+        except Exception as e:
+            # Don't fail the request if logging fails
+            print(f"Failed to log request: {e}")
+
+    # ==================== Character Creation and Remix Handlers ====================
+
+    async def _handle_character_creation_only(self, video_data, model_config: Dict) -> AsyncGenerator[str, None]:
+        """Handle character creation only (no video generation)
+
+        Flow:
+        1. Download video if URL, or use bytes directly
+        2. Upload video to create character
+        3. Poll for character processing
+        4. Download and cache avatar
+        5. Upload avatar
+        6. Finalize character
+        7. Set character as public
+        8. Return success message
+        """
+        token_obj = await self.load_balancer.select_token(for_video_generation=True)
+        if not token_obj:
+            raise Exception("No available tokens for character creation")
+
+        try:
+            yield self._format_stream_chunk(
+                reasoning_content="**Character Creation Begins**\n\nInitializing character creation...\n",
+                is_first=True
+            )
+
+            # Handle video URL or bytes
+            if isinstance(video_data, str):
+                # It's a URL, download it
+                yield self._format_stream_chunk(
+                    reasoning_content="Downloading video file...\n"
+                )
+                video_bytes = await self._download_file(video_data)
+            else:
+                video_bytes = video_data
+
+            # Step 1: Upload video
+            yield self._format_stream_chunk(
+                reasoning_content="Uploading video file...\n"
+            )
+            cameo_id = await self.sora_client.upload_character_video(video_bytes, token_obj.token)
+            debug_logger.log_info(f"Video uploaded, cameo_id: {cameo_id}")
+
+            # Step 2: Poll for character processing
+            yield self._format_stream_chunk(
+                reasoning_content="Processing video to extract character...\n"
+            )
+            cameo_status = await self._poll_cameo_status(cameo_id, token_obj.token)
+            debug_logger.log_info(f"Cameo status: {cameo_status}")
+
+            # Extract character info immediately after polling completes
+            username_hint = cameo_status.get("username_hint", "character")
+            display_name = cameo_status.get("display_name_hint", "Character")
+
+            # Process username: remove prefix and add 3 random digits
+            username = self._process_character_username(username_hint)
+
+            # Output character name immediately
+            yield self._format_stream_chunk(
+                reasoning_content=f"✨ 角色已识别: {display_name} (@{username})\n"
+            )
+
+            # Step 3: Download and cache avatar
+            yield self._format_stream_chunk(
+                reasoning_content="Downloading character avatar...\n"
+            )
+            profile_asset_url = cameo_status.get("profile_asset_url")
+            if not profile_asset_url:
+                raise Exception("Profile asset URL not found in cameo status")
+
+            avatar_data = await self.sora_client.download_character_image(profile_asset_url)
+            debug_logger.log_info(f"Avatar downloaded, size: {len(avatar_data)} bytes")
+
+            # Step 4: Upload avatar
+            yield self._format_stream_chunk(
+                reasoning_content="Uploading character avatar...\n"
+            )
+            asset_pointer = await self.sora_client.upload_character_image(avatar_data, token_obj.token)
+            debug_logger.log_info(f"Avatar uploaded, asset_pointer: {asset_pointer}")
+
+            # Step 5: Finalize character
+            yield self._format_stream_chunk(
+                reasoning_content="Finalizing character creation...\n"
+            )
+            # instruction_set_hint is a string, but instruction_set in cameo_status might be an array
+            instruction_set = cameo_status.get("instruction_set_hint") or cameo_status.get("instruction_set")
+
+            character_id = await self.sora_client.finalize_character(
+                cameo_id=cameo_id,
+                username=username,
+                display_name=display_name,
+                profile_asset_pointer=asset_pointer,
+                instruction_set=instruction_set,
+                token=token_obj.token
+            )
+            debug_logger.log_info(f"Character finalized, character_id: {character_id}")
+
+            # Step 6: Set character as public
+            yield self._format_stream_chunk(
+                reasoning_content="Setting character as public...\n"
+            )
+            await self.sora_client.set_character_public(cameo_id, token_obj.token)
+            debug_logger.log_info(f"Character set as public")
+
+            # Step 7: Return success message
+            yield self._format_stream_chunk(
+                content=f"角色创建成功，角色名@{username}",
+                finish_reason="STOP"
+            )
+            yield "data: [DONE]\n\n"
+
+        except Exception as e:
+            debug_logger.log_error(
+                error_message=f"Character creation failed: {str(e)}",
+                status_code=500,
+                response_text=str(e)
+            )
+            raise
+
+    async def _handle_character_and_video_generation(self, video_data, prompt: str, model_config: Dict) -> AsyncGenerator[str, None]:
+        """Handle character creation and video generation
+
+        Flow:
+        1. Download video if URL, or use bytes directly
+        2. Upload video to create character
+        3. Poll for character processing
+        4. Download and cache avatar
+        5. Upload avatar
+        6. Finalize character
+        7. Generate video with character (@username + prompt)
+        8. Delete character
+        9. Return video result
+        """
+        token_obj = await self.load_balancer.select_token(for_video_generation=True)
+        if not token_obj:
+            raise Exception("No available tokens for video generation")
+
+        character_id = None
+        try:
+            yield self._format_stream_chunk(
+                reasoning_content="**Character Creation and Video Generation Begins**\n\nInitializing...\n",
+                is_first=True
+            )
+
+            # Handle video URL or bytes
+            if isinstance(video_data, str):
+                # It's a URL, download it
+                yield self._format_stream_chunk(
+                    reasoning_content="Downloading video file...\n"
+                )
+                video_bytes = await self._download_file(video_data)
+            else:
+                video_bytes = video_data
+
+            # Step 1: Upload video
+            yield self._format_stream_chunk(
+                reasoning_content="Uploading video file...\n"
+            )
+            cameo_id = await self.sora_client.upload_character_video(video_bytes, token_obj.token)
+            debug_logger.log_info(f"Video uploaded, cameo_id: {cameo_id}")
+
+            # Step 2: Poll for character processing
+            yield self._format_stream_chunk(
+                reasoning_content="Processing video to extract character...\n"
+            )
+            cameo_status = await self._poll_cameo_status(cameo_id, token_obj.token)
+            debug_logger.log_info(f"Cameo status: {cameo_status}")
+
+            # Extract character info immediately after polling completes
+            username_hint = cameo_status.get("username_hint", "character")
+            display_name = cameo_status.get("display_name_hint", "Character")
+
+            # Process username: remove prefix and add 3 random digits
+            username = self._process_character_username(username_hint)
+
+            # Output character name immediately
+            yield self._format_stream_chunk(
+                reasoning_content=f"✨ 角色已识别: {display_name} (@{username})\n"
+            )
+
+            # Step 3: Download and cache avatar
+            yield self._format_stream_chunk(
+                reasoning_content="Downloading character avatar...\n"
+            )
+            profile_asset_url = cameo_status.get("profile_asset_url")
+            if not profile_asset_url:
+                raise Exception("Profile asset URL not found in cameo status")
+
+            avatar_data = await self.sora_client.download_character_image(profile_asset_url)
+            debug_logger.log_info(f"Avatar downloaded, size: {len(avatar_data)} bytes")
+
+            # Step 4: Upload avatar
+            yield self._format_stream_chunk(
+                reasoning_content="Uploading character avatar...\n"
+            )
+            asset_pointer = await self.sora_client.upload_character_image(avatar_data, token_obj.token)
+            debug_logger.log_info(f"Avatar uploaded, asset_pointer: {asset_pointer}")
+
+            # Step 5: Finalize character
+            yield self._format_stream_chunk(
+                reasoning_content="Finalizing character creation...\n"
+            )
+            # instruction_set_hint is a string, but instruction_set in cameo_status might be an array
+            instruction_set = cameo_status.get("instruction_set_hint") or cameo_status.get("instruction_set")
+
+            character_id = await self.sora_client.finalize_character(
+                cameo_id=cameo_id,
+                username=username,
+                display_name=display_name,
+                profile_asset_pointer=asset_pointer,
+                instruction_set=instruction_set,
+                token=token_obj.token
+            )
+            debug_logger.log_info(f"Character finalized, character_id: {character_id}")
+
+            # Step 6: Generate video with character
+            yield self._format_stream_chunk(
+                reasoning_content="**Video Generation Process Begins**\n\nGenerating video with character...\n"
+            )
+
+            # Prepend @username to prompt
+            full_prompt = f"@{username} {prompt}"
+            debug_logger.log_info(f"Full prompt: {full_prompt}")
+
+            # Get n_frames from model configuration
+            n_frames = model_config.get("n_frames", 300)  # Default to 300 frames (10s)
+
+            task_id = await self.sora_client.generate_video(
+                full_prompt, token_obj.token,
+                orientation=model_config["orientation"],
+                n_frames=n_frames
+            )
+            debug_logger.log_info(f"Video generation started, task_id: {task_id}")
+
+            # Save task to database
+            task = Task(
+                task_id=task_id,
+                token_id=token_obj.id,
+                model=f"sora-video-{model_config['orientation']}",
+                prompt=full_prompt,
+                status="processing",
+                progress=0.0
+            )
+            await self.db.create_task(task)
+
+            # Record usage
+            await self.token_manager.record_usage(token_obj.id, is_video=True)
+
+            # Poll for results
+            async for chunk in self._poll_task_result(task_id, token_obj.token, True, True, full_prompt, token_obj.id):
+                yield chunk
+
+            # Record success
+            await self.token_manager.record_success(token_obj.id, is_video=True)
+
+        except Exception as e:
+            # Record error
+            if token_obj:
+                await self.token_manager.record_error(token_obj.id)
+            debug_logger.log_error(
+                error_message=f"Character and video generation failed: {str(e)}",
+                status_code=500,
+                response_text=str(e)
+            )
+            raise
+        finally:
+            # Step 7: Delete character
+            if character_id:
+                try:
+                    yield self._format_stream_chunk(
+                        reasoning_content="Cleaning up temporary character...\n"
+                    )
+                    await self.sora_client.delete_character(character_id, token_obj.token)
+                    debug_logger.log_info(f"Character deleted: {character_id}")
+                except Exception as e:
+                    debug_logger.log_error(
+                        error_message=f"Failed to delete character: {str(e)}",
+                        status_code=500,
+                        response_text=str(e)
+                    )
+
+    async def _handle_remix(self, remix_target_id: str, prompt: str, model_config: Dict) -> AsyncGenerator[str, None]:
+        """Handle remix video generation
+
+        Flow:
+        1. Select token
+        2. Clean remix link from prompt
+        3. Call remix API
+        4. Poll for results
+        5. Return video result
+        """
+        token_obj = await self.load_balancer.select_token(for_video_generation=True)
+        if not token_obj:
+            raise Exception("No available tokens for remix generation")
+
+        task_id = None
+        try:
+            yield self._format_stream_chunk(
+                reasoning_content="**Remix Generation Process Begins**\n\nInitializing remix request...\n",
+                is_first=True
+            )
+
+            # Clean remix link from prompt to avoid duplication
+            clean_prompt = self._clean_remix_link_from_prompt(prompt)
+
+            # Get n_frames from model configuration
+            n_frames = model_config.get("n_frames", 300)  # Default to 300 frames (10s)
+
+            # Call remix API
+            yield self._format_stream_chunk(
+                reasoning_content="Sending remix request to server...\n"
+            )
+            task_id = await self.sora_client.remix_video(
+                remix_target_id=remix_target_id,
+                prompt=clean_prompt,
+                token=token_obj.token,
+                orientation=model_config["orientation"],
+                n_frames=n_frames
+            )
+            debug_logger.log_info(f"Remix generation started, task_id: {task_id}")
+
+            # Save task to database
+            task = Task(
+                task_id=task_id,
+                token_id=token_obj.id,
+                model=f"sora-video-{model_config['orientation']}",
+                prompt=f"remix:{remix_target_id} {clean_prompt}",
+                status="processing",
+                progress=0.0
+            )
+            await self.db.create_task(task)
+
+            # Record usage
+            await self.token_manager.record_usage(token_obj.id, is_video=True)
+
+            # Poll for results
+            async for chunk in self._poll_task_result(task_id, token_obj.token, True, True, clean_prompt, token_obj.id):
+                yield chunk
+
+            # Record success
+            await self.token_manager.record_success(token_obj.id, is_video=True)
+
+        except Exception as e:
+            # Record error
+            if token_obj:
+                await self.token_manager.record_error(token_obj.id)
+            debug_logger.log_error(
+                error_message=f"Remix generation failed: {str(e)}",
+                status_code=500,
+                response_text=str(e)
+            )
+            raise
+
+    async def _poll_cameo_status(self, cameo_id: str, token: str, timeout: int = 600, poll_interval: int = 5) -> Dict[str, Any]:
+        """Poll for cameo (character) processing status
+
+        Args:
+            cameo_id: The cameo ID
+            token: Access token
+            timeout: Maximum time to wait in seconds
+            poll_interval: Time between polls in seconds
+
+        Returns:
+            Cameo status dictionary with display_name_hint, username_hint, profile_asset_url, instruction_set_hint
+        """
+        start_time = time.time()
+        max_attempts = int(timeout / poll_interval)
+        consecutive_errors = 0
+        max_consecutive_errors = 3  # Allow up to 3 consecutive errors before failing
+
+        for attempt in range(max_attempts):
+            elapsed_time = time.time() - start_time
+            if elapsed_time > timeout:
+                raise Exception(f"Cameo processing timeout after {elapsed_time:.1f} seconds")
+
+            await asyncio.sleep(poll_interval)
+
+            try:
+                status = await self.sora_client.get_cameo_status(cameo_id, token)
+                current_status = status.get("status")
+                status_message = status.get("status_message", "")
+
+                # Reset error counter on successful request
+                consecutive_errors = 0
+
+                debug_logger.log_info(f"Cameo status: {current_status} (message: {status_message}) (attempt {attempt + 1}/{max_attempts})")
+
+                # Check if processing is complete
+                # Primary condition: status_message == "Completed" means processing is done
+                if status_message == "Completed":
+                    debug_logger.log_info(f"Cameo processing completed (status: {current_status}, message: {status_message})")
+                    return status
+
+                # Fallback condition: finalized status
+                if current_status == "finalized":
+                    debug_logger.log_info(f"Cameo processing completed (status: {current_status}, message: {status_message})")
+                    return status
+
+            except Exception as e:
+                consecutive_errors += 1
+                error_msg = str(e)
+
+                # Log error with context
+                debug_logger.log_error(
+                    error_message=f"Failed to get cameo status (attempt {attempt + 1}/{max_attempts}, consecutive errors: {consecutive_errors}): {error_msg}",
+                    status_code=500,
+                    response_text=error_msg
+                )
+
+                # Check if it's a TLS/connection error
+                is_tls_error = "TLS" in error_msg or "curl" in error_msg or "OPENSSL" in error_msg
+
+                if is_tls_error:
+                    # For TLS errors, use exponential backoff
+                    backoff_time = min(poll_interval * (2 ** (consecutive_errors - 1)), 30)
+                    debug_logger.log_info(f"TLS error detected, using exponential backoff: {backoff_time}s")
+                    await asyncio.sleep(backoff_time)
+
+                # Fail if too many consecutive errors
+                if consecutive_errors >= max_consecutive_errors:
+                    raise Exception(f"Too many consecutive errors ({consecutive_errors}) while polling cameo status: {error_msg}")
+
+                # Continue polling on error
+                continue
+
+        raise Exception(f"Cameo processing timeout after {timeout} seconds")

src/services/load_balancer.py

@@ -0,0 +1,94 @@
+"""Load balancing module"""
+import random
+from typing import Optional
+from ..core.models import Token
+from ..core.config import config
+from .token_manager import TokenManager
+from .token_lock import TokenLock
+
+class LoadBalancer:
+    """Token load balancer with random selection and image generation lock"""
+
+    def __init__(self, token_manager: TokenManager):
+        self.token_manager = token_manager
+        # Use image timeout from config as lock timeout
+        self.token_lock = TokenLock(lock_timeout=config.image_timeout)
+
+    async def select_token(self, for_image_generation: bool = False, for_video_generation: bool = False) -> Optional[Token]:
+        """
+        Select a token using random load balancing
+
+        Args:
+            for_image_generation: If True, only select tokens that are not locked for image generation and have image_enabled=True
+            for_video_generation: If True, filter out tokens with Sora2 quota exhausted (sora2_cooldown_until not expired), tokens that don't support Sora2, and tokens with video_enabled=False
+
+        Returns:
+            Selected token or None if no available tokens
+        """
+        # Try to auto-refresh tokens expiring within 24 hours if enabled
+        if config.at_auto_refresh_enabled:
+            all_tokens = await self.token_manager.get_all_tokens()
+            for token in all_tokens:
+                if token.is_active and token.expiry_time:
+                    from datetime import datetime
+                    time_until_expiry = token.expiry_time - datetime.now()
+                    hours_until_expiry = time_until_expiry.total_seconds() / 3600
+                    # Refresh if expiry is within 24 hours
+                    if hours_until_expiry <= 24:
+                        await self.token_manager.auto_refresh_expiring_token(token.id)
+
+        active_tokens = await self.token_manager.get_active_tokens()
