fix: 配置热重载、错误处理

config/setting.toml

@@ -7,7 +7,6 @@ admin_password = "admin"
 labs_base_url = "https://labs.google/fx/api"
 api_base_url = "https://aisandbox-pa.googleapis.com/v1"
 timeout = 120
-max_retries = 3
 poll_interval = 3.0
 max_poll_attempts = 200
 
@@ -29,6 +28,9 @@ proxy_url = ""
 image_timeout = 300
 video_timeout = 1500
 
+[admin]
+error_ban_threshold = 3
+
 [cache]
 enabled = false
 timeout = 7200  # 缓存超时时间(秒), 默认2小时

config/setting_warp.toml

@@ -7,7 +7,6 @@ admin_password = "admin"
 labs_base_url = "https://labs.google/fx/api"
 api_base_url = "https://aisandbox-pa.googleapis.com/v1"
 timeout = 120
-max_retries = 3
 poll_interval = 3.0
 max_poll_attempts = 200
 
@@ -29,6 +28,9 @@ proxy_url = "socks5://warp:1080"
 image_timeout = 300
 video_timeout = 1500
 
+[admin]
+error_ban_threshold = 3
+
 [cache]
 enabled = false
 timeout = 7200  # 缓存超时时间(秒), 默认2小时

src/api/admin.py

@@ -3,6 +3,7 @@ from fastapi import APIRouter, Depends, HTTPException, Header
 from fastapi.responses import JSONResponse
 from pydantic import BaseModel
 from typing import Optional, List
+import secrets
 from ..core.auth import AuthManager
 from ..core.database import Database
 from ..services.token_manager import TokenManager
@@ -15,6 +16,9 @@ token_manager: TokenManager = None
 proxy_manager: ProxyManager = None
 db: Database = None
 
+# Store active admin session tokens (in production, use Redis or database)
+active_admin_tokens = set()
+
 
 def set_dependencies(tm: TokenManager, pm: ProxyManager, database: Database):
     """Set service instances"""
@@ -76,6 +80,10 @@ class UpdateDebugConfigRequest(BaseModel):
     enabled: bool
 
 
+class UpdateAdminConfigRequest(BaseModel):
+    error_ban_threshold: int
+
+
 class ST2ATRequest(BaseModel):
     """ST转AT请求"""
     st: str
@@ -84,16 +92,15 @@ class ST2ATRequest(BaseModel):
 # ========== Auth Middleware ==========
 
 async def verify_admin_token(authorization: str = Header(None)):
-    """Verify admin token"""
+    """Verify admin session token (NOT API key)"""
     if not authorization or not authorization.startswith("Bearer "):
         raise HTTPException(status_code=401, detail="Missing authorization")
 
     token = authorization[7:]
-    admin_config = await db.get_admin_config()
 
-    # Simple token verification: check if matches api_key
-    if token != admin_config.api_key:
-        raise HTTPException(status_code=401, detail="Invalid admin token")
+    # Check if token is in active session tokens
+    if token not in active_admin_tokens:
+        raise HTTPException(status_code=401, detail="Invalid or expired admin token")
 
     return token
 
@@ -102,19 +109,32 @@ async def verify_admin_token(authorization: str = Header(None)):
 
 @router.post("/api/admin/login")
 async def admin_login(request: LoginRequest):
-    """Admin login"""
+    """Admin login - returns session token (NOT API key)"""
     admin_config = await db.get_admin_config()
 
     if not AuthManager.verify_admin(request.username, request.password):
         raise HTTPException(status_code=401, detail="Invalid credentials")
 
+    # Generate independent session token
+    session_token = f"admin-{secrets.token_urlsafe(32)}"
+
+    # Store in active tokens
+    active_admin_tokens.add(session_token)
+
     return {
         "success": True,
-        "token": admin_config.api_key,
+        "token": session_token,  # Session token (NOT API key)
         "username": admin_config.username
     }
 
 
+@router.post("/api/admin/logout")
+async def admin_logout(token: str = Depends(verify_admin_token)):
+    """Admin logout - invalidate session token"""
+    active_admin_tokens.discard(token)
+    return {"success": True, "message": "退出登录成功"}
+
+
 @router.post("/api/admin/change-password")
 async def change_password(
     request: ChangePasswordRequest,
@@ -127,10 +147,16 @@ async def change_password(
     if not AuthManager.verify_admin(admin_config.username, request.old_password):
         raise HTTPException(status_code=400, detail="旧密码错误")
 
-    # Update password
+    # Update password in database
     await db.update_admin_config(password=request.new_password)
 
-    return {"success": True, "message": "密码修改成功"}
+    # 🔥 Hot reload: sync database config to memory
+    await db.reload_config_to_memory()
+
+    # 🔑 Invalidate all admin session tokens (force re-login for security)
+    active_admin_tokens.clear()
+
+    return {"success": True, "message": "密码修改成功,请重新登录"}
 