+
+        if not active_tokens:
+            return None
+
+        # If for video generation, filter out tokens with Sora2 quota exhausted and tokens without Sora2 support
+        if for_video_generation:
+            from datetime import datetime
+            available_tokens = []
+            for token in active_tokens:
+                # Skip tokens that don't have video enabled
+                if not token.video_enabled:
+                    continue
+
+                # Skip tokens that don't support Sora2
+                if not token.sora2_supported:
+                    continue
+
+                # Check if Sora2 cooldown has expired and refresh if needed
+                if token.sora2_cooldown_until and token.sora2_cooldown_until <= datetime.now():
+                    await self.token_manager.refresh_sora2_remaining_if_cooldown_expired(token.id)
+                    # Reload token data after refresh
+                    token = await self.token_manager.db.get_token(token.id)
+
+                # Skip tokens that are in Sora2 cooldown (quota exhausted)
+                if token and token.sora2_cooldown_until and token.sora2_cooldown_until > datetime.now():
+                    continue
+
+                if token:
+                    available_tokens.append(token)
+
+            if not available_tokens:
+                return None
+
+            active_tokens = available_tokens
+
+        # If for image generation, filter out locked tokens and tokens without image enabled
+        if for_image_generation:
+            available_tokens = []
+            for token in active_tokens:
+                # Skip tokens that don't have image enabled
+                if not token.image_enabled:
+                    continue
+
+                if not await self.token_lock.is_locked(token.id):
+                    available_tokens.append(token)
+
+            if not available_tokens:
+                return None
+
+            # Random selection from available tokens
+            return random.choice(available_tokens)
+        else:
+            # For video generation, no lock needed
+            return random.choice(active_tokens)

src/services/proxy_manager.py

@@ -0,0 +1,25 @@
+"""Proxy management module"""
+from typing import Optional
+from ..core.database import Database
+from ..core.models import ProxyConfig
+
+class ProxyManager:
+    """Proxy configuration manager"""
+    
+    def __init__(self, db: Database):
+        self.db = db
+    
+    async def get_proxy_url(self) -> Optional[str]:
+        """Get proxy URL if enabled, otherwise return None"""
+        config = await self.db.get_proxy_config()
+        if config.proxy_enabled and config.proxy_url:
+            return config.proxy_url
+        return None
+    
+    async def update_proxy_config(self, enabled: bool, proxy_url: Optional[str]):
+        """Update proxy configuration"""
+        await self.db.update_proxy_config(enabled, proxy_url)
+    
+    async def get_proxy_config(self) -> ProxyConfig:
+        """Get proxy configuration"""
+        return await self.db.get_proxy_config()

src/services/sora_client.py

@@ -0,0 +1,614 @@
+"""Sora API client module"""
+import base64
+import io
+import time
+import random
+import string
+from typing import Optional, Dict, Any
+from curl_cffi.requests import AsyncSession
+from curl_cffi import CurlMime
+from .proxy_manager import ProxyManager
+from ..core.config import config
+from ..core.logger import debug_logger
+
+class SoraClient:
+    """Sora API client with proxy support"""
+
+    def __init__(self, proxy_manager: ProxyManager):
+        self.proxy_manager = proxy_manager
+        self.base_url = config.sora_base_url
+        self.timeout = config.sora_timeout
+
+    @staticmethod
+    def _generate_sentinel_token() -> str:
+        """
+        生成 openai-sentinel-token
+        根据测试文件的逻辑，传入任意随机字符即可
+        生成10-20个字符的随机字符串（字母+数字）
+        """
+        length = random.randint(10, 20)
+        random_str = ''.join(random.choices(string.ascii_letters + string.digits, k=length))
+        return random_str
+    
+    async def _make_request(self, method: str, endpoint: str, token: str,
+                           json_data: Optional[Dict] = None,
+                           multipart: Optional[Dict] = None,
+                           add_sentinel_token: bool = False) -> Dict[str, Any]:
+        """Make HTTP request with proxy support
+
+        Args:
+            method: HTTP method (GET/POST)
+            endpoint: API endpoint
+            token: Access token
+            json_data: JSON request body
+            multipart: Multipart form data (for file uploads)
+            add_sentinel_token: Whether to add openai-sentinel-token header (only for generation requests)
+        """
+        proxy_url = await self.proxy_manager.get_proxy_url()
+
+        headers = {
+            "Authorization": f"Bearer {token}"
+        }
+
+        # 只在生成请求时添加 sentinel token
+        if add_sentinel_token:
+            headers["openai-sentinel-token"] = self._generate_sentinel_token()
+
+        if not multipart:
+            headers["Content-Type"] = "application/json"
+
+        async with AsyncSession() as session:
+            url = f"{self.base_url}{endpoint}"
+
+            kwargs = {
+                "headers": headers,
+                "timeout": self.timeout,
+                "impersonate": "chrome"  # 自动生成 User-Agent 和浏览器指纹
+            }
+
+            if proxy_url:
+                kwargs["proxy"] = proxy_url
+
+            if json_data:
+                kwargs["json"] = json_data
+
+            if multipart:
+                kwargs["multipart"] = multipart
+
+            # Log request
+            debug_logger.log_request(
+                method=method,
+                url=url,
+                headers=headers,
+                body=json_data,
+                files=multipart,
+                proxy=proxy_url
+            )
+
+            # Record start time
+            start_time = time.time()
+
+            # Make request
+            if method == "GET":
+                response = await session.get(url, **kwargs)
+            elif method == "POST":
+                response = await session.post(url, **kwargs)
+            else:
+                raise ValueError(f"Unsupported method: {method}")
+
+            # Calculate duration
+            duration_ms = (time.time() - start_time) * 1000
+
+            # Parse response
+            try:
+                response_json = response.json()
+            except:
+                response_json = None
+
+            # Log response
+            debug_logger.log_response(
+                status_code=response.status_code,
+                headers=dict(response.headers),
+                body=response_json if response_json else response.text,
+                duration_ms=duration_ms
+            )
+
+            # Check status
+            if response.status_code not in [200, 201]:
+                error_msg = f"API request failed: {response.status_code} - {response.text}"
+                debug_logger.log_error(
+                    error_message=error_msg,
+                    status_code=response.status_code,
+                    response_text=response.text
+                )
+                raise Exception(error_msg)
+
+            return response_json if response_json else response.json()
+    
+    async def get_user_info(self, token: str) -> Dict[str, Any]:
+        """Get user information"""
+        return await self._make_request("GET", "/me", token)
+    
+    async def upload_image(self, image_data: bytes, token: str, filename: str = "image.png") -> str:
+        """Upload image and return media_id
+
+        使用 CurlMime 对象上传文件（curl_cffi 的正确方式）
+        参考：https://curl-cffi.readthedocs.io/en/latest/quick_start.html#uploads
+        """
+        # 检测图片类型
+        mime_type = "image/png"
+        if filename.lower().endswith('.jpg') or filename.lower().endswith('.jpeg'):
+            mime_type = "image/jpeg"
+        elif filename.lower().endswith('.webp'):
+            mime_type = "image/webp"
+
+        # 创建 CurlMime 对象
+        mp = CurlMime()
+
+        # 添加文件部分
+        mp.addpart(
+            name="file",
+            content_type=mime_type,
+            filename=filename,
+            data=image_data
+        )
+
+        # 添加文件名字段
+        mp.addpart(
+            name="file_name",
+            data=filename.encode('utf-8')
+        )
+
+        result = await self._make_request("POST", "/uploads", token, multipart=mp)
+        return result["id"]
+    
+    async def generate_image(self, prompt: str, token: str, width: int = 360,
+                            height: int = 360, media_id: Optional[str] = None) -> str:
+        """Generate image (text-to-image or image-to-image)"""
+        operation = "remix" if media_id else "simple_compose"
+
+        inpaint_items = []
+        if media_id:
+            inpaint_items = [{
+                "type": "image",
+                "frame_index": 0,
+                "upload_media_id": media_id
+            }]
+
+        json_data = {
+            "type": "image_gen",
+            "operation": operation,
+            "prompt": prompt,
+            "width": width,
+            "height": height,
+            "n_variants": 1,
+            "n_frames": 1,
+            "inpaint_items": inpaint_items
+        }
+
+        # 生成请求需要添加 sentinel token
+        result = await self._make_request("POST", "/video_gen", token, json_data=json_data, add_sentinel_token=True)
+        return result["id"]
+    
+    async def generate_video(self, prompt: str, token: str, orientation: str = "landscape",
+                            media_id: Optional[str] = None, n_frames: int = 450) -> str:
+        """Generate video (text-to-video or image-to-video)"""
+        inpaint_items = []
+        if media_id:
+            inpaint_items = [{
+                "kind": "upload",
+                "upload_id": media_id
+            }]
+
+        json_data = {
+            "kind": "video",
+            "prompt": prompt,
+            "orientation": orientation,
+            "size": "small",
+            "n_frames": n_frames,
+            "model": "sy_8",
+            "inpaint_items": inpaint_items
+        }
+
+        # 生成请求需要添加 sentinel token
+        result = await self._make_request("POST", "/nf/create", token, json_data=json_data, add_sentinel_token=True)
+        return result["id"]
+    
+    async def get_image_tasks(self, token: str, limit: int = 20) -> Dict[str, Any]:
+        """Get recent image generation tasks"""
+        return await self._make_request("GET", f"/v2/recent_tasks?limit={limit}", token)
+    
+    async def get_video_drafts(self, token: str, limit: int = 15) -> Dict[str, Any]:
+        """Get recent video drafts"""
+        return await self._make_request("GET", f"/project_y/profile/drafts?limit={limit}", token)
+
+    async def get_pending_tasks(self, token: str) -> list:
+        """Get pending video generation tasks
+
+        Returns:
+            List of pending tasks with progress information
+        """
+        result = await self._make_request("GET", "/nf/pending", token)
+        # The API returns a list directly
+        return result if isinstance(result, list) else []
+
+    async def post_video_for_watermark_free(self, generation_id: str, prompt: str, token: str) -> str:
+        """Post video to get watermark-free version
+
+        Args:
+            generation_id: The generation ID (e.g., gen_01k9btrqrnen792yvt703dp0tq)
+            prompt: The original generation prompt
+            token: Access token
+
+        Returns:
+            Post ID (e.g., s_690ce161c2488191a3476e9969911522)
+        """
+        json_data = {
+            "attachments_to_create": [
+                {
+                    "generation_id": generation_id,
+                    "kind": "sora"
+                }
+            ],
+            "post_text": prompt
+        }
+
+        # 发布请求需要添加 sentinel token
+        result = await self._make_request("POST", "/project_y/post", token, json_data=json_data, add_sentinel_token=True)
+
+        # 返回 post.id
+        return result.get("post", {}).get("id", "")
+
+    async def delete_post(self, post_id: str, token: str) -> bool:
+        """Delete a published post
+
+        Args:
+            post_id: The post ID (e.g., s_690ce161c2488191a3476e9969911522)
+            token: Access token
+
+        Returns:
+            True if deletion was successful
+        """
+        proxy_url = await self.proxy_manager.get_proxy_url()
+
+        headers = {
+            "Authorization": f"Bearer {token}"
+        }
+
+        async with AsyncSession() as session:
+            url = f"{self.base_url}/project_y/post/{post_id}"
+
+            kwargs = {
+                "headers": headers,
+                "timeout": self.timeout,
+                "impersonate": "chrome"
+            }
+
+            if proxy_url:
+                kwargs["proxy"] = proxy_url
+
+            # Log request
+            debug_logger.log_request(
+                method="DELETE",
+                url=url,
+                headers=headers,
+                body=None,
+                files=None,
+                proxy=proxy_url
+            )
+
+            # Record start time
+            start_time = time.time()
+
+            # Make DELETE request
+            response = await session.delete(url, **kwargs)
+
+            # Calculate duration
+            duration_ms = (time.time() - start_time) * 1000
+
+            # Log response
+            debug_logger.log_response(
+                status_code=response.status_code,
+                headers=dict(response.headers),
+                body=response.text if response.text else "No content",
+                duration_ms=duration_ms
+            )
+
+            # Check status (DELETE typically returns 204 No Content or 200 OK)
+            if response.status_code not in [200, 204]:
+                error_msg = f"Delete post failed: {response.status_code} - {response.text}"
+                debug_logger.log_error(
+                    error_message=error_msg,
+                    status_code=response.status_code,
+                    response_text=response.text
+                )
+                raise Exception(error_msg)
+
+            return True
+
+    async def get_watermark_free_url_custom(self, parse_url: str, parse_token: str, post_id: str) -> str:
+        """Get watermark-free video URL from custom parse server
+
+        Args:
+            parse_url: Custom parse server URL (e.g., http://example.com)
+            parse_token: Access token for custom parse server
+            post_id: Post ID to parse (e.g., s_690c0f574c3881918c3bc5b682a7e9fd)
+
+        Returns:
+            Download link from custom parse server
+
+        Raises:
+            Exception: If parse fails or token is invalid
+        """
+        proxy_url = await self.proxy_manager.get_proxy_url()
+
+        # Construct the share URL
+        share_url = f"https://sora.chatgpt.com/p/{post_id}"
+
+        # Prepare request
+        json_data = {
+            "url": share_url,
+            "token": parse_token
+        }
+
+        kwargs = {
+            "json": json_data,
+            "timeout": 30,
+            "impersonate": "chrome"
+        }
+
+        if proxy_url:
+            kwargs["proxy"] = proxy_url
+
+        try:
+            async with AsyncSession() as session:
+                # Record start time
+                start_time = time.time()
+
+                # Make POST request to custom parse server
+                response = await session.post(f"{parse_url}/get-sora-link", **kwargs)
+
+                # Calculate duration
+                duration_ms = (time.time() - start_time) * 1000
+
+                # Log response
+                debug_logger.log_response(
+                    status_code=response.status_code,
+                    headers=dict(response.headers),
+                    body=response.text if response.text else "No content",
+                    duration_ms=duration_ms
+                )
+
+                # Check status
+                if response.status_code != 200:
+                    error_msg = f"Custom parse failed: {response.status_code} - {response.text}"
+                    debug_logger.log_error(
+                        error_message=error_msg,
+                        status_code=response.status_code,
+                        response_text=response.text
+                    )
+                    raise Exception(error_msg)
+
+                # Parse response
+                result = response.json()
+
+                # Check for error in response
+                if "error" in result:
+                    error_msg = f"Custom parse error: {result['error']}"
+                    debug_logger.log_error(
+                        error_message=error_msg,
+                        status_code=401,
+                        response_text=str(result)
+                    )
+                    raise Exception(error_msg)
+
+                # Extract download link
+                download_link = result.get("download_link")
+                if not download_link:
+                    raise Exception("No download_link in custom parse response")
+
+                debug_logger.log_info(f"Custom parse successful: {download_link}")
+                return download_link
+
+        except Exception as e:
+            debug_logger.log_error(
+                error_message=f"Custom parse request failed: {str(e)}",
+                status_code=500,
+                response_text=str(e)
+            )
+            raise
+
+    # ==================== Character Creation Methods ====================
+
+    async def upload_character_video(self, video_data: bytes, token: str) -> str:
+        """Upload character video and return cameo_id
+
+        Args:
+            video_data: Video file bytes
+            token: Access token
+
+        Returns:
+            cameo_id
+        """
+        mp = CurlMime()
+        mp.addpart(
+            name="file",
+            content_type="video/mp4",
+            filename="video.mp4",
+            data=video_data
+        )
+        mp.addpart(
+            name="timestamps",
+            data=b"0,3"
+        )
+
+        result = await self._make_request("POST", "/characters/upload", token, multipart=mp)
+        return result.get("id")
+
+    async def get_cameo_status(self, cameo_id: str, token: str) -> Dict[str, Any]:
+        """Get character (cameo) processing status
+
+        Args:
+            cameo_id: The cameo ID returned from upload_character_video
+            token: Access token
+
+        Returns:
+            Dictionary with status, display_name_hint, username_hint, profile_asset_url, instruction_set_hint
+        """
+        return await self._make_request("GET", f"/project_y/cameos/in_progress/{cameo_id}", token)
+
+    async def download_character_image(self, image_url: str) -> bytes:
+        """Download character image from URL
+
+        Args:
+            image_url: The profile_asset_url from cameo status
+
+        Returns:
+            Image file bytes
+        """
+        proxy_url = await self.proxy_manager.get_proxy_url()
+
+        kwargs = {
+            "timeout": self.timeout,
+            "impersonate": "chrome"
+        }
+
+        if proxy_url:
+            kwargs["proxy"] = proxy_url
+
+        async with AsyncSession() as session:
+            response = await session.get(image_url, **kwargs)
+            if response.status_code != 200:
+                raise Exception(f"Failed to download image: {response.status_code}")
+            return response.content
+
+    async def finalize_character(self, cameo_id: str, username: str, display_name: str,
+                                profile_asset_pointer: str, instruction_set, token: str) -> str:
+        """Finalize character creation
+
+        Args:
+            cameo_id: The cameo ID
+            username: Character username
+            display_name: Character display name
+            profile_asset_pointer: Asset pointer from upload_character_image
+            instruction_set: Character instruction set (not used by API, always set to None)
+            token: Access token
+
+        Returns:
+            character_id
+        """
+        # Note: API always expects instruction_set to be null
+        # The instruction_set parameter is kept for backward compatibility but not used
+        _ = instruction_set  # Suppress unused parameter warning
+        json_data = {
+            "cameo_id": cameo_id,
+            "username": username,
+            "display_name": display_name,
+            "profile_asset_pointer": profile_asset_pointer,
+            "instruction_set": None,
+            "safety_instruction_set": None
+        }
+
+        result = await self._make_request("POST", "/characters/finalize", token, json_data=json_data)
+        return result.get("character", {}).get("character_id")
+
+    async def set_character_public(self, cameo_id: str, token: str) -> bool:
+        """Set character as public
+
+        Args:
+            cameo_id: The cameo ID
+            token: Access token
+
+        Returns:
+            True if successful
+        """
+        json_data = {"visibility": "public"}
+        await self._make_request("POST", f"/project_y/cameos/by_id/{cameo_id}/update_v2", token, json_data=json_data)
+        return True
+
+    async def upload_character_image(self, image_data: bytes, token: str) -> str:
+        """Upload character image and return asset_pointer
+
+        Args:
+            image_data: Image file bytes
+            token: Access token
+
+        Returns:
+            asset_pointer
+        """
+        mp = CurlMime()
+        mp.addpart(
+            name="file",
+            content_type="image/webp",
+            filename="profile.webp",
+            data=image_data
+        )
+        mp.addpart(
+            name="use_case",
+            data=b"profile"
+        )
+
+        result = await self._make_request("POST", "/project_y/file/upload", token, multipart=mp)
+        return result.get("asset_pointer")
+
+    async def delete_character(self, character_id: str, token: str) -> bool:
+        """Delete a character
+
+        Args:
+            character_id: The character ID
+            token: Access token
+
+        Returns:
+            True if successful
+        """
+        proxy_url = await self.proxy_manager.get_proxy_url()
+
+        headers = {
+            "Authorization": f"Bearer {token}"
+        }
+
+        async with AsyncSession() as session:
+            url = f"{self.base_url}/project_y/characters/{character_id}"
+
+            kwargs = {
+                "headers": headers,
+                "timeout": self.timeout,
+                "impersonate": "chrome"
+            }
+
+            if proxy_url:
+                kwargs["proxy"] = proxy_url
+
+            response = await session.delete(url, **kwargs)
+            if response.status_code not in [200, 204]:
+                raise Exception(f"Failed to delete character: {response.status_code}")
+            return True
+
+    async def remix_video(self, remix_target_id: str, prompt: str, token: str,
+                         orientation: str = "portrait", n_frames: int = 450) -> str:
+        """Generate video using remix (based on existing video)
+
+        Args:
+            remix_target_id: The video ID from Sora share link (e.g., s_690d100857248191b679e6de12db840e)
+            prompt: Generation prompt
+            token: Access token
+            orientation: Video orientation (portrait/landscape)
+            n_frames: Number of frames
+
+        Returns:
+            task_id
+        """
+        json_data = {
+            "kind": "video",
+            "prompt": prompt,
+            "inpaint_items": [],
+            "remix_target_id": remix_target_id,
+            "cameo_ids": [],
+            "cameo_replacements": {},
+            "model": "sy_8",
+            "orientation": orientation,
+            "n_frames": n_frames
+        }
+
+        result = await self._make_request("POST", "/nf/create", token, json_data=json_data, add_sentinel_token=True)
+        return result.get("id")

src/services/token_lock.py

@@ -0,0 +1,117 @@
+"""Token lock manager for image generation"""
+import asyncio
+import time
+from typing import Dict, Optional
+from ..core.logger import debug_logger
+
+
+class TokenLock:
+    """Token lock manager for image generation (single-threaded per token)"""
+    
+    def __init__(self, lock_timeout: int = 300):
+        """
+        Initialize token lock manager
+        
+        Args:
+            lock_timeout: Lock timeout in seconds (default: 300s = 5 minutes)
+        """
+        self.lock_timeout = lock_timeout
+        self._locks: Dict[int, float] = {}  # token_id -> lock_timestamp
+        self._lock = asyncio.Lock()  # Protect _locks dict
+    
+    async def acquire_lock(self, token_id: int) -> bool:
+        """
+        Try to acquire lock for image generation
+        
+        Args:
+            token_id: Token ID
+            
+        Returns:
+            True if lock acquired, False if already locked
+        """
+        async with self._lock:
+            current_time = time.time()
+            
+            # Check if token is locked
+            if token_id in self._locks:
+                lock_time = self._locks[token_id]
+                
+                # Check if lock expired
+                if current_time - lock_time > self.lock_timeout:
+                    # Lock expired, remove it
+                    debug_logger.log_info(f"Token {token_id} lock expired, releasing")
+                    del self._locks[token_id]
+                else:
+                    # Lock still valid
+                    remaining = self.lock_timeout - (current_time - lock_time)
+                    debug_logger.log_info(f"Token {token_id} is locked, remaining: {remaining:.1f}s")
+                    return False
+            
+            # Acquire lock
+            self._locks[token_id] = current_time
+            debug_logger.log_info(f"Token {token_id} lock acquired")
+            return True
+    
+    async def release_lock(self, token_id: int):
+        """
+        Release lock for token
+        
+        Args:
+            token_id: Token ID
+        """
+        async with self._lock:
+            if token_id in self._locks:
+                del self._locks[token_id]
+                debug_logger.log_info(f"Token {token_id} lock released")
+    
+    async def is_locked(self, token_id: int) -> bool:
+        """
+        Check if token is locked
+        
+        Args:
+            token_id: Token ID
+            
+        Returns:
+            True if locked, False otherwise
+        """
+        async with self._lock:
+            if token_id not in self._locks:
+                return False
+            
+            current_time = time.time()
+            lock_time = self._locks[token_id]
+            
+            # Check if expired
+            if current_time - lock_time > self.lock_timeout:
+                # Expired, remove lock
+                del self._locks[token_id]
+                return False
+            
+            return True
+    
+    async def cleanup_expired_locks(self):
+        """Clean up expired locks"""
+        async with self._lock:
+            current_time = time.time()
+            expired_tokens = []
+            
+            for token_id, lock_time in self._locks.items():
+                if current_time - lock_time > self.lock_timeout:
+                    expired_tokens.append(token_id)
+            
+            for token_id in expired_tokens:
+                del self._locks[token_id]
+                debug_logger.log_info(f"Cleaned up expired lock for token {token_id}")
+            
+            if expired_tokens:
+                debug_logger.log_info(f"Cleaned up {len(expired_tokens)} expired locks")
+    
+    def get_locked_tokens(self) -> list:
+        """Get list of currently locked token IDs"""
+        return list(self._locks.keys())
+
+    def set_lock_timeout(self, timeout: int):
+        """Set lock timeout in seconds"""
+        self.lock_timeout = timeout
+        debug_logger.log_info(f"Lock timeout updated to {timeout} seconds")
+

src/services/token_manager.py

@@ -0,0 +1,947 @@
+"""Token management module"""
+import jwt
+import asyncio
+import random
+from datetime import datetime, timedelta
+from typing import Optional, List, Dict, Any
+from curl_cffi.requests import AsyncSession
+from faker import Faker
+from ..core.database import Database
+from ..core.models import Token, TokenStats
+from ..core.config import config
+from .proxy_manager import ProxyManager
+
+class TokenManager:
+    """Token lifecycle manager"""
+
+    def __init__(self, db: Database):
+        self.db = db
+        self._lock = asyncio.Lock()
+        self.proxy_manager = ProxyManager(db)
+        self.fake = Faker()
+    
+    async def decode_jwt(self, token: str) -> dict:
+        """Decode JWT token without verification"""
+        try:
+            decoded = jwt.decode(token, options={"verify_signature": False})
+            return decoded
+        except Exception as e:
+            raise ValueError(f"Invalid JWT token: {str(e)}")
+
+    def _generate_random_username(self) -> str:
+        """Generate a random username using faker
+
+        Returns:
+            A random username string
+        """
+        # 生成真实姓名
+        first_name = self.fake.first_name()
+        last_name = self.fake.last_name()
+
+        # 去除姓名中的空格和特殊字符，只保留字母
+        first_name_clean = ''.join(c for c in first_name if c.isalpha())
+        last_name_clean = ''.join(c for c in last_name if c.isalpha())
+
+        # 生成1-4位随机数字
+        random_digits = str(random.randint(1, 9999))
+
+        # 随机选择用户名格式
+        format_choice = random.choice([
+            f"{first_name_clean}{last_name_clean}{random_digits}",
+            f"{first_name_clean}.{last_name_clean}{random_digits}",
+            f"{first_name_clean}{random_digits}",
+            f"{last_name_clean}{random_digits}",
+            f"{first_name_clean[0]}{last_name_clean}{random_digits}",
+            f"{first_name_clean}{last_name_clean[0]}{random_digits}"
+        ])
+
+        # 转换为小写
+        return format_choice.lower()
+
+    async def get_user_info(self, access_token: str) -> dict:
+        """Get user info from Sora API"""
+        proxy_url = await self.proxy_manager.get_proxy_url()
+
+        async with AsyncSession() as session:
+            headers = {
+                "Authorization": f"Bearer {access_token}",
+                "Accept": "application/json",
+                "Origin": "https://sora.chatgpt.com",
+                "Referer": "https://sora.chatgpt.com/"
+            }
+
+            kwargs = {
+                "headers": headers,
+                "timeout": 30,
+                "impersonate": "chrome"  # 自动生成 User-Agent 和浏览器指纹
+            }
+
+            if proxy_url:
+                kwargs["proxy"] = proxy_url
+
+            response = await session.get(
+                f"{config.sora_base_url}/me",
+                **kwargs
+            )
+
+            if response.status_code != 200:
+                raise ValueError(f"Failed to get user info: {response.status_code}")
+
+            return response.json()
+
+    async def get_subscription_info(self, token: str) -> Dict[str, Any]:
+        """Get subscription information from Sora API
+
+        Returns:
+            {
+                "plan_type": "chatgpt_team",
+                "plan_title": "ChatGPT Business",
+                "subscription_end": "2025-11-13T16:58:21Z"
+            }
+        """
+        print(f"🔍 开始获取订阅信息...")
+        proxy_url = await self.proxy_manager.get_proxy_url()
+
+        headers = {
+            "Authorization": f"Bearer {token}"
+        }
+
+        async with AsyncSession() as session:
+            url = "https://sora.chatgpt.com/backend/billing/subscriptions"
+            print(f"📡 请求 URL: {url}")
+            print(f"🔑 使用 Token: {token[:30]}...")
+
+            kwargs = {
+                "headers": headers,
+                "timeout": 30,
+                "impersonate": "chrome"  # 自动生成 User-Agent 和浏览器指纹
+            }
+
+            if proxy_url:
+                kwargs["proxy"] = proxy_url
+                print(f"🌐 使用代理: {proxy_url}")
+
+            response = await session.get(url, **kwargs)
+            print(f"📥 响应状态码: {response.status_code}")
+
+            if response.status_code == 200:
+                data = response.json()
+                print(f"📦 响应数据: {data}")
+
+                # 提取第一个订阅信息
+                if data.get("data") and len(data["data"]) > 0:
+                    subscription = data["data"][0]
+                    plan = subscription.get("plan", {})
+
+                    result = {
+                        "plan_type": plan.get("id", ""),
+                        "plan_title": plan.get("title", ""),
+                        "subscription_end": subscription.get("end_ts", "")
+                    }
+                    print(f"✅ 订阅信息提取成功: {result}")
+                    return result
+
+                print(f"⚠️  响应数据中没有订阅信息")
+                return {
+                    "plan_type": "",
+                    "plan_title": "",
+                    "subscription_end": ""
+                }
+            else:
+                error_msg = f"Failed to get subscription info: {response.status_code}"
+                print(f"❌ {error_msg}")
+                print(f"📄 响应内容: {response.text[:500]}")
+                raise Exception(error_msg)
+
+    async def get_sora2_invite_code(self, access_token: str) -> dict:
+        """Get Sora2 invite code"""
+        proxy_url = await self.proxy_manager.get_proxy_url()
+
+        print(f"🔍 开始获取Sora2邀请码...")
+
+        async with AsyncSession() as session:
+            headers = {
+                "Authorization": f"Bearer {access_token}",
+                "Accept": "application/json"
+            }
+
+            kwargs = {
+                "headers": headers,
+                "timeout": 30,
+                "impersonate": "chrome"  # 自动生成 User-Agent 和浏览器指纹
+            }
+
+            if proxy_url:
+                kwargs["proxy"] = proxy_url
+                print(f"🌐 使用代理: {proxy_url}")
+
+            response = await session.get(
+                "https://sora.chatgpt.com/backend/project_y/invite/mine",
+                **kwargs
+            )
+
+            print(f"📥 响应状态码: {response.status_code}")
+
+            if response.status_code == 200:
+                data = response.json()
+                print(f"✅ Sora2邀请码获取成功: {data}")
+                return {
+                    "supported": True,
+                    "invite_code": data.get("invite_code"),
+                    "redeemed_count": data.get("redeemed_count", 0),
+                    "total_count": data.get("total_count", 0)
+                }
+            else:
+                # Check if it's 401 unauthorized
+                try:
+                    error_data = response.json()
+                    if error_data.get("error", {}).get("message", "").startswith("401"):
+                        print(f"⚠️  Token不支持Sora2")
+                        return {
+                            "supported": False,
+                            "invite_code": None
+                        }
+                except:
+                    pass
+
+                print(f"❌ 获取Sora2邀请码失败: {response.status_code}")
+                print(f"📄 响应内容: {response.text[:500]}")
+                return {
+                    "supported": False,
+                    "invite_code": None
+                }
+
+    async def get_sora2_remaining_count(self, access_token: str) -> dict:
+        """Get Sora2 remaining video count
+
+        Returns:
+            {
+                "remaining_count": 27,
+                "rate_limit_reached": false,
+                "access_resets_in_seconds": 46833
+            }
+        """
+        proxy_url = await self.proxy_manager.get_proxy_url()
+
+        print(f"🔍 开始获取Sora2剩余次数...")
+
+        async with AsyncSession() as session:
+            headers = {
+                "Authorization": f"Bearer {access_token}",
+                "Accept": "application/json"
+            }
+
+            kwargs = {
+                "headers": headers,
+                "timeout": 30,
+                "impersonate": "chrome"  # 自动生成 User-Agent 和浏览器指纹
+            }
+
+            if proxy_url:
+                kwargs["proxy"] = proxy_url
+                print(f"🌐 使用代理: {proxy_url}")
+
+            response = await session.get(
+                "https://sora.chatgpt.com/backend/nf/check",
+                **kwargs
+            )
+
+            print(f"📥 响应状态码: {response.status_code}")
+
+            if response.status_code == 200:
+                data = response.json()
+                print(f"✅ Sora2剩余次数获取成功: {data}")
+
+                rate_limit_info = data.get("rate_limit_and_credit_balance", {})
+                return {
+                    "success": True,
+                    "remaining_count": rate_limit_info.get("estimated_num_videos_remaining", 0),
+                    "rate_limit_reached": rate_limit_info.get("rate_limit_reached", False),
+                    "access_resets_in_seconds": rate_limit_info.get("access_resets_in_seconds", 0)
+                }
+            else:
+                print(f"❌ 获取Sora2剩余次数失败: {response.status_code}")
+                print(f"📄 响应内容: {response.text[:500]}")
+                return {
+                    "success": False,
+                    "remaining_count": 0,
+                    "error": f"Failed to get remaining count: {response.status_code}"
+                }
+
+    async def check_username_available(self, access_token: str, username: str) -> bool:
+        """Check if username is available
+
+        Args:
+            access_token: Access token for authentication
+            username: Username to check
+
+        Returns:
+            True if username is available, False otherwise
+        """
+        proxy_url = await self.proxy_manager.get_proxy_url()
+
+        print(f"🔍 检查用户名是否可用: {username}")
+
+        async with AsyncSession() as session:
+            headers = {
+                "Authorization": f"Bearer {access_token}",
+                "Content-Type": "application/json"
+            }
+
+            kwargs = {
+                "headers": headers,
+                "json": {"username": username},
+                "timeout": 30,
+                "impersonate": "chrome"
+            }
+
+            if proxy_url:
+                kwargs["proxy"] = proxy_url
+                print(f"🌐 使用代理: {proxy_url}")
+
+            response = await session.post(
+                "https://sora.chatgpt.com/backend/project_y/profile/username/check",
+                **kwargs
+            )
+
+            print(f"📥 响应状态码: {response.status_code}")
+
+            if response.status_code == 200:
+                data = response.json()
+                available = data.get("available", False)
+                print(f"✅ 用户名检查结果: available={available}")
+                return available
+            else:
+                print(f"❌ 用户名检查失败: {response.status_code}")
+                print(f"📄 响应内容: {response.text[:500]}")
+                return False
+
+    async def set_username(self, access_token: str, username: str) -> dict:
+        """Set username for the account
+
+        Args:
+            access_token: Access token for authentication
+            username: Username to set
+
+        Returns:
+            User profile information after setting username
+        """
+        proxy_url = await self.proxy_manager.get_proxy_url()
+
+        print(f"🔍 开始设置用户名: {username}")
+
+        async with AsyncSession() as session:
+            headers = {
+                "Authorization": f"Bearer {access_token}",
+                "Content-Type": "application/json"
+            }
+
+            kwargs = {
+                "headers": headers,
+                "json": {"username": username},
+                "timeout": 30,
+                "impersonate": "chrome"
+            }
+
+            if proxy_url:
+                kwargs["proxy"] = proxy_url
+                print(f"🌐 使用代理: {proxy_url}")
+
+            response = await session.post(
+                "https://sora.chatgpt.com/backend/project_y/profile/username/set",
+                **kwargs
+            )
+
+            print(f"📥 响应状态码: {response.status_code}")
+
+            if response.status_code == 200:
+                data = response.json()
+                print(f"✅ 用户名设置成功: {data.get('username')}")
+                return data
+            else:
+                print(f"❌ 用户名设置失败: {response.status_code}")
+                print(f"📄 响应内容: {response.text[:500]}")
+                raise Exception(f"Failed to set username: {response.status_code}")
+
+    async def activate_sora2_invite(self, access_token: str, invite_code: str) -> dict:
+        """Activate Sora2 with invite code"""
+        import uuid
+        proxy_url = await self.proxy_manager.get_proxy_url()
+
+        print(f"🔍 开始激活Sora2邀请码: {invite_code}")
+        print(f"🔑 Access Token 前缀: {access_token[:50]}...")
+
+        async with AsyncSession() as session:
+            # 生成设备ID
+            device_id = str(uuid.uuid4())
+
+            # 只设置必要的头，让 impersonate 处理其他
+            headers = {
+                "authorization": f"Bearer {access_token}",
+                "cookie": f"oai-did={device_id}"
+            }
+
+            print(f"🆔 设备ID: {device_id}")
+            print(f"📦 请求体: {{'invite_code': '{invite_code}'}}")
+
+            kwargs = {
+                "headers": headers,
+                "json": {"invite_code": invite_code},
+                "timeout": 30,
+                "impersonate": "chrome120"  # 使用 chrome120 让库自动处理 UA 等头
+            }
+
+            if proxy_url:
+                kwargs["proxy"] = proxy_url
+                print(f"🌐 使用代理: {proxy_url}")
+
+            response = await session.post(
+                "https://sora.chatgpt.com/backend/project_y/invite/accept",
+                **kwargs
+            )
+
+            print(f"📥 响应状态码: {response.status_code}")
+
+            if response.status_code == 200:
+                data = response.json()
+                print(f"✅ Sora2激活成功: {data}")
+                return {
+                    "success": data.get("success", False),
+                    "already_accepted": data.get("already_accepted", False)
+                }
+            else:
+                print(f"❌ Sora2激活失败: {response.status_code}")
+                print(f"📄 响应内容: {response.text[:500]}")
+                raise Exception(f"Failed to activate Sora2: {response.status_code}")
+
+    async def st_to_at(self, session_token: str) -> dict:
+        """Convert Session Token to Access Token"""
+        proxy_url = await self.proxy_manager.get_proxy_url()
+
+        async with AsyncSession() as session:
+            headers = {
+                "Cookie": f"__Secure-next-auth.session-token={session_token}",
+                "Accept": "application/json",
+                "Origin": "https://sora.chatgpt.com",
+                "Referer": "https://sora.chatgpt.com/"
+            }
+
+            kwargs = {
+                "headers": headers,
+                "timeout": 30,
+                "impersonate": "chrome"  # 自动生成 User-Agent 和浏览器指纹
+            }
+
+            if proxy_url:
+                kwargs["proxy"] = proxy_url
+
+            response = await session.get(
+                "https://sora.chatgpt.com/api/auth/session",
+                **kwargs
+            )
+
+            if response.status_code != 200:
+                raise ValueError(f"Failed to convert ST to AT: {response.status_code}")
+
+            data = response.json()
+            return {
+                "access_token": data.get("accessToken"),
+                "email": data.get("user", {}).get("email"),
+                "expires": data.get("expires")
+            }
+    
+    async def rt_to_at(self, refresh_token: str) -> dict:
+        """Convert Refresh Token to Access Token"""
+        proxy_url = await self.proxy_manager.get_proxy_url()
+
+        async with AsyncSession() as session:
+            headers = {
+                "Accept": "application/json",
+                "Content-Type": "application/json"
+            }
+
+            kwargs = {
+                "headers": headers,
+                "json": {
+                    "client_id": "app_LlGpXReQgckcGGUo2JrYvtJK",
+                    "grant_type": "refresh_token",
+                    "redirect_uri": "com.openai.chat://auth0.openai.com/ios/com.openai.chat/callback",
+                    "refresh_token": refresh_token
+                },
+                "timeout": 30,
+                "impersonate": "chrome"  # 自动生成 User-Agent 和浏览器指纹
+            }
+
+            if proxy_url:
+                kwargs["proxy"] = proxy_url
+        
+            response = await session.post(
+                "https://auth.openai.com/oauth/token",
+                **kwargs
+            )
+
+            if response.status_code != 200:
+                raise ValueError(f"Failed to convert RT to AT: {response.status_code} - {response.text}")
+
+            data = response.json()
+            return {
+                "access_token": data.get("access_token"),
+                "refresh_token": data.get("refresh_token"),
+                "expires_in": data.get("expires_in")
+            }
+    
+    async def add_token(self, token_value: str,
+                       st: Optional[str] = None,
+                       rt: Optional[str] = None,
+                       remark: Optional[str] = None,
+                       update_if_exists: bool = False,
+                       image_enabled: bool = True,
+                       video_enabled: bool = True) -> Token:
+        """Add a new Access Token to database
+
+        Args:
+            token_value: Access Token
+            st: Session Token (optional)
+            rt: Refresh Token (optional)
+            remark: Remark (optional)
+            update_if_exists: If True, update existing token instead of raising error
+            image_enabled: Enable image generation (default: True)
+            video_enabled: Enable video generation (default: True)
+
+        Returns:
+            Token object
+
+        Raises:
+            ValueError: If token already exists and update_if_exists is False
+        """
+        # Check if token already exists
+        existing_token = await self.db.get_token_by_value(token_value)
+        if existing_token:
+            if not update_if_exists:
+                raise ValueError(f"Token 已存在（邮箱: {existing_token.email}）。如需更新，请先删除旧 Token 或使用更新功能。")
+            # Update existing token
+            return await self.update_existing_token(existing_token.id, token_value, st, rt, remark)
+
+        # Decode JWT to get expiry time and email
+        decoded = await self.decode_jwt(token_value)
+
+        # Extract expiry time from JWT
+        expiry_time = datetime.fromtimestamp(decoded.get("exp", 0)) if "exp" in decoded else None
+
+        # Extract email from JWT (OpenAI JWT format)
+        jwt_email = None
+        if "https://api.openai.com/profile" in decoded:
+            jwt_email = decoded["https://api.openai.com/profile"].get("email")
+
+        # Get user info from Sora API
+        try:
+            user_info = await self.get_user_info(token_value)
+            email = user_info.get("email", jwt_email or "")
+            name = user_info.get("name") or ""
+        except Exception as e:
+            # If API call fails, use JWT data
+            email = jwt_email or ""
+            name = email.split("@")[0] if email else ""
+
+        # Get subscription info from Sora API
+        plan_type = None
+        plan_title = None
+        subscription_end = None
+        try:
+            sub_info = await self.get_subscription_info(token_value)
+            plan_type = sub_info.get("plan_type")
+            plan_title = sub_info.get("plan_title")
+            # Parse subscription end time
+            if sub_info.get("subscription_end"):
+                from dateutil import parser
+                subscription_end = parser.parse(sub_info["subscription_end"])
+        except Exception as e:
+            # If API call fails, subscription info will be None
+            print(f"Failed to get subscription info: {e}")
+
+        # Get Sora2 invite code
+        sora2_supported = None
+        sora2_invite_code = None
+        sora2_redeemed_count = 0
+        sora2_total_count = 0
+        sora2_remaining_count = 0
+        try:
+            sora2_info = await self.get_sora2_invite_code(token_value)
+            sora2_supported = sora2_info.get("supported", False)
+            sora2_invite_code = sora2_info.get("invite_code")
+            sora2_redeemed_count = sora2_info.get("redeemed_count", 0)
+            sora2_total_count = sora2_info.get("total_count", 0)
+
+            # If Sora2 is supported, get remaining count
+            if sora2_supported:
+                try:
+                    remaining_info = await self.get_sora2_remaining_count(token_value)
+                    if remaining_info.get("success"):
+                        sora2_remaining_count = remaining_info.get("remaining_count", 0)
+                        print(f"✅ Sora2剩余次数: {sora2_remaining_count}")
+                except Exception as e:
+                    print(f"Failed to get Sora2 remaining count: {e}")
+        except Exception as e:
+            # If API call fails, Sora2 info will be None
+            print(f"Failed to get Sora2 info: {e}")
+
+        # Check and set username if needed
+        try:
+            # Get fresh user info to check username
+            user_info = await self.get_user_info(token_value)
+            username = user_info.get("username")
+
+            # If username is null, need to set one
+            if username is None:
+                print(f"⚠️  检测到用户名为null，需要设置用户名")
+
+                # Generate random username
+                max_attempts = 5
+                for attempt in range(max_attempts):
+                    generated_username = self._generate_random_username()
+                    print(f"🔄 尝试用户名 ({attempt + 1}/{max_attempts}): {generated_username}")
+
+                    # Check if username is available
+                    if await self.check_username_available(token_value, generated_username):
+                        # Set the username
+                        try:
+                            await self.set_username(token_value, generated_username)
+                            print(f"✅ 用户名设置成功: {generated_username}")
+                            break
+                        except Exception as e:
+                            print(f"❌ 用户名设置失败: {e}")
+                            if attempt == max_attempts - 1:
+                                print(f"⚠️  达到最大尝试次数，跳过用户名设置")
+                    else:
+                        print(f"⚠️  用户名 {generated_username} 已被占用，尝试下一个")
+                        if attempt == max_attempts - 1:
+                            print(f"⚠️  达到最大尝试次数，跳过用户名设置")
+            else:
+                print(f"✅ 用户名已设置: {username}")
+        except Exception as e:
+            print(f"⚠️  用户名检查/设置过程中出错: {e}")
+
+        # Create token object
+        token = Token(
+            token=token_value,
+            email=email,
+            name=name,
+            st=st,
+            rt=rt,
+            remark=remark,
+            expiry_time=expiry_time,
+            is_active=True,
+            plan_type=plan_type,
+            plan_title=plan_title,
+            subscription_end=subscription_end,
+            sora2_supported=sora2_supported,
+            sora2_invite_code=sora2_invite_code,
+            sora2_redeemed_count=sora2_redeemed_count,
+            sora2_total_count=sora2_total_count,
+            sora2_remaining_count=sora2_remaining_count,
+            image_enabled=image_enabled,
+            video_enabled=video_enabled
+        )
+
+        # Save to database
+        token_id = await self.db.add_token(token)
+        token.id = token_id
+
+        return token
+
+    async def update_existing_token(self, token_id: int, token_value: str,
+                                    st: Optional[str] = None,
+                                    rt: Optional[str] = None,
+                                    remark: Optional[str] = None) -> Token:
+        """Update an existing token with new information"""
+        # Decode JWT to get expiry time
+        decoded = await self.decode_jwt(token_value)
+        expiry_time = datetime.fromtimestamp(decoded.get("exp", 0)) if "exp" in decoded else None
+
+        # Get user info from Sora API
+        jwt_email = None
+        if "https://api.openai.com/profile" in decoded:
+            jwt_email = decoded["https://api.openai.com/profile"].get("email")
+
+        try:
+            user_info = await self.get_user_info(token_value)
+            email = user_info.get("email", jwt_email or "")
+            name = user_info.get("name", "")
+        except Exception as e:
+            email = jwt_email or ""
+            name = email.split("@")[0] if email else ""
+
+        # Get subscription info from Sora API
+        plan_type = None
+        plan_title = None
+        subscription_end = None
+        try:
+            sub_info = await self.get_subscription_info(token_value)
+            plan_type = sub_info.get("plan_type")
+            plan_title = sub_info.get("plan_title")
+            if sub_info.get("subscription_end"):
+                from dateutil import parser
+                subscription_end = parser.parse(sub_info["subscription_end"])
+        except Exception as e:
+            print(f"Failed to get subscription info: {e}")
+
+        # Update token in database
+        await self.db.update_token(
+            token_id=token_id,
+            token=token_value,
+            st=st,
+            rt=rt,
+            remark=remark,
+            expiry_time=expiry_time,
+            plan_type=plan_type,
+            plan_title=plan_title,
+            subscription_end=subscription_end
+        )
+
+        # Get updated token
+        updated_token = await self.db.get_token(token_id)
+        return updated_token
+
+    async def delete_token(self, token_id: int):
+        """Delete a token"""
+        await self.db.delete_token(token_id)
+
+    async def update_token(self, token_id: int,
+                          token: Optional[str] = None,
+                          st: Optional[str] = None,
+                          rt: Optional[str] = None,
+                          remark: Optional[str] = None,
+                          image_enabled: Optional[bool] = None,
+                          video_enabled: Optional[bool] = None):
+        """Update token (AT, ST, RT, remark, image_enabled, video_enabled)"""
+        # If token (AT) is updated, decode JWT to get new expiry time
+        expiry_time = None
+        if token:
+            try:
+                decoded = await self.decode_jwt(token)
+                expiry_time = datetime.fromtimestamp(decoded.get("exp", 0)) if "exp" in decoded else None
+            except Exception:
+                pass  # If JWT decode fails, keep expiry_time as None
+
+        await self.db.update_token(token_id, token=token, st=st, rt=rt, remark=remark, expiry_time=expiry_time,
+                                   image_enabled=image_enabled, video_enabled=video_enabled)
+
+    async def get_active_tokens(self) -> List[Token]:
+        """Get all active tokens (not cooled down)"""
+        return await self.db.get_active_tokens()
+    
+    async def get_all_tokens(self) -> List[Token]:
+        """Get all tokens"""
+        return await self.db.get_all_tokens()
+    
+    async def update_token_status(self, token_id: int, is_active: bool):
+        """Update token active status"""
+        await self.db.update_token_status(token_id, is_active)
+
+    async def enable_token(self, token_id: int):
+        """Enable a token and reset error count"""
+        await self.db.update_token_status(token_id, True)
+        # Reset error count when enabling (in token_stats table)
+        await self.db.reset_error_count(token_id)
+
+    async def disable_token(self, token_id: int):
+        """Disable a token"""
+        await self.db.update_token_status(token_id, False)
+
+    async def test_token(self, token_id: int) -> dict:
+        """Test if a token is valid by calling Sora API and refresh Sora2 info"""
+        # Get token from database
+        token_data = await self.db.get_token(token_id)
+        if not token_data:
+            return {"valid": False, "message": "Token not found"}
+
+        try:
+            # Try to get user info from Sora API
+            user_info = await self.get_user_info(token_data.token)
+
+            # Refresh Sora2 invite code and counts
+            sora2_info = await self.get_sora2_invite_code(token_data.token)
+            sora2_supported = sora2_info.get("supported", False)
+            sora2_invite_code = sora2_info.get("invite_code")
+            sora2_redeemed_count = sora2_info.get("redeemed_count", 0)
+            sora2_total_count = sora2_info.get("total_count", 0)
+            sora2_remaining_count = 0
+
+            # If Sora2 is supported, get remaining count
+            if sora2_supported:
+                try:
+                    remaining_info = await self.get_sora2_remaining_count(token_data.token)
+                    if remaining_info.get("success"):
+                        sora2_remaining_count = remaining_info.get("remaining_count", 0)
+                except Exception as e:
+                    print(f"Failed to get Sora2 remaining count: {e}")
+
+            # Update token Sora2 info in database
+            await self.db.update_token_sora2(
+                token_id,
+                supported=sora2_supported,
+                invite_code=sora2_invite_code,
+                redeemed_count=sora2_redeemed_count,
+                total_count=sora2_total_count,
+                remaining_count=sora2_remaining_count
+            )
+
+            return {
+                "valid": True,
+                "message": "Token is valid",
+                "email": user_info.get("email"),
+                "username": user_info.get("username"),
+                "sora2_supported": sora2_supported,
+                "sora2_invite_code": sora2_invite_code,
+                "sora2_redeemed_count": sora2_redeemed_count,
+                "sora2_total_count": sora2_total_count,
+                "sora2_remaining_count": sora2_remaining_count
+            }
+        except Exception as e:
+            return {
+                "valid": False,
+                "message": f"Token is invalid: {str(e)}"
+            }
+
+    async def record_usage(self, token_id: int, is_video: bool = False):
+        """Record token usage"""
+        await self.db.update_token_usage(token_id)
+        
+        if is_video:
+            await self.db.increment_video_count(token_id)
+        else:
+            await self.db.increment_image_count(token_id)
+    
+    async def record_error(self, token_id: int):
+        """Record token error"""
+        await self.db.increment_error_count(token_id)
+        
+        # Check if should ban
+        stats = await self.db.get_token_stats(token_id)
+        admin_config = await self.db.get_admin_config()
+        
+        if stats and stats.error_count >= admin_config.error_ban_threshold:
+            await self.db.update_token_status(token_id, False)
+    
+    async def record_success(self, token_id: int, is_video: bool = False):
+        """Record successful request (reset error count)"""
+        await self.db.reset_error_count(token_id)
+
+        # Update Sora2 remaining count after video generation
+        if is_video:
+            try:
+                token_data = await self.db.get_token(token_id)
+                if token_data and token_data.sora2_supported:
+                    remaining_info = await self.get_sora2_remaining_count(token_data.token)
+                    if remaining_info.get("success"):
+                        remaining_count = remaining_info.get("remaining_count", 0)
+                        await self.db.update_token_sora2_remaining(token_id, remaining_count)
+                        print(f"✅ 更新Token {token_id} 的Sora2剩余次数: {remaining_count}")
+
+                        # If remaining count is 0, set cooldown
+                        if remaining_count == 0:
+                            reset_seconds = remaining_info.get("access_resets_in_seconds", 0)
+                            if reset_seconds > 0:
+                                cooldown_until = datetime.now() + timedelta(seconds=reset_seconds)
+                                await self.db.update_token_sora2_cooldown(token_id, cooldown_until)
+                                print(f"⏱️ Token {token_id} 剩余次数为0，设置冷却时间至: {cooldown_until}")
+            except Exception as e:
+                print(f"Failed to update Sora2 remaining count: {e}")
+    
+    async def refresh_sora2_remaining_if_cooldown_expired(self, token_id: int):
+        """Refresh Sora2 remaining count if cooldown has expired"""
+        try:
+            token_data = await self.db.get_token(token_id)
+            if not token_data or not token_data.sora2_supported:
+                return
+
+            # Check if Sora2 cooldown has expired
+            if token_data.sora2_cooldown_until and token_data.sora2_cooldown_until <= datetime.now():
+                print(f"🔄 Token {token_id} Sora2冷却已过期，正在刷新剩余次数...")
+
+                try:
+                    remaining_info = await self.get_sora2_remaining_count(token_data.token)
+                    if remaining_info.get("success"):
+                        remaining_count = remaining_info.get("remaining_count", 0)
+                        await self.db.update_token_sora2_remaining(token_id, remaining_count)
+                        # Clear cooldown
+                        await self.db.update_token_sora2_cooldown(token_id, None)
+                        print(f"✅ Token {token_id} Sora2剩余次数已刷新: {remaining_count}")
+                except Exception as e:
+                    print(f"Failed to refresh Sora2 remaining count: {e}")
+        except Exception as e:
+            print(f"Error in refresh_sora2_remaining_if_cooldown_expired: {e}")
+
+    async def auto_refresh_expiring_token(self, token_id: int) -> bool:
+        """
+        Auto refresh token when expiry time is within 24 hours using ST or RT
+
+        Returns:
+            True if refresh successful, False otherwise
+        """
+        try:
+            token_data = await self.db.get_token(token_id)
+            if not token_data:
+                return False
+
+            # Check if token is expiring within 24 hours
+            if not token_data.expiry_time:
+                return False  # No expiry time set
+
+            time_until_expiry = token_data.expiry_time - datetime.now()
+            hours_until_expiry = time_until_expiry.total_seconds() / 3600
+
+            # Only refresh if expiry is within 24 hours (1440 minutes)
+            if hours_until_expiry > 24:
+                return False  # Token not expiring soon
+
+            if hours_until_expiry < 0:
+                # Token already expired, still try to refresh
+                print(f"🔄 Token {token_id} 已过期，尝试自动刷新...")
+            else:
+                print(f"🔄 Token {token_id} 将在 {hours_until_expiry:.1f} 小时后过期，尝试自动刷新...")
+
+            # Priority: ST > RT
+            new_at = None
+            new_st = None
+            new_rt = None
+
+            if token_data.st:
+                # Try to refresh using ST
+                try:
+                    print(f"📝 使用 ST 刷新 Token {token_id}...")
+                    result = await self.st_to_at(token_data.st)
+                    new_at = result.get("access_token")
+                    # ST refresh doesn't return new ST, so keep the old one
+                    new_st = token_data.st
+                    print(f"✅ 使用 ST 刷新成功")
+                except Exception as e:
+                    print(f"❌ 使用 ST 刷新失败: {e}")
+                    new_at = None
+
+            if not new_at and token_data.rt:
+                # Try to refresh using RT
+                try:
+                    print(f"📝 使用 RT 刷新 Token {token_id}...")
+                    result = await self.rt_to_at(token_data.rt)
+                    new_at = result.get("access_token")
+                    new_rt = result.get("refresh_token", token_data.rt)  # RT might be updated
+                    print(f"✅ 使用 RT 刷新成功")
+                except Exception as e:
+                    print(f"❌ 使用 RT 刷新失败: {e}")
+                    new_at = None
+
+            if new_at:
+                # Update token with new AT
+                await self.update_token(token_id, token=new_at, st=new_st, rt=new_rt)
+                print(f"✅ Token {token_id} 已自动刷新")
+                return True
+            else:
+                # No ST or RT, disable token
+                print(f"⚠️  Token {token_id} 无法刷新（无 ST 或 RT），已禁用")
+                await self.disable_token(token_id)
+                return False
+
+        except Exception as e:
+            print(f"❌ 自动刷新 Token {token_id} 失败: {e}")
+            return False

static/login.html

@@ -0,0 +1,53 @@
+<!DOCTYPE html>
+<html lang="zh-CN" class="h-full">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>登录 - Sora2API</title>
+    <script src="https://cdn.tailwindcss.com"></script>
+    <style>
+        @keyframes slide-up{from{transform:translateY(100%);opacity:0}to{transform:translateY(0);opacity:1}}
+        .animate-slide-up{animation:slide-up .3s ease-out}
+    </style>
+    <script>
+        tailwind.config={theme:{extend:{colors:{border:"hsl(0 0% 89%)",input:"hsl(0 0% 89%)",ring:"hsl(0 0% 3.9%)",background:"hsl(0 0% 100%)",foreground:"hsl(0 0% 3.9%)",primary:{DEFAULT:"hsl(0 0% 9%)",foreground:"hsl(0 0% 98%)"},secondary:{DEFAULT:"hsl(0 0% 96.1%)",foreground:"hsl(0 0% 9%)"},muted:{DEFAULT:"hsl(0 0% 96.1%)",foreground:"hsl(0 0% 45.1%)"},destructive:{DEFAULT:"hsl(0 84.2% 60.2%)",foreground:"hsl(0 0% 98%)"}}}}}
+    </script>
+</head>
+<body class="h-full bg-background text-foreground antialiased">
+    <div class="flex min-h-full flex-col justify-center py-12 px-4 sm:px-6 lg:px-8">
+        <div class="sm:mx-auto sm:w-full sm:max-w-md">
+            <div class="text-center">
+                <h1 class="text-4xl font-bold">Sora2API</h1>
+                <p class="mt-2 text-sm text-muted-foreground">管理员控制台</p>
+            </div>
+        </div>
+
+        <div class="sm:mx-auto sm:w-full sm:max-w-md">
+            <div class="bg-background py-8 px-4 sm:px-10 rounded-lg">
+                <form id="loginForm" class="space-y-6">
+                    <div class="space-y-2">
+                        <label for="username" class="text-sm font-medium">账户</label>
+                        <input type="text" id="username" name="username" required class="flex h-10 w-full rounded-md border border-input bg-background px-3 py-2 text-sm placeholder:text-muted-foreground focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring disabled:opacity-50" placeholder="请输入账户">
+                    </div>
+                    <div class="space-y-2">
+                        <label for="password" class="text-sm font-medium">密码</label>
+                        <input type="password" id="password" name="password" required class="flex h-10 w-full rounded-md border border-input bg-background px-3 py-2 text-sm placeholder:text-muted-foreground focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring disabled:opacity-50" placeholder="请输入密码">
+                    </div>
+                    <button type="submit" id="loginButton" class="inline-flex items-center justify-center rounded-md font-medium transition-colors bg-primary text-primary-foreground hover:bg-primary/90 h-10 w-full disabled:opacity-50">登录</button>
+                </form>
+                
+                <div class="mt-6 text-center text-xs text-muted-foreground">
+                    <p>Sora2API © 2025</p>
+                </div>
+            </div>
+        </div>
+    </div>
+
+    <script>
+        const form=document.getElementById('loginForm'),btn=document.getElementById('loginButton');
+        form.addEventListener('submit',async(e)=>{e.preventDefault();btn.disabled=true;btn.textContent='登录中...';try{const fd=new FormData(form),r=await fetch('/api/login',{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify({username:fd.get('username'),password:fd.get('password')})});const d=await r.json();d.success?(localStorage.setItem('adminToken',d.token),location.href='/manage'):showToast(d.message||'登录失败','error')}catch(e){showToast('网络错误，请稍后重试','error')}finally{btn.disabled=false;btn.textContent='登录'}});
+        function showToast(m,t='error'){const d=document.createElement('div'),bc={success:'bg-green-600',error:'bg-destructive',info:'bg-primary'};d.className=`fixed bottom-4 right-4 ${bc[t]||bc.error} text-white px-4 py-2.5 rounded-lg shadow-lg text-sm font-medium z-50 animate-slide-up`;d.textContent=m;document.body.appendChild(d);setTimeout(()=>{d.style.opacity='0';d.style.transition='opacity .3s';setTimeout(()=>d.parentNode&&document.body.removeChild(d),300)},2000)}
+        window.addEventListener('DOMContentLoaded',()=>{const t=localStorage.getItem('adminToken');t&&fetch('/api/stats',{headers:{Authorization:`Bearer ${t}`}}).then(r=>{if(r.ok)location.href='/manage'})});
+    </script>
+</body>
+</html>

static/manage.html

@@ -0,0 +1,617 @@
+<!DOCTYPE html>
+<html lang="zh-CN" class="h-full">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>管理控制台 - Sora2API</title>
+    <script src="https://cdn.tailwindcss.com"></script>
+    <style>
+        @keyframes slide-up{from{transform:translateY(100%);opacity:0}to{transform:translateY(0);opacity:1}}
+        .animate-slide-up{animation:slide-up .3s ease-out}
+        .tab-btn{transition:all .2s ease}
+    </style>
+    <script>
+        tailwind.config={theme:{extend:{colors:{border:"hsl(0 0% 89%)",input:"hsl(0 0% 89%)",ring:"hsl(0 0% 3.9%)",background:"hsl(0 0% 100%)",foreground:"hsl(0 0% 3.9%)",primary:{DEFAULT:"hsl(0 0% 9%)",foreground:"hsl(0 0% 98%)"},secondary:{DEFAULT:"hsl(0 0% 96.1%)",foreground:"hsl(0 0% 9%)"},muted:{DEFAULT:"hsl(0 0% 96.1%)",foreground:"hsl(0 0% 45.1%)"},destructive:{DEFAULT:"hsl(0 84.2% 60.2%)",foreground:"hsl(0 0% 98%)"}}}}}
+    </script>
+</head>
+<body class="h-full bg-background text-foreground antialiased">
+    <!-- 导航栏 -->
+    <header class="sticky top-0 z-50 w-full border-b border-border/40 bg-background/95 backdrop-blur">
+        <div class="mx-auto flex h-14 max-w-7xl items-center px-6">
+            <div class="mr-4 flex items-baseline gap-3">
+                <span class="font-bold text-xl">Sora2API</span>
+            </div>
+            <div class="flex flex-1 items-center justify-end gap-3">
+                <a href="https://github.com/TheSmallHanCat/sora2api" target="_blank" class="inline-flex items-center justify-center text-xs transition-colors hover:bg-accent hover:text-accent-foreground h-7 px-2.5" title="GitHub 仓库">
+                    <svg class="h-4 w-4" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="currentColor">
+                        <path d="M12 0c-6.626 0-12 5.373-12 12 0 5.302 3.438 9.8 8.207 11.387.599.111.793-.261.793-.577v-2.234c-3.338.726-4.033-1.416-4.033-1.416-.546-1.387-1.333-1.756-1.333-1.756-1.089-.745.083-.729.083-.729 1.205.084 1.839 1.237 1.839 1.237 1.07 1.834 2.807 1.304 3.492.997.107-.775.418-1.305.762-1.604-2.665-.305-5.467-1.334-5.467-5.931 0-1.311.469-2.381 1.236-3.221-.124-.303-.535-1.524.117-3.176 0 0 1.008-.322 3.301 1.23.957-.266 1.983-.399 3.003-.404 1.02.005 2.047.138 3.006.404 2.291-1.552 3.297-1.23 3.297-1.23.653 1.653.242 2.874.118 3.176.77.84 1.235 1.911 1.235 3.221 0 4.609-2.807 5.624-5.479 5.921.43.372.823 1.102.823 2.222v 3.293c0 .319.192.694.801.576 4.765-1.589 8.199-6.086 8.199-11.386 0-6.627-5.373-12-12-12z"/>
+                    </svg>
+                </a>
+                <button onclick="logout()" class="inline-flex items-center justify-center text-xs transition-colors hover:bg-accent hover:text-accent-foreground h-7 px-2.5 gap-1">
+                    <svg class="h-3.5 w-3.5" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                        <path d="M9 21H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h4"/>
+                        <polyline points="16 17 21 12 16 7"/>
+                        <line x1="21" y1="12" x2="9" y2="12"/>
+                    </svg>
+                    退出
+                </button>
+            </div>
+        </div>
+    </header>
+
+    <main class="mx-auto max-w-7xl px-6 py-6">
+        <!-- Tab 导航 -->
+        <div class="border-b border-border mb-6">
+            <nav class="flex space-x-8">
+                <button onclick="switchTab('tokens')" id="tabTokens" class="tab-btn border-b-2 border-primary text-sm font-medium py-3 px-1">Token 管理</button>
+                <button onclick="switchTab('settings')" id="tabSettings" class="tab-btn border-b-2 border-transparent text-sm font-medium py-3 px-1">系统配置</button>
+                <button onclick="switchTab('logs')" id="tabLogs" class="tab-btn border-b-2 border-transparent text-sm font-medium py-3 px-1">请求日志</button>
+            </nav>
+        </div>
+
+        <!-- Token 管理面板 -->
+        <div id="panelTokens">
+            <!-- 统计卡片 -->
+            <div class="grid gap-4 grid-cols-2 md:grid-cols-5 mb-6">
+                <div class="rounded-lg border border-border bg-background p-4">
+                    <p class="text-sm font-medium text-muted-foreground mb-2">Token 总数</p>
+                    <h3 class="text-xl font-bold" id="statTotal">-</h3>
+                </div>
+                <div class="rounded-lg border border-border bg-background p-4">
+                    <p class="text-sm font-medium text-muted-foreground mb-2">活跃 Token</p>
+                    <h3 class="text-xl font-bold text-green-600" id="statActive">-</h3>
+                </div>
+                <div class="rounded-lg border border-border bg-background p-4">
+                    <p class="text-sm font-medium text-muted-foreground mb-2">总图片数</p>
+                    <h3 class="text-xl font-bold text-blue-600" id="statImages">-</h3>
+                </div>
+                <div class="rounded-lg border border-border bg-background p-4">
+                    <p class="text-sm font-medium text-muted-foreground mb-2">总视频数</p>
+                    <h3 class="text-xl font-bold text-purple-600" id="statVideos">-</h3>
+                </div>
+                <div class="rounded-lg border border-border bg-background p-4">
+                    <p class="text-sm font-medium text-muted-foreground mb-2">错误次数</p>
+                    <h3 class="text-xl font-bold text-destructive" id="statErrors">-</h3>
+                </div>
+            </div>
+
+            <!-- Token 列表 -->
+            <div class="rounded-lg border border-border bg-background">
+                <div class="flex items-center justify-between gap-4 p-4 border-b border-border">
+                    <h3 class="text-lg font-semibold">Token 列表</h3>
+                    <div class="flex items-center gap-3">
+                        <!-- 自动刷新AT标签和开关 -->
+                        <div class="flex items-center gap-2">
+                            <span class="text-xs text-muted-foreground">自动刷新AT</span>
+                            <div class="relative inline-flex items-center group">
+                                <label class="inline-flex items-center cursor-pointer">
+                                    <input type="checkbox" id="atAutoRefreshToggle" onchange="toggleATAutoRefresh()" class="sr-only peer">
+                                    <div class="relative w-11 h-6 bg-gray-200 peer-focus:outline-none peer-focus:ring-2 peer-focus:ring-primary rounded-full peer peer-checked:after:translate-x-full peer-checked:after:border-white after:content-[''] after:absolute after:top-[2px] after:left-[2px] after:bg-white after:border-gray-300 after:border after:rounded-full after:h-5 after:w-5 after:transition-all peer-checked:bg-primary"></div>
+                                </label>
+                                <!-- 悬浮提示 -->
+                                <div class="absolute bottom-full mb-2 left-1/2 transform -translate-x-1/2 bg-gray-900 text-white text-xs rounded px-2 py-1 whitespace-nowrap opacity-0 group-hover:opacity-100 transition-opacity pointer-events-none z-10">
+                                    Token距离过期<24h时自动使用ST或RT刷新AT
+                                    <div class="absolute top-full left-1/2 transform -translate-x-1/2 border-4 border-transparent border-t-gray-900"></div>
+                                </div>
+                            </div>
+                        </div>
+                        <button onclick="refreshTokens()" class="inline-flex items-center justify-center rounded-md transition-colors hover:bg-accent h-8 w-8" title="刷新">
+                            <svg class="h-4 w-4" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                                <polyline points="23 4 23 10 17 10"/><polyline points="1 20 1 14 7 14"/><path d="M3.51 9a9 9 0 0 1 14.85-3.36L23 10M1 14l4.64 4.36A9 9 0 0 0 20.49 15"/>
+                            </svg>
+                        </button>
+                        <button onclick="openAddModal()" class="inline-flex items-center justify-center rounded-md bg-primary text-primary-foreground hover:bg-primary/90 h-8 px-3">
+                            <svg class="h-4 w-4 mr-2" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                                <line x1="12" y1="5" x2="12" y2="19"/>
+                                <line x1="5" y1="12" x2="19" y2="12"/>
+                            </svg>
+                            <span class="text-sm font-medium">新增</span>
+                        </button>
+                    </div>
+                </div>
+                
+                <div class="relative w-full overflow-auto">
+                    <table class="w-full text-sm">
+                        <thead>
+                            <tr class="border-b border-border">
+                                <th class="h-10 px-3 text-left align-middle font-medium text-muted-foreground">邮箱</th>
+                                <th class="h-10 px-3 text-left align-middle font-medium text-muted-foreground">状态</th>
+                                <th class="h-10 px-3 text-left align-middle font-medium text-muted-foreground">过期时间</th>
+                                <th class="h-10 px-3 text-left align-middle font-medium text-muted-foreground">账户类型</th>
+                                <th class="h-10 px-3 text-left align-middle font-medium text-muted-foreground">Sora2</th>
+                                <th class="h-10 px-3 text-left align-middle font-medium text-muted-foreground">可用次数</th>
+                                <th class="h-10 px-3 text-left align-middle font-medium text-muted-foreground">图片</th>
+                                <th class="h-10 px-3 text-left align-middle font-medium text-muted-foreground">视频</th>
+                                <th class="h-10 px-3 text-left align-middle font-medium text-muted-foreground">错误</th>
+                                <th class="h-10 px-3 text-left align-middle font-medium text-muted-foreground">备注</th>
+                                <th class="h-10 px-3 text-right align-middle font-medium text-muted-foreground">操作</th>
+                            </tr>
+                        </thead>
+                        <tbody id="tokenTableBody" class="divide-y divide-border">
+                            <!-- 动态填充 -->
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+
+        <!-- 系统配置面板 -->
+        <div id="panelSettings" class="hidden">
+            <div class="grid gap-6 lg:grid-cols-2">
+                <!-- 安全配置 -->
+                <div class="rounded-lg border border-border bg-background p-6">
+                    <h3 class="text-lg font-semibold mb-4">安全配置</h3>
+                    <div class="space-y-4">
+                        <div>
+                            <label class="text-sm font-medium mb-2 block">管理员用户名</label>
+                            <input id="cfgAdminUsername" type="text" class="flex h-9 w-full rounded-md border border-input bg-background px-3 py-2 text-sm">
+                            <p class="text-xs text-muted-foreground mt-1">管理员用户名</p>
+                        </div>
+                        <div>
+                            <label class="text-sm font-medium mb-2 block">旧密码</label>
+                            <input id="cfgOldPassword" type="password" class="flex h-9 w-full rounded-md border border-input bg-background px-3 py-2 text-sm" placeholder="输入旧密码">
+                        </div>
+                        <div>
+                            <label class="text-sm font-medium mb-2 block">新密码</label>
+                            <input id="cfgNewPassword" type="password" class="flex h-9 w-full rounded-md border border-input bg-background px-3 py-2 text-sm" placeholder="输入新密码">
+                        </div>
+                        <button onclick="updateAdminPassword()" class="inline-flex items-center justify-center rounded-md bg-primary text-primary-foreground hover:bg-primary/90 h-9 px-4 w-full">修改密码</button>
+                    </div>
+                </div>
+
+                <!-- API 密钥配置 -->
+                <div class="rounded-lg border border-border bg-background p-6">
+                    <h3 class="text-lg font-semibold mb-4">API 密钥配置</h3>
+                    <div class="space-y-4">
+                        <div>
+                            <label class="text-sm font-medium mb-2 block">当前 API Key</label>
+                            <input id="cfgCurrentAPIKey" type="text" class="flex h-9 w-full rounded-md border border-input bg-background px-3 py-2 text-sm" readonly disabled>
+                            <p class="text-xs text-muted-foreground mt-1">当前使用的 API Key（只读）</p>
+                        </div>
+                        <div>
+                            <label class="text-sm font-medium mb-2 block">新 API Key</label>