 
 # ========== Token Management ==========
@@ -412,6 +438,10 @@ async def update_generation_config(
 ):
     """Update generation timeout configuration"""
     await db.update_generation_config(request.image_timeout, request.video_timeout)
+
+    # 🔥 Hot reload: sync database config to memory
+    await db.reload_config_to_memory()
+
     return {"success": True, "message": "生成配置更新成功"}
 
 
@@ -444,6 +474,12 @@ async def login(request: LoginRequest):
     return await admin_login(request)
 
 
+@router.post("/api/logout")
+async def logout(token: str = Depends(verify_admin_token)):
+    """Logout endpoint (alias for /api/admin/logout)"""
+    return await admin_logout(token)
+
+
 @router.get("/api/stats")
 async def get_stats(token: str = Depends(verify_admin_token)):
     """Get statistics for dashboard"""
@@ -510,11 +546,23 @@ async def get_admin_config(token: str = Depends(verify_admin_token)):
     return {
         "admin_username": admin_config.username,
         "api_key": admin_config.api_key,
-        "error_ban_threshold": 3,  # Default value
+        "error_ban_threshold": admin_config.error_ban_threshold,
         "debug_enabled": config.debug_enabled  # Return actual debug status
     }
 
 
+@router.post("/api/admin/config")
+async def update_admin_config(
+    request: UpdateAdminConfigRequest,
+    token: str = Depends(verify_admin_token)
+):
+    """Update admin configuration (error_ban_threshold)"""
+    # Update error_ban_threshold in database
+    await db.update_admin_config(error_ban_threshold=request.error_ban_threshold)
+
+    return {"success": True, "message": "配置更新成功"}
+
+
 @router.post("/api/admin/password")
 async def update_admin_password(
     request: ChangePasswordRequest,
@@ -529,8 +577,13 @@ async def update_api_key(
     request: UpdateAPIKeyRequest,
     token: str = Depends(verify_admin_token)
 ):
-    """Update API key"""
+    """Update API key (for external API calls, NOT for admin login)"""
+    # Update API key in database
     await db.update_admin_config(api_key=request.new_api_key)
+
+    # 🔥 Hot reload: sync database config to memory
+    await db.reload_config_to_memory()
+
     return {"success": True, "message": "API Key更新成功"}
 
 
@@ -565,7 +618,12 @@ async def update_generation_timeout(
     token: str = Depends(verify_admin_token)
 ):
     """Update generation timeout configuration"""
-    return await update_generation_config(request, token)
+    await db.update_generation_config(request.image_timeout, request.video_timeout)
+
+    # 🔥 Hot reload: sync database config to memory
+    await db.reload_config_to_memory()
+
+    return {"success": True, "message": "生成配置更新成功"}
 
 
 # ========== AT Auto Refresh Config ==========
@@ -622,9 +680,8 @@ async def update_cache_enabled(
     enabled = request.get("enabled", False)
     await db.update_cache_config(enabled=enabled)
 
-    # Update runtime config
-    from ..core.config import config
-    config.set_cache_enabled(enabled)
+    # 🔥 Hot reload: sync database config to memory
+    await db.reload_config_to_memory()
 
     return {"success": True, "message": f"缓存已{'启用' if enabled else '禁用'}"}
 
@@ -641,14 +698,8 @@ async def update_cache_config_full(
 
     await db.update_cache_config(enabled=enabled, timeout=timeout, base_url=base_url)
 
-    # Update runtime config
-    from ..core.config import config
-    if enabled is not None:
-        config.set_cache_enabled(enabled)
-    if timeout is not None:
-        config.set_cache_timeout(timeout)
-    if base_url is not None:
-        config.set_cache_base_url(base_url)
+    # 🔥 Hot reload: sync database config to memory
+    await db.reload_config_to_memory()
 
     return {"success": True, "message": "缓存配置更新成功"}
 
@@ -662,8 +713,7 @@ async def update_cache_base_url(
     base_url = request.get("base_url", "")
     await db.update_cache_config(base_url=base_url)
 
-    # Update runtime config
-    from ..core.config import config
-    config.set_cache_base_url(base_url)
+    # 🔥 Hot reload: sync database config to memory
+    await db.reload_config_to_memory()
 
     return {"success": True, "message": "缓存Base URL更新成功"}

src/core/database.py

@@ -55,6 +55,7 @@ class Database:
             admin_username = "admin"
             admin_password = "admin"
             api_key = "han1234"
+            error_ban_threshold = 3
 
             if config_dict:
                 global_config = config_dict.get("global", {})
@@ -62,10 +63,13 @@ class Database:
                 admin_password = global_config.get("admin_password", "admin")
                 api_key = global_config.get("api_key", "han1234")
 