+                            <input id="cfgNewAPIKey" type="text" class="flex h-9 w-full rounded-md border border-input bg-background px-3 py-2 text-sm" placeholder="输入新的 API Key">
+                            <p class="text-xs text-muted-foreground mt-1">用于客户端调用 API 的密钥</p>
+                        </div>
+                        <button onclick="updateAPIKey()" class="inline-flex items-center justify-center rounded-md bg-primary text-primary-foreground hover:bg-primary/90 h-9 px-4 w-full">更新 API Key</button>
+                    </div>
+                </div>
+
+                <!-- 代理配置 -->
+                <div class="rounded-lg border border-border bg-background p-6">
+                    <h3 class="text-lg font-semibold mb-4">代理配置</h3>
+                    <div class="space-y-4">
+                        <div>
+                            <label class="inline-flex items-center gap-2 cursor-pointer">
+                                <input type="checkbox" id="cfgProxyEnabled" class="h-4 w-4 rounded border-input">
+                                <span class="text-sm font-medium">启用代理</span>
+                            </label>
+                        </div>
+                        <div>
+                            <label class="text-sm font-medium mb-2 block">代理地址</label>
+                            <input id="cfgProxyUrl" class="flex h-9 w-full rounded-md border border-input bg-background px-3 py-2 text-sm" placeholder="http://127.0.0.1:7890 或 socks5://127.0.0.1:1080">
+                            <p class="text-xs text-muted-foreground mt-1">支持 HTTP 和 SOCKS5 代理</p>
+                        </div>
+                        <button onclick="saveProxyConfig()" class="inline-flex items-center justify-center rounded-md bg-primary text-primary-foreground hover:bg-primary/90 h-9 px-4 w-full">保存配置</button>
+                    </div>
+                </div>
+
+                <!-- 错误处理配置 -->
+                <div class="rounded-lg border border-border bg-background p-6">
+                    <h3 class="text-lg font-semibold mb-4">错误处理配置</h3>
+                    <div class="space-y-4">
+                        <div>
+                            <label class="text-sm font-medium mb-2 block">错误封禁阈值</label>
+                            <input id="cfgErrorBan" type="number" class="flex h-9 w-full rounded-md border border-input bg-background px-3 py-2 text-sm" placeholder="3">
+                            <p class="text-xs text-muted-foreground mt-1">Token 连续错误达到此次数后自动禁用</p>
+                        </div>
+                        <button onclick="saveAdminConfig()" class="inline-flex items-center justify-center rounded-md bg-primary text-primary-foreground hover:bg-primary/90 h-9 px-4 w-full">保存配置</button>
+                    </div>
+                </div>
+
+                <!-- 缓存配置 -->
+                <div class="rounded-lg border border-border bg-background p-6">
+                    <h3 class="text-lg font-semibold mb-4">缓存配置</h3>
+                    <div class="space-y-4">
+                        <div>
+                            <label class="inline-flex items-center gap-2 cursor-pointer">
+                                <input type="checkbox" id="cfgCacheEnabled" class="h-4 w-4 rounded border-input" onchange="toggleCacheOptions()">
+                                <span class="text-sm font-medium">启用缓存</span>
+                            </label>
+                            <p class="text-xs text-muted-foreground mt-1">关闭后，生成的图片和视频将直接输出原始链接，不会缓存到本地</p>
+                        </div>
+
+                        <!-- 缓存配置选项 -->
+                        <div id="cacheOptions" style="display: none;" class="space-y-4 pt-4 border-t border-border">
+                            <div>
+                                <label class="text-sm font-medium mb-2 block">缓存超时时间（秒）</label>
+                                <input id="cfgCacheTimeout" type="number" class="flex h-9 w-full rounded-md border border-input bg-background px-3 py-2 text-sm" placeholder="7200" min="60" max="86400">
+                                <p class="text-xs text-muted-foreground mt-1">文件缓存超时时间，范围：60-86400 秒（1分钟-24小时）</p>
+                            </div>
+                            <div>
+                                <label class="text-sm font-medium mb-2 block">缓存文件访问域名（请使用当前服务的地址）</label>
+                                <input id="cfgCacheBaseUrl" type="text" class="flex h-9 w-full rounded-md border border-input bg-background px-3 py-2 text-sm" placeholder="https://yourdomain.com">
+                                <p class="text-xs text-muted-foreground mt-1">留空则使用服务器地址，例如：https://yourdomain.com</p>
+                            </div>
+                            <div id="cacheEffectiveUrl" class="rounded-md bg-muted p-3 hidden">
+                                <p class="text-xs text-muted-foreground">
+                                    <strong>🌐 当前生效的访问地址：</strong><code id="cacheEffectiveUrlValue" class="bg-background px-1 py-0.5 rounded"></code>
+                                </p>
+                            </div>
+                        </div>
+
+                        <button onclick="saveCacheConfig()" class="inline-flex items-center justify-center rounded-md bg-primary text-primary-foreground hover:bg-primary/90 h-9 px-4 w-full">保存配置</button>
+                    </div>
+                </div>
+
+                <!-- 生成超时配置 -->
+                <div class="rounded-lg border border-border bg-background p-6">
+                    <h3 class="text-lg font-semibold mb-4">生成超时配置</h3>
+                    <div class="space-y-4">
+                        <div>
+                            <label class="text-sm font-medium mb-2 block">图片生成超时时间（秒）</label>
+                            <input id="cfgImageTimeout" type="number" class="flex h-9 w-full rounded-md border border-input bg-background px-3 py-2 text-sm" placeholder="300" min="60" max="3600">
+                            <p class="text-xs text-muted-foreground mt-1">图片生成超时时间，范围：60-3600 秒（1分钟-1小时），超时后自动释放Token锁</p>
+                        </div>
+                        <div>
+                            <label class="text-sm font-medium mb-2 block">视频生成超时时间（秒）</label>
+                            <input id="cfgVideoTimeout" type="number" class="flex h-9 w-full rounded-md border border-input bg-background px-3 py-2 text-sm" placeholder="1500" min="60" max="7200">
+                            <p class="text-xs text-muted-foreground mt-1">视频生成超时时间，范围：60-7200 秒（1分钟-2小时），超时后返回上游API超时错误</p>
+                        </div>
+                        <button onclick="saveGenerationTimeout()" class="inline-flex items-center justify-center rounded-md bg-primary text-primary-foreground hover:bg-primary/90 h-9 px-4 w-full">保存配置</button>
+                    </div>
+                </div>
+
+                <!-- 无水印模式配置 -->
+                <div class="rounded-lg border border-border bg-background p-6">
+                    <h3 class="text-lg font-semibold mb-4">无水印模式配置</h3>
+                    <div class="space-y-4">
+                        <div>
+                            <label class="inline-flex items-center gap-2 cursor-pointer">
+                                <input type="checkbox" id="cfgWatermarkFreeEnabled" class="h-4 w-4 rounded border-input" onchange="toggleWatermarkFreeOptions()">
+                                <span class="text-sm font-medium">开启无水印模式</span>
+                            </label>
+                            <p class="text-xs text-muted-foreground mt-2">开启后生成的视频将会被发布到sora平台并且提取返回无水印的视频，在缓存到本地后会自动删除发布的视频(需要开启缓存功能)</p>
+                        </div>
+
+                        <!-- 解析方式选择 -->
+                        <div id="watermarkFreeOptions" style="display: none;" class="space-y-4 pt-4 border-t border-border">
+                            <div>
+                                <label class="text-sm font-medium">解析方式</label>
+                                <select id="cfgParseMethod" class="w-full mt-2 px-3 py-2 border border-input rounded-md bg-background text-foreground" onchange="toggleCustomParseOptions()">
+                                    <option value="third_party">第三方解析</option>
+                                    <option value="custom">自定义解析接口</option>
+                                </select>
+                            </div>
+
+                            <!-- 自定义解析配置 -->
+                            <div id="customParseOptions" style="display: none;" class="space-y-4">
+                                <div>
+                                    <label class="text-sm font-medium">解析服务器地址</label>
+                                    <input type="text" id="cfgCustomParseUrl" placeholder="请输入解析服务器地址 (例如: http://example.com)" class="w-full mt-2 px-3 py-2 border border-input rounded-md bg-background text-foreground">
+                                    <p class="text-xs text-muted-foreground mt-1"><a href="https://github.com/tibbar213/sora-downloader" target="_blank" class="text-blue-600 hover:text-blue-800 underline">部署自定义解析服务器</a></p>
+                                </div>
+                                <div>
+                                    <label class="text-sm font-medium">访问密钥</label>
+                                    <input type="password" id="cfgCustomParseToken" placeholder="请输入访问密钥" class="w-full mt-2 px-3 py-2 border border-input rounded-md bg-background text-foreground">
+                                </div>
+                            </div>
+                        </div>
+
+                        <button onclick="saveWatermarkFreeConfig()" class="inline-flex items-center justify-center rounded-md bg-primary text-primary-foreground hover:bg-primary/90 h-9 px-4 w-full">保存配置</button>
+                    </div>
+                </div>
+
+                <!-- 调试配置 -->
+                <div class="rounded-lg border border-border bg-background p-6">
+                    <h3 class="text-lg font-semibold mb-4">调试配置</h3>
+                    <div class="space-y-4">
+                        <div>
+                            <label class="inline-flex items-center gap-2 cursor-pointer">
+                                <input type="checkbox" id="cfgDebugEnabled" class="h-4 w-4 rounded border-input" onchange="toggleDebugMode()">
+                                <span class="text-sm font-medium">启用调试模式</span>
+                            </label>
+                            <p class="text-xs text-muted-foreground mt-2">开启后，详细的上游API请求和响应日志将写入 <code class="bg-muted px-1 py-0.5 rounded">logs.txt</code> 文件，重启生效</p>
+                        </div>
+                        <div class="rounded-md bg-yellow-50 dark:bg-yellow-900/20 p-3 border border-yellow-200 dark:border-yellow-800">
+                            <p class="text-xs text-yellow-800 dark:text-yellow-200">
+                                ⚠️ <strong>注意：</strong>调试模式会产生非常非常大量的日志，仅限Debug时候开启，否则磁盘boom
+                            </p>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+
+        <!-- 请求日志面板 -->
+        <div id="panelLogs" class="hidden">
+            <div class="rounded-lg border border-border bg-background">
+                <div class="flex items-center justify-between gap-4 p-4 border-b border-border">
+                    <h3 class="text-lg font-semibold">请求日志</h3>
+                    <button onclick="refreshLogs()" class="inline-flex items-center justify-center rounded-md transition-colors hover:bg-accent h-8 w-8" title="刷新">
+                        <svg class="h-4 w-4" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                            <polyline points="23 4 23 10 17 10"/><polyline points="1 20 1 14 7 14"/><path d="M3.51 9a9 9 0 0 1 14.85-3.36L23 10M1 14l4.64 4.36A9 9 0 0 0 20.49 15"/>
+                        </svg>
+                    </button>
+                </div>
+                <div class="relative w-full overflow-auto max-h-[600px]">
+                    <table class="w-full text-sm">
+                        <thead class="sticky top-0 bg-background">
+                            <tr class="border-b border-border">
+                                <th class="h-10 px-3 text-left align-middle font-medium text-muted-foreground">操作</th>
+                                <th class="h-10 px-3 text-left align-middle font-medium text-muted-foreground">Token邮箱</th>
+                                <th class="h-10 px-3 text-left align-middle font-medium text-muted-foreground">状态码</th>
+                                <th class="h-10 px-3 text-left align-middle font-medium text-muted-foreground">耗时(秒)</th>
+                                <th class="h-10 px-3 text-left align-middle font-medium text-muted-foreground">时间</th>
+                            </tr>
+                        </thead>
+                        <tbody id="logsTableBody" class="divide-y divide-border">
+                            <!-- 动态填充 -->
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+
+        <!-- 页脚 -->
+        <footer class="mt-12 pt-6 border-t border-border text-center text-xs text-muted-foreground">
+            <p>© 2025 <a href="https://linux.do/u/thesmallhancat/summary" target="_blank" class="no-underline hover:underline" style="color: inherit;">TheSmallHanCat</a> && <a href="https://linux.do/u/tibbar/summary" target="_blank" class="no-underline hover:underline" style="color: inherit;">Tibbar</a>. All rights reserved.</p>
+        </footer>
+    </main>
+
+    <!-- 添加 Token 模态框 -->
+    <div id="addModal" class="hidden fixed inset-0 z-50 bg-black/80 flex items-center justify-center p-4 overflow-y-auto">
+        <div class="bg-background rounded-lg border border-border w-full max-w-2xl shadow-xl my-auto">
+            <div class="flex items-center justify-between p-5 border-b border-border sticky top-0 bg-background">
+                <h3 class="text-lg font-semibold">添加 Token</h3>
+                <button onclick="closeAddModal()" class="text-muted-foreground hover:text-foreground">
+                    <svg class="h-3.5 w-3.5" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                        <line x1="18" y1="6" x2="6" y2="18"/>
+                        <line x1="6" y1="6" x2="18" y2="18"/>
+                    </svg>
+                </button>
+            </div>
+            <div class="p-5 space-y-4 max-h-[calc(100vh-200px)] overflow-y-auto">
+                <!-- Access Token -->
+                <div class="space-y-2">
+                    <label class="text-sm font-medium">Access Token (AT) <span class="text-red-500">*</span></label>
+                    <textarea id="addTokenAT" rows="3" class="flex w-full rounded-md border border-input bg-background px-3 py-2 text-sm font-mono resize-none" placeholder="请输入 Access Token 或使用下方 ST/RT 转换"></textarea>
+                    <p class="text-xs text-muted-foreground">格式: eyJh... (JWT格式)</p>
+                </div>
+
+                <!-- Session Token -->
+                <div class="space-y-2">
+                    <label class="text-sm font-medium">Session Token (ST) <span class="text-muted-foreground text-xs">- 可选</span></label>
+                    <div class="flex gap-2">
+                        <textarea id="addTokenST" rows="2" class="flex w-full rounded-md border border-input bg-background px-3 py-2 text-sm font-mono resize-none" placeholder="输入 Session Token 后点击转换"></textarea>
+                        <button onclick="convertST2AT()" class="inline-flex items-center justify-center rounded-md bg-blue-600 text-white hover:bg-blue-700 px-4 whitespace-nowrap h-auto">
+                            ST→AT
+                        </button>
+                    </div>
+                    <p class="text-xs text-muted-foreground">从浏览器 Cookie 中获取 __Secure-next-auth.session-token</p>
+                </div>
+
+                <!-- Refresh Token -->
+                <div class="space-y-2">
+                    <label class="text-sm font-medium">Refresh Token (RT) <span class="text-muted-foreground text-xs">- 可选</span></label>
+                    <div class="flex gap-2">
+                        <textarea id="addTokenRT" rows="2" class="flex w-full rounded-md border border-input bg-background px-3 py-2 text-sm font-mono resize-none" placeholder="输入 Refresh Token 后点击转换"></textarea>
+                        <button onclick="convertRT2AT()" class="inline-flex items-center justify-center rounded-md bg-green-600 text-white hover:bg-green-700 px-4 whitespace-nowrap h-auto">
+                            RT→AT
+                        </button>
+                    </div>
+                    <p class="text-xs text-muted-foreground">从移动端或其他客户端获取</p>
+                    <p id="addRTRefreshHint" class="text-xs text-green-600 font-medium hidden">✓ RT已被刷新，已填入更新后的RT</p>
+                </div>
+
+                <!-- Remark -->
+                <div class="space-y-2">
+                    <label class="text-sm font-medium">备注 <span class="text-muted-foreground text-xs">- 可选</span></label>
+                    <input id="addTokenRemark" class="flex h-9 w-full rounded-md border border-input bg-background px-3 py-2 text-sm" placeholder="添加备注信息">
+                </div>
+
+                <!-- 功能开关 -->
+                <div class="space-y-3 pt-2 border-t border-border">
+                    <label class="text-sm font-medium">功能开关</label>
+                    <div class="space-y-2">
+                        <label class="inline-flex items-center gap-2 cursor-pointer">
+                            <input type="checkbox" id="addTokenImageEnabled" checked class="h-4 w-4 rounded border-input">
+                            <span class="text-sm font-medium">启用图片生成</span>
+                        </label>
+                    </div>
+                    <div class="space-y-2">
+                        <label class="inline-flex items-center gap-2 cursor-pointer">
+                            <input type="checkbox" id="addTokenVideoEnabled" checked class="h-4 w-4 rounded border-input">
+                            <span class="text-sm font-medium">启用视频生成</span>
+                        </label>
+                    </div>
+                </div>
+            </div>
+            <div class="flex items-center justify-end gap-3 p-5 border-t border-border sticky bottom-0 bg-background">
+                <button onclick="closeAddModal()" class="inline-flex items-center justify-center rounded-md border border-input bg-background hover:bg-accent h-9 px-5">取消</button>
+                <button id="addTokenBtn" onclick="submitAddToken()" class="inline-flex items-center justify-center rounded-md bg-primary text-primary-foreground hover:bg-primary/90 h-9 px-5">
+                    <span id="addTokenBtnText">添加</span>
+                    <svg id="addTokenBtnSpinner" class="hidden animate-spin h-4 w-4 ml-2" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24">
+                        <circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle>
+                        <path class="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"></path>
+                    </svg>
+                </button>
+            </div>
+        </div>
+    </div>
+
+    <!-- 编辑 Token 模态框 -->
+    <div id="editModal" class="hidden fixed inset-0 z-50 bg-black/80 flex items-center justify-center p-4 overflow-y-auto">
+        <div class="bg-background rounded-lg border border-border w-full max-w-2xl shadow-xl my-auto">
+            <div class="flex items-center justify-between p-5 border-b border-border sticky top-0 bg-background">
+                <h3 class="text-lg font-semibold">编辑 Token</h3>
+                <button onclick="closeEditModal()" class="text-muted-foreground hover:text-foreground">
+                    <svg class="h-3.5 w-3.5" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                        <line x1="18" y1="6" x2="6" y2="18"/>
+                        <line x1="6" y1="6" x2="18" y2="18"/>
+                    </svg>
+                </button>
+            </div>
+            <div class="p-5 space-y-4 max-h-[calc(100vh-200px)] overflow-y-auto">
+                <input type="hidden" id="editTokenId">
+
+                <!-- Access Token -->
+                <div class="space-y-2">
+                    <label class="text-sm font-medium">Access Token (AT) <span class="text-red-500">*</span></label>
+                    <textarea id="editTokenAT" rows="3" class="flex w-full rounded-md border border-input bg-background px-3 py-2 text-sm font-mono resize-none" placeholder="请输入 Access Token 或使用下方 ST/RT 转换"></textarea>
+                    <p class="text-xs text-muted-foreground">格式: eyJh... (JWT格式)</p>
+                </div>
+
+                <!-- Session Token -->
+                <div class="space-y-2">
+                    <label class="text-sm font-medium">Session Token (ST) <span class="text-muted-foreground text-xs">- 可选</span></label>
+                    <div class="flex gap-2">
+                        <textarea id="editTokenST" rows="2" class="flex w-full rounded-md border border-input bg-background px-3 py-2 text-sm font-mono resize-none" placeholder="输入 Session Token 后点击转换"></textarea>
+                        <button onclick="convertEditST2AT()" class="inline-flex items-center justify-center rounded-md bg-blue-600 text-white hover:bg-blue-700 px-4 whitespace-nowrap h-auto">
+                            ST→AT
+                        </button>
+                    </div>
+                    <p class="text-xs text-muted-foreground">从浏览器 Cookie 中获取 __Secure-next-auth.session-token</p>
+                </div>
+
+                <!-- Refresh Token -->
+                <div class="space-y-2">
+                    <label class="text-sm font-medium">Refresh Token (RT) <span class="text-muted-foreground text-xs">- 可选</span></label>
+                    <div class="flex gap-2">
+                        <textarea id="editTokenRT" rows="2" class="flex w-full rounded-md border border-input bg-background px-3 py-2 text-sm font-mono resize-none" placeholder="输入 Refresh Token 后点击转换"></textarea>
+                        <button onclick="convertEditRT2AT()" class="inline-flex items-center justify-center rounded-md bg-green-600 text-white hover:bg-green-700 px-4 whitespace-nowrap h-auto">
+                            RT→AT
+                        </button>
+                    </div>
+                    <p class="text-xs text-muted-foreground">从移动端或其他客户端获取</p>
+                    <p id="editRTRefreshHint" class="text-xs text-green-600 font-medium hidden">✓ RT已被刷新，已填入更新后的RT</p>
+                </div>
+
+                <!-- Remark -->
+                <div class="space-y-2">
+                    <label class="text-sm font-medium">备注 <span class="text-muted-foreground text-xs">- 可选</span></label>
+                    <input id="editTokenRemark" class="flex h-9 w-full rounded-md border border-input bg-background px-3 py-2 text-sm" placeholder="添加备注信息">
+                </div>
+
+                <!-- 功能开关 -->
+                <div class="space-y-3 pt-2 border-t border-border">
+                    <label class="text-sm font-medium">功能开关</label>
+                    <div class="space-y-2">
+                        <label class="inline-flex items-center gap-2 cursor-pointer">
+                            <input type="checkbox" id="editTokenImageEnabled" class="h-4 w-4 rounded border-input">
+                            <span class="text-sm font-medium">启用图片生成</span>
+                        </label>
+                    </div>
+                    <div class="space-y-2">
+                        <label class="inline-flex items-center gap-2 cursor-pointer">
+                            <input type="checkbox" id="editTokenVideoEnabled" class="h-4 w-4 rounded border-input">
+                            <span class="text-sm font-medium">启用视频生成</span>
+                        </label>
+                    </div>
+                </div>
+            </div>
+            <div class="flex items-center justify-end gap-3 p-5 border-t border-border sticky bottom-0 bg-background">
+                <button onclick="closeEditModal()" class="inline-flex items-center justify-center rounded-md border border-input bg-background hover:bg-accent h-9 px-5">取消</button>
+                <button id="editTokenBtn" onclick="submitEditToken()" class="inline-flex items-center justify-center rounded-md bg-primary text-primary-foreground hover:bg-primary/90 h-9 px-5">
+                    <span id="editTokenBtnText">保存</span>
+                    <svg id="editTokenBtnSpinner" class="hidden animate-spin h-4 w-4 ml-2" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24">
+                        <circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle>
+                        <path class="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"></path>
+                    </svg>
+                </button>
+            </div>
+        </div>
+    </div>
+
+    <!-- Sora2 激活模态框 -->
+    <div id="sora2Modal" class="hidden fixed inset-0 z-50 bg-black/80 flex items-center justify-center p-4">
+        <div class="bg-background rounded-lg border border-border w-full max-w-md shadow-xl">
+            <div class="flex items-center justify-between p-5 border-b border-border">
+                <h3 class="text-lg font-semibold">激活 Sora2</h3>
+                <button onclick="closeSora2Modal()" class="text-muted-foreground hover:text-foreground">
+                    <svg class="h-3.5 w-3.5" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                        <line x1="18" y1="6" x2="6" y2="18"/>
+                        <line x1="6" y1="6" x2="18" y2="18"/>
+                    </svg>
+                </button>
+            </div>
+            <div class="p-5 space-y-4">
+                <input type="hidden" id="sora2TokenId">
+                <div>
+                    <label class="text-sm font-medium mb-2 block">Sora2 邀请码</label>
+                    <input id="sora2InviteCode" class="flex h-9 w-full rounded-md border border-input bg-background px-3 py-2 text-sm" placeholder="输入6位邀请码，例如：0ZSKEG">
+                    <p class="text-xs text-muted-foreground mt-1">输入Sora2邀请码以激活该Token的Sora2功能</p>
+                </div>
+            </div>
+            <div class="flex items-center justify-end gap-3 p-5 border-t border-border">
+                <button onclick="closeSora2Modal()" class="inline-flex items-center justify-center rounded-md border border-input bg-background hover:bg-accent h-9 px-5">取消</button>
+                <button id="sora2ActivateBtn" onclick="submitSora2Activate()" class="inline-flex items-center justify-center rounded-md bg-primary text-primary-foreground hover:bg-primary/90 h-9 px-5">
+                    <span id="sora2ActivateBtnText">激活</span>
+                    <svg id="sora2ActivateBtnSpinner" class="hidden animate-spin h-4 w-4 ml-2" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24">
+                        <circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle>
+                        <path class="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"></path>
+                    </svg>
+                </button>
+            </div>
+        </div>
+    </div>
+
+    <script>
+        let allTokens=[];
+        const $=(id)=>document.getElementById(id),
+        checkAuth=()=>{const t=localStorage.getItem('adminToken');return t||(location.href='/login',null),t},
+        apiRequest=async(url,opts={})=>{const t=checkAuth();if(!t)return null;const r=await fetch(url,{...opts,headers:{...opts.headers,Authorization:`Bearer ${t}`,'Content-Type':'application/json'}});return r.status===401?(localStorage.removeItem('adminToken'),location.href='/login',null):r},
+        loadStats=async()=>{try{const r=await apiRequest('/api/stats');if(!r)return;const d=await r.json();$('statTotal').textContent=d.total_tokens||0;$('statActive').textContent=d.active_tokens||0;$('statImages').textContent=d.total_images||0;$('statVideos').textContent=d.total_videos||0;$('statErrors').textContent=d.total_errors||0}catch(e){console.error('加载统计失败:',e)}},
+        loadTokens=async()=>{try{const r=await apiRequest('/api/tokens');if(!r)return;allTokens=await r.json();renderTokens()}catch(e){console.error('加载Token失败:',e)}},
+        formatExpiry=exp=>{if(!exp)return'-';const d=new Date(exp),now=new Date(),diff=d-now;const dateStr=d.toLocaleDateString('zh-CN',{year:'numeric',month:'2-digit',day:'2-digit'}).replace(/\//g,'-');const timeStr=d.toLocaleTimeString('zh-CN',{hour:'2-digit',minute:'2-digit',hour12:false});if(diff<0)return`<span class="text-red-600">${dateStr} ${timeStr}</span>`;const days=Math.floor(diff/864e5);if(days<7)return`<span class="text-orange-600">${dateStr} ${timeStr}</span>`;return`${dateStr} ${timeStr}`},
+        formatPlanType=type=>{if(!type)return'-';const typeMap={'chatgpt_team':'Team','chatgpt_plus':'Plus','chatgpt_pro':'Pro','chatgpt_free':'Free'};return typeMap[type]||type},
+        formatSora2=(t)=>{if(t.sora2_supported===true){const remaining=t.sora2_total_count-t.sora2_redeemed_count;const tooltipText=`邀请码: ${t.sora2_invite_code||'无'}\n可用次数: ${remaining}/${t.sora2_total_count}\n已用次数: ${t.sora2_redeemed_count}`;return`<div class="inline-flex items-center gap-1"><span class="inline-flex items-center rounded px-2 py-0.5 text-xs bg-green-50 text-green-700 cursor-pointer" title="${tooltipText}" onclick="copySora2Code('${t.sora2_invite_code||''}')">支持</span><span class="text-xs text-muted-foreground" title="${tooltipText}">${remaining}/${t.sora2_total_count}</span></div>`}else if(t.sora2_supported===false){return`<span class="inline-flex items-center rounded px-2 py-0.5 text-xs bg-gray-100 text-gray-700 cursor-pointer" title="点击使用邀请码激活" onclick="openSora2Modal(${t.id})">不支持</span>`}else{return'-'}},
+        formatPlanTypeWithTooltip=(t)=>{const tooltipText=t.subscription_end?`套餐到期: ${new Date(t.subscription_end).toLocaleDateString('zh-CN',{year:'numeric',month:'2-digit',day:'2-digit'}).replace(/\//g,'-')} ${new Date(t.subscription_end).toLocaleTimeString('zh-CN',{hour:'2-digit',minute:'2-digit',hour12:false})}`:'';return`<span class="inline-flex items-center rounded px-2 py-0.5 text-xs bg-blue-50 text-blue-700 cursor-pointer" title="${tooltipText||t.plan_title||'-'}">${formatPlanType(t.plan_type)}</span>`},
+        formatSora2Remaining=(t)=>{if(t.sora2_supported===true){const remaining=t.sora2_remaining_count||0;return`<span class="text-xs">${remaining}</span>`}else{return'-'}},
+        renderTokens=()=>{const tb=$('tokenTableBody');tb.innerHTML=allTokens.map(t=>{const imageDisplay=t.image_enabled?`${t.image_count||0}`:'-';const videoDisplay=(t.video_enabled&&t.sora2_supported)?`${t.video_count||0}`:'-';return`<tr><td class="py-2.5 px-3">${t.email}</td><td class="py-2.5 px-3"><span class="inline-flex items-center rounded px-2 py-0.5 text-xs ${t.is_active?'bg-green-50 text-green-700':'bg-gray-100 text-gray-700'}">${t.is_active?'活跃':'禁用'}</span></td><td class="py-2.5 px-3 text-xs">${formatExpiry(t.expiry_time)}</td><td class="py-2.5 px-3 text-xs">${formatPlanTypeWithTooltip(t)}</td><td class="py-2.5 px-3 text-xs">${formatSora2(t)}</td><td class="py-2.5 px-3">${formatSora2Remaining(t)}</td><td class="py-2.5 px-3">${imageDisplay}</td><td class="py-2.5 px-3">${videoDisplay}</td><td class="py-2.5 px-3">${t.error_count||0}</td><td class="py-2.5 px-3 text-xs text-muted-foreground">${t.remark||'-'}</td><td class="py-2.5 px-3 text-right"><button onclick="testToken(${t.id})" class="inline-flex items-center justify-center rounded-md hover:bg-blue-50 hover:text-blue-700 h-7 px-2 text-xs mr-1">测试</button><button onclick="openEditModal(${t.id})" class="inline-flex items-center justify-center rounded-md hover:bg-green-50 hover:text-green-700 h-7 px-2 text-xs mr-1">编辑</button><button onclick="toggleToken(${t.id},${t.is_active})" class="inline-flex items-center justify-center rounded-md hover:bg-accent h-7 px-2 text-xs mr-1">${t.is_active?'禁用':'启用'}</button><button onclick="deleteToken(${t.id})" class="inline-flex items-center justify-center rounded-md hover:bg-destructive/10 hover:text-destructive h-7 px-2 text-xs">删除</button></td></tr>`}).join('')},
+        refreshTokens=async()=>{await loadTokens();await loadStats()},
+        openAddModal=()=>$('addModal').classList.remove('hidden'),
+        closeAddModal=()=>{$('addModal').classList.add('hidden');$('addTokenAT').value='';$('addTokenST').value='';$('addTokenRT').value='';$('addTokenRemark').value='';$('addTokenImageEnabled').checked=true;$('addTokenVideoEnabled').checked=true;$('addRTRefreshHint').classList.add('hidden')},
+        openEditModal=(id)=>{const token=allTokens.find(t=>t.id===id);if(!token)return showToast('Token不存在','error');$('editTokenId').value=token.id;$('editTokenAT').value=token.token||'';$('editTokenST').value=token.st||'';$('editTokenRT').value=token.rt||'';$('editTokenRemark').value=token.remark||'';$('editTokenImageEnabled').checked=token.image_enabled!==false;$('editTokenVideoEnabled').checked=token.video_enabled!==false;$('editModal').classList.remove('hidden')},
+        closeEditModal=()=>{$('editModal').classList.add('hidden');$('editTokenId').value='';$('editTokenAT').value='';$('editTokenST').value='';$('editTokenRT').value='';$('editTokenRemark').value='';$('editTokenImageEnabled').checked=true;$('editTokenVideoEnabled').checked=true;$('editRTRefreshHint').classList.add('hidden')},
+        submitEditToken=async()=>{const id=parseInt($('editTokenId').value),at=$('editTokenAT').value.trim(),st=$('editTokenST').value.trim(),rt=$('editTokenRT').value.trim(),remark=$('editTokenRemark').value.trim(),imageEnabled=$('editTokenImageEnabled').checked,videoEnabled=$('editTokenVideoEnabled').checked;if(!id)return showToast('Token ID无效','error');if(!at)return showToast('请输入 Access Token','error');const btn=$('editTokenBtn'),btnText=$('editTokenBtnText'),btnSpinner=$('editTokenBtnSpinner');btn.disabled=true;btnText.textContent='保存中...';btnSpinner.classList.remove('hidden');try{const r=await apiRequest(`/api/tokens/${id}`,{method:'PUT',body:JSON.stringify({token:at,st:st||null,rt:rt||null,remark:remark||null,image_enabled:imageEnabled,video_enabled:videoEnabled})});if(!r){btn.disabled=false;btnText.textContent='保存';btnSpinner.classList.add('hidden');return}const d=await r.json();if(d.success){closeEditModal();await refreshTokens();showToast('Token更新成功','success')}else{showToast('更新失败: '+(d.detail||d.message||'未知错误'),'error')}}catch(e){showToast('更新失败: '+e.message,'error')}finally{btn.disabled=false;btnText.textContent='保存';btnSpinner.classList.add('hidden')}},
+        convertST2AT=async()=>{const st=$('addTokenST').value.trim();if(!st)return showToast('请先输入 Session Token','error');try{showToast('正在转换 ST→AT...','info');const r=await apiRequest('/api/tokens/st2at',{method:'POST',body:JSON.stringify({st:st})});if(!r)return;const d=await r.json();if(d.success&&d.access_token){$('addTokenAT').value=d.access_token;showToast('转换成功！AT已自动填入','success')}else{showToast('转换失败: '+(d.message||d.detail||'未知错误'),'error')}}catch(e){showToast('转换失败: '+e.message,'error')}},
+        convertRT2AT=async()=>{const rt=$('addTokenRT').value.trim();if(!rt)return showToast('请先输入 Refresh Token','error');const hint=$('addRTRefreshHint');hint.classList.add('hidden');try{showToast('正在转换 RT→AT...','info');const r=await apiRequest('/api/tokens/rt2at',{method:'POST',body:JSON.stringify({rt:rt})});if(!r)return;const d=await r.json();if(d.success&&d.access_token){$('addTokenAT').value=d.access_token;if(d.refresh_token){$('addTokenRT').value=d.refresh_token;hint.classList.remove('hidden');showToast('转换成功！AT已自动填入，RT已被刷新并更新','success')}else{showToast('转换成功！AT已自动填入','success')}}else{showToast('转换失败: '+(d.message||d.detail||'未知错误'),'error')}}catch(e){showToast('转换失败: '+e.message,'error')}},
+        convertEditST2AT=async()=>{const st=$('editTokenST').value.trim();if(!st)return showToast('请先输入 Session Token','error');try{showToast('正在转换 ST→AT...','info');const r=await apiRequest('/api/tokens/st2at',{method:'POST',body:JSON.stringify({st:st})});if(!r)return;const d=await r.json();if(d.success&&d.access_token){$('editTokenAT').value=d.access_token;showToast('转换成功！AT已自动填入','success')}else{showToast('转换失败: '+(d.message||d.detail||'未知错误'),'error')}}catch(e){showToast('转换失败: '+e.message,'error')}},
+        convertEditRT2AT=async()=>{const rt=$('editTokenRT').value.trim();if(!rt)return showToast('请先输入 Refresh Token','error');const hint=$('editRTRefreshHint');hint.classList.add('hidden');try{showToast('正在转换 RT→AT...','info');const r=await apiRequest('/api/tokens/rt2at',{method:'POST',body:JSON.stringify({rt:rt})});if(!r)return;const d=await r.json();if(d.success&&d.access_token){$('editTokenAT').value=d.access_token;if(d.refresh_token){$('editTokenRT').value=d.refresh_token;hint.classList.remove('hidden');showToast('转换成功！AT已自动填入，RT已被刷新并更新','success')}else{showToast('转换成功！AT已自动填入','success')}}else{showToast('转换失败: '+(d.message||d.detail||'未知错误'),'error')}}catch(e){showToast('转换失败: '+e.message,'error')}},
+        submitAddToken=async()=>{const at=$('addTokenAT').value.trim(),st=$('addTokenST').value.trim(),rt=$('addTokenRT').value.trim(),remark=$('addTokenRemark').value.trim(),imageEnabled=$('addTokenImageEnabled').checked,videoEnabled=$('addTokenVideoEnabled').checked;if(!at)return showToast('请输入 Access Token 或使用 ST/RT 转换','error');const btn=$('addTokenBtn'),btnText=$('addTokenBtnText'),btnSpinner=$('addTokenBtnSpinner');btn.disabled=true;btnText.textContent='添加中...';btnSpinner.classList.remove('hidden');try{const r=await apiRequest('/api/tokens',{method:'POST',body:JSON.stringify({token:at,st:st||null,rt:rt||null,remark:remark||null,image_enabled:imageEnabled,video_enabled:videoEnabled})});if(!r){btn.disabled=false;btnText.textContent='添加';btnSpinner.classList.add('hidden');return}if(r.status===409){const d=await r.json();const msg=d.detail||'Token 已存在';btn.disabled=false;btnText.textContent='添加';btnSpinner.classList.add('hidden');if(confirm(msg+'\n\n是否删除旧 Token 后重新添加？')){const existingToken=allTokens.find(t=>t.token===at);if(existingToken){const deleted=await deleteToken(existingToken.id,true);if(deleted){showToast('正在重新添加...','info');setTimeout(()=>submitAddToken(),500)}else{showToast('删除旧 Token 失败','error')}}}return}const d=await r.json();if(d.success){closeAddModal();await refreshTokens();showToast('Token添加成功','success')}else{showToast('添加失败: '+(d.detail||d.message||'未知错误'),'error')}}catch(e){showToast('添加失败: '+e.message,'error')}finally{btn.disabled=false;btnText.textContent='添加';btnSpinner.classList.add('hidden')}},
+        testToken=async(id)=>{try{showToast('正在测试Token...','info');const r=await apiRequest(`/api/tokens/${id}/test`,{method:'POST'});if(!r)return;const d=await r.json();if(d.success&&d.status==='success'){let msg=`Token有效！用户: ${d.email||'未知'}`;if(d.sora2_supported){const remaining=d.sora2_total_count-d.sora2_redeemed_count;msg+=`\nSora2: 支持 (${remaining}/${d.sora2_total_count})`;if(d.sora2_remaining_count!==undefined){msg+=`\n可用次数: ${d.sora2_remaining_count}`}}showToast(msg,'success');await refreshTokens()}else{showToast(`Token无效: ${d.message||'未知错误'}`,'error')}}catch(e){showToast('测试失败: '+e.message,'error')}},
+        toggleToken=async(id,isActive)=>{const action=isActive?'disable':'enable';try{const r=await apiRequest(`/api/tokens/${id}/${action}`,{method:'POST'});if(!r)return;const d=await r.json();d.success?(await refreshTokens(),showToast(isActive?'Token已禁用':'Token已启用','success')):showToast('操作失败','error')}catch(e){showToast('操作失败: '+e.message,'error')}},
+        toggleTokenStatus=async(id,active)=>{try{const r=await apiRequest(`/api/tokens/${id}/status`,{method:'PUT',body:JSON.stringify({is_active:active})});if(!r)return;const d=await r.json();d.success?(await refreshTokens(),showToast('状态更新成功','success')):showToast('更新失败','error')}catch(e){showToast('更新失败: '+e.message,'error')}},
+        deleteToken=async(id,skipConfirm=false)=>{if(!skipConfirm&&!confirm('确定要删除这个Token吗?'))return;try{const r=await apiRequest(`/api/tokens/${id}`,{method:'DELETE'});if(!r)return;const d=await r.json();if(d.success){await refreshTokens();if(!skipConfirm)showToast('删除成功','success');return true}else{if(!skipConfirm)showToast('删除失败','error');return false}}catch(e){if(!skipConfirm)showToast('删除失败: '+e.message,'error');return false}},
+        copySora2Code=async(code)=>{if(!code){showToast('没有可复制的邀请码','error');return}try{if(navigator.clipboard&&navigator.clipboard.writeText){await navigator.clipboard.writeText(code);showToast(`邀请码已复制: ${code}`,'success')}else{const textarea=document.createElement('textarea');textarea.value=code;textarea.style.position='fixed';textarea.style.opacity='0';document.body.appendChild(textarea);textarea.select();const success=document.execCommand('copy');document.body.removeChild(textarea);if(success){showToast(`邀请码已复制: ${code}`,'success')}else{showToast('复制失败: 浏览器不支持','error')}}}catch(e){showToast('复制失败: '+e.message,'error')}},
+        openSora2Modal=(id)=>{$('sora2TokenId').value=id;$('sora2InviteCode').value='';$('sora2Modal').classList.remove('hidden')},
+        closeSora2Modal=()=>{$('sora2Modal').classList.add('hidden');$('sora2TokenId').value='';$('sora2InviteCode').value=''},
+        submitSora2Activate=async()=>{const tokenId=parseInt($('sora2TokenId').value),inviteCode=$('sora2InviteCode').value.trim();if(!tokenId)return showToast('Token ID无效','error');if(!inviteCode)return showToast('请输入邀请码','error');if(inviteCode.length!==6)return showToast('邀请码必须是6位','error');const btn=$('sora2ActivateBtn'),btnText=$('sora2ActivateBtnText'),btnSpinner=$('sora2ActivateBtnSpinner');btn.disabled=true;btnText.textContent='激活中...';btnSpinner.classList.remove('hidden');try{showToast('正在激活Sora2...','info');const r=await apiRequest(`/api/tokens/${tokenId}/sora2/activate?invite_code=${inviteCode}`,{method:'POST'});if(!r){btn.disabled=false;btnText.textContent='激活';btnSpinner.classList.add('hidden');return}const d=await r.json();if(d.success){closeSora2Modal();await refreshTokens();if(d.already_accepted){showToast('Sora2已激活（之前已接受）','success')}else{showToast(`Sora2激活成功！邀请码: ${d.invite_code||'无'}`,'success')}}else{showToast('激活失败: '+(d.message||'未知错误'),'error')}}catch(e){showToast('激活失败: '+e.message,'error')}finally{btn.disabled=false;btnText.textContent='激活';btnSpinner.classList.add('hidden')}},
+        loadAdminConfig=async()=>{try{const r=await apiRequest('/api/admin/config');if(!r)return;const d=await r.json();$('cfgErrorBan').value=d.error_ban_threshold||3;$('cfgAdminUsername').value=d.admin_username||'admin';$('cfgCurrentAPIKey').value=d.api_key||'';$('cfgDebugEnabled').checked=d.debug_enabled||false}catch(e){console.error('加载配置失败:',e)}},
+        saveAdminConfig=async()=>{try{const r=await apiRequest('/api/admin/config',{method:'POST',body:JSON.stringify({error_ban_threshold:parseInt($('cfgErrorBan').value)||3})});if(!r)return;const d=await r.json();d.success?showToast('配置保存成功','success'):showToast('保存失败','error')}catch(e){showToast('保存失败: '+e.message,'error')}},
+        updateAdminPassword=async()=>{const username=$('cfgAdminUsername').value.trim(),oldPwd=$('cfgOldPassword').value.trim(),newPwd=$('cfgNewPassword').value.trim();if(!oldPwd||!newPwd)return showToast('请输入旧密码和新密码','error');if(newPwd.length<4)return showToast('新密码至少4个字符','error');try{const r=await apiRequest('/api/admin/password',{method:'POST',body:JSON.stringify({username:username||undefined,old_password:oldPwd,new_password:newPwd})});if(!r)return;const d=await r.json();if(d.success){showToast('密码修改成功，请重新登录','success');setTimeout(()=>{localStorage.removeItem('adminToken');location.href='/login'},2000)}else{showToast('修改失败: '+(d.detail||'未知错误'),'error')}}catch(e){showToast('修改失败: '+e.message,'error')}},
+        updateAPIKey=async()=>{const newKey=$('cfgNewAPIKey').value.trim();if(!newKey)return showToast('请输入新的 API Key','error');if(newKey.length<6)return showToast('API Key 至少6个字符','error');if(!confirm('确定要更新 API Key 吗？更新后需要通知所有客户端使用新密钥。'))return;try{const r=await apiRequest('/api/admin/apikey',{method:'POST',body:JSON.stringify({new_api_key:newKey})});if(!r)return;const d=await r.json();if(d.success){showToast('API Key 更新成功','success');$('cfgCurrentAPIKey').value=newKey;$('cfgNewAPIKey').value=''}else{showToast('更新失败: '+(d.detail||'未知错误'),'error')}}catch(e){showToast('更新失败: '+e.message,'error')}},
+        toggleDebugMode=async()=>{const enabled=$('cfgDebugEnabled').checked;try{const r=await apiRequest('/api/admin/debug',{method:'POST',body:JSON.stringify({enabled:enabled})});if(!r)return;const d=await r.json();if(d.success){showToast(enabled?'调试模式已开启':'调试模式已关闭','success')}else{showToast('操作失败: '+(d.detail||'未知错误'),'error');$('cfgDebugEnabled').checked=!enabled}}catch(e){showToast('操作失败: '+e.message,'error');$('cfgDebugEnabled').checked=!enabled}},
+        loadProxyConfig=async()=>{try{const r=await apiRequest('/api/proxy/config');if(!r)return;const d=await r.json();$('cfgProxyEnabled').checked=d.proxy_enabled||false;$('cfgProxyUrl').value=d.proxy_url||''}catch(e){console.error('加载代理配置失败:',e)}},
+        saveProxyConfig=async()=>{try{const r=await apiRequest('/api/proxy/config',{method:'POST',body:JSON.stringify({proxy_enabled:$('cfgProxyEnabled').checked,proxy_url:$('cfgProxyUrl').value.trim()})});if(!r)return;const d=await r.json();d.success?showToast('代理配置保存成功','success'):showToast('保存失败','error')}catch(e){showToast('保存失败: '+e.message,'error')}},
+        loadWatermarkFreeConfig=async()=>{try{const r=await apiRequest('/api/watermark-free/config');if(!r)return;const d=await r.json();$('cfgWatermarkFreeEnabled').checked=d.watermark_free_enabled||false;$('cfgParseMethod').value=d.parse_method||'third_party';$('cfgCustomParseUrl').value=d.custom_parse_url||'';$('cfgCustomParseToken').value=d.custom_parse_token||'';toggleWatermarkFreeOptions();toggleCustomParseOptions()}catch(e){console.error('加载无水印模式配置失败:',e)}},
+        saveWatermarkFreeConfig=async()=>{try{const enabled=$('cfgWatermarkFreeEnabled').checked,parseMethod=$('cfgParseMethod').value,customUrl=$('cfgCustomParseUrl').value.trim(),customToken=$('cfgCustomParseToken').value.trim();if(enabled&&parseMethod==='custom'){if(!customUrl)return showToast('请输入解析服务器地址','error');if(!customToken)return showToast('请输入访问密钥','error')}const r=await apiRequest('/api/watermark-free/config',{method:'POST',body:JSON.stringify({watermark_free_enabled:enabled,parse_method:parseMethod,custom_parse_url:customUrl||null,custom_parse_token:customToken||null})});if(!r)return;const d=await r.json();d.success?showToast('无水印模式配置保存成功','success'):showToast('保存失败','error')}catch(e){showToast('保存失败: '+e.message,'error')}},
+        toggleWatermarkFreeOptions=()=>{const enabled=$('cfgWatermarkFreeEnabled').checked;$('watermarkFreeOptions').style.display=enabled?'block':'none'},
+        toggleCustomParseOptions=()=>{const method=$('cfgParseMethod').value;$('customParseOptions').style.display=method==='custom'?'block':'none'},
+        toggleCacheOptions=()=>{const enabled=$('cfgCacheEnabled').checked;$('cacheOptions').style.display=enabled?'block':'none'},
+        loadCacheConfig=async()=>{try{console.log('开始加载缓存配置...');const r=await apiRequest('/api/cache/config');if(!r){console.error('API请求失败');return}const d=await r.json();console.log('缓存配置数据:',d);if(d.success&&d.config){const enabled=d.config.enabled!==false;const timeout=d.config.timeout||7200;const baseUrl=d.config.base_url||'';const effectiveUrl=d.config.effective_base_url||'';console.log('设置缓存启用:',enabled);console.log('设置超时时间:',timeout);console.log('设置域名:',baseUrl);console.log('生效URL:',effectiveUrl);$('cfgCacheEnabled').checked=enabled;$('cfgCacheTimeout').value=timeout;$('cfgCacheBaseUrl').value=baseUrl;if(effectiveUrl){$('cacheEffectiveUrlValue').textContent=effectiveUrl;$('cacheEffectiveUrl').classList.remove('hidden')}else{$('cacheEffectiveUrl').classList.add('hidden')}toggleCacheOptions();console.log('缓存配置加载成功')}else{console.error('缓存配置数据格式错误:',d)}}catch(e){console.error('加载缓存配置失败:',e);showToast('加载缓存配置失败: '+e.message,'error')}},
+        loadGenerationTimeout=async()=>{try{console.log('开始加载生成超时配置...');const r=await apiRequest('/api/generation/timeout');if(!r){console.error('API请求失败');return}const d=await r.json();console.log('生成超时配置数据:',d);if(d.success&&d.config){const imageTimeout=d.config.image_timeout||300;const videoTimeout=d.config.video_timeout||1500;console.log('设置图片超时:',imageTimeout);console.log('设置视频超时:',videoTimeout);$('cfgImageTimeout').value=imageTimeout;$('cfgVideoTimeout').value=videoTimeout;console.log('生成超时配置加载成功')}else{console.error('生成超时配置数据格式错误:',d)}}catch(e){console.error('加载生成超时配置失败:',e);showToast('加载生成超时配置失败: '+e.message,'error')}},
+        saveCacheConfig=async()=>{const enabled=$('cfgCacheEnabled').checked,timeout=parseInt($('cfgCacheTimeout').value)||7200,baseUrl=$('cfgCacheBaseUrl').value.trim();console.log('保存缓存配置:',{enabled,timeout,baseUrl});if(timeout<60||timeout>86400)return showToast('缓存超时时间必须在 60-86400 秒之间','error');if(baseUrl&&!baseUrl.startsWith('http://')&&!baseUrl.startsWith('https://'))return showToast('域名必须以 http:// 或 https:// 开头','error');try{console.log('保存缓存启用状态...');const r0=await apiRequest('/api/cache/enabled',{method:'POST',body:JSON.stringify({enabled:enabled})});if(!r0){console.error('保存缓存启用状态请求失败');return}const d0=await r0.json();console.log('缓存启用状态保存结果:',d0);if(!d0.success){console.error('保存缓存启用状态失败:',d0);return showToast('保存缓存启用状态失败','error')}console.log('保存超时时间...');const r1=await apiRequest('/api/cache/config',{method:'POST',body:JSON.stringify({timeout:timeout})});if(!r1){console.error('保存超时时间请求失败');return}const d1=await r1.json();console.log('超时时间保存结果:',d1);if(!d1.success){console.error('保存超时时间失败:',d1);return showToast('保存超时时间失败','error')}console.log('保存域名...');const r2=await apiRequest('/api/cache/base-url',{method:'POST',body:JSON.stringify({base_url:baseUrl})});if(!r2){console.error('保存域名请求失败');return}const d2=await r2.json();console.log('域名保存结果:',d2);if(d2.success){showToast('缓存配置保存成功','success');console.log('等待配置文件写入完成...');await new Promise(r=>setTimeout(r,200));console.log('重新加载配置...');await loadCacheConfig()}else{console.error('保存域名失败:',d2);showToast('保存域名失败','error')}}catch(e){console.error('保存失败:',e);showToast('保存失败: '+e.message,'error')}},
+        saveGenerationTimeout=async()=>{const imageTimeout=parseInt($('cfgImageTimeout').value)||300,videoTimeout=parseInt($('cfgVideoTimeout').value)||1500;console.log('保存生成超时配置:',{imageTimeout,videoTimeout});if(imageTimeout<60||imageTimeout>3600)return showToast('图片超时时间必须在 60-3600 秒之间','error');if(videoTimeout<60||videoTimeout>7200)return showToast('视频超时时间必须在 60-7200 秒之间','error');try{const r=await apiRequest('/api/generation/timeout',{method:'POST',body:JSON.stringify({image_timeout:imageTimeout,video_timeout:videoTimeout})});if(!r){console.error('保存请求失败');return}const d=await r.json();console.log('保存结果:',d);if(d.success){showToast('生成超时配置保存成功','success');await new Promise(r=>setTimeout(r,200));await loadGenerationTimeout()}else{console.error('保存失败:',d);showToast('保存失败','error')}}catch(e){console.error('保存失败:',e);showToast('保存失败: '+e.message,'error')}},
+        toggleATAutoRefresh=async()=>{try{const enabled=$('atAutoRefreshToggle').checked;const r=await apiRequest('/api/token-refresh/enabled',{method:'POST',body:JSON.stringify({enabled:enabled})});if(!r){$('atAutoRefreshToggle').checked=!enabled;return}const d=await r.json();if(d.success){showToast(enabled?'AT自动刷新已启用':'AT自动刷新已禁用','success')}else{showToast('操作失败: '+(d.detail||'未知错误'),'error');$('atAutoRefreshToggle').checked=!enabled}}catch(e){showToast('操作失败: '+e.message,'error');$('atAutoRefreshToggle').checked=!enabled}},
+        loadATAutoRefreshConfig=async()=>{try{const r=await apiRequest('/api/token-refresh/config');if(!r)return;const d=await r.json();if(d.success&&d.config){$('atAutoRefreshToggle').checked=d.config.at_auto_refresh_enabled||false}else{console.error('AT自动刷新配置数据格式错误:',d)}}catch(e){console.error('加载AT自动刷新配置失败:',e)}},
+        loadLogs=async()=>{try{const r=await apiRequest('/api/logs?limit=100');if(!r)return;const logs=await r.json();const tb=$('logsTableBody');tb.innerHTML=logs.map(l=>`<tr><td class="py-2.5 px-3">${l.operation}</td><td class="py-2.5 px-3"><span class="text-xs ${l.token_email?'text-blue-600':'text-muted-foreground'}">${l.token_email||'未知'}</span></td><td class="py-2.5 px-3"><span class="inline-flex items-center rounded px-2 py-0.5 text-xs ${l.status_code===200?'bg-green-50 text-green-700':'bg-red-50 text-red-700'}">${l.status_code}</span></td><td class="py-2.5 px-3">${l.duration.toFixed(2)}</td><td class="py-2.5 px-3 text-xs text-muted-foreground">${l.created_at?new Date(l.created_at).toLocaleString('zh-CN'):'-'}</td></tr>`).join('')}catch(e){console.error('加载日志失败:',e)}},
+        refreshLogs=async()=>{await loadLogs()},
+        showToast=(m,t='info')=>{const d=document.createElement('div'),bc={success:'bg-green-600',error:'bg-destructive',info:'bg-primary'};d.className=`fixed bottom-4 right-4 ${bc[t]||bc.info} text-white px-4 py-2.5 rounded-lg shadow-lg text-sm font-medium z-50 animate-slide-up`;d.textContent=m;document.body.appendChild(d);setTimeout(()=>{d.style.opacity='0';d.style.transition='opacity .3s';setTimeout(()=>d.parentNode&&document.body.removeChild(d),300)},2000)},
+        logout=()=>{if(!confirm('确定要退出登录吗?'))return;localStorage.removeItem('adminToken');location.href='/login'},
+        switchTab=t=>{const cap=n=>n.charAt(0).toUpperCase()+n.slice(1);['tokens','settings','logs'].forEach(n=>{const active=n===t;$(`panel${cap(n)}`).classList.toggle('hidden',!active);$(`tab${cap(n)}`).classList.toggle('border-primary',active);$(`tab${cap(n)}`).classList.toggle('text-primary',active);$(`tab${cap(n)}`).classList.toggle('border-transparent',!active);$(`tab${cap(n)}`).classList.toggle('text-muted-foreground',!active)});if(t==='settings'){loadAdminConfig();loadProxyConfig();loadWatermarkFreeConfig();loadCacheConfig();loadGenerationTimeout();loadATAutoRefreshConfig()}else if(t==='logs'){loadLogs()}};
+        window.addEventListener('DOMContentLoaded',()=>{checkAuth();refreshTokens();loadATAutoRefreshConfig()});
+    </script>
+</body>
+</html>