+                admin_config = config_dict.get("admin", {})
+                error_ban_threshold = admin_config.get("error_ban_threshold", 3)
+
             await db.execute("""
-                INSERT INTO admin_config (id, username, password, api_key)
-                VALUES (1, ?, ?, ?)
-            """, (admin_username, admin_password, api_key))
+                INSERT INTO admin_config (id, username, password, api_key, error_ban_threshold)
+                VALUES (1, ?, ?, ?, ?)
+            """, (admin_username, admin_password, api_key, error_ban_threshold))
 
         # Ensure proxy_config has a row
         cursor = await db.execute("SELECT COUNT(*) FROM proxy_config")
@@ -178,6 +182,15 @@ class Database:
                         except Exception as e:
                             print(f"  ✗ Failed to add column '{col_name}': {e}")
 
+            # Check and add missing columns to admin_config table
+            if await self._table_exists(db, "admin_config"):
+                if not await self._column_exists(db, "admin_config", "error_ban_threshold"):
+                    try:
+                        await db.execute("ALTER TABLE admin_config ADD COLUMN error_ban_threshold INTEGER DEFAULT 3")
+                        print("  ✓ Added column 'error_ban_threshold' to admin_config table")
+                    except Exception as e:
+                        print(f"  ✗ Failed to add column 'error_ban_threshold': {e}")
+
             # Check and add missing columns to token_stats table
             if await self._table_exists(db, "token_stats"):
                 stats_columns_to_add = [
@@ -305,6 +318,7 @@ class Database:
                     username TEXT DEFAULT 'admin',
                     password TEXT DEFAULT 'admin',
                     api_key TEXT DEFAULT 'han1234',
+                    error_ban_threshold INTEGER DEFAULT 3,
                     updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
                 )
             """)
@@ -829,6 +843,39 @@ class Database:
 
             await db.commit()
 
+    async def reload_config_to_memory(self):
+        """
+        Reload all configuration from database to in-memory Config instance.
+        This should be called after any configuration update to ensure hot-reload.
+
+        Includes:
+        - Admin config (username, password, api_key)
+        - Cache config (enabled, timeout, base_url)
+        - Generation config (image_timeout, video_timeout)
+        - Proxy config will be handled by ProxyManager
+        """
+        from .config import config
+
+        # Reload admin config
+        admin_config = await self.get_admin_config()
+        if admin_config:
+            config.set_admin_username_from_db(admin_config.username)
+            config.set_admin_password_from_db(admin_config.password)
+            config.api_key = admin_config.api_key
+
+        # Reload cache config
+        cache_config = await self.get_cache_config()
+        if cache_config:
+            config.set_cache_enabled(cache_config.cache_enabled)
+            config.set_cache_timeout(cache_config.cache_timeout)
+            config.set_cache_base_url(cache_config.cache_base_url or "")
+
+        # Reload generation config
+        generation_config = await self.get_generation_config()
+        if generation_config:
+            config.set_image_timeout(generation_config.image_timeout)
+            config.set_video_timeout(generation_config.video_timeout)
+
     # Cache config operations
     async def get_cache_config(self) -> CacheConfig:
         """Get cache configuration"""

src/core/models.py

@@ -100,6 +100,7 @@ class AdminConfig(BaseModel):
     username: str
     password: str
     api_key: str
+    error_ban_threshold: int = 3  # Auto-disable token after N consecutive errors
 
 
 class ProxyConfig(BaseModel):

src/services/token_manager.py

@@ -36,8 +36,18 @@ class TokenManager:
         await self.db.delete_token(token_id)
 
     async def enable_token(self, token_id: int):
-        """Enable a token"""
+        """Enable a token and reset error count"""
         await self.db.update_token(token_id, is_active=True)
+        # Reset error count when enabling
+        async with self.db._lock if hasattr(self.db, '_lock') else asyncio.Lock():
+            import aiosqlite
+            async with aiosqlite.connect(self.db.db_path) as db:
+                await db.execute("""
+                    UPDATE token_stats
+                    SET error_count = 0, today_error_count = 0
+                    WHERE token_id = ?
+                """, (token_id,))
+                await db.commit()
 
     async def disable_token(self, token_id: int):
         """Disable a token"""
@@ -352,9 +362,20 @@ class TokenManager:
             await self.db.increment_token_stats(token_id, "image")
 
     async def record_error(self, token_id: int):
-        """Record token error"""
+        """Record token error and auto-disable if threshold reached"""
         await self.db.increment_token_stats(token_id, "error")
 
+        # Check if should auto-disable token
+        stats = await self.db.get_token_stats(token_id)
+        admin_config = await self.db.get_admin_config()
+
+        if stats and stats.error_count >= admin_config.error_ban_threshold:
+            debug_logger.log_warning(
+                f"[TOKEN_BAN] Token {token_id} error count ({stats.error_count}) "
+                f"reached threshold ({admin_config.error_ban_threshold}), auto-disabling"
+            )
+            await self.disable_token(token_id)
+
     # ========== 余额刷新 ==========
 
     async def refresh_credits(self, token_id: int) -> int